--- title: 'Configuration' --- # Backend Config Reference The config the backend can be provided in 3 ways. - Make a `config.json` file in the working directory of the application (root of repository) - Make a `.env` file in the working directory of the application (root of repository) - Add environment variables to your system (or container) ## Method 1 - `config.json` This method uses nesting. So the key `server.basePath`. Will result in a json file like this: ```json { "server": { "basePath": "/backend", } } ``` ## Method 2 - `.env` This method is a flat method using double underscores as seperators and `MW_` as prefix. So the key `server.basePath`. Will result in the .env file like this: ```sh MB_SERVER__BASE_PATH=/backend ``` ## Method 3 - environment This method is identical to the `.env` method listed above, but instead of writing it in a file, you add it to the environment. # Reference ### `server.port` Port number that the HTTP server listens on. Example: `8080` ### `server.cors` Space seperated list of allowed origins. Example: ``` https://movie-web.app https://testing.movie-web.app ``` ### `server.allowAnySite` If this setting is set to true, it allows any origin to access the site. This overwrites the setting at `server.cors`. Example: `false` ### `server.trustProxy` Should the server trust reverse proxy headers? This is used for ratelimiting Example: `false` ### `server.basePath` Prefix for which path is being listened on. Useful you're hosting on `example.com/backend` for example. If this is set, you shouldn't apply url rewriting before proxying. Example: `/backend` ### `logging.format` Logging format, Should be either `pretty` or `json`. Example: `pretty` ### `postgres.connection` - REQUIRED Connection URL for postgres instance, should contain the database in the URL. Example: `postgresql://localhost:5432` ### `postgres.migrateOnBoot` Run all migrations that haven't ran yet on boot. Example: `false` ::alert{type="warn"} If you have multiple replicas running, this can cause a lot of issues. We recommend only using this if you run only one replica. :: ### `postgres.debugLogging` Log all postgres queries in the console, this outputs sensitive data so DO NOT run it in production. Example: `false` ### `crypto.sessionSecret` - REQUIRED The secret used to sign sessions. Must be at least 32 characters long. Example: `Make your own` ### `meta.name` - REQUIRED The name of the backend instance, this will be displayed to users who try to create an account. Example: `Unofficial movie-web` ### `meta.description` The description of the backend instance, this will be displayed to users who try to create an account. Example: `This is not an official instance of movie-web` ### `captcha.enabled` To protect your server from bot attacks, captcha's can be useful to enabled. If this is enabled, all other captcha related settings are required. Example: `false` ### `captcha.secret` Google Recaptcha secret key. Example: `sjgaJ@3djasFVx` ### `captcha.clientKey` Google Recaptcha site key. Example: `2jf853z5bc63bvDb2323FAda` ### `ratelimits.enabled` To protect bot attacks or spammy users, you can enabled ratelimits. Make sure your ip headers are properly forwarded if you're using a reverse proxy. Also see `server.trustProxy`. If this is enabled, all other ratelimit related settings are required. Example: `false` ### `ratelimits.redisUrl` Redis connection URL for storing ratelimit data. Just uses plain redis without any modules. Example: `redis://localhost:6379`