--- title: 'Configuration' --- # Backend Config Reference The backend can be configured in 3 different ways: - Make a `config.json` file in the working directory of the application (root of repository) - Make a `.env` file in the working directory of the application (root of repository) - Add environment variables to your system (or container) These different config options are all mutually inclusive, so you can use multiple at the same time if you want to. ::alert{type="warning"} With any of these configurations, you have to have atleast three variables set for the server to function: [`postgres.connection`](#postgresconnection), [`crypto.sessionSecret`](#cryptosessionsecret) and [`meta.name`](#metaname) :: ### Method 1 - `config.json` This method uses nesting, so the key `server.basePath` with the value of `"/backend"` will result in a file that looks like this: ```json { "server": { "basePath": "/backend" } } ``` ### Method 2 - `.env` The environment variable names use double underscores as separators and `MWB_` as the prefix. So the key `server.basePath` will result in the .env file like this: ```sh MWB_SERVER__BASE_PATH=/backend ``` ### Method 3 - Environment This method is identical to the `.env` method listed above, but you add the variables to the environment instead of writing it in a file. # Reference ## Server All configurations related to the HTTP server. ### `server.port` - Type: `number` - Default: `8080` Port number that the HTTP server listens on. ### `server.cors` - Type: `string` - Default: `""` - Example: `"https://movie-web.app https://testing.movie-web.app"` Space seperated list of allowed origins. ### `server.allowAnySite` - Type: `boolean` - Default: `false` If set to true, it allows any origin to access the site. This overwrites the [`server.cors`](#servercors) setting. ### `server.trustProxy` - Type: `boolean` - Default: `false` Controls whether the server should trust reverse proxy headers. This is used to identify users for ratelimiting. ### `server.trustCloudflare` - Type: `boolean` - Default: `false` Controls whether the server should trust Cloudflare IP headers. This is used to identify users for ratelimiting. ### `server.basePath` - Type: `string` - Default: `"/"` Prefix for which path is being listened on. Useful if you're hosting on `example.com/backend` for example. ::alert{type="info"} If this is set, you shouldn't apply URL rewriting before proxying. :: ## Logging All configurations related to how the HTTP server will log. This is not related to the [metrics](0.introduction.md#metrics) endpoint. ### `logging.format` - Type: `string` | `"pretty" | "json"` - Default: `"pretty"` Logging format to use, should be either `pretty` or `json`, most users should probably use the default. ## Postgres All configurations related to how postgres functions. ### `postgres.connection` ⚠ - Type: `string` - Example: `"postgresql://localhost:5432"` Connection URL for postgres instance, should contain the database in the URL. ::alert{type="danger"} **Required. The backend will not start if this is not configured.** :: ### `postgres.migrateOnBoot` - Type: `boolean` - Default: `false` Run all [migrations](0.introduction.md#migrations) that haven't ran yet on boot. ::alert{type="warning"} If you have multiple replicas running, this can cause a lot of issues. We recommend only using this if you run only one replica. :: ### `postgres.debugLogging` - Type: `boolean` - Default: `false` Log all postgres queries in the console. Useful for debugging issues with the database. ::alert{type="warning"} This outputs sensitive, **DO NOT** run it in production. :: ## Cryptography All configurations related to cryptography. ### `crypto.sessionSecret` ⚠ - Type: `string` The secret used to sign sessions. **Must be at least 32 characters long.** ::alert{type="danger"} **Required. The backend will not start if this is not configured.** :: ## Meta These options configure how the server will display itself to the frontend. ### `meta.name` ⚠ - Type: `string` - Example: `"Unofficial movie-web"` The name of the backend instance, this will be displayed to users who try to create an account. ::alert{type="danger"} **Required. The backend will not start if this is not configured.** :: ### `meta.description` - Type: `string` - Default: `""` - Example: `"This is not an official instance of movie-web"` The description of the backend instance, this will be displayed to users who try to create an account. ## Captcha All configurations related to adding captcha functionality. Captchas' help to protect your server from bot attacks. ### `captcha.enabled` - Type: `boolean` - Default: `false` Enables [Recaptcha](https://www.google.com/recaptcha/about/) support for user registration and login. [You can follow this guide to create a Recaptcha key](https://cloud.google.com/recaptcha-enterprise/docs/create-key-website#create-key){target="\_blank"}. ::alert{type="warning"} If this is enabled, all other captcha related settings are required. :: ### `captcha.secret` - Type: `string` - Default: `""` - Example: `"sjgaJ@3djasFVx"` [Google Recaptcha](https://www.google.com/recaptcha/about/) secret key. ### `captcha.clientKey` - Type: `string` - Default: `""` - Example: `"2jf853z5bc63bvDb2323FAda"` [Google Recaptcha](https://www.google.com/recaptcha/about/) site key. ## Ratelimits All configuration options related to adding ratelimiting functionality. Helps to protect against bot attacks or spammy users. ::alert{type="info"} Make sure your IP headers are properly forwarded if you're using a reverse proxy. Also see [`server.trustProxy`](#servertrustproxy). :: ### `ratelimits.enabled` - Type: `boolean` - Default: `false` Enables ratelimiting some more expensive endpoints. ::alert{type="warning"} If this is enabled, all other ratelimit related settings are required. :: ### `ratelimits.redisUrl` - Type: `string` - Default: `""` - Example: `"redis://localhost:6379"` Redis connection URL for storing ratelimit data. You can use a plain redis instance for this, no modules are required.