3.7 KiB
title |
---|
Configuration |
Backend Config Reference
The config the backend can be provided in 3 ways.
- Make a
config.json
file in the working directory of the application (root of repository) - Make a
.env
file in the working directory of the application (root of repository) - Add environment variables to your system (or container)
Method 1 - config.json
This method uses nesting. So the key server.basePath
. Will result in a json file like this:
{
"server": {
"basePath": "/backend",
}
}
Method 2 - .env
The environment variable names use double underscores as separators and MWB_
as the prefix. So the key server.basePath
will result in the .env file like this:
MWB_SERVER__BASE_PATH=/backend
Method 3 - Environment
This method is identical to the .env
method listed above, but you add the variables to the environment instead of writing it in a file.
Reference
server.port
Port number that the HTTP server listens on.
Example: 8080
server.cors
Space seperated list of allowed origins.
Example:
https://movie-web.app https://testing.movie-web.app
server.allowAnySite
If this setting is set to true, it allows any origin to access the site.
This overwrites the setting at server.cors
.
Example: false
server.trustProxy
Should the server trust reverse proxy headers? This is used to identify users for ratelimiting
Example: false
server.trustCloudflare
Should the server trust cloudflare IP headers? This is used to identify users for ratelimiting
Example: false
server.basePath
Prefix for which path is being listened on. Useful you're hosting on example.com/backend
for example.
If this is set, you shouldn't apply url rewriting before proxying.
Example: /backend
logging.format
Logging format, Should be either pretty
or json
.
Example: pretty
postgres.connection
- REQUIRED
Connection URL for postgres instance, should contain the database in the URL.
Example: postgresql://localhost:5432
postgres.migrateOnBoot
Run all migrations that haven't ran yet on boot.
Example: false
::alert{type="warn"} If you have multiple replicas running, this can cause a lot of issues. We recommend only using this if you run only one replica. ::
postgres.debugLogging
Log all postgres queries in the console, this outputs sensitive data so DO NOT run it in production.
Example: false
crypto.sessionSecret
- REQUIRED
The secret used to sign sessions. Must be at least 32 characters long.
Example: Make your own
meta.name
- REQUIRED
The name of the backend instance, this will be displayed to users who try to create an account.
Example: Unofficial movie-web
meta.description
The description of the backend instance, this will be displayed to users who try to create an account.
Example: This is not an official instance of movie-web
captcha.enabled
To protect your server from bot attacks, captcha's can be useful to enabled. If this is enabled, all other captcha related settings are required.
Example: false
captcha.secret
Google Recaptcha secret key.
Example: sjgaJ@3djasFVx
captcha.clientKey
Google Recaptcha site key.
Example: 2jf853z5bc63bvDb2323FAda
ratelimits.enabled
To protect bot attacks or spammy users, you can enabled ratelimits. Make sure your ip headers are properly forwarded if you're using a reverse proxy. Also see server.trustProxy
. If this is enabled, all other ratelimit related settings are required.
Example: false
ratelimits.redisUrl
Redis connection URL for storing ratelimit data. Just uses plain redis without any modules.
Example: redis://localhost:6379