Changes

Page history
added all new content authored by Paul's avatar Paul
Show whitespace changes
Inline Side-by-side
system/deployment/env/Environment-Variables.md 0 → 100644
View page @ 6381bfc3
## Docker settings
| Name | Default | Description | Dev/Test Only? |
| -------------------------- | ---------- | ------------------------------------------------------------ | -------------- |
| IN_DOCKER | true | Whether or not to deploy in a Docker environment | |
| DOCKER_VOLUMES_PATH_PREFIX | ./volumes/ | Common path prefix for all subvolume bind mounts to facilitate backup create and restoration. Note: This path needs to start with either "./" or "/" and needs to end with a "slash". This is to allow for setting this to an empty string or not defining the variable at all if Docker's standard volume directory should be used. | |
## Solr settings
| Name | Default | Description | Dev/Test Only? |
| --------------- | ---------------- | ------------------------------------------ | -------------- |
| SOLR_URL_SCHEME | http | Solr URL scheme (either `http` or `https`) | |
| SOLR_HOST | solr | Host for the Solr server | |
| SOLR_PORT | 8983 | Port for the Solr server | |
| SOLR_CORE | hyrax_production | Name of the Solr core | |
| SOLR_TEST_PORT | 8983 | Port for the test Solr server | yes |
| SOLR_TEST_CORE | hyrax_test | Name of the Solr test core | yes |
## Database settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| -------------------- | ----------------- | -------------------------------------------------- | --------------------- |
| POSTGRES_HOST_APP | appdb | Host for the main application Postgres DB server | |
| POSTGRES_HOST_FCREPO | fcrepodb | Host for the Fedora Postgres DB server | |
| POSTGRES_PORT | 5432 | Port for the Postgres DB server | |
| POSTGRES_USER | postgres | User for the Postgres DB | |
| POSTGRES_PASSWORD | password | Password for the Postgres DB | |
| POSTGRES_DB_APP | hyrax_production | Database name for the main application Postgres DB | |
| POSTGRES_DB_TEST | hyrax_test | Database name for the test application Postgres DB | yes |
| POSTGRES_DB_FCREPO | fcrepo | Database name for the Fedora Postgres DB | |
## Redis settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ---------- | ----------------- | ------------------------- | --------------------- |
| REDIS_HOST | redis | Host for the Redis server | |
| REDIS_PORT | 6379 | Port for the Redis server | |
## Fedora settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ----------------------- | ----------------- | -------------------------------------------- | --------------------- |
| FEDORA_URL_SCHEME | http | Fedora URL scheme (either `http` or `https`) | |
| FEDORA_HOST | fcrepo | Host for the Fedora server | |
| FEDORA_PORT | 8080 | Port for the Fedora server | |
| FCREPO_PATH | /rest | URL path for the Fedora API | |
| FCREPO_VERSION | 4.7.5 | Fedora version | |
| FCREPO_DEVELOPMENT_PORT | 8080 | Port for the Fedora development server | yes |
| FEDORA_TEST_PORT | 8080 | Port for the Fedora test server | yes |
## Rails settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| -------------------------- | ----------------- | ------------------------------------------------------------ | --------------------- |
| LANG | C.UTF-8 | | |
| PORT | 3000 | Port for the application (Rails) server | |
| RAILS_ENV | production | Rails environment (one of `development` or `production`) | |
| RAILS_LOG_TO_STDOUT | true | Flag to direct Rails logging messages to console | |
| RAILS_SERVE_STATIC_FILES | true | Flag to serve static files from Rails process | |
| RAILS_MAX_THREADS | 5 | Maximum number of threads to allow Rails to use | |
| SECRET_KEY_BASE_PRODUCTION | | The secret key should be a very long random key. You can use `$ bundle exec rails secret` to generate one. | |
| DEVISE_SECRET_KEY | | The secret key should be a very long random key. You can use `$ bundle exec rails secret` to generate one. | |
| RAILS_FORCE_SSL | false | Flag to force Rails to use SSL | |
## Matomo settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ------------------------ | ----------------- | ------------------------------------------------------------ | --------------------- |
| HYRAX_ANALYTICS | true | Flag to enable Hyrax analytics | |
| HYRAX_ANALYTICS_PROVIDER | matomo | Hyrax supports Google Analytics and Matomo. RDMS is configured to use Matomo | |
| ANALYTICS_START_DATE | 2022-02-18 | Date from which analytics are gathered | |
| MATOMO_SITE_ID | | Identifies ReSeed to the Matomo service | |
| MATOMO_BASE_URL | | Base URL for the Matomo service | |
| MATOMO_BASE_URL_SUFFIX | index.php | URL suffix for the Matomo service | |
| MATOMO_AUTH_TOKEN | | Token used to authenticate ReSeed to the Matomo API | |
## Hyrax settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ---------------------------------------- | --------------------------- | ------------------------------------------------------------ | --------------------- |
| HOST_APP_DATA_PATH | /data/ | Local path for mounted data directory (used by importer) | |
| DERIVATIVES_PATH | /shared/derivatives/ | Local path for derivatives | |
| FITS_PATH | /fits/fits-1.5.5/fits.sh | Path to FITS executable | |
| FITS_VERSION | 1.5.5 | FITS version | |
| UPLOADS_PATH | /shared/uploads/ | Local path uploaded files | |
| CACHE_PATH | /shared/cache/ | Path for cache | |
| BRAND_PATH | /data/public/branding | Path for logos etc. | |
| DEFAULT_DATE_FORMAT | %Y-%m-%d | Default data format | |
| NOTIFICATIONS_EMAIL_DEFAULT_FROM_ADDRESS | no-reply@mailboxer.com | Default email address used for `from` field in emailed notifications | |
| USER_MANAGEMENT_EMAIL_FROM_ADDRESS | repo-admin@example.org | Email address used for `from` field in emailed notifications relating to user-management | |
| CONTACT_FORM_SUBJECT_PREFIX | Hyrax Contact form: | Prefix used in `subject` field for contact form | |
| CONTACT_EMAIL | | Email address to which to send emailed contact form submissions | |
| FROM_EMAIL | | Email address used for `from` field in emailed contact form submissions | |
| SMTP_HOST | | Host for SMTP server used to send notifications | |
| SMTP_PORT | | Port for SMTP server used to send notifications | |
| SMTP_PASS | | Password for SMTP server used to send notifications | |
| GEONAMES | | | |
| IIIF_SEARCH_ENDPOINT | | | |
| CONFIG_IIIF_IMAGE_ENDPOINT | | | |
| IIIF_TO_SERVE_SSL_URLS | false | If the rails server is configured to serve requests in https, set this to true | |
| CRC_FOLDER_IMPORT_PATH | /mnt/rdms_data/RUB/testData | Local path for mounted data directory (used by importer for CRC1280 test data) | yes |
| USE_BROWSE_EVERYTHING | false | Flag to enable Browse Everything | |
| GOOGLE_DRIVE_CLIENT_ID | | (for Browse Everything) | |
| GOOGLE_DRIVE_CLIENT_SECRET | | (for Browse Everything) | |
| BOX_CLIENT_ID | | (for Browse Everything) | |
| BOX_CLIENT_SECRET | | (for Browse Everything) | |
| APP_HOST | localhost:3000 | Host used for generating URLs | |
| APPLICATION_URL | http://localhost:3000 | Should **not** have trailing slash | |
## S3 settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| --------------------- | ------------------------------- | ----------------------------------------------- | --------------------- |
| USE_S3 | false | Flag to enable use of S3 (necessary for ReSeeD) | |
| S3_ENDPOINT | https://s3.location.example.com | S3 service base URL | |
| S3_ACCESS_KEY | | S3 service access key | |
| S3_SECRET_KEY | | S3 service secret key | |
| S3_REGION | | S3 service region | |
| S3_FILE_UPLOAD_BUCKET | | Name of specific S3 bucket used for uploads | |
| S3_BUCKET_PREFIX | | Prefix for S3 buckets used for ReSeed data | |
| S3_EXPIRY | 1 | Value is in **days** | |
## File Upload and Download settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ------------------------------ | ----------------- | ------------------------------------------------------------ | --------------------- |
| RUBY_THREAD_MACHINE_STACK_SIZE | 8388608 | Memory allocation | |
| RUBY_THREAD_VM_STACK_SIZE | 8388608 | Memory allocation | |
| MAX_FILES | 1000 | Maximum number of files that can be uploaded in a single operation | |
| MAX_FILE_SIZE | 2000000000 | Specified in **bytes only**, not in words (i.e. **not** like this "2.gigabytes") | |
| DOWNLOAD_FILES_SIZE_LIMIT | 100000000 | Maximum size of file that can be downloaded in a single operation | |
| DOWNLOAD_FILES_COUNT_LIMIT | 150 | Maximum number of files that can be downloaded in a single operation | |
| DOWNLOAD_PATH | tmp/downloads | Local path for downloaded files | |
## Authentication settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ---------------------------- | -------------------------------------------------- | ------------------------------------------------------------ | --------------------- |
| USE_SAML | true | Flag to use SAML authentication | |
| SAML_SP_ID | ${APPLICATION_URL} | ID for SAML Service Provider | |
| SAML_IDP_SERVICE_URL | https://samltest.id/saml/idp | URL for SAML Identity Provider | |
| SAML_IDP_SSO_SERVICE_URL | https://samltest.id/idp/profile/SAML2/Redirect/SSO | URL for SAML Identity Provider SSO service | |
| SAML_IDP_CERT | | See "Default value for `SAML-IDP-CERT`" section at bottom of this document for default value (string is too long to include in this Markdown table) | |
| SAML_SP_CERTIFICATE | | Certificate for SAML Service Provider | |
| SAML_SP_CERTIFICATE_KEY | | Certificate key for for SAML Service Provider | |
| SAML_ATTRIBUTE_UID | urn:oasis:names:tc:SAML:attribute:pairwise-id | Identifier for SAML attribute: UID | |
| SAML_ATTRIBUTE_NAME | urn:oid:2.16.840.1.113730.3.1.241 | Identifier for SAML attribute: Name | |
| SAML_ATTRIBUTE_EMAIL | urn:oid:0.9.2342.19200300.100.1.3 | Identifier for SAML attribute: Email | |
| SAML_ATTRIBUTE_ROLE | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | Identifier for SAML attribute: Role | |
| SAML_RESTRICT_AUTHORIZATION | true | If Authorisation is restricted, only users with `affiliation=staff `are allowed access | |
| USE_ORCID | true | Flag to enable use of Orcid for authentication | |
| ORCID_CLIENT_ID | | Client ID for Orcid API | |
| ORCID_CLIENT_SECRET | | Secret ID for Orcid API | |
| ORCID_MEMBER | false | Flag indicating Orcid organisational membership | |
| ORCID_SANDBOX | true | Use Orcid sandbox instead of production API | |
| ORCID_RESTRICT_AUTHORIZATION | true | If Authorisation is restricted, only **existing** users with an Orcid ID are allowed access | |
## PID settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ------------- | ---------------------------------- | ------------------------------------------------------------ | --------------------- |
| REGISTER_DOI | true | Flag enabling registering of DOIs for **published** datasets | |
| DOI_URL | https://api.test.datacite.org/dois | URL of DataCite API for minting DOIs | |
| DOI_USERNAME | | Username for DataCite API for minting DOIs | |
| DOI_PASSWORD | | Password for DataCite API for minting DOIs | |
| DOI_PREFIX | | DOI prefix to use in DataCite for minting DOIs | |
| REGISTER_ARK | true | Flag enabling registering of ARKs for datasets | |
| ARK_ENDPOINT | | URL of ARK service API for minting ARKs | |
| ARK_USERNAME | | Username for ARK service for minting ARKs | |
| ARK_PASSWORD | | Password for ARK service for minting ARKs | |
| ARK_NAMESPACE | | Namespace to use when minting ARKs | |
| ARK_NAAN | | ARK name assigning authority number | |
## CRC1280 settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| ---------------------------- | ----------------- | ------------------------------------------------------------ | --------------------- |
| CRC1280_COLLECTION | CRC1280 | Name of CRC1280 collection in ReSeeD | |
| CRCDATASET_FUNDER_IDENTIFIER | | Constant value to use when creating new CRC1280 works: Funder Identifier | |
| CRCDATASET_FUNDER_NAME | | Constant value to use when creating new CRC1280 works: Funder Name | |
| CRCDATASET_AWARD_NUMBER | | Constant value to use when creating new CRC1280 works: Award Number | |
| CRCDATASET_AWARD_TITLE | | Constant value to use when creating new CRC1280 works: Award Title | |
| CRCDATASET_AWARD_URI | | Constant value to use when creating new CRC1280 works: Award URI | |
| CRCDATASET_LANGUAGE | | Constant value to use when creating new CRC1280 works: Language | |
| CRCDATASET_RESOURCE_TYPE | Collection | Constant value to use when creating new CRC1280 works: Resource Type | |
## Other miscellaneous settings
| **Name** | **Default Value** | **Description** | **Dev or Test Only?** |
| -------------------------- | ----------------------------- | ------------------------------------------------------------ | --------------------- |
| RUB_ADMIN_SET_TITLE | RUB publication workflow | Title used in workflows | |
| CRC_ADMIN_SET_TITLE | CRC1280 publication Workflow | Title used in workflows | |
| SYSTEM_ADMINISTRATOR | admin@hyrax | System user with the `admin` role | |
| SYSTEM_PUBLICATION_MANAGER | publication_manager@hyrax | System user with the `publication manager` role | |
| DATASET_PUBLISHER | | Constant value to use when creating new RUB works: Publisher | |
## Default value for `SAML-IDP-CERT`
```
-----BEGIN CERTIFICATE----- MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFKs71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyjxj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVNc1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpdVa54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiLArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/weP3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcciNBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA== -----END CERTIFICATE-----
```