Configuration
This page offers an overview of all the environment variables you’ll need to specify in the .env
configuration file.
Cawemo
Environment Variable | Example Value | Description |
---|---|---|
SERVER_URL | https://cawemo.example.com |
URL at which users will access Cawemo. Please use the domain root. Internally, the traffic has to be proxied to the cawemo-webapp container (port 8080). |
SERVER_HOST | cawemo.example.com | Host part of SERVER_URL |
SERVER_HTTPS_ONLY | true | Enforce the usage of HTTPS when users access Cawemo in the browser |
SERVER_SESSION_COOKIE_SECRET | **** |
A unique secret of at least 32 characters used to sign Cawemo session cookies. If left blank, a random value will be generated automatically by the startup script. |
DB_HOST | postgres.example.com | Host name of the PostgreSQL instance |
DB_PORT | 5432 | Database port |
DB_NAME | cawemo | Database name for Cawemo. Please use separate databases for Cawemo and Camunda Account. |
DB_USER | cawemo | Database user |
DB_PASSWORD | **** | Database password |
SMTP_HOST | mail.example.com | Host name of the SMTP server used by both Cawemo and Camunda Account |
SMTP_PORT | 587 | SMTP server port |
SMTP_USER | user | SMTP user |
SMTP_PASSWORD | **** | SMTP password |
SMTP_ENABLE_TLS | true | Enable or disable TLS encryption for SMTP connections |
SMTP_FROM_ADDRESS | cawemo@example.com | E-mail address that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account |
SMTP_FROM_NAME | Cawemo | Name that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account |
BROWSER_WEBSOCKET_HOST | ws.example.com |
Name of the host on which the browser will access the Cawemo WebSockets server. Internally, the traffic has to be proxied to the cawemo-websockets container (port 8060). |
BROWSER_WEBSOCKET_PORT | 443 | Port number on which the browser will access the Cawemo WebSockets server |
BROWSER_WEBSOCKET_FORCETLS | true | Enable or disable TLS encryption for WebSocket connections initiated by the browser |
WEBSOCKET_SECRET | **** |
A unique secret of at least 32 characters used by Cawemo's webapp and restapi modules to
authenticate to the WebSockets server. If left blank, a random value will be generated automatically by the startup script. |
THEME_COLOR_PRIMARY | #2875cc | HTML color code used for buttons and hyperlinks in e-mails sent by Cawemo |
HOST_LICENSE_FILE_PATH | ./../configuration/license-key.txt | Path to the license key file |
Camunda Account
Environment Variable | Example Value | Description |
---|---|---|
IAM_BASE_URL | https://iam.example.com |
URL at which users will access Camunda Account. Please note that it must be different from Cawemo's SERVER_URL. Internally, the traffic has to be proxied to the iam-router container (port 8090). |
IAM_TOKEN_SIGNING_KEY | **** |
A 4096 bits RSA private key in JSON Web Key (JWK) format. It will be used to sign the access tokens issued by Camunda Account. If left blank, a JWK will be generated automatically by the startup script.1) |
CLIENT_SECRET | **** |
A unique secret of at least 32 characters used by Cawemo to authenticate to Camunda Account. If left blank, a random value will be generated automatically by the startup script. |
IAM_DB_HOST | postgres.example.com | Host name of the PostgreSQL instance |
IAM_DB_PORT | 5432 | Database port |
IAM_DB_NAME | iam | Database name for Camunda Account. Please use separate databases for Cawemo and Camunda Account. |
IAM_DB_USER | iam | Database user |
IAM_DB_PASSWORD | **** | Database password |
IAM_DATABASE_ENCRYPTION_KEY | **** |
A unique secret of 32 characters used to encrypt client secrets in the Camunda Account database. If left blank, a random value will be generated automatically by the startup script. |
LDAP_ENABLED | false | Enable or disable LDAP integration2) |
Notes
1) If you’d like to generate the JWK yourself, please use the following command:
docker run --rm -t \
registry.camunda.cloud/iam-ee/iam-utility:v1.1.6 \
yarn run generate-jwk
2) Please refer to the LDAP configuration options for the additional environment variables that will be required if you enable the LDAP integration.