Configuration

This page offers an overview of all the environment variables you’ll need to specify in the .env configuration file.

Cawemo

Environment Variable Example Value Description
SERVER_URL https://cawemo.example.com URL at which users will access Cawemo. Please use the domain root.
Internally, the traffic has to be proxied to the cawemo-webapp container (port 8080).
SERVER_HOST cawemo.example.com Host part of SERVER_URL
SERVER_HTTPS_ONLY true Enforce the usage of HTTPS when users access Cawemo in the browser
SERVER_SESSION_COOKIE_SECRET **** A unique secret of at least 32 characters used to sign Cawemo session cookies.
If left blank, a random value will be generated automatically by the startup script.
DB_HOST postgres.example.com Host name of the PostgreSQL instance
DB_PORT 5432 Database port
DB_NAME cawemo Database name for Cawemo. Please use separate databases for Cawemo and Camunda Account.
DB_USER cawemo Database user
DB_PASSWORD **** Database password
SMTP_HOST mail.example.com Host name of the SMTP server used by both Cawemo and Camunda Account
SMTP_PORT 587 SMTP server port
SMTP_USER user SMTP user
SMTP_PASSWORD **** SMTP password
SMTP_ENABLE_TLS true Enable or disable TLS encryption for SMTP connections
SMTP_FROM_ADDRESS cawemo@example.com E-mail address that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account
SMTP_FROM_NAME Cawemo Name that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account
BROWSER_WEBSOCKET_HOST ws.example.com Name of the host on which the browser will access the Cawemo WebSockets server.
Internally, the traffic has to be proxied to the cawemo-websockets container (port 8060).
BROWSER_WEBSOCKET_PORT 443 Port number on which the browser will access the Cawemo WebSockets server
BROWSER_WEBSOCKET_FORCETLS true Enable or disable TLS encryption for WebSocket connections initiated by the browser
WEBSOCKET_SECRET **** A unique secret of at least 32 characters used by Cawemo's webapp and restapi modules to authenticate to the WebSockets server.
If left blank, a random value will be generated automatically by the startup script.
THEME_COLOR_PRIMARY #2875cc HTML color code used for buttons and hyperlinks in e-mails sent by Cawemo
HOST_LICENSE_FILE_PATH ./../configuration/license-key.txt Path to the license key file

Camunda Account

Environment Variable Example Value Description
IAM_BASE_URL https://iam.example.com URL at which users will access Camunda Account. Please note that it must be different from Cawemo's SERVER_URL.
Internally, the traffic has to be proxied to the iam-router container (port 8090).
IAM_TOKEN_SIGNING_KEY **** A 4096 bits RSA private key in JSON Web Key (JWK) format. It will be used to sign the access tokens issued by Camunda Account.
If left blank, a JWK will be generated automatically by the startup script.1)
CLIENT_SECRET **** A unique secret of at least 32 characters used by Cawemo to authenticate to Camunda Account.
If left blank, a random value will be generated automatically by the startup script.
IAM_DB_HOST postgres.example.com Host name of the PostgreSQL instance
IAM_DB_PORT 5432 Database port
IAM_DB_NAME iam Database name for Camunda Account. Please use separate databases for Cawemo and Camunda Account.
IAM_DB_USER iam Database user
IAM_DB_PASSWORD **** Database password
IAM_DATABASE_ENCRYPTION_KEY **** A unique secret of 32 characters used to encrypt client secrets in the Camunda Account database.
If left blank, a random value will be generated automatically by the startup script.
LDAP_ENABLED false Enable or disable LDAP integration2)

Notes

1) If you’d like to generate the JWK yourself, please use the following command:

docker run --rm -t \
  registry.camunda.cloud/iam-ee/iam-utility:v1.1.6 \
  yarn run generate-jwk

2) Please refer to the LDAP configuration options for the additional environment variables that will be required if you enable the LDAP integration.

On this Page: