Configuration
This page offers an overview of all the environment variables you’ll need to specify in the .env configuration file.
Cawemo
| Environment Variable | Example Value | Description |
|---|---|---|
| SERVER_URL | https://cawemo.example.com |
URL at which users will access Cawemo. Please use the domain root. Internally, the traffic has to be proxied to the cawemo-webapp container (port 8080). |
| SERVER_HOST | cawemo.example.com | Host part of SERVER_URL |
| SERVER_HTTP_COMPRESSION_ |
true |
Enable HTTP response compression.
By default, responses must be at least 2048 bytes in length for compression to be performed.
You can configure this behavior by setting the SERVER_HTTP_COMPRESSION_ Set this to false if Cawemo is running behind a component that already compresses responses. |
| SERVER_HTTP_COMPRESSION_ |
2048 | Minimum size of HTTP responses in bytes for compression to take effect. |
| SERVER_HTTPS_ONLY | true | Enforce the usage of HTTPS when users access Cawemo in the browser |
| SERVER_SESSION_COOKIE_SECRET | **** |
A unique secret of at least 32 characters used to sign Cawemo session cookies. If left blank, a random value will be generated automatically by the startup script. |
| DB_HOST | postgres.example.com | Host name of the PostgreSQL instance |
| DB_PORT | 5432 | Database port |
| DB_NAME | cawemo | Database name for Cawemo. Please use separate databases for Cawemo and Camunda Account. |
| DB_USER | cawemo | Database user |
| DB_PASSWORD | **** | Database password |
| SMTP_HOST | mail.example.com | Host name of the SMTP server used by both Cawemo and Camunda Account |
| SMTP_PORT | 587 | SMTP server port |
| SMTP_USER | user | SMTP user |
| SMTP_PASSWORD | **** | SMTP password |
| SMTP_ENABLE_TLS | true | Enable or disable TLS encryption for SMTP connections |
| SMTP_FROM_ADDRESS | cawemo@example.com | E-mail address that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account |
| SMTP_FROM_NAME | Cawemo | Name that will be displayed as the sender of e-mails sent by Cawemo and Camunda Account |
| BROWSER_WEBSOCKET_HOST | ws.example.com |
Name of the host on which the browser will access the Cawemo WebSockets server. Internally, the traffic has to be proxied to the cawemo-websockets container (port 8060). |
| BROWSER_WEBSOCKET_PORT | 443 | Port number on which the browser will access the Cawemo WebSockets server |
| BROWSER_WEBSOCKET_FORCETLS | true | Enable or disable TLS encryption for WebSocket connections initiated by the browser |
| WEBSOCKET_SECRET | **** |
A unique secret of at least 32 characters used by Cawemo's webapp and restapi modules to
authenticate to the WebSockets server. If left blank, a random value will be generated automatically by the startup script. |
| THEME_COLOR_PRIMARY | #2875cc | HTML color code used for buttons and hyperlinks in e-mails sent by Cawemo |
| HOST_LICENSE_FILE_PATH | ./../configuration/license-key.txt | Path to the license key file |
Camunda Account
| Environment Variable | Example Value | Description |
|---|---|---|
| IAM_BASE_URL | https://iam.example.com |
URL at which users will access Camunda Account. Please note that it must be different from Cawemo's SERVER_URL. Internally, the traffic has to be proxied to the iam-router container (port 8090). |
| IAM_TOKEN_SIGNING_KEY | **** |
A 4096 bits RSA private key in JSON Web Key (JWK) format. It will be used to sign the access tokens issued by Camunda Account. If left blank, a JWK will be generated automatically by the startup script.1) |
| CLIENT_SECRET | **** |
A unique secret of at least 32 characters used by Cawemo to authenticate to Camunda Account. If left blank, a random value will be generated automatically by the startup script. |
| IAM_DB_HOST | postgres.example.com | Host name of the PostgreSQL instance |
| IAM_DB_PORT | 5432 | Database port |
| IAM_DB_NAME | iam | Database name for Camunda Account. Please use separate databases for Cawemo and Camunda Account. |
| IAM_DB_USER | iam | Database user |
| IAM_DB_PASSWORD | **** | Database password |
| IAM_DATABASE_ENCRYPTION_KEY | **** |
A unique secret of 32 characters used to encrypt client secrets in the Camunda Account database. If left blank, a random value will be generated automatically by the startup script. |
| LDAP_ENABLED | false | Enable or disable LDAP integration2) |
Notes
1) If you’d like to generate the JWK yourself, please use the following command:
docker run --rm -t \
registry.camunda.cloud/iam-ee/iam-utility:v1.1.17 \
yarn run generate-jwk
2) Please refer to the LDAP configuration options for the additional environment variables that will be required if you enable the LDAP integration.