Server configuration
The Elimity Insights server supports many configuration options that it reads from different locations. Most of them reside in configuration files, but this page also lists some environment variables that might be useful.
Configuration files
By default, the Elimity Insights server reads configuration options from files at config/elimity.yml and config/secrets.yml. For container-based installations we recommend simply mounting a directory containing these files at /app/config.
The elimity.yml configuration file
elimity.yml configuration fileMost configuration options for Elimity Insights servers reside in the elimity.yml file. Refer to the following attachment as a starting point:
The table below describes each supported configuration option in more detail:
AccessReviewRequestedChangesEmail
string
""
Email address to which notifications should be sent for every change request. Use "" to skip sending these emails.
AccessReviewToolbarBackgroundColor
string
""
CSS specification for the background color of toolbars in access review wizards. Use "" to stick with the default of Elimity's primary blue color.
AccessReviewToolbarLogoPath
string
""
File path for overriding the logo of toolbars in access review wizards. We recommend using an image with a transparent background and a height/width ratio of approximately 1/7. Use "" to stick with the default white Elimity logo.
BaseURL
string
URL indicating where the Elimity Insights server is hosted, e.g. http://localhost:8080.
DefaultAccountEmail
string
""
If this value is not set to "" and there are no user accounts or invites in the database, then the Elimity Insights server will send an invite to this email address.
EnableOIDCAuthentication
boolean
false
If enabled, the Elimity Insights server allows users to register and log in using OIDC. We highly encourage enabling this option for production deployments.
EnablePasswordAuthentication
boolean
false
If enabled, the Elimity Insights server allows users to register and log in using passwords. We highly discourage enabling this option for production deployments.
HttpsEnabled
boolean
true
If enabled, the Elimity Insights will additionally listen for HTTPS traffic on TLSListeningPort. It will also redirect HTTP requests arriving at ListeningPort. We discourage enabling this option, please deploy a dedicated HTTPS proxy instead.
ListeningPort
number
8080
The Elimity Insights server will listen for HTTP traffic on this port.
LogFile
string
""
The Elimity Insights server will write logs to the file at this path. Use "" to let the server log to the standard error stream.
LoginPageBackgroundPath
string
""
File path for overriding the background image on the login page. Use "" to stick with Elimity's default image.
MailSender
string
Sender address for outgoing emails.
OIDCClientID
string
Client identifier to use for OIDC authentication; only required if EnableOIDCAuthentication is true.
OIDCProvider
string
URL of the OIDC provider to use for authentication (search for the issuer property in your OIDC discovery document); only required if EnableOIDCAuthentication is true.
OrganisationName
string
The name of your organization; only affects the OIDC login button label.
PrefillCache
boolean
false
Enable this option if you want to prefill the relationship cache for faster queries at the cost of a slow startup and high memory usage.
ReadTimeOutMinutes
number
5
Maximum number of minutes the server should spend on reading incoming requests.
SupportCustomMailServer
boolean
false
Determines whether admins can configure a custom mail server.
SupportPageUrl
string
""
Adds an additional support link in the UI toolbar, unless this is set to "".
TLSCertificate
string
File path where the server should read the TLS certificate for serving HTTPS; only required if HttpsEnabled is true.
TLSCertificateKey
string
File path where the server should read the TLS private key for serving HTTPS; only required if HttpsEnabled is true.
TLSListeningPort
number
8081
The Elimity Insights server will listen for HTTPS traffic on this port; only required if HttpsEnabled is true.
TemplatesPath
string
""
The directory path to use for overriding various HTML and plain-text templates in Elimity Insights; stick to the default of "" to use standard built-in templates. Refer to our official documentation for additional information.
WriteTimeOutMinutes
number
15
Maximum number of minutes the server should spend on writing outgoing responses.
The secrets.yml configuration file
secrets.yml configuration fileElimity Insights servers read the more sensitive configuration options from a separate secrets.yml file. Again you can refer to the following attachment as a starting point:
The table below describes each supported configuration option in more detail:
DatabaseURL
string
PostgreSQL connection string that the server should use for its database connections.
EnableGatewayOAuth2
boolean
false
Determines whether Elimity Insights should use OAuth2 for authentication to gateways.
EncryptionKey
string
Base64-encoded AES-256 key for encrypting secrets in the configured database. We suggest using a command like openssl rand -base64 32 to generate and encode such a key.
GatewayOAuth2ClientId
string
OAuth2 client ID to use when retrieving an access token for gateway authentication; only required if EnableGatewayOAuth2 is true.
GatewayOAuth2ClientSecret
string
OAuth2 client secret to use when retrieving an access token for gateway authentication; only required if EnableGatewayOAuth2 is true.
GatewayOAuth2EndpointParams
record[string]
Record mapping extra OAuth2 token endpoint parameters to Expr programs; refer to our dedicated documentation for additional information.
GatewayOAuth2TokenUrl
string
OAuth2 token URL to use when retrieving an access token for gateway authentication; only required if EnableGatewayOAuth2 is true.
OIDCClientSecret
string
Client secret to use for OIDC authentication; only required if EnableOIDCAuthentication is true.
SMTPEnableAuth
boolean
true
Determines whether Elimity Insights should authenticate to the configured SMTP server.
SMTPEnableOAuth2
boolean
false
Determines whether Elimity Insights should use OAuth2 for authentication to the configured SMTP server.
SMTPHostname
string
The hostname of the SMTP server to which Elimity Insights sends emails.
SMTPOAuth2ClientId
string
Client ID for OAuth2 authentication to the configured SMTP server; only required if SMTPEnableAuth and SMTPEnableOAuth2 are true.
SMTPOAuth2ClientSecret
string
Client secret for OAuth2 authentication to the configured SMTP server; only required if SMTPEnableAuth and SMTPEnableOAuth2 are true.
SMTPOAuth2Scope
string
Scope for OAuth2 authentication to the configured SMTP server; only required if SMTPEnableAuth and SMTPEnableOAuth2 are true.
SMTPOAuth2TokenUrl
string
Token URL for OAuth2 authentication to the configured SMTP server; only required if SMTPEnableAuth and SMTPEnableOAuth2 are true.
SMTPPassword
string
Password for direct authentication to the configured SMTP server; only required if SMTPEnableAuth is true and SMTPEnableOAuth2 is false.
SMTPPort
number
The port of the SMTP server to which Elimity Insights sends emails.
SMTPUser
string
Username for authentication to the configured SMTP server; only required if SMTPEnableAuth is true.
Environment variables
For most customers the aforementioned configuration files should offer all the customization options they need; the following environment variables may be useful in more advanced deployment scenarios:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY
Determine which proxy the server should use for outgoing HTTP(S) requests
GOGC, GOMEMLIMIT
Can be used to tune memory usage
SSL_CERT_DIR, SSL_CERT_FILE
Determine where the server should look for certificates to verify SSL connections; only supported on Linux
Last updated