diff --git a/content/docs/configuration/env-variables.mdx b/content/docs/configuration/env-variables.mdx index 057d623..ab8caa5 100644 --- a/content/docs/configuration/env-variables.mdx +++ b/content/docs/configuration/env-variables.mdx @@ -17,17 +17,18 @@ These environment variables can be used in both the agent and the hub. ## Hub -| Variable | Default Value | Recommended to change | Description | -| ---------------------- | ------------- | --------------------- | ------------------------------------------------------------------------------------------------------------ | -| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance | -| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` | -| `HOST` | `0.0.0.0` | no | Host address | -| `PORT` | `8080` | no | Container port | -| `DISABLE_LOCAL_AUTH` | `false` | no | Disable password authentication. Useful when using SSO with OIDC | -| `TRUSTED_PROXIES` | `-` | no | Recommended if using a reverse proxy. Comma seperated list of network origins | -| `DISABLE_UI` | `false` | no | Disable serving the frontend. Useful when using the hub only for API access. | -| `ALLOWED_INTERNAL_IPS` | `-` | no | Private IPs that should be ignored by the SSRF protection. Comma seperated list of CIDR ranges or single IPs | -| `DEMO` | `false` | no | This mode disables all functions except the login and additionally seeds some demo data in the database | +| Variable | Default Value | Recommended to change | Description | +| ---------------------- | ------------- | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance | +| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` | +| `HOST` | `0.0.0.0` | no | Host address | +| `PORT` | `8080` | no | Container port | +| `DISABLE_LOCAL_AUTH` | `false` | no | Disable password authentication. Useful when using SSO with OIDC | +| `TRUSTED_PROXIES` | `-` | no | Recommended if using a reverse proxy. Comma seperated list of network origins | +| `ALLOWED_IPS` | `-` | no | Harden the hub by only allowing requests from certain IPs. Comma seperated list of CIDR ranges or single IPs. This does not apply to webhooks or the agent connections. | +| `DISABLE_UI` | `false` | no | Disable serving the frontend. Useful when using the hub only for API access. | +| `ALLOWED_INTERNAL_IPS` | `-` | no | Private IPs that should be ignored by the SSRF protection. Comma seperated list of CIDR ranges or single IPs | +| `DEMO` | `false` | no | This mode disables all functions except the login and additionally seeds some demo data in the database | ## Agent diff --git a/content/docs/guides/reverse-proxy.mdx b/content/docs/guides/reverse-proxy.mdx index 2470839..c178b3c 100644 --- a/content/docs/guides/reverse-proxy.mdx +++ b/content/docs/guides/reverse-proxy.mdx @@ -27,6 +27,10 @@ server { # Required for WebSocket connections. proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; + + # Prevent Websocket being closed by Nginx + proxy_send_timeout 120s; + proxy_read_timeout 120s; } } ```