Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions content/docs/configuration/env-variables.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,18 @@ These environment variables can be used in both the agent and the hub.

## Hub

| Variable | Default Value | Recommended to change | Description |
| ---------------------- | ------------- | --------------------- | ------------------------------------------------------------------------------------------------------------ |
| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance |
| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` |
| `HOST` | `0.0.0.0` | no | Host address |
| `PORT` | `8080` | no | Container port |
| `DISABLE_LOCAL_AUTH` | `false` | no | Disable password authentication. Useful when using SSO with OIDC |
| `TRUSTED_PROXIES` | `-` | no | Recommended if using a reverse proxy. Comma seperated list of network origins |
| `DISABLE_UI` | `false` | no | Disable serving the frontend. Useful when using the hub only for API access. |
| `ALLOWED_INTERNAL_IPS` | `-` | no | Private IPs that should be ignored by the SSRF protection. Comma seperated list of CIDR ranges or single IPs |
| `DEMO` | `false` | no | This mode disables all functions except the login and additionally seeds some demo data in the database |
| Variable | Default Value | Recommended to change | Description |
| ---------------------- | ------------- | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance |
| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` |
| `HOST` | `0.0.0.0` | no | Host address |
| `PORT` | `8080` | no | Container port |
| `DISABLE_LOCAL_AUTH` | `false` | no | Disable password authentication. Useful when using SSO with OIDC |
| `TRUSTED_PROXIES` | `-` | no | Recommended if using a reverse proxy. Comma seperated list of network origins |
| `ALLOWED_IPS` | `-` | no | Harden the hub by only allowing requests from certain IPs. Comma seperated list of CIDR ranges or single IPs. This does not apply to webhooks or the agent connections. |
| `DISABLE_UI` | `false` | no | Disable serving the frontend. Useful when using the hub only for API access. |
| `ALLOWED_INTERNAL_IPS` | `-` | no | Private IPs that should be ignored by the SSRF protection. Comma seperated list of CIDR ranges or single IPs |
| `DEMO` | `false` | no | This mode disables all functions except the login and additionally seeds some demo data in the database |

## Agent

Expand Down
4 changes: 4 additions & 0 deletions content/docs/guides/reverse-proxy.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ server {
# Required for WebSocket connections.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

# Prevent Websocket being closed by Nginx
proxy_send_timeout 120s;
proxy_read_timeout 120s;
}
}
```
Expand Down