-
Notifications
You must be signed in to change notification settings - Fork 7
/
config_dev.env.example
172 lines (146 loc) · 8.73 KB
/
config_dev.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# HelERM environment configuration
# This file defines a set of (environment) variables that configure most
# of the functionality of helerm. In order for helerm to read
# this file, rename it to `config_dev.env`. As the name implies, this
# file is supposed to be used only in development. For production use
# we recommend setting the environment variables using the facilities
# of your runtime environment.
# HelERM reads this file by itself. However, it can also be
# used in conjunction with the included docker-compose.yml. Then
# you don't need to inject the file into the container. Instead
# Docker defines environment variables that helerm will read.
# Following are the settings and their explanations, with example values
# that might be useful for development:
# HelERM generates a JHS191-compliant XML export for consumption by
# other systems. This sets the human readable description fields for
# that document.
# HELERM_JHS191_EXPORT_DESCRIPTION="Export from development environment"
# Whether to run Django in debug mode
# Django setting: DEBUG https://docs.djangoproject.com/en/3.0/ref/settings/#debug
DEBUG=True
# Helsinki user management library (django-helusers) brings this in as
# a generic setting for indicating the "mode" of the site. It can be
# either 'dev', 'test' or 'production'. Only effect in HelERM is
# changing header color in Django admin
# Does not correspond to a standard Django setting
HEL_SITE_TYPE=dev
# Level of Django logging. All events above the given level will be logged.
# Django setting: DJANGO_LOG_LEVEL https://docs.djangoproject.com/en/3.0/topics/logging/#examples
# DJANGO_LOG_LEVEL=INFO
# Configures database for HelERM using URL style. Format is:
# postgres://USER:PASSWORD@HOST:PORT/NAME
# Unused components may be left out, only Postgres is supported
# The example below configures HelERM to use local PostgreSQL database
# called "helerm", connecting same as username as Django is running as.
# Django setting: DATABASES (but not directly) https://docs.djangoproject.com/en/3.0/ref/settings/#databases
# DATABASE_URL=postgres:///helerm
# HelERM will use JWT tokens for authentication. This settings Specifies
# the value that must be present in the "aud"-key of the token presented
# by a client when making an authenticated request. HelERM uses this
# key for verifying that the token was meant for accessing this particular
# HelERM instance (the tokens are signed, see below).
# Does not correspond to standard Django setting
# TOKEN_AUTH_ACCEPTED_AUDIENCE=string-identifying-this-helerm-instance
# This key will be used by HelERM to verify the JWT token is from trusted
# Identity Provider (OpenID terminology). The provider must have signed
# the JWT TOKEN using this shared secret
# Does not correspond to standard Django setting
# TOKEN_AUTH_SHARED_SECRET=abcdefghacbdefgabcdefghacbdefgabcdefghacbdefgabcdefghacbdefgabcdefghacbdefg
# Secret used for various functions within Django. This setting is
# mandatory for Django, but HelERM will generate an ephemeral key,
# if it is not defined here. Currently HelERM does not use any
# functionality that needs this.
# Django setting: SECRET_KEY https://docs.djangoproject.com/en/3.0/ref/settings/#secret-key
# SECRET_KEY=gaehgoes89yrtp9384ygpe9r8ahgaerui8ghpae98rgh
# List of Host-values, that HelERM will accept in requests.
# This setting is a Django protection measure against HTTP Host-header attacks
# https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting
# Specified as a comma separated list of allowed values. Note that this does
# NOT matter if you are running with DEBUG
# Django setting: ALLOWED_HOSTS https://docs.djangoproject.com/en/3.0/ref/settings/#allowed-hosts
# ALLOWED_HOSTS=api.hel.ninja,helerm-api.hel.ninja
# List of tuples (or just e-mail addresses) specifying Administrators of this
# HelERM instance. Django uses this only when logging is configured to
# send exceptions to admins. HelERM does not do this. Still you may want
# to set this for documentation
# Django setting: ADMINS https://docs.djangoproject.com/en/3.0/ref/settings/#admins
# Whether cookies set by Django are only allowed to be sent over
# secure (HTTPS) connection. This sets the "Secure" tag on the Set-Cookie
# header. For development, you will likely to want to set this to False.
# On server you will most certainly want to set this to True.
# Typical failure mode is when admin login returns back to empty form.
# Django setting: CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE
# https://docs.djangoproject.com/en/3.1/ref/settings/#session-cookie-secure
# COOKIE_SECURE=False
# Cookie prefix is added to the every cookie set by HelERM. These are
# mostly used when accessing the internal Django admin site. This applies
# to django session cookie and csrf cookie
# Django setting: prepended to CSRF_COOKIE_NAME and SESSION_COOKIE_NAME
COOKIE_PREFIX=helerm
# This sets the path for both session cookie and CSRF cookie. Useful if
# helerm is served from a sub-path (ie. there is a prefix the path,
# like https://host.name/helerm). Note that this must include the
# leading '/'.
# Django setting: sets both CSRF_COOKIE_PATH and SESSION_COOKIE_PATH
# PATH_PREFIX=/helerm
# Django INTERNAL_IPS setting allows some debugging aids for the addresses
# specified here
# DJango setting: INTERNAL_IPS https://docs.djangoproject.com/en/3.0/ref/settings/#internal-ips
INTERNAL_IPS=127.0.0.1
# Specifies a header that is trusted to indicate that the request was using
# https while traversing over the Internet at large. This is used when
# a proxy terminates the TLS connection and forwards the request over
# a secure network. Specified using a tuple.
# Django setting: SECURE_PROXY_SSL_HEADER https://docs.djangoproject.com/en/3.0/ref/settings/#secure-proxy-ssl-header
# SECURE_PROXY_SSL_HEADER=('HTTP_X_FORWARDED_PROTO', 'https')
# Media root is the place in file system where Django and, by extension
# HelERM stores "uploaded" files. This means any and all files
# that are inputted through API and generated by JHS191 exporter
# Django setting: MEDIA_ROOT https://docs.djangoproject.com/en/3.0/ref/settings/#media-root
# MEDIA_ROOT=/home/helerm/media
# Static root is the place where HelERM will install any static
# files that need to be served to clients. For HelERM this is mostly
# JS and CSS for the API exploration interface + admin
# Django setting: STATIC_ROOT
# STATIC_ROOT=/home/helerm/static
# Media URL is address (URL) where users can access files in MEDIA_ROOT
# through http. Ie. where your uploaded files are publicly accessible.
# In the simple case this is a relative URL to same server as API
# Django setting: MEDIA_URL https://docs.djangoproject.com/en/3.0/ref/settings/#media-url
# MEDIA_URL=/media/
# Static URL is address (URL) where users can access files in STATIC_ROOT
# through http. Same factors apply as to MEDIA_URL
# Django setting: STATIC_URL https://docs.djangoproject.com/en/3.0/ref/settings/#static-url
# STATIC_URL=/static/
# Specifies that Django is to use `X-Forwarded-Host` as it would normally
# use the `Host`-header. This is necessary when `Host`-header is used for
# routing the requests in a network of reverse proxies. `X-Forwarded-Host`
# is then used to carry the Host-header value supplied by the origin client.
# This affects how ALLOWED_HOSTS behaves, as well.
# Django setting: https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-host
# TRUST_X_FORWARDED_HOST=False
# Sentry is an error tracking sentry (sentry.io) that can be self hosted
# or purchased as PaaS. SENTRY_DSN setting specifies the URL where reports
# for this HelERM instance should be sent. You can find this in
# your Sentry interface (or through its API)
# SENTRY_DSN=http://your.sentry.here/fsdafads/13
# Sentry environment is an optional tag that can be included in sentry
# reports. It is used to separate deployments within Sentry UI
SENTRY_ENVIRONMENT=local-development-unconfigured
# Host for ElasticSearch connection.
# ELASTICSEARCH_HOST=helerm_elasticsearch:9200
# ElasticSearch credentials. Authentication will be used when both of these are set.
# ELASTICSEARCH_USERNAME=my_user
# ELASTICSEARCH_PASSWORD=my_password
# Which analyzer will be used by elasticsearch. Default is to check if raudikko
# plugin is available and use standard as a fallback. Probing can be skipped by setting
# a specific analyzer.
# Possible values are: probe, raudikko, standard
# ELASTICSEARCH_ANALYZER_MODE = "probe"
# Helsinki user management library (django-helusers) related OIDC settings.
SOCIAL_AUTH_TUNNISTAMO_KEY=https://i/am/clientid/in/url/style
SOCIAL_AUTH_TUNNISTAMO_SECRET=iamyoursecret
SOCIAL_AUTH_TUNNISTAMO_OIDC_ENDPOINT=https://api.hel.fi/sso/openid
OIDC_API_TOKEN_AUTH_AUDIENCE=https://api.hel.fi/auth/projects
OIDC_API_TOKEN_AUTH_ISSUER=https://api.hel.fi/sso