Configuration

When using the official release image, Backend configuration can be achieved by setting the environmental variables listed below through an orchestration/containerization system, the .env file, or with a suitable method compatible with your environment. The current source code contains an example .env file, named .env.example, listing all the environment variable available to configure the backend.

If you are compiling the application from source, you can edit the file src/config/configuration.ts with the correct values for your infrastructure. This option is still undocumented, although it is our intention to provide a detailed how-to guide as soon as we can.

Environment Variables

This is the complete list of environment variable that can be used to configure SciCat backend. The list is compiled according to the configuration class defined in src/config/configuration.ts

  • ADMIN_GROUPS: list of groups that have admin priviliges default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • DELETE_GROUPS: list of groups that are allowed to delete content default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • CREATE_DATASET_GROUPS: list of non admin groups that are allowed to create datasets without pid. The pid is assigned by the system. If set to "all", all users can create a dataset belonging to any of the groups they belong to. default: "#all" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • CREATE_DATASET_WITH_PID_GROUPS: list of non admin groups that are allowed to create datasets with explicit pid. If set to "#all", all users can create a dataset belonging to any of the groups they belong to and with esplicit pid. If the pid verification is enabled, pid will be validated agains the specification passed. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • CREATE_DATASET_PRIVILEGED_GROUPS: list of non admin groups that are allowed to create datasets for groups they do not belong to. If set to "#all", all users can create a dataset belonging to any group with explicit pid. If the pid verification is enabled, pid will be validated agains the specification passed. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • PROPOSAL_GROUPS: list of non admin groups that are allowed to create and update proposals for groups they do not belong to. If set to "#all", all users can create a dataset belonging to any group with explicit pid. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • SAMPLE_GROUPS: list of non admin groups that are allowed to create and update samples for the groups they belong to. If set to "#all", all users can create a dataset belonging to their group. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • SAMPLE_PRIVILEGED_GROUPS: list of non admin groups that are allowed to create samples for any groups, but can only update samples belonging to groups they belong to. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed

  • CREATE_JOB_GROUPS: list of non admin groups that are allowed to create jobs for groups they do not belong to. If set to "#all", all users can create a job belonging to any group. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed example: "group1,group2,group3,..."

  • UPDATE_JOB_GROUPS: list of non admin groups that are allowed to update jobs for groups they do not belong to. If set to "#all", all users can update a job belonging to any group. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed example: "group1,group2,group3,..."

  • DELETE_JOB_GROUPS: list of non admin groups that are allowed to delete jobs for groups they do not belong to. If set to "#all", all users can delete a job belonging to any group. default: "" format: comma separated list of strings. Leading and trailing spaces are trimmed example: "group1,group2,group3,..."

  • ACCESS_GROUPS_STATIC_VALUES: List of groups assigned by default to all users. Used in the vanilla implementation for easy configuration. If you do not want or need to assign any default group, it should be set to empty string "". default: "" format: Comman separated list of strings. Leading and trailing spaces are trimmed example: "group1,group2,group3,..."

  • ACCESS_GROUP_SERVICE_TOKEN: Access token needed to access the API specified in ACCESS_GROUP_SERVICE_API_URL, used to retrieve access groups from a third party system. format: string

  • ACCESS_GROUP_SERVICE_API_URL: Well formed url of the service API used to provide access groups. Only one value is allowed. format: string example: "https://my.access.group/service/api/url"

  • DOIPREFIX: The facility DOI prefix, with trailing slash. _default: "" format: string

  • EXPRESS_SESSION_SECRET: Secret used to set up express session. default: "" format: string

  • LOGOUT_URL: URL specified upon successful logout. It is returned in the json object for the frontend, or third party UI, to be used locally. default: "" format: string

  • HTTP_MAX_REDIRECTS: Max number of redirects for http requests. default: 5 format: integer

  • HTTP_TIMEOUT: Timeout from http requests in ms. default: 5000 format: integer

  • JWTSECRET: The secret used to create any JWT token, used for authorization. _default: "" format: string

  • JWT_EXPIRES_IN: Expiration time of any JWT token in seconds. default: 3600 (s) format: integer

  • JWT_NEVER_EXPIRES: Length of time that the never expiring jwt token will last. default: 100y format: string as in number of years

  • LDAP_URL: Full URI (including port) of your local LDAP server, if this is your selected authentication method. default: No default example: ldaps://ldap.server.com:636/ format: string

  • LDAP_BIND_DN: Bind DN to access information on your LDAP server. default: No default format: string

  • LDAP_BIND_CREDENTIALS: Credentials associated with your bind DN to acccess your LDAP server. default: No default format: string

  • LDAP_SEARCH_BASE: Search base for your LDAP server. default: No default format: string

  • LDAP_SEARCH_FILTER: Search filter for you LDAP server. default: No default format: string example: "(LDAPUsername=)"

  • LDAP_MODE: type of ldap server we are communicating with. (NEEDS TO BE UPDATED. Not sure which other values are accepted) default: ad format: string acceptable values: ad

  • LDAP_EXTERNAL_ID: LDAP matching field that provides the external id default: sAMAccountName format: string

  • LDAP_USERNAME: LDAP field providing the username default: displayName format: string

  • OIDC_ISSUER: Full URL of your OIDC identity provider default: No default format: string example: "https://identity.your.facility/your/realm"

  • OIDC_CLIENT_ID: Client id used to convert OIDC code to OIDC token. This is assigned in the OIDC service when the token is generated default: No default format: string example: "scicat"

  • OIDC_CLIENT_SECRET: Token used to convert OIDC code to OIDC token. This is assigned in the OIDC service when the token is generated example: "90f1268..."

  • OIDC_CALLBACK_URL: URL of the endpoint that is called when the authentication has been executed with the OIDC service. default: No default format: string example: "http://localhost:3000/api/v3/oidc/callback"

  • OIDC_SCOPE: Information returned by the OIDC service together with token default: No default format: string example: "openid profile email"

  • OIDC_SUCCESS_URL: Frontend URL that the user is directed to after a successful authentication. It must be a valid frontend URL. default: No default format: string example: "http://localhost:3000/Datasets"

  • OIDC_ACCESS_GROUPS: field used to retrieve access groups from the OIDC service. It is not used in the vanilla implementation. default: No default format: string example: "access_groups"

  • OIDC_ACCESS_GROUPS_PROPERTY: name of the OIDC property used to retrieve the users groups from OIDC. default: none format: string

  • OIDC_AUTO_LOGOUT: if enabled, when login out from SciCat, we logout from OIDC also. default: false format: boolean

  • OIDC_RETURN_URL: URL the user is redirected after a successful logout default: none format: string

  • LOGBOOK_ENABLED: Flag to enable/disable the Logbook endpoints. accept values: "yes", "no" default: no format: string

  • LOGBOOK_BASE_URL: The base URL to the SciChat wrapper API. Only required if Logbook is enabled. default: "http://localhost:3030/scichatapi" format: string

  • LOGBOOK_USERNAME: The username used to authenticate to the SciChat wrapper API. Only required if Logbook is enabled. default: No default format: string

  • LOGBOOK_PASSWORD: The password used to authenticate to the SciChat wrapper API. Only required if Logbook is enabled. default: No default format: string

  • METADATA_KEYS_RETURN_LIMIT: The maximum number of keys returned by the /Datasets/metadataKeys endpoint. default: No default format: integer

  • METADATA_PARENT_INSTANCES_RETURN_LIMIT: The maximum number of Datasets used to extract metadata keys in the /Datasets/metadataKeys endpoint. default: No default format: integer

  • MONGODB_URI: The URI for your MongoDB instance. default: No default format: string "mongodb://:<PASSWORD>@:27017/"

  • OAI_PROVIDER_ROUTE: URI to OAI provider, which is used in the /publisheddata/:id/resync endpoint. default: no default format: string

  • PID_PREFIX: The facility PID prefix, with trailing slash. default: no default format: string

  • PUBLIC_URL_PREFIX: The base URL to the facility Landing Page. default: No default format: string example: "https://doi.ess.eu/detail/"

  • PORT: The port on which the backend listen on. default: 3000 format: integer

  • RABBITMQ_ENABLED: Flag to enable/disable RabbitMQ consumer. Accepted values: "yes", "no" default: no format: string

  • RABBITMQ_HOSTNAME: The hostname of the RabbitMQ message broker. Only required if RabbitMQ is enabled. default: no default default: string

  • RABBITMQ_PORT: The port of the RabbitMQ message broker. Only required if RabbitMQ is enabled. default: no default default: number

  • RABBITMQ_USERNAME: The username used to authenticate to the RabbitMQ message broker. Only required if RabbitMQ is enabled. default: no default format: string

  • RABBITMQ_PASSWORD: The password used to authenticate to the RabbitMQ message broker. Only required if RabbitMQ is enabled. default: no default format: string

  • REGISTER_DOI_URI: URI to the organization that registers the facilities DOIs. default: no default format: string example: "https://mds.test.datacite.org/doi"

  • REGISTER_METADATA_URI: URI to the organization that registers the facilities published data metadata. default: no default format: string example: ="https://mds.test.datacite.org/metadata"

  • DOI_USERNAME: Username used to authenticate on the DOI site default: no default format: string

  • DOI_PASSWORD: Password used to authenticate on the DOI site default: no default format: string

  • SITE: The name of your site. default: no default format: string

  • EMAIL_TYPE: The type of your email provider. Values "smtp" or "ms365". default: smtp format: string

  • EMAIL_FROM: Email address that emails should be sent from. default: no default format: string

  • SMTP_HOST: Host of SMTP server. default: no default format: string

  • SMTP_PORT: Port of SMTP server. default: 587 format: number

  • SMTP_SECURE: Use encrypted SMTPS. default: no format: string

  • MS365_TENANT_ID: Tenant ID for sending emails over Microsoft Graph API. default: no default format: string

  • MS365_CLIENT_ID: Client ID for sending emails over Microsoft Graph API. default: no default format: string

  • MS365_CLIENT_SECRET: Client Secret for sending emails over Microsoft Graph API. default: no default format: string

  • POLICY_PUBLICATION_SHIFT: Number of years that needs to elapse before the dataset is made publicly acceessible default: 3 format: integer

  • POLICY_RETENTION_SHIFT: Number of years that the datasets are kept online before are archived or deleted. A negative value means that they are never archived/deleted default: -1 format: integer

  • ELASTICSEARCH_ENABLED: Flag to enable/disable the ElasticSearch service accept values: "yes", "no" default: no default format: string

  • ES_HOST: The base URL to the Elasticsearch cluster. Use http if xpack.security is disabled default: no default format: string example: "https://localhost:9200" or "http://localhost:9200"

  • MONGODB_COLLECTION: Collection name to be mapped into specified Elasticsearch index default: no default format: string

  • ES_MAX_RESULT: Maximum records can be indexed into Elasticsearch. default: 10000 format: number

  • ES_FIELDS_LIMIT: The total number of fields in an index. default: 1000 format: number

  • ES_INDEX: The total number of fields in an index. default: no default format: string

  • ES_REFRESH: The total number of fields in an index. accept values: true, false, "waitfor" _default: false format: boolean or string

  • ES_USERNAME: Elasticsearch cluster username. default: no default, optional. format: string

  • ELASTIC_PASSWORD: Elasticsearch cluster password. default: no default. format: string

  • JOB_CONFIGURATION_FILE: Configuration file for job actions. If omitted, the jobs subsystem is inactive. default: "jobConfig.yaml", optional. format: string

results matching ""

    No results matching ""