Configuration

When using the official release image, Backend configuration can be achieved by setting the environmental variables listed below through an orchestration/containerization system, the .env file or with a suitable method compatible with your environment.

The current source code contains an example .env file, named .env.sample listing all the environment variable available to configure the backend.

If you are compiling the application from source, you can edit the file serc/config/configuration.ts with the correct values for your infrastructure. This option is still undocumented, although it is our intention to provide a detailed how-to guide as soon as we can.

Environment Variables

This is complete the list of environment variable that can be used to configure SciCat backend. The list is compiled according to the configuration class defined in src/config/configuration.ts

ADMIN_GROUPS:

list of groups that have admin priviliges

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
DELETE_GROUPS:

list of groups that are allowed to delete content

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
CREATE_DATASET_GROUPS:

list of non admin groups that are allowed to create datasets without pid. The pid is assigned by the system. If set to "all", all users can create a dataset belonging to any of the groups they belong to.

default: "#all"

format: comma separated list of strings. Leading and trailing spaces are trimmed
CREATE_DATASET_WITH_PID_GROUPS:

list of non admin groups that are allowed to create datasets with explicit pid. If set to "#all", all users can create a dataset belonging to any of the groups they belong to and with esplicit pid.

If the pid verification is enabled, pid will be validated agains the specification passed.

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
CREATE_DATASET_PRIVILEGED_GROUPS:

list of non admin groups that are allowed to create datasets for groups they do not belong to. If set to "#all", all users can create a dataset belonging to any group with explicit pid.

If the pid verification is enabled, pid will be validated agains the specification passed.

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
PROPOSAL_GROUPS:

list of non admin groups that are allowed to create and update proposals for groups they do not belong to. If set to "#all", all users can create a dataset belonging to any group with explicit pid.

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
SAMPLE_GROUPS:

list of non admin groups that are allowed to create and update samples for the groups they belong to. If set to "#all", all users can create a dataset belonging to their group.

default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed
SAMPLE_PRIVILEGED_GROUPS:

list of non admin groups that are allowed to create samples for any groups, but can only update samples belonging to groups they belong to. default: ""

format: comma separated list of strings. Leading and trailing spaces are trimmed

ACCESS_GROUPS_STATIC_VALUES:

List of groups assigned by default to all users. Used in the vanilla implementation for easy configuration.

If you do not want or need to assign any default group, it should be set to empty string "".

Default value: ""

format: Comman separated list of strings. Leading and trailing spaces are trimmed

example: "group1,group2,group3,..."
ACCESS_GROUP_SERVICE_TOKEN: Access token needed to access the API specified in ACCESS_GROUP_SERVICE_API_URL, used to retrieve access groups from a third party system.

_format*: string
ACCESS_GROUP_SERVICE_API_URL:

Well formed url of the service API used to provide access groups. Only one value is allowed.

format: string

example: "https://my.access.group/service/api/url"
DOIPREFIX:

The facility DOI prefix, with trailing slash.

_default: ""

format: string
EXPRESS_SESSION_SECRET:

Secret used to set up express session.

default: ""

format: string
LOGOUT_URL:

URL specified upon successful logout. It is returned in the json object for the frontend, or third party UI, to be used locally.

default: ""

format: string
HTTP_MAX_REDIRECTS:

Max number of redirects for http requests.

default: 5

format: integer
HTTP_TIMEOUT:

Timeout from http requests in ms.

default: 5000

format: integer
JWTSECRET:

The secret used to create any JWT token, used for authorization.

_default: ""

format: string
JWT_EXPIRES_IN:

Expiration time of any JWT token in seconds.

default: 3600 (s)

format: integer
JWT_NEVER_EXPIRES:

Length of time that the never expiring jwt token will last.

default: 100y

format: string as in number of years
LDAP_URL:

Full URI (including port) of your local LDAP server, if this is your selected authentication method.

default: No default

example: ldaps://ldap.server.com:636/

format: string
LDAP_BIND_DN:

Bind DN to access information on your LDAP server.

default: No default

format: string
LDAP_BIND_CREDENTIALS:

Credentials associated with your bind DN to acccess your LDAP server.

default: No default

format: string
LDAP_SEARCH_BASE:

Search base for your LDAP server.

default: No default

format: string
LDAP_SEARCH_FILTER:

Search filter for you LDAP server.

default: No default

format: string

example: "(LDAPUsername=)"
LDAP_MODE:

type of ldap server we are communicating with

NEEDS TO BE UPDATED. Not sure which other values are accepted

default: ad

format: string

acceptable values: ad
LDAP_EXTERNAL_ID:

LDAP matching field that provides the external id

default: sAMAccountName

format: string
LDAP_USERNAME:

LDAP field providing the username

default: displayName

format: string
OIDC_ISSUER:

Full URL of your OIDC identity provider

default: No default

format: string

example: "https://identity.your.facility/your/realm"
OIDC_CLIENT_ID:

Client id used to convert OIDC code to OIDC token. This is assigned in the OIDC service when the token is generated

default: No default

format: string

example: "scicat"
OIDC_CLIENT_SECRET:

Token used to convert OIDC code to OIDC token. This is assigned in the OIDC service when the token is generated

example: "90f1268..."
OIDC_CALLBACK_URL:

URL of the endpoint that is called when the authentication has been executed with the OIDC service.

default: No default

format: string

example: "http://localhost:3000/api/v3/oidc/callback"
OIDC_SCOPE:

Information returned by the OIDC service together with token

default: No default

format: string

example: "openid profile email"
OIDC_SUCCESS_URL:

Frontend URL that the user is directed to after a successful authentication. It must be a valid frontend URL.

default: No default

format: string

example: "http://localhost:3000/Datasets"
OIDC_ACCESS_GROUPS:

field used to retrieve access groups from the OIDC service. It is not used in the vanilla implementation.

default: No default

format: string

example: "access_groups"
OIDC_ACCESS_GROUPS_PROPERTY:

name of the OIDC property used to retrieve the users groups from OIDC.

default: none

format: string
OIDC_AUTO_LOGOUT:

if enabled, when login out from SciCat, we logout from OIDC also.

default: false

format: boolean
OIDC_RETURN_URL:

URL the user is redirected after a successful logout

default: none

format: string
LOGBOOK_ENABLED:

Flag to enable/disable the Logbook endpoints.

accept values: "yes", "no"

default: no

format: string
LOGBOOK_BASE_URL:

The base URL to the SciChat wrapper API. Only required if Logbook is enabled.

default: "http://localhost:3030/scichatapi"

format: string
LOGBOOK_USERNAME:

The username used to authenticate to the SciChat wrapper API. Only required if Logbook is enabled.

default: No default

format: string
LOGBOOK_PASSWORD:

The password used to authenticate to the SciChat wrapper API. Only required if Logbook is enabled.

default: No default

format: string
METADATA_KEYS_RETURN_LIMIT:

The maximum number of keys returned by the /Datasets/metadataKeys endpoint.

default: No default

format: integer
METADATA_PARENT_INSTANCES_RETURN_LIMIT:

The maximum number of Datasets used to extract metadata keys in the /Datasets/metadataKeys endpoint.

default: No default

format: integer
MONGODB_URI:

The URI for your MongoDB instance.

default: No default

format: string "mongodb://:<PASSWORD>@:27017/"
OAI_PROVIDER_ROUTE:

URI to OAI provider, which is used in the /publisheddata/:id/resync endpoint.

default: no default

format: string
PID_PREFIX:

The facility PID prefix, with trailing slash.

default: no default

format: string
PUBLIC_URL_PREFIX:

The base URL to the facility Landing Page.

default: No default

format: string

example: "https://doi.ess.eu/detail/"
PORT:

The port on which the backend listen on.

default: 3000

format: integer
RABBITMQ_ENABLED:

Flag to enable/disable RabbitMQ consumer.

accepted values: "yes", "no"

deprecated. Will be removed in future releases.

default: no

format: string
RABBITMQ_HOSTNAME:

The hostname of the RabbitMQ message broker. Only required if RabbitMQ is enabled.

deprecated. Will be removed in future releases.

default: no default

default: string
RABBITMQ_USERNAME:

The username used to authenticate to the RabbitMQ message broker. Only required if RabbitMQ is enabled.

deprecated. Will be removed in future releases.

default: no default

format: string
RABBITMQ_PASSWORD:

The password used to authenticate to the RabbitMQ message broker. Only required if RabbitMQ is enabled.

deprecated. Will be removed in future releases.

default: no default

format: string
REGISTER_DOI_URI:

URI to the organization that registers the facilities DOIs.

default: no default

format: string

example: "https://mds.test.datacite.org/doi"
REGISTER_METADATA_URI:

URI to the organization that registers the facilities published data metadata.

default: no default

format: string

example: ="https://mds.test.datacite.org/metadata"
DOI_USERNAME: Username used to authenticate on the DOI site

default: no default

format: string
DOI_PASSWORD:

Password used to authenticate on the DOI site

default: no default

format: string
SITE:

The name of your site.

default: no default

format: string
SMTP_HOST:

Host of SMTP server.

deprecated. Will be removed in future releases.

default: no default

format: string
SMTP_MESSAGE_FROM:

Email address that emails should be sent from.

deprecated. Will be removed in future releases.

default: no default

format: string, email
SMTP_PORT:

Port of SMTP server.

deprecated. Will be removed in future releases.

default: no default

format: string
SMTP_SECURE:

Secure of SMTP server.

deprecated. Will be removed in future releases.

default: no default

format: string
POLICY_PUBLICATION_SHIFT:

Number of years that needs to elapse before the dataset is made publicly acceessible

default: 3

format: integer
POLICY_RETENTION_SHIFT:

Number of years that the datasets are kept online before are archived or deleted. A negative value means that they are never archived/deleted

default: -1

format: integer
ELASTICSEARCH_ENABLED:

Flag to enable/disable the ElasticSearch service

accept values: "yes", "no"

default: no default

format: string
ES_HOST:

The base URL to the Elasticsearch cluster. Use http if xpack.security is disabled

default: no default

format: string

example: "https://localhost:9200" or "http://localhost:9200"
MONGODB_COLLECTION:

Collection name to be mapped into specified Elasticsearch index

default: no default

format: string
ES_MAX_RESULT:

Maximum records can be indexed into Elasticsearch.

default: 10000

format: number
ES_FIELDS_LIMIT:

The total number of fields in an index.

default: 1000

format: number
ES_INDEX:

The total number of fields in an index.

default: no default

format: string
ES_REFRESH:

The total number of fields in an index.

accept values: true, false, "waitfor"

_default: false

format: boolean or string
ES_USERNAME:

Elasticsearch cluster username.

default: no default, optional.

format: string
ELASTIC_PASSWORD:

Elasticsearch cluster password.

default: no default.

format: string

Backend

Configuration

Environment Variables

results matching ""

No results matching ""