This repository has been archived by the owner on Jan 28, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
.env.template
178 lines (141 loc) · 6.23 KB
/
.env.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
###########################################################
### STANDARD ENV VARIABLES ################################
###########################################################
# Set to "production" for live system
NODE_ENV="development"
# NOTE: Needs to be set to "0.0.0.0" if using Docker.
# Defaults to resolving to "localhost" if not set
HOST=
# Expects number.
# Defaults to using port 3000 if not set
PORT=
### CORS ##################################################
# Set "Access-Control-Allow-Origin" response header.
# Origin can be comma-delimited string, string, or boolean;
# if set to boolean true then reflect request origin
# (NOTE: this is NOT recommended for production as it enables reflection exploits).
# Defaults to false and disables CORS if not set
CORS_ORIGIN=
# Set "Access-Control-Allow-Headers" response header.
# Expects comma-delimited string i.e. "Content-Type, Authorization".
# Defaults to reflecting the headers specified in the
# request's "Access-Control-Request-Headers" header
CORS_ALLOWED_HEADERS="Accept, Accept-Encoding, Accept-Language, Authorization, Content-Type, Origin, X-Forwarded-For, X-Requested-With"
# Set "Access-Control-Allow-Credentials" response header.
# Expects true or to be unset
CORS_ALLOW_CREDENTIALS=
# Set "Access-Control-Expose-Headers" response header.
# Expects comma-delimited string i.e. "Content-Range, X-Content-Range" or to be unset
CORS_EXPOSED_HEADERS=
# Set "Access-Control-Max-Age" response header.
# Expects integer or to be unset
CORS_MAX_AGE=
### DOCKER ################################################
# The max amount of processing time the Docker container
# can use of CPU.
# As an example, setting to 0.98 represents 98% of CPU
# processing time of a single core.
# Defaults to 0 (use all available processing time)
DOCKER_APP_CPUS=
# The max amount of memory the Docker container can use.
# As an example, "50M".
# Defaults to 0 (use all available memory)
DOCKER_APP_MEMORY=
# Refer to https://docs.docker.com/compose/compose-file/compose-file-v3/#restart
# for options.
# Defaults to "unless-stopped"
DOCKER_RESTART_POLICY=
### HTTPS #################################################
# Will use PFX file/passphrase over SSL cert/key if both specified.
# Defaults to serving over HTTP if not set
HTTPS_PFX_PASSPHRASE=
HTTPS_PFX_FILE_PATH=
HTTPS_SSL_CERT_PATH=
HTTPS_SSL_KEY_PATH=
# Enable HTTP/2 support with HTTP/1.x fallback.
# Requires cert/key supporting TLS 1.2 or above.
# Expects true or to be unset
HTTPS_HTTP2_ENABLED=
### LOGGER ################################################
# Level can be "trace", "debug", "info", "warn", "error", or "fatal".
# Defaults to "info"
LOG_LEVEL=
# See https://github.com/rogerc/file-stream-rotator#options for
# date format options.
# Requires LOG_ROTATION_FILENAME to be set.
# Defaults to "YYYY-MM-DD"
LOG_ROTATION_DATE_FORMAT=
# Filename including full path used by the stream, example:
# "./logs/yh-fhir-authentication-service-%DATE%.log"
# Defaults to STDOUT.
# Ignored if deployed with Docker Compose, as Docker's
# daemon handles logging and rotations
LOG_ROTATION_FILENAME=
# Frequency can be "daily", "date", "[1-12]h" or "[1-30]m".
# Defaults to "daily".
# Set to "date" if you want to rotate based on LOG_ROTATION_DATE_FORMAT.
# Requires LOG_ROTATION_FILENAME to be set.
# Ignored if deployed with Docker Compose.
# Defaults to "daily"
LOG_ROTATION_FREQUENCY=
# Max number of logs to keep. If not set, it will not remove past logs.
# Requires LOG_ROTATION_FILENAME to be set.
# If using days, add "d" as the suffix.
# Defaults to "10" if deployed with Docker Compose
LOG_ROTATION_MAX_LOGS=
# Max size of the file after which it will rotate.
# It can be combined with frequency or date format.
# The size units are "k", "m" and "g".
# Units need to directly follow a number e.g. 1g, 100m, 20k.
# Requires LOG_ROTATION_FILENAME to be set.
# Defaults to "100m" if deployed with Docker Compose
LOG_ROTATION_MAX_SIZE=
### PROCESS LOAD HANDLING #################################
# If one of the below thresholds is reached then the server
# will return a 503 response until the load has been relieved
# The max event loop delay in milliseconds.
# Defaults to 0 (disabled)
PROC_LOAD_MAX_EVENT_LOOP_DELAY=
# The max Event Loop Utilization (ELU).
# As an example, setting to 0.98 represents 98%.
# Defaults to 0 (disabled)
PROC_LOAD_MAX_EVENT_LOOP_UTILIZATION=
# The max heap size in bytes.
# Defaults to 0 (disabled)
PROC_LOAD_MAX_HEAP_USED_BYTES=
# The max Resident Set Size (RSS) in bytes.
# Defaults to 0 (disabled)
PROC_LOAD_MAX_RSS_BYTES=
### RATE LIMITING #########################################
# List of IPs that are excluded from rate limiting
RATE_LIMIT_EXCLUDED_ARRAY=
# Maximum number of connections per minute per client.
# Defaults to 1000
RATE_LIMIT_MAX_CONNECTIONS_PER_MIN=
###########################################################
### PROJECT SPECIFIC ENV VARIABLES ########################
###########################################################
# URL and port the Mirth Connect FHIR/HTTP Listener channel is listening on
FORWARD_URL=
### API KEYS ##############################################
# Example: [{"service": "test", "value": "testtoken"}]
# "value" is the only mandatory value in each object in array.
# Leaving empty will disable bearer token auth
AUTH_BEARER_TOKEN_ARRAY=
### JWKS JWT VALIDATION ###################################
# Example: [{"issuerDomain": "", "allowedAudiences": "ydh", "allowedAlgorithms": ["RS256"], "maxAge": 90000}]
#
# Object values:
# issuerDomain: String - Required, URI of accepted principal that issued JWT, treated as the OpenID Issuer,
# and the jwks_uri will be retrieved from the domain at "/.well-known/openid-configuration"
#
# allowedAudiences: String or array of strings containing allowed values for the audience claim - Defaults to allow all audiences if unset or empty
#
# allowedAlgorithms: Array of strings of allowed algorithms - Defaults to allow all algorithms if unset or empty
#
# allowedSubjects: String or array of strings containing allowed values for the subject claim - Defaults to allow all subjects if unset or empty
#
# maxAge: Number specifying the maximum allowed age (in milliseconds) for tokens to still be valid - Defaults to no max age if unset or empty
#
# Leaving empty will disable JWT auth
JWT_JWKS_ARRAY=