Configuring Version 5+
The following environment variables can be set to configure the Coral Server. You
can expose them in your shell via export NODE_ENV=development
or by placing
the variables in a .env
file in the root of the project in a simple
NODE_ENV=development
format delimited by newlines.
Required Configuration Variables
PORT
The port to listen for HTTP and Websocket requests. (Default 3000
)
MONGODB_URI
The MongoDB database URI to connect to. (Default mongodb://127.0.0.1:27017/coral
)
REDIS_URI
The Redis database URI to connect to. (Default redis://127.0.0.1:6379
)
SIGNING_SECRET
The shared secret to use to sign JSON Web Tokens (JWT) with the selected signing
algorithm. (Default: keyboard cat
)
Note: While there is a default for this so development can be simplified, Coral
will throw a runtime error in the event it’s started with NODE_ENV=production
and the SIGNING_SECRET="keyboard cat"
to prevent insecure installations. This
must be set in production to something long and secure. You can use openssl
to help with that:
openssl rand -base64 45
Advanced Configuration Variables
NODE_ENV
Can be one of production
or development
. All production deployments should
use production
. Defaults to production
when ran with npm run start
, or
with Docker deployments. Defaults to development
when run with
npm run start:development
.
REDIS_OPTIONS
A JSON string with optional configuration options to be used when connecting to
Redis as specified in the ioredis documentation. (Default: {}
)
SIGNING_ALGORITHM
The signing algorithm to use for signing tokens. (Default HS256
).
Supported algorithms are:
HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
LOCALE
Specify the default locale to use for all requests without a locale specified. (Default en-US
)
LOGGING_LEVEL
The logging level that can be set to one of fatal
,
error
, warn
, info
, debug
, or trace
. (Default info
)
FORCE_SSL
Forces SSL in production by redirecting all HTTP requests to HTTPS, and sending
HSTS headers. (Default false
)
Coral does not provide or manage HTTPS certificates. If you want to enable HTTPS, you must configure a proxy in front of Coral such as Caddy.
Troubleshooting: If you are seeing redirect loops when trying to access
pages like the admin, you may need to configure TRUST_PROXY
to
tell Coral which upstream proxies to trust.
Warning: When FORCE_SSL=true
, Coral will send HSTS
headers that will force web browsers to connect via HTTPS for the next 60 days.
By forcing SSL use you’ll need to provide a secure connection to your Coral
instance for at least the next 60 days.
DISABLE_LIVE_UPDATES
When true
, the comment stream will not create a websocket connection to get
live comment updates. This applies across all tenants on the installation, and
cannot be turned back on via the interface. (Default false
)
DISABLE_LIVE_UPDATES_TIMEOUT
Stories that have not received a comment within this time frame will pause live
updates automatically. Once a single comment is received on these stories, live
updates will be re-enabled until the story sits idle for the timeout value,
parsed by ms. (Default 2 weeks
)
DISABLE_TENANT_CACHING
When true
, all tenants will be loaded from the database when needed rather than keeping a in-memory copy in sync via published events on Redis. (Default false
)
ENABLE_GRAPHIQL
When true
, it will enable the interactive GraphQL developer environment at the
/graphiql
route. This will also disable persisted (Default false
)
Note: We do not recommend using this in production environments as it disables many safety features used by the application to provide it.
METRICS_USERNAME
The username for Basic Authentication at the /metrics
route. If not
provided with METRICS_PASSWORD
, no authentication will be added to this route.
METRICS_PASSWORD
The password for Basic Authentication at the /metrics
route. If not
provided with METRICS_USERNAME
, no authentication will be added to this route.
METRICS_PORT
Prometheus metrics are
provided at this port under /metrics
route. (Default 9000
)
SCRAPE_TIMEOUT
The request timeout for scraping operations, parsed by ms.
(Default 10 seconds
)
SCRAPE_MAX_RESPONSE_SIZE
The maximum size (in bytes) to allow for scraping responses. (Default 10e6
)
STATIC_URI
The URI that static assets can be accessed from. This URI can be to a proxy that
uses this Coral server on PORT
as the upstream. Disabled by default.
TRUST_PROXY
When provided, it configures the “trust proxy” settings for Express. If you are
encountering issues where urls in the administration are showing with a http
instead of https
, you may need to set the TRUST_PROXY
setting. Refer to
https://expressjs.com/en/guide/behind-proxies.html for possible values of this
configuration variable as it pertains to your setup.
WEBSOCKET_KEEP_ALIVE_TIMEOUT
The interval that should be used to send keep alive messages over websocket to
keep the socket open, parsed by ms.
(Default 30s
)
WORD_LIST_TIMEOUT
The length of time that a given request to test a comment against a given word
list, parsed by ms. (Default 100ms
)
PERSPECTIVE_TIMEOUT
The length of time that a given request should wait for a response when
interacting with the Perspective API, parsed by ms.
(Default 800ms
)
Development Configuration Variables
The following configuration variables are only enabled when the server has been
started in development mode (where NODE_ENV=development
).
DEV_PORT
The port where the Webpack Development server is running on. (Default 8080
)
DISABLE_CLIENT_ROUTES
Disables mounting of client routes for developing with Webpack Dev Server.
(Default false
)
DISABLE_RATE_LIMITERS
Used to disable the rate limiters used in Coral. (Default false
)