Docker environment variables

This document describes all supported environment variables for Ontopic Suite Docker Compose deployments.

Quickstart

1. Copy the template: cp .env.template .env
2. Edit .env file with your desired values
3. Run: docker-compose up

Core Configuration

Port Configuration

Variable	Default	Description
LOCAL_PORT	8080	Port where the Ontopic Suite is bound on the host
VIRTUAL_PORT	8080	Port under which the Ontopic Suite is served internally
VIRTUAL_HOST	localhost	Hostname under which the Ontopic Suite is served

Service-Specific Configuration

Angular Frontend

Variable	Default	Description
ENDPOINT_ORIGIN	-	Custom endpoint origin
ONTOPIC_SERVER_DISABLE_TLS	false	Disable TLS for Ontopic server connections

Process Server

Variable	Default	Description
LICENSE_FILE	/run/secrets/user-license	Path to license file
JDBC_ROOT_DIR	./services/process-server/jdbc	JDBC drivers directory
USER_LICENSE_DIR	license	User license directory
STORE_SERVICE_HOST	store-server	Store service host
STORE_SERVICE_PORT	3000	Store service port
USER_LICENSE_FILE	-	User license file path
LICENSE_TYPE	ontopic	License type
ONTOPIC_PROCESS_SERVER_DEBUG	false	Enable debug mode for process server

Store Server

Variable	Default	Description
GITEA_MIRROR_PORT	8080	Port for Gitea mirror service (default to LOCAL_PORT)
ENABLE_SEMANTIC_SQL	true	Enable BI connector functionality
ENABLE_GIT_REPO	true	Enable Git repository features
ONTOPIC_SAMPLE_DB	true	Enable sample database
ONTOPIC_SAMPLE_DB_URL	-	Sample database URL
ONTOPIC_SAMPLE_DB_USERNAME	-	Sample database username
ONTOPIC_SAMPLE_DB_PASSWORD	-	Sample database password
ONTOPIC_SAMPLE_DB_DRIVER	-	Sample database driver
ONTOPIC_SAMPLE_DB_DATABASE	-	Sample database name
ONTOPIC_ENABLE_AUTHENTICATION	true	Enable authentication
ENABLE_MATERIALIZATION	-	Enable materialization features
DB_CLIENT	pg	Database client type
ENABLE_TRACKING	false	Enable tracking features
ENABLE_REPORTING	true	Enable reporting features

Database Configuration

Variable	Default	Description
DATABASE_HOST	-	Database host for store server
DATABASE_PORT	-	Database port for store server
DATABASE_NAME	-	Database name for store server
DATABASE_USER	-	Database user for store server
DATABASE_PASSWORD	-	Database password for store server
DATABASE_PASSWORD_FILE	-	File containing database password

Casbin Authorization Configuration

Variable	Default	Description
CASBIN_STORE_HOST	-	Casbin database host
CASBIN_STORE_PORT	-	Casbin database port
CASBIN_STORE_USER	-	Casbin database user
CASBIN_STORE_PASSWORD_FILE	-	File containing Casbin database password

Additional Store Server Configuration

Variable	Default	Description
AUTH_EXEMPT_PATHS	/git,/store-api,/process-api,/doc-sync,/metadata-manager,/api-ui	Paths exempt from authentication
WEBSOCKET_DOC_PORT	3001	WebSocket document synchronization port
WEBSOCKET_DOC_HOST	0.0.0.0	WebSocket document synchronization host
STORE_SERVICE_HOST	0.0.0.0	Store service host binding
STORE_SERVICE_PORT	3000	Store service port
MAX_CACHED_DOCS	100	Maximum number of cached project documents
TTL_DURATION_IN_MS	3600000	Time-to-live duration in milliseconds (1 hour) of cached project documents

Git Configuration

Variable	Default	Description
GIT_DEFAULT_BRANCH	main	Default Git branch name
GIT_AUTHOR_NAME	studio	Git author name
GIT_AUTHOR_EMAIL	studio@ontopic.ai	Git author email
GIT_REMOTE_HOST	-	Git remote host URL
GIT_ORG_NAME	ontopic-studio	Git organization name
GIT_HTTP_USER	studio	Git HTTP user
GIT_HTTP_PASSWORD_FILE	-	File containing Git HTTP password

Database Management Configuration

Variable	Default	Description
DB_RESET	false	Reset database on startup
DB_MIGRATE	true	Run database migrations
DB_SEED	false	Seed database with initial data

Service Discovery Configuration

Variable	Default	Description
GITEA_MANAGER_SERVICE_NAME	gitea-manager	Gitea manager service name
GITEA_MANAGER_SERVICE_PORT	8080	Gitea manager service port
IDENTITY_SERVICE_NAME	identity-service	Identity service name
IDENTITY_SERVICE_PORT	8080	Identity service port

Volume Configuration

Variable	Default	Description
STORE_SERVER_DOCS_DIR	docs	Store server documentation directory
STORE_SERVER_REPOS_DIR	repos	Store server repositories directory
STORE_SERVER_DB_DATA_DIR	store-db	Store server database data directory

Development Mode Configuration

Development-Specific Variables

Variable	Default	Description
VIRTUAL_PORT_DEV	8181	Development virtual port
ANGULAR_FRONTEND_DEV_NODE_MODULES_DIR	angular-frontend-dev-node_modules	Angular frontend dev node modules directory
STORE_SERVER_DEV_NODE_ENV	development	Store server development environment
STORE_SERVER_DEV_DOCS_DIR	store-server-dev-docs	Store server development docs directory
STORE_SERVER_DEV_REPOS_DIR	store-server-dev-repos	Store server development repos directory
STORE_SERVER_DEV_NODE_MODULES_DIR	store-server-dev-node_modules	Store server dev node modules directory
STORE_SERVER_DB_DEV_DATA_DIR	store-server-db-dev-data	Store server database development data directory
GIT_MIRROR_DEV_CONFIG_DIR	git-dev-config	Git mirror development config directory
GIT_MIRROR_DEV_DATA_DIR	git-dev-data	Git mirror development data directory
GIT_MIRROR_DB_DEV_DATA_DIR	git-mirror-db-dev	Git mirror database development data directory

Service Configuration

Nginx Service Configuration

Variable	Default	Description
ANGULAR_FRONTEND_SERVICE_HOST	angular-frontend	Angular frontend service host
ANGULAR_FRONTEND_SERVICE_PORT	4200	Angular frontend service port
IDENTITY_SERVICE_HOST	identity-service	Identity service host
IDENTITY_SERVICE_PORT	8080	Identity service port
PROCESS_SERVER_SERVICE_HOST	process-server	Process server service host
PROCESS_SERVER_SERVICE_PORT	8666	Process server service port
STORE_SERVER_SERVICE_HOST	store-server	Store server service host
STORE_SERVER_API_SERVICE_PORT	3000	Store server API service port
STORE_SERVER_DOC_SERVICE_PORT	3001	Store server document service port
ONTOP_ENDPOINT_SERVICE_HOST	ontopic-server	Ontop endpoint service host
ONTOP_ENDPOINT_SERVICE_PORT	8080	Ontop endpoint service port
GIT_MIRROR_SERVICE_HOST	git-mirror	Git mirror service host
GIT_MIRROR_SERVICE_PORT	80	Git mirror service port

Service Names Configuration (Windows Docker)

Variable	Default	Description
NGINX_PROXY_SERVICE_NAME	nginx	Nginx proxy service container name
ANGULAR_FRONTEND_SERVICE_NAME	angular-frontend	Angular frontend service container name
PROCESS_SERVER_SERVICE_NAME	process-server	Process server service container name
STORE_SERVER_SERVICE_NAME	store-server	Store server service container name

Caddy Configuration

Variable	Default	Description
CADDY_DATA_DIR	caddy-data	Caddy data directory

Gitea Manager

Variable	Default	Description
GITEA_MANAGER_VERBOSE	false	Enable verbose logging for Gitea manager
GITEA_MANAGER_DEBUG	-	Enable debug mode
GITEA_MANAGER_TIMEOUT_IDLE	-	Idle timeout
GITEA_MANAGER_TIMEOUT_READ	-	Read timeout
GITEA_MANAGER_TIMEOUT_WRITE	-	Write timeout
GITEA_MANAGER_REFRESH_INTERVAL	-	Refresh interval
GITEA_MANAGER_GITEA_HOST	-	Gitea host URL
GITEA_MANAGER_GITEA_ORGANIZATION	ontopic-studio	Gitea organization
GITEA_MANAGER_GITEA_TOKEN_FILE	-	File containing Gitea token
GITEA_MANAGER_PROJECT_ROOT	-	Project root URL
GITEA_MANAGER_POLICY_ROOT	-	Policy root URL
GITEA_MANAGER_IDENTITY_ROOT	-	Identity root URL

Git Mirror (Gitea)

Variable	Default	Description
GIT_MIRROR_SSH_PORT	2222	SSH port for Git mirror
GIT_MIRROR_CONFIG_DIR	git-config	Git mirror configuration directory
GIT_MIRROR_DATA_DIR	git-data	Git mirror data directory
GIT_MIRROR_DB_DATA_DIR	git-mirror-db	Git mirror database data directory

Gitea Service Configuration

Variable	Default	Description
GITEA_MIRROR_PORT	8080	Port for Gitea mirror service
APP_NAME	Ontopic Suite	Application name for Gitea
RUN_MODE	prod	Gitea run mode (prod/dev)
DEFAULT_BRANCH	main	Default Git branch
AUTHOR	Gitea - Git with a cup of tea	Gitea author information
DESCRIPTION	-	Gitea description
KEYWORDS	go,git,self-hosted,gitea	Gitea keywords
PROTOCOL	http	Protocol for Gitea (http/https)
HTTP_PORT	-	HTTP port for Gitea
HTTPS_PORT	443	HTTPS port for Gitea
DOMAIN	-	Domain for Gitea
SSH_PORT	-	SSH port for Gitea
DB_HOST	-	Database host for Gitea
DB_NAME	gitea	Database name for Gitea
DB_USER	gitea	Database user for Gitea
DB_PASSWD_FILE	-	File containing database password for Gitea
COOKIE_SECURE	false	Enable secure cookies
COOKIE_SAME_SITE	lax	Cookie same site policy
COOKIE_NAME	i_like_gitea	Cookie name
COOKIE_USERNAME	gitea_awesome	Cookie username
COOKIE_REMEMBER_NAME	gitea_incredible	Cookie remember name
REVERSE_PROXY_AUTHENTICATION_USER	X-User	Reverse proxy authentication user header
ADMIN_PASSWORD_FILE	-	File containing admin password
ADMIN_ACCESS_TOKEN_FILE	-	File containing admin access token

Ontopic Server

Variable	Default	Description
ONTOPIC_SERVER_WEB_API_PORT	8080	Ontopic server web API port
ONTOPIC_SERVER_POSTGRES_PORT	4300	Ontopic server PostgreSQL port
ONTOPIC_SERVER_CORS_ALLOWED_ORIGINS	-	CORS allowed origins
ONTOPIC_SERVER_LOG_LEVEL	INFO	Log level
ONTOPIC_SERVER_ENABLE_POSTGRES_WIRE_PROTOCOL	true	Enable PostgreSQL wire protocol
S3_BUCKET	-	S3 bucket name
S3_REGION	-	S3 region
MATERIALIZATION_CONFIGURATION_RELATIVE_DIR	materialization-configuration	Materialization configuration directory
MATERIALIZATION_RESULT_RELATIVE_DIR	materialization-result	Materialization result directory
ENDPOINT_DIR	materialization-endpoint	Endpoint directory
ENDPOINT_SECURITY_DIR	endpoint-security	Endpoint security directory
MATERIALIZATION_DB_DIR	materialization-db	Materialization database directory
MATERIALIZATION_CONFIGURATION_DIR	materialization-configuration	Materialization configuration directory
MATERIALIZATION_RESULT_DIR	materialization-result	Materialization result directory

Identity Service Configuration

Basic Settings

Variable	Default	Description
IDENTITY_SERVICE_DEBUG	false	Enable debug mode
IDENTITY_SERVICE_TIMEOUT_IDLE	-	Idle timeout
IDENTITY_SERVICE_TIMEOUT_READ	-	Read timeout
IDENTITY_SERVICE_TIMEOUT_WRITE	-	Write timeout

Authentication Providers

Variable	Default	Description
IDENTITY_SERVICE_PROVIDER_OAUTH2	-	OAuth2 provider
IDENTITY_SERVICE_PROVIDER_PASSWORD	password-file	Password provider
IDENTITY_SERVICE_AUDIENCE	-	JWT audience
IDENTITY_SERVICE_SCOPES	-	OAuth2 scopes
IDENTITY_SERVICE_ROLES	-	User roles

Claims Configuration

Variable	Default	Description
IDENTITY_SERVICE_CLAIMS_EMAIL	-	Email claim name
IDENTITY_SERVICE_CLAIMS_GROUP	-	Group claim name
IDENTITY_SERVICE_CLAIMS_ROLE	-	Role claim name

Azure AD Configuration

Variable	Default	Description
IDENTITY_SERVICE_AZURE_TENANT_ID	-	Azure AD tenant ID
IDENTITY_SERVICE_AZURE_API_CLIENT_ID	-	Azure AD client ID

Session Configuration

Variable	Default	Description
IDENTITY_SERVICE_SESSION_PROMPT	-	Session prompt
IDENTITY_SERVICE_SESSION_SCOPE	-	Session scope
IDENTITY_SERVICE_CLIENT_ID	-	OAuth2 client ID
IDENTITY_SERVICE_COOKIE_EXPIRATION	-	Cookie expiration time
IDENTITY_SERVICE_COOKIE_REFRESH	-	Cookie refresh time
IDENTITY_SERVICE_PROVIDER_NAME	-	Provider display name
IDENTITY_SERVICE_IDENTITY_REFRESH	-	Identity refresh interval
IDENTITY_SERVICE_EXTERNAL_AUTHORIZATION_URL	http://store-server:3000/store-api/authorize-after-authentication	External authorization URL

Data Directory

Variable	Default	Description
IDENTITY_SERVICE_DATA_DIR	identity-data	Identity service data directory

Test Environment Configuration

Test Database Configuration

Variable	Default	Description
POSTGRES_USER	postgres	PostgreSQL user for test databases
POSTGRES_PASSWORD	postgres	PostgreSQL password for test databases
POSTGRES_PASSWORD2	postgres2	Alternative PostgreSQL password for destination tutorial DB

Secrets Configuration

All secrets are stored in files under the SECRETS_ROOT_DIR directory.

Variable	Default	Description
SECRETS_ROOT_DIR	./default-secrets	Root directory for secrets

Secret Files

The following secret files are required:

• license/user-license - User license file
• store/db-password - Store database password
• gitea/db-password - Gitea database password
• gitea/admin-password - Gitea admin password
• gitea/admin-access-token - Gitea admin access token
• identity/client-secret - OAuth2 client secret
• identity/cookie-secret - Cookie signing secret
• identity/azure/api-client-secret - Azure API client secret
• identity/okta/ssws-token - Okta SSWS token
• identity/keycloak/admin-password-file - Keycloak admin password
• identity/password-file-db - Password file database
• identity/jwt-keys - JWT signing keys
• s3/access-key-id - S3 access key ID
• s3/access-key-secret - S3 access key secret

Example Configuration

# port where the Ontopic Suite is binded
LOCAL_PORT=8081
# port under which the Ontopic Suite is served
VIRTUAL_PORT=8081
# hostname under which the Ontopic Suite is served
VIRTUAL_HOST=localhost
# identity service configuration
IDENTITY_SERVICE_DEBUG=false
IDENTITY_SERVICE_PROVIDER_OAUTH2=azure
IDENTITY_SERVICE_PROVIDER_PASSWORD=password-file
IDENTITY_SERVICE_AZURE_TENANT_ID=your-tenant-id
IDENTITY_SERVICE_AZURE_API_CLIENT_ID=your-client-id
# gitea manager configuration
GITEA_MANAGER_DEBUG=false
GITEA_MIRROR_PORT=8081
JDBC_ROOT_DIR=./jdbc
SECRETS_ROOT_DIR=./default-secrets
STORE_SERVER_DOCS_DIR=./volumes/docs
STORE_SERVER_REPOS_DIR=./volumes/repos
STORE_SERVER_DB_DATA_DIR=./volumes/store-db
GIT_MIRROR_CONFIG_DIR=./volumes/git-config
GIT_MIRROR_DATA_DIR=./volumes/git-data
GIT_MIRROR_DB_DATA_DIR=./volumes/git-mirror-db
IDENTITY_SERVICE_DATA_DIR=./volumes/identity-service
ENDPOINT_SECURITY_DIR=./volumes/endpoint-security
ENABLE_MATERIALIZATION=true
MATERIALIZATION_RESULT_DIR=./volumes/materialization-result
MATERIALIZATION_CONFIGURATION_DIR=./volumes/materialization-configuration

Notes

1. Secrets: All sensitive values should be stored in secret files, not as environment variables
2. Defaults: Most variables have sensible defaults and don't need to be set unless you want to customize behavior
3. Ports: Ensure the ports you choose don't conflict with other services on your system
4. Volumes: Persistent data is stored in Docker volumes - backup these directories for data persistence