Environment Variables Reference
This file documents all supported .env entries for the Frafos monitoring stack. Place your .env file in the same directory as your docker-compose.yml or manifest files to configure your deployment.
Example .env File
Show example .env file
⬇️ Download env.example
.env
# --- Generic ---
# NODE_ENV=production # Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'. | required | enum: [dev, test, production, CI]
# MOKI_DEBUG=false # Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development. | required
# ADDR=0.0.0.0 # IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address. | required
# SERVER_PORT=5000 # Port number for the server to listen on. | required | min: 0, max: 65536
# PUBLIC_URL= # Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL. | optional
# STATIC_DOC_FILES_PATH=/moki/documentations # Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation. | required
# APP_DIR= # Root directory of the application. Automatically set from env.ts and used for resolving application paths. | optional
# TEST_HTTPS_LOCAL=false # If true, enables HTTPS for local development setup; otherwise, defaults to HTTP server. Used only in local environments. | required
# GUI_TLS_CERT_PATH= # The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate. | optional
# GUI_TLS_KEY_PATH= # The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key. | optional
# LOG_PATH=/data/abc-monitor/logs # Filesystem path where application log files are stored. Used for tracking server and application events. | required
# LOG_LEVEL=debug # Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed). | required | enum: [trace, debug, info, warn, error, fatal]
# REPORT_URL=http://localhost:5000/report # URL endpoint for accessing application reports. Must be a valid URL. | required
# BROWSER_URL=http://chrome:9222/ # URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL. | required
# PYTHON_PATH=python3 # Filesystem path or command to the Python executable used for running Python scripts or integrations. | required
# EVENT_GENERATOR_PATH=event-generator-cli # Filesystem path or command to the event generator CLI tool. Used for generating events in the application. | required
# WEB_PUSH_VAPID_PUB=BDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0 # Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service. | required
# WEB_PUSH_VAPID_PRV=m_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0 # Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key. | required
# DOCS_PROXY_URL= # URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and `STATIC_DOC_FILES_PATH` is ignored. | optional
# --- Auth ---
# JWT_required=false # Require JWT authentication for SIP user access. If true, users must provide a valid JWT token to authenticate. | required
# BYPASS_AUTH=false # If true, the login page is displayed for user authentication; if false, users are redirected directly to the dashboard without authentication. | required
# CCM= # IP address or hostname of the CCM server used for SIP communications. Must be a valid IPv4, IPv6, or hostname. | optional
# --- Elasticsearch ---
# ES= # URL of the Elasticsearch server to override the value from monitor.json. Must be a valid URL. Used for connecting to the Elasticsearch instance. | optional
# ES_USERNAME= # Username for authenticating with the Elasticsearch server. Required if ES_PASSWORD is provided. | optional
# ES_PASSWORD= # Password for authenticating with the Elasticsearch server. Required if ES_USERNAME is provided. | optional
# ES_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process in Elasticsearch operations. Controls how many successful confirmations are needed before recovery is considered complete. | required
# --- LogService ---
# LOGSTASH_URL=http://127.0.0.1:9600 # URL of the Logstash server for event ingestion and monitoring. Useful when Logstash runs on a different server or in the 'mon' container (127.0.0.1). Must be a valid URL. | required
# LOGSTASH_DISABLED=false # If true, disables Logstash integration when running the monitor server. For fresh Elasticsearch setups, datastreams config must be pushed before sending events via Logstash. | required
# LOGSTASH_BIN=/opt/logstash/bin/logstash # Filesystem path to the Logstash binary. Required for local development or manual Logstash operation. | required
# LOGSTASH_BEATS_PORT=5044 # Input port for Logstash. Used by event-generator to push events. | required | min: 0, max: 65536
# LOGSTASH_GEOIP_DB=/data/abc-monitor/logstash/GeoLite2-City.mmdb # Filesystem path to the GeoIP database used by Logstash for geolocation enrichment of events. | required
# LS_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process for Logstash operations. Controls how many successful confirmations are needed before recovery is considered complete. | required | min: 1, max: 100
# --- AA ---
# ADVANCED_ALERTS= # Enable advanced alerts for enhanced monitoring and notification features | optional
# ADVANCED_ALERTS_URL= # The endpoint URL used for advanced alerts when ADVANCED_ALERTS is enabled. Must be a valid URL. | optional
# AA_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process. Controls how many successful confirmations are needed before recovery is considered complete. | required | min: 1, max: 100
# --- S3 ---
# UPLOAD_API_PORT=3042 # Port number for the upload API server to listen on. | required | min: 0, max: 65536
# UPLOAD_API_TLS_KEY_PATH= # Filesystem path to the TLS key file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CERT_PATH= # Filesystem path to the TLS certificate file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CA_PATH= # Filesystem path to the TLS CA certificate file for validating client certificates in mutual TLS setups. | optional
# UPLOAD_API_MUTUAL_AUTH=false # Enable mutual TLS authentication for the upload API. If true, both client and server must present valid certificates. | required
# UPLOAD_API_RSYNC_PORT=1873 # Port number for the rsync server used by the upload API for file synchronization. | required | min: 0, max: 65536
# UPLOAD_API_RSYNC_USER=sbcsync # Username for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_RSYNC_PASSWORD=ZJaqCW6zwznD # Password for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_STORAGE_TYPE=null # Type of storage backend used by the upload API. | required | enum: [s3, file, null]
# STORAGE_LOCATION= # Filesystem path or S3 bucket name where uploaded files are stored. | optional
# UPLOAD_API_S3_FORCE_PATH_STYLE=false # Force path-style access for S3 buckets in the upload API. Useful for S3-compatible services or custom endpoints. | required
# AWS_REGION=auto # AWS region for S3 storage operations. Used to select the correct S3 endpoint. | required
# AWS_ENDPOINT_URL_S3= # Custom endpoint URL for S3 storage. Must be a valid URL. Used for S3-compatible services or local testing. | optional
# AWS_ACCESS_KEY_ID= # AWS Access Key ID for authenticating S3 storage operations. | optional
# AWS_SECRET_ACCESS_KEY= # AWS Secret Access Key for authenticating S3 storage operations. | optional
# --- CI ---
# CI_LOGSTASH_ADDR=127.0.0.1 # IP address of the Logstash server used for CI logging and data collection. Must be a valid IPv4 or IPv6 address. | required
# CI_LOGSTASH_PORT=0 # Port number for connecting to the Logstash server in CI. Must be within the allowed port range. | required | min: 0, max: 65536
# CI_SKIP_DATA_GEN=false # If true, skips generating test data during CI runs. Useful for faster execution when data generation is not required. | required
# CI_S3_BUCKET=file-upload-test # Name of the S3 bucket used in CI for upload-api tests. Specifies where test files are uploaded during CI runs. | required
# --- Client ---
# ALLOWED_HOSTS=localhost,127.0.0.1 # List of hostnames or IP addresses allowed for the UI to connect to the server and used in SSL certificate validation. | optional
# UI_PORT=3000 # Port number for the user interface (UI) to listen on. | required | min: 0, max: 65536
Ports
- SERVER_PORT: 5000
- LOGSTASH_BEATS_PORT: 5044
- UPLOAD_API_PORT: 3042
- UPLOAD_API_RSYNC_PORT: 1873
- CI_LOGSTASH_PORT: 0
- UI_PORT: 3000
Variable Definitions
- Generic
- Auth
- Elasticsearch
- LogService
- AA
- S3
- CI
- Client
Generic environment variables used for core application configuration, debugging, server address, ports, URLs, and paths. These variables control the main behavior and entry points of the monitoring stack.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| NODE_ENV | enum [dev, test, production, CI] | production | enum: [dev, test, production, CI] | Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'. |
| MOKI_DEBUG | boolean | false | - | Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development. |
| ADDR | string | 0.0.0.0 | - | IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address. |
| SERVER_PORT | number | 5000 | min: 0, max: 65536 | Port number for the server to listen on. |
| PUBLIC_URL | string | - | - | Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL. |
| STATIC_DOC_FILES_PATH | string | /moki/documentations | - | Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation. |
| APP_DIR | string | - | - | Root directory of the application. Automatically set from env.ts and used for resolving application paths. |
| TEST_HTTPS_LOCAL | boolean | false | - | If true, enables HTTPS for local development setup; otherwise, defaults to HTTP server. Used only in local environments. |
| GUI_TLS_CERT_PATH | boolean | - | - | The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate. |
| GUI_TLS_KEY_PATH | boolean | - | - | The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key. |
| LOG_PATH | string | /data/abc-monitor/logs | - | Filesystem path where application log files are stored. Used for tracking server and application events. |
| LOG_LEVEL | enum [trace, debug, info, warn, error, fatal] | debug | enum: [trace, debug, info, warn, error, fatal] | Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed). |
| REPORT_URL | string | http://localhost:5000/report | - | URL endpoint for accessing application reports. Must be a valid URL. |
| BROWSER_URL | string | http://chrome:9222/ | - | URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL. |
| PYTHON_PATH | string | python3 | - | Filesystem path or command to the Python executable used for running Python scripts or integrations. |
| EVENT_GENERATOR_PATH | string | event-generator-cli | - | Filesystem path or command to the event generator CLI tool. Used for generating events in the application. |
| WEB_PUSH_VAPID_PUB | string | BDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0 | - | Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service. |
| WEB_PUSH_VAPID_PRV | string | m_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0 | - | Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key. |
| DOCS_PROXY_URL | string | - | - | URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and STATIC_DOC_FILES_PATH is ignored. |
Authentication-related variables. Configure JWT requirements, login bypass, and CCM server integration for secure access and user management.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| JWT_required | boolean | false | - | Require JWT authentication for SIP user access. If true, users must provide a valid JWT token to authenticate. |
| BYPASS_AUTH | boolean | false | - | If true, the login page is displayed for user authentication; if false, users are redirected directly to the dashboard without authentication. |
| CCM | boolean | - | - | IP address or hostname of the CCM server used for SIP communications. Must be a valid IPv4, IPv6, or hostname. |
Elasticsearch configuration. Set connection details, credentials, and recovery options for the main data store powering search and analytics.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ES | string | - | - | URL of the Elasticsearch server to override the value from monitor.json. Must be a valid URL. Used for connecting to the Elasticsearch instance. |
| ES_USERNAME | string | - | - | Username for authenticating with the Elasticsearch server. Required if ES_PASSWORD is provided. |
| ES_PASSWORD | string | - | - | Password for authenticating with the Elasticsearch server. Required if ES_USERNAME is provided. |
| ES_RECOVERY_CONFIRMATION_COUNT | number | 3 | - | Number of confirmations required to complete the recovery process in Elasticsearch operations. Controls how many successful confirmations are needed before recovery is considered complete. |
Log service configuration. Define Logstash integration, paths, ports, and recovery settings for event and log processing.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| LOGSTASH_URL | string | http://127.0.0.1:9600 | - | URL of the Logstash server for event ingestion and monitoring. Useful when Logstash runs on a different server or in the 'mon' container (127.0.0.1). Must be a valid URL. |
| LOGSTASH_DISABLED | boolean | false | - | If true, disables Logstash integration when running the monitor server. For fresh Elasticsearch setups, datastreams config must be pushed before sending events via Logstash. |
| LOGSTASH_BIN | string | /opt/logstash/bin/logstash | - | Filesystem path to the Logstash binary. Required for local development or manual Logstash operation. |
| LOGSTASH_BEATS_PORT | number | 5044 | min: 0, max: 65536 | Input port for Logstash. Used by event-generator to push events. |
| LOGSTASH_GEOIP_DB | string | /data/abc-monitor/logstash/GeoLite2-City.mmdb | - | Filesystem path to the GeoIP database used by Logstash for geolocation enrichment of events. |
| LS_RECOVERY_CONFIRMATION_COUNT | number | 3 | min: 1, max: 100 | Number of confirmations required to complete the recovery process for Logstash operations. Controls how many successful confirmations are needed before recovery is considered complete. |
Analytics and Alerts (AA) configuration. Enable advanced alerting, set endpoints, and control confirmation requirements for alert workflows.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ADVANCED_ALERTS | boolean | - | - | Enable advanced alerts for enhanced monitoring and notification features |
| ADVANCED_ALERTS_URL | string | - | - | The endpoint URL used for advanced alerts when ADVANCED_ALERTS is enabled. Must be a valid URL. |
| AA_RECOVERY_CONFIRMATION_COUNT | number | 3 | min: 1, max: 100 | Number of confirmations required to complete the recovery process. Controls how many successful confirmations are needed before recovery is considered complete. |
S3 storage configuration. Manage upload API, TLS, rsync, storage type, region, endpoint, and credentials for file storage and backup.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| UPLOAD_API_PORT | number | 3042 | min: 0, max: 65536 | Port number for the upload API server to listen on. |
| UPLOAD_API_TLS_KEY_PATH | string | - | - | Filesystem path to the TLS key file used for HTTPS connections in the upload API. |
| UPLOAD_API_TLS_CERT_PATH | string | - | - | Filesystem path to the TLS certificate file used for HTTPS connections in the upload API. |
| UPLOAD_API_TLS_CA_PATH | string | - | - | Filesystem path to the TLS CA certificate file for validating client certificates in mutual TLS setups. |
| UPLOAD_API_MUTUAL_AUTH | boolean | false | - | Enable mutual TLS authentication for the upload API. If true, both client and server must present valid certificates. |
| UPLOAD_API_RSYNC_PORT | number | 1873 | min: 0, max: 65536 | Port number for the rsync server used by the upload API for file synchronization. |
| UPLOAD_API_RSYNC_USER | string | sbcsync | - | Username for authenticating with the rsync server in the upload API. |
| UPLOAD_API_RSYNC_PASSWORD | string | ZJaqCW6zwznD | - | Password for authenticating with the rsync server in the upload API. |
| UPLOAD_API_STORAGE_TYPE | enum [s3, file, null] | null | enum: [s3, file, null] | Type of storage backend used by the upload API. |
| STORAGE_LOCATION | string | - | - | Filesystem path or S3 bucket name where uploaded files are stored. |
| UPLOAD_API_S3_FORCE_PATH_STYLE | boolean | false | - | Force path-style access for S3 buckets in the upload API. Useful for S3-compatible services or custom endpoints. |
| AWS_REGION | string | auto | - | AWS region for S3 storage operations. Used to select the correct S3 endpoint. |
| AWS_ENDPOINT_URL_S3 | string | - | - | Custom endpoint URL for S3 storage. Must be a valid URL. Used for S3-compatible services or local testing. |
| AWS_ACCESS_KEY_ID | string | - | - | AWS Access Key ID for authenticating S3 storage operations. |
| AWS_SECRET_ACCESS_KEY | string | - | - | AWS Secret Access Key for authenticating S3 storage operations. |
Continuous Integration (CI) configuration. Set up Logstash, S3 bucket, and data generation options for automated testing and deployment.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| CI_LOGSTASH_ADDR | string | 127.0.0.1 | - | IP address of the Logstash server used for CI logging and data collection. Must be a valid IPv4 or IPv6 address. |
| CI_LOGSTASH_PORT | number | 0 | min: 0, max: 65536 | Port number for connecting to the Logstash server in CI. Must be within the allowed port range. |
| CI_SKIP_DATA_GEN | boolean | false | - | If true, skips generating test data during CI runs. Useful for faster execution when data generation is not required. |
| CI_S3_BUCKET | string | file-upload-test | - | Name of the S3 bucket used in CI for upload-api tests. Specifies where test files are uploaded during CI runs. |
Client-side configuration. Specify allowed hosts and frontend settings for application access and security.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ALLOWED_HOSTS | array | localhost,127.0.0.1 | - | List of hostnames or IP addresses allowed for the UI to connect to the server and used in SSL certificate validation. |
| UI_PORT | number | 3000 | min: 0, max: 65536 | Port number for the user interface (UI) to listen on. |
Usage Notes
info
- Add or override variables as needed for your deployment.
- For sensitive values, consider using
Docker secretsorKubernetes secrets. - Not all variables are required for every service; check your compose/manifest for usage.