Skip to main content
Version: Unreleased

Environment Variables Reference

This file documents all supported .env entries for the Frafos monitoring stack. Place your .env file in the same directory as your docker-compose.yml or manifest files to configure your deployment.

Example .env File

Show example .env file
⬇️ Download env.example
.env
# --- Generic ---
# NODE_ENV=production # Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'. | required | enum: [dev, test, production, CI]
# MOKI_DEBUG=false # Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development. | required
# ADDR=0.0.0.0 # IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address. | required
# SERVER_PORT=5000 # Port number for the server to listen on. | required | min: 0 (exclusive), max: 65536
# PORT= # Port number for the server to listen on, used for compatibility. Will be deprecated in future versions and will be replaced by SERVER_PORT. Still has the higher priority for the server port. | optional | min: 0 (exclusive), max: 65536
# PUBLIC_URL= # Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL. | optional
# STATIC_DOC_FILES_PATH=/moki/documentations # Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation. | required
# APP_DIR= # Root directory of the application. Automatically set from env.ts and used for resolving application paths. | optional
# TEST_HTTPS_LOCAL=false # If true, enables HTTPS for local development setup; otherwise, defaults to HTTP server. Used only in local environments. | required
# GUI_TLS_CERT_PATH= # The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate. | optional
# GUI_TLS_KEY_PATH= # The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key. | optional
# LOG_PATH=/data/abc-monitor/logs # Filesystem path where application log files are stored. Used for tracking server and application events. | required
# LOG_LEVEL=info # Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed). | required | enum: [trace, debug, info, warn, error, fatal]
# REPORT_URL=http://localhost:5000/report # URL endpoint for accessing application reports. Must be a valid URL. | required
# BROWSER_URL=http://chrome:9222/ # URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL. | required
# PYTHON_PATH=python3 # Filesystem path or command to the Python executable used for running Python scripts or integrations. | required
# EVENT_GENERATOR_PATH=event-generator-cli # Filesystem path or command to the event generator CLI tool. Used for generating events in the application. | required
# WEB_PUSH_VAPID_PUB=BDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0 # Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service. | required
# WEB_PUSH_VAPID_PRV=m_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0 # Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key. | required
# START_PERIODIC_JOBS_ON_BOOT=true # Enable periodic job scheduling on boot | required
# DOCS_PROXY_URL= # URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and `STATIC_DOC_FILES_PATH` is ignored. | optional

# --- Auth ---
# JWT_required=false # Require JWT authentication for SIP user access. If true, users must provide a valid JWT token to authenticate. | required
# BYPASS_AUTH=false # If true, the login page is displayed for user authentication; if false, users are redirected directly to the dashboard without authentication. | required
# CCM= # IP address or hostname of the CCM server used for SIP communications. Must be a valid IPv4, IPv6, or hostname. | optional
# CCM_API_TOKEN= # CCM API token that has full read access, to generate the token, `https://x.x.x.x/api/v1/auth_token` replace the `x.x.x.x` with CCM address. Required when CCM address is specified. | optional

# --- Elasticsearch ---
# ES= # URL of the Elasticsearch server to override the value from database. Must be a valid URL. Used for connecting to the Elasticsearch instance. | optional
# ES_USERNAME= # Username for authenticating with the Elasticsearch server. Required if ES_PASSWORD is provided. | optional
# ES_PASSWORD= # Password for authenticating with the Elasticsearch server. Required if ES_USERNAME is provided. | optional
# ES_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process in Elasticsearch operations. Controls how many successful confirmations are needed before recovery is considered complete. | required

# --- Vector ---
# VECTOR_RUNNER=local # Specify your desired runner | required | enum: [podman, docker, local]
# VECTOR_ENTRYPOINT=./prod-data/vector/start-vector.sh # Path to vector entrypoint. | required
# VECTOR_CONFIG_DIR=./prod-data/vector/config # Path to vector config directory | required
# VECTOR_ES_ENDPOINT= # Override Elasticsearch URL from value config.ES | optional
# VECTOR_SOCKET_PORT=5044 # Vector TCP port used for communication | required | max: 65536
# VECTOR_SOCKET_TLS_PORT=5045 # Vector TCP port used for TLS communication | required | max: 65536
# VECTOR_SOCKET_ADDR=0.0.0.0 # Vector host address used for communication | required
# VECTOR_TLS_ENABLED= # Enable TLS for Vector | optional
# VECTOR_GEOIP_DB_PATH=./prod-data/vector/assets/GeoLite2-City.mmdb # Path to GeoLite2 City database file | optional
# VECTOR_LOG= # The vector log. Default will be handled by vector start script | optional | enum: [trace, debug, info, warn, error, off]
# VECTOR_API_ADDRESS=127.0.0.1:8686 # Vector API Address. Only used for health check. It should be `IP:PORT` format | required
# VECTOR_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required for recovery | required
# VECTOR_CA_FILE= # Path to the CA file used for SSL/TLS | optional
# VECTOR_CRT_FILE= # Path to the certificate file used for SSL/TLS | optional
# VECTOR_KEY_FILE= # Path to the certificate-key file used for SSL/TLS | optional
# VECTOR_KEY_PASS= # Passphrase for certificate key | optional
# VECTOR_VERIFY_CRT=false # For certificate verification | required
# VECTOR_WATCH_CONFIG=false # Watch vector config files | required
# VECTOR_GRACEFUL_SHUTDOWN_LIMIT_SECS=60 # Set the duration in seconds to wait for graceful shutdown after SIGINT or SIGTERM are received. After the duration has passed, Vector will force shutdown. default is 60 | required

# --- AA ---
# ADVANCED_ALERTS= # Enable advanced alerts for enhanced monitoring and notification features | optional
# ADVANCED_ALERTS_URL= # The endpoint URL used for advanced alerts when ADVANCED_ALERTS is enabled. Must be a valid URL. | optional
# AA_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process. Controls how many successful confirmations are needed before recovery is considered complete. | required | min: 1, max: 100

# --- Redis ---
# REDIS_ENDPOINT= # Redis endpoint. eg: redis://redis:6379/0 | optional
# REDIS_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required for recovery | required

# --- S3 ---
# UPLOAD_API_PORT=3042 # Port number for the upload API server to listen on. | required | min: 0 (exclusive), max: 65536
# UPLOAD_API_TLS_KEY_PATH= # Filesystem path to the TLS key file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CERT_PATH= # Filesystem path to the TLS certificate file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CA_PATH= # Filesystem path to the TLS CA certificate file for validating client certificates in mutual TLS setups. | optional
# UPLOAD_API_MUTUAL_AUTH=false # Enable mutual TLS authentication for the upload API. If true, both client and server must present valid certificates. | required
# UPLOAD_API_RSYNC_PORT=1873 # Port number for the rsync server used by the upload API for file synchronization. | required | min: 0 (exclusive), max: 65536
# UPLOAD_API_RSYNC_USER=sbcsync # Username for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_RSYNC_PASSWORD=ZJaqCW6zwznD # Password for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_STORAGE_TYPE=null # Type of storage backend used by the upload API. | required | enum: [s3, file, null]
# STORAGE_LOCATION= # Filesystem path or S3 bucket name where uploaded files are stored. | optional
# UPLOAD_API_S3_FORCE_PATH_STYLE=false # Force path-style access for S3 buckets in the upload API. Useful for S3-compatible services or custom endpoints. | required
# AWS_REGION=auto # AWS region for S3 storage operations. Used to select the correct S3 endpoint. | required
# AWS_ENDPOINT_URL_S3= # Custom endpoint URL for S3 storage. Must be a valid URL. Used for S3-compatible services or local testing. | optional
# AWS_ACCESS_KEY_ID= # AWS Access Key ID for authenticating S3 storage operations. | optional
# AWS_SECRET_ACCESS_KEY= # AWS Secret Access Key for authenticating S3 storage operations. | optional

# --- Client ---
# ALLOWED_HOSTS=localhost,127.0.0.1 # List of hostnames or IP addresses allowed for the UI to connect to the server and used in SSL certificate validation. | optional
# UI_PORT=3000 # Port number for the user interface (UI) to listen on. | required | min: 0 (exclusive), max: 65536

Ports

  • SERVER_PORT: 5000
  • PORT:
  • VECTOR_SOCKET_PORT: 5044
  • VECTOR_SOCKET_TLS_PORT: 5045
  • UPLOAD_API_PORT: 3042
  • UPLOAD_API_RSYNC_PORT: 1873
  • UI_PORT: 3000

Variable Definitions

Generic environment variables used for core application configuration, debugging, server address, ports, URLs, and paths. These variables control the main behavior and entry points of the monitoring stack.

VariableTypeDefault ValueRestrictionsDescription
NODE_ENVenum [dev, test, production, CI]productionenum: [dev, test, production, CI]Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'.
MOKI_DEBUGbooleanfalse-Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development.
ADDRstring0.0.0.0-IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address.
SERVER_PORTnumber5000min: 0 (exclusive), max: 65536Port number for the server to listen on.
PORTnumber-min: 0 (exclusive), max: 65536Port number for the server to listen on, used for compatibility. Will be deprecated in future versions and will be replaced by SERVER_PORT. Still has the higher priority for the server port.
PUBLIC_URLstring--Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL.
STATIC_DOC_FILES_PATHstring/moki/documentations-Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation.
APP_DIRstring--Root directory of the application. Automatically set from env.ts and used for resolving application paths.
TEST_HTTPS_LOCALbooleanfalse-If true, enables HTTPS for local development setup; otherwise, defaults to HTTP server. Used only in local environments.
GUI_TLS_CERT_PATHboolean--The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate.
GUI_TLS_KEY_PATHboolean--The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key.
LOG_PATHstring/data/abc-monitor/logs-Filesystem path where application log files are stored. Used for tracking server and application events.
LOG_LEVELenum [trace, debug, info, warn, error, fatal]infoenum: [trace, debug, info, warn, error, fatal]Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed).
REPORT_URLstringhttp://localhost:5000/report-URL endpoint for accessing application reports. Must be a valid URL.
BROWSER_URLstringhttp://chrome:9222/-URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL.
PYTHON_PATHstringpython3-Filesystem path or command to the Python executable used for running Python scripts or integrations.
EVENT_GENERATOR_PATHstringevent-generator-cli-Filesystem path or command to the event generator CLI tool. Used for generating events in the application.
WEB_PUSH_VAPID_PUBstringBDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0-Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service.
WEB_PUSH_VAPID_PRVstringm_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0-Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key.
START_PERIODIC_JOBS_ON_BOOTbooleantrue-Enable periodic job scheduling on boot
DOCS_PROXY_URLstring--URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and STATIC_DOC_FILES_PATH is ignored.

Usage Notes

info
  • Add or override variables as needed for your deployment.
  • For sensitive values, consider using Docker secrets or Kubernetes secrets.
  • Not all variables are required for every service; check your compose/manifest for usage.