Listing of environment variables

 

The environment variables are split into 4 categories detailed below:

  • Server configuration

  • System configuration

  • Database configuration

  • Authentication mode configuration

Server configuration

The variables indicated with an asterisk (*) are mandatory.

THEMIS_URL*

It is here the address from which Themis will be accessible for the user community. 

WEB_SOCKET_HOST *

Themis uses a WebSocket for certain communications between client and server. This variable The host address of the server that hosts Themis. This variable is completed by WEB_SOCKET_PORT. Most of the time the value of this variable will be identical to the server address.

WEB_SOCKET_PORT *

Themis uses a WebSocket for certain communications between client and server. This variable indicate that port mapped with the 3000 port used by Themis for this WebSocket. it will be able take as value 80 or 443 in the context of a reverse proxy.

WEB_SOCKET_SECURED

This variable should have as value true in the case of a secured server with HTTPS for the access to Themis (WEB_SOCKET_HOST+ WEB_SOCKET_PORT)

Example of configuration if Themis is accessible via ad IP address + port.

If you deploy Themis on a machine which address is 10.11.12.13, here is the configuration to implement (extract of the docker-compose.yml file):

 - themis
    environment:
     - THEMIS_URL=http://10.11.12.13:3001
     - WEB_SOCKET_PORT=3000
     - WEB_SERVER_HOST=10.11.12.13

This configuration assumes that you have mapped the 3000 and 3001 ports of the Themis Docker container to the 3000 and 3001 ports of the host machin.

Example of configuration if Themis is accessible via domain name + port.

If you deploy Themis on a machine which IP address is still 10.11.12.13, but that you have included in a DNS a redirection of themis.mycompany.com to this IP address, here is the configuration to implement:

 - themis
    environment:
     - THEMIS_URL=http://themis.mycompany.com:3001
     - WEB_SOCKET_PORT=3000
     - WEB_SERVER_HOST=themis.mycompany.com

This configuration assumes that you have mapped the 3000 and 3001 ports of the Themis Docker container to the 3000 and 3001 pots on the host machine.

Example of configuration if you deploy Themis on a machine with a secured proxy

You wish that Themis would be accessible at the https://themis.mycompany.com URL. Let us assume that you use Apache as proxy, and that the Docker container published the 3000 and 3001 ports.

Let us suppose that there is a /etc/apache/sites-available/themis.mycompany.com-le-ssl.conf file with the following configuration:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName themis.mycompany.com ServerAdmin contact@mycompany.com ProxyPass / http://localhost:3001/ ProxyPassReverse / http://localhost:3001/ ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/mycompany.promyze.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mycompany.promyze.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>

In this configuration, it is supposed you had run Themis by publishing the 3001 port. Apache will then redirect to the http://localhost:3001 local address, being the Themis address on the server. This configuration is an example, you may perfectly have another configuration.

For the WebSocket proper functioning, it is also necessary to create an Apache configuration for it to be accessible to the themis-ws.mycompany.com address (for example). To this end, the /etc/apache/sites-available/themis-ws.mycompany.com-le-ssl.conf file with following configuration:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	Header set Access-Control-Allow-Origin "https://themis.mycompany.com"
        ServerName themis-ws.mycompany.com
        ServerAdmin contact@mycompany.com

        RewriteEngine On
        RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
        RewriteCond %{QUERY_STRING} transport=websocket    [NC]
        RewriteRule /(.*)           ws://localhost:3000/$1 [P,L]

        ProxyPass / http://localhost:3000/
        ProxyPassReverse / http://localhost:3000/
        ProxyPreserveHost On

SSLCertificateFile /etc/letsencrypt/live/mycompany.promyze.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mycompany.promyze.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

In this configuration, it is assumed that you have run Themis by publishing the 3000 port. Note the "Header set Access-Control..." line also necessary. The result in terms of Themis configuration is the following (extract of the docker-compose.yml file):

 - themis
    environment:
     - THEMIS_URL=https://themis.mycompany.com
     - WEB_SOCKET_PORT=443
     - WEB_SOCKET_SECURED=true
     - WEB_SERVER_HOST=themis-ws.mycompany.com

As the access to Themis is secured with HTTPS, it is necessary to place at true the WEB_SOCKET_SECURED environment variable. One will also indicate at 443 the WEB_SOCKET_PORT valuethat will be able to be placed at à 80 in the case of a classic HTTP access.

System configuration

JVM_THREADS

Specifies the number of treads to be used  by the JVM of the Engine component. This variable is relevant if you have several logical cores on the infrastructure that hosts Themis. The parallelized operations are the synchronizations of the sources allowing the generation of the actions.

ENABLE_ERROR_NOTIFICATIONS

ProMyze relies on the Bugsnag platform to centralize the potential reports of error intercepted during Themis execution. Our objective is to identify as soon as possible errors and to shorten the delivery cycles of anomalies.

However, if your machine is not open to the outside network, or if you do not wish to send to ProMyze the logs of erreur, you may plainly disable this shipping by placing environment variable at false. Example of update of the docker-compose.yml file: 

 - themis
    environment:
     - ENABLE_ERROR_NOTIFICATIONS=false

Note that we pay special attention not to send information proper to your context (URL of sources...)

JVM_MAX_MEMORY

Allows to increase the memory size allocated to the JVM of the Engine component. This value will allow to specify the -Xmx parameter used at the start of the Engine component. 

The default value is 1g. Examples of possible value: 256M, 512M, 1g, 2g.

 

MongoDB database

Several environment variables are useful when you wish to have your own MongoDB server. The listing of variables to set is available below, and you will find the instructions more detailed in this article.

MONGO_DB
MONGO_USER
MONGO_PASSWORD
MONGO_AUTHENTICATION_DB
MONGO_ADDR
MONGO_PORT
MONGO_AUTHENTICATION_MECHANISM
MONGO_USE_CREDENTIALS

Configuration of the authentication method

An article dedicated to the different authentication methods supported by Themis (Azure Active Directory, Active Directory, SSO...) is available in a dedicated article.

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.