Backend
Backend Config Reference#
The backend can be configured in 3 different ways:
- Make a
config.jsonfile in the working directory of the application (root of repository) - Make a
.envfile in the working directory of the application (root of repository) - Add environment variables to your system (or container)
These different config options are all mutually inclusive, so you can use multiple at the same time if you want to.
With any of these configurations, you have to have atleast three variables set for the server to function:
postgres.connection, crypto.sessionSecret and meta.name
Method 1 - config.json#
This method uses nesting, so the key server.basePath with the value of "/backend" will result in a file that looks like this:
{
"server": {
"basePath": "/backend"
}
}Method 2 - .env#
The environment variable names use double underscores as separators and MWB_ as the prefix. So the key server.basePath will result in the .env file like this:
MWB_SERVER__BASE_PATH=/backendMethod 3 - Environment#
This method is identical to the .env method listed above, but you add the variables to the environment instead of writing it in a file.
Reference#
Server#
All configurations related to the HTTP server.
server.port#
- Type:
number - Default:
8080
Port number that the HTTP server listens on.
server.cors#
- Type:
string - Default:
"" - Example:
"https://movie-web.app https://testing.movie-web.app"
Space separated list of allowed origins.
server.allowAnySite#
- Type:
boolean - Default:
false
If set to true, it allows any origin to access the site. This overwrites the server.cors setting.
server.trustProxy#
- Type:
boolean - Default:
false
Controls whether the server should trust reverse proxy headers. This is used to identify users for ratelimiting.
server.trustCloudflare#
- Type:
boolean - Default:
false
Controls whether the server should trust Cloudflare IP headers. This is used to identify users for ratelimiting.
server.basePath#
- Type:
string - Default:
"/"
Prefix for which path is being listened on. Useful if you're hosting on example.com/backend for example.
If this is set, you shouldn't apply URL rewriting before proxying.
Logging#
All configurations related to how the HTTP server will log. This is not related to the metrics endpoint.
logging.format#
- Type:
string|"pretty"|"json" - Default:
"pretty"
Logging format to use, should be either pretty or json, most users should probably use the default.
Postgres#
All configurations related to how postgres functions.
postgres.connection ⚠#
- Type:
string - Example:
"postgresql://localhost:5432"
Connection URL for postgres instance, should contain the database in the URL.
Required. The backend will not start if this is not configured.
postgres.migrateOnBoot#
- Type:
boolean - Default:
false
Run all migrations that haven't ran yet on boot.
If you have multiple replicas running, this can cause a lot of issues. We recommend only using this if you run only one replica.
postgres.debugLogging#
- Type:
boolean - Default:
false
Log all postgres queries in the console. Useful for debugging issues with the database.
This outputs sensitive, DO NOT run it in production.
postgres.ssl#
- Type:
boolean - Default:
false
Enable SSL for postgres connections. Useful if you're using a hosted postgres database.
Cryptography#
All configurations related to cryptography.
crypto.sessionSecret ⚠#
- Type:
string
The secret used to sign sessions. Must be at least 32 characters long.
Required. The backend will not start if this is not configured.
Meta#
These options configure how the server will display itself to the frontend.
meta.name ⚠#
- Type:
string - Example:
"Unofficial movie-web"
The name of the backend instance, this will be displayed to users who try to create an account.
Required. The backend will not start if this is not configured.
meta.description#
- Type:
string - Default:
"" - Example:
"This is not an official instance of movie-web"
The description of the backend instance, this will be displayed to users who try to create an account.
Captcha#
All configurations related to adding captcha functionality. Captchas' help to protect your server from bot attacks.
captcha.enabled#
- Type:
boolean - Default:
false
Enables Recaptcha support for user registration and login. You can follow this guide to create a Recaptcha key.
If this is enabled, all other captcha related settings are required.
captcha.secret#
- Type:
string - Default:
"" - Example:
"sjgaJ@3djasFVx"
Google Recaptcha secret key.
captcha.clientKey#
- Type:
string - Default:
"" - Example:
"2jf853z5bc63bvDb2323FAda"
Google Recaptcha site key.
Ratelimits#
All configuration options related to adding ratelimiting functionality. Helps to protect against bot attacks or spammy users.
Make sure your IP headers are properly forwarded if you're using a reverse proxy. Also see server.trustProxy.
ratelimits.enabled#
- Type:
boolean - Default:
false
Enables ratelimiting some more expensive endpoints.
If this is enabled, all other ratelimit related settings are required.
ratelimits.redisUrl#
- Type:
string - Default:
"" - Example:
"redis://localhost:6379"
Redis connection URL for storing ratelimit data. You can use a plain redis instance for this, no modules are required.