shellhub/.env at master · shellhub-io/shellhub · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# PLEASE DO NOT EDIT THIS FILE; modify '.env.override' file instead
# This is in order to avoid conflict with upstream code when updating to a newer version

# ShellHub version.
SHELLHUB_VERSION=v0.24.2

# The default log level for ShellHub.
# VALUES: https://pkg.go.dev/github.com/sirupsen/logrus#Level
SHELLHUB_LOG_LEVEL=info

# The log format for ShellHub.
# VALUES: json, text.
SHELLHUB_LOG_FORMAT=text

# The network interface to which the gateway container will bind.
# VALUES: Any valid IP address
SHELLHUB_BIND_ADDRESS=0.0.0.0

# The HTTP port for the ShellHub web-based UI, API, and Reverse SSH tunnel.
# VALUES: Any available port on the host
SHELLHUB_HTTP_PORT=80

# The HTTPS port for the ShellHub web-based UI, API, and Reverse SSH tunnel.
# VALUES: Any available port on the host
SHELLHUB_HTTPS_PORT=443

# The SSH port for incoming SSH connections to devices.
# VALUES: Any available port on the host
SHELLHUB_SSH_PORT=22

# Set to true if using a Layer 4 load balancer with proxy protocol in front of ShellHub.
SHELLHUB_PROXY=false

# Enable automatic HTTPS with Let's Encrypt.
SHELLHUB_AUTO_SSL=false

SHELLHUB_DATABASE=postgres

SHELLHUB_POSTGRES_HOST=postgres
SHELLHUB_POSTGRES_PORT=5432
SHELLHUB_POSTGRES_USERNAME=admin
SHELLHUB_POSTGRES_PASSWORD=admin
SHELLHUB_POSTGRES_DATABASE=main

# The domain of the server.
# NOTICE: Required only if automatic HTTPS is enabled.
# VALUES: A valid domain name
SHELLHUB_DOMAIN=localhost

# The network name used by Docker Compose to avoid port collisions when running multiple instances.
# VALUES: A valid network name
SHELLHUB_NETWORK=shellhub_network

# Enable web endpoints feature.
SHELLHUB_WEB_ENDPOINTS=false

# The domain used to create the web endpoints.
# NOTICE: If empty, the [SHELLHUB_DOMAIN] will be used.
SHELLHUB_WEB_ENDPOINTS_DOMAIN=

# The DNS provider used to generate wildcard SSL certificate.
# NOTICE: If empty, the gateway will be assumed as "digitalocean".
SHELLHUB_WEB_ENDPOINTS_DNS_PROVIDER=digitalocean

# The token used to generate wildcard SSL certificate using DNS method for web endpoints' URL.
# Currently, only DigitalOcean and Cloudflare are supported.
# NOTICE: Required if SHELLHUB_AUTO_SSL is defined.
SHELLHUB_WEB_ENDPOINTS_DNS_PROVIDER_TOKEN=

# ACME DNS settings for obtaining wildcard certificates via acme-dns challenge delegation.
# NOTICE: Only required when SHELLHUB_WEB_ENDPOINTS_DNS_PROVIDER is set to "acme-dns".
SHELLHUB_WEB_ENDPOINTS_ACME_DNS_URL=
SHELLHUB_WEB_ENDPOINTS_ACME_DNS_USERNAME=
SHELLHUB_WEB_ENDPOINTS_ACME_DNS_PASSWORD=
SHELLHUB_WEB_ENDPOINTS_ACME_DNS_SUBDOMAIN=

# Specifies an alternative mirror URL for downloading the GeoIP databases. This
# field takes precedence over SHELLHUB_MAXMIND_LICENSE; when both are
# configured, SHELLHUB_MAXMIND_MIRROR will be used as the primary source for
# database downloads. Leave both blank to disable the feature.
SHELLHUB_MAXMIND_MIRROR=

# Specifies a MaxMind license key used to authenticate requests for downloading
# the GeoIP database directly from MaxMind. If SHELLHUB_MAXMIND_MIRROR is not
# set, this license key will be used as the fallback method for fetching the
# database. Leave both blank to disable the feature.
SHELLHUB_MAXMIND_LICENSE=

# The schedule for worker tasks.
# NOTICE: Format follows Go's cron package (https://pkg.go.dev/github.com/robfig/cron).
SHELLHUB_WORKER_SCHEDULE=@daily

# Internal setting for our cloud service.
SHELLHUB_CLOUD=false

# The URL for the session recording host.
SHELLHUB_RECORD_URL=api:8080

# Enable ShellHub Enterprise features.
# NOTICE: Requires a valid ShellHub Enterprise license.
SHELLHUB_ENTERPRISE=false

# The username for the ShellHub Enterprise Admin Console.
SHELLHUB_ENTERPRISE_ADMIN_USERNAME=

# The password for the ShellHub Enterprise Admin Console.
SHELLHUB_ENTERPRISE_ADMIN_PASSWORD=

# The URL for the Go modules proxy cache (development only).
# SHELLHUB_GOPROXY=http://localhost:3333

# The URL for the NPM proxy cache (development only).
# SHELLHUB_NPM_REGISTRY=http://localhost:4873

# Billing configuration
SHELLHUB_BILLING=stripe
STRIPE_PUBLISHABLE_KEY=

# The Sentry DSN for error tracking.
SHELLHUB_SENTRY_DSN=

# Enable announcements about releases, new features, critical security issues, and relevant news from ShellHub Community Team.
SHELLHUB_ANNOUNCEMENTS=false

# Show features from Cloud/Enterprise versions in the ShellHub community edition.
SHELLHUB_PAYWALL=true

# Asynq configuration
# The maximum duration to wait before processing a group of tasks.
SHELLHUB_ASYNQ_GROUP_MAX_DELAY=1

# The grace period's upper bound for Asynq task aggregation. Must be greater than "SHELLHUB_ASYNQ_GROUP_MAX_DELAY"
SHELLHUB_ASYNQ_GROUP_GRACE_PERIOD=2

# The maximum number of tasks that can be aggregated together by Asynq.
SHELLHUB_ASYNQ_GROUP_MAX_SIZE=1000

# Defines the maximum duration, in hours, for which a unique job remains locked in the queue.
# If the job does not complete within this timeout, the lock is released, allowing a new instance
# of the job to be enqueued and executed.
#
# A value lower than or equal to 0 disables the uniqueness.
SHELLHUB_ASYNQ_UNIQUENESS_TIMEOUT=24

# Allow SSH connections with an agent via a public key for versions below 0.6.0.
# Values: true, false
SHELLHUB_ALLOW_PUBLIC_KEY_ACCESS_BELLOW_0_6_0=false

# The pool size for Redis cache connections.
# NOTICE: Zero means the default value of the Redis driver.
# VALUES: A non-negative integer
SHELLHUB_REDIS_CACHE_POOL_SIZE=0

# The maximum duration (in minutes) for blocking a source from login attempts.
# NOTICE: Set to 0 to disable.
# VALUES: A non-negative integer
SHELLHUB_MAXIMUM_ACCOUNT_LOCKOUT=60

# Enable Connector features on UI.
SHELLHUB_CONNECTOR=true

# A secret used to encrypt the X.509 private key when ShellHub acts as an SAML Service Provider (SP)
# with signed authentication requests.
#
# Only used in enterprise.
SHELLHUB_SAML_SECRET=

# Defines a rate limit for incoming requests to the ShellHub API.
SHELLHUB_API_RATE_LIMIT="1000r/s"

# Defines the size of the shared memory zone used for rate limiting.
SHELLHUB_API_RATE_LIMIT_ZONE_SIZE=10m

# Defines the maximum burst size for incoming requests to the ShellHub API.
# VALUES: A positive integer
SHELLHUB_API_BURST_SIZE=100

# Defines the delay strategy for handling bursts of incoming requests.
# VALUES: nodelay, or the number of requests to delay.
SHELLHUB_API_BURST_DELAY=nodelay

# Defines if the metrics endpoint is enabled.
SHELLHUB_METRICS=false

# Defines if empty passwords are allowed for SSH connections on the agent.
SHELLHUB_PERMIT_EMPTY_PASSWORDS=false

# Defines the number of retry attempts for the internal HTTP client when a request fails.
SHELLHUB_INTERNAL_HTTP_CLIENT_RETRY_COUNT=3

# Sets the initial wait time (in seconds) before retrying a failed request.
SHELLHUB_INTERNAL_HTTP_CLIENT_RETRY_WAIT_TIME=5

# Specifies the maximum wait time (in seconds) between retries.
SHELLHUB_INTERNAL_HTTP_CLIENT_RETRY_MAX_WAIT_TIME=20

# The base URL for the API service.
SHELLHUB_INTERNAL_HTTP_CLIENT_API_BASE_URL=http://api:8080

# Set false to disable access logs for gateway nginx
SHELLHUB_GATEWAY_ACCESS_LOGS=true

# The URL for the onboarding survey form.
# NOTICE: Leave empty to disable the onboarding survey.
SHELLHUB_ONBOARDING_URL=https://forms.infra.ossystems.io/s/f3fo9q3lkda8rrss9xpjus99