Configuration¶
Prisme.ai services can be configured through various environment variables.
In a docker setup, you can tune these variables inside the root docker-compose.yml
file (docker-compose configuration).
In a developer setup, you can create a services/*/.env
file contaning key / values pairs as follows :
WORKSPACES_STORAGE_TYPE=S3_LIKE
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME=someBucketName
...
env_file
option to its services/*/docker-compose.yml
file : console:
entrypoint: npm start --prefix services/console
restart: on-failure
image: registry.gitlab.com/prisme.ai/prisme.ai/prisme.ai-console:latest
ports:
- '3000:3000'
env_file: ./.env
Environment variables¶
Note 1 : Some variable default values might change depending on the selected start mode (Docker or Developer), especially URL-related ones
Note 2 : Relative paths start from the executing service directory
Name | Service | Description | Default value |
BROKER_HOST | All services | Redis broker URL (must be the same accross services) | redis://localhost:6379/0 |
BROKER_PASSWORD | All services | Redis broker password | |
BROKER_NAMESPACE | All services | Optional namespace to segment events in case the same database instance is shared by multiple platforms | |
BROKER_TOPIC_MAXLEN | All services | Redis streams max length before getting truncated (See Capped Streams) | 10000 |
BROKER_EMIT_MAXLEN | All services | Maximum size (in bytes) of emitted events | 100000 |
PERMISSIONS_STORAGE_HOST | All services | MongoDB URL for permissions storage (must be the same for both workspaces & events) | mongodb://localhost:27017/permissions |
OPENAPI_FILEPATH | All services | Requests & events validation swagger filepath | ../specifications/swagger.yml |
GATEWAY_API_HOST | api-gateway, workspaces | api-gateway internal URL for internal requests (i.e contact fetching) | http://localhost:3001/v2 |
API_URL | console, pages, api-gateway, runtime | api-gateway public URL | http://studio.local.prisme.ai:3001/v2 |
CONSOLE_URL | api-gateway, console, pages | Studio URL, used for emails & auth redirections | http://studio.local.prisme.ai:3000 |
PAGES_HOST | api-gateway, console, pages | Pages base domain starting with a '.', workspace slug will be prefixed as a subdomain. Used for pages builder & pages sign in redirection from api gateway | .pages.local.prisme.ai:3100 |
OIDC_PROVIDER_URL | api-gateway, pages, console, runtime | OIDC Authorization server URL | API_URL env var, without any base path |
OIDC_STUDIO_CLIENT_ID | api-gateway, console | Studio OIDC client id | local-client-id |
OIDC_STUDIO_CLIENT_SECRET | api-gateway | Studio OIDC client secret, only known by api-gateway | local-client-id |
OIDC_CLIENT_REGISTRATION_TOKEN | api-gateway | Access token required for OIDC clients registration API | local-client-id |
OIDC_WELL_KNOWN_URL | api-gateway | OIDC provider configuration discovery URL (only if it's an external provider) | |
SESSION_COOKIES_MAX_AGE | api-gateway | Auth server session cookies expiration (in seconds) | 2592000 (1 month) |
ACCESS_TOKENS_MAX_AGE | api-gateway | Access tokens expiration (in seconds) | 2592000 (1 month) |
JWKS_FILEPATH | api-gateway, runtime | JWKS filepath for access token JWT signing. Also used for runtime fetch instruction with current user session | root jwks.json file |
SESSION_COOKIES_SIGN_SECRET | api-gateway | Session cookies signing secret | |
PORT | console | Listening port number | 3000 |
PORT | api-gateway | Listening port number | 3001 |
GATEWAY_CONFIG_PATH | api-gateway | gateway.config.yml path | ../../gateway.config.yml |
INTERNAL_API_KEY | api-gateway, workspaces | API Key allowing internal services fetching /contacts API | |
USERS_STORAGE_HOST | api-gateway | MongoDB URL for users storage | mongodb://localhost:27017/users |
SESSIONS_STORAGE_HOST | api-gateway | Redis URL for sessions storage | redis://localhost:6379/0 |
SESSIONS_STORAGE_PASSWORD | api-gateway | Redis password for sessions storage | |
PASSWORD_VALIDATION_REGEXP | api-gateway | Password validation regexp | .{8,32} |
EMAIL_VALIDATION_ENABLED | api-gateway | Enable email validation on signup | true |
WORKSPACES_API_URL | api-gateway | prismeai-workspaces internal URL | http://workspaces:3002 |
EVENTS_API_URL | api-gateway | prismeai-events internal URL | http://events:3004 |
RUNTIME_API_URL | api-gateway | prismeai-runtime internal URL | http://runtime:3003 |
X_FORWARDED_HEADERS | api-gateway | Add X-Forwarded-* headers on proxied requests | yes |
REQUEST_MAX_SIZE | api-gateway | Maximum request body size (format from bodyParser.json) | 1mb |
PORT | events | Listening port number | 3004 |
EVENTS_STORAGE_ES_HOST | events | Elasticsearch URL for events persistance | http://localhost:9200 |
EVENTS_STORAGE_ES_USER | events | Elasticsearch user for events persistance | |
EVENTS_STORAGE_ES_PASSWORD | events | Elasticsearch password for events persistance | |
EVENTS_TOPICS_CACHE_HOST | events | Redis URL for event userTopics persistance. | BROKER_HOST variable |
EVENTS_TOPICS_CACHE_PASSWORD | events | Redis password for event userTopics persistance. | |
EVENTS_BUFFER_FLUSH_AT | events | Persists events in the datalake each N events | 128 |
EVENTS_BUFFER_HIGH_WATERMARK | events | Stops listening for new events to be persisted when N events are already waiting to be persisted | 256 |
EVENTS_BUFFER_FLUSH_EVERY | events | Persists events every N milliseconds even if EVENTS_BUFFER_FLUSH_AT has not been reached | 5000 |
EVENTS_RETENTION_DAYS | events | Number of days events are kept inside the datalake before being removed | 180 |
EVENTS_SCHEDULED_DELETION_DAYS | events | Number of days events are kept inside the datalake after deleting their workspace | 90 |
SOCKETIO_REDIS_HOST | events | Redis host for socket.io redis adapter | Same as BROKER_HOST env var |
SOCKETIO_REDIS_PASSWORD | events | Redis password for socket.io redis adapter | Same as BROKER_PASSWORD env var |
SOCKETIO_COOKIE_MAX_AGE | events | Socket.io cookie maxAge | Default value from 'cookie' NodeJS module |
EVENTS_STORAGE_ES_BULK_REFRESH | events | Enable Elastic "refresh" option when bulk inserting events (might induce overhead) | no |
WORKSPACES_STORAGE_TYPE | runtime & workspaces | Workspaces storage driver (FILESYSTEM | S3_LIKE | AZURE_BLOB). Must be the same instance for both runtime & workspaces. | FILESYSTEM |
WORKSPACES_STORAGE_FILESYSTEM_DIRPATH | runtime & workspaces | Workspaces filesystem storage : directory path | ../../data/models/ |
UPLOADS_STORAGE_FILESYSTEM_DIRPATH | runtime & workspaces | Uploads filesystem storage : directory path | ../../data/models/ |
WORKSPACES_STORAGE_S3_LIKE_ACCESS_KEY | runtime & workspaces | Workspaces s3 like storage : access key | |
WORKSPACES_STORAGE_S3_LIKE_SECRET_KEY | runtime & workspaces | Workspaces s3 like storage : secret key | |
WORKSPACES_STORAGE_S3_LIKE_BASE_URL | runtime & workspaces | Workspaces s3 like storage : base url | |
WORKSPACES_STORAGE_S3_LIKE_ENDPOINT | runtime & workspaces | Workspaces s3 like storage : endpoint | |
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME | runtime & workspaces | Workspaces s3 like storage : bucket name | |
WORKSPACES_STORAGE_S3_LIKE_REGION | runtime & workspaces | Workspaces s3 like storage : region | |
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY | runtime & workspaces | Uploads s3 like storage : access key | |
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY | runtime & workspaces | Uploads s3 like storage : secret key | |
UPLOADS_STORAGE_S3_LIKE_BASE_URL | runtime & workspaces | Uploads s3 like storage : base url | |
UPLOADS_STORAGE_S3_LIKE_ENDPOINT | runtime & workspaces | Uploads s3 like storage : endpoint | |
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME | runtime & workspaces | Uploads s3 like storage : bucket name | |
UPLOADS_STORAGE_S3_LIKE_REGION | runtime & workspaces | Uploads s3 like storage : region | |
WORKSPACES_STORAGE_AZURE_BLOB_CONTAINER | runtime & workspaces | Workspaces Azure Blob container name | models |
WORKSPACES_STORAGE_AZURE_BLOB_CONNECTION_STRING | runtime & workspaces | Workspaces Azure Blob connection string | models |
UPLOADS_STORAGE_AZURE_BLOB_CONTAINER | runtime & workspaces | Uploads Azure Blob container name | models |
UPLOADS_STORAGE_AZURE_BLOB_CONNECTION_STRING | runtime & workspaces | Uploads Azure Blob connection string | |
UPLOADS_STORAGE_AZURE_BLOB_BASE_URL | runtime & workspaces | Base public download url for uploads azure blob container | |
PORT | runtime | Listening port number | 3003 |
CONTEXTS_CACHE_HOST | runtime | Redis URL for contexts persistance. | redis://localhost:6379/0 |
CONTEXTS_CACHE_PASSWORD | runtime | Redis password for contexts persistance. | |
MAXIMUM_SUCCESSIVE_CALLS | runtime | Maximum number of automation execution for the same correlation id (i.e initiated by the same webhook or external event) | 20 |
CONTEXT_RUN_EXPIRE_TIME | runtime | Run context expiration time in seconds. | 60 |
CONTEXT_UNAUTHENTICATED_SESSION_EXPIRE_TIME | runtime | Session context expiration time in seconds for unauthenticated sessions | 60*60 (1 hour) |
ADDITIONAL_GLOBAL_VARS_* | runtime | Additional variables that will be available from global context (ADDITIONAL_GLOBAL_VARS_apiUrl will be available as {{global.apiUrl}}). | None |
PORT | workspaces | Listening port number | 3002 |
UPLOADS_STORAGE_TYPE | workspaces | Uploads storage driver (FILESYSTEM | S3_LIKE). Must be the same instance for workspaces. | FILESYSTEM |
UPLOADS_STORAGE_FILESYSTEM_DIRPATH | workspaces | Uploads filesystem storage : directory path | ../../data/uploads |
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY | workspaces | Uploads s3 like storage : access key | |
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY | workspaces | Uploads s3 like storage : secret key | |
UPLOADS_STORAGE_S3_LIKE_BASE_URL | workspaces | Uploads s3 like storage : base url | |
UPLOADS_STORAGE_S3_LIKE_ENDPOINT | workspaces | Uploads s3 like storage : endpoint | |
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME | workspaces | Uploads s3 like storage : bucket name | |
UPLOADS_STORAGE_S3_LIKE_REGION | workspaces | Uploads s3 like storage : region | |
UPLOADS_FILESYSTEM_DOWNLOAD_URL | workspaces | Base download URL for files uploaded to filesystem driver | Upload/Get request URL |
UPLOADS_MAX_SIZE | workspaces,api-gateway | Max upload size in bytes | 10000000 (10MB) |
UPLOADS_ALLOWED_MIMETYPES | workspaces | Allowed upload mimetypes, comma-separated | image/*,text/*,video/*,audio/*,application/* |
SSO¶
Configuring Microsoft SSO¶
1. Register an app
First follow https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app in order to register an app in your Azure tenant.
- The application can be named Prismeai or whatever else, it doesn't matter.
- Select the desired Supported account types as it will restrict which microsoft accounts can log in the studio
- Its redirect URI must be set to Web platform & have the following value : https://api-gateway-url/v2/login/azure/callback
Note somewhere the application id as it will be the client id passed in environment variables.
2. Generate a secret
Click on Certificates & secrets under Manage menu & add a New client secret.
Keep longest expires time & Add.
Note somewhere the client secret value as it will be the client secret passed in environement variables.
3. Configure environment variables
In order to finish SSO configuration in api-gateway, its following environment variables must be set :
- AZURE_AD_CLOUD_INSTANCE_ID : https://login.microsoftonline.com/ or any private one
- AZURE_AD_TENANT : The tenant domain as found in Azure Active Directory > Primary domain (ex: YourCompany.onmicrosoft.com)
- In order to accept any organizational directory account, replace this value with organizations.
- In order to accept any organizational directory and personal Microsoft accounts, replace this value with common.
- In order to accept only Microsoft accounts only, replace this value with consumers.
- This must reflect the Supported account types option chosen when registering the app
- AZURE_AD_APP_ID : The application id retrieved in first step
- AZURE_AD_CLIENT_SECRET : The secret value retrieved in second step
Finally, add the following environment variable to console and pages microsevice :
- ENABLED_AUTH_PROVIDERS : azure