Link

Configuration

Table of Contents

  1. Docker Environment Variables
    1. Database
      1. Go
      2. Java
    2. Instance Messages
      1. Redis
      2. RabbitMQ (Deprecated)
    3. NAS Ports
    4. Push Messages (FCM)
    5. nextAuth Server

Docker Environment Variables

You can configure the NAS by setting environment variables in Docker. The recommended way to do this is to add them to the environment: section in docker-compose.yml.

Database

The NAS uses both Go and Java, so database settings need to be provided for both platforms:

Go

  • NEXTAUTH_DB_GO_DRIVER: Database driver for Go (mysql for the default mysql database).
  • NEXTAUTH_DB_GO_URL: Database URL for Go, in the format username:password@tcp(dbhost:dbport)/dbname.

Java

  • NEXTAUTH_DB_JAVA_DRIVER: Database driver for Java (com.mysql.jdbc.Driver for the default mysql database).
  • NEXTAUTH_DB_JAVA_URL: Database URL for Java, in the format jdbc:mysql://dbhost/dbname.
  • NEXTAUTH_DB_USER: Database user for Java.
  • NEXTAUTH_DB_PASSWORD: Database password for Java.

Instance Messages

As the NAS relies on Redis for in-memory storage, it is recommended to also use Redis for messaging between NAS instances. RabbitMQ is provided for backward compatibility.

Redis

  • NEXTAUTH_REDIS_HOST: Hostname of Redis instance (do not set when using Redis Sentinel).
  • NEXTAUTH_REDIS_SENTINEL_HOST: Hostname of Redis Sentinel instance (do not set when using a regular Redis instance).

RabbitMQ (Deprecated)

  • NEXTAUTH_RABBITMQ_URI: RabbitMQ URI (backward compatibility only).
  • NEXTAUTH_RABBITMQ_EXCHANGE: RabbitMQ Exchange (backward compatibility only).

NAS Ports

  • NEXTAUTH_WS_PORT: TCP port for handling WebSocket (defaults to 8009).
  • NEXTAUTH_WS_TLS_CERT: Optional TLS certificate (in PEM format) for the WebSocket port. When not set, the WebSocket port will use regular HTTP.
  • NEXTAUTH_WS_TLS_KEY: Optional TLS key (in PEM format) for the WebSocket port. When not set, the WebSocket port will use regular HTTP.
  • NEXTAUTH_API_PORT: TCP port for handling API requests (defaults to 8888).
  • NEXTAUTH_API_TLS_CERT: Optional TLS certificate (in PEM format) for the WebSocket port. When not set, the API port will use regular HTTP.
  • NEXTAUTH_API_TLS_KEY: Optional TLS key (in PEM format) for the WebSocket port. When not set, the API port will use regular HTTP.
  • NEXTAUTH_HTTPPROTO_PORT: TCP port for handling mobile app connections (defaults to 8889).
  • NEXTAUTH_HEADER_XFORWARDED: HTTP header the NAS will use to retrieve the IP address of the connecting client. Use this when connections are passing through a proxy.

Push Messages (FCM)

  • NEXTAUTH_FCM_SENDERID: Optional FCM sender ID (FCM can also be configured through the NAS database).
  • NEXTAUTH_FCM_APIKEY: Optional FCM API key. FCM can also be configured through the NAS database.

nextAuth Server

  • NEXTAUTH_STRICTENROL: Optional, when set to true, only allow a single enrol for each enrol QR code.
  • NEXTAUTH_ROOT_APIKEY: Optional root API key for the nextAuth API. Additional API keys can be configured in the NAS.
  • NEXTAUTH_LICENSE: Optional license key for the NAS.

The settings below will be applied to newly created servers. Manual (re)configuration of individual servers is still possible.

  • NEXTAUTH_DEFAULT_PROTO_URL: Optional, nextAuth protocol endpoint to be used by clients (e.g., http://n.nextauth.com).
  • NEXTAUTH_DEFAULT_WS_URL: Optional, WebSocket endpoint to be used by clients (e.g., wss://ws.nextauth.com).
  • NEXTAUTH_DEFAULT_SITE_URL: Optional, main website URL (e.g., https://www.nextauth.com).
  • NEXTAUTH_DEFAULT_APP_NAME: Optional, default name of the app (e.g., nextAuth).
  • NEXTAUTH_DEFAULT_APP_DISTRIBUTION_ANDROID: Optional, default app distribution URL (e.g., https://play.google.com/store/apps/details?id=be.kuleuven.icts.authenticator).
  • NEXTAUTH_DEFAULT_APP_DISTRIBUTION_IOS: Optional, default app distribution URL (e.g., https://itunes.apple.com/us/app/ku-leuven-authenticator/id1313409950).