Docker configuration

Docker ENV entries for docker-compose and Cavaliba

Thoe .envdocker file holds several important options.

CAVALIBA_DOCKER_IMAGE

CAVALIBA_DOCKER_IMAGE=cavaliba/cavaliba:3.10

Name of the docker registry, docker image and version for the Cavaliba Application. The default value displayed above queries Docker Hub, for the cavaliba repository, cavaliba image object, with a version 3.10. You can use any public/private image repository that can be accessed from your docker host.

Cavaliba Authentication and built-in Admin account

# local, basic, oauth2, forced
CAVALIBA_AUTH_MODE=local
# if forced mode
CAVALIBA_FORCE_LOGIN=admin
# admin built-in account
CAVALIBA_ADMIN_PASSWORD=change_again
CAVALIBA_ADMIN_EMAIL=admin@mydomain.com

# UI session duration max (default 3600 seconds)
CAVALIBA_SESSION_DURATION=36000

Internal Built-in account used to access Cavaliba Web Application and DB web admin tool. It is created during the first launch of Cavaliba, and re-creation is attempted at every new launch.

The login is admin.

To change the password, use the DB web admin tool. You can also use the django manage tool with the createsuperuser command.

CAVALIBA_PORT

CAVALIBA_PORT=8000

Network port the cavaliba nginx container will expose and listen to on the Host.

CAVALIBA_CSRF_TRUSTED_ORIGINS

CAVALIBA_CSRF_TRUSTED_ORIGINS="http://127.0.0.1:8000 https://mycavaliba.mydomain.com"

String and blank separated list of schema, FQDN and port for hosts hosting the Cavaliba Application. CSRF protection will be valid only for the listed entries.

You must set this entry according to your environment.

CAVALIBA_ALLOWED_HOSTS

CAVALIBA_ALLOWED_HOSTS="localhost 127.0.0.1 *"

From Django documentation: A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.

CAVALIBA_SECRET_KEY

CAVALIBA_SECRET_KEY=changeme_with_a_long_string

Set a random long string to protect session cookies used by Cavaliba. If you change the value and restart Cavaliba, all users will be signed-out of the application.

CAVALIBA_CIPHER_KEY

 CAVALIBA_CIPHER_KEY="a_very_secret_string"

The secret key to encrypt sensitive information in the Cavaliba Database. If you lose or change this value, previous content from the database will be lost.

Use case: SMS content for the SMS_Send feature in Sirene App.

CAVALIBA_TENANT

CAVALIBA_TENANT=cavaliba

The name/prefix of the docker objects (container name, docker network) created whden starting cavaliba. Use one value per docker-compose.yml file to start several simultaneous Cavaliba instance on a same host. Don’t forget to also select a different network listening port for each. Each instance is isolated on a different docker bridge.

Change this value if you plan to host several Cavaliba isolated deployment on the same Host/VM.

DB options

CAVALIBA_DB_ENGINE=django.db.backends.mysql
CAVALIBA_DB_HOST=cavaliba_db
CAVALIBA_DB_PORT=3306
CAVALIBA_DB_DATABASE=cavaliba
CAVALIBA_DB_USER=cavaliba
CAVALIBA_DB_PASSWORD=changeme_please
CAVALIBA_DB_ROOT_PASSWORD=changeme_please_also

By default, Cavaliba is provided with an internal MariaDB database instance (container), dedicated to the Cavaliba application. This parameters define the important values to create the DB and connect the Application.

The CAVALIBA_DB_HOST is the docker DNS name of the database server. If you decide to use an external DB server (either physical/VM or cloud service) you need to replace with the exact hostname / FQDN. For single or multiple Cavaliba instance in docker mode, you don’t need to change this value.

If the MariaDB is dedicated to Cavaliba (as with the the provided configuration), there is no issue to having identical values for PASSWORD and ROOT_PASSWORD.

For the moment, only MariaDB/MySQL is supported. PostGreSQL may be added later.

Identity Federation options

OAUTH2_PROXY_PROVIDER="oidc"
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=""
OAUTH2_PROXY_OIDC_ISSUER_URL=""
OAUTH2_PROXY_CLIENT_ID=""
OAUTH2_PROXY_CLIENT_SECRET=""
OAUTH2_PROXY_COOKIE_SECRET=""
OAUTH2_PROXY_REDIRECT_URL=""

Email/SMTP configurations

CAVALIBA_EMAIL_HOST=localhost
CAVALIBA_EMAIL_PORT=25
# uncomment if authentication needed
#CAVALIBA_EMAIL_USER=noreply
#CAVALIBA_EMAIL_PASSWORD=changeme

SMS configurations

CAVALIBA_SMS_URL="https://my.sms.provider.com/api/"
CAVALIBA_SMS_LOGIN="my_sms_account"
CAVALIBA_SMS_PASSWORD="changeme"

Cache

CAVALIBA_CACHE_DEFAULT_URL="redis://cavaliba_redis:6379"
CAVALIBA_CACHE_SESSION_URL="redis://cavaliba_redis:6379"
CAVALIBA_CELERY_BROKER_URL="redis://cavaliba_redis:6379"
CAVALIBA_CELERY_RESULT_BACKEND="redis://cavaliba_redis:6379"

Other

# keep 0 in PRODUCTION
CAVALIBA_DEBUG=0
CAVALIBA_DEBUG_IP="127.0.0.1 172.19.0.1"