Environment Variables
This page contains information about the env variables set in the .env file.
Docker specific configs
Prefix for the container name (use only letters and numbers for the project name):
COMPOSE_PROJECT_NAME=artemis
DB_VERSION=8
GUI_ENABLED=true
SYSTEM_VERSION=release-1.1.0
HISTORIC=false
Redis config
Redis IP and Port:
REDIS_HOST=redis
REDIS_PORT=6379
API config
Postgrest container IP and PORT (containers have their name as hostname):
API_HOST=postgrest
API_PORT=3000
CONFIG_HOST=configuration
CONFIG_PORT=3000
DATABASE_HOST=database
Monitor-specific configs
Unique ID to be used for RIPE RIS BGP update streaming (recommended: use ASN)
RIS_ID=8522
MON_TIMEOUT_LAST_BGP_UPDATE=3600
DB config (used by all containers)
Database IP and PORT:
DB_HOST=postgres
DB_PORT=5432
DB_NAME=artemis_db
DB_USER=artemis_user
DB_PASS=Art3m1s
DB_SCHEMA=public
DB_AUTOCLEAN=24 # deactivation with "false" (no autocleaning, keep everything)
DB_BACKUP=true
DB_HIJACK_DORMANT=24 # deactivation with "false" (no dormant hijack characterization)
Frontend config
Port where frontend is deployed:
WEBAPP_PORT=4200
ADMIN_USER=admin
ADMIN_PASS=admin1234
ADMIN_EMAIL=admin@admin.com
ARTEMIS_WEB_HOST=artemis.com
SESSION_TIMEOUT=1800
INACTIVITY_TIMEOUT=900
MongoDB config
Default credentials for mongodb (WARNING: please change the default password before deploying!):
MONGODB_USER=admin
MONGODB_PASS=pass
MONGODB_HOST=mongodb
MONGODB_PORT=27017
MONGODB_NAME=artemis-web
LDAP config
Default credentials for ldap (WARNING: please change the default bind secret and other needed vars before deploying!): Please check the detailed page here.
Rabbitmq config
RabbitMQ IP, port, user and password:
RABBITMQ_HOST=rabbitmq
RABBITMQ_PORT=5672
RABBITMQ_USER=guest
RABBITMQ_PASS=guest
RABBITMQ_IO_THREAD_POOL_SIZE=128
Hasura config
Hasura IP and port:
HASURA_HOST=graphql
HASURA_PORT=8080
Enable/Disable hasura CLI:
HASURA_GUI=false
Secret keys
Master password for Hasura (WARNING: please change the default one before deploying!):
HASURA_SECRET_KEY=@rt3m1s.
JWT_SECRET_KEY=44fe431cdc896ccab691ad0599f4e0a12690ce1ededebe57b825823bc6b4d24f
CSRF_SECRET=P*3NGEEaJV3yUGDJA9428EQRg!ad
API_KEY=29870959469dc320ff80c02dcccaf0a62394459e22e6acfdce7cf40f94281d85
Community log filter
Custom log filter for logging on syslog (or email or other logs) only hijacks with a certain annotation, see this page:
HIJACK_LOG_FILTER=[{"community_annotation":"critical"},{"community_annotation":"NA"}]
Hijack log fields to log
HIJACK_LOG_FIELDS=["prefix","hijack_as","type","time_started","time_last","peers_seen","configured_prefix","timestamp_of_config","asns_inf","time_detected","key","community_annotation","end_tag","hijack_url"]
Withdrawn hijack peer threshold
(percentage of monitor peers that have seen hijack updates, required to see corresponding withdrawals to declare a hijack as withdrawn)
WITHDRAWN_HIJACK_THRESHOLD=80
RPKI configuration
RPKI_VALIDATOR_ENABLED=false # set to true only if you have or spawn a working RPKI validator RPKI_VALIDATOR_HOST=routinator # change to the IP of the validator of your choice RPKI_VALIDATOR_PORT=3323 # change to the preferred port (default for RTR protocol)
Auto-recovery of intended process states
AUTO_RECOVER_PROCESS_STATE=true # flag to signal whether ARTEMIS should auto-enforce intended process state (running/stopped) on startup
Notes on decoupling env file from current location
Note that at the current time, it is not advised to move the .env
file to another folder because it is still an ongoing issue to support external .env files in the docker-compose repository
docker/compose#6170. However, since we deal with environment variables, you can delete the .env
file and actually import them through another script that is located somewhere else. if this issue gets merged, then you can use a different env file with --env-file. Otherwise, you can run it with something like:
env $(cat path/to/env) docker-compose up