App Gateway Environment Variables
| Name | Required | Type | Default Value | Description |
|---|---|---|---|---|
UPSTREAM | TRUE | string | The network address of the POP server that this node works with | |
UPSTREAM_SNI | TRUE | string | The service name of the POP server; corresponds to the SNI variable on the POP server | |
CERT | TRUE | string | Path to the certificate (PEM format) used for authentication | |
KEY | TRUE | string | Path to the private key (PEM format) corresponding to the certificate | |
INSECURE | FALSE | boolean | Whether to validate certificates of external components (Edges, other App Gateways, etc.) | |
DB_PATH | TRUE | string | /dbdata/idac.db | Path to the database file |
EXTERNAL_MFA_TIMEOUT | TRUE | duration | 5m | Timeout for MFA tokens sent via SMS |
ALLOW_CORS | FALSE | boolean | Whether CORS is allowed on the App Gateway API | |
LOG_REQUESTS | FALSE | boolean | Whether to log HTTP requests to the App Gateway API | |
LICENSE_PATH | TRUE | string | Path to the license file | |
BLOB_PATH | TRUE | string | /<host>/blobs | Path where blobs are stored |
EXTERNAL_SERVICES_URL | TRUE | string | https://service-gateway.safous.com | URL of external services server (used for SMS, etc.) |
RECERTER_RUN | FALSE | boolean | TRUE | Unsupported |
RECERTER_WATCH_DAYS | FALSE | int | 10 | Unsupported |
RECERTER_WATCH_INTERVAL | FALSE | duration | 36h | Unsupported |
RECORDING_PATH | TRUE | string | /<host>/tmp/recordings | Temp location for recordings before moving to blob store |
USE_EDGE_PROXY | FALSE | boolean | Whether to proxy network access to external services via POPs | |
NATIVE_SSH_UPSTREAM | FALSE | string | ssh.tcp.ztna.safous.com:443 | Address of native SSH gateway |
NATIVE_SSH_UPSTREAM_SNI | FALSE | string | ssh.ztna.safous.com | SNI name for native SSH gateway |
NATIVE_SSH_SECRET | FALSE | string | Static secret for SSH gateway (if not using license-based auth) | |
SYSLOG_ADDRESSES | FALSE | []string | Comma-delimited list of syslog servers | |
RAFT_PATH | TRUE | string | /dbdata/raft | Path storing Raft cluster metadata |
RAFT_VOTER | FALSE | string | Whether the node participates in Raft (or is read-only) | |
SITE | TRUE | string | default | Site name corresponding to the App Gateway |
ID_FILE | TRUE | string | /config/idfile | File in which App Gateway ID is persisted |
LOGS_DB_PATH | TRUE | string | /config/logs.db | Path for activity log database |
RDP_KEYBOARD_LAYOUT | FALSE | string | en-us-querty | RDP server keyboard layout |
HTTP_PROXY | FALSE | string | Proxy for HTTP web applications <host>:<port> | |
HTTPS_PROXY | FALSE | string | Proxy for HTTPS web applications <host>:<port> | |
COOKIE_SAME_SITE_MODE | FALSE | string | lax | Sets SameSite attribute on cookies (none, lax, or strict) |
COOKIE_DOMAIN | FALSE | string | certificate CN | Overrides default domain from cert CN for cross-origin cookies |
DISABLE_AUTO_UPDATE | FALSE | (No description provided) |
SameSite Mode Details:
lax: Cookies are not sent to third-party domains unless navigating to the origin site.none: Cookies are sent on all requests, same-site and cross-origin.strict: Cookies are only sent in first-party contexts (same-site).