#**********************************# #***** Required Configuration *****# #**********************************# # -- Set to absolute path to data folder. E.g. # -- * linux: /home/john/linksight/data # -- * windows: C:\Users\john\linksight\data FULLDATAPATH= # -- Fully qualified domain name (FQDN) of the Analysis Hub. # -- e.g. https://my.domain-name.com or http://my.domain-name.com:8000 # -- To enable TLS, either enable autocert, or set the location of the certificate files. ANALYSISHUB_FRONTEND_FQDN= # -- External, public hostname / IP address of the datastation. # -- Other (external) data stations should be able to reach # -- the data station on this host. DATASTATION_HOST= #**********************************# #***** Optional Configuration *****# #**********************************# #################### ### Analysis Hub ### #################### ANALYSISHUB_DEBUG=1 # -- ports of the Analysis Hub. ANALYSISHUB_PORT=8000 ANALYSISHUB_GRPC_PORT=8080 # -- Enable automatic TLS certificate issuance from Let's Encrypt. # -- By default, this requires either port 80 or 443 being publicly accessible for ACME challenges. # -- If port 443 is publicly accessible, port 80 can be disabled by setting ANALYSISHUB_AUTOCERT_HTTP01_ENABLED=false ANALYSISHUB_AUTOCERT_ENABLED=false # -- Enable challenge type http-01 for certificate issuance from Let's Encrypt. # -- This also exposed port 80 to solely respond to these challenges. ANALYSISHUB_AUTOCERT_HTTP01_ENABLED=true # -- Location of the Analysis Hub frontend TLS certificate. Format: /data/ # -- The folder ${FULLDATAPATH}/analysis is mounted as /data in the container. ANALYSISHUB_FRONTEND_TLS_CERTFILE= # -- Location of the Analysis Hub frontend TLS certificate key. Format: /data/ # -- The folder ${FULLDATAPATH}/analysis is mounted as /data in the container. ANALYSISHUB_FRONTEND_TLS_KEYFILE= # -- Defines the identity provider. Options: [linksight, localdb, microsoft, customoidc] ANALYSISHUB_AUTH_PROVIDER=linksight ### Only applies if ANALYSISHUB_AUTH_PROVIDER=localdb # -- Username of the initial admin. ANALYSISHUB_AUTH_LOCALDB_ADMIN_USERNAME= # -- Password of the initial admin. ANALYSISHUB_AUTH_LOCALDB_ADMIN_PASSWORD= #################### ### Data Station ### #################### DATASTATION_DEBUG=1 # -- mTLS HTTP port, which should be externally reachable. DATASTATION_PORT=8443 # -- mTLS gRPC port, which should be externally reachable. DATASTATION_GRPC_PORT=9090 ### Recovery flags (only use when instructed by Linksight) # -- Resyncs the data collaboration history at startup. DATASTATION_RESYNC_ALL=false # -- Skip Trillian proofs validation. DATASTATION_SKIP_EVENT_PROOFS=false DATAFOLDER=/data ####################################### ### Linksight Supervisor for Docker ### ####################################### DEBUG=1 # -- Docker compose SUPERVISOR_IMAGE_REGISTRY=registry.linksight.network/linksight/lsd SUPERVISOR_VERSION=v1.1 # -- Must be set to user with read access to docker socket. format uid:gid SUPERVISOR_USER=':' # -- Set to true if the docker installation/environment requires privileged access SUPERVISOR_PRIVILEGED=false # -- Grace period on `docker compose down` before sending SIGKILL SUPERVISOR_STOP_GRACE_PERIOD=40s # -- Set registry address for fetching tags/images of Linksight components REGISTRY_TLS=true REGISTRY_ADDRESS=registry.linksight.network REGISTRY_IMAGEPATH=/linksight # -- Registry credentials (for private registries) REGISTRY_USERNAME= REGISTRY_PASSWORD= # -- Subnet for the supervisor and container components. # -- Adjust this to run multiple installations on the same host. NETWORK_SUBNET= # -- Port on the internal network where the LSD service is exposed. SUPERVISOR_GRPC_PORT=7777 # -- number of restart attempts on node failures. RESTART_MAXRETRIES=10 # -- Docker engine socket on the LSD host SUPERVISOR_DOCKER_SOCKET=/var/run/docker.sock ########################## ### Linksight Services ### ########################## # -- Host of the Linksight Services. LS_SERVICES_HOST=services.linksight.network # -- Port of the Linksight Services. LS_SERVICES_PORT=443 # -- Whether the Linksight Services server's certificate chain and host name verification should be skipped. LS_SERVICES_INSECURESKIPVERIFY=false