Configuration reference

1. API documentation

API documentation is accessible at application’s endpoint, take a look at http://localhost/api/stable/doc

2. Storage

  1. FS_RW_NAME and FS_RO_NAME defines NAMES of configuration, for example FS_LOCAL_DIRECTORY - here the “LOCAL” is the configuration name.

  2. For most of the cases it is enough to have same adapter in both RO and RW slots.

  3. Following default configuration is using local Min.io storage available on http://localhost:9000, you can run Min.io in docker

  4. If you don’t have any cloud storage, and don’t want to use Min.io, just switch FS_RW_NAME and FS_RO_NAME to "LOCAL". If you are using docker, then remember about mounting the path FS_LOCAL_DIRECTORY, else all files will disappear after container restart/recreation.


#
#  Storage type:
#    local: local filesystem
#    aws: AWS S3, Minio.io or other compatible with AWS S3 interface
#    gcloud: Google Cloud Storage
#

# select which configuration is in use
FS_RW_NAME=AWS
FS_RO_NAME=AWS

# Google Cloud Storage
FS_GC_ADAPTER=gcloud
FS_GC_PREFIX=
FS_GC_BUCKET=my-backups-storage
FS_GC_KEYFILEPATH=/home/backuprepository/gcs-service-account.json
FS_GC_PROJECTID=my-backup-hosting

# AWS S3, Min.io example
FS_AWS_ADAPTER="aws"
FS_AWS_ENDPOINT="http://localhost:9000"
FS_AWS_BUCKET="malatesta"
FS_AWS_REGION=eu-central-1
FS_AWS_VERSION=latest
FS_AWS_CREDENTIALS_KEY="RIOTKIT161ACABEXAMPL"
FS_AWS_CREDENTIALS_SECRET="wJalrFUckXEMI/THEdEZG/STaTeandCAPITALKEY"

# Local filesystem
FS_LOCAL_ADAPTER=local
FS_LOCAL_DIRECTORY="%kernel.root_dir%/../var/uploads"
FS_LOCAL_PERMISSIONS_FILE_PUBLIC=0644
FS_LOCAL_PERMISSIONS_DIR_PUBLIC=0755
FS_LOCAL_LOCK=false
FS_LOCKL_SKIP_LINKS=true

3. Hard limits

Global, hard limits can be configured for whole Backup Repository instance. Those would take effect also for administrators.


BACKUP_ONE_VERSION_MAX_SIZE=4GB
BACKUP_COLLECTION_MAX_SIZE=15GB
BACKUP_MAX_VERSIONS=5

4. Security

JWT - JSON Web Tokens are used to grant access to system for multiple users, defining the level of access for various resources. To generate JWT there are server-side keys used. Keys needs to be generated before launching the application first time, and must be kept IN SECRET! The passphrase should be long and unique, so nobody could guess it. Use a password generator to generate a strong password. Avoid using “$”, blank spaces and various quotes as characters.

JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=fc0774955def1f2e92e6bdcad18a9f97
JWT_LIFETIME="+1 hour"

Generating JWT keys

Please replace $JWT_PASSPHRASE with your actual passphrase.

openssl genpkey -out config/jwt/private.pem -aes256 -pass pass:$JWT_PASSPHRASE -algorithm rsa -pkeyopt rsa_keygen_bits:4096
openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout -passin pass:$JWT_PASSPHRASE