Variables d’environnement¶

ATTENTION POINTS FOR PHRASEANET CONFIGURATION ¶

1. Default Passwords: Ensure all default passwords defined in this configuration are changed to secure, personalized passwords before deployment.
2. MariaDB Container: The provided MariaDB container is not ready for production as-is and requires adjustments. It is recommended to use an external, redundant service for the primary datastore.
3. Configuration Persistence: Changes made in this file need appropriate backups as they are crucial for system restoration and disaster recovery.
4. Environment Specifics: Ensure that settings like database hosts, ports, and credentials are correctly configured for your specific environment.
5. Environment Variable Customization: Environment variables should be tailored to fit the specific needs and usage intentions of the application. Always review and adjust these settings to align with operational requirements.
6. Plugin Dependencies: some features, such as SAML authentication, require additional paid plugins not included in the public images.

Phraseanet stack composition ¶

Stack composition use "COMPOSE_FILES" and "COMPOSE_PROFILES" variables. Use it to adapt the stack in accordance with your needs.

1/ "COMPOSE_FILE" value define docker-compose files to include. See available files list below :

• "docker-compose.yml" : Services Nginx, Phraseanet, workers, scheduler
• "docker-compose.datastores.yml" : All data storage services required by Phraseanet except for files storage.
• "docker-compose.tools.yml" : Dev and debug tools
• "docker-compose.override.yml" : For dev only, use the code from hosts, activate ide debugger, ports mapping for datastores
• "docker-compose.phrasea.yml" : For integrate this stack in the "traefik" of Phrasea stack

• "docker-compose.limits.yml" : defines containers cpu and memory limits for all Phraseanet and gateway containers only.
  

• "docker-compose.altenatives.yml": all alternative services, used only on evoluation or transition periods

2/ "COMPOSE_PROFILES" value define which profiles you want to use in docker-compose.
See available services and worker profiles below:

Profiles service list:

• "app" : launch Phraseanet and Workers.
• "setup" : launch a Phraseanet installation and configuration container, this container is launched to perform a default installation and each time it is necessary to update the Phraseanet configuration using the env variables.
  when an update is performed, the current phraseanet 'config/' repository is backuped in
• "gateway-classic" : launch Nginx service.
• "gateway-traefik" : Nginx is launched behind a traefik service, at this time `traefik` is not include in this stack but you can use your own or use `Traefik` include in Phrasea Stack.
• "workers" : launch one worker container by kind of Jobs, you can also choose to launch only some workers, see worker profile list below.
• "worker" : launch one container worker with all jobs run on it.
• "cmd" : launch a container based on worker image, useful for run cmd manualy.
• "db" : db profile will launch a mariadb container, because this is the primary datastore, you should use you own SGDD service for production needs.
• "elastisearch" : launch a elasticsearch container.
• "rabbitmq" : launch a rabbitmq container.
• "redis" : launch a redis container for app cache.
• "redis-session" : launch a redis container for store fpm session.
• "builder" : launch the builder container, for dev only.
• "elk" : launch an elk stack, for dev only.
• "squid" : reverse proxy for dev only.
• "mailhog" : for catching all email emit by app for dev and testing.
• "db-backup" : launch and run a container to cron database backups and backup file's rotation.
• "pma" : launch a phpmyadmin container for test and dev purpose.
• "mysql8" : launch a mysql8 container (beta), (/!\ do not mix with the "db" profile) Because this is the primary datastore, you should use you own SGDD service for production needs.
  

Profiles worker list:

• "assetsInjest"
• "createRecord"
• "deleteRecord"
• "editRecord"
• "exportMail"
• "downloadAsync"
• "exposeUpload"
• "exportFtp"
• "mainQueue"
• "populateIndex"
• "pullAssets"
• "recordsActions"
• "subdefCreation"
• "subtitle" Not working (fixed in a future version)
• "validationReminder"
• "webhook"
• "writeMetadatas"
• "shareBasket"

• "scheduler" : legacy task manager. Warning! Use only if your stack require using old task.
  

See Docker compose profile documentation for more information about docker compose profiles.


See below some examples of stack composition:

For development:

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml:docker-compose.override.yml
• COMPOSE_PROFILES=app,setup,db,pma,elasticsearch,redis,redis-session,rabbitmq,workers,mailhog,builder,gateway-classic,cmd

For testing with tools:

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml
• COMPOSE_PROFILES=app,setup,db,pma,elasticsearch,rabbitmq,redis,redis-session,workers,cmd,mailhog,gateway-classic

# To test with tools and apply resources throttling on Phraseanet containers :

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml:docker-compose.limits.yml
• COMPOSE_PROFILES=app,setup,db,pma,elasticsearch,rabbitmq,redis,redis-session,workers,cmd,mailhog,gateway-classic

For testing with debug and SSL (the traekik is provide by Phrasea stack):

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml:docker-compose.under-phrasea.yml
• COMPOSE_PROFILES=app,setup,gateway-traefik,db,pma,elasticsearch,rabbitmq,redis,redis-session,worker,workers,mailhog

For production (require using your own databases services and SSL):

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml:docker-compose.scheduler.yml
• COMPOSE_PROFILES=app,setup,workers,gateway-traefik

Example with all profiles:

• COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.tools.yml:docker-compose.limits.yml
• COMPOSE_PROFILES=app,setup,gateway-classic,db,elasticsearch,redis,redis-session,rabbitmq,pma,mailhog,assetsInjest,createRecord,deleteRecord,editRecord, exportMail,downloadAsync,exposeUpload,exportFtp,mainQueue,populateIndex,pullAssets,recordsActions,subdefCreation, validationReminder,webhook,writeMetadatas,shareBasket,scheduler,cmd,elk,db-backup,phraseanet-saml-sp

myLib

Name	Type	Comment
COMPOSE_FILE	run	Define "docker-compose" files to include.
COMPOSE_PROFILES	run	Define which profiles you want to use in "docker-compose".

Phraseanet container settings ¶

myLib

Name	Type	Comment
PHRASEANET_DOCKER_REGISTRY	run	Registry from which you pull docker images. Avalaible values: "local" : build and use your images. "alchemyfr" : using predbuild images from Alchemy registry from dockerhub.
PHRASEANET_DOCKER_TAG	run	Docker images tag.
STACK_NAME	run	Stack Name An optionnal Name for the stack

CPU and Memory Configuration for Docker Services ¶

These settings are only active if 'docker-compose.limits.yml' is specified in the COMPOSE_FILE variable.
they define the resources allocated to the containers, for more explanation see the docker compose documentation

myLib

Name	Type	Comment
WORKER_CPU	run	Number of CPUs allocated to the worker service.
GATEWAY_CPU	run	Number of CPUs allocated to the gateway service.
FPM_CPU	run	Number of CPUs allocated to the PHP-FPM service.
WORKER_MEMORY_LIMIT	run	Maximum memory that the worker service can use.
GATEWAY_MEMORY_LIMIT	run	Maximum memory that the gateway service can use.
FPM_MEMORY_LIMIT	run	Maximum memory that the PHP-FPM service can use.
WORKER_MEMORY_RESERVATION	run	Reserved memory for the worker service.
GATEWAY_MEMORY_RESERVATION	run	Reserved memory for the gateway service.
FPM_MEMORY_RESERVATION	run	Reserved memory for the PHP-FPM service.

Phraseanet container network settings ¶

Phraseanet network settings are used to define the network configuration of the Phraseanet stack when traefik is used.
see phraseanet under traefik in Phrasea stack

myLib

Name	Type	Comment
PHRASEA_NETWORK_NAME	run	Phrasea network Name, the name of Phrasea network and see by traefik
PHRASEA_DOMAIN	run	Domain Name used by traefik in Phrasea stack
PHRASEA_GATEWAY_IP	run	Phrasea Gateway IP, the IP of the gateway container (traefik) in the Phrasea stack
PHRASEA_COMPOSE_PROJECT_NAME	run	Phrasea Gateway Name, the name of the gateway container (traefik) in the Phrasea stack

Phraseanet container entrypoint settings ¶

myLib

Name	Type	Comment
PHRASEANET_INSTALL	run	Do an installation if Phraseanet is not installed. Avalaible values: "0" | "1"
PHRASEANET_SETUP	run	Apply they env variables values to config/configuration.yml file. Avalaible values: "0" | "1"
PHRASEANET_UPGRADE	run	Play an upgrade. Avalaible values: "0" | "1"
PHRASEANET_MAINTENANCE	run	Maintenance mode show an Nginx unavailability message Available values: "0" | "1" 0 - for no maintenance mode 1 - for persisting maintenance mode During an upgrade, the unavailability message is automatically activated with a default message "We are performing scheduled maintenance and will be back online in a few minutes."
PHRASEANET_MAINTENANCE_MESSAGE	run	Customize the maintenance message this is possible to customize the displayed maintenance message. Note: space needs to be encoded with space html character, quote and double quote need to be escaped Example : PHRASEANET_MAINTENANCE_MESSAGE=" Under maintenance! More information =\"https://www.yoururl.fr\">here "

RabbitMQ settings ¶

myLib

Name	Type	Comment
RABBITMQ_DEFAULT_USER	run	RabbitMQ user account : create an account in RabbitMQ container and use it in Phraseanet configuration.
RABBITMQ_DEFAULT_PASS	run	RabbitMQ password account.
RABBITMQ_MANAGEMENT_PORT	run	RabbitMQ Http interface management port.
RABBITMQ_HOSTNAME	run	rabbit hostname, need also for the name of rabbit database dir to avoid random name after dc down/up

Gateway settings (Nginx) ¶

myLib

Name	Type	Comment
GATEWAY_SEND_TIMEOUT	run	Value applied to "send_timeout", "keepalive_timeout", "client_header_timeout" and "client_body_timeout" Nginx settings.
GATEWAY_PROXY_TIMEOUT	run	Timeout for establishing a connection with a proxied server. See documentation.
GATEWAY_FASTCGI_TIMEOUT	run	Value applied to "fastcgi_connect_timeout", "fastcgi_read_timeout" and "fastcgi_send_timeout" Nginx settings.

Gateway restricted access settings (Nginx) ¶

Activate application access restrictions.
Restrictions can be based on IP and/or password. Use these settings to control who can access the application.

myLib

Name	Type	Comment
GATEWAY_ALLOWED_IPS	run	Allowed IPs: Comma-separated list of IP addresses that are allowed to access the gateway. Uncomment and specify IPs to enable. Example: GATEWAY_ALLOWED_IPS=10.0.0.1,10.0.1.1
GATEWAY_DENIED_IPS	run	Denied IPs: Comma-separated list of IP addresses that are denied access to the gateway. Uncomment and specify IPs to enable. Example: GATEWAY_DENIED_IPS=172.1.0.1,172.1.0.2
GATEWAY_USERS	run	Users: Specifies credentials for accessing the gateway. Format "username:password". Uncomment and specify user credentials to enable. Example: GATEWAY_USERS="user1:password1,user2:password2"
GATEWAY_STATUS_ALLOWED_IPS	run	Status and ping access Allowed IPs: Comma-separated list of IP addresses that are allowed to access the /status or /ping pages. Uncomment and specify IPs to enable. Example: GATEWAY_STATUS_ALLOWED_IPS=10.0.0.1,10.0.1.1

Gateway HTTP requests quota management (Nginx) ¶

myLib

Name	Type	Comment
HTTP_REQUEST_LIMITS	run	Manage http incoming request limits by verbs using the "ngx_http_limit_req_module" module. this feature is based on ip adresses and need PHRASEANET_TRUSTED_PROXIES defined to get real_ip READ is for GET and HEAD requests WRITE is for POST, PUT, DELETE and PATCH requests Enabling the requests Limit
HTTP_READ_REQUEST_LIMIT_MEMORY	run	In megabyte For Exemple 16,000 IP addresses takes 1 megabyte, so our zone can store about 160,000 addresses.
HTTP_READ_REQUEST_LIMIT_RATE	run	request/seconde, sets the maximum request rate. By default here the rate cannot exceed 100 requests per second
HTTP_READ_REQUEST_LIMIT_BURST	run	The burst parameter defines how many requests a client can make in excess of the rate specified
HTTP_WRITE_REQUEST_LIMIT_MEMORY	run	(m) For Exemple 16,000 IP addresses takes 1 megabyte, so our zone can store about 160,000 addresses.
HTTP_WRITE_REQUEST_LIMIT_RATE	run	(r/s) Sets the maximum request rate. By default here the rate cannot exceed 10 requests per second
HTTP_WRITE_REQUEST_LIMIT_BURST	run	The burst parameter defines how many requests a client can make in excess of the rate specified

Gateway HTTPS settings (Nginx) ¶

myLib

Name	Type	Comment
GATEWAY_FASTCGI_HTTPS	run	https and reverse proxy (on/off) set to on in the case : https behind a proxy

Gateway CSP settings (Nginx) ¶

Content Security Policy (CSP) helps to detect and mitigate some types of attacks, including Cross-Site Scripting (XSS).
CSP default values are included in the "Gateway" container entrypoint.
Use GATEWAY_CSP env var if you want to define yours or override Gateway default CSP values.

myLib

Name	Type	Comment
GATEWAY_CSP	run	default value GATEWAY_CSP="default-src 'self' 127.0.0.1 https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com data: ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com data: blob: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com ; img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 https://maxcdn.bootstrapcdn.com https://www.gnu.org/graphics/ ; object-src 'self'; frame-ancestors 'self'"

PHP settings ¶

myLib

Name	Type	Comment
MAX_BODY_SIZE	run	Maximum request body size for Php and Nginx. Example "1G"
MAX_INPUT_VARS	run	Maximum Php input var. See max-input-vars Php documentation.
MAX_EXECUTION_TIME	run	Maximum Php execution time in second. See max-execution-time Php documentation.
MAX_INPUT_TIME	run	Maximum Php input time in second. See max-input-time Php documentation.
REQUEST_TERMINATE_TIMEOUT	run	Php timeout for serving a single request after which the worker process will be killed. This option should be used when the "max_execution_time" ini option does not stop script execution for some reason. A value of "0" means "off". Available units: s(econds)[default], m(inutes), h(ours), or d(ays).
FPM_MEMORY_LIMIT	run	Maximum amount of memory a script may consume (128MB) http://php.net/memory-limit Memory limit in FPM context
PHP_CLI_MEMORY_LIMIT	run	Memory limit for php-cli
PHP_UPLOAD_TMP_DIR	run	Temporary directory for HTTP uploaded files (will use system default if not specified). http://php.net/upload-tmp-dir
OPCACHE_ENABLED	run	Php Opcache status. See opcache Php documentation. Avalaible values: "0" | "1"
SESSION_CACHE_LIMITER	run	Php session cache limiter. See session-cache-limiter Php documentation. Avalaible values: "off" | "on"
PHP_LOG_LEVEL	run	Php logging level. See error-reporting Php documentation. Available values: "alert" | "error" | "warning" | "notice" | "debug"
SESSION_SAVE_HANDLER	run	PHP Handler used to store/retrieve data. http://php.net/session.save-handler session handler can be "files" and path must be than
SESSION_SAVE_PATH	run
COOKIE_SECURE	run	PHP session cookies to be secured only works if the application is under ssl protection
FPM_PM_TYPE	run	FPM Choose how the process manager will control the number of child processes. Possible Values: static - a fixed number (pm.max_children) of child processes; dynamic - the number of child processes are set dynamically based on the
FPM_MAXCHILDREN	run	FPM The number of child processes to be created when pm is set to 'static' and the maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
FPM_STARTSERVERS	run	FPM The number of child processes created on startup. Note: Used only when pm is set to 'dynamic'
FPM_MINSPARESERVER	run	FPM The desired minimum number of idle server processes. Note: Used only when pm is set to 'dynamic' Note: Mandatory when pm is set to 'dynamic'
FPM_MAXSPARESERVER	run	FPM The desired maximum number of idle server processes. Note: Used only when pm is set to 'dynamic' Note: Mandatory when pm is set to 'dynamic'
FPM_MAX_REQUESTS	run	FPM The number of requests each child process should execute before respawning.

MySQL settings ¶

myLib

Name	Type	Comment
MYSQL_ROOT_PASSWORD	build	MySQL root password.
SERVER_NAME	build	MySQL server host address.
MYSQL_MAX_ALLOWED_PACKET	run	MySQL maximum allowed packet. Value applied to "max_allowed_packet" MySQL server setting.
MYSQL_MAX_CONNECTION	run	Value applied to "max_connection" MySQL server setting.
MYSQL_SLOW_QUERY_LOG	run	Enable the slow query log to see queries with especially long duration. Value applied to "slow_query_log" MySQL server setting.
MYSQL_LONG_QUERY_TIME	run	Value applied to "long_query_time" MySQL server setting.
MYSQL_QUERY_CACHE_LIMIT	run	Cache only tiny result sets, so we can fit more in the query cache. Value applied to "query_cache_limit" MySQL server setting.
MYSQL_QUERY_CACHE_SIZE	run	Value applied to "query_cache_size" MySQL server setting.
MYSQL_KEY_BUFFER_SIZE	run	Value applied to "key_buffer_size" MySQL server setting.

DB Backup settings ¶

"db-backup" profile launch and run a container to cron database backups and backup file's rotation.
This container is based on the "alpine" image and use the "mysql-client" package to perform backups.

myLib

Name	Type	Comment
DB_BACKUP_VOLUME_PATH	run	Path where the backuped files will be locally stored
DB_BACKUP_MYSQL_HOST	run	The database server host
DB_BACKUP_MYSQL_USER	run	The database server user
DB_BACKUP_MYSQL_PASS	run	The database server pass
DB_BACKUP_MAX_BACKUPS	run	The backup file's rotation time in days
DB_BACKUP_INIT_BACKUP	run	If set, create a backup when the container starts
DB_BACKUP_INIT_RESTORE_LATEST	run	If set, restores latest backup.
#DB_BACKUP_CRON_TIME	run	Every day at 03:00
DB_BACKUP_CRON_TIME	none
DB_BACKUP_GZIP_LEVEL	run	Make it small

Pusher Settings ¶

Phraseanet use the Pusher service to notify users of asynchronous downloads https://pusher.com.
These settings are required when asynchronous downloads are enabled via 'download_async / enabled=true' in configuration.yml.
A Pusher account is necessary.
For account setup and further details, refer to the official Pusher documentation at https://pusher.com/docs.

myLib

Name	Type	Comment
PUSHER_AUTH_KEY	run	Pusher Authentication Key: Key used for authenticating with the Pusher API.
PUSHER_SECRET	run	Pusher Secret: Secret key for secure interactions with the Pusher API.
PUSHER_APP_ID	run	Pusher App ID: The unique identifier for your Pusher application.

Application Cache Settings ¶

Configuration for caching mechanisms within the application.
Supports 'redis' for distributed caching or 'arraycache' for in-memory caching.
These settings are effective when the corresponding cache type is enabled in the system configuration.

myLib

Name	Type	Comment
PHRASEANET_CACHE_TYPE	run	Cache Type: Specifies the caching mechanism ('redis' or 'arraycache').
PHRASEANET_CACHE_HOST	run	Cache Host: Hostname or IP address of the cache server.
PHRASEANET_CACHE_PORT	run	Cache Port: Port number on which the cache server is running.

PHP Session Management Settings ¶

Configures storage mechanism for PHP sessions, correlating with the SESSION_SAVE_HANDLER setting.
Options are 'redis', 'file', or 'native'.
'redis' : Using Redis as a session storage mechanism.
'file' : Using file-based session storage.
'native' : Using PHP’s built-in session management which is file-based but can be configured to use a custom session handler.
When `native` is choseen see also SESSION_SAVE_HANDLER and SESSION_SAVE_PATH setting in php section 'native' is mandatory for environments where SAML authentication is enabled, see SAML section below

myLib

Name	Type	Comment
PHRASEANET_SESSION_TYPE	run	Session Type: Specifies the session storage mechanism.
PHRASEANET_SESSION_HOST	run	Session Host: Hostname or IP address of the session storage server.
PHRASEANET_SESSION_PORT	run	Session Port: Port number on which the session storage server is running.

Phraseanet general settings ¶

Variables below are used in the "configuration.yml" file:

myLib

Name	Type	Comment
ENV_SET_PHRASEANET_PROJECT_NAME	run	Application title displayed on Phraseanet homepage. Available values: "0" : Keep value define configuration.yml "1" : Use PHRASEANET_PROJECT_NAME
PHRASEANET_PROJECT_NAME	run	Application title displayed on Phraseanet homepage. Depend on "ENV_SET_PHRASEANET_PROJECT_NAME" variable value.
PHRASEANET_HOSTNAME	run	Application static url is made by combining PHRASEANET_SCHEME, PHRASEANET_HOSTNAME and PHRASEANET_APP_PORT An non declarative variable is generated for other uses needed for deploiment (helm for exemple) Domain name used by traefik in Phrasea stack
PHRASEANET_SCHEME	run
PHRASEANET_APP_PORT	run
PHRASEANET_ADMIN_ACCOUNT_ID	run	Variables below used to define the first user / email couple : Phraseanet root account ID. If this variable is filled in, "PHRASEANET_ADMIN_ACCOUNT_PASSWORD" variable value will override targeted account ID password each time Phraseanet is started.
PHRASEANET_ADMIN_ACCOUNT_EMAIL	run
PHRASEANET_ADMIN_ACCOUNT_PASSWORD	run	require to be change for securitie reasons
PHRASEANET_DOWNLOAD_ASYNC	run	Use Pusher to enable async download.

User Session Duration Settings ¶

These settings control the lifetime and idle timeout of user sessions in the application.

myLib

Name	Type	Comment
PHRASEANET_USER_SESSION_IDLE	run	User Session Idle Timeout: Duration in seconds a session can remain inactive before being ended by the server. This setting helps manage resources efficiently and improves security by limiting the risk of sessions being hijacked during periods of inactivity.
PHRASEANET_USER_SESSION_LIFETIME	run	User Session Lifetime: Maximum duration in seconds that a session can exist, regardless of activity. This setting defines the absolute maximum time a session will remain active, after which it will be terminated to prevent long-lived sessions.

Phraseanet SGBD Settings ¶

Configure the database settings for Phraseanet.
Note: The default settings provided below are for initial setup and development purposes only.
For production environments, ensure to use secure credentials and consider connecting to a managed database service for enhanced security and performance.

myLib

Name	Type	Comment
PHRASEANET_DB_HOST	install	SGBD Host: Specifies the hostname or IP address of the database server.
PHRASEANET_DB_PORT	install	SGBD Port: Specifies the port number on which the database server is accessible.
PHRASEANET_DB_USER	install	SGBD User: Username for accessing the database. Change from default 'root' to a user with lesser privileges for security reasons.
PHRASEANET_DB_PASSWORD	install	SGBD Password: Password for the database user. Ensure to change this from the default for security reasons.

Phraseanet Database Settings ¶

Configure the initial database settings for Phraseanet installation.
These settings specify the templates and database identifiers used during the setup process.
Note: The databases specified here exist by default in the provided 'db' container.
If using an external database server, ensure these databases are created prior to installation.

myLib

Name	Type	Comment
INSTALL_DB_TEMPLATE	install	Database Template: Specifies the template for database setup, guiding the initial configuration structure.
INSTALL_APPBOX	install	Application Database Identifier: Specifies the identifier for the primary application database. Typically named as 'ab_master' or similar; adjust as needed.
INSTALL_DATABOX	install	Data Database Identifier: Specifies the identifier for the primary data storage database. Typically named as 'db_databox1' or similar; adjust as needed.

Phraseanet languages settings ¶

myLib

Name	Type	Comment
PHRASEANET_AVAILABLE_LANGUAGE	run	Available languages (list of language code separated by comma).
PHRASEANET_DEFAULT_LANGUAGE	run	Default language code.

Phraseanet Binaries Execution Timeouts Settings ¶

These settings define the maximum allowed execution time in minutes for various media processing tools used by Phraseanet.
If a process exceeds the specified timeout, it will be considered as having encountered an error.
These timeouts should be adjusted based on the file sizes being processed.

myLib

Name	Type	Comment
PHRASEANET_FFMPEG_TIMEOUT	run	FFMPEG Timeout: Maximum execution time for FFMPEG processes, used for video encoding and processing.
PHRASEANET_FFPROBE_TIMEOUT	run	FFPROBE Timeout: Maximum execution time for FFPROBE processes, used for video file analysis.
PHRASEANET_GS_TIMEOUT	run	Ghostscript Timeout: Maximum execution time for Ghostscript processes, used for processing PDFs and PostScript files.
PHRASEANET_MP4BOX_TIMEOUT	run	MP4Box Timeout: Maximum execution time for MP4Box processes, used for multimedia stream manipulation.
PHRASEANET_SWFTOOLS_TIMEOUT	run	SWFTools Timeout: Maximum execution time for SWFTools processes, used for processing SWF files.
PHRASEANET_UNOCON_TIMEOUT	run	Unoconv Timeout: Maximum execution time for Unoconv processes, used for document conversion between various formats.
PHRASEANET_EXIFTOOL_TIMEOUT	run	ExifTool Timeout: Maximum execution time for ExifTool processes, used for managing metadata within media files.

Phraseanet RabbitMQ Settings ¶

Configuration settings for RabbitMQ, used for message queuing within Phraseanet.
These settings define how Phraseanet connects to the RabbitMQ server to handle asynchronous message queuing.

myLib

Name	Type	Comment
PHRASEANET_RABBITMQ_HOST	run	RabbitMQ Host: The hostname or IP address of the RabbitMQ server.
PHRASEANET_RABBITMQ_PORT	run	RabbitMQ Port: The port number on which the RabbitMQ server is accessible.
PHRASEANET_RABBITMQ_SSL	run	RabbitMQ SSL: Whether to use SSL/TLS to encrypt the connection. Set to 'false' to disable.
PHRASEANET_RABBITMQ_VHOST	run	RabbitMQ Virtual Host: The namespace where queues and exchanges are defined within RabbitMQ.
PHRASEANET_RABBITMQ_HEARTBEAT	run	RabbitMQ Heartbeat: The timeout interval in seconds for sending heartbeats to keep the connection alive.

Phraseanet Elasticsearch Settings ¶

Initial configuration for Elasticsearch during the installation process of Phraseanet.
Note: These environment variables are used only during installation.
To modify these settings post-installation, use the configuration.yml file or the Phraseanet admin GUI.

myLib

Name	Type	Comment
PHRASEANET_ELASTICSEARCH_HOST	install	Elasticsearch Host: The hostname or IP address of the Elasticsearch server.
PHRASEANET_ELASTICSEARCH_PORT	install	Elasticsearch Port: The port number on which Elasticsearch is accessible.
PHRASEANET_ELASTICSEARCH_INDEX	install	Elasticsearch Index: The default index name for Elasticsearch. Set to 'null' to use the default setting from Phraseanet.
PHRASEANET_ELASTICSEARCH_SHARD	install	Elasticsearch Number of Shards: The number of shards for the Elasticsearch index.
PHRASEANET_ELASTICSEARCH_REPLICAS	install	Elasticsearch Number of Replicas: The number of replicas for each shard in the Elasticsearch index.
PHRASEANET_ELASTICSEARCH_MINSCORE	install	Elasticsearch Minimum Score: The minimum score for search results to be considered relevant.
PHRASEANET_ELASTICSEARCH_HIGHLIGHT	install	Elasticsearch Highlight: Whether search results should be highlighted. Set to 'true' to enable.
PHRASEANET_ELASTICSEARCH_MAXRESULTWINDOW	install	Elasticsearch Max Result Window: The maximum number of search results that can be returned in a single query.
PHRASEANET_ELASTICSEARCH_POPULATEORDER	install	Elasticsearch Populate Order: The default order in which search results are populated.
PHRASEANET_ELASTICSEARCH_ACTIVETAB	install	Elasticsearch Active Tab: The active tab in the Elasticsearch dashboard. Set to 'null' to use the default setting from Phraseanet.
PHRASEANET_ELASTICSEARCH_FACET_BASE	install	Elasticsearch Facet Base: Base number for calculating facets in search results.
PHRASEANET_ELASTICSEARCH_FACET_COLLECTION	install	Elasticsearch Facet per Collection: Number of facets to be calculated for collection in search results.
PHRASEANET_ELASTICSEARCH_FACET_DOCTYPE	install	Elasticsearch Facet per Document Type: Number of facets to be calculated for document type in search results.
PHRASEANET_ELASTICSEARCH_FACET_ORIENTATION	install	Elasticsearch Facet Orientation: Number of facets to be calculated based on the orientation of media in search results.

Phraseanet Network Settings ¶

Configure trusted IPs and network settings for secure access and operation within a controlled network environment.

myLib

Name	Type	Comment
PHRASEANET_TRUSTED_PROXIES	run	Trusted Proxies: Comma-separated list of IP addresses or subnets that are trusted as proxies by Phraseanet.
PHRASEANET_DEBUG_ALLOWED_IP	run	Debug Allowed IP: Comma-separated list of IP addresses allowed to access debugging features.
PHRASEANET_SUBNET_IPS	run	Subnet IPs: Define the IP subnet within which Phraseanet services will operate.

Phraseanet API Settings ¶

Enable and configure the API settings to dictate how external applications interact with Phraseanet.

myLib

Name	Type	Comment
PHRASEANET_API_ENABLED	run	API Enabled: Enables the API functionality, allowing for external access.
PHRASEANET_API_SSL	run	API SSL: Enables SSL encryption for API connections, ensuring data security.
PHRASEANET_API_AUTH_TOKEN_HEADER_ONLY	run	API Auth Token Header Only: Restricts API authentication to headers only, enhancing security by not allowing token in URL.

Phraseanet Mapbox Geolocation Settings ¶

Configure settings for geolocation features within Phraseanet, using Mapbox services.
Require a Mapbox account and access token to enable and use these features.

myLib

Name	Type	Comment
PHRASEANET_MAPBOX_ACTIVATE	run	Mapbox Activate: Enables or disables Mapbox integration.
PHRASEANET_MAPBOX_TOKEN	run	Mapbox Token: The access token for using Mapbox services.
PHRASEANET_MAPBOX_KIND	run	Mapbox Kind: Specifies the type of Mapbox service to use.

Phraseanet Mail Settings ¶

Configure email sending capabilities and SMTP settings for Phraseanet.

myLib

Name	Type	Comment
PHRASEANET_EMITTER_EMAIL	run	Emitter Email: The email address that appears as the sender for emails sent by Phraseanet.
PHRASEANET_MAIL_OBJECT_PREFIX	run	Mail Object Prefix: A prefix for the subject line of emails sent by Phraseanet.
PHRASEANET_SMTP_ENABLED	run	SMTP Enabled: Toggle to enable SMTP settings from .env file or disable to configure in GUI.
PHRASEANET_SMTP_HOST	run	SMTP Host: The hostname of the SMTP server used for sending emails.
PHRASEANET_SMTP_PORT	run	SMTP Port: The port number on which the SMTP server is accessible.
PHRASEANET_SMTP_AUTH_ENABLED	run	SMTP Auth Enabled: Toggle to require authentication for sending emails via SMTP.
PHRASEANET_SMTP_SECURE_MODE	run	SMTP Secure Mode: Defines the encryption method used (e.g., SSL, TLS), set to null to disable.
PHRASEANET_SMTP_USER	run	SMTP User: Username for SMTP authentication, if required.
PHRASEANET_SMTP_PASSWORD	run	SMTP Password: Password for SMTP authentication, if required.

Phraseanet Workers and Scheduler settings ¶

myLib

Name	Type	Comment
PHRASEANET_EXPLODE_WORKER	run	Define how many process are launched in the "worker" container: "0" : Only one process is launched inside the container with no specializing, in this case the scaling needs to be made by the orchestation eg K8S. This is the recommended way. "1" : Deploys one phraseanet worker for each kind of job, the parallelime is defined by value of envs started by "PHRASEANET_WORKER_XXX" Eg: For two subdefinitions builded at the same time, set "PHRASEANET_WORKER_subdefCreation=2"
PHRASEANET_WORKERS_LAUNCH_METHOD	run	When PHRASEANET_EXPLODE_WORKER=1, it define the method for launching Phraseanet workers process. Available values : "supervisor" : Launch it with supervisor. "" : Launch phraseanet workers with a "bin/console". Note for old Phraseanet task planner AKA "Phraseanet scheduler": To launch the "scheduler" container, add "scheduler" profile to "COMPOSE_PROFILES" env variable. Launch this container only if you need to use the old Phraseanet Archive tasks.

Phraseanet Worker Settings ¶

Define the number of parallel processes launched in a worker container.
Prefer scaling the number of containers over the number of processes within a container.
this default setting is for a test platform, for production, adjust the number of workers based on the expected workload and to your infrastructure capacity.

myLib

Name	Type	Comment
PHRASEANET_WORKER_assetsIngest	run
PHRASEANET_WORKER_createRecord	run
PHRASEANET_WORKER_deleteRecord	run
PHRASEANET_WORKER_editRecord	run
PHRASEANET_WORKER_exportMail	run
PHRASEANET_WORKER_downloadAsync	run
PHRASEANET_WORKER_exposeUpload	run
PHRASEANET_WORKER_ftp	run
PHRASEANET_WORKER_mainQueue	run
PHRASEANET_WORKER_populateIndex	run
PHRASEANET_WORKER_pullAssets	run
PHRASEANET_WORKER_recordsActions	run
PHRASEANET_WORKER_subdefCreation	run
PHRASEANET_WORKER_subtitle	run
PHRASEANET_WORKER_validationReminder	run
PHRASEANET_WORKER_webhook	run
PHRASEANET_WORKER_writeMetadatas	run
PHRASEANET_WORKER_shareBasket	run
PHRASEANET_CMD_MODE	run	PHRASEANET_CMD_MODE=1, set a worker container for run bin/console... or bin/maintenance... manualy Add "cmd" profile to COMPOSE_PROFILE

Phraseanet Locales settings ¶

myLib

Name	Type	Comment
LC_MESSAGES	run
LC_COLLATE	run
LC_IDENTIFICATION	run
LANG	run
LC_MEASUREMENT	run
LC_CTYPE	run
LC_TIME	run
LC_NAME	run

Phraseanet Volumes Location Settings ¶

Configure the directory paths for various operational and data storage aspects of Phraseanet.
These settings specify the locations on the file system where different types of data and operational files are stored, ensuring proper data management and accessibility.

myLib

Name	Type	Comment
PHRASEANET_CONFIG_DIR	run	Configuration Directory: Location for Phraseanet configuration files.
PHRASEANET_LOGS_DIR	run	Logs Directory: Location for storing logs generated by Phraseanet operations.
PHRASEANET_DATA_DIR	run	Data Directory: General data storage location used by Phraseanet. any change here must be reflected in the db.
PHRASEANET_DB_DIR	run	Database Directory: Location for database volume storage.
PHRASEANET_ELASTICSEARCH_DIR	run	Elasticsearch Directory: Location for Elasticsearch data storage.
PHRASEANET_THUMBNAILS_DIR	run	Thumbnails Directory: Location for storing generated thumbnails.
PHRASEANET_CUSTOM_DIR	run	Custom Directory: Location for custom scripts or extensions.
PHRASEANET_PLUGINS_DIR	run	Plugins Directory: Location for Phraseanet plugins.
PHRASEANET_TMP_DIR	run	Temporary Directory: Location for temporary files.
PHRASEANET_CACHE_DIR	run	Cache Directory: Location for caching data to improve application performance.
PHRASEANET_DOWNLOAD_DIR	run	Download Directory: Location for storing files that are available for download.
PHRASEANET_LAZARET_DIR	run	Lazaret Directory: Location for storing temporary or quarantined files before final processing or deletion.
PHRASEANET_CAPTION_DIR	run	Caption Directory: Location for storing caption data for media files.
PHRASEANET_WORKER_TMP	run	Worker Temporary Directory: Temporary storage for worker processes.
PHRASEANET_BACKUP_DIR	run	Backup Directory: Location for backup Phraseanet 'config/' repository. the backup is perfomed by 'setup' container before performing an update Executed
PHRASEANET_FTP_DIR	run	FTP Directory: Location for FTP uploads or downloads.

Phraseanet plugin support settings ¶

Configure settings for enabling and managing plugins within Phraseanet.

myLib

Name	Type	Comment
PHRASEANET_PLUGINS	build	Plugins git repository, separated by comma.
PHRASEANET_SSH_PRIVATE_KEY	build	key for git repository access

ImageMagick Default Policy Override Setting ¶

Configure specific operational limits for ImageMagick to manage resource usage and ensure performance and security.
reference: https://imagemagick.org/script/security-policy.php

myLib

Name	Type	Comment
IMAGEMAGICK_POLICY_VERSION	run	Policy Version: Specifies the version of ImageMagick policies being applied.
IMAGEMAGICK_POLICY_WIDTH	run	Maximum Width: Maximum width in pixels that ImageMagick is allowed to process. default value is 48,000 pixels
IMAGEMAGICK_POLICY_MAP	run	Map Limit: Maximum amount of memory map ImageMagick is allowed to allocate for image cache. default value is 2,048 Megabytes
IMAGEMAGICK_POLICY_AREA	run	Area Limit: Maximum area in pixels ImageMagick is allowed to allocate for an image. default value is 4,096 Megabytes
IMAGEMAGICK_POLICY_DISK	run	Disk Limit: Maximum amount of disk space ImageMagick is allowed to use for iamge cache. default value is 6 Gigabyte
IMAGEMAGICK_POLICY_TEMPORARY_PATH	run	Temporary Path: Location for ImageMagick's temporary files. default value is /tmp

New Relic Monitoring Settings ¶

Enable and configure the New Relic agent for platform monitoring to analyze and optimize the application's performance.
refer to the official New Relic documentation at https://docs.newrelic.com/docs/agents/php-agent/getting-started/introduction-new-relic-php

myLib

Name	Type	Comment
NEWRELIC_ENABLED	run	New Relic Enabled: Toggle to enable or disable New Relic monitoring.
NEWRELIC_LICENSE_KEY	run	New Relic License Key: The license key for your New Relic account.
NEWRELIC_APP_NAME	run	New Relic App Name: The name of the application as registered in New Relic.

SAML Authentication Settings ¶

Configure settings for SAML (Security Assertion Markup Language) authentication within Phraseanet to enable secure single sign-on (SSO) capabilities.
Note: This setup requires an additional paid plugin that is not included in the public images.
It also requires extra containers that must be declared in the Docker compose stack by adding 'phraseanet-saml-sp' to COMPOSE_PROFILES.

myLib

Name	Type	Comment
SAML_ALLOW_DEBUG	run	Allow Debug: Enables detailed logging for SAML operations. Useful for troubleshooting during setup and testing.
SAML_PHRASEANET_HOST	run	Phraseanet Host: The URL where Phraseanet is hosted, used in SAML exchanges.
SAML_SP_CONFIG_DIR	run	Service Provider Config Directory: Path to the directory where the SAML service provider configuration is stored.
SAML_SP_AUTHSOURCES	run	Service Provider Auth Sources: Specifies the authentication sources configuration for the service provider.
SAML_SP_CERT_DIR	run	Service Provider Certificate Directory: Path to the directory where the SAML service provider certificates are stored.
SAML_IDP_METADATA_CONFIG	run	Identity Provider Metadata Configuration: Configuration details for the SAML identity provider.
SAML_IDP_METADATA_LOCAL_CONFIG_DIR	run	Local Identity Provider Metadata Directory: Path to the directory where local metadata configurations for identity providers are stored.

Development purpose ¶

See Phraseanet development-mode documentation for more information.

myLib

Name	Type	Comment
PHRASEANET_PHPMYADMIN_PORT	run	"PhpMyAdmin" http port mapping.
MAILHOG_GUI_PORT	run	"Mailhog" http port mapping.

"Xdebug" settings:

myLib

Name	Type	Comment
XDEBUG_ENABLED	run
XDEBUG_PROFILER_ENABLED	run
IDE_KEY	run
XDEBUG_REMOTE_HOST	run
PHP_IDE_CONFIG=serverName	run
PHRASEANET_FTP_DIR	run	For dev or testing export ftp-server

For dev proxy squid WIP:

• PHRASEANET_SQUID_DIR=./volumes/squid
• PHRASEANET_SQUID_CONF= ./docker/squid/squid.conf
• PHRASEANET_SQUID_PORT=3128

myLib

Name	Type	Comment
SSH_AUTH_SOCK	run	For dev who don't have SSH_AUTH_SOCK (avoid an empty volume name)
PHRASEANET_K8S_NAMESPACE	run	Kubernet context needs full pod hosname on Nginx reverse proxing This is need for PHraseanet SAML context on K8S