The following environment variables can be set to configure the Coral Server. You
can expose them in your shell via
export NODE_ENV=development or by placing
the variables in a
.env file in the root of the project in a simple
NODE_ENV=development format delimited by newlines.
The port to listen for HTTP and WebSocket requests. (Default
The MongoDB database URI to connect to. (Default
The Redis database URI to connect to. (Default
The shared secret to use to sign JSON Web Tokens (JWT) with the selected signing
Note: While there is a default for this so development can be simplified, Coral
will throw a runtime error in the event it's started with
SIGNING_SECRET="keyboard cat" to prevent insecure installations. This
must be set in production to something long and secure. You can use
to help with that:
openssl rand -base64 45
Can be one of
development. All production deployments should
production. Defaults to
production when ran with
npm run start, or
with Docker deployments. Defaults to
development when run with
npm run start:development.
A JSON string with optional configuration options to be used when connecting to
Redis as specified in the ioredis documentation. (Default:
The signing algorithm to use for signing tokens. (Default
Supported algorithms are:
Specify the default locale to use for all requests without a locale specified. (Default
The logging level that can be set to one of
Forces SSL in production by redirecting all HTTP requests to HTTPS, and sending
HSTS headers. (Default
Coral does not provide or manage HTTPS certificates. If you want to enable HTTPS, you must configure a proxy in front of Coral such as Caddy.
Troubleshooting: If you are seeing redirect loops when trying to access
pages like the admin, you may need to configure
tell Coral which upstream proxies to trust.
FORCE_SSL=true, Coral will send HSTS
headers that will force web browsers to connect via HTTPS for the next 60 days.
By forcing SSL use you'll need to provide a secure connection to your Coral
instance for at least the next 60 days.
true, the comment stream will not create a WebSocket connection to get
live comment updates. This applies across all tenants on the installation, and
cannot be turned back on via the interface. (Default
Stories that have not received a comment within this time frame will pause live
updates automatically. Once a single comment is received on these stories, live
updates will be re-enabled until the story sits idle for the timeout value,
parsed by ms. (Default
true, all tenants will be loaded from the database when needed rather than keeping a in-memory copy in sync via published events on Redis. (Default
true, it will enable the interactive GraphQL developer environment at the
/graphiql route. This will also disable persisted (Default
Note: We do not recommend using this in production environments as it disables many safety features used by the application to provide it.
The username for Basic Authentication at the
/metrics route. If not
METRICS_PASSWORD, no authentication will be added to this route.
The password for Basic Authentication at the
/metrics route. If not
METRICS_USERNAME, no authentication will be added to this route.
Prometheus metrics are
provided at this port under
/metrics route. (Default
The request timeout for scraping operations, parsed by ms.
The maximum size (in bytes) to allow for scraping responses. (Default
The URI that static assets can be accessed from. This URI can be to a proxy that
uses this Coral server on
PORT as the upstream. Disabled by default.
When provided, it configures the "trust proxy" settings for Express. If you are
encountering issues where URLs in the administration are showing with a
https, you may need to set the
TRUST_PROXY setting. Refer to
https://expressjs.com/en/guide/behind-proxies.html for possible values of this
configuration variable as it pertains to your setup.
The interval that should be used to send keep alive messages over WebSocket to
keep the socket open, parsed by ms.
The length of time that a given request to test a comment against a given word
list, parsed by ms. (Default
The length of time that a given request should wait for a response when
interacting with the Perspective API, parsed by ms.
The following configuration variables are only enabled when the server has been
started in development mode (where
The port where the Webpack Development server is running on. (Default
Disables mounting of client routes for developing with Webpack Dev Server.
Used to disable the rate limiters used in Coral. (Default