Deveo Configuration

The /var/opt/deveo/shared/deveo.json configuration file and some of the flags it provides should be familiar by now. This is where Deveo configuration settings are kept, including settings manipulated through Deveo Admin UI from the Deveo Bootstrap phase. This configuration file is also part of Deveo Backups, if enabled.

Every time Deveo is reconfigured, the configuration file is read and the configuration is applied to all of Deveo services. Some of the configuration flags dictate what mode of deployment Deveo is running, where others simply override default Deveo settings.

Format

The configuration file is formatted as JSON. It is important to keep the correct format of the file, otherwise the Deveo reconfiguration will not work. JSONLint is a trusted open-source JSON linter option to help verify the syntax of the JSON contents.

Note: Remember that duplicate keys override the previously defined keys.

To see the current configuration applied to the server, run the following command:

sudo deveo-ctl show-config

Overriding Defaults

Deveo comes with many sensible defaults for both service and application behavior. If the default configuration needs to be adjusted, use the dictionary provided below as a reference.

Each configuration flag has a section, for example app, nginx, etc. These sections separate settings into logical categories. To use the dictionary, simply merge the section to the existing Deveo configuration file at /var/opt/deveo/shared/deveo.json with a required key and value.

Whenever changing any of the configurations, pay attention to the type of the key and where available refer to the linked documentation. Also, remember that configuration is not applied until the sudo deveo-ctl reconfigure command has been run.

Section: app

This section groups instance and general application related settings.

Key Type Default Description
is_cluster Boolean false Defines whether Deveo runs in Cluster or HA mode
is_master Boolean false Defines whether Deveo runs in master mode with Subversion replication
is_slave Boolean false Defines whether Deveo runs in slave mode with Subversion replication
is_ssl Boolean false Defines whether Deveo enforces SSL
hostname String FQDN Deveo application hostname
email String support@FQDN Email of the sender of all outgoing emails and links to Support team
registrations_email String Defaults to email Allows overriding sender of registration related emails.
notifications_email String Defaults to email Allows overriding sender of notification related emails.
backups_email String Defaults to email Allows overriding receiver of backup related emails.
default_company String Default company short name to use with login
ssh_port Integer 22 Defines SSH port for Git and Mercurial clone urls when the instance is using non-standard SSH port.
http_proxy String Defines HTTP proxy to use with external services like hooks. Provide absolute url including possible credentials: http://user:password@proxy.com:8008.

Section: backend

This section groups Deveo backend (APIs, Deveo Admin) application-related settings.

Key Type Default Description
auth_method String builtin Defines Deveo Authentication type. Allowed: builtin, ldap, or both
failed_login_interval Integer 2 Minimum time between failed login attempts
failed_login_limit Integer 6 Limit of failed login attempts in specified time frame
failed_login_period Integer 60 Time frame for failed_login_limit
ldap_host String LDAP hostname
ldap_port String LDAP port
ldap_user String LDAP search username
ldap_password String LDAP search password
ldap_domain_base String LDAP search base for users
ldap_filter String LDAP search filter used when finding users
ldap_encryption String plain LDAP encryption. Allowed: plain, start_tls, simple_tls
ldap_short_name String LDAP account ID field mapped to Deveo login
ldap_email String LDAP account email field mapped to Deveo email
ldap_first_name String LDAP account first name field
ldap_last_name String LDAP account last name field
ldap_groups String LDAP field defining users groups
ldap_groups_base String LDAP groups search base
ldap_source String LDAP sync identifier
ldap_groups_from_user Boolean false LDAP users contain group information
ldap_collaborators_enabled Boolean false LDAP authentication for collaborators
ldap_collaborators_base String LDAP search base for collaborators
ldap_collaborators_filter String LDAP search filter used when finding collaborators
db_host String localhost MongoDB hostname for Cluster or HA setup
db_port Integer 4002 MongoDB port
db_username String MongoDB username
db_password String MongoDB password
db_pool_size Integer 10 MongoDB connection pool size
redis_host String localhost Redis hostname for Cluster or HA setup
redis_port Integer 6379 Redis port
redis_password String Redis password
backups Boolean false Defines whether Deveo asset backups are enabled
backup_s3 Boolean false Defines whether asset backups need to be taken offline to Amazon S3. Requires backups section configuration.
password_validation_range String 8..100 Defines the minimum and maximum length for account password validation.
password_validation_format String /*./ Defines the password format requirements for account password validation. For example, to ensure that password contains at least 1 uppercase letter, 1 lowercase letter and 1 digit, you can use the following pattern: /(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).*/
password_validation_entropy Integer -1 Defines the desired password entropy level related to possible email, short_name, first_name, last_name field values using Levenshtein algorithm. Value 0 means extact matching (checks if password is the same like a value of one of aforementioned fields). Value greater than 0 defines a threshold of similarity password must fulfil. Value less than 0 turns off this validation (default).
password_expire_days Integer 0 Defines the maximum number of days a password can be used before it expires. Value of 0 means that passwords never expire.
password_expire_count Integer 0 Defines the number of old passwords that cannot be used again. Value of 0 allows reusing old passwords.
password_expire_notify Integer 7 Defines the number of days before password expiration to notify accounts.
slave_syncer_enabled Boolean false Defines whether slave_syncer is enabled for slave site with Subversion replication.

Section: backups

This section groups Deveo Backups related settings.

Key Type Default Description
s3_key_id String Amazon S3 key ID for offline backups
s3_access_key String Amazon S3 access key for offline backups
s3_bucket String Amazon S3 bucket name for offline backups
s3_region String Amazon S3 region for offline backups
keep Integer 30 How many backups to keep before oldest backup gets removed (Archival method only)

Section: logging

This section groups Deveo logging related settings.

Key Type Default Description
svlogd_size Integer 209715200 The maximum size when SV rotation should happen (200MB)
svlogd_num Integer 30 Number of SV log files to keep
svlogd_timeout Integer 86400 Number of seconds when SV rotation should happen (24 hours)
logrotate_frequency String daily Frequency of logrotate rotation
logrotate_size Integer Size of logrotate rotation. Does not rotate by size by default.
logrotate_rotate Integer 30 Number of logrotate files to keep

Section: audit

This section groups Deveo audit logging related settings.

Key Type Default Description
logrotate_frequency String daily Frequency of logrotate rotation
logrotate_size Integer Size of logrotate rotation. Does not rotate by size by default.
logrotate_rotate Integer 90 Number of logrotate files to keep

Section: mongodb

This section groups Deveo MongoDB database related settings, which are usually required in Cluster or HA deployment for tools such as Deveo Backups accessing MongoDB database.

Key Type Default Description
port Integer 4002 MongoDB port
username String MongoDB username
password String MongoDB password
backups Boolean false Defines whether Deveo MongoDB backups are enabled
backup_s3 Boolean false Defines whether MongoDB backups need to be taken offline to Amazon S3. Requires backups section configuration
keyfile String /var/opt/deveo/shared/mongodb-keyfile Defines location for MongoDB keyfile with Subversion replication
replset String deveo Defines replica set name for MongoDB with Subversion replication

Section: nginx

This section groups Deveo Nginx related settings.

Key Type Default Description
server_names String _ Server names Nginx will listen on
worker_processes Integer 2 Number of Nginx worker processes to start
worker_connections Integer 1024 Number of Nginx simultaneous worker connections
keepalive_timeout Integer 65 Number of seconds for keep-alive connection
proxy_send_timeout Integer 120 Number of seconds for sending a request to backend services
proxy_read_timeout Integer 120 Number of seconds for reading a response from backend services
max_body_size String 4G Max size of client request body
enable_sslv3 Boolean false Whether SSLv3 should be enabled, see Poodle vulnerability
ssl_ciphers String See default nginx ciphers below [1] Specifies enabled ciphers in the format understood by the OpenSSL library

[1] Default nginx ciphers:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Section: postfix

This section groups Deveo local Postfix MTA mailing settings.

Key Type Default Description
message_size_limit Integer 20000000 Max size of the message in bytes
masquerade_domain String Domain of the email key Masquerade domain
relay_host String Relay hostname
relay_port Integer 25 Relay port
user_name String Username for SASL authentication
password String Password for SASL authentication
sasl_auth_enable Boolean false Whether SASL authentication is enabled
tls_auth_enable Boolean false Whether TLS is used
tls_ca_crt_bundle String TLS CA certificates file

Section: repos

This section groups Deveo repositories related settings.

Key Type Default Description
backups Boolean false Defines whether Deveo repository backups are enabled
backup_s3 Boolean false Defines whether repository backups need to be taken offline to Amazon S3. Requires backups section configuration.

Section: unicorn_backend

This section groups Deveo backend (APIs, Deveo Admin) Unicorn server related settings.

Key Type Default Description
worker_timeout Integer 60 Number of seconds Unicorn worker times out
worker_processes Integer 4 Number of Unicorn worker processes to start

Section: puma

This section groups Deveo Puma server related settings.

Key Type Default Description
worker_processes Integer 2 Number of Puma worker processes to start
min_threads Integer 0 Minimum size of worker's thread pool
max_threads Integer 4 Maximum size of worker's thread pool
max_memory Integer 1000 Maximum total memory (MB) for Puma when multiple workers are used

Section: sangria

This section groups Deveo Web Client related settings.

Key Type Default Description
google_analytics String Google Analytics tracking code

Section: replication

This section groups Subversion replication related settings.

Key Type Default Description
username String Username of a company admin account to be used with replication on master site.
password String Password of a company admin account to be used with replication on master site.
queue_size Integer 2 Number of workers performing replication jobs on master site.
timeout Integer 60 Number of seconds to wait after replication failure on master site.
Updated on: 28 April 2017