Skip to content

Environment Variables for Configuring ProxyConf

This section outlines the environment variables used to configure ProxyConf. These variables control various aspects such as database setup, ports, and certificates for the control plane. Ensure to set these correctly based on your deployment needs.

SECRET_KEY_BASE

Defines a base secret that is used to sign/encrypt cookies and other secrets. You can generate one by calling openssl rand 32 | base32 - Default: None (must be specified).

DB_ENCRYPTION_KEY

Defines a secret key that is used to encrypt sensitive values stored in the database. You can generate one by calling openssl rand 32 | base32 - Default: None (must be specified).

PROXYCONF_HOSTNAME

Defines the hostname used to serve the mgmt endpoint / ui. - Default: localhost.

Defines the distributed erlang cookie, required to cluster multiple ProxyConf nodes. - Default: generated during build. Ensure to replace it for production usage.

PROXYCONF_DATABASE_URL

Defines a database url used to connect to the database. For example: ecto://USER:PASS@HOST/DATABASE - Default: None (must be specified).

PROXYCONF_CA_CERTIFICATE

Defines the path to the PEM encoded CA certificate. - Default: None (must be specified).

PROXYCONF_CONTROL_PLANE_CERTIFICATE

Defines the path to the PEM encoded certificate used by the GRPC endpoint accessed by the Envoy data plane. - Default: None (must be specified).

PROXYCONF_CONTROL_PLANE_PRIVATE_KEY

Defines the path to the PEM encoded private key used by the GRPC endpoint accessed by the Envoy data plane. - Default: None (must be specified).

PROXYCONF_MGMT_API_CA_CERTIFICATE

Defines the path to the PEM encoded CA certificate used by the HTTPS management API. - Default: The certificate defined in PROXYCONF_CA_CERTIFICATE.

PROXYCONF_MGMT_API_CERTIFICATE

Defines the path to the PEM encoded certificate used by the HTTPS management API. - Default: The certificate defined in PROXYCONF_CONTROL_PLANE_CERTIFICATE.

PROXYCONF_MGMT_API_PRIVATE_KEY

Defines the path to the PEM encoded private key used by the HTTPS management API. - Default: The private key defined in PROXYCONF_CONTROL_PLANE_PRIVATE_KEY.

PROXYCONF_MGMT_API_JWT_SIGNER_KEY

Defines the path to the PEM encoded private key used by the JWT signer. - Default: The private key defined in PROXYCONF_MGMT_API_PRIVATE_KEY.

PROXYCONF_CERTIFICATE_ISSUER_CERT

Defines the path to the PEM encoded certificate used to automatically issue server certificates if no matching cert is available. - Default: None (must be specified).

PROXYCONF_CERTIFICATE_ISSUER_KEY

Defines the path to the PEM encoded private key used to automatically issue server certificates if no matching cert is available. - Default: None (must be specified).

PROXYCONF_UPSTREAM_CA_BUNDLE

The path to the TLS CA bundle that the Envoy proxies will use for validating upstream connections to API servers. This bundle ensures that ProxyConf can securely route traffic to upstream services.
- Default: /etc/ssl/certs/ca-certificates.crt

PROXYCONF_GRPC_ENDPOINT_PORT

Specifies the TCP port on which the GRPC listener will accept connections from the Envoy proxies. This setting is crucial for the communication between ProxyConf and the Envoy proxies in your architecture.
- Default: 18000.

PROXYCONF_CRONTAB

Specifies the path to a crontab file used by ProxyConf to schedule and execute periodic tasks. These tasks could include fetching OpenAPI specifications from remote locations or syncing certificates from systems like Certbot.
- Example: /path/to/crontab


By configuring these environment variables, you can tailor ProxyConf to your specific architecture and ensure secure, dynamic handling of API traffic and TLS certificates. Make sure to review and update the values based on your environment needs.