Docker environment variables
Environment variables are for the current version and may differ for a previous versions.
Mandatory variables are marked with an asterisk (*).
| Variable | Description | Type | Default value |
|---|---|---|---|
| LICENSEE* | Your licensee | String | |
| LICENSE_KEY* | Your license key | String | |
| PORT | Exposed port for API | Integer | 8080 |
| MAX_REQUEST_SIZE | Max http request size | String | 100MB |
| GRACEFUL_SHUTDOWN_TIMEOUT | Graceful shutdown timeout in duration format. | Duration | PT15S |
| WRAPPER_PATH | Path for wrapper to override autoconfiguration. Can be used if you want to skip automatic CPU architecture detection. | String | |
| WORKER_TIMEOUT_MS | Max time waiting for a recognition process to finish. | Integer | 20000 |
| WORKERS_POOL_SIZE | Number of recognition workers in a worker pool. | Integer | 2 |
| WORKER_CREATION_MS | Milliseconds to wait for license check at startup. Lower values will result in faster startup but invalid license will be reported on requests. | Integer | 100 |
| AVAILABLE_WORKER_TIMEOUT_MS | Max time waiting to get available recognition worker from the pool. | Integer | 10000 |
| ENABLE_METRICS | Enable metrics endpoint. | Boolean | false |
| ENABLE_HEALTH_ENDPOINTS | Enable health, liveness and readiness endpoints. | Boolean | true |
| ENABLE_SECURITY | Enable basic security. | Boolean | false |
| BASIC_AUTH_USERNAME | Username for Basic authentication header. | String | |
| BASIC_AUTH_PASSWORD | Password for Basic authentication header. | String | |
| IMAGE_ALLOW_INVALID_CERTIFICATE | Whether to allow download of images from Url with invalid certificate. | Boolean | true |
| IMAGE_DOWNLOAD_TIMEOUT | Max time for image download from provided image Url. | Integer | 10000 |
| IMAGE_MAX_SIZE_KB | Max image size in kilobytes. Empty value means unlimited. | Integer | |
| IMAGE_URL_PROTOCOLS_ALLOWED | Allowed protocols for image download. | Comma-separated string | http,https |
| IMAGE_URL_HOSTS_ALLOWED | Allowed hosts for image download. Empty value means all hosts are allowed. | Comma-separated string | |
| IMAGE_URL_PORTS_ALLOWED | Allowed ports for image download. Empty value means all ports are allowed. | Comma-separated integer | |
| IMAGE_URL_DIRECTORIES_ALLOWED | Allowed directories for image download. Empty value means all directories are allowed. Works only if file protocol is specified. | Comma-separated string | |
| ENABLE_REQUEST_SUMMARY | Whether to enable request summary in log. | Boolean | true |
| LOG_ENABLE_CUSTOMIZATION | Whether to allow logger customizations (Guard for LOG_ENABLE_CONSOLE_APPENDER, LOG_ENABLE_FILE_APPENDER, LOG_PATTERN and LOGGER_MAP). | Boolean | false |
| LOG_ENABLE_CONSOLE_APPENDER | Whether to enable console appender. | Boolean | true |
| LOG_ENABLE_FILE_APPENDER | Whether to enable file appender. Log files are placed inside docker container in /logs folder. | Boolean | false |
| LOG_PATTERN | Custom pattern for logback. You can use %X{traceId} and %X{executionId} from MDC to track request. | String | |
| LOGGER_MAP | Logger key-values pairs. For more detailed logging provide "com.microblink=DEBUG,io.micronaut=INFO" | Comma-separated string=string pairs | |
| ALLOW_CORS | Whether to enable CORS. | Boolean | true |
| ALLOWED_METHODS | CORS allowed methods. | Comma-separated string | GET,POST,OPTIONS |
| ALLOWED_ORIGINS | CORS allowed origins. Empty value means all origins are allowed. | Comma-separated string | |
| PROXY_HOST | The host name of the proxy server. | String | |
| PROXY_PORT | The port number of the proxy server. | Integer | |
| NON_PROXY_HOSTS | The list of hosts that should be reached directly, bypassing the proxy. This is a list of patterns separated by | . | String | |
| TRUST_STORE | Trust store path. | String | |
| TRUST_STORE_PASSWORD | Trust store password. Needed only if a trust store is password protected. | String | |
| SSL_ENABLED | Whether SSL is enabled. | Boolean | false |
| SSL_KEY_STORE_PATH | SSL key store path. | String | |
| SSL_KEY_STORE_PASSWORD | SSL key store password. | String | |
| SSL_KEY_STORE_TYPE | Type of keystore. | String | |
| SSL_KEY_STORE_PROVIDER | Name of the key store provider. | String | |
| SSL_KEY_PASSWORD | SSL key password. | String | |
| SSL_KEY_ALIAS | SSL key alias. | String | |
| JAVA_OPTS | Runtime Java options for GraalVM native image. | String | |
| HEALTH_CUSTOM_URL | Custom health endpoint. | String |
Recommended Docker runtime options
Recommended Docker runtime options for throughput of 1.5 req/s are 4 CPUs, 4 GB of memory and 2 workers (WORKERS_POOL_SIZE).
Recommended security settings
It is strongly recommended to configure Cross-origin resource sharing (CORS) policy control in order to minimize security risks by using the following environment variables ALLOW_CORS, ALLOWED_METHODS, ALLOWED_ORIGINS. The second recommendation is to use https instead of http for external service interaction, for example, setting IMAGE_URL_PROTOCOLS_ALLOWED only to https (which is the default setting). Finally, it is recommended to implement API rate limiting based on the number of requests made to the specific API endpoint based on the request per time or IP address for example by using load balancer, proxy, horizontal scaling policy, etc.