OpenFlow Docker environment

Roman_Chernov · December 21, 2023, 2:19pm

Hello everybody! I would be very grateful if you could tell me about the purpose of the environment parameters in docker-compose.yml for the “api” of the service:

- auto_create_users=true
- auto_create_domains=
- websocket_package_size=25000
- websocket_max_package_count=1048576
- protocol=http
- port=3000
- domain=openflow.myhost.com
- log_with_colors=false

# uncomment below 2 lines, if you have set replicas above 1
# - enable_openflow_amqp=true
# - amqp_prefetch=25
# uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
# - agent_docker_use_project=true

 - agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
 - agent_oidc_issuer=http://openflow.myhost.com/oidc
 - agent_oidc_authorization_endpoint=http://openflow.myhost.com/oidc/auth
 - agent_oidc_token_endpoint=http://api:3000/oidc/token

 - amqp_url=amqp://guest:guest@rabbitmq
 - mongodb_url=mongodb://mongodb:27017/?replicaSet=rs0
 - mongodb_db=openflow

 - aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25m

I performed a local deployment of OpenFlow v1.5.6 by modifying the original docker-compose.yml from GitHub. Everything works just fine, but for myself I would like to understand what these variables control.

Thank you for your help!

Roman_Chernov · December 21, 2023, 2:24pm

As I understand it, “- aes_secret=” is the key for encrypting data in mongodb. How can I set my value? Which utility should I use?

Roman_Chernov · December 21, 2023, 2:30pm

I also wanted to ask how to change the guest user in the variable “-amqp_url=” to another password-protected one? As far as I can tell, this variable is used to access agents and OpenRPA to the broker.

Allan_Zimmermann · December 21, 2023, 2:49pm

aes secret can be any 36 charecter long string
You cannot change it once used
This is used to hash passwords and is used for aes encrypting credentials. ( or any other documemt using the _encrypt array )
Rabbitmq removed the option to set username/password using env so is using guest by default.
Rabbitmq should not be exposed, openflow handles connecting to rabbitmq on behalf of the clients, this is how access control is enforced for consuming and publishing.
Most settings are explained here
Configuration Values | OpenIAP Documentation

Roman_Chernov · December 22, 2023, 4:24pm

Thank you, Allan. It helps.

system · December 25, 2023, 4:24pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.