⚙️Configure feature toggles

Here's a guide to configure miscellaneous features. Most of the main features are defined in their proper guide, but this document will list feature flags that are not defined in any specific guide.

Laputa (legacy backend) flags

You can define the features flags in the values.override.yaml file:

yaml: values.override.yaml
laputa:
  config:
    common:
      TOUCAN_KEY: value
      # ...

Extra connectors

Install and enable data connectors.

Parameter
Description
Default
Required

TOUCAN_EXTRA_CONNECTORS

To avoid installing unused connectors, some of the connectors are not installed. To install these, you need to specify like this '["azure_mssql", "oracle"]'.

'[]'

No

You can find a list of available values in the public repository (remove the .sh extension from the name).

Cookies, expiration dates and validity

A list of parameters to configure the expiration dates of tokens and passwords.

Parameter
Description
Default
Required

TOUCAN_SLOW_REQUEST_THRESHOLD

TOUCAN_TOKEN_VALIDITY

Set the validity period of the user’s access tokens. Quantifiers can be any of: “hours”, “days”, “weeks”.

30 days

No

TOUCAN_REFRESH_TOKEN_VALIDITY

Set the validity period of the user’s refresh tokens. Quantifiers can be any of: “hours”, “days”, “weeks”.

30 days

No

TOUCAN_SHORT_PASSWORD_TOKEN_VALIDITY

Set the validity period of the generated reset password tokens. Quantifiers can be any of: “hours”, “days”, “weeks”.

24 hours

No

TOUCAN_LONG_PASSWORD_TOKEN_VALIDITY

Set the validity period of the generated reset password tokens. Quantifiers can be any of: “hours”, “days”, “weeks”.

4 weeks

No

Predefined values

This is a non-exhaustive list of pre-defined values in the values.yaml. You should rarely change these values.

Container

A list of parameters related to the container behavior.

Parameter
Description
Default
Required

TOUCAN_NGINX_SUPERVISOR

Starts an internal NGINX

on

No

TOUCAN_CUSTOM_USER_ID

Sets the UID of the toucan system user of the backend container (this user manages the /app folder).

1000

No

TOUCAN_CUSTOM_GROUP_ID

Sets the GID of the toucan system user of the backend container.

1000

No

Public URLs

A list of parameters related to the public URLs.

Parameter
Description
Default
Required

TOUCAN_INSTANCE_NAME

Instance name. Only used at Toucan internally.

{{ .Values.global.hostname }}

No

TOUCAN_FRONTEND_URLS

Public frontend urls. Follows the format ["https://...", "https://..."].

["https://{{ .Values.global.hostname }}"]

No

MongoDB

A list of parameters required by Laputa to store data in MongoDB.

Parameter
Description
Default
Required

TOUCAN_MONGODB_HOST

Accessible host of the MongoDB server.

(handled by Helm)

Yes

TOUCAN_MONGODB_PORT

Accessible port of the MongoDB server.

(handled by Helm)

Yes

TOUCAN_MONGODB_READONLY_USER

MongoDB user with readonly permissions.

app_readonly

Yes

TOUCAN_MONGODB_READONLY_PASS

MongoDB RO user's password.

(generated by Helm)

Yes

TOUCAN_MONGODB_USER

MongoDB user with read-write permissions.

app

Yes

TOUCAN_MONGODB_PASS

MongoDB RW user's password.

(generated by Helm)

Yes

TOUCAN_MONGODB_ADMIN_USER

MongoDB root admin.

admin

Yes

TOUCAN_MONGODB_ADMIN_PASS

MongoDB root admin's password.

(generated by Helm)

Yes

TOUCAN_MONGODB_SSL

Connect to MongoDB using SSL/TLS.

false

No

The users (app, app_readonly and admin) and roles should be created with:

js
// admin is built-in.
// readAnyDatabase is built-in.
db.createRole({
  role: 'readWriteDropAnyDatabase',
  privileges: [],
  roles: [
    { role: 'readWriteAnyDatabase', db: 'admin' },
    { role: 'dbAdminAnyDatabase', db: 'admin' },
  ],
});
db.createUser({
  user: 'app',
  pwd: '<password>',
  roles: [{ role: 'readWriteDropAnyDatabase', db: 'toucan' }],
});
db.createUser({
  user: 'app_readonly',
  pwd: '<password>',
  roles: [{ role: 'readAnyDatabase', db: 'toucan' }],
});

If you want to connect the container to a MongoDB using SRV connection format, only set TOUCAN_MONGODB_HOST like this:

yaml: values.yaml
TOUCAN_MONGODB_HOST: 'mongodb+srv://${USER_RW}:${PASSWORD_RW}@mongo.yourdomain.com/api-toucan?retryWrites=true&w=majority'
TOUCAN_MONGODB_READONLY_HOST: 'mongodb+srv://${USER_RO}:${PASSWORD_RO}@mongo.yourdomain.com/api-toucan?w=majority'

By default, using SRV, TLS will be enabled.

Redis

A list of parameters required by Laputa to cache data in Redis.

Parameter
Description
Default
Required

TOUCAN_REDIS_HOST

Accessible host of the Redis server.

(handled by Helm)

Yes

TOUCAN_REDIS_PORT

Accessible port of the Redis server.

(handled by Helm)

Yes

TOUCAN_REDIS_PASSWORD

Use Redis authentication.

unset

No

TOUCAN_REDIS_SSL

Use Redis SSL

false

No

Workers

See Tuning resources for more details.

Parameter
Description
Default
Required

TOUCAN_GUNICORN_WORKERS

Number of gunicorn sync workers.

(handled by Helm)

No

TOUCAN_GUNICORN_TIMEOUT

Workers silent for more than this many seconds are killed and restarted. Value is a positive number or 0. Setting it to 0 has the effect of infinite timeouts by disabling timeouts for all workers entirely. Generally, the default of thirty seconds should suffice. Only set this noticeably higher if you’re sure of the repercussions for sync workers. For the non sync workers it just means that the worker process is still communicating and is not tied to the length of time required to handle a single request.Use Redis SSL

30

No

TOUCAN_CELERY_MAX_WORKERS

Max number of celery workers.

2

No

TOUCAN_CELERY_QUICK_MAX_WORKERS

Max number of celery quick workers. Quick workers handle light tasks.

10

No

Gotenberg (PDF rendering service)

A list of parameters required by Laputa to render PDFs with Gotenberg.

Parameter
Description
Default
Required

TOUCAN_GOTENBERG_FLAG

Enable Gotenberg. (enable, disable or experimental)

experimental

Yes

TOUCAN_GOTENBERG_URL

Accessible URL to the gotenberg service.

(handled by Helm)

Yes

TOUCAN_GOTENBERG_USERNAME

Set the username for basic auth.

unset

No

TOUCAN_GOTENBERG_PASSWORD

Set the password for basic auth.

unset

No

Last updated

Was this helpful?