-
Notifications
You must be signed in to change notification settings - Fork 138
.env Settings
Ryan Manly edited this page Jul 4, 2020
·
7 revisions
The following is a list of options available for configuration in .env
If you are attempting to configure a setting, first check that the default does not already contain that setting. It is recommended that you only include settings you wish to alter from the default.
These settings affect the look of MunkiReport and the target links for some of the GUI elements.
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Sitename | SITENAME | MunkiReport | Will appear in the title bar of your browser and as heading on each webpage |
| Default Theme | DEFAULT_THEME | Default | Sets the default theme for new logins/users. |
| Show Help | SHOW_HELP | TRUE | Add a help button to the navigation bar, defaults to true |
| Custom Help URL | HELP_URL | https://github.com/munkireport/munkireport-php/wiki | If you want to override the default help url (MunkiReport's GitHub Wiki), you can specify which URL to redirect to (in a new tab). |
| Custom CSS | CUSTOM_CSS | If you want to override the default css or default js you can specify a custom file that will be included in the header (css) and footer (js) | |
| Custom JS | CUSTOM_JS | If you want to override the default css or default js you can specify a custom file that will be included in the header (css) and footer (js) | |
| Client Detail Layout | CLIENT_DETAIL_WIDGETS | ['machine_info_1', 'machine_info_2', 'comment_detail', 'hardware_detail', 'software_detail', 'storage_detail', '*'] | |
| MunkiWebAdmin2 | MWA2_LINK | MunkiWebAdmin2 (MWA2) is a web-based administration tool for Munki that focuses on editing manifests and pkginfo files. To learn more about MWA2 visit: https://github.com/munki/mwa2 | |
| VNC links | VNC_LINK | "vnc://%s:5900" | If you want to have link that opens a screensharing or SSH connection to a client, enable these settings. |
| SSH links | SSH_LINK | "ssh://adminuser@%s" | If you want to have link that opens a screensharing or SSH connection to a client, enable these settings. |
| Apple Hardware Icon URL | APPLE_HARDWARE_ICON_URL | https://km.support.apple.com/kb/securedImage.jsp?configcode=%s&size=240x240 | URL to retrieve icon from Apple |
| reCaptcha Integration Public Key | RECAPTCHA_LOGIN_PUBLIC_KEY | Enable reCaptcha Support on the Authentication Form Request API keys from https://www.google.com/recaptcha | |
| reCaptcha Integration Private Key | RECAPTCHA_LOGIN_PRIVATE_KEY | Enable reCaptcha Support on the Authentication Form Request API keys from https://www.google.com/recaptcha | |
| Dashboard Template | DASHBOARD_TEMPLATE | dashboard/dashboard |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Timezone | APP_TIMEZONE | @date_default_timezone_get() | See http://www.php.net/manual/en/timezones.php for valid values |
| Unit of temperature °C or °F | TEMPERATURE_UNIT | C | Unit of temperature, possible values: F for Fahrenheit, C for Celsius |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Modules | MODULES | ['munkireport', 'managedinstalls', 'disk_report'] | List of modules that have to be installed on the client. See for possible values the names of the directories in vendor/munkireport/ |
| Module Search Paths | MODULE_SEARCH_PATHS | [local_conf('modules')] (as of 5.5.0) | Filesystem paths to search for modules replaces the implicit 'custom' module path |
| Encryption key | ENCRYPTION_KEY | Used by several modules to encrypt sensitive data before it enters the database | |
| Hide Non-active Modules | HIDE_INACTIVE_MODULES | TRUE | When false, all modules will be shown in the interface like in the 'Listings' menu. |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Preflight Script Name | PREFLIGHT_SCRIPT | preflight | Override these if you want to provide your own custom scripts that call the munkireport scripts |
| Postflight Script Name | POSTFLIGHT_SCRIPT | postflight | Override these if you want to provide your own custom scripts that call the munkireport scripts |
| Report Broken Clien Script Name | REPORT_BROKEN_CLIENT_SCRIPT | report_broken_client | Override these if you want to provide your own custom scripts that call the munkireport scripts |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Local directory | LOCAL_DIRECTORY_PATH | APP_ROOT . 'local/ | Path to the local directory where settings, users and certificates are stored |
| Widget Search Paths | WIDGET_SEARCH_PATHS | [local_conf('views/widgets')] | |
| Local User Search Paths | AUTH_LOCAL_SEARCH_PATHS | [local_conf('users')] | |
| Module Search Paths | MODULE_SEARCH_PATHS | [local_conf('modules')] (as of 5.5.0) | Filesystem paths to search for modules replaces the implicit 'custom' module path |
| Dashboard Search Paths | DASHBOARD_SEARCH_PATHS | [local_conf('dashboards')] | |
| SAML Certificate Path | AUTH_SAML_CERT_DIR | [local_conf('certs/')] |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| HTTP host | WEBHOST | The hostname of the webserver, default automatically determined. no trailing slash | |
| Index page | INDEX_PAGE | index.php? | Default is index.php? which is the most compatible form. You can leave it blank if you want nicer looking urls. You will need a server which honors .htaccess (apache) or figure out how to rewrite urls in the server of your choice. |
| Uri protocol | URI_PROTOCOL | AUTO | $_SERVER variable that contains the correct request path, e.g. 'REQUEST_URI', 'QUERY_STRING', 'PATH_INFO', etc. defaults to AUTO |
| Subdirectory | SUBDIRECTORY | Relative to the webroot, with trailing slash. | |
| Debugging | DEBUG | FALSE | If set to TRUE, will deliver debugging messages in the page. Set to FALSE in a production environment |
| Curl | CURL_CMD | ["/usr/bin/curl", "--fail", "--silent", "--show-error"] | Define path to the curl binary and add options this is used by the installer script. Override to use custom path and add or remove options, some environments may need to add "--insecure" if the servercertificate is not to be checked. |
| Guzzle settings | GUZZLE_HANDLER | auto | Guzzle is used to make http connections to other servers (e.g. apple.com) Guzzle will choose the appropriate handler based on your php installation You can override this behaviour by specifying the handler here. Valid options are 'curl', 'stream' or 'auto' (default) For CA Bundle options see http://docs.guzzlephp.org/en/stable/request-options.html#verify |
| Request timeout | REQUEST_TIMEOUT | 5 | Timeout for retrieving warranty and model information from Apple. Timeout in seconds. |
| Client Passphrases | CLIENT_PASSPHRASES | List of passphrases that the client can use to authenticate |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Proxy Server | PROXY_SERVER | ||
| Proxy Username | PROXY_USERNAME | ||
| Proxy Password | PROXY_PASSWORD | ||
| Proxy Port | PROXY_PORT | 0 |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Connection Driver | CONNECTION_DRIVER | sqlite | |
| Connection Database | CONNECTION_DATABASE | APP_ROOT . 'app/db/db.sqlite' | |
| Connection Options | CONNECTION_OPTIONS | ||
| Connection Host | CONNECTION_HOST | 127.0.0.1 | |
| Connection Port | CONNECTION_PORT | 3306 | |
| Connection Database | CONNECTION_DATABASE | munkireport | |
| Connection Username | CONNECTION_USERNAME | munkireport | |
| Connection Password | CONNECTION_PASSWORD | munkireport | |
| Connection Character Set | CONNECTION_CHARSET | utf8mb4 | |
| Connection Collation | CONNECTION_COLLATION | utf8mb4_unicode_ci | |
| Connection Strict | CONNECTION_STRICT | TRUE | |
| Connection Engine | CONNECTION_ENGINE | InnoDB | |
| Connection SSL Enabled | CONNECTION_SSL_ENABLED | FALSE | |
| Connection SSL Key | CONNECTION_SSL_KEY | ||
| Connection SSL Cert | CONNECTION_SSL_CERT | ||
| Connection SSL CA | CONNECTION_SSL_CA | ||
| Connection SSL CA Path | CONNECTION_SSL_CAPATH | ||
| Connection SSL Cipher | CONNECTION_SSL_CIPHER | ||
| Connection Options | CONNECTION_OPTIONS |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Authentication Methods | AUTH_METHODS | Can be one of the followin: NOAUTH, LOCAL, AD, SAML, LDAP, NETWORK | |
| Force secure connection when authenticating | AUTH_SECURE | FALSE | Set this value to TRUE to force https when logging in. This is useful for sites that serve MR both via http and https |
| Roles Admin | ROLES_ADMIN | ['*'] | Add users or groups to the appropriate roles array. |
| Roles Manager | ROLES_MANAGER | ||
| Local Groups | GROUPS_ADMIN_USERS | Create local groups, add users to groups. | |
| Business Units | ENABLE_BUSINESS_UNITS | FALSE | Set to TRUE to enable Business Units For more information, see docs/business_units.md |
| Role Based Authorization - Delete Machine | AUTHORIZATION_DELETE_MACHINE | ['admin', 'manager'] | Authorize actions by listing roles appropriate array. Don't change these unless you know what you're doing, these roles are also used by the Business Units |
| Role Based Authorization - Global | AUTHORIZATION_GLOBAL | ['admin'] |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| AD Schema | AUTH_AD_SCHEMA | ActiveDirectory | |
| AD Account Prefix | AUTH_AD_ACCOUNT_PREFIX | ||
| AD Account Suffix | AUTH_AD_ACCOUNT_SUFFIX | ||
| AD Username | AUTH_AD_USERNAME | ||
| AD Password | AUTH_AD_PASSWORD | ||
| AD Base DN | AUTH_AD_BASE_DN | dc=mydomain,dc=local | |
| AD Hosts | AUTH_AD_HOSTS | ||
| AD Port | AUTH_AD_PORT | 389 | |
| AD Follow Referrals | AUTH_AD_FOLLOW_REFERRALS | FALSE | |
| AD Use SSL | AUTH_AD_USE_SSL | FALSE | |
| AD USE TLS | AUTH_AD_USE_TLS | FALSE | |
| AD Version | AUTH_AD_VERSION | 3 | |
| AD Timeout | AUTH_AD_TIMEOUT | 5 | |
| AD Allowed Users | AUTH_AD_ALLOWED_USERS | ||
| AD Allowed Groups | AUTH_AD_ALLOWED_GROUPS | ||
| AD Recursive Group Search | AUTH_AD_RECURSIVE_GROUPSEARCH | FALSE |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Whitelist Management Console Access | AUTH_NETWORK_WHITELIST_IP4 | Whitelisting of IP addresses that can access the management interface (anything except for index.php?/report/ which is always allowed) | |
| Custom 403 Error Page | AUTH_NETWORK_REDIRECT_UNAUTHORIZED | You can also provide a custom 403 page for traffic that does not have access to the management interface Default: The default munkireport-php 403 client error page (no need to add this object if you don't want the custom 403 page |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| AUTH_SAML_SP_NAME_ID_FORMAT | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | ||
| AUTH_SAML_SP_ENTITY_ID | |||
| AUTH_SAML_SP_X509CERT | |||
| AUTH_SAML_SP_PRIVATEKEY | |||
| AUTH_SAML_IDP_ENTITY_ID | https://app.onelogin.com/saml/metadata/xxxx | ||
| AUTH_SAML_IDP_SSO_URL | https://yourorg.onelogin.com/trust/saml2/http-post/sso/xxxx | ||
| AUTH_SAML_IDP_SSO_BINDING | |||
| AUTH_SAML_IDP_SLO_URL | https://yourorg.onelogin.com/trust/saml2/http-redirect/slo/xxxx | ||
| AUTH_SAML_IDP_SLO_BINDING | |||
| AUTH_SAML_IDP_X509CERT | |||
| AUTH_SAML_USER_ATTR | User.email | ||
| AUTH_SAML_GROUP_ATTR | ['memberOf'] | ||
| AUTH_SAML_DISABLE_SSO | FALSE | ||
| AUTH_SAML_DEBUG | FALSE | ||
| AUTH_SAML_SECURITY_NAME_ID_ENCRYPTED | FALSE | ||
| AUTH_SAML_SECURITY_AUTHN_REQUESTS_SIGNED | FALSE | ||
| AUTH_SAML_SECURITY_LOGOUT_REQUEST_SIGNED | FALSE | ||
| AUTH_SAML_SECURITY_LOGOUT_RESPONSE_SIGNED | FALSE | ||
| AUTH_SAML_SECURITY_SIGN_METADATA | FALSE | ||
| AUTH_SAML_SECURITY_WANT_MESSAGES_SIGNED | FALSE | ||
| AUTH_SAML_SECURITY_WANT_ASSERTIONS_ENCRYPTED | FALSE | ||
| AUTH_SAML_SECURITY_WANT_ASSERTIONS_SIGNED | FALSE | ||
| AUTH_SAML_SECURITY_WANT_NAME_ID | TRUE | ||
| AUTH_SAML_SECURITY_WANT_NAME_ID_ENCRYPTED | FALSE | ||
| AUTH_SAML_SECURITY_REQUESTED_AUTHN_CONTEXT | TRUE | ||
| AUTH_SAML_SECURITY_WANT_XML_VALIDATION | TRUE | ||
| AUTH_SAML_SECURITY_RELAX_DESTINATION_VALIDATION | FALSE | ||
| AUTH_SAML_SECURITY_SIGNATURE_ALGORITHM | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | ||
| AUTH_SAML_SECURITY_DIGEST_ALGORITHM | http://www.w3.org/2001/04/xmlenc#sha256 | ||
| AUTH_SAML_SECURITY_LOWERCASE_URLENCODING | FALSE | ||
| AUTH_SAML_ALLOWED_USERS | |||
| AUTH_SAML_ALLOWED_GROUPS | |||
| AUTH_SAML_CERT_DIR | local_conf('certs/') |
| Setting | ENV Name | Default | Description |
|---|---|---|---|
| Jamf Enable | JAMF_ENABLE | FALSE | Enable the Jamf API Connection |
| Jamf Server | JAMF_SERVER | Server address for Jamf server (e.g. "https://domain.jamfcloud.com/") | |
| Jamf Username | JAMF_USERNAME | Username of API enabled user | |
| Jamf Password | JAMF_PASSWORD | Password of API enabled user | |
| Jamf Verify SSL | JAMF_VERIFY_SSL | TRUE | To disable SSL verification when connecting to your Jamf server. If using a self signed certificate, set this to false. |
- General Upgrade Procedures
- How to Upgrade Versions
- Troubleshooting Upgrades
- Migrating sqlite to MySQL