Advanced Platform Configuration

Debug Docker Images

The platform docker image doesn't contain any shell by default. In case you need to exec into the container using a shell for debugging purposes, we provide an additional debug variant whith the :<version>-debug tag.

Database Configuration

Steadybit requires a PostgresSQL 11 database.

Environment VariableRequiredDescription
SPRING_DATASOURCE_URLyesJDBC Url for the database connection
Example: jdbc:postgresql://postgres:5432/steadybitdb
SPRING_DATASOURCE_USERNAMEyesDatabase Username
Example: postgres
SPRING_DATASOURCE_PASSWORDyesDatabase Password
Example: postgres
STEADYBIT_DB_WEB_ENABLEDEnable Http Endpoint for Database export
Default: true

Tenant Configuration

Environment VariableRequiredDescription
STEADYBIT_TENANT_NAMEyesName for the tenant assigned to you
Example: Demo Org
STEADYBIT_TENANT_KEYyesKey for the tenant assigned to you
Example: demo
STEADYBIT_TENANT_API_KEYyesAPI key for the tenant assigned to you. Treat it as sensitive information.
Example: foobar

Web Configuration

Environment VariableRequiredDescription
STEADYBIT_WEB_PUBLIC_URLURL to point to your steadybit installation. Use this if you platform is running behind a reverse proxy doing path rewriting. Also it is used for the links in notifications.
STEADYBIT_WEB_PUBLIC_EXPERIMENT_PORTBy default the Websocket connections are advertised to the agents on port 7878. If the public port differs (e.g. because of a proxy) use this property to advertise a different port.

Log Configuration

Environment VariableRequiredDescription
LOGGING_FORMATBy default steadybit uses text format. Set this this to json to switch the log format to JSON.

Static-Authentication

You can use a static username/password to authenticate as an admin user

Environment VariableRequiredDescription
STEADYBIT_AUTH_PROVIDERyesUse STATIC for static authentication
Example: LDAP
STEADYBIT_AUTH_STATIC_USERNAMEyesUsername
Example: admin
STEADYBIT_AUTH_STATIC_PASSWORDyesPassword
Example: {noop}admin

LDAP-Authentication

You can use a LDAP Server for user authentication.

By default the ldap is accessed anonymously, unless STEADYBIT_AUTH_LDAP_MANAGER_DN and STEADYBIT_AUTH_LDAP_MANAGER_PASSWORD is set. The users are authenticated by doing a bind with their credentials, unless STEADYBIT_AUTH_LDAP_METHOD is set to password-compare.

Environment VariableRequiredDescription
STEADYBIT_AUTH_PROVIDERyesUse LDAP for LDAP-Authentication
Example: LDAP
STEADYBIT_AUTH_LDAP_URLyesLDAP-Server URL
Example: ldap://openldap:389/dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_MANAGER_DNUsername (DN) of the "manager" user identity is used to authenticate to a LDAP server. If omitted anonymous access will be used. Example: uid=admin,ou=system
STEADYBIT_AUTH_LDAP_MANAGER_PASSWORDThe password for the manager DN. This is required if the manager-dn is specified.
STEADYBIT_AUTH_LDAP_USER_DN_PATTERNSThe search pattern to find the usernames
Default: uid={0},ou=people
STEADYBIT_AUTH_LDAP_METHOD The method to authenticate the user. Either bind or password-compare.
Default: bind
STEADYBIT_AUTH_LDAP_PASSWORD_ATTRIBUTEThe attribute in the directory which contains the user password, used if using password-compare
Default: userPassword
STEADYBIT_AUTH_SYNC_ADMIN_GROUP_DNyesThe DN for the groupOfNames/groupOfUniqueNames for the Admin users
Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_SYNC_USER_GROUP_DNyesThe DN for the groupOfNames/groupOfUniqueNames for the User users
Example: cn=steadybit_user,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_SEARCH_FILTERThe filter for the groupOfNames/groupOfUniqueNames for the teams
Example: ou=teams,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_KEY_ATTRIBUTEThe attribute to use as Team key
Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_NAME_ATTRIBUTEThe attribute to use as Team name
Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_SYNC_CRONCron Expression which defines the periods for the LDAP synchronization
Default: 0 0 */2 ? * * *

OpenID-Connect Authentication

You can use an OpenID Connect compatible authentication provider for user authentication. Steadybit uses the authorization_code grant type.

The first user to login will be assigned the ADMIN role, all other will be assigned the USER role. The roles can be changed by an admin user via the UI.

Environment VariableRequiredDescription
STEADYBIT_AUTH_PROVIDERyesUse OAUTH2 for OIDC-Authentication
Example: OAUTH2
STEADYBIT_AUTH_OAUTH2_ISSUER_URIyesURI for the OpenID Connect discovery endpoint.
Example: https://keycloak/auth/realms/demo
STEADYBIT_AUTH_OAUTH2_CLIENT_IDyesThe client ID to use for the OIDC registration
Example: steadybit
STEADYBIT_AUTH_OAUTH2_CLIENT_SECRETyesThe client secret to use for the OIDC registration
Example: ijhdfpjdf80wiphubfqwd113342r
STEADYBIT_AUTH_OAUTH2_USER_NAME_ATTRIBUTEName of the attribute that will be used as name for the user
Default: name

Using SSL/TLS Encryption

SSL can be configured by setting the various SERVER_SSL_* properties and requires a java keystore (typically PKCS12).

Environment VariableRequiredDescription
SERVER_PORTPort to use
Default: 8080
SERVER_SSL_KEY_STOREPath to the key store that holds the SSL certificate (typically a .jks or .p12 file).
Example: file:/keystores/steadybit.p12
SERVER_SSL_KEY_STORE_TYPEType of the keystore
Example: PKCS12
SERVER_SSL_KEY_STORE_PASSWORDPassword used to access the key store
SERVER_SSL_KEY_ALIASAlias that identifies the key in the keystore to be used
SERVER_SSL_KEY_PASSWORDPassword used to access the key in the key store.
Need Help? Get in touch with us© steadybit. All rights reserved.