Skip to content
Figranium logo

Configuration

Figranium uses environment variables to configure key aspects of the server and automation environment. These variables are defined in src/server/c...

Core Variables#

VariableDefault ValueDescription
PORT11345The port the backend server listens on.
SESSION_SECRET(Required)A random string used to sign session cookies.
NODE_ENVproductionSet to development for local dev mode.
ALLOWED_IPS* (Open)Comma-separated list of allowed IP addresses or CIDR ranges.
ALLOW_PRIVATE_NETWORKStrueSet to false or 0 to block access to local/private networks (SSRF protection).
TRUST_PROXYfalseSet to true or 1 if running behind a reverse proxy (e.g., Nginx, AWS ALB).

Rate Limiting#

VariableDefault ValueDescription
AUTH_RATE_LIMIT_MAX10Max failed login attempts per window (15 mins).
DATA_RATE_LIMIT_MAX100Max data requests (captures, logs) per window (15 mins).

VNC / Headful Debugging#

VariableDefault ValueDescription
NOVNC_PORT54311Port for the noVNC web interface.

Feature Flags#

VariableDefault ValueDescription
SESSION_COOKIE_SECUREfalseSet to true if serving over HTTPS.

Example .env File#

PORT=11345
SESSION_SECRET=super_secret_key_12345
ALLOWED_IPS=127.0.0.1,192.168.1.0/24
ALLOW_PRIVATE_NETWORKS=false
TRUST_PROXY=true
AUTH_RATE_LIMIT_MAX=20
DATA_RATE_LIMIT_MAX=500
NOVNC_PORT=54311
SESSION_COOKIE_SECURE=true

Notes#

  • Allow Private Networks: By default, ALLOW_PRIVATE_NETWORKS is true, meaning figranium can access internal services. In production environments exposed to untrusted users, set this to false.
  • Session Secret: If SESSION_SECRET is not provided, figranium will generate a random one on startup (or read from data/session_secret.txt if available). However, for consistent sessions across restarts, set a static secret.
  • Allowed IPs: If you expose figranium to the internet, always restrict access using ALLOWED_IPS or authentication.
Previous
Next