Archivematica components can be configured using multiple methods. All components follow the same pattern:
- Environment variables - setting a configuration parameter with an environment variable will override all other methods.
- Configuration file - if the parameter is not set by an environment variable, the component will look for a setting in its default configuration file.
- Application defaults - if the parameter is not set in an environment variable or the config file, the application default is used.
Logging behaviour is configured differently, and provides two methods:
logging.json
file - if a JSON file is present in the default location, the contents of the JSON file will control the components logging behaviour.- Application default - if no JSON file is present, the default logging behaviour is to write to standard streams (standard out and standard error).
Dashboard specific details are provided below.
The value of an environment variable is a string of characters. The configuration system coerces the value to the types supported:
string
(e.g."foobar"
)int
(e.g."60"
)float
(e.g."1.20"
)boolean
where truth values can be represented as follows (checked in a case-insensitive manner):- True (enabled):
"1"
,"yes"
,"true"
or"on"
- False (disabled):
"0"
,"no"
,"false"
or"off"
- True (enabled):
Certain environment strings are mandatory, i.e. they don't have defaults and the application will refuse to start if the user does not provide one.
Please be aware that Archivematica supports different types of distributions (Ubuntu/CentOS packages, Ansible or Docker images) and they may override some of these settings or provide values to mandatory fields.
The Dashboard will look for a configuration file in one location:
/etc/archivematica/archivematicaCommon/dbsettings
Traditionally, the dbsettings file was used to hold mysql login credentials, which are then shared with other Archivematica components like MCPClient. Non-database parameters can be set in the dbsettings file to override the application defaults.
The dashboard is a WSGI application. The default configuration uses gunicorn as an application server together with nginx as an http server. The dashboard is then typically run by a service manager such as systemd, although it can be run by other systems such as upstart or docker instead.
This directory contains example configuration files for these services:
-
dashboard.gunicorn-config.py
- gunicorn configuration file sample. The default location for this file is/etc/archivematica/dashboard.gunicorn-config.py
. -
dashboard.conf
- nginx server block sample. The default location for this file is/etc/nginx/sites-available/dashboard.conf
. -
archivematica-dashboard.service
- systemd config sample. The default location for this file is/etc/systemd/system/archivematica-dashboard.service
.
These are fairly basic example files, that can be extended or customised to meet local needs. Depending on the method used to install your Archivematica instance, the contents of your files may differ from these examples.
This is the full list of variables supported by the Dashboard. The first section lists application variables that can be set as environment variables or in the dbsettings file. The second section lists gunicorn variable that can be set as environment variables or in the gunicorn configuration file.
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_TIME_ZONE
:- Description: application time zone. See TIME_ZONE for more details.
- Config file example:
Dashboard.time_zone
- Type:
string
- Default:
"UTC"
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_DJANGO_ALLOWED_HOSTS
:- Description: a list of strings representing the host/domain names that this Django site can serve. See
ALLOWED_HOSTS
for more details. - Config file example:
Dashboard.django_allowed_hosts
- Type:
string
- 🔴 Mandatory!
- Description: a list of strings representing the host/domain names that this Django site can serve. See
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_DJANGO_SECRET_KEY
:- Description: a secret key used for cryptographic signing. See SECRET_KEY for more details.
- Config file example:
Dashboard.django_secret_key
- Type:
string
- 🔴 Mandatory!
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SHARED_DIRECTORY
:- Description: location of the Archivematica Shared Directory.
- Config file example:
Dashboard.shared_directory
- Type:
string
- Default:
"/var/archivematica/sharedDirectory/"
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_WATCH_DIRECTORY
:- Description: location of the Archivematica Watched Directories.
- Config file example:
Dashboard.watch_directory
- Type:
string
- Default:
"/var/archivematica/sharedDirectory/watchedDirectories/"
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_ELASTICSEARCH_SERVER
:- Description: address of the Elasticsearch server.
- Config file example:
Dashboard.elasticsearch_server
- Type:
string
- Default:
"127.0.0.1:9200"
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_ELASTICSEARCH_TIMEOUT
:- Description: configures the Elasticsearch client to stop waiting for a response after a given number of seconds.
- Config file example:
Dashboard.elasticsearch_timeout
- Type:
float
- Default:
10
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_ELASTICSEARCH_MAX_QUERY_SIZE
:- Description: limits the number of results per query that Elasticseach client can retrieve. Note that when using a value greater than 10000, the
total_fields.limit
andmax_result_window
must be increased in indices (For instance, when using100000
run on ES server linux CLI:curl -XPUT 'http://localhost:9200/aips,aipfiles,transfers,transferfiles/_settings' -H "Content-Type: application/json" -d '{"index.mapping.total_fields.limit": 100000, "index.max_result_window": 100000}'
) - Config file example:
Dashboard.elasticsearch_max_query_size
- Type:
integer
- Default:
10000
- Description: limits the number of results per query that Elasticseach client can retrieve. Note that when using a value greater than 10000, the
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SEARCH_ENABLED
:- Description: controls what Elasticsearch indexes are enabled:
- When set to
aips
, the Backlog tab, Appraisal tab, and the SIP Arrange pane in the Ingest tab will not be displayed. - When set to
transfers
, the Archival storage tab will not be displayed. - When set to
false
, all the mentioned parts in the previous cases will not be displayed. - When set to
aips,transfers
(the order does not matter) ortrue
, all the mentioned parts will be displayed. The status of Elasticsearch indexing is indicated in the Archivematica GUI under Administration > General.
- When set to
- Config file example:
Dashboard.search_enabled
- Type:
boolean
orstring
- Default:
true
- Description: controls what Elasticsearch indexes are enabled:
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_GEARMAN_SERVER
:- Description: address of the Gearman server.
- Config file example:
Dashboard.gearman_server
- Type:
string
- Default:
127.0.0.1:4730
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_PASSWORD_MINIMUM_LENGTH
:- Description: sets minimum length for user passwords.
- Config file example:
Dashboard.password_minimum_length
- Type:
integer
- Default:
8
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_PASSWORD_DISABLE_COMMON_VALIDATION
:- Description: disables password validation that prevents users from using passwords that occur in a list of common passwords.
- Config file example:
Dashboard.password_disable_common_validation
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_PASSWORD_DISABLE_USER_ATTRIBUTE_SIMILARITY_VALIDATION
:- Description: disables password validation that prevents users from using passwords that are too similar to their username and other user attributes.
- Config file example:
Dashboard.password_disable_user_attribute_similarity_validation
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_PASSWORD_DISABLE_COMPLEXITY_VALIDATION
:- Description: disables password validation that checks that passwords contain at least three of: lower-case characters, upper-case characters, numbers, special characters.
- Config file example:
Dashboard.password_disable_complexity_validation
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SHIBBOLETH_AUTHENTICATION
:- Description: enables the Shibboleth authentication system.
- Config file example:
Dashboard.shibboleth_authentication
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CAS_AUTHENTICATION
:- Description: enables the CAS authentication system.
- Config file example:
Dashboard.cas_authentication
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_LDAP_AUTHENTICATION
:- Description: enables the LDAP authentication system.
- Config file example:
Dashboard.ldap_authentication
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_OIDC_AUTHENTICATION
:- Description: enables the OIDC authentication system.
- Config file example:
Dashboard.oidc_authentication
- Type:
boolean
- Default:
false
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_STORAGE_SERVICE_CLIENT_TIMEOUT
:- Description: configures the Storage Service client to stop waiting for a response after a given number of seconds.
- Config file example:
Dashboard.storage_service_client_timeout
- Type:
float
- Default:
86400
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_STORAGE_SERVICE_CLIENT_QUICK_TIMEOUT
:- Description: configures the Storage Service client to stop waiting for a response after a given number of seconds when the client uses asynchronous API endpoints.
- Config file example:
Dashboard.storage_service_client_quick_timeout
- Type:
float
- Default:
5
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_AGENTARCHIVES_CLIENT_TIMEOUT
:- Description: configures the agentarchives client to stop waiting for a response after a given number of seconds.
- Config file example:
Dashboard.agentarchives_client_timeout
- Type:
float
- Default:
300
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_POLLING_INTERVAL
:- Description: describes the interval (in seconds) at which the dashboard client will request an update from the server, e.g. to refresh the microservice jobs display.
- Config file example:
Dashboard.polling_interval
- Type:
integer
- Default:
10
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSP_ENABLED
:- Description: Experimental support for Control Security Policy headers.
- Config file example:
Dashboard.csp_enabled
- Type:
boolean
- Default:
False
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_PROMETHEUS_ENABLED
:- Description: Determines if Prometheus metrics should be collected.
- Config file example:
Dashboard.prometheus_enabled
- Type:
boolean
- Default:
False
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_AUDIT_LOG_MIDDLEWARE
:- Description: enables X-Username header with authenticated HTTP responses.
- Config file example:
Dashboard.audit_log_middleware
- Type:
boolean
- Default:
False
-
ARCHIVEMATICA_DASHBOARD_DASHBOARD_SITE_URL
:- Description: the public address of this service.
- Config file example:
Dashboard.site_url
- Type:
string
- Default:
None
-
ARCHIVEMATICA_DASHBOARD_CLIENT_ENGINE
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.engine
- Type:
string
- Default:
django.db.backends.mysql
-
ARCHIVEMATICA_DASHBOARD_CLIENT_DATABASE
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.database
- Type:
string
- Default:
MCP
-
ARCHIVEMATICA_DASHBOARD_CLIENT_USER
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.user
- Type:
string
- Default:
archivematica
-
ARCHIVEMATICA_DASHBOARD_CLIENT_PASSWORD
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.password
- Type:
string
- Default:
demo
-
ARCHIVEMATICA_DASHBOARD_CLIENT_HOST
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.host
- Type:
string
- Default:
localhost
-
ARCHIVEMATICA_DASHBOARD_CLIENT_PORT
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.port
- Type:
string
- Default:
3306
-
ARCHIVEMATICA_DASHBOARD_CLIENT_CONN_MAX_AGE
:- Description: a database setting. See DATABASES for more details.
- Config file example:
client.conn_max_age
- Type:
float
- Default:
0
-
ARCHIVEMATICA_DASHBOARD_EMAIL_BACKEND
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.backend
- Type:
string
- Default:
django.core.mail.backends.console.EmailBackend
-
ARCHIVEMATICA_DASHBOARD_EMAIL_HOST
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.host
- Type:
string
- Default:
smtp.gmail.com
-
ARCHIVEMATICA_DASHBOARD_EMAIL_HOST_USER
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.host_user
- Type:
string
- Default:
your_email@example.com
-
ARCHIVEMATICA_DASHBOARD_EMAIL_HOST_PASSWORD
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.host_password
- Type:
string
- Default:
None
-
ARCHIVEMATICA_DASHBOARD_EMAIL_PORT
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.port
- Type:
integer
- Default:
587
-
ARCHIVEMATICA_DASHBOARD_EMAIL_SSL_CERTFILE
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.ssl_certfile
- Type:
string
- Default:
None
-
ARCHIVEMATICA_DASHBOARD_EMAIL_SSL_KEYFILE
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.ssl_keyfile
- Type:
string
- Default:
None
-
ARCHIVEMATICA_DASHBOARD_EMAIL_USE_SSL
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.use_ssl
- Type:
boolean
- Default:
False
-
ARCHIVEMATICA_DASHBOARD_EMAIL_USE_TLS
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.use_tls
- Type:
boolean
- Default:
True
-
ARCHIVEMATICA_DASHBOARD_EMAIL_FILE_PATH
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.file_path
- Type:
string
- Default:
None
-
ARCHIVEMATICA_DASHBOARD_EMAIL_DEFAULT_FROM_EMAIL
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.default_from_email
- Type:
string
- Default:
webmaster@example.com
-
ARCHIVEMATICA_DASHBOARD_EMAIL_SUBJECT_PREFIX
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.subject_prefix
- Type:
string
- Default:
[Archivematica]
-
ARCHIVEMATICA_DASHBOARD_EMAIL_TIMEOUT
:- Description: an email setting. See Sending email for more details.
- Config file example:
email.timeout
- Type:
integer
- Default:
300
-
ARCHIVEMATICA_DASHBOARD_EMAIL_SERVER_EMAIL
:- Description: an email setting. See Sending email for more details. When the value is
None
, Archivematica uses the value inEMAIL_HOST_USER
. - Config file example:
email.server_email
- Type:
string
- Default:
None
- Description: an email setting. See Sending email for more details. When the value is
-
AM_GUNICORN_USER
:- Description: OS user for gunicorn worker processes to run as. See USER
- Type:
integer
(user id) orstring
(user name) - Default:
archivematica
-
AM_GUNICORN_GROUP
:- Description: OS group for gunicorn worker processes to run as. See GROUP
- Type:
integer
(group id) orstring
(group name) - Default:
archivematica
-
AM_GUNICORN_BIND
:- Description: The socket for gunicorn to bind to. See BIND
- Type:
string
(host name or ip with port number) - Default:
127.0.0.1:8002
-
AM_GUNICORN_WORKERS
:- Description: Number of gunicorn worker processes to run. Note that since Archivematica installations typically run many processes on the same system, a lower number of workers than Gunicorn recommends should be used. See WORKERS and How Many Workers? for more details.
- Type:
integer
- Default:
3
-
AM_GUNICORN_WORKER_CLASS
:- Description: The type of worker processes to run. See WORKER-CLASS
- Type:
string
- Default:
gevent
-
AM_GUNICORN_TIMEOUT
:- Description: Worker process timeout. See TIMEOUT
- Type:
integer
(seconds) - Default:
172800
-
AM_GUNICORN_RELOAD
:- Description: Restart workers when code changes. See RELOAD
- Type:
boolean
- Default:
false
-
AM_GUNICORN_RELOAD_ENGINE
:- Description: Method of performing reload. See RELOAD-ENGINE
- Type:
string
- Default:
auto
-
AM_GUNICORN_CHDIR
:- Description: Directory to load apps from. See CHDIR
- Type:
string
- Default:
/usr/share/archivematica/dashboard
-
AM_GUNICORN_ACCESSLOG
:- Description: Location to write access log to. See ACCESSLOG
- Type:
string
- Default:
/dev/null
-
AM_GUNICORN_ERRORLOG
:- Description: Location to write error log to. See ERRORLOG
- Type:
string
- Default:
-
-
AM_GUNICORN_LOGLEVEL
:- Description: The granularity of Error log outputs. See LOGLEVEL
- Type:
string
- Default:
INFO
-
AM_GUNICORN_PROC_NAME
:- Description: Name for this instance of gunicorn. See PROC-NAME
- Type:
string
- Default:
archivematica-dashboard
These variables specify the behaviour of LDAP authentication. Only applicable if ARCHIVEMATICA_DASHBOARD_DASHBOARD_LDAP_AUTHENTICATION
is set.
-
AUTH_LDAP_USERNAME_SUFFIX
:- Description: A suffix that is stripped from LDAP usernames when
generating Dashboard usernames (e.g., if set to
_ldap
, LDAP userdemo_ldap
will be saved asdemo
). - Type:
string
- Default: ``
- Description: A suffix that is stripped from LDAP usernames when
generating Dashboard usernames (e.g., if set to
-
AUTH_LDAP_SERVER_URI
:- Description: Address of the LDAP server to authenticate against.
- Type:
string
- Default:
ldap://localhost
-
AUTH_LDAP_BIND_DN
:- Description: LDAP "bind DN"; the object to authenticate against the LDAP server with, in order to lookup users, e.g. "cn=admin,dc=example,dc=com". Empty string for anonymous.
- Type:
string
- Default: ``
-
AUTH_LDAP_BIND_PASSWORD
:- Description: Password for the LDAP bind DN.
- Type:
string
- Default: ``
-
AUTH_LDAP_USER_SEARCH_BASE_DN
:- Description: Base LDAP DN for user search, e.g. "ou=users,dc=example,dc=com".
- Type:
string
- Default: ``
-
AUTH_LDAP_USER_SEARCH_BASE_FILTERSTR
:- Description: Filter for identifying LDAP user objects, e.g. "(uid=%(user)s)". The
%(user)s
portion of the string will be replaced by the username. This variable is only used ifAUTH_LDAP_USER_SEARCH_BASE_DN
is not empty. - Type:
string
- Default:
(uid=%(user)s)
- Description: Filter for identifying LDAP user objects, e.g. "(uid=%(user)s)". The
-
AUTH_LDAP_USER_DN_TEMPLATE
:- Description: Template for LDAP user search, e.g. "uid=%(user)s,ou=users,dc=example,dc=com".
Not applicable if
AUTH_LDAP_USER_SEARCH_BASE_DN
is set. - Type:
string
- Default: ``
- Description: Template for LDAP user search, e.g. "uid=%(user)s,ou=users,dc=example,dc=com".
Not applicable if
-
AUTH_LDAP_USER_FIRST_NAME_ATTR
:- Description: LDAP attribute for first name.
- Type:
string
- Default:
givenName
-
AUTH_LDAP_USER_LAST_NAME_ATTR
:- Description: LDAP attribute for last name.
- Type:
string
- Default:
sn
-
AUTH_LDAP_USER_EMAIL_ATTR
:- Description: LDAP attribute for email address.
- Type:
string
- Default: `mail
-
AUTH_LDAP_GROUP_IS_ACTIVE
:- Description: Template for LDAP group used to set the Django user
is_active
flag, e.g. "cn=active,ou=django,ou=groups,dc=example,dc=com". - Type:
string
- Default: ``
- Description: Template for LDAP group used to set the Django user
-
AUTH_LDAP_GROUP_IS_STAFF
:- Description: Template for LDAP group used to set the Django user
is_staff
flag, e.g. "cn=staff,ou=django,ou=groups,dc=example,dc=com". - Type:
string
- Default: ``
- Description: Template for LDAP group used to set the Django user
-
AUTH_LDAP_GROUP_IS_SUPERUSER
:- Description: Template for LDAP group used to set the Django user
is_superuser
flag, e.g. "cn=admins,ou=django,ou=groups,dc=example,dc=com". - Type:
string
- Default: ``
- Description: Template for LDAP group used to set the Django user
-
AUTH_LDAP_GROUP_SEARCH_BASE_DN
:- Description: Base LDAP DN for group search, e.g. "ou=django,ou=groups,dc=example,dc=com".
- Type:
string
- Default: ``
-
AUTH_LDAP_GROUP_SEARCH_FILTERSTR
:- Description: Filter for identifying LDAP group objects, e.g. "(objectClass=groupOfNames)".
This variable is only used if
AUTH_LDAP_GROUP_SEARCH_BASE_DN
is not empty. - Type:
string
- Default: ``
- Description: Filter for identifying LDAP group objects, e.g. "(objectClass=groupOfNames)".
This variable is only used if
-
AUTH_LDAP_REQUIRE_GROUP
:- Description: Filter for a group that LDAP users must belong to in order to authenticate, e.g. "cn=enabled,ou=django,ou=groups,dc=example,dc=com"
- Type:
string
- Default: ``
-
AUTH_LDAP_DENY_GROUP
:- Description: Filter for a group that LDAP users must not belong to in order to authenticate, e.g. "cn=disabled,ou=django,ou=groups,dc=example,dc=com"
- Type:
string
- Default: ``
-
AUTH_LDAP_FIND_GROUP_PERMS
:- Description: If we should use LDAP group membership to calculate group permissions.
- Type:
boolean
- Default:
false
-
AUTH_LDAP_CACHE_GROUPS
:- Description: If we should cache groups to minimize LDAP traffic.
- Type:
boolean
- Default:
false
-
AUTH_LDAP_GROUP_CACHE_TIMEOUT
:- Description: How long we should cache LDAP groups for (in seconds). Only applies if
AUTH_LDAP_CACHE_GROUPS
is true. - Type:
integer
- Default:
3600
- Description: How long we should cache LDAP groups for (in seconds). Only applies if
-
AUTH_LDAP_START_TLS
:- Description: Determines if we update to a secure LDAP connection using StartTLS after connecting.
- Type:
boolean
- Default:
true
-
AUTH_LDAP_PROTOCOL_VERSION
:- Description: If set, forces LDAP protocol version 3.
- Type:
integer
- Default: ``
-
AUTH_LDAP_TLS_CACERTFILE
:- Description: Path to a custom LDAP certificate authority file.
- Type:
string
- Default: ``
-
AUTH_LDAP_TLS_CERTFILE
:- Description: Path to a custom LDAP certificate file.
- Type:
string
- Default: ``
-
AUTH_LDAP_TLS_KEYFILE
:- Description: Path to a custom LDAP key file (matching the cert given in
AUTH_LDAP_TLS_CERTFILE
). - Type:
string
- Default: ``
- Description: Path to a custom LDAP key file (matching the cert given in
-
AUTH_LDAP_TLS_REQUIRE_CERT
:- Description: How strict to be regarding TLS certificate verification. Allowed values are "never", "allow", "try", "demand", or "hard". Corresponds to the TLSVerifyClient OpenLDAP setting.
- Type:
string
- Default: ``
These variables specify the behaviour of CAS authentication. Only applicable if ARCHIVEMATICA_DASHBOARD_DASHBOARD_CAS_AUTHENTICATION
is set.
-
AUTH_CAS_SERVER_URL
:- Description: Address of the CAS server to authenticate against. Defaults to CAS demo server.
- Type:
string
- Default:
https://django-cas-ng-demo-server.herokuapp.com/cas/
-
AUTH_CAS_PROTOCOL_VERSION
:- Description: Version of CAS protocol to use. Allowed values are "1", "2", "3", or "CAS_2_SAML_1_0".
- Type:
string
- Default:
3
-
AUTH_CAS_CHECK_ADMIN_ATTRIBUTES
:- Description: Determines if we check user attributes returned by CAS server to determine if user is an administrator.
- Type:
boolean
- Default:
false
-
AUTH_CAS_ADMIN_ATTRIBUTE
:- Description: Name of attribute to check for administrator status, if
AUTH_CAS_CHECK_ADMIN_ATTRIBUTES
is True. - Type:
string
- Default:
None
- Description: Name of attribute to check for administrator status, if
-
AUTH_CAS_ADMIN_ATTRIBUTE_VALUE
:- Description: Value in
AUTH_CAS_ADMIN_ATTRIBUTE
that indicates user is an administrator, ifAUTH_CAS_CHECK_ADMIN_ATTRIBUTES
is True. - Type:
string
- Default:
None
- Description: Value in
-
AUTH_CAS_AUTOCONFIGURE_EMAIL
:- Description: Determines if we auto-configure an email address for new users by following the rule username@domain.
- Type:
boolean
- Default:
false
-
AUTH_CAS_EMAIL_DOMAIN
:- Description: Domain to use for auto-configured email addresses, if
AUTH_CAS_AUTOCONFIGURE_EMAIL
is True. - Type:
string
- Default:
None
- Description: Domain to use for auto-configured email addresses, if
OIDC support is experimental, please share your feedback!
These variables specify the behaviour of OpenID Connect (OIDC) authentication. Only applicable if ARCHIVEMATICA_DASHBOARD_DASHBOARD_OIDC_AUTHENTICATION
is set.
-
OIDC_RP_CLIENT_ID
:- Description: OIDC client ID
- Type:
string
- Default: ``
-
OIDC_RP_CLIENT_SECRET
:- Description: OIDC client secret
- Type:
string
- Default: ``
-
AZURE_TENANT_ID
:- Description: Azure Active Directory Tenant ID - if this is provided, the endpoint URLs will be automatically generated from this.
- Type:
string
- Default: ``
-
OIDC_OP_AUTHORIZATION_ENDPOINT
:- Description: URL of OIDC provider authorization endpoint
- Type:
string
- Default: ``
-
OIDC_OP_TOKEN_ENDPOINT
:- Description: URL of OIDC provider token endpoint
- Type:
string
- Default: ``
-
OIDC_OP_USER_ENDPOINT
:- Description: URL of OIDC provider userinfo endpoint
- Type:
string
- Default: ``
-
OIDC_OP_JWKS_ENDPOINT
:- Description: URL of OIDC provider JWKS endpoint
- Type:
string
- Default: ``
-
OIDC_RP_SIGN_ALGO
:- Description: Algorithm used by the ID provider to sign ID tokens
- Type:
string
- Default:
HS256
CSP support is experimental, please share your feedback!
These variables specify the behaviour of the Content Security Policy (CSP) headers. Only applicable if ARCHIVEMATICA_DASHBOARD_DASHBOARD_CSP_ENABLED
is set.
CSP_SETTINGS_FILE
:- Description: Path to a Python module with overrides of the
django-csp
policy settings. AnImproperlyConfigured
exception will be raised if the Python module cannot be imported. - Type:
string
- Default: ``
- Description: Path to a Python module with overrides of the
Archivematica 1.6.1 and earlier releases are configured by default to log to
subdirectories in /var/log/archivematica, such as
/var/log/archivematica/dashboard/dashboard.debug.log
. Starting with
Archivematica 1.7.0, configuration defaults to using stdout and stderr
for all logs. If no changes are made to the new default configuration, logs
will be handled by whichever process is managing Archivematica's services. For
example on Ubuntu 16.04, Ubuntu 18.04 or CentOS 7, Archivematica's processes are
managed by systemd. Logs for the Dashboard can be accessed using
sudo journalctl -u archivematica-dashboard
. When running Archivematica using
docker, docker compose logs
commands can be used to access the logs from
different containers.
The dashboard will look in /etc/archivematica
for a file called
dashboard.logging.json
, and if found, this file will override the default
behaviour described above.
The dashboard.logging.json
file in this directory
provides an example that implements the logging behaviour used in Archivematica
1.6.1 and earlier.