Configuration¶
Bifract is configured via environment variables. The recommended way to install and configure Bifract is via bifract, which generates secure defaults for all credentials and settings. After setup, only minimal tweaking should be required (SSO, domain, etc.).
A complete reference of all variables with comments is available in .env.example.
| Variable | Default | Description |
|---|---|---|
BIFRACT_PORT |
8080 |
HTTP server port |
BIFRACT_MAX_QUERY_ROWS |
10000 |
Maximum rows returned per query |
BIFRACT_SECURE_COOKIES |
false |
Set true to enable Secure flag on session cookies (requires HTTPS) |
POSTGRES_HOST |
localhost |
PostgreSQL host |
POSTGRES_PORT |
5432 |
PostgreSQL port |
POSTGRES_DB |
bifract |
PostgreSQL database name |
POSTGRES_USER |
bifract |
PostgreSQL username |
POSTGRES_PASSWORD |
bifract |
PostgreSQL password |
CLICKHOUSE_HOST |
localhost |
ClickHouse host |
CLICKHOUSE_PORT |
9000 |
ClickHouse port |
CLICKHOUSE_DB |
logs |
ClickHouse database name |
CLICKHOUSE_USER |
default |
ClickHouse username |
CLICKHOUSE_PASSWORD |
(empty) | ClickHouse password |
BIFRACT_CORS_ORIGINS |
http://localhost:8080,http://127.0.0.1:8080 |
Comma-separated allowed CORS origins |
BIFRACT_DOMAIN |
localhost |
Domain for Caddy reverse proxy (used for automatic HTTPS) |
BIFRACT_PASSWORD_PEPPER |
(generated by bifract) | Secret added to password hashes. Set once at install time; changing it invalidates all passwords |
BIFRACT_FEED_ENCRYPTION_KEY |
(generated by bifract) | AES key for encrypting private Git repository credentials in alert feeds |
BIFRACT_IP_ACCESS |
all |
IP access mode: restrict-app, restrict-all, mtls-app, or all. See Reverse Proxy |
BIFRACT_ALLOWED_IPS |
(empty) | Comma-separated IPs or CIDR ranges allowed when IP access is restricted |
BIFRACT_METRICS_ENABLED |
false |
Set true to enable the Prometheus metrics endpoint |
BIFRACT_METRICS_ADDR |
:9090 |
Listen address for the metrics server (separate from the main app) |
BIFRACT_ARCHIVE_MAX_MEMORY |
3000000000 |
Per-query ClickHouse memory ceiling (bytes) for archive reads |
BIFRACT_ARCHIVE_MAX_DURATION |
24h |
Maximum wall-clock time an archive is allowed to run |
BIFRACT_ARCHIVE_MAX_ERROR_TIME |
30m |
Maximum cumulative time spent waiting on retries before the archive fails |