# Redis Commander - Configuration
This file describes all parameters settable at the
configuration files inside the `config` folder.
Redis Commander uses the node "config" module (https://github.com/lorenwest/node-config)
More information about possible file formats and config file names
as well as there evaluation order can be found in the wiki of the node-config
project.
## Configuration data
The entire system can be configured within the json configuration files located below the `config/` folder.
Some parameters can be set additionally via environment variable and/or command line parameter.
Whenever this is possible the name of the environment variable is listed too as well as a flag to
show when it can be set as cli parameter (overwriting the config file as well as the environment variable)
### 1. General Parameter
All top-level configuration data are
| Name | Type | Default | Cli | Environment-Var | Description |
|-------------|---------|---------|---------------|-----------------|---|
| noSave | boolean | false | --nosave | NOSAVE | do not persist changes in active connection list |
| noLogData | boolean | false | --no-log-data | NO_LOG_DATA | do not log values of redis keys to console |
| ui | object | | | | see section 2. User interface parameter|
| redis | object | | | | see section 3. General Redis connection parameter |
| server | object | | | | see section 4. Express HTTP Server parameter |
| connections | list | [] | | | see section 5. Redis Connections |
### 2. User interface parameter
The `ui` object contains configuration values regarding the web user
interface of Redis Commander.
| Name | Type | Default | Cli | Environment-Var | Description |
|----------------------|-------------|---------|----------------|---------------------|---|
| ui.sidebarWidth | number | 250 | | | start width in pixel of the tree view on the left side of the ui. |
| ui.locked | boolean | false | | | if "true" do not change height of command line, otherwise increase height if cli is active |
| ui.cliHeight | number | 320 | | | start height in pixel of the command line at the bottom (if opened) |
| ui.cliOpen | boolean | false | | | start with maximized cli height on "true", with minimized one on "false" |
| ui.foldingChar | string | ':' | --folding-char | FOLDING_CHAR | character to use for creation of a virtual hierarchical tree of all keys. e.g key 'top/sub/mykey' is divided into a folder 'top' containing the folder 'sub' with the key 'mykey' inside it. |
| ui.jsonViewAsDefault | string list | 'none' | | VIEW_JSON_DEFAULT | comma separated list of data types where valid json data should be displayed as JSON tree object instead of plain string. Default '' or 'none' displays no data as string, 'all' displays all data-types supported as JSON objects.
Example: "string,hash" only displays these two types as JSON if possible per default
Values supported: '', 'none', 'all', 'string', 'list', 'set', 'zset', 'hash' |
| ui.binaryAsHex | boolean | true | | BINARY_AS_HEX | do not display binary data as string but in hexadecimal view |
| ui.maxHashFieldSize | number | 0 | | MAX_HASH_FIELD_SIZE | The max number of bytes for a hash field before you must click to view it. Defaults to 0, which is disabled |
#### Configure Treeview for Redis keys - Folding Character
The global UI parameter "foldingChar" can be overwritten on a per connection base with the same parameter
within a specific connection object.
Example:
```json
{
"ui": {
"foldingChar": ":"
},
"connections": [{
"host": "10.2.3.4"
},
{
"host": "10.9.8.7",
"foldingChar": "/"
}
]
}
```
Now the first connection to host 10.2.3.4 creates virtual folders on the ':' key (global default)
while the second connection to 10.9.8.7 uses '/' here:
```
10.2.3.4
|- blah:
| |- blub => Key blah:blub
|- yadda/yammi
10.9.8.7
|- blah:blub
|- yadda/
|- yammi => Key yadda/yammi
```
### 3. General Redis connection parameter
| Name | Type | Default | Cli | Environment-Var | Description |
|----------------------------|---------|-------------------|----------------|-----------------------|---|
| redis.readOnly | boolean | false | --read-only | READ_ONLY | use Redis Commander in read-only mode - if set to "true" no commands modifying data are allowed (ui and command line) |
| redis.flushOnImport | boolean | false | | FLUSH_ON_IMPORT | flag to either check "flush" checkbox (true) on import page or uncheck (false) it. If "true" the entire database is flushed before bulk importing the data. |
| redis.useScan | boolean | true | --use-scan | USE_SCAN | use redis "SCAN" command instead of "KEYS" to enumerate all keys inside db for display |
| redis.scanCount | number | 100 | --scan-count | SCAN_COUNT | number of keys read when using SCAN cursor instead of KEYS (useScan must be true) |
| redis.rootPattern | string | '*' | --root-pattern | ROOT_PATTERN | filter pattern to use at start, can be used to exclude some date inside redis db |
| redis.connectionName | string | 'redis-commander' | | REDIS_CONNECTION_NAME | connection name to set at redis client for easier identification of clients at redis server (command "client list") |
| redis.defaultLabel | string | 'local' | | REDIS_LABEL | default label to display for a connection if no label is specified (e.g. for connection from env vars or command line) |
| redis.defaultSentinelGroup | string | 'mymaster' | | | default redis database group if using sentinels to connect and no special database group via connection param 'sentinelName' is given. |
| redis.extraAllowedReadOnlyCommands | list | ['select', 'info'] | | | list of additional redis commands allowed if set to read-only. See remark below |
#### Read-Only Mode
Setting the parameter `redis.readOnly` to `true` only commands not changing data are allowed. As Default the list with all read-only commands
is directly queried from the server (calling "COMMANDS") and parsing the output for the "readonly" flag.
Some commands are not marked as read-only by there server - adding these commands to the list at `redis.extraAllowedReadOnlyCommands`
allows them too being in readOnly mode. This list is not used if all commands are allowed (readOnly=false).
Attention: if this list shall be changed (ore set to emtpy) within a local config file (like `local.json`) the new
value _overwrites_ the default list defined in the `default.json` file. The values are not appended and the full list of allowed
commands must be configured in the local file.
Example (shortened) output from "COMMANDS" command showing `dbsize` flagged as readonly while `select` is not
```
61) 1) "select"
2) (integer) 2
3) 1) loading
2) fast
4) (integer) 0
5) (integer) 0
6) (integer) 0
...
86) 1) "dbsize"
2) (integer) 1
3) 1) readonly
2) fast
4) (integer) 0
5) (integer) 0
6) (integer) 0
...
```
### 4. Express HTTP Server parameter
| Name | Type | Default | Cli | Environment-Var | Description |
|---------------------------|-------------------|-----------------|---------------|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| server.address | string | '0.0.0.0' | --address | ADDRESS | ip address of interface to bind http server to, use 0.0.0.0 to bind to all interfaces |
| server.port | number | 8081 | --port | PORT | port to listen on for HTTP server |
| server.urlPrefix | string | '' | --url-prefix | URL_PREFIX | path prefix to run Redis Commander at, can be used if run behind a reverse proxy with different path set (e.g. /rc), if set must start with '/' |
| server.signinPath | string | 'signin' | | SIGNIN_PATH | path added after urlPrefix as route to send login requests too. Some platforms (e.g. github codespaces) may require changing this path. |
| server.httpAuthHeaderName | string | 'Authorization' | | NAUGHTY_ISTIO_WORKAROUND_HEADER | set HTTP header name for our own JWT session token to some non-standard name beside 'Authorization' |
| server.trustProxy | boolean or string | false | --trust-proxy | TRUST_PROXY | should be set to true if run behind a reverse proxy and 'X-Forwarded-For' headers shall be trusted to get real client ip for logging, this parameter maps directly to the Express "trust proxy" setting (https://expressjs.com/de/guide/behind-proxies.html) |
| server.clientMaxBodySize | number or string | '100kb' | | CLIENT_MAX_BODY_SIZE | number in bytes or a string with size and SI-unit, this parameter maps to the "limit" options of body-parser (https://github.com/expressjs/body-parser#limit) |
| server.auth | object | | | | see section 4.1 Authentication |
#### 4.1 Authentication configuration for HTTP server
To enable HTTP authentication inside Redis Commander set a username
and either a password (clear text) or a passwordHash.
If username is empty Redis Commander does not use any authentication leaving
all your redis keys accessible to anyone. This mode may be used
if an HTTP reverse proxy in front of Redis commander performs
the user authentication.
Please be aware that using an HTTP reverse proxy for authentication and
not using Redis Commander builtin auth allows (at least) all users having
accounts on the server running Redis Commander to connect via localhost directly
to via app port (e.g. 8081) unauthenticated!
| Name | Type | Default | Cli | Environment-Var | Description |
|------------------------------|--------|---------|----------|--------------------|---|
| server.httpAuth.username | string | '' | --http-u | HTTP_USER | set a username and either password or passwordHash to |
| server.httpAuth.password | string | '' | --http-p | HTTP_PASSWORD | clear text password to use for HTTP Basic auth (either password or passwordHash allowed) |
| server.httpAuth.passwordHash | string | '' | --http-h | HTTP_PASSWORD_HASH | password hash to use for HTTP Basic auth (either password or passwordHash allowed) |
| server.httpAuth.jwtSecret | string | '' | | | Shared Secret used to sign JWT tokens for all future requests after initial login to not send HTTP basic auth header on all requests. If this value is empty a random value is generated on every startup. |
Using HTTP authentication all further requests to the server are secured with an JWT token generated by Redis-Commander that is changed
quite often.
Remark: Using Redis commander inside a Kubernetes cluster secured with Istio authentication no other apps than Istio are allowed
to use the HTTP standard "Authentication" header anymore. Istio does not play along with others - it just tries to validate
every connection using the RFC conformant HTTP header and (naturally) fails doing so. Failing JWT validation it just resets the
HTTP connection and no more communication allowed.
To work around Istio cutting in the line the name of the authorization header can be changed to something else ignored by Istio.
(config value "server.httpAuthHeaderName" or environment variable NAUGHTY_ISTIO_WORKAROUND_HEADER)
### 5. Redis Connections
All Connections use be redis commander are defined as
entries of the "connections" list. The possible
values for a connection are described in the [connections.md]()
file.
## Environment Variables
All possible environment variables with their mapping
to configuration data are defined inside the file
[custom-environment-variables.json](../config/custom-environment-variables.json).
This file can be extended if there is any need to define
more environment variables for custom config data like
connection configs.