Environment Variables Settings

Many aspects of the functionality of Fanar can be changed with settings. Settings are read by fanar.settings from environment variables. For Docker Compose deployments, set them in a .env file at the root of the Fanar application repository.

The follow is a list of settings and what they control:

Name	Description	Default Value
FANAR_ADDITIONAL_DESTINATIONS	Comma-separated list of non-default alert destinations to be enabled
FANAR_ADDITIONAL_QUERY_RUNNERS	Comma-separated list of non-default query runners to be enabled
FANAR_ADHOC_QUERY_TIME_LIMIT	Time limit for adhoc queries (in seconds)	None
FANAR_ALERTS_DEFAULT_MAIL_BODY_TEMPLATE_FILE	HTML template used to format email alerts. Custom alert variables are supported. By convention, CSS is permitted within the <head> section.	templates/emails/alert.html
FANAR_ALERTS_DEFAULT_MAIL_SUBJECT_TEMPLATE	Subject used for email alert notifications. {state} and {alert_name} are the only available variables.	({state}) {alert_name}
FANAR_ALLOW_SCRIPTS_IN_USER_INPUT	Disable sanitization of text input, allowing full HTML	false
FANAR_AUTH_TYPE	May be either api_key or hmac. Implemented here	api_key
FANAR_BIGQUERY_HTTP_TIMEOUT	HTTP timeout for the BigQuery query runner	600
FANAR_BLOCKED_DOMAINS	Comma separated of email domains that cannot create user accounts	"qq.com"
FANAR_COOKIE_SECRET	Required. Used for various cryptographic features of the web server. Read more about how Fanar uses secret keys here
FANAR_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS		false
FANAR_CORS_ACCESS_CONTROL_ALLOW_HEADERS		Content-Type
FANAR_CORS_ACCESS_CONTROL_ALLOW_ORIGIN
FANAR_CORS_ACCESS_CONTROL_REQUEST_METHOD		GET, POST, PUT
FANAR_DASHBOARD_REFRESH_INTERVALS	Comma-separated list of integer seconds that will be allowed for dashboard refresh	60,300,600,1800,3600,43200,86400
FANAR_DATABASE_URL	URL the Fanar server and worker services will use to access the metadata database	postgresql://postgres
FANAR_DATE_FORMAT	Moment.js format to be used throughout the web application	DD/MM/YY
FANAR_DISABLED_QUERY_RUNNERS	Comma-separated list of query runners that will not appear in Fanar
FANAR_DISABLE_PUBLIC_URLS	Whether to disable access to public URLs	"false"
FANAR_ENABLED_DESTINATIONS	Comma-separated list of alert destinations to be enabled (e.g. fanar.destinations.email,fanar.destinations.slack )	”,”.join(default_destinations)
FANAR_ENABLED_QUERY_RUNNERS	Comma-separated list of query runners to be enabled (e.g. fanar.query_runner.pg,fanar.query_runner.mysql)	”,”.join(default_query_runners)
FANAR_ENFORCE_CSRF	Enforce CSRF token validation on API requests. This is turned off by default to avoid breaking any existing deployments, but it is highly recommended to turn this toggle on to prevent CSRF attacks.	false
FANAR_ENFORCE_HTTPS	This is passed to Flask-Talisman	false
FANAR_EVENT_REPORTING_WEBHOOKS	Comma-separated list of webhook URLs that to which events will be forwarded
FANAR_FEATURE_ALLOW_CUSTOM_JS_VISUALIZATIONS	Enable the custom visualization option. This appears as a sub-type of "Chart" visualizations in the UI.	true
FANAR_FEATURE_AUTO_PUBLISH_NAMED_QUERIES	Automatically publish a new query after its name is changed from "New Query"	true
FANAR_FEATURE_DISABLE_REFRESH_QUERIES	Disable scheduled query execution	false
FANAR_FEATURE_SHOW_PERMISSIONS_CONTROL	Enable experimental multiple owners support	false
FANAR_FEATURE_SHOW_QUERY_RESULTS_COUNT	Disable/enable showing count of query results in status	true
FANAR_GOOGLE_OAUTH_SCHEME_OVERRIDE	Override the scheme used for Google OAuth. This is useful when running Fanar behind a reverse proxy that terminates SSL.
FANAR_GOOGLE_CLIENT_ID	The client ID to use for Google Login, be sure to set a client secret as well
FANAR_GOOGLE_CLIENT_SECRET	The client secret to use for Google Login, be sure to set a client id as well
FANAR_HOST	The URL host used in emails sent to users (invites, alerts, notifications) etc.
FANAR_INVITATION_TOKEN_MAX_AGE	An integer number of seconds after which an invitation link will expire	60 _ 60 _ 24 * 7
FANAR_JOB_EXPIRY_TIME	TTL in seconds for jobs placed in queue. If a job is not picked up by a worker within this TTL it will expire.	3600 * 12
FANAR_JWT_AUTH_ALGORITHMS		HS256,RS256,ES256
FANAR_JWT_AUTH_AUDIENCE
FANAR_JWT_AUTH_COOKIE_NAME
FANAR_JWT_AUTH_HEADER_NAME
FANAR_JWT_AUTH_ISSUER
FANAR_JWT_AUTH_PUBLIC_CERTS_URL	RSA public key in JSON Web Key (JWK) format for HTTP, or PEM for a FILE location
FANAR_JWT_LOGIN_ENABLED		false
FANAR_LDAP_BIND_DN_PASSWORD
FANAR_LDAP_BIND_DN		None
FANAR_LDAP_CUSTOM_USERNAME_PROMPT		LDAP/AD/SSO username:
FANAR_LDAP_DISPLAY_NAME_KEY		displayName
FANAR_LDAP_EMAIL_KEY		mail
FANAR_LDAP_LOGIN_ENABLED		false
FANAR_LDAP_SEARCH_DN		FANAR_SEARCH_DN
FANAR_LDAP_SEARCH_TEMPLATE		(cn=%(username)s)
FANAR_LDAP_URL		None
FANAR_LIMITER_STORAGE	Mapped directly to Flask-Limiter's storage_uri.	REDIS_URL
FANAR_LOG_LEVEL	Logging messages which are less severe than level will be ignored. Read more about Python logging here	INFO
FANAR_MAIL_ASCII_ATTACHMENTS		false
FANAR_MAIL_DEFAULT_SENDER		None
FANAR_MAIL_MAX_EMAILS		None
FANAR_MAIL_PASSWORD		None
FANAR_MAIL_PORT		25
FANAR_MAIL_SERVER		localhost
FANAR_MAIL_USERNAME		None
FANAR_MAIL_USE_SSL		false
FANAR_MAIL_USE_TLS		false
FANAR_MULTI_ORG	Whether to enable multi-org mode. Note: Multi-org mode is not documented or supported at this time	false
FANAR_PASSWORD_LOGIN_ENABLED	Toggle to allow password login. Often disabled if Google Login, SAML, LDAP, or REMOTE_USER_LOGIN are enabled.	true
FANAR_PROXIES_COUNT	Passed to Werkzeug's ProxyFix to make sure we get the right referral address even behind proxies like nginx.	1
FANAR_QUERY_REFRESH_INTERVALS	Comma-separated list of integer seconds that will be allowed for scheduled query refresh	60, 300, 600, 900, 1800, 3600, 7200, 10800, 14400, 18000, 21600, 25200, 28800, 32400, 36000, 39600, 43200, 86400, 604800, 1209600, 2592000
FANAR_QUERY_RESULTS_CLEANUP_COUNT	The number of results to cleanup during each call to cleanup_query_results	100
FANAR_QUERY_RESULTS_CLEANUP_ENABLED	Whether the job to cleanup unused query results should run automatically	true
FANAR_QUERY_RESULTS_CLEANUP_MAX_AGE	Integer number of days, past which a query result may be cleaned up if it is not referenced by another query.	7
FANAR_QUERY_RESULTS_EXPIRED_TTL_ENABLED	Enable the query result set default expired ttl.	false
FANAR_QUERY_RESULTS_EXPIRED_TTL	Default set query results expired ttl 86400 seconds.	86400
FANAR_REDIS_URL	URL Fanar services will use to read and write to redis	“redis://localhost:6379/0”
FANAR_REMOTE_USER_HEADER	Name of header to use if FANAR_REMOTE_USER_LOGIN_ENABLED is true	X-Forwarded-Remote-User
FANAR_REMOTE_USER_LOGIN_ENABLED	Enables the use of an externally-provided and trusted remote user via an HTTP header. The "user" must be an email address. More details	false
FANAR_SAML_ENTITY_ID
FANAR_SAML_METADATA_URL
FANAR_SAML_NAMEID_FORMAT
FANAR_SCHEDULED_QUERY_TIME_LIMIT	Time limit for scheduled queries (in seconds)	None
FANAR_SCHEMAS_REFRESH_SCHEDULE	How often to refresh the data source schemas (in minutes)	30
FANAR_SCHEMAS_REFRESH_TIMEOUT	Time limit for refreshing the data source schemas (in seconds)	300
FANAR_SCHEMA_RUN_TABLE_SIZE_CALCULATIONS	Enable showing the size of each table in the schema browser.	false
FANAR_SENTRY_DSN
FANAR_STATIC_ASSETS_PATH	Directory that contains all front-end assets. Relative to the ./fanar directory	”../client/dist/”
FANAR_STATSD_HOST	Host for STATSD daemon	127.0.0.1
FANAR_STATSD_PORT	Port for STATSD daemon	8125
FANAR_STATSD_PREFIX	Prefix for metrics sent to STATSD daemon	fanar
FANAR_STATSD_USE_TAGS	Whether to use tags in StatsD metrics (InfluxDB’s format)	false
FANAR_THROTTLE_LOGIN_PATTERN	The Flask-Limiter string pattern used to rate limit requests to the /login route.	50/hour
FANAR_VERSION_CHECK	Toggle whether to periodically check if a newer version of Fanar is available.	true
FANAR_WEB_WORKERS	How many processes will gunicorn spawn to handle web requests	4