Documentation
Configure

Configuration reference

Environment variables

These environment variables can be set in the .env (opens in a new tab) file or in the environment where the docker-compose is run. Note that these environment variables may not be the same as the ones used by individual containers. Refer to the docker-compose.yml (opens in a new tab) file for the environment variables used by each container.

For example, to set the log level of the scanner container, use the LOG_LEVEL environment variable:

docker-compose.yml
  scanner:
    environment:
      LOG_LEVEL: ${SCANNER_LOG_LEVEL:-info}

Required

NameDescription
SCANNER_TOKENSecret key used by the scanner container to authenticate to the backend.

Optional

NameDescriptionDefault
EXTERNAL_URLURL of the Webhood instance used by end users to access the backend if the backend.
SELF_REGISTERAllow users to signup themselves instead of requiring administrators to create new user accounts manually. Exposes a Register tab in the login page. New accounts are created with authenticated role. To promote users to another role, administrators need to change the role manually in user management page.false
SCANNER_NO_PRIVATE_IPSPrevent scanner from scanning URLs that resolve to private IP addressess. Enabling this setting causes the scanner to also not scan any URLs that cannot be resolved from DNS. This security feature helps with network isolation but does not replace the need for it (see security considerations).false
SCANNER_LOG_LEVELLogging level of the scanner. Possible values are fatal | error | warn | info | debug | trace.info
WEBHOOD_HTTP_PORTPort to listen on insecurely. Use this only for evaluation.8000
WEBHOOD_HTTPS_PORTPort to listen on TLS8443
WEBHOOD_TLS_CERTPath to TLS certificate
WEBHOOD_TLS_KEYPath to TLS key
HTTP_PROXYURL of the HTTP proxy to use for outgoing connections in scanner container
HTTPS_PROXYURL of the HTTPS proxy to use for outgoing connections in scanner container
NO_PROXYComma-separated list of hosts to not use the proxy for in scanner container