# Additional Configuration
This page contains additional system configuration options that are provided for self-managed Appmixer installations. See the [System Configuration](https://docs.appmixer.com/appmixer-backoffice/system-configuration) for the rest of the configuration options. The options below can be set via the environment variables on the instances of the Appmixer engine.
## API and Worker nodes
Appmixer 6.2 introduces the ability to easily start a pod as either an API node or a worker node. If you deployed Appmixer using the Helm Chart, no action is required—the chart already supports separate API and worker nodes.
#### Running an API node only
To run a node as an API node only, pass the `--no-worker` argument in your deployment configuration (engine.yaml):
```yaml
...
spec:
containers:
- args:
- -c
- node gridd.js --http --no-worker ## API node only
command:
- /bin/sh
...
```
#### Running a worker node only
To run a node as a worker only, do not use the `--http` argument. The pod must be started without any arguments.
You will need to create a separate deployment configuration for the worker node. This can be a copy of engine.yaml with the arguments removed:
```yaml
...
spec:
containers:
- args:
- -c
- node gridd.js ## Worker node only
command:
- /bin/sh
...
```
## Logging
#### LOG\_LEVEL
By default set to `info`. It can be changed to `error`, `warn` or `debug`.
#### LOG\_COMPONENT\_DATA\_MESSAGE
When set to `false`, the component's input/output messages won't be logged into Elasticsearch.
{% hint style="info" %}
Important! Appmixer Insights and Designer log messages won't contain any items if logging data messages are turned off.
{% endhint %}
#### APPMIXER\_HTTPS\_PROXY and APPMIXER\_HTTP\_PROXY
Configure an HTTP proxy. All HTTP(S) requests from Appmixer will be redirected to the proxy URL.
## Token Encryption
Most of the connectors in Appmixer require user authentication. That can be represented as OAuth access tokens, API keys, or username/password combinations.
To enable token encryption, set the `ENCRYPTION_ENABLED` environment variable to `true`. With that, also set the `ENCRYPTION_SECRET` environment variable to a secret string (see below for an example on how to generate it).
```
# Turning the encryption on
ENCRYPTION_ENABLED=true
# Setting the encryption secret (generate your own!)
ENCRYPTION_SECRET=0EC0136A5187A09E21D03819A0EFFD259070CE23213B260A1444412EFD910503
```
```sh
# Generate the encryption secret
openssl enc -aes-256-gcm -k secret -P -md sha1
# copy the 'key' and put it to ENCRYPTION_SECRET
```
{% hint style="danger" %}
If you lose the encryption secret, you will not be able to recover the encrypted tokens.
{% endhint %}
## MinIO/S3
Appmixer contains a MinIO plugin. If this plugin is turned on, Appmixer will store all user files (files created either through Appmixer flows or through the [/files](https://docs.appmixer.com/api/files) API) in the MinIO/S3 server.
{% hint style="warning" %}
The plugin cannot migrate existing files from MongoDB to MinIO. It has to be turned on when Appmixer is installed before the files are created. If you already have files in MongoDB and want to start using MinIO, you have to migrate the data.
{% endhint %}
To enable the plugin, add `minio` to the SYSTEM\_PLUGINS (comma-separated list of plugins) ENV variable (this variable cannot be set dynamically through the Backoffice - System Configuration):
```sh
# Turning on the plugin
SYSTEM_PLUGINS=minio
# Required variables
MINIO_ACCESS_KEY=admin
MINIO_SECRET_KEY=secretKey
MINIO_ENDPOINT=192.168.1.8 # s3.amazonaws.com to connect to AWS S3
# Optional variables
# Default value set to 80 for HTTP and 443 for HTTPS.
MINIO_PORT=9000
# Set this value to 'true' to enable secure (HTTPS) access
MINIO_USE_SSL=true
MINIO_REGION=eu-central-1
# All files will be stored by default in the 'appmixer-files' bucket
MINIO_BUCKET_NAME=appmixer-files
```
If you want to use AWS S3, use the following permissions:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:ListMultipartUploadParts",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::appmixer-files/*",
"arn:aws:s3:::appmixer-files"
]
}
]
}
```
## Forgot Password Service
Appmixer provides an [API](https://docs.appmixer.com/api/user#forgot-password) to reset forgotten passwords. This works together with the Appmixer Studio interface (not the Appmixer SDK).
In order to create a link that can be sent to the user, the Appmixer engine needs to know the frontend URL, there are two variables that can be set for that:
Key
Detail
Default value
Required
APPMIXER_FE_URL
The Frontned URL
http://localhost:8080
false
RESET_PASSWORD_FE_URL_SUFFIX
URL path with the reset password form
reset-password
false
Without any changes, the *link* will be .
That link has to be then delivered to the user. There are two ways this can be done:
#### Webhook
You can register a system webhook that will be triggered every time a user requests to change their password. The webhook URL can be registered under the key WEBHOOK\_USER\_FORGOT\_PASSWORD and the JSON object sent to that URL will be:
```json
{
"code": 'unique code generated for identifying forgot password request',
"email": 'email address of the user',
"userId": 'User Id',
"created": 'date when a user requested for forgot password',
"link": 'Link to access forgot password page on the frontend'
}
```
You can use Appmixer to create a simple flow, that would send emails with the *reset password* link.
#### SMTP
The other way is to configure the SMTP server, Appmixer will then send an email with the reset password link to the user's email address.
Key
Detail
Default value
Required
MAIL_SMTP_HOST
SMTP server address
true
MAIL_SMTP_PORT
SMTP server port
465
false
MAIL_SMTP_USER
username
true
MAIL_SMTP_PASS
password
true
MAIL_FROM_NAME
Sender name
Appmixer
false
MAIL_FROM_EMAIL
Sender email
info@appmixer.com
false
FORGOT_PASSWORD_MAIL_SUBJECT
Reset password email subject.
Reset your password
false
FORGOT_PASSWORD_MAIL_BODY
The reset password email body.
See below
false
The default email body:
```
Hi,
You have requested to reset your password. Please click on the link below to reset your password.
If you are unable to click on the link, please copy and paste the following link into your browser:
{{link}}
```
{% hint style="info" %}
If the forgot password webhook is configured as explained above, the Appmixer engine will not send the email to the user and it will trigger the webhook instead.
{% endhint %}
### Context Quotas
Components produce messages using the `context.sendJson()` function. An internal quota mechanism controls how many messages a user can produce.
This is the default configuration:
```json
// QUOTA_CONTEXT_SEND
[
{
# 'user' can generate 100 messages per second (across all their flows)
"limit": 100,
"scope": "user",
"windowInSeconds": 1,
"name": "send:1s"
},
{
# 'user' can generate 1000 messages per minute (across all their flows)
"limit": 1000,
"scope": "user",
"windowInSeconds": 60,
"name": "send:60s"
},
{
# 'user' can generate 20000 messages per day (across all their flows)
"limit": 20000,
"scope": "user",
"windowInSeconds": 86400,
"name": "send:1d"
}
]
```
```json
// QUOTA_CONTEXT_SLOW_QUEUE
[
{
# 'user' can generate 100000 messages per minute (across all their flows)
# everything that exceeds this limit will be thrown away
"limit": 100000,
"scope": "user",
"windowInSeconds": 60,
"name": "slowQueue:60s"
},
{
# 'user' can generate 5000000 messages per day (across all their flows)
# everything that exceeds this limit will be thrown away
"limit": 5000000,
"scope": "user",
"windowInSeconds": 86400,
"name": "slowQueue:1d"
}
]
```
Each call to `context.sendJson()` increases the quota. If a limit is reached, the message is placed in a *Slow Queue*. Messages in the Slow Queue are processed at a much slower rate and only when sufficient resources are available. This ensures that one user’s flows do not consume excessive resources and block other users.
If you want to change the default values, you can use the Env variables QUOTA\_CONTEXT\_SEND and QUOTA\_CONTEXT\_SLOW\_QUEUE, you can set them in the Backoffice.
QUOTA\_CONTEXT\_SEND default value, you can copy\&paste this to the Backoffice and modify.
```json
[{"limit":100,"scope":"user","windowInSeconds":1,"name":"send:1s"},{"limit":1000,"scope":"user","windowInSeconds":60,"name":"send:60s"},{"limit":20000,"scope":"user","windowInSeconds":86400,"name":"send:1d"}]
```
QUOTA\_CONTEXT\_SLOW\_QUEUE default value, you can copy\&paste this to the Backoffice and modify.
```json
[{"limit":100000,"scope":"user","windowInSeconds":60,"name":"slowQueue:60s"},{"limit":500000
```
## Garbage Collectors
### Files
The garbage collector for files can be turned off with GC\_FILES\_ENABLED (set to false). The behavior can be controlled by a set of rules GC\_FILES\_RULES.
This is the default set:
```json
[
{
scope: 'user',
/**
* The GC will never delete files created in the past fileTTL (in minutes). By default,
* set to 720 hours. The reason is to prevent the GC from removing files that could be needed by the
* flows.
*/
ttl: 720, // 30 days
/**
* The user will be blocked to save any files if the limit is reached.
*/
hardLimit: 1000 * 1000 * 1000 * 2 // 2 GB in bytes
}
]
```
The value of GC\_FILES\_RULES is a stringified array of rules. There can be a different rule for each scope of users. Each rule has to have exactly 3 properties - `scope`, `ttl` and `hardLimit`.
Example:
```json
[{"scope":"user","ttl":720,"hardLimit":2000000000},{"scope":"admin","ttl":1440,"hardLimit":90000000000}]
```
In this example, the admin users can store files up to 90GB and their files will be deleted after 1440 hours (60 days).
When the users exceed the `hardLimit`, they he will not be able to create more files. To get unblocked, they must delete some of their files and get under the limit.
{% hint style="info" %}
The garbage collector does not remove files uploaded via the Files API, or files marked as `archived.`
{% endhint %}
