Configuration Options
You’ll likely want to customize some of Document Engine’s options for your own app. Configuration options for Document Engine are exposed via environment variables for the document-engine
container.
Setting of these options is supported through Helm values.
General
-
PORT
— This option determines the port where Document Engine listens for traffic. -
HTTP_PROXY
orHTTPS_PROXY
— A URL of a proxy server used for Document Engine’s HTTP client. Used when fetching remote documents; contacting PSPDFKit’s licensing service; and interacting with the signing service, OSCP, and time stamping authorities. -
ALLOW_DOCUMENT_UPLOADS
— Allow or prevent uploading documents to Document Engine. Supported values aretrue
andfalse
. The default value for this option istrue
. -
ALLOW_REMOTE_DOCUMENTS
— Allow or prevent adding documents from URLs to Document Engine. Supported values aretrue
andfalse
. The default value for this option istrue
. -
ALLOW_DOCUMENT_GENERATION
— Allow or prevent creating documents with PDF Generation. The default value for this option istrue
. -
ALLOW_REMOTE_ASSETS_IN_GENERATION
— Allow or prevent loading the resources from the network during PDF generation. If set tofalse
, any images, stylesheets, and other assets won’t be loaded from external URLs. The default value for this option istrue
. -
AUTOMATIC_LINK_EXTRACTION
— Automatically extract link annotations from text. Check out the link annotations guide for more information. The default value for this option isfalse
. -
IGNORE_INVALID_ANNOTATIONS
— If set totrue
, Document Engine will ignore invalid annotations on PDF export instead of throwing an error. Invalid annotations will still be logged. If set tofalse
, PDF export for PDFs containing invalid annotations will throw and log an error. Supported values aretrue
andfalse
. The default value for this option istrue
. -
MIN_SEARCH_QUERY_LENGTH
— This option defines the minimum amount of characters required to start a search on a document. By default, the minimum length is three characters.
Trust and Secrets
-
ACTIVATION_KEY
— Online license activation key or offline license key. See more in our product activation guide. -
API_AUTH_TOKEN
— A string used for authenticating with the Server API. Choose a sufficiently long random string for this option to prevent unauthorized access to the API. -
SECRET_KEY_BASE
— A string used as the base key for deriving secret keys for the purposes of authentication. Choose a sufficiently long random string for this option. To generate a random string, useopenssl rand -hex 256
. -
JWT_PUBLIC_KEY
— This is the public key used to verify the JSON Web Token (JWT) payload signature. Ensure that this public key corresponds to the private key used to generate JWTs in your app. For more information, see the [authentication][] guide. -
JWT_ALGORITHM
— The algorithm used for JSON Web Token (JWT) verification. This should be the same as the one you’ll use for signing JWTs in your app. Supported algorithms: RS256, RS512, ES256, ES512. See RFC 7518 for details about specific algorithms. -
DASHBOARD_USERNAME
,DASHBOARD_PASSWORD
— The username and password to access the dashboard. To disable the dashboard, leave these unset. -
REPLACE_SECRETS_FROM_ENV
— TakeJWT_PUBLIC_KEY
,SECRET_KEY_BASE
, andDASHBOARD_PASSWORD
values from environment variables. The default value istrue
. The alternative approach is setting the secrets through the API. Check the secrets management guide for more information. -
TRUSTED_PROXIES
— A comma-separated list of IP addresses or IP address ranges of trusted proxies in front of Document Engine. Setting this todefault
will use private IP address ranges.When set, Document Engine will examine some of the request headers to determine the IP address of the actual client, even if Document Engine is behind one or more proxies.
Leaving this empty or omitting the setting completely will make Document Engine use the IP address of the immediate connection that sent a request.
-
DOWNLOADER_CERT_FILE_PATH
— This option allows you to configure a certificate that’s used to verify the TLS certificate of the server when downloading a remote document. Defaults to the Mozilla-included CAs saved as/certificate-stores-downloader/root-certificates.pem
within the Document Engine container. Refer to our certificate trust configuration guide for more details.
Limits and Timeouts
-
PSPDFKIT_WORKER_POOL_SIZE
— This option controls how manypspdfkitd
processes are started for handling PDF-related work. In general, setting this to two-to-three times the number of cores available will give you the best performance. Keep in mind that if you set this too high, the processes will starve each other for CPU time, leading to unnecessarily long processing times. And if you set this too low, available CPU time won’t be used efficiently, as tasks will have to wait for a long time for a worker to be available. This defaults to16
. -
DATABASE_CONNECTIONS
— This option defines the database connection pool size. The default value for this option is20
. -
MAX_UPLOAD_SIZE_BYTES
— The maximum allowed size of uploaded documents, in bytes. If set, it applies to all upload types, including remote documents. If unset, the default limit of1000000000
(one billion) bytes (or around 950 MB) applies to multipart and remote uploads. -
ASSET_STORAGE_CACHE_SIZE
— This option determines the size of the document cache in the local storage. The size is specified in bytes, and it defaults to2000000000
(=2 GB). -
PDF_GENERATION_TIMEOUT
— The timeout in milliseconds applied when creating documents with PDF Generation. Any generation taking longer than the configured timeout will fail. Defaults to20000
(20 seconds). -
PSPDFKIT_WORKER_TIMEOUT
— The timeout in milliseconds for thepspdfkitd
process to handle any PDF-related work. By default, it’s set to60000
(60 seconds). -
REMOTE_URL_FETCH_TIMEOUT
— This option defines the maximum timeout period used, in milliseconds, when waiting for a remote PDF to download. See adding documents from URLs for more information on this feature. It can be increased if Document Engine needs to handle large files. It defaults to5000
(5 seconds). -
READ_ANNOTATION_BATCH_TIMEOUT
— The timeout in milliseconds applied when reading an annotations batch from a PDF document. Defaults to20000
(20 seconds). -
SERVER_REQUEST_TIMEOUT
— The timeout in milliseconds applied to each request sent to the Document Engine HTTP API. Note that this timeout takes precedence over any other timeout related to the request being processed. Defaults to60000
(1 minute). -
ASYNC_JOBS_TTL
— The amount of time in seconds after which async jobs should expire. The default is 2 days, or172800
seconds. Expired jobs and their output assets will be deleted from the system. -
FILE_UPLOAD_TIMEOUT_MS
— Timeout in milliseconds for file uploads to S3. The default is30000
milliseconds (30 seconds).
Digital Signature Options
-
SIGNING_SERVICE_URL
— This option only affects a PSPDFKit instance with support for Digital Signatures. It defines the URL used by Document Engine when contacting the external signing service required to apply a digital signature to a document. -
SIGNING_SERVICE_TIMEOUT
— This determines how long Document Engine waits for the response from the signing service when signing a document, in milliseconds. The default is5000
. -
DIGITAL_SIGNATURE_CADES_LEVEL
— This option is relevant when using a PSPDFKit instance with support for digital signatures. It defines the PAdES/CAdES level to be used when signing a document. The values allowed areb-b
,b-t
, andb-lt
, which correspond to the PAdES signature levels. The default value isb-lt
. Note that the OCSP URI mentioned in the signing certificate should be reachable by Document Engine. For more information, refer to the digital signatures overview guide. -
TIMESTAMP_AUTHORITY_URL
— This option is relevant for PAdES/CAdES signatures with levelb-t
or above. It defines the URL of the timestamp authority to be used when signing a document. By default, PSPDFKit useshttps://freetsa.org/
as the timestamping authority. -
TIMESTAMP_AUTHORITY_USERNAME
andTIMESTAMP_AUTHORITY_PASSWORD
— The optional username and password required to connect to the timestamping authority. -
DEFAULT_SIGNER_NAME
,DEFAULT_SIGNATURE_REASON
, andDEFAULT_SIGNATURE_LOCATION
— These options only affect a PSPDFKit instance with support for Digital Signatures. When signing a document, they’re used to prepare the signature metadata. -
DIGITAL_SIGNATURE_HASH_ALGORITHM
— This option only affects a PSPDFKit instance with support for Digital Signatures. If you require a hash algorithm that’s different than the defaultsha256
, you can choose between any of these allowed values:md5
,sha160
,sha224
,sha256
,sha384
, orsha512
. We recommend usingsha256
or higher. -
DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME
— This option only affects a PSPDFKit instance with support for Digital Signatures. If set tocurrent_time
(default), the signing certificate’s validity is validated against the current time. If set tosigning_time
, the signing time (i.e. signature creation time) is used instead. By default, thecurrent_time
is used. This means that valid signatures with expired certificates validate as expired.
Trusted Root Certificates for Digital Signatures
Document Engine will search for certificate stores at the /certificate-stores
path inside its container. You can mount a folder from the host machine containing your certificates.
Database Options
-
PGUSER
,PGPASSWORD
,PGDATABASE
,PGHOST
,PGPORT
— These options determine how thepspdfkit
service will communicate with thedb
service. Don’t forget to replace the default password with a custom one, using the same value for bothPGPASSWORD
andPOSTGRES_PASSWORD
. -
PGSSL
— A Boolean string that can be used to enable connection to a PostgreSQL instance that supports encrypted SSL connections. By default, the certificates installed in the container are used to verify the server certificate. If you need to use a custom CA certificate, you can setPGSSL
to"true"
and provide the path to the CA certificate file using thePGSSL_CA_CERT_PATH
orPGSSL_CA_CERTS
options. Defaults to"false"
. -
PGSSL_CA_CERT_PATH
— Optional path to the CA certificate file used to verify the server certificate. Mutually exclusive withPGSSL_CA_CERTS
. -
PGSSL_CA_CERTS
— Optional CA certificate used to verify the server certificate. Mutually exclusive withPGSSL_CA_CERT_PATH
. -
PGSSL_CERT_COMMON_NAME
— Common name of the server certificate. Defaults to the value ofPGHOST
. -
PGSSL_DISABLE_HOSTNAME_VERIFY
— A Boolean string that can be used to disable verification of the server certificate’s hostname. Defaults to"false"
. -
PGSSL_DISABLE_VERIFY
— A Boolean string that can be used to disable verification of the server certificate. Defaults to"false"
. -
ENABLE_DATABASE_MIGRATIONS
— This option determines whether to check for pending migrations on the database and attempts to run migrations if necessary. The default istrue
. -
EXIT_AFTER_DATABASE_MIGRATIONS
— This option determines whether to exit after running any pending migrations. This could be useful for running dedicated migration jobs on infrastructure. The default isfalse
. -
PG_ADMIN_USER
— If set, overridesPGUSER
. If Document Engine operates with limited database permissions (ENABLE_DATABASE_MIGRATIONS
is set tofalse
), this option can be used to provide administrative database credentials for separately executed migration jobs (with bothENABLE_DATABASE_MIGRATIONS
andEXIT_AFTER_DATABASE_MIGRATIONS
set totrue
). -
PG_ADMIN_PASSWORD
— If set, overrides thePGPASSWORD
variable, which is a counterpart toPG_ADMIN_USER
. -
PG_OPERATION_USER
— This option sets the name of the database user name to be granted operational permissions over the Document Engine database after migration. Defaults to thePGUSER
value.
Asset Storage Options
-
ASSET_STORAGE_BACKEND
— How Document Engine stores uploaded PDFs and attachments. Supported backends arebuilt-in
ands3
. The default value for this option isbuilt-in
. -
ENABLE_ASSET_STORAGE_FALLBACK
— Determines whether Document Engine will attempt to fetch PDFs and attachments from the secondary backends if they’re not available in the currently configured backend. The default value for this option isfalse
.It’s recommended to set this value to
true
during asset storage backend migration. Read more in the asset storage migration guide. -
ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES
— Enables the built-in database storage backend as a fallback. Default isfalse
. RequiresENABLE_ASSET_STORAGE_FALLBACK
to betrue
. -
ENABLE_ASSET_STORAGE_FALLBACK_S3
— Enables the S3 storage backend as a fallback. Default isfalse
. RequiresENABLE_ASSET_STORAGE_FALLBACK
to betrue
. -
ENABLE_ASSET_STORAGE_FALLBACK_AZURE
— Enables the Azure Blob Storage backend as a fallback. Default isfalse
. RequiresENABLE_ASSET_STORAGE_FALLBACK
to betrue
. -
MULTITENANT_ASSETS
— When set totrue
, Document Engine will ensure that each document is associated with a separate copy of all its assets and is not sharing an asset file with any other document. “Assets” in this case includes PDF files, image attachments, and other types of PDF attachments.This is
false
by default.With this option set to
true
, it’s possible for one document to have an image attachment stored in one S3 bucket, while another document using the exact same image attachment could have a copy of that attachment stored in a different S3 bucket. -
USE_UNSAFE_DELETE_FOR_ASSETS
— This is set tofalse
by default. When set totrue
, Document Engine will not attempt to use a trash directory to safely delete assets from the configured asset storage. IMPORTANT — This means that assets cannot be restored should an error happen during the deletion transaction.
S3-Compatible Object Storage
-
ASSET_STORAGE_S3_BUCKET
— S3 bucket name in caseASSET_STORAGE_BACKEND
is set tos3
. Refer to the asset storage configuration guide for more information. -
ASSET_STORAGE_S3_REGION
— S3 bucket region. -
ASSET_STORAGE_S3_ACCESS_KEY_ID
andASSET_STORAGE_S3_SECRET_ACCESS_KEY
— Optional AWS credentials. If they aren’t provided, different platform access options are attempted. Currently supported: AWS EC2 instance roles, AWS ECS task roles, AWS EKS instance roles for service accounts. -
ASSET_STORAGE_S3_HOST
— Optional custom endpoint for S3-compatible object storage. -
ASSET_STORAGE_S3_PORT
— Optional custom port for S3-compatible object storage. -
ASSET_STORAGE_S3_SCHEME
— URL scheme used for accessing the S3-compatible object storage, eitherhttp://
orhttps://
. The default ishttps://
.
Azure Blob Storage
-
AZURE_STORAGE_ACCOUNT_NAME
,AZURE_STORAGE_ACCOUNT_KEY
— Credentials for Azure Blob Storage in caseASSET_STORAGE_BACKEND
is set toazure
. Refer to the asset storage configuration guide for more information. -
AZURE_STORAGE_ACCOUNT_CONNECTION_STRING
— Azure Blob Storage connection string, an alternative toAZURE_STORAGE_ACCOUNT_NAME
andAZURE_STORAGE_ACCOUNT_KEY
. -
AZURE_STORAGE_DEFAULT_CONTAINER
— Container name.
Rendering Cache Options
-
USE_REDIS_CACHE
— If set totrue
, Document Engine will use Redis as an additional image cache. Supported values aretrue
andfalse
. The default value for this option istrue
. -
REDIS_HOST
,REDIS_PORT
,REDIS_DATABASE
,REDIS_USERNAME
,REDIS_PASSWORD
— Only relevant ifUSE_REDIS_CACHE
is set totrue
. These options determine how Document Engine will communicate with Redis. -
REDIS_SENTINELS
— Only relevant ifUSE_REDIS_CACHE
is set totrue
. This option replacesREDIS_HOST
andREDIS_PORT
. Instead, you can supply a comma-separated list of Redis URIs specifying the sentinels your Document Engine connects to. See Redis Sentinel for more information about this.Example Value:
"redis://sentinel1:26379;redis://sentinel2:26379;redis://sentinel3:26379"
-
REDIS_SENTINELS_GROUP
— Needs to be provided ifREDIS_SENTINELS
is set. This is the name of your Redis sentinel master group, which is passed as a first argument tosentinel monitor
in the Sentinel configuration file. You can read more about configuration in the documentation. -
REDIS_SSL
— If set totrue
, enables an encrypted SSL connection to Redis. -
REDIS_TTL
— Time to live in milliseconds for Redis cache keys. By default, this is set to86400000
milliseconds, which means that Redis cache keys expire after 24 hours if this value isn’t set. -
USE_REDIS_TTL_FOR_PRERENDERING
— If this is set totrue
, the value configured forREDIS_TTL
is applied to Redis cache entries that Document Engine generates while prerendering a document in response toPOST /api/documents/:document_id/prerender
requests. If this is set tofalse
, the cache keys generated during prerendering exist in the Redis data store until they’re evicted using the eviction policy configured for the Redis data store or until you upgrade your instance of Document Engine to a newer version. This option is set totrue
by default.
Logging and Monitoring Options
-
LOG_LEVEL
— This option defines a minimum log level. The allowed values, from higher to lower, aredebug
,info
,warn
, anderror
. The application will emit logs from the chosen level and all lower ones, so if the value is set todebug
, it’ll logdebug
,info
,warn
, anderror
. This defaults toinfo
. -
HEALTHCHECK_LOGLEVEL
— This option defines the log level for the healthcheck endpoint. The allowed values are same as forLOG_LEVEL
, with an additionalnone
. This includes root path (/
) as well. This defaults todebug
. -
STATSD_HOST
andSTATSD_PORT
— The host and port of a running StatsD-compatible daemon that Document Engine can report telemetry data to. -
STATSD_CUSTOM_TAGS
— A comma-separated list ofkey=value
pairs attached as tags to every metric published by Document Engine, e.g.region=eu-1,env=prod
. -
ENABLE_OPENTELEMETRY
— Enable OpenTelemetry tracing. Enabling requires also specifyingOTEL_EXPORTER_OTLP_ENDPOINT
and, optionally,OTEL_EXPORTER_OTLP_PROTOCOL
(defaults togrpc
). -
OTEL_EXPORTER_OTLP_PROTOCOL
(default:grpc
),OTEL_EXPORTER_OTLP_ENDPOINT
(default:http://localhost:4317
),OTEL_RESOURCE_ATTRIBUTES
,OTEL_SERVICE_NAME
(default:document-engine
),OTEL_TRACES_SAMPLER
(default: customizedparent_based
that skips healthchecks and requests to/
),OTEL_PROPAGATORS
(default:baggage,tracecontext
), etc — OpenTelemetry standard parameters.
Conversion Options
-
SPREADSHEET_MAX_CONTENT_HEIGHT_MM
— Specify the maximum content height for a spreadsheet (units in millimeters). Default set to0
for unlimited. Use this to control memory usage within the Document Engine container during spreadsheet conversions. -
SPREADSHEET_MAX_CONTENT_WIDTH_MM
— Specify the maximum content width for a spreadsheet (units in millimeters). Default set to0
for unlimited. Use this to control memory usage within the Document Engine container during spreadsheet conversions.
Mounting Custom Fonts
Document Engine uses a /custom-fonts
directory for additional fonts.