Configuration
All backend configuration lives in application.yml. Values can be overridden with environment variables using Spring Boot's relaxed binding (e.g., app.jwt.access-token-expiration becomes APP_JWT_ACCESS_TOKEN_EXPIRATION).
Server
server:
port: 8090
compression:
enabled: trueDatabase
PostgreSQL connection via JDBC with HikariCP connection pooling.
spring:
datasource:
url: jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${POSTGRES_DB:opsdashboard}
username: ${POSTGRES_USER:opsatlas}
password: ${POSTGRES_PASSWORD}
hikari:
maximum-pool-size: 10
minimum-idle: 2
idle-timeout: 30000TIP
For production workloads with many environments, increase maximum-pool-size to 15-20. Each environment connection uses a pool connection during monitoring refreshes.
JPA / Hibernate
spring:
jpa:
hibernate:
ddl-auto: update
properties:
hibernate:
jdbc:
batch_size: 20Schema changes are applied automatically on startup via ddl-auto: update. Batch size of 20 optimizes bulk inserts for audit log entries and metrics.
App Settings
JWT Tokens
app:
jwt:
secret: ${JWT_SECRET}
access-token-expiration: 3600 # 1 hour
refresh-token-expiration: 604800 # 7 daysLicense
app:
license:
editions:
- community
- pro
- enterpriseThe active edition is determined by the license key entered during setup. Without a key, Community edition is active.
Environments
Define your target environments. Each environment has one or more Docker hosts.
app:
environments:
- code: qa
name: QA
hosts:
- qa-docker-01.internal
- qa-docker-02.internal
dockerPort: 2375
sshUser: deploy
composeDir: /opt/docker
- code: stage
name: Stage
hosts:
- stage-docker-01.internal
dockerPort: 2375
sshUser: deploy
composeDir: /opt/docker
- code: prod
name: Production
hosts:
- prod-docker-01.internal
- prod-docker-02.internal
dockerPort: 2375
sshUser: deploy
composeDir: /opt/docker| Field | Default | Description |
|---|---|---|
code | -- | Short identifier (used in API paths and URLs) |
name | -- | Display name in the UI |
hosts | -- | Array of Docker host addresses |
dockerPort | 2375 | Docker API port on each host |
sshUser | -- | SSH user for remote operations |
composeDir | -- | Directory containing docker-compose files on the host |
WARNING
Port 2375 is the unencrypted Docker API. For production, consider using TLS on port 2376 or restricting access via firewall rules to only the Ops Atlas backend.
Container Discovery
Controls how the dashboard discovers and classifies containers.
app:
discovery:
auto-detect-enabled: true
excluded-containers:
- portainer
- watchtower
- traefik
- nginx-proxy
- letsencrypt
- certbot
- consul
- vault
- prometheus
- grafana
- loki
- promtail
- node-exporter
- cadvisor
- alertmanager
- fluentd
- logstash
- filebeat
- telegraf
- influxdb
- datadog
- newrelic
- redis-exporter
- postgres-exporter
- mysql-exporter
- blackbox-exporter
- pushgateway
- jaeger
- zipkin
- otel-collector
- tempo
- mimir
- thanos
- cortex
- victoria-metrics
- seq
- graylog
- elasticsearch
- kibana
- apm-server
- metricbeat
- heartbeat
# ... additional patterns
health-endpoints:
- /actuator/health
- /health
- /healthz
- /api/health
- /status
port-detection-env-vars:
- SERVER_PORT
- PORT
- APP_PORTexcluded-containers uses substring matching — any container whose name contains one of these strings is hidden from the dashboard. This keeps infrastructure containers out of the application view.
Monitoring
app:
monitoring:
refresh-interval: 30000 # 30 seconds
connect-timeout: 5000 # 5 seconds
read-timeout: 10000 # 10 secondsThe dashboard polls each environment at the refresh-interval. Lower values give faster updates but increase load on Docker hosts. For environments with 50+ containers, consider increasing to 60 seconds.
CORS
app:
cors:
allowed-origins:
- http://localhost:3000
- https://ops.yourcompany.comAdd every origin that will access the backend. In production this should be your actual domain, not localhost.
Docker Registry
app:
registry:
url: ${REGISTRY_URL:https://registry.hub.docker.com}
username: ${REGISTRY_USERNAME:}
password: ${REGISTRY_PASSWORD:}Used for browsing images and tags, and for pulling images during deployments. Supports Docker Hub, GitLab Container Registry, AWS ECR, and any Docker Registry HTTP API V2 compatible registry.
Deployment
app:
deployment:
compose-file-pattern: "docker-compose.{service}.yml"
env-file-pattern: ".env.{env}"
health-check-timeout: 60000 # 60 seconds| Setting | Description |
|---|---|
compose-file-pattern | Naming convention for per-service compose files on the host. {service} is replaced with the service name. |
env-file-pattern | Naming convention for per-environment env files. {env} is replaced with the environment code. |
health-check-timeout | How long to wait for a container to pass health checks after deploy before marking it as failed. |
Eureka
Per-environment Eureka service discovery configuration.
app:
eureka:
environments:
qa:
url: http://eureka-qa.internal:8761/eureka
username: admin
password: ${EUREKA_QA_PASSWORD}
enabled: true
stage:
url: http://eureka-stage.internal:8761/eureka
username: admin
password: ${EUREKA_STAGE_PASSWORD}
enabled: true
prod:
url: http://eureka-prod.internal:8761/eureka
username: admin
password: ${EUREKA_PROD_PASSWORD}
enabled: trueSet enabled: false to disable Eureka for a specific environment.
Redis
Per-environment Redis configuration for the Redis management feature.
app:
redis:
environments:
qa:
host: redis-qa.internal
port: 6379
password: ${REDIS_QA_PASSWORD}
database: 0
timeout: 5000
stage:
host: redis-stage.internal
port: 6379
password: ${REDIS_STAGE_PASSWORD}
database: 0
timeout: 5000
prod:
host: redis-prod.internal
port: 6379
password: ${REDIS_PROD_PASSWORD}
database: 0
timeout: 5000Redis is optional. If not configured for an environment, the Redis management tab will not appear for that environment.