Logging level. Possible values are FATAL, ERROR, WARNING, INFO, and DEBUG. Default value is INFO.
Filesystem directory where most of published data is stored, including data about authentication credentials, users, and publications.
Timeout for GeoServer and Micka calls in seconds.
String with internal domain and port <domain>:<port> of Layman's main instance (not celery worker). Used by thumbnail image generator (Timgen) to call Layman internally. See also LAYMAN_PROXY_SERVER_NAME.
String with public domain and optionally port, e.g. <domain> or <domain>:<port>. See also LAYMAN_SERVER_NAME.
Set to true if you do not want to flush & load redis database on Layman's startup.
Name of Celery queue where Layman's Celery tasks will be sent.
Git commit hash or tag of Layman Test Client. Referenced version will be used as default client for this Layman instance.
Internal URL of Layman Test Client.
Public URL of Layman Test Client.
Internal URL of thumnbail image generator (Timgen) used for generating map thumbnails.
List of EPSG codes that are accepted as native for layers and map compositions. Value consists of integer codes separated by comma (,). If the list does not contain codes 4326 and 3857, they are appended by Layman automatically.
Only subset of these codes is allowed: 3857,4326,5514,32633,32634,3034,3035,3059
- Sample SRS list for World:
4326,3857 - Sample SRS list for Europe:
4326,3857,3034,3035 - Sample SRS list for Czech Republic:
4326,3857,5514,32633,32634 - Sample SRS list for Latvia:
4326,3857,3059
List of EPSG codes that will be supported as output spatial reference systems in both WMS and WFS. Value consists of integer codes separated by comma (,). If the list does not contain codes from LAYMAN_INPUT_SRS_LIST, they are appended by Layman automatically. For examples of SRS list, see LAYMAN_INPUT_SRS_LIST.
During startup, Layman passes definitions of each EPSG to GeoServer, either from its internal sources, or from epsg.io. If download from epsg.io fails, warning Not able to download EPSG definition from epsg.io appears in log. In such case, you can set EPSG definition manually and restart GeoServer.
If you want to be sure that GeoServer understands each of your SRS that you passed into LAYMAN_OUTPUT_SRS_LIST, visit GeoServer's admin GUI, page Services > WMS or WFS, and click on Submit. If you see no error message, everything is OK.
It can be also useful to generate output bounding box for every supported SRS in WMS Capabilities documents. You can control this in GeoServer's admin GUI, page Services > WMS, checkbox "Output bounding box for every supported CRS".
List of dotted paths to Python modules to be used for authentication. Paths are separated with comma (,). Authentication module layman.authn.http_header is required by Layman for internal purposes, so even if LAYMAN_AUTHN_MODULES does not contain layman.authn.http_header value, the value is appended automatically. See authentication.
Secret name of HTTP header used for authentication internally (e.g. when generating private map thumbnail). Only combination of lowercase characters and numbers must be used for the value. At demo configuration, the HTTP header is automatically removed by Nginx on every request to Layman REST API or to GeoServer WMS/WFS/OWS.
Client ID of Layman's Test Client registered at OAuth2 provider (e.g. Wagtail).
Client ID of another Layman's client registered at OAuth2 provider. The n must be integer starting from 1. In case of more clients other than LTC, list of ns must be uninterrupted series of integers.
Client secret of Layman's Test Client registered at OAuth2 provider.
Client secret of another Layman's client registered at OAuth2 provider. The <n> corresponds with OAUTH2_CLIENT<n>_ID. Do not set client secret for client that uses OAuth2 Authorization Code flow with PKCE.
URL of OAuth2 Authorization endpoint.
URL of OAuth2 Token endpoint. Used by LTC only.
URL of LTC OAuth2 callback endpoint to be called after successful OAuth2 authorization. Used by LTC only.
URL of OAuth2 Introspection endpoint.
URL of User Profile endpoint used to obtain user's ID, name, email, etc.
List of users and roles giving them permission to create new public workspace. It must be subset of (or equal to) GRANT_PUBLISH_IN_PUBLIC_WORKSPACE.
List of users and roles giving them permission to publish new publication in already created public workspace.
URL of Role Service with DB schema in format postgresql://<username>:<password>@<host>:<port>/<dbname>?schema=<schema_name>. URL scheme must be postgresql. URL host must be mentioned explicitly, as well as DB schema in schema URL query parameter. If you want to use internal role service schema provided by Layman, set value to postgresql://<LAYMAN_PG_USER>:<LAYMAN_PG_PASSWORD>@<LAYMAN_PG_HOST>:<LAYMAN_PG_PORT>/<LAYMAN_PG_DBNAME>?schema=_role_service (replace variable names with their values).
Password is stored as plaintext in GeoServer config file. One of solutions of this security issue is to create DB user exclusively for this purpose with read-only rights for role-service tables/views.
URL path of Layman Test Client.
Internal URL of REST API Current User endpoint.
Internal URL (only protocol & host & port, without path) of Layman's REST API.
URL of Redis logical database including database number where Layman Test Client stores user sessions including authentication credentials.
See secret at express-session documentation.
See cookie.maxAge at express-session documentation.
See NODE_OPTIONS.
To enable not-so-secure SSL communication (UnsafeLegacyRenegotiation), set NODE_OPTIONS="--openssl-config=/code/unsafe_openssl.cnf".
URL of Redis logical database including database number. Layman stores internal data about publications and users in this database. By default, Layman flushes the whole logical database on every startup! See also LAYMAN_SKIP_REDIS_LOADING.
Internal URL host of PostgreSQL instance.
Internal URL port of PostgreSQL instance.
Name of PostgreSQL database in which Layman publishes layer vector data.
Name of PostgreSQL user that Layman uses for authentication and communication with PostgreSQL. The user needs enough privileges to create new schemas in LAYMAN_PG_DBNAME database. The LAYMAN_PG_USER must be another user than default postgres user! The user also needs access to public schema where PostGIS must be installed.
Password of LAYMAN_PG_USER.
Name of Layman data schema in PostgreSQL database. Information about users, publications, access rights, and more is stored in this schema. This name have to starts with lowercase character or underscore, followed by lowercase characters, numbers or underscores. Also, it must be different from existing workspace name. Value should not be changed after first start of Layman.
Password of GeoServer admin user. If provided, it will be used to automatically create Layman user LAYMAN_GS_USER and Layman role LAYMAN_GS_ROLE on Layman's startup.
Internal URL host of GeoServer instance.
Internal URL port of GeoServer instance.
Name of GeoServer user that Layman uses for authentication and communication with GeoServer. The LAYMAN_GS_USER must be another user than default admin user. The LAYMAN_GS_USER user must have at least the LAYMAN_GS_ROLE and default ADMIN role (defined by adminRoleName). The user and his required roles will be created automatically on Layman's startup if GEOSERVER_ADMIN_PASSWORD is provided.
Password of LAYMAN_GS_USER.
Name of GeoServer role of LAYMAN_GS_USER. The role is used to create explicit access rule for all layers published by Layman. The LAYMAN_GS_ROLE must be another role than default ADMIN role (defined by adminRoleName)! The role will be created automatically if GEOSERVER_ADMIN_PASSWORD is provided.
Name of user/group service used for managing users at GeoServer. If not set (default), the service named default is chosen. Usually it's XML user/group service.
Secret value of GeoServer HTTP authentication request header attribute used for WFS proxy. Only combination of lowercase characters and numbers must be used for the value. If you change an existing value, you have to change it also in GeoServer GUI manually.
Filesystem directory name where normalized raster files are stored. The directory will be created inside GeoServer data directory.
Internal URL host of QGIS Server instance.
Internal URL port of QGIS Server instance.
URL path of QGIS Server instance.
Filesystem directory where data published on QGIS are stored, including styles.
HTTP Basic Authentication credentials for communication with CSW encoded as user:password.
Internal URL of OGC Catalogue Service v2.0.2 endpoint. Tested with Micka.
Public URL of OGC Catalogue Service v2.0.2 endpoint. Tested with Micka.
Version of Micka that Layman will accept on startup encoded as version:revision, e.g. 2020.014:2020-04-15.01. Also, on one of '>=' or '==' prefixes can be used with obvious meaning, e.g. >=2020.014:2020-04-15.01. For prefix '>=', version and revision are compared independently as strings. If the variable is not set, a version defined in src/layman_settings.py will be accepted. If none prefix is used, value is compared as with '=='.
String with public domain and optionally port, e.g. <domain> or <domain>:<port>. Passed as configuration to Micka for demo purposes.
See Flask documentation.
See Flask documentation.
See Flask documentation.
String with unix-like user identifier and group identifier <UID>:<GID>, e.g. 1000:1000. Suitable for mounting some volumes as non-root user.