Dotted path to a Python module with Layman settings for Python level.
Filesystem directory where most of published data is stored, including data about authentication credentials, users, and publications.
String with internal domain and port <domain>:<port> of Layman's main instance (not celery worker). Used by thumbnail image generator (Timgen) to call Layman internally. See also LAYMAN_PROXY_SERVER_NAME.
String with public domain and optionally port, e.g. <domain> or <domain>:<port>. See also LAYMAN_SERVER_NAME.
Set to true if you do not want to flush & load redis database on Layman's startup.
Name of Celery queue where Layman's Celery tasks will be sent.
Git commit hash or tag of Layman Test Client. Referenced version will be used as default client for this Layman instance.
Internal URL of Layman Test Client.
Public URL of Layman Test Client.
Internal URL of thumnbail image generator (Timgen) used for generating map thumbnails.
List of dotted paths to Python modules to be used for authentication. Paths are separated with comma (,). See authentication.
List of dotted paths to Python modules to be used as OAuth2 providers. Paths are separated with comma (,). See OAuth2.
Dotted path to Python module to be used for authorization. Paths are separated with comma (,). See authorization.
String with public domain and optionally port, e.g. <domain> or <domain>:<port>. Passed as configuration to Micka for demo purposes.
Client ID of Layman's Test Client registered as OAuth2 provider at Liferay instance.
Client ID of another Layman's client registered as OAuth2 provider at Liferay instance. The n must be integer starting from 1. In case of more clients other than LTC, list of ns must be uninterrupted series of integers.
Client secret of Layman's Test Client registered as OAuth2 provider at Liferay instance.
Client secret of another Layman's Test client registered as OAuth2 provider at Liferay instance. The <n> corresponds with OAUTH2_LIFERAY_CLIENT<n>_ID. Do not set client secret for OAuth2 Authorization Code flow with PKCE.
URL of Liferay OAuth2 Authorization endpoint.
URL of Liferay OAuth2 Token endpoint. Used by LTC only.
URL of LTC OAuth2 callback endpoint to be called after Liferay authorization. Used by LTC only.
URL of Liferay OAuth2 Introspection endpoint.
URL of Liferay User Profile endpoint.
URL path of Layman Test Client.
Internal URL of REST API Current User endpoint.
Internal URL (only protocol & host & port, without path) of Layman's REST API.
URL of Redis logical database including database number where Layman Test Client stores user sessions including authentication credentials.
See secret at express-session documentation.
See cookie.maxAge at express-session documentation.
URL of Redis logical database including database number. Layman stores internal data about publications and users in this database. By default, Layman flushes the whole logical database on every startup! See also LAYMAN_SKIP_REDIS_LOADING.
Internal URL host of PostgreSQL instance.
Internal URL port of PostgreSQL instance.
Name of PostgreSQL database in which Layman publishes layer vector data.
Name of PostgreSQL user that Layman uses for authentication and communication with PostgreSQL. The user needs enough privileges to create new schemas in LAYMAN_PG_DBNAME database. The LAYMAN_PG_USER must be another user than default postgres user! The user also needs access to public schema where PostGIS must be installed.
Password of LAYMAN_PG_USER.
Internal URL host of GeoServer instance.
Internal URL port of GeoServer instance.
URL path of GeoServer instance.
Name of GeoServer user that Layman uses for authentication and communication with GeoServer. The LAYMAN_GS_USER must be another user than default admin user. The LAYMAN_GS_USER user must have at least the LAYMAN_GS_ROLE and default ADMIN role (defined by adminRoleName).
Password of LAYMAN_GS_USER.
Name of GeoServer role of LAYMAN_GS_USER. The role is used to create explicit access rule for all layers published by Layman. The LAYMAN_GS_ROLE must be another role than default ADMIN role (defined by adminRoleName)! See default development configuration of roles and layer access rights.
HTTP Basic Authentication credentials for communication with CSW encoded as user:password.
URL of CSW metadata record accessible by web browser, probably with some editing capabilities. Must contain {identifier} string that will be replaced with record ID.
Internal URL of OGC Catalogue Service v2.0.2 endpoint. Tested with Micka.
Public URL of OGC Catalogue Service v2.0.2 endpoint. Tested with Micka.
Set to true if organisation name is required by CSW instance.
See Flask documentation.
See Flask documentation.
See Flask documentation.
String with unix-like user identifier and group identifier <UID>:<GID>, e.g. 1000:1000. Suitable for mounting some volumes as non-root user.