On startup, the ActivityInfo server reads its configuration from a file named config.ini, whose location depends on the type of installation:
- Windows:
C:\Program Files\ActivityInfo\config.ini, or the same directory asactivityinfo.exe - Debian:
/opt/activityinfo/config.ini - Docker: the root of the activityinfo volume.
- Other: the current working directory
The configuration file consists of a number of named sections in which key-value pairs are defined. Key names are case-insensitive.
For example:
[Server]
Http Port=80
Https Port=443
[Data]
Data Directory = /opt/activityinfo/data
[Mail]
Enabled = True
Sender
Address = notifications@activityinfo.org
Host = smtp.postmarkapp.com
Port = 25
Server section
The Server section configures the web server.
| Key | Description | Default value |
|---|---|---|
| Http Port | The TCP port on which to listen for HTTP connections. | 8081 |
| Https Port | The TCP port on which to listen for HTTPS connections. | 8081 |
| Https Proxy | If 'True', ActivityInfo will not listen for HTTPS connections, but will expect an upstream proxy or load balancer to provide SSL termination. | 8081 |
| Domain | The server's hostname. This is used when redirecting from http to https, and in the URLs included in emails sent to users. | localhost |
Data section
The data section specifies where ActivityInfo should store its data.
| Key | Description | Default value |
|---|---|---|
| Data Directory | The directory where ActivityInfo stores its database files. | Current working directory |
Mail section
The Mail section configures how ActivityInfo sends notification emails, for example, invitations to a user when they are invited to access a database, or password reset emails. Currently, the ActivityInfo Self-managed server only supports sending emails through SMTP.
| Key | Description | Default value |
|---|---|---|
| Enabled | True if the server should send email, or False if the server should not send email. | False |
| Sender Address | The email address used as the "From" address when the server sends emails. | admin@localhost |
| Host | The host name of the SMTP Server | localhost |
| Port | The TCP port number of the SMTP Server | 25 |
| Username | The username to use when authenticating to the SMTP Server | |
| Password | The password to use when authenticating to the SMTP Server |
Identity Providers
ActivityInfo supports Single-Sign On (SSO) via external Identity Providers (IdP). Each IdP is configured in its own section, named " IdP" for example:
[MyAzure IdP]
Type = OPENID_CONNECT
URL = https://login.microsoftonline.com/common/v2.0
Client ID = XYZ1234
Client
Secret = ZDFSDF
Email Domains = example.gov, partner.org
[Google IdP]
Type = OPENID_CONNECT
URL =
https://accounts.google.com
Client ID = XYZ1234
Client Secret = ZDFSDF
Email Domains = gmail.com, bedatadriven.com
[AD
IdP]
Type = ADSI
Note that the Provider ID, "My Azure" and "Google" in the examples above, are arbitrary. You may choose any name matching the pattern [A-Za-z]{1,15}.
The ActivityInfo self-managed server supports OpenID Connect Providers.
OpenID Connect Providers
For OpenID Connect providers, the following keys are required:
| Key | Description |
|---|---|
| Type | OPENID_CONNECT |
| URL | The OpenID connect base URL |
| Client ID | The provider-issued Client ID |
| Client Secret | The provider-issued Client Secret |
| Email domains | A comma-seperated list of email domains that should authenticate through this provider. |
External API Integrations
| Key | Description | Default value |
|---|---|---|
| Mapbox Public Access Token | The public access token for your Mapbox account. | Blank |
Security section
Note: these options are available starting in Standalone Server version 4.1.3.
| Key | Description | Default value |
|---|---|---|
| Strict Transport Security | Either Enabled, Testing, or Disabled. Adds the Strict-Transport-Security header to all requests, ensuring that users only access ActivityInfo over a secure, encrypted connection. |
Disabled |
| Account Disclosure | Either Enabled or Disabled. Determines whether the server is allowed to disclose whether a user account exists or not. If enabled, the server will inform users when their email is incorrect, or not registered with the system, which makes ActivityInfo more accessible. However, it does allow attackers to determine whether a given user has an account or not. |
Enabled |
| XSS Protection | Either Enabled or Disabled. Determines whether the server sends the X-XSS-Protection header with the value 1; mode=block. This header is deprecated and not recommend as it may block legitimate requests. |
Disabled |
Using environment variables
Starting in version 4.0.15, ActivityInfo can also read some settings from environment variables, in the form "ACTIVITY_{SECTION}_{KEY NAME}", where spaces are replaced with underscores.
For example:
- ACTIVITYINFO_SERVER_HTTP_PORT
- ACTIVITYINFO_SERVER_HTTPS_PORT
- ACTIVITYINFO_SERVER_HTTPS_PROXY
- ACTIVITYINFO_DATA_DATA_DIRECTORY
- ACTIVITYINFO_MAIL_ENABLED
- ACTIVITYINFO_MAIL_SENDER_ADDRESS
- ACTIVITYINFO_MAIL_HOST
- ACTIVITYINFO_MAIL_PORT
If a key is present in both the configuration file and an environment variable, the configuration file takes precedence.