Skip to main content

Configuration reference

General configuration guidelines

The following is general configuration information.

Docker container

When running the docker container, you must pass configuration as environment variables. This is most commonly done by passing a .env file when starting the container.

Compiled exe's

When running a compiled exe you can run either passed flags or environment variables.

File format for .env

The format of the .env file is a standard variable=value format. See the examples directory for a sample .env file

Passing .env file

When running as a docker container the .env file can be passed like this:

docker run -d -p 7000:7000 --env-file .env ff-proxy

Passing flags

When running the compiled exe's flags can be passed like this:

./ff-proxy.exe --admin-service-token=${TOKEN} --auth-secret=${SECRET} --account-identifier=${ACCOUNT_IDENTIFIER} --org-identifier=${ORG_IDENTIFIER} --api-keys=${API_KEYS}

Configuration options

Required configuration

When running in online mode, these configuration options are the minimum required to run the relay proxy.

Environment VariableFlagDescriptionTypeDefault
ACCOUNT_IDENTIFIERaccount-identifierAn account identifier to load remote config.string
ADMIN_SERVICE_TOKENadmin-service-tokenToken to use to communicate with the ff servicestring
ORG_IDENTIFIERorg-identifierAn org identifier to load remote config.string
API_KEYSapi-keysAPI keys to connect with ff-server for each environment. Requires only one server API key per environment in a comma separated stringstring

Redis cache

These are the configuration opitons to connect to redis. Only REDIS_ADDRESS is required to connect, the others only need to be set if they differ from the defaults.

Environment VariableFlagDescriptionTypeDefault
redis-addressRedis host:port address. See below for info on connecting via TLSstring
REDIS_PASSWORDredis-db(Optional) Database to be selected after connecting to the server.string
REDIS_DBredis-password(Optional) Redis password.int0

Connecting to Redis via TLS:

To connect to a redis instance that has TLS enabled, you prepend rediss:// to the beginning of your REDIS_ADDRESS URL, for example, rediss://localhost:6379.


Control the log level.

Environment VariableFlagDescriptionTypeDefault
LOG_LEVELlog-levelControls the log level. Valid options are INFO, DEBUG, and ERRORstringINFO

Offline mode

These are the configuration options applicable for running in offline mode

Environment VariableFlagDescriptionTypeDefault
GENERATE_OFFLINE_CONFIGgenerate-offline-configif set to true, the proxy produces an offline configuration in the mounted /config directory, then terminates.booleanfalse
CONFIG_DIRconfig-dirSpecify a path for the offline config directory. The default is /config.string/config
OFFLINEofflineEnables side loading of data from the config directory.booleanfalse


Adjust the port the relay proxy runs on.

Environment VariableFlagDescriptionTypeDefault
PORTportPort that the proxy service is exposed on.int7000

When running the docker container PORT cannot be set to 8000 as it is reserved for an internal service.

Connection mode between Relay Proxy and Harness SaaS

Some corporate networks may be highly restrictive on allowing SSE connections. If you find that the Relay Proxy starts successfully but fails to receive any updates you may want to use these settings to force the Relay Proxy to poll for changes instead of streaming them.

Environment VariableFlagDescriptionTypeDefault
FLAG_STREAM_ENABLEDflag-stream-enabledSpecifies whether the proxy connects to Harness in streaming mode to get flag changes. Set to false if your network absorbs SSE events.booleantrue
FLAG_POLL_INTERVALflag-poll-intervalHow often in seconds the proxy should poll for flag updates (if stream not connected)int1

Adjust timings

Adjust how often certain actions are performed.

Environment VariableFlagDescriptionTypeDefault
TARGET_POLL_DURATIONtarget-poll-durationHow often in seconds the proxy polls feature flags for Target changes. Set to 0 to disable.int60
METRIC_POST_DURATIONmetric-post-durationHow often in seconds the proxy posts metrics to Harness. Set to 0 to disable.int60
HEARTBEAT_INTERVALheartbeat-intervalHow often in seconds the proxy polls pings it's health function. Set to 0 to disable.int60


Environment VariableFlagDescriptionTypeDefault
TLS_ENABLEDtls-enabledIf true, the proxy will use the tlsCert and tlsKey to run with https enabled.booleanfalse
TLS_CERTtls-certPath to TLS cert file. Required if TLS enabled is true.string
TLS_KEYtls-keyPath to TLS key file. Required if TLS enabled is true.string

Harness URLs

You may need to adjust these if you pass all your traffic through a filter or proxy rather than sending the requests directly.

Environment VariableFlagDescriptionTypeDefault
ADMIN_SERVICEadmin-serviceURL of the ff admin servicestring
CLIENT_SERVICEclient-serviceURL of the ff client servicestring
METRIC_SERVICEmetric-serviceURL of the ff metric servicestring
SDK_BASE_URLsdk-base-urlURL for the embedded SDK to connect tostring
SDK_EVENTS_URLsdk-events-urlURL for the embedded SDK to send metrics tostring


Environment VariableFlagDescriptionTypeDefault
BYPASS_AUTHbypass-authBypasses authentication for connecting sdksbooleanfalse
AUTH_SECRETauth-secretThe secret used for signing the authentication token generated by the Proxy.stringsecret


Flags that can help when developing the proxy.

Environment VariableFlagDescriptionTypeDefault
PPROFpprofEnables pprof on port 6060booleanfalse
GCP_PROFILER_ENABLEDgcp-profiler-enabledEnables the gcp cloud profilerbooleanfalse