Skip to main content

Configuration Reference

By default, Dekaf reads the config.yaml file in the current working directory.

You can use DEKAF_ environment variable prefix, following by the configuration field name in the screaming snake case:

DEKAF_LICENSE_ID="33a8cc38-5062-4f30-91d6-31b0797ebfg0"
DEKAF_LICENSE_TOKEN="prod-f6339ce7067c062724ca5e2bb2d36690b3637aed1c5f93e"

The config.yaml have priority over environment variables.

Basic configuration

FieldExampleDescription
port8090The port the server listens on.
dataDir./dataPath to the persistent data directory.

Licensing

FieldExampleDescription
licenseId33a8cc38-5062-4f30-91d6-31b0797ebfg0License ID.
licenseTokenprod-f6339ce7067c062724ca5e2bb2d36690b3637aed1c5f93eLicense token.

Pulsar Instance

FieldExampleDescription
pulsarNamedefaultPulsar instance name.
pulsarColor#ff0000Optional accent color to visually distinguish this instance.
pulsarWebUrlhttp://localhost:8080Pulsar web service URL.
pulsarBrokerUrlpulsar://localhost:6650Pulsar service URL.
pulsarListenerNameexternalAdvertised listener name.
defaultPulsarAuthDefault authentication credentials for all users serialized as JSON. Not recommended to use it in multi-user production environments.

Dekaf <-> Pulsar Instance TLS

FieldDescription
pulsarTlsKeyFilePathPath to the TLS key file.
pulsarTlsCertificateFilePathPath to the TLS certificate file.
pulsarTlsTrustCertsFilePathPath to the trusted TLS certificate file.
pulsarAllowTlsInsecureConnectionConfigure whether the Pulsar client accept untrusted TLS certificate from broker
pulsarEnableTlsHostnameVerificationIt allows to validate hostname verification when client connects to broker over tls. It validates incoming x509 certificate and matches provided hostname(CN/SAN) with expected broker's host name. It follows RFC 2818, 3.1. Server Identity hostname verification. See https://tools.ietf.org/html/rfc2818
pulsarUseKeyStoreTlsIf Tls is enabled, whether use KeyStore type as tls configuration parameter.False means use default pem type configuration.
pulsarSslProviderThe name of the security provider used for SSL connections. Default value is the default security provider of the JVM.
pulsarTlsKeyStoreTypeThe file format of the key store file.
pulsarTlsKeyStorePathThe location of the key store file.
pulsarTlsKeyStorePasswordThe store password for the key store file.
pulsarTlsTrustStoreTypeThe file format of the trust store file.
pulsarTlsTrustStorePathThe location of the trust store file.
pulsarTlsTrustStorePasswordThe store password for the trust store file.
pulsarTlsCiphersA list of cipher suites. This is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. By default all the available cipher suites are supported.
pulsarTlsProtocolsThe SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.3, TLSv1.2 and TLSv1.1.

Running Dekaf behind reverse-proxy

FieldExampleDescription
basePath/dekafWhen running the application behind a reverse-proxy, it may be useful to specify a base path.
publicBaseUrlhttps://dev.my.org/dekafWhen running the application behind a reverse-proxy, you need to provide a public URL to let the application know how to render links and making redirects correctly.

Dekaf <-> Web TLS

warning

Don't forget to set the publicBaseUrl to the public URL of the application, otherwise, the application won't work properly.

Also set the appropriate cookie settings.

FieldDescription
protocolhttp or https
tlsKeyFilePathPath to the TLS key file.
tlsCertificateFilePathPath to the TLS certificate file.

Cookies

FieldDescription
cookieSecuretrue or false. Set it to true if you use the https protocol.
cookieSameSitetrue or false. Set it to true if you use the https protocol.