-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration Reference
Eric Fitzgerald edited this page Nov 12, 2025
·
1 revision
This page documents all server and web application configuration options for TMI.
The TMI server can be configured via environment variables, YAML configuration files, or .env files.
# Copy and customize the example configuration
cp config-example.yml config-development.yml
# Start the server with custom config
./bin/tmiserver --env=/path/to/config.yml| Variable | Default | Description |
|---|---|---|
SERVER_PORT |
8080 | HTTP/HTTPS server port |
SERVER_INTERFACE |
0.0.0.0 | Network interface to listen on |
SERVER_READ_TIMEOUT |
5s | HTTP read timeout |
SERVER_WRITE_TIMEOUT |
10s | HTTP write timeout |
SERVER_IDLE_TIMEOUT |
60s | HTTP idle timeout |
LOG_LEVEL |
info | Logging level (debug, info, warn, error) |
| Variable | Default | Description |
|---|---|---|
TLS_ENABLED |
false | Enable HTTPS/TLS |
TLS_CERT_FILE |
Path to TLS certificate file | |
TLS_KEY_FILE |
Path to TLS private key file | |
TLS_SUBJECT_NAME |
[hostname] | Subject name for certificate validation |
TLS_HTTP_REDIRECT |
true | Redirect HTTP to HTTPS when TLS enabled |
| Variable | Default | Description |
|---|---|---|
JWT_SECRET |
secret | JWT signing secret (change for production!) |
JWT_EXPIRES_IN |
24h | JWT token expiration |
JWT_SIGNING_METHOD |
HS256 | JWT signing method (HS256/RS256) |
| Variable | Example | Description |
|---|---|---|
OAUTH_CALLBACK_URL |
http://localhost:8080/oauth2/callback | OAuth callback URL |
OAUTH_PROVIDERS_GITHUB_CLIENT_ID |
GitHub OAuth client ID | |
OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET |
GitHub OAuth client secret | |
OAUTH_PROVIDERS_GOOGLE_CLIENT_ID |
Google OAuth client ID | |
OAUTH_PROVIDERS_GOOGLE_CLIENT_SECRET |
Google OAuth client secret | |
OAUTH_PROVIDERS_MICROSOFT_CLIENT_ID |
Microsoft/Azure OAuth client ID | |
OAUTH_PROVIDERS_MICROSOFT_CLIENT_SECRET |
Microsoft/Azure OAuth client secret |
See Setting Up Authentication for detailed OAuth setup instructions.
| Variable | Default | Description |
|---|---|---|
DB_HOST |
localhost | PostgreSQL server host |
DB_PORT |
5432 | PostgreSQL server port |
DB_USERNAME |
postgres | Database username |
DB_PASSWORD |
Database password | |
DB_NAME |
tmi | Database name |
DB_SSLMODE |
disable | SSL mode (disable/require/prefer) |
| Variable | Default | Description |
|---|---|---|
REDIS_HOST |
localhost | Redis server host |
REDIS_PORT |
6379 | Redis server port |
REDIS_PASSWORD |
Redis password (if required) | |
REDIS_DB |
0 | Redis database number |
| Variable | Default | Description |
|---|---|---|
ENV |
development | Environment mode (development/production) |
The TMI UX web application is configured through environment files located in src/environments/.
-
environment.ts- Default development environment -
environment.prod.ts- Production environment -
environment.staging.ts- Staging environment -
environment.test.ts- Test environment -
environment.local.ts- Local development (git-ignored) -
environment.example.ts- Template with documentation
| Setting | Default | Description |
|---|---|---|
production |
false | Enable production mode |
logLevel |
ERROR | Logging verbosity (DEBUG, INFO, WARN, ERROR) |
apiUrl |
https://api.example.com/v1 | API server URL |
authTokenExpiryMinutes |
60 | Authentication token validity |
operatorName |
TMI Operator | Name of service operator |
operatorContact |
contact@example.com | Contact information |
serverPort |
4200 | Server listening port |
serverInterface |
0.0.0.0 | Server listening interface |
enableTLS |
false | Enable HTTPS |
tlsKeyPath |
undefined | Path to TLS private key |
tlsCertPath |
undefined | Path to TLS certificate |
tlsSubjectName |
System hostname | TLS subject name |
# Default environment
pnpm run dev
# Specific environment
pnpm run dev:staging
pnpm run dev:prod
# Custom configuration via environment variables
export TMI_API_URL=http://localhost:8080
pnpm run dev- Copy
src/environments/environment.example.tstosrc/environments/environment.custom.ts - Configure values as needed (at minimum set
apiUrlto your TMI server) - Update
angular.jsonwith configuration if creating persistent build target
{
"configurations": {
"custom": {
"fileReplacements": [
{
"replace": "src/environments/environment.ts",
"with": "src/environments/environment.custom.ts"
}
]
}
}
}When TLS is enabled (TLS_ENABLED=true), clients must use secure WebSocket URLs:
- Use
wss://instead ofws://for WebSocket connections - Example:
wss://your-server.com:8080/ws/diagrams/123
When TLS is disabled, use standard WebSocket URLs:
- Example:
ws://your-server.com:8080/ws/diagrams/123
Use the /api/server-info endpoint to get the correct WebSocket base URL automatically.
The server uses YAML configuration files:
server:
port: "8080"
interface: "0.0.0.0"
tls_enabled: false
database:
postgres:
host: "localhost"
port: "5432"
user: "postgres"
password: ""
database: "tmi"
redis:
host: "localhost"
port: "6379"
auth:
jwt:
secret: "CHANGE_ME"
expiration_seconds: 86400
oauth:
callback_url: "http://localhost:8080/oauth2/callback"See config-example.yml in the tmi repository for complete configuration examples.
- Database-Setup - Configure PostgreSQL and Redis
- Setting-Up-Authentication - Configure OAuth providers
- Deployment Guide - Production configuration
- Development Setup - Development environment
- Using TMI for Threat Modeling
- Accessing TMI
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Metadata and Extensions
- Planning Your Deployment
- Deploying TMI Server
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Monitoring and Health
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks