API Server Config

The Bencher API Server requires a JSON configuration at startup. The configuration can be provided three ways:

BENCHER_CONFIG environment variable: The value should be set to the JSON configuration
BENCHER_CONFIG_PATH environment variable: The value should be set to the path of a file containing the JSON configuration
/etc/bencher/bencher.json file: A file at this location containing the JSON configuration

If no configuration is found, then a default configuration is loaded.

To update the configuration while the server is running, an admin can use the CLI bencher server config update command which hits the PUT /v0/server/config endpoint. All updated configurations are saved to the BENCHER_CONFIG environment variable and on disk at BENCHER_CONFIG_PATH.

Example JSON configuration:

{
  "console": {
    "url": "https://bencher.example.com"
  },
  "security": {
    "issuer": "https://api.bencher.example.com",
    "secret_key": "UJu7Cpxb-zFaJYqXD-3mDDSDyj-ZvfxZFZs-X58xjxPy"
  },
  "server": {
    "bind_address": "0.0.0.0:61016",
    "request_body_max_bytes": 1048576,
    "tls": {
      "type": "as_file",
      "cert_file": "/path/to/cert.pem",
      "key_file": "/path/to/key.pem"
    }
  },
  "logging": {
    "name": "Bencher API",
    "log": {
      "stderr_terminal": {
        "level": "info"
      }
    },
  },
  "database": {
    "file": "/var/lib/bencher/data/bencher.db",
    "data_store": {
      "service": "aws_s3"
      "access_key_id": "ABC123DoRemMiABC123",
      "secret_access_key": "AA3Chr-JSF5sUQqKwayx-FvCfZKsMev-5BqPpcFC3m7",
      "access_point": "arn:aws:s3:some-region-1:123456789:accesspoint/my-bucket/path/to/backup/dir"
    }
  },
  "smtp": {
    "hostname": "mailbonobo.com",
    "port": 587,
    "starttls": true,
    "username": "bencher",
    "secret": "WM3F2u9cqSNdBPLfy9sJ5kk9",
    "from_name": "Bencher",
    "from_email": "info@bencher.example.com"
  },
  "plus": {
    "disaster_recovery": {
      "busy_timeout": 5000,
      "replicas": [
        {
          "scheme": "s3",
          "bucket": "my-bucket",
          "path": "path/to/replicate",
          "access_key_id": "ABC123DoRemMiABC123",
          "secret_access_key": "AA3Chr-JSF5sUQqKwayx-FvCfZKsMev-5BqPpcFC3m7"
        }
      ]
    },
    "stats": {
      "offset": 11242,
      "enabled": true
    }
  }
}

`console`

Name	Example	Default	Required	Description
url	”https://bencher.example.com”	”http://localhost:3000”	Yes	Specifies the URL for the Bencher Console host.

`security`

Name	Example	Default	Required	Description
issuer	”https://api.bencher.example.com”	“bencher.dev”	No	Specifies the JSON Web Token (JWT) issuer. WARNING Changing this value will cause all previously generated JWTs to no longer validate.
secret_key	“UJu7Cpxb-zFaJYqXD-3mDDSDyj-ZvfxZFZs-X58xjxPy”	Random UUID v4	Yes	Specifies the the key used to generate all tokens. IT SHOULD BE VERY SECURE! The default value is a randomly generated UUID v4. Whenever logged, it will appear obfuscated as `************`.

`server`

This section is based on the Dropshot server configuration.

Name	Example	Default	Required	Description
bind_address	“0.0.0.0:61016”	“0.0.0.0:61016”	Yes	Specifies that the server should bind to the given IP address and TCP port. In general, servers can bind to more than one IP address and port, but this is not (yet?) supported.
request_body_max_bytes	1048576	1048576	Yes	Specifies the maximum number of bytes allowed in a request body. Larger requests will receive a 400 error.
tls.type	“as_file”	---	No	Specifies if and how TLS certificate and key information is provided. Valid values include “as_file” and “as_bytes”.
tls.cert_file	“/path/to/cert.pem”	---	Only if tls.type = as_file	Specifies the path to a PEM file containing a certificate chain for the server to identify itself with. The first certificate is the end-entity certificate, and the remaining are intermediate certificates on the way to a trusted CA. If specified, the server will only listen for TLS connections.
tls.key_file	“/path/to/key.pem”	---	Only if tls.type = as_file	Specifies the path to a PEM-encoded PKCS #8 file containing the private key the server will use. If specified, the server will only listen for TLS connections.
tls.certs	---	---	Only if tls.type = as_bytes	Identical to tls.cert_file, but provided as an array of bytes of certificate data.
tls.key	---	---	Only if tls.type = as_bytes	Identical to tls.key_file, but provided as an array of bytes of key data.

`logging`

This section is based on the Dropshot logging configuration.

Name	Example	Default	Required	Description
name	“Bencher API”	“Bencher API”	Yes	Specifies the name of the logger.
log.mode	“stderr_terminal”	“stderr_terminal”	Yes	Controls where server logging will go. Valid modes are “stderr-terminal” and “file”. If the mode is `“stderr-terminal”, human-readable output, with colors and other terminal formatting if possible, will be sent to stderr. If the mode is “file”, Bunyan-format output will be sent to the filesystem path given by log.path. See also log.if_exists, which controls the behavior if the destination path already exists.
log.level	“info”	“info”	Yes	Specifies what severity of log messages should be included in the log. Valid values include “trace”, “debug”, “info”, “warn”, “error”, and “critical”, which are increasing order of severity. Log messages at the specified level and more severe levels will be included in the log.
log.path	---	---	Only if log.mode = “file”	If log.mode is “file”, this property determines the path to the log file. See also log.if_exists.
log.if_exists	---	---	Only if log.mode = “file”	If log.mode is “file”, this property specifies what to do if the destination log file already exists. Valid values include “append” (which appends to the existing file), “truncate” (which truncates the existing file and then uses it as though it had just been created), and “fail” (which causes the server to exit immediately with an error).

`database`

Name	Example	Default	Required	Description
file	“path/to/database.db”	“/var/lib/bencher/data/bencher.db”	Yes	Controls where server database will go.
data_store.service	“aws_s3”	---	No	Specifies the remote data store service. Valid values are “aws_s3”.
data_store.access_key_id	“ABC123DoRemMiABC123”	---	Only if data_store.service = “aws_s3”	If data_store.service = “aws_s3”, this property specifies the AWS access key ID. See also data_store.service.
data_store.secret_access_key	“AA3Chr-JSF5sUQqKwayx-FvCfZKsMev-5BqPpcFC3m7”	---	Only if data_store.service = “aws_s3”	If data_store.service = “aws_s3”, this property specifies the AWS secret access key. See also data_store.service. Whenever logged, it will appear obfuscated as `************`.
data_store.access_point	“arn:aws:s3:some-region-1:123456789:accesspoint/my-bucket/path/to/backup/dir”	---	Only if data_store.service = “aws_s3”	If data_store.service = “aws_s3”, this property specifies the AWS S3 accesspoint. See also data_store.service.

`smtp`

This section specifies an SMTP service configuration. The entire section is optional. If not specified, all messages will be sent to logging instead.

Name	Example	Default	Required	Description
hostname	“mailbonobo.com”	---	Yes	Specifies the SMTP hostname.
port	587	587	No	Specifies the SMTP port.
starttls	true	true	No	Controls whether the SMTP connection uses the STARTTLS protocol.
username	“bencher”	---	Yes	Specifies the username at the SMTP host.
secret	“WM3F2u9cqSNdBPLfy9sJ5kk9”	---	Yes	Specifies the secret for the username at the SMTP host. Whenever logged, it will appear obfuscated as `************`.
from_name	“Bencher”	---	Yes	Specifies the name that will appear in the from section of all emails.
from_email	”info@bencher.example.com”	---	Yes	Spefifies the email that will appear in the from section of all emails.

`plus`

This section is for features that are covered by the Bencher Plus License.

`plus.github`

This section specifies the configuration for a GitHub App used for OAuth2 authentication. You must have a valid Bencher Plus Enterprise license for at least one organization on the server. The entire section is optional. If not specified, then authentication with GitHub will not be enabled.

Name	Example	Default	Required	Description
client_id	Iv1.12864abcd1232048	---	Yes	Specifies the client ID for your GitHub App. The client ID is different from the app ID. You can find the client ID on the settings page for your app. For more information about navigating to the settings page for your GitHub App, see Modifying a GitHub App registration.
client_secret	00000abcd12345wxyz123456789abcdefgh0000	---	Yes	The client secret for your GitHub App. You can generate a client secret on the settings page for your app.

`plus.disaster_recovery`

This section specifies the disaster recovery configuration. Bencher supports continuously replicating all database changes. For running on demand or scheduled backups, see the database.data_store section of the configuration.

There are five replication schemes:

file: Replicate to a local file path
- path: Path to replicate to
sftp: Replicate over SFTP
- host: Target system hostname
- port: Target system port number
- user: Username on target system
- password: (Optional) Password on target system
- path: (Optional) Path on target system
- key_path: (Optional) Path to SSH key
s3: Replicate to any S3 compatible blob storage
- bucket: Bucket name
- path: (Optional) Path in bucket
- endpoint: (AWS: Optional | Non-AWS: Required) Replication endpoint
- region: (Optional) Bucket region
- access_key_id: S3 access key
- secret_access_key: S3 secret access key
abs: Replicate to Azure Blob Storage
- account_name: Account name
- bucket: Bucket name
- path: (Optional) Path in bucket
- account_key: Azure account key
gcs: Replicate to Google Cloud Storage
- bucket: Bucket name
- path: (Optional) Path in bucket
- GOOGLE_APPLICATION_CREDENTIALS: Environment variable set to file path pointing to service account credentials

All five replica schemes have the following additional options:

retention: (Optional) The amount of time that snapshot & WAL files will be kept. After the retention period, a new snapshot will be created and the old one will be removed. WAL files that exist before the oldest snapshot will also be removed. Defaults to 24h.
retention_check_interval: (Optional) Specifies how often Bencher will check if retention needs to be enforced. Defaults to 1h.
snapshot_interval: (Optional) Specifies how often new snapshots will be created. This is used to reduce the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots. If you do not set a snapshot interval then a new snapshot will be created whenever retention is performed. Retention occurs every 24 hours by default.
validation_interval: (Optional) When specified, Bencher will automatically restore and validate that the data on the replica matches the local copy. Disabled by default. Enabling this may significantly increase the cost of running Bencher as most cloud services charge for downloads.
sync_interval: (Optional) Frequency in which frames are pushed to the replica. Defaults to 1s. Increasing frequency can increase cloud storage costs significantly.

Name	Example	Default	Required	Description
busy_timeout	5000	5000	No	Specifies the busy timeout for the database in milliseconds.
replicas	[ … ]	---	Yes	Specifies an array of replicas.
replicas[replica]	{ … }	---	Yes	Specifies a replica object.
replicas[replica].scheme	“s3”	---	Yes	Specifies the replication scheme. For all other `replica` keys, see the list above.

`plus.stats`

This section specifies if and when server statistics are collected. The entire section is optional. If not specified, the listed default values will be used. That is, server statistics are opt-out. Set enabled to false to disable server statistics.

Name	Example	Default	Required	Description
offset	11242	11242	No	Specifies the offset from midnight in seconds for server statistics collection. By default it runs at 03:07:22 UTC.
enabled	true	true	No	Controls whether server statistics are collected. Set to `false` to opt-out.

Published: Sat, August 12, 2023 at 4:07:00 PM UTC | Last Updated: Fri, June 21, 2024 at 6:14:00 PM UTC