Docker Compose configuration

View as Markdown

This page explains how to configure Krenalis when you install it using Docker Compose.

To configure environment variables passed to Docker Compose (and thus to Krenalis), it's recommended to create an .env file in your Compose project directory, where you'll place the environment variables for your configuration. For more information about the Docker Compose .env file, see the official documentation. This way, the compose.yaml file downloaded during installation remains unchanged, and it will be easier to update it in the future without losing your configuration.

Exposing Krenalis externally

To expose Krenalis outside your local machine, for example through a reverse proxy, in your .env file set the public URL:

KRENALIS_HTTP_EXTERNAL_URL=https://example.com/

If you expose Krenalis externally, you may want to hide the endpoint that exposes metrics to the /metrics endpoint, which is enabled by default. To do this, you have two options:

  1. Set the KRENALIS_PROMETHEUS_METRICS_ENABLED setting to false to completely disable Prometheus metrics exposure.

  2. Configure a firewall to block access to the /metrics path, where the metrics are exposed. This allows you to continue accessing the metrics, perhaps from the local network where Krenalis is running.

HTTP server port

By default, Docker Compose exposes Krenalis on port 2022. To change this, set the following variable in your .env file:

KRENALIS_DOCKER_COMPOSE_PORT=<port>

Email invitations and password recovery

If you want to invite team members by email or enable password recovery, you need to configure an SMTP server.

To do this, set the required email-related environment variables in your .env file.

If email is not configured, these features are disabled.

Event geolocation enrichment

Krenalis can enrich events with geolocation data if a GeoLite City database file is provided.

To enable this feature:

  1. Download the GeoLite2 City database file

  2. Save it in the storage directory created when you downloaded the compose.yaml file

  3. In your .env file, set the file path using the KRENALIS_MAXMIND_DB_PATH environment variable:

    KRENALIS_MAXMIND_DB_PATH=/var/krenalis/storage/GeoLite2-City.mmdb

    replacing GeoLite2-City.mmdb with the file name in your storage directory, if different.

Transformations with AWS Lambda

By default, Krenalis runs JavaScript and Python transformations using the Node.js and Python runtimes provided by Docker.

This setup is meant to make it easy to try Krenalis. The runtimes run with limited permissions and no write access to the file system, to reduce the impact of accidental errors. This is not a security mechanism.

For any environment that is not just for testing, or where third parties can access the system, you should use AWS Lambda for transformations.

To enable AWS Lambda, in your .env file set:

KRENALIS_TRANSFORMER_PROVIDER=aws-lambda

and then set the necessary AWS Lambda environment variables.

Alternatively, you can rely only on Visual Mapping by setting the variable to an empty string:

KRENALIS_TRANSFORMER_PROVIDER=

Telemetry

Krenalis collects a small amount of anonymous telemetry data to help improve Krenalis over time.

This data helps us understand how Krenalis is used in general and to identify recurring issues. It never includes personal information or user data, and the server IP address is obfuscated.

Telemetry is enabled by default. You can limit or disable it by setting the KRENALIS_TELEMETRY_LEVEL environment variable, which is documented here.