Server Configuration

The Helios Server-Side configuration file.

This configuration file can be found under /src/config/server.js(Does not exist by default, but /src/config/server.example.js can be copied as a good starting point). If you are following along with the Getting Started tutorial simply go ahead and type this:

$ cp src/config/server.example.js src/config/server.js
$ code src/config/server.js

This will fire up Visual Studio Code and let you edit the configuration file.

Let's go through all available options. It's important that you actually look through all of them, since your website will not work and have major security issues if you do not adjust some of them.

passwordSecret

passwordSecret: "sol-invictus"

The secret your users passwords will get encrypted with. Helios uses the sha256 Algorithm for encrypting user data.

Do not take this setting lightly, change it to something seriously secure. You will never have to enter it anywhere(unless you update your Helios version), so you don't have make it very memorizable. You cannot ever change this value without corrupting all user accounts.

Choosing a weak password might cause malicious actors to expose your user passwords in the event of a data breach.

cookieSecret

cookieSecret: "7-rays-of-light"

This is the secret your users cookies will get encrypted with. Don't dare to use the same one as the passwordSecret as the encrypted cookie will get sent to the clients, so they are possibly able to decrypt the data and find out the secret.

It may be a good idea to change this every month. However keep in mind that changing this secret will corrupt all active user sessions.

Choosing a weak secret might cause malicious actors to hijack your user sessions.

subscriptionSecret

subscriptionSecret: "winterborn"

This secret is used to encrypt user data if they subscribe to push notifications from your website. You will never have to enter it anywhere(unless you update your Helios version), so you don't have make it very memorizable. You cannot ever change this value without corrupting all user subscriptions.

Choosing a weak secret might cause malicious actors to send push notifications to your users.

webmasterMail

webmasterMail: "webmaster@example.com"

Your E-Mail. You will not get a SSL certificate without a valid mail and will be unable to send push notifications. This is also the mail people yell at if something broke.

defaultUser

defaultUser: {
  id: "admin",
  password: "helios"
}

Once we install the website you need some user account you can log into to get started. This is that account. Keep in mind that passwords can be changed, user names cannot.

maxPayloadSize

maxPayloadSize: require("./client").maxAvatarSize + 100 * 1024

Sounds super techy, but this is simply how large a single request to your website can be at maximum. By default this is set to 100KiB larger than the maximum size of the avatar. (Would be a bad idea to set it lower, for obvious reasons)

certs

Internet

certs: "letsEncrypt"

Oookay, this is where all the encryption fun is. If your website is facing the internet, you have specified valid domains in the client configuration and your webmasterMail is correct you can simply leave this at it's default value and never worry about SSL certificates.

Awesome! (You can thank Let's Encrypt for free and automatic SSL certifcate generation.)

Intranet

certs: {
  allowUnsigned: true,
  key: require("path").resolve(__dirname, "./key.pem"),
  cert: require("path").resolve(__dirname, "./server.crt")
}

Sometimes a webite cannot be made avilable in the internet though(internal company blog, etc...). In this case you also need to manually take care of your SSL certificate.

If you don't care about your users getting a big red warning sign that says "KEEP OUT" every time they visit the website you can just use the above and be done with it.

If you do care(you should!) make sure to have a valid private key and certificate for the server ready(pem, base64 format) and the certificate imported on all client machines. Then copy the key to /src/config/key.pem and the certificate to /src/config/server.crt. Finally set allowUnsigned: false and you are set.

db

db: {
  uris: "mongodb://localhost/helios",
  options: {}
}

This allows you to configure your MongoDB connection. If you installed MongoDB with its default configuration this has a high chance of working out of the box. If you have enabled authentication for your database have a look at the documentation on how the urisshould look like: Mongoose Documentation

If you need specialized behavior you can also tweak the options. See the Mongoose Documentation for details on available options.

agreeGreenlockTos

agreeGreenlockTos: false

Greenlock's(The library we use to create your SSL certificate) license requires you to manually confirm that you agree to its TOS. If you do, set this to agreeGreenlockTos: true.

You do not need to agree to this if you do not use certs: "letsEncrypt".

client

client: require("./client")

The server can also access the client configuration. However the client cannot access the server configuration, so all your secrets are safe with Helios. (This sounds rather creepy, I know.)

Don't change this by the way unless you want to get REALLY fancy.

Getting Started
Configuration
- Client
- Server
- Style
OS specific guides
- Production
- Development/Test
Your Corporate Identity

Provide feedback

Saved searches

Use saved searches to filter your results more quickly