Server configuration
As the Server is based on Spring framework, it follows its configuration standards. You can configure Tolgee by providing
a configuration file, provide configuration properties as command line arguments when you run Tolgee with java -jar command, or as environment variables.
Example configuration files:
- YAML
- .env
- application.properties
tolgee:
authentication:
initial-password: admin
initial-username: admin
jwt-secret: my_jwt_secret
machine-translation:
google:
api-key: my_google_api_key
smtp:
auth: true
from: Tolgee <no-reply@mydomain.com>
host: email-smtp.regional-region.amazonaws.com
password: 'omg/my/password'
port: 465
ssl-enabled: true
username: user@company.com
Server settings
Prefix: server
These properties are used to configure the server.
portPort on which Tolgee exposes itself. (default:
8080)
Spring settings
Prefix: spring
These properties are used to configure Spring framework.
Data source settings
Prefix: spring.datasource
Since Tolgee is built on Spring framework, you have to edit following configuration props to configure its database connection. These properties can be omitted when using Postgres autostart, which is enabled by default.
urlThe url of the datasource in format
jdbc:postgresql://<host>:<port>/<dbname>. e.g.jdbc:postgresql://db:5432/postgresusernameDatabase username. e.g.
postgrespasswordDatabase password. e.g.
postgres
Tolgee
Prefix: tolgee
Configuration specific to Tolgee.
file-storage-urlPublic base path where files are accessible. Used by the user interface.
front-end-urlPublic URL where Tolgee is accessible. Used to generate links to Tolgee (e.g. email confirmation link).
max-screenshots-per-keyMaximum amount of screenshots which can be uploaded per API key. (default:
20)max-translation-text-lengthMaximum length of translations. (default:
10000)max-upload-file-sizeMaximum size of uploaded files (in kilobytes). (default:
51200≈ 50MB)
Authentication
Prefix: tolgee.authentication
Configuration of Tolgee's authentication.
create-initial-userIf true, Tolgee creates initial user on first start-up. (default:
true)enabledWhether authentication is enabled. If not, Tolgee will create implicit user on first startup and will automatically log you in. No login page shows, no permissions are managed. This is very useful, when you want to use Tolgee on your local machine, or you just want to test it. (default:
true)initial-passwordPassword of initial user. If unspecified, a random password will be generated and stored in the
initial.pwdfile, located at the root of Tolgee's data path.initial-usernameUsername of initial user. (default:
admin)jwt-expirationExpiration time of generated JWT tokens in milliseconds. (default:
604800000≈ 7 days)jwt-secretSecret used to sign JWT authentication tokens with. It will be generated automatically, if not provided. You will be fine with 64 characters long random string. Generated automatically, if not provided. If running multiple replicas, it's required to set it or otherwise you will be constantly logged out.
jwt-super-expirationExpiration time of generated JWT tokens for superuser in milliseconds. (default:
3600000≈ 1 hour)native-enabledWhether user credentials are stored in Tolgee's database. If you would like to use LDAP, set this to
false. (default:true)needs-email-verificationWhether users need to verify their email addresses when creating their account. Requires a valid SMTP configuration. (default:
false)registrations-allowedEnable/disable sign ups into Tolgee. (default:
false)secured-image-retrievalWhether image assets should be protected by Tolgee. When enabled, all images are served with a secure token valid for a set period of time to prevent unauthorized access to images. (default:
false)secured-image-timestamp-max-ageExpiration time of a generated image access token in seconds. (default:
600000≈ one week)user-can-create-organizationsWhether regular users are allowed to create organizations. When
false, only administrators can create organizations. By default, when the user has no organization, one is created for them; this doesn't apply when this setting is set tofalse. In that case, the user without organization has no permissions on the server. (default:true)
GitHub
Prefix: tolgee.authentication.github
GitHub authentication can be used in combination with LDAP or native authentication.
authorization-urlURL to the OAuth authorization screen. Useful if you want to authenticate against a self-hosted GitHub Enterprise Server. (default:
https://github.com/login/oauth/access_token)client-idOAuth Client ID, obtained in GitHub administration.
client-secretOAuth Client secret, obtained in GitHub administration.
user-urlURL to GitHub's
/userAPI endpoint. Useful if you want to authenticate against a self-hosted GitHub Enterprise Server. (default:https://api.github.com/user)
Google
Prefix: tolgee.authentication.google
The following instructions explain how to set up Google OAuth. Setting up OAuth 2.0.
authorization-urlURL to Google
/tokenAPI endpoint. This usually does not need to be changed. (default:https://oauth2.googleapis.com/token)client-idOAuth Client ID, obtained in Google Cloud Console.
client-secretOAuth Client secret, obtained in Google Cloud Console.
user-urlURL to Google
/userinfoAPI endpoint. This usually does not need to be changed. (default:https://www.googleapis.com/oauth2/v3/userinfo)workspace-domainThe registration can be limited to users of a Google Workspace domain. If nothing is set, anyone can log in with their Google account.
LDAP
Prefix: tolgee.authentication.ldap
This feature is experimental!
LDAP authentication can be used in combination with GitHub or native authentication.
Tolgee can use a LDAP server to authenticate users. This is very useful if you already use LDAP as a primary mean of authentication for other services.
base-dnLDAP base DN. For example
dc=example,dc=comenabledWhether LDAP authentication is enabled. If enabled, you need to set all remaining properties below. (default:
false)portLDAP server host
principal-passwordLDAP password for the manager DN
security-principalLDAP manager DN. For example
cn=admin,dc=example,dc=comurlsLDAP server URLs. For example
ldap://localhost:389user-dn-patternLDAP user search filter. For example
(uid={0})
OAuth2
Prefix: tolgee.authentication.oauth2
OAuth 2.0 is the industry-standard protocol for authorization. This enables the integration of a wide range of authorization providers into tolgee, such as Auth0, KeyCloak, Okta and others.
authorization-urlURL to OAuth2 authorize API endpoint. This endpoint will exposed to the frontend.
client-idOAuth2 Client ID
client-secretOAuth2 Client secret
scopesOauth2 scopes (as list) Tolgee absolutely requires rights to view the email and user information (also known as openid data). In most cases the scopes
openid email profileis used for this. (But can also be different depending on the provider) (default:[])token-urlURL to OAuth2 token API endpoint.
user-urlURL to OAuth2 userinfo API endpoint.
user-can-create-projectsRemoved in: 2.33.0
Whether regular users are allowed to create projects. When disabled, only administrators can create projects (default:
true)
Batch operations
Prefix: tolgee.batch
Configuration of batch operations.
concurrencyHow many parallel jobs can be run at once on single Tolgee instance (default:
1)
Cache
Prefix: tolgee.cache
At the expense of higher memory footprint, Tolgee can use a cache to reduce the stress on the database and fetch the data it needs faster. Cache is also used to track certain states, such as rate limits.
caffeine-max-sizeMaximum size of the Caffeine cache. When exceeded, some entries will be purged from cache. Set to -1 to disable size limitation. This has no effect when Redis cache is used. See Caffeine's documentation about size-based eviction (default:
-1)default-ttlTTL of cache data, in milliseconds. (default:
7200000≈ 2 hours)enabledWhether Tolgee should use a cache. (default:
false)use-redisWhether Tolgee should use Redis to store cache data instead of storing it in-memory.
infoIn a distributed environment, you should use a Redis server to ensure consistent enforcement of rate limits, as they heavily rely on cache. For a simple single-node deployment, in-memory cache is sufficient.
File storage
Prefix: tolgee.file-storage
Configuration of Tolgee file storage.
fs-data-pathPath to directory where Tolgee will store its files. (default:
~/.tolgee/, with docker/data/)
S3
Prefix: tolgee.file-storage.s3
Tolgee supports storing its files on an S3-compatible storage server. When enabled, Tolgee will store all its files on the S3 server rather than in filesystem.
access-keyAccess key for the S3 server. (optional if you are authenticating with a different method, like STS Web Identity)
bucket-nameName of the bucket where Tolgee will store its files.
enabledWhether S3 is enabled. If enabled, you need to set all remaining properties below. (default:
false)endpointHas to be set to a service endpoint: https://docs.aws.amazon.com/general/latest/gr/s3.html
secret-keySecret key for the access key. (optional if you are authenticating with a different method, like STS Web Identity)
signing-regionHas to be set to a signing region: https://docs.aws.amazon.com/general/latest/gr/s3.html
Import
Prefix: tolgee.import
Bulk-imports exported json files in the database during startup. Useful to quickly provision a development server, and used for testing.
base-language-tagThe language tag of the base language of the imported projects. (default:
en)create-implicit-api-keyWhether an implicit API key should be created.
The key is built with a predictable format:
${lowercase filename (without extension)}-${initial username}-imported-project-implicitdangerWhile this is useful for tests, make sure to keep this disabled if you're importing projects on a production server as trying this predictable key may be the first thing an attacker will attempt to gain unauthorized access!
dirFile path of the directory where the file to import are located.
Machine Translation
Prefix: tolgee.machine-translation
Configuration of Machine Translation services.
free-credits-amountAmount of machine translations users of the Free tier can request per month. Used by Tolgee Cloud, see pricing. Set to
-1to disable credit-based limitation. (default:-1)
AWS Amazon Translate
Prefix: tolgee.machine-translation.aws
See AWS's Amazon Translate page for more information and applicable pricing.
access-keyAWS access key. (optional if you are authenticating with a different method, like STS Web Identity)
default-enabledWhether AWS-powered machine translation is enabled. (default:
true)default-primaryWhether to use AWS Amazon Translate as a primary translation engine. (default:
false)enabledIf you are authenticating using a different method than explicit access key and secret key, which implicitly enable AWS Translate, you should enable AWS Translate using this option.
regionAWS region. (default:
eu-central-1)secret-keyAWS secret key. (optional if you are authenticating with a different method, like STS Web Identity)
Azure Cognitive Translation
Prefix: tolgee.machine-translation.azurecognitive
See Azure Cognitive Translation page for more information and applicable pricing.
auth-keyAzure Cognitive Translation auth key.
default-enabledWhether Azure Cognitive Translation is enabled. (default:
true)default-primaryWhether to use Azure Cognitive Translation as a primary translation engine. (default:
false)regionAzure Cognitive Translation region.
Baidu Translate
Prefix: tolgee.machine-translation.baidu
See Baidu's page (in Chinese) for more information and applicable pricing.
actionWhether the resulting translation should be changed according to the user-defined dictionary. The dictionary used can be modified at Manage Terms (login required). (default:
false)app-idBaidu Translate App ID.
app-secretBaidu Translate Secret key.
default-enabledWhether Baidu-powered machine translation is enabled. (default:
true)default-primaryWhether to use Baidu Translate as a primary translation engine. (default:
false)
DeepL
Prefix: tolgee.machine-translation.deepl
See DeepL's page for more information and applicable pricing.
auth-keyDeepL auth key. Both key types (commercial and free) are supported.
default-enabledWhether DeepL-powered machine translation is enabled. (default:
true)default-primaryWhether to use DeepL as a primary translation engine. (default:
false)formalityWhether the translated text should lean towards formal or informal language. See DeepL's documentation for supported languages and details. (default:
default)
Google Cloud Translation
Prefix: tolgee.machine-translation.google
See Google Cloud Translation page for more information and applicable pricing.
api-keyGoogle Cloud Translation API key.
default-enabledWhether Google-powered machine translation is enabled. (default:
true)default-primaryWhether to use Google Cloud Translation as a primary translation engine. (default:
true)
Postgres autostart
Prefix: tolgee.postgres-autostart
Defines whether and how is PostgreSQL started on Tolgee startup.
container-nameThe container name of the Postgres container. This setting is applicable only for
DOCKERmode. (default:tolgee_postgres)database-nameThe name of the database created to store Tolgee data. (default:
postgres)enabledWhether to start PostgreSQL on Tolgee startup. (default:
true)modeHow is Tolgee running PostgreSQL.
Options:
DOCKER- Tolgee tries to run Postgres Docker container in your machine. This is default option when running Tolgee using Java. See Running with Java.EMBEDDED- Tolgee tries to run it's embedded PostgreSQL which is bundled in thetolgee/tolgeeDocker image. (default:DOCKER)
passwordDatabase password to bootstrap Postgres with. (default:
postgres)portThe port of Postgres to listen on host machine. This setting is applicable only for
DOCKERmode. (default:25432)userDatabase user to bootstrap Postgres with. (default:
postgres)
Rate limits
Prefix: tolgee.rate-limits
Configuration of rate limits. By default Tolgee Platform limits requests to endpoints according to these rules:
- Single IP is not allowed to request more than 20 000 times in 5 minutes
- Single IP is not allowed to request public endpoints (authentication, sign-ups) more than 1000 times per hour
- Single authenticated user cannot do more than 400 requests per minute
enabledTo turn these rate limits off, set this value to
false. (default:true)
reCAPTCHA
Prefix: tolgee.recaptcha
When configured, reCAPTCHA v3 is used to protect the sign up page against bots. By default, reCAPTCHA is disabled.
To enable it, you first need to register a new site on reCAPTCHA. Make sure to select reCAPTCHA v3 when registering your site.
secret-keySecret key for communication between your site and reCAPTCHA.
site-keySite key for use the HTML code your site serves to users.
Sentry
Prefix: tolgee.sentry
Tolgee uses Sentry for error reporting.
client-dsnClient DSN. If unset, error reporting is disabled on the server.
server-dsnServer DSN. If unset, error reporting is disabled on the server.
traces-sample-rateSample rate for Sentry traces. If unset, traces are disabled on the server.
SMTP
Prefix: tolgee.smtp
Configuration of SMTP server used to send emails to your users like password reset links or notifications.
For AWS SES it would look like this:
tolgee.smtp.host=email-smtp.eu-central-1.amazonaws.com
tolgee.smtp.username=*****************
tolgee.smtp.password=*****************
tolgee.smtp.port=465
tolgee.smtp.auth=true
tolgee.smtp.ssl-enabled=true
tolgee.smtp.from=Tolgee <no-reply@tolgee.yourserver.something>
authWhether authentication is enabled. (default:
false)fromThe sender name and address in standard SMTP format.
hostSMTP server host
passwordPassword for SMTP authentication
portSMTP server port (default:
25)ssl-enabledWhether SSL is enabled. (default:
false)tls-enabledWhether TLS is enabled. (default:
false)tls-requiredWhether SSL is required. (default:
false)usernameThe username for SMTP authentication
Telemetry
Prefix: tolgee.telemetry
By default, self-hosted instances send anonymous data about usage to help us improve Tolgee.
This was added in Tolgee Platform v3.23.0
Once a day we collect following data
- number of projects
- number of languages
- number of translations
- number of users
We don't collect any other data. Please leave telemetry enabled to help us improve Tolgee.
enabledWhether telemetry is enabled (default:
true)
Websocket
Prefix: tolgee.websocket
Configuration specific to the use of Websocket.
use-redisWhether to use Redis for Websocket events (default:
false)
Full configuration example
- YAML
- .env
- application.properties
Details
server:
port: 8080
spring:
datasource:
url:
username:
password:
tolgee:
file-storage-url:
front-end-url:
max-screenshots-per-key: 20
max-translation-text-length: 10000
max-upload-file-size: 51200
authentication:
create-initial-user: true
enabled: true
initial-password:
initial-username: admin
jwt-expiration: 604800000
jwt-secret:
jwt-super-expiration: 3600000
native-enabled: true
needs-email-verification: false
registrations-allowed: false
secured-image-retrieval: false
secured-image-timestamp-max-age: 600000
user-can-create-organizations: true
github:
authorization-url: https://github.com/login/oauth/access_token
client-id:
client-secret:
user-url: https://api.github.com/user
google:
authorization-url: https://oauth2.googleapis.com/token
client-id:
client-secret:
user-url: https://www.googleapis.com/oauth2/v3/userinfo
workspace-domain:
ldap:
base-dn:
enabled: false
port:
principal-password:
security-principal:
urls:
user-dn-pattern:
oauth2:
authorization-url:
client-id:
client-secret:
scopes: []
token-url:
user-url:
batch:
concurrency: 1
cache:
caffeine-max-size: -1
default-ttl: 7200000
enabled: false
use-redis: false
file-storage:
fs-data-path: ~/.tolgee/
s3:
access-key:
bucket-name:
enabled: false
endpoint:
secret-key:
signing-region:
import:
base-language-tag: en
create-implicit-api-key: false
dir:
machine-translation:
free-credits-amount: -1
aws:
access-key:
default-enabled: true
default-primary: false
enabled:
region: eu-central-1
secret-key:
azure:
auth-key:
default-enabled: true
default-primary: false
region:
baidu:
action: false
app-id:
app-secret:
default-enabled: true
default-primary: false
deepl:
auth-key:
default-enabled: true
default-primary: false
formality: default
google:
api-key:
default-enabled: true
default-primary: true
postgres-autostart:
container-name: tolgee_postgres
database-name: postgres
enabled: true
mode: DOCKER
password: postgres
port: 25432
user: postgres
rate-limits:
enabled: true
recaptcha:
secret-key:
site-key:
sentry:
client-dsn:
server-dsn:
traces-sample-rate:
smtp:
auth: false
from:
host:
password:
port: 25
ssl-enabled: false
tls-enabled: false
tls-required: false
username:
telemetry:
enabled: true
websocket:
use-redis: false