Configuring the server
The server config settings control aspects of the race server itself.
You may find that you can accept the default values for most (possibly all!) settings — with the exception of BUGGY_RACE_SERVER_URL.
The BUGGY_RACE_SERVER_URL setting is critically important because there are various places where race server needs to generate absolute URLs. It uses this value (and not self-inspection) to determine what they should be.
If the hostname of the server you’ve used to access the admin interface differs from the BUGGY_RACE_SERVER_URL, the server will add a button to load the current, active value.
Config settings (“Server”)
| Setting | Description |
|---|---|
BUGGY_RACE_SERVER_URL | Full (“base”) URL of this server (do not include a trailing slash). Default value: http://localhost:8000 |
BUGGY_RACE_SERVER_TIMEZONE | The timezone the race server is running in (that’s almost certainly the timezone you or your classes are in). In the database, all timezones are stored in UTC, but should be converted to this on the way between the server and your (and your students’) screens. If this is an invalid timezone (according to Python), it will revert to UTC. Default value: Europe/London |
IS_STATIC_CONTENT_AUTOGENERATED | The task list and tech notes do not get updated when you change config (or edit tasks): adopt the discipline of manually publishing them whenever you change config (which usually only happens before project has started). However, if you’re hosting the server on a system with an ephemeral file system, static content (including the buggy editor zipfile, if you’re serving that) will not survive a restart. Set IS_STATIC_CONTENT_AUTOGENERATED to automatically re-publish any static content when the server starts up. Note that this only re-publishes (by inspecting timestamps). If you’re hosting on a basic Heroku installation, switch this to Yes. If you’ve got a peristent file system (that includes Docker, because the published directory is a shared volume for this reason), choose No. Default value: No |
IS_REDIRECT_HTTP_TO_HTTPS_FORCED | Should the webserver itself force HTTPS? Be careful: this setting will not be helpful if your hosting environment manages this for you (that is, only set this to Yes if you are certain HTTPS requests arrive directly to the app: if you have a process that’s handling requests and connecting with this app locally over HTTP, forcing redirects with this setting may prevent any requests getting through). HTTPS is mandatory for GitHub’s OAuth authentication, or if you’re holding any personal information on students… but this setting does not implement HTTPS — it only forces redirection if the protocol the app sees in incoming requests is (non-secure) HTTP. Default value: No |
IS_PUBLIC_REGISTRATION_ALLOWED | Normally, only a logged-in administrator who knows the AUTHORISATION_CODE can register new users. But if you accidentally end up unable to log in (deleted/demoted user, forgotten password) set this to Yes (or 1) as an environment variable to allow emergency access to the registration page, and create a new (admin) user. You’ll also need to know the auth code (which can also be set via an environment variable if it’s been lost). Default value: No |
IS_BUGGY_DELETE_ALLOWED | Can a student delete their buggy? If not, the buggy exists once they’ve uploaded JSON data for it, and remains until changed by subsequent uploads (which is encouraged). This setting only controls whether students should be able to delete their own buggies (admins always can). If in doubt, choose No. Default value: No |
API_SECRET_TIME_TO_LIVE | The default time-to-live for a users’ API secret, in seconds (for example, 3600 seconds = 1 hour). Default value: 3600 |
IS_API_SECRET_ONE_TIME_PW | Is the API secret always a one-time password? If it is, it won’t work after the first success (and needs to be reset). This does not affect the time-to-live of the secret. The default settings of this and IS_STUDENT_API_OTP_ALLOWED (No and Yes respectively) mean OTPs are not used except where students enable them on their own accounts. Default value: No |
IS_STUDENT_API_OTP_ALLOWED | Can individual students choose to set their own API secret to be different from the default one-time-password behaviour you’ve set with IS_API_SECRET_ONE_TIME_PW? For example, it’s a little simpler for students to get the API working if it’s not an OTP — but by setting this to Yes they can opt in or out. Default value: Yes |
IS_SHOWING_RESTART_SUGGESTION | Do you want the server to suggest you restart it after changing any config settings? Our experience is that normally changing config does not require a restart but in case your implementation would benefit from this, you can switch the suggestions on. Default value: No |
- Previous: Authorisation config
- Next: Organisation config