S4E On-Prem is configured through a .env file located at /opt/s4e/setup/.env. This file is automatically generated by setup.sh from your setup.conf values and the defaults in env/test.env.
You can edit .env directly to customize behavior, then restart affected services.
Core Configuration
| Variable | Description | Default |
|---|---|---|
S4E_BASE_DOMAIN |
Base domain for all subdomains | Set in setup.conf |
ENV |
Deployment environment label | onprem |
TOKEN |
S4E API key for cloud authentication | Set in setup.conf |
S4E_CLOUD_API_URL |
S4E Cloud API endpoint | https://api.s4e.io |
SECRET_KEY |
Application session signing key | Auto-generated |
JWT_SECRET_KEY |
JWT token signing key | Auto-generated |
Database (PostgreSQL)
| Variable | Description | Default |
|---|---|---|
POSTGRES_HOST |
PostgreSQL hostname | db |
POSTGRES_PORT |
PostgreSQL port | 5432 |
POSTGRES_DB |
Database name | Auto-generated |
POSTGRES_USER |
Database username | Auto-generated |
POSTGRES_PASSWORD |
Database password | Auto-generated |
Redis
| Variable | Description | Default |
|---|---|---|
REDIS_CONN_STR |
Redis connection string | redis://redis:6379 |
RabbitMQ
| Variable | Description | Default |
|---|---|---|
RABBITMQ_HOST |
RabbitMQ hostname | rabbitmq |
RABBITMQ_PORT |
RabbitMQ AMQP port | 5672 |
RABBITMQ_USER |
RabbitMQ username | Auto-generated |
RABBITMQ_PASS |
RabbitMQ password | Auto-generated |
RABBITMQ_MANAGEMENT_PORT |
Management UI port | 15672 |
SMTP (Email)
| Variable | Description | Default |
|---|---|---|
MAIL_SENDER_BACKEND |
Mail backend (smtp or ses) |
smtp |
SMTP_HOST |
SMTP server hostname | Set in setup.conf |
SMTP_PORT |
SMTP port | 587 |
SMTP_USER |
SMTP username | Set in setup.conf |
SMTP_PASSWORD |
SMTP password | Set in setup.conf |
SMTP_USE_TLS |
Enable STARTTLS (port 587) | true |
SMTP_USE_SSL |
Enable implicit SSL (port 465) | false |
SMTP_VERIFY_SSL |
Verify server certificate | true |
SMTP_DEFAULT_FROM |
Sender email address | noreply@<domain> |
SMTP_DEFAULT_FROM_NAME |
Sender display name | S4E |
Testing email without a relay
During development or testing, use Mailpit as a local SMTP trap. Set SMTP_HOST to your machine's IP, SMTP_PORT=1025, and SMTP_USE_TLS=false.
DNS
| Variable | Description | Default |
|---|---|---|
WORKER_DNS |
DNS server used by all containers | 8.8.8.8 |
DNS_RESOLVERS |
DNS resolvers used inside scan/crawler code | 8.8.8.8,8.8.4.4 |
Two DNS variables
WORKER_DNS sets the OS-level DNS resolver for Docker containers (via Docker's dns: option). DNS_RESOLVERS is used by the application code in s4e-scan and s4e-crawler for internal DNS resolution logic. Both should generally point to the same DNS server.
Scan Template Sync
| Variable | Description | Default |
|---|---|---|
SCAN_FUNC_PULL_INTERVAL_SEC |
How often to pull scan templates (seconds) | 21600 (6 hours) |
ENABLE_DATABASE_SYNC |
Enable cloud DB sync in scheduler | true |
Harbor (Container Registry)
| Variable | Description |
|---|---|
HARBOR_HOST |
Harbor registry hostname |
HARBOR_USER |
Registry pull username |
HARBOR_PASSWORD |
Registry pull password |
These are set in setup.conf and written to .env during installation.
Performance Tuning
Scan Concurrency
To increase or decrease the number of parallel scan jobs per worker, edit these in .env:
MAX_NUMBER_OF_REQUEUES=12
CS_FOR_NEW_ASSETS_AND_PORTS_CHUNK_SIZE=10000
ASSET_ADDER_BULK_ASSET_HANDLE_SIZE=100