Skip to content

Configuration

This page describes all configuration files used by the OpenCVE Docker stack. Review them before running ./install.sh start for the first time.

The prepare command (or ./install.sh with no arguments) copies example files to their active locations:

File Purpose
docker/.env Docker Compose environment variables
docker/conf/opencve.conf.template Nginx configuration for OpenCVE
docker/conf/default.conf.template Nginx default site template
web/opencve/conf/.env Django webserver environment
web/opencve/conf/settings.py Django settings overrides
scheduler/airflow.cfg Airflow scheduler configuration

Use ./install.sh -f prepare to replace existing configuration files with fresh defaults from the examples.

docker/.env

We recommend verifying and updating your docker .env file before the first start.

Security (change before first start)

  • POSTGRES_PASSWORD
  • _AIRFLOW_WWW_USER_USERNAME
  • _AIRFLOW_WWW_USER_PASSWORD
  • AIRFLOW__CORE__FERNET_KEY

Warning

These variables are applied when Docker Compose creates the containers for the first time. Change them before running ./install.sh start. If you change POSTGRES_PASSWORD, update OPENCVE_DATABASE_URL in web/opencve/conf/.env accordingly before starting the stack.

Note

To customize the fernet key: how to generate a new fernet key.

Version and ports

  • OPENCVE_REPOSITORY: Git repository URL (default: https://github.com/opencve/opencve.git)
  • OPENCVE_VERSION: release tag or branch built into Docker images (default: master, set by ./install.sh prepare)
  • OPENCVE_PORT: port exposed for the OpenCVE web interface (default: 80)
  • AIRFLOW_WEBSERVER_PORT: port exposed for the Airflow UI (default: 8080)

The application code is fetched from OPENCVE_REPOSITORY at OPENCVE_VERSION during the Docker build. Updating the running application does not require a git pull of the application code, use ./install.sh upgrade instead (see Operations).

web/opencve/conf/.env

This file exposes important settings used by the OpenCVE webserver:

  • OPENCVE_DATABASE_URL: database URI. Update it if you changed PostgreSQL parameters in docker/.env. Connection parameters must match in both files.
  • OPENCVE_SECRET_KEY: generated automatically by ./install.sh on first run (skipped if already set)
  • OPENCVE_*_REPO_PATH: paths to the KB repositories (KB, MITRE, NVD, etc.)
  • OPENCVE_V1_DATABASE: URI of an OpenCVE v1 instance if needed (used for data migration)

web/opencve/conf/settings.py

This file overrides Django default settings defined in web/opencve/conf/base.py.

See the Django settings reference to customize your instance.

scheduler/airflow.cfg

This file configures the Airflow scheduler of OpenCVE.

See the Airflow configuration reference to customize your Airflow instance.

The prepare command sets the DAG start dates to the current date.

Nginx templates

Nginx configuration is managed through templates in docker/conf/:

  • opencve.conf.template: routes traffic to the Django webserver and serves static files
  • default.conf.template: default site configuration

These are processed by the official nginx:trixie image at container startup.

Email (SMTP)

To enable email notifications, configure SMTP settings in scheduler/airflow.cfg and trigger the check_smtp DAG. See the dedicated SMTP configuration guide.