Configuration
This page describes all configuration files used by the OpenCVE Docker stack. Review them before running ./install.sh start for the first time.
The prepare command (or ./install.sh with no arguments) copies example files to their active locations:
| File | Purpose |
|---|---|
docker/.env |
Docker Compose environment variables |
docker/conf/opencve.conf.template |
Nginx configuration for OpenCVE |
docker/conf/default.conf.template |
Nginx default site template |
web/opencve/conf/.env |
Django webserver environment |
web/opencve/conf/settings.py |
Django settings overrides |
scheduler/airflow.cfg |
Airflow scheduler configuration |
Use ./install.sh -f prepare to replace existing configuration files with fresh defaults from the examples.
docker/.env
We recommend verifying and updating your docker .env file before the first start.
Security (change before first start)
POSTGRES_PASSWORD_AIRFLOW_WWW_USER_USERNAME_AIRFLOW_WWW_USER_PASSWORDAIRFLOW__CORE__FERNET_KEY
Warning
These variables are applied when Docker Compose creates the containers for the first time. Change them before running ./install.sh start.
If you change POSTGRES_PASSWORD, update OPENCVE_DATABASE_URL in web/opencve/conf/.env accordingly before starting the stack.
Note
To customize the fernet key: how to generate a new fernet key.
Version and ports
OPENCVE_REPOSITORY: Git repository URL (default:https://github.com/opencve/opencve.git)OPENCVE_VERSION: release tag or branch built into Docker images (default:master, set by./install.sh prepare)OPENCVE_PORT: port exposed for the OpenCVE web interface (default:80)AIRFLOW_WEBSERVER_PORT: port exposed for the Airflow UI (default:8080)
The application code is fetched from OPENCVE_REPOSITORY at OPENCVE_VERSION during the Docker build. Updating the running application does not require a git pull of the application code, use ./install.sh upgrade instead (see Operations).
web/opencve/conf/.env
This file exposes important settings used by the OpenCVE webserver:
OPENCVE_DATABASE_URL: database URI. Update it if you changed PostgreSQL parameters indocker/.env. Connection parameters must match in both files.OPENCVE_SECRET_KEY: generated automatically by./install.shon first run (skipped if already set)OPENCVE_*_REPO_PATH: paths to the KB repositories (KB, MITRE, NVD, etc.)OPENCVE_V1_DATABASE: URI of an OpenCVE v1 instance if needed (used for data migration)
web/opencve/conf/settings.py
This file overrides Django default settings defined in web/opencve/conf/base.py.
See the Django settings reference to customize your instance.
scheduler/airflow.cfg
This file configures the Airflow scheduler of OpenCVE.
See the Airflow configuration reference to customize your Airflow instance.
The prepare command sets the DAG start dates to the current date.
Nginx templates
Nginx configuration is managed through templates in docker/conf/:
opencve.conf.template: routes traffic to the Django webserver and serves static filesdefault.conf.template: default site configuration
These are processed by the official nginx:trixie image at container startup.
Email (SMTP)
To enable email notifications, configure SMTP settings in scheduler/airflow.cfg and trigger the check_smtp DAG. See the dedicated SMTP configuration guide.