Configuration

Containerised Canvus server is configured primarily through environment variables in podman-compose.yml. This is the recommended approach — no file editing inside containers required.

Advanced users can also use the mt-canvus-server.ini configuration file by placing it at /canvus-data/config/mt-canvus-server.ini.

Environment variables

Edit podman-compose.yml and set variables under the canvus service's environment: block.

After changing any variable, restart the containers:

sudo podman-compose down
sudo podman-compose up -d

Required variables

Variable	Description	Example
`CANVUS_EXTERNAL_URL`	Public URL clients use to reach the server	`https://canvus.example.com`
`CANVUS_ADMIN_EMAIL`	Email address for the initial admin account	`admin@yourcompany.com`
`CANVUS_ADMIN_PASSWORD`	Password for the initial admin account	`YourSecurePassword123!`
`POSTGRES_PASSWORD`	Database password (must match postgres service)	`a-strong-database-password`

Note

CANVUS_ADMIN_EMAIL and CANVUS_ADMIN_PASSWORD are only used on first startup to create the initial admin account. Changing them after first startup has no effect.

Optional variables

Variable	Description	Default
`CANVUS_LICENSE_KEY`	License activation key (auto-activates on startup)	empty
`CANVUS_HTTPS_PORT`	HTTPS port inside the container	`443`

Example `podman-compose.yml` environment block

services:
  canvus:
    environment:
      CANVUS_EXTERNAL_URL: https://canvus.example.com
      CANVUS_ADMIN_EMAIL: admin@yourcompany.com
      CANVUS_ADMIN_PASSWORD: YourSecurePassword123!
      POSTGRES_PASSWORD: a-strong-database-password
      # CANVUS_LICENSE_KEY: XXXX-XXXX-XXXX-XXXX
  postgres:
    environment:
      POSTGRES_PASSWORD: a-strong-database-password

Advanced: `mt-canvus-server.ini`

For settings not exposed as environment variables, you can use the ini configuration file. Place it at:

/canvus-data/config/mt-canvus-server.ini

The server reads this file on startup. Settings in the ini file take precedence over their environment variable equivalents where both are set.

See the ini file sections below for available settings. The server installation includes an example file with all supported settings documented.

Specify external URL

[system]
; URL on which Canvus will be reachable.
; DEFAULT: empty (auto-detected)
; external-url=

Specify database

[sql]
; PSQL server port to use
; DEFAULT: 5432
; port=5432

; Name of the database to use
; DEFAULT: empty
; databasename=

; Set the username for DB login.
; DEFAULT: empty
; username=

; Set the password for DB login.
; DEFAULT: empty
; password=

Define accepted connections

[system]
; The address where the server will listen for the connections
; DEFAULT: 0.0.0.0 (all available networks)
; address=0.0.0.0

; Port where the server will listen for the connections
; DEFAULT: 443 (SSL), 80 (TCP)
; port=443

; Enable encrypted HTTPS or TLS connections
; DEFAULT: true
; ssl-enabled=true

; Redirect HTTP to HTTPS
; DEFAULT: true
; http-redirect-enabled=true

Setup certificates for encrypted connections

[certificates]
; Certificate file name (.pem)
; DEFAULT: empty (auto-generates self-signed cert)
; certificate-file=

; Certificate private key file name (.pem)
; DEFAULT: empty
; certificate-key-file=

; Certificate chain file name (.pem)
; DEFAULT: empty
; certificate-chain-file=

Tip

If you leave these empty, Canvus automatically generates a self-signed certificate on first startup. Place CA-signed certificates in /canvus-data/certs/ and reference them here for production deployments.

Define authentication methods

[authentication]
; Enables authentication using email and password
; DEFAULT: true
; password-enabled=true

; Enables creation of new local accounts
; DEFAULT: true
; password-sign-up-enabled=true

; Enables authentication using SAML
; DEFAULT: false
; saml-enabled=false

; Enables creating new accounts using SAML
; DEFAULT: true
; saml-sign-up-enabled=true

; Enables QR code authentication
; DEFAULT: true
; qr-code-enabled=true

; Comma-separated list of domains allowed for new accounts
; Wildcards allowed. DEFAULT: *
; sign-up-allow-list=*

; Require admin approval for new sign-ups
; DEFAULT: false
; require-admin-approval=false

Configure SAML authentication

[saml]
; ACS URL
; DEFAULT: empty
; acs-url=

; SP Entity ID
; DEFAULT: canvus
; sp-entity-id=canvus

; IDP target URL
; DEFAULT: empty
; idp-target-url=

; IDP Entity ID
; DEFAULT: empty
; idp-entity-id=

; IDP X509 certificate SHA256 fingerprint
; DEFAULT: empty
; idp-cert-fingerprint=

; NameID format
; DEFAULT: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
; name-id-format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Codice folders

[system]
; Require password on all newly-created personal folders
; DEFAULT: false
; enforce-personal-folder-password=false

; Require registration (name + email) on all newly-created personal folders
; DEFAULT: false
; enforce-personal-folder-registration=false

Advanced configuration settings

The configuration file contains additional settings not documented here. These are for advanced operations — do not change them from their defaults unless instructed by MultiTaction support.

Legacy bare-metal installation

On bare-metal installations, the configuration file is mt-canvus-server.ini. See file-locations for its location on Ubuntu and Windows.

There are two versions of the file on each bare-metal server:

An example version for reference. Overwritten on each update.
A working version used by the server. Retained on updates.

Always edit the working version. After editing, restart the Canvus server service for changes to take effect.