SeekTable

Settings reference for self-hosted SeekTable

You can modify default configuration of SeekTable application by specifying docker container environment variables.

Important: to apply changes in the .env file appropriate container should be re-created. This is performed automatically (only if needed) when you use docker compose up to start the containers.

Image: seektable/seektable   settings file: docker-compose.seektable.env

Variable Default Value Description
SeekTable_ST__BaseUrl / Self-hosted SeekTable application base URL. It is used when SeekTable needs to generate a full URL (for example, in the "Get Link" dialog), and most likely you'll want to specify something like http://your_host_name_or_ip/ (or https if configured).
Note: SeekTable cannot be accessed as a subpath of the domain. Use a dedicated sub-domain to separate it from other web applications.
SeekTable_ST__LogoutReturnUrl (BaseUrl value) Target URL after a logout action.
SeekTable_ST__InstallationId (not set) Unique installation ID that is used to activate advanced features (paid subscriptions).
SeekTable_ST__InstallationOfflineActivation false This option disables automated online activation of installation subscriptions. Normally offline activation is needed only if your server has no internet access; in this case please contact support to get detailed instructions on the offline activation process.
SeekTable_ST__PivotDataService__ExternalBaseUrl http://@host:5200/ Specifies external base URL for web API exposed by 'seektable/pivotdataservice' (for an access from a web browser).
SeekTable_ST__PivotDataService__InternalBaseUrl http://pivotdataservice:5000/ Specifies internal base URL for web API exposed by 'seektable/pivotdataservice' (for an internal access from 'seektable/seektable' container).
SeekTable_ST__Account__StoreAccessKeyHash false By default SeekTable stores user's account 'access key' as a plain value (in the SQLite DB file that is located on the docker volume). Use this setting to store only SHA256 hash of the access key. Please note that if SMTP is configured and public sign-up is allowed user will not able to use sign-up form to get a login link if this user is already registered.
SeekTable_ST__Account__TwoFactorDisabled true Disables the possibility to use/activate 2FA login by users.
SeekTable_ST__Account__TwoFactorRequired false Forces 2FA login for all users: until 2FA login is activated users will not able to use the app.
SeekTable_ST__Account__LoginCookieExpirationMinutes 20160 Controls how much time user's authentication ticket remain valid after the login. Default value corresponds to 14 days.
SeekTable_ST__Account__LoginCookieSlidingExpirationEnabled false Whether to re-issue a new auth cookie with a new expiration time when the app processes a request which is more than halfway through the expiration window.
SeekTable_ST__Account__LoginCookiePersistent true Whether to create a persistent auth cookie when user logs in. This option also affects a default for "Remember me" checkbox (login form).
Note that false value doesn't guarantee that users will logout on browser's close: if browser's "restore session" option is enabled non-persistent cookie is saved between restarts anyway.
SeekTable_ST__Account__LoginFormRememberMeEnabled true Show "Remember me" checkbox in the login form to allow users control persistence of auth cookie. Default state of this checkbox is determined by LoginCookiePersistent setting mentioned above.
SeekTable_ST__PublicReport__UseWebcomboThreshold 20 If number of report parameter dropdown items greater than this threshold webcombo (searchable) is used instead of standard dropdown. You may set 0 if you want to use webcombo in all cases.
SeekTable_ST__PublicReport__LinkAccessControlDefault (empty) This option controls default state of "Link access control" for all new links. Only value that is currently possible is "jwt".
SeekTable_ST__Export__ExportAllDataLimit 50000 Max number of rows in the report export if "Export All Data" is checked.
SeekTable_ST__Appearance__ChartAnimation 1000 Animation delay (in ms) used for charts rendering animation. Use 0 value to disable animations at all.
SeekTable_ST__Appearance__ReportParameterDropdownDynamicRowsLimit 10000 Max number of items loaded into report parameter "Dropdown (dynamic)" editor. WebCombo control used in SeekTable can efficiently handle 100k items and even more.
SeekTable_ST__Appearance__ListViewDefaultLayout tiles Determines a default view type for cubes/reports lists: tiles or table.
SeekTable_ST__Appearance__CubeFormArrayLayout (emtpy) Forces "tabs" or "table" editor for cube members editor on the cube configuration form (disregard screen width / number of cube members). By default "table" is used on screens > 1600px and if number of dimensions/measures < 50; otherwise compact "tabs" layout is used.
SeekTable_ST__Appearance__CubeFormCacheSection false Enables "Cache" section that allows to customize in-memory cache options for each cube separately. By default all cubes use system-default cache settings (see appropriate options for 'seektable/pivotdataservice' below).
SeekTable_ST__Appearance__CubeFormAllowEditJSON false Enables "JSON" button to enable editing raw JSON objects on the cube configuration form (useful for developers).
SeekTable_ST__Connectors__CustomWebApi false Enables "Custom connector (web API)" data source option in the cube configuration form.
SeekTable_ST__Connectors__Sqlite false Enables "Sqlite" connector for SQL cubes to use local sqlite DB file as a data source (a folder with this sqlite file should be mounted for 'seektable/pivotdataservice' container in 'docker-compose.yml'). Only users with "admin" role can create SQLite-based cubes (non-admin users can access SQLite reports/cubes when they are shared).
SMTP settings
SeekTable_ST__Mail__Server (not set) SMTP server host name or IP. If SMTP is not configured SeekTable cannot send emails. If you have "System/users admin" subscription you can configure SMTP settings from the web interface (Admin → System Setup).
SeekTable_ST__Mail__Port (not set) SMTP server port. Typical values are: 25, 465, 587.
SeekTable_ST__Mail__User (not set) SMTP user name if your SMTP server requires authentication.
SeekTable_ST__Mail__Password (not set) SMTP user password if your SMTP server requires authentication.
SeekTable_ST__Mail__TrustCertificate false Enable this option if you want to skip SMTP server certificate validation (useful if self-signed certificate is used or if validation is not possible for some reason).
SeekTable_ST__Mail__AllowLegacySsl false Enable this option if your SMTP server still uses legacy protocols like SSL 2.0/3.0 or TLS 1.0.
SeekTable_ST__Mail__SocketOptions StartTlsWhenAvailable Determines socket options when connecting to SMTP. Possible values are:
  • None (no SSL or TLS encryption)
  • SslOnConnect (the connection should use SSL or TLS encryption)
  • StartTls (use TLS encryption immediately after reading the greeting and capabilities of the server)
  • StartTlsWhenAvailable (use TLS encryption immediately after reading the greeting and capabilities of the server, but only if the server supports the STARTTLS extension)
SeekTable_ST__Mail__Timeout 30000 The timeout for an SMTP client network streaming operations, in milliseconds.
SeekTable_ST__Mail__DefaultFromName SeekTable "From" name for emails sent by SeekTable.
SeekTable_ST__Mail__DefaultFromAddress no-reply@seektable.com "From" address for emails sent by SeekTable.
ShareByEmailRecipientsLimit 5 Max number of recipients for "Share by email" function.
PivotDataService JWT settings
SeekTable_ST__PivotDataService__Jwt__IssuerSigningKeyString (some value) JWT signing key that secures access to 'seektable/pivotdataservice' web API. This should be the same value (at least 16 chars) as for PivotDataService_Auth__Jwt__IssuerSigningKeyString. You may want to set your own signing key to improve the security of your installation.
SeekTable_ST__PivotDataService__Jwt__ValidIssuer ST JWT issuer value for 'seektable/pivotdataservice' web API. This should be the same value as for PivotDataService_Auth__Jwt__ValidIssuer.
SeekTable_ST__PivotDataService__Jwt__TokenDecryptionKeyString (not set) JWT encryption key value for 'seektable/pivotdataservice' web API (at least 32 chars). This should be the same value as for PivotDataService_Auth__Jwt__TokenDecryptionKeyString.
SeekTable_ST__PivotDataService__Jwt__CreateTokenExpirationMinutes 1440 (= 24h) Max lifetime for the JWT (limits max user's session without a web page re-load).
SeekTable_ST__PivotDataService__Jwt__CreateTokenStrongEncryption false Sign/encrypt JWT with SHA512/AES256 instead of SHA256/AES128. If strong encryption is enabled signing key should have at least 32 chars (64 chars for encryption key).
SeekTable web API settings
SeekTable_ST__Api__Jwt__ValidateIssuer true If true JWT issuer is validated when SeekTable web API is accessed.
SeekTable_ST__Api__Jwt__ValidIssuer (not set) JWT issuer value (string) for SeekTable web API.
SeekTable_ST__Api__Jwt__ValidateAudience true If true JWT audience is validated when SeekTable web API is accessed.
SeekTable_ST__Api__Jwt__ValidAudience (not set) JWT audience value (string) for SeekTable web API.
SeekTable_ST__Api__Jwt__ValidateLifetime true If true JWT lifetime is validated when SeekTable web API is accessed.
SeekTable_ST__Api__Jwt__ValidateIssuerSigningKey (not set) If true JWT signature is validated when SeekTable web API is accessed.
SeekTable_ST__Api__Jwt__CreateTokenExpirationMinutes (not set) Max lifetime for JWT generated at "Manage Account"→"Get API Key" (token expires only when ValidateLifetime=true).
SeekTable_ST__Api__Jwt__IssuerSigningKeyString (not set) JWT signing key that secures access to SeekTable web API. This value should have at least 16 chars.
SeekTable_ST__Api__Jwt__TokenDecryptionKeyString (not set) JWT encryption key that secures access to SeekTable web API. This should have at least 16 chars.
SeekTable_ST__Api__Jwt__CreateTokenStrongEncryption (not set) If true JWT is signed/encrypted with SHA512/AES256 instead of SHA256/AES128. When strong encryption is enabled signing key should have at least 32 chars (64 charts for encryption key).
SeekTable_ST__Api__AccountRestoreAllowedForEmail (not set) Login email of the user account with "admin" role that should be able to use the account restore API.
SeekTable_ST__Api__AccountBackupAllowedForEmail (not set) Login email of the user account with "admin" role that should be able to use the account backup API.
SeekTable_ST__Api__AccountManagementAllowedForEmail (not set) Login email of the user account with "admin" role that should be able to use the account management API.
Secure embedding JWT validation settings
SeekTable_ST__PublicReport__AuthJwtUrlParameter (not set) Query string parameter name for the JWT value (if used).
SeekTable_ST__PublicReport__AuthJwtCookieName (not set) Cookie name for the JWT value (if used).
SeekTable_ST__PublicReport__AuthJwt__ValidateIssuer true If true JWT issuer is validated.
SeekTable_ST__PublicReport__AuthJwt__ValidIssuer (not set) JWT issuer value to match.
SeekTable_ST__PublicReport__AuthJwt__ValidateAudience true If true JWT audience is validated.
SeekTable_ST__PublicReport__AuthJwt__ValidAudience (not set) JWT audience value to match.
SeekTable_ST__PublicReport__AuthJwt__ValidateLifetime true If true JWT lifetime is validated.
SeekTable_ST__PublicReport__AuthJwt__IssuerSigningKeyString (not set) JWT signing key that secures an access to embedded reports. Key should contain at least 16 chars if JWT is signed with SHA256, and 32 chars in case of SHA512.
SeekTable_ST__PublicReport__AuthJwt__TokenDecryptionKeyString (not set) JWT encryption key that secures an access to embedded reports (optional).
Single sign-on settings (applicable only if "Single sign-on" subscription is active)
SeekTable_ST__SsoWsFederation__Wtrealm (APP ID) Unique value that identifies SeekTable application in the WS-Federation authentication provider. In case of Azure Directory this is "App ID URI".
SeekTable_ST__SsoWsFederation__MetadataAddress (WS-Fed metadata URI) Federation Metadata Document URL.
SeekTable_ST__SsoWsFederation__LoginButtonText Login with WS-Federation SSO Text used for 'Login with SSO' button on the Login page.
SeekTable_ST__SsoWsFederation__LocalLoginDisabled false If true users can login only with FS-Federation SSO (login form is not shown at all).

Image: seektable/pivotdataservice   settings file: docker-compose.pivotdataservice.env

Variable Default Value Description
PivotDataService_PivotDataService__FormatCulture culture name to use for values formatting (numbers, dates, names of months/weekdays). For example: en-US, en-GB, de_DE, uk-UA. By default 'neutral' culture settings are used.
PivotDataService_PivotDataService__PivotTableCellsLimit 1000000 Max number of cells in the pivot table report. If pivot table exceedes this limit user gets "Pivot table is too large" error.
Warning: large pivot table (without pagination) may make a web browser unresponsible. Also server where SeekTable is hosted should have enough RAM for large pivot tables generation (4GB or more).
PivotDataService_PivotDataService__AggregateRowsLimit 1000000 Max number of rows in result of aggregation query. If pivot table exceedes this limit user gets "Pivot table is too large" error.
PivotDataService_PivotDataService__FlatTableRowsLimit 50000 Max number of rows in the flat table report (HTML, JSON, CSV).
PivotDataService_PivotDataService__FlatTableNonStreamExportLimit 10000 Max number of rows in PDF or Excel export of the flat table report.
PivotDataService_PivotDataService__CubeLookupDictionarySizeLimit 100000 Max dictionary size for external lookups used by Cube().Lookup() function (in expression-type dimensions).
PivotDataService_PivotDataService__CsvLineBufferSize 32768 Buffer size for one CSV line (max length of the CSV line that can be processed).
PivotDataService_PivotDataService__Export__MaxHtmlLength (not set) Max length of the HTML input for PDF export. PDF export of large reports (>10MB HTML) is rather CPU and RAM intensive task, and this parameter allows to prevent server overload with huge exports.
PivotDataService_PivotDataService__Export__WkhtmltopdfTimeout 2 Timeout for PDF export generation in minutes. PDF export is rather CPU and RAM intensive task, and this parameter allows to prevent server overload with long-running exports.
PivotDataService_PivotDataService__Export__ExcelDateValueFormat yyyy-MM-dd Excel format string for dates in export.
PivotDataService_PivotDataService__Export__ExcelDateTimeValueFormat yyyy-MM-dd HH:mm Excel format string for timestamps in export.
PivotDataService_PivotDataService__Export__ExcelPivotTableCompact true Controls pivot table view mode in Excel (applicable only for "Excel PivotTable" export).
PivotDataService_Auth__Jwt__IssuerSigningKeyString (some value) JWT signing key that secures access to 'seektable/pivotdataservice' web API. This should be the same value as for SeekTable_ST__PivotDataService__Jwt__IssuerSigningKeyString.
PivotDataService_Auth__Jwt__ValidIssuer ST Valid JWT issuer for 'seektable/pivotdataservice' web API. This should be the same value as for SeekTable_ST__PivotDataService__Jwt__ValidIssuer.
PivotDataService_Auth__Jwt__TokenDecryptionKeyString (not set) JWT decryption key for 'seektable/pivotdataservice' web API. This should be the same value as for SeekTable_ST__PivotDataService__Jwt__TokenDecryptionKeyString.
PivotDataService_PivotDataService__Cache__Enabled true Enables short-living in-memory cache for results of DB aggregate queries.
PivotDataService_PivotDataService__Cache__SlidingExpirationMinutes 3 Cache entry will expire if it hasn't been accessed during specified number of minutes.
PivotDataService_PivotDataService__Cache__AbsoluteExpirationMinutes 15 Cache entry will expire after specified number of minutes.
PivotDataService_Logging__LogLevel__NReco.PivotData.Engine Debug Controls logging level of the reporting engine. By default all DB queries are logged; to log only 'failed' queries Information value can be set.
PivotDataService_PivotDataService__ConnectionSecrets__token_name token_value Define a placeholder @token_name that can be used in the cube's connection string (or URL) instead of a real value. This is useful for storing sensitive connection values like DB passwords.