Documentation Menu

Configuration

Noventa projects are configured using a config.yaml file in the root of your project. This file allows you to configure database connections, static file handling, session management, security settings, and more.

Make sure to keep your config.yaml file in a secure location, as it may contain sensitive information like database credentials and secret keys.

Complete Configuration File

Here's a complete example of a config.yaml file with all available options:

YAML 
static_path: "./files"
static_url_prefix: "/files"
max_memory_size: 10485760
adaptive_shedding: false
disable_script_injection: false
database: "sqlite:///./noventa.db"
session:
  backend: "memory"
  secret_key: "!!!REPLACE-ME-WITH-A-REAL-SECRET-KEY!!!"
  cookie_name: "noventa_session"
  cookie_secure: false
  cookie_http_only: true
  cookie_path: "/"
  cookie_max_age: 86400
  redis_url: "redis://127.0.0.1/"
  redis_pool_size: 10
server_address: 127.0.0.1
port: 8080
compression: false
core_allocation:
  python_threads: 2
  template_renderer_threads: 1
  actix_web_threads: 1

Configuration Sections

File Uploading

Control how your application handles file uploads:

  • static_path: Directory where uploaded files are stored. Use relative paths for portability.
  • static_url_prefix: URL path prefix for accessing static files (e.g., /files).
  • max_memory_size: Maximum file size to keep in memory before writing to disk (default: 10MB).
  • temp_dir: Custom temporary directory for file processing (optional).

Security & Performance

  • adaptive_shedding: Enable adaptive load shedding for high-traffic scenarios (default: false).

Frontend Experience

  • disable_script_injection: Disable automatic script injection that enables SPA-like behavior. Set to true if you want traditional page refreshes (default: false).

Database

  • database: SQLAlchemy connection string. Supports SQLite, PostgreSQL, MySQL, etc.

Session Management

Critical settings for user session handling:

  • backend: Choose between "cookie", "memory", or "redis" storage.
  • secret_key: CRITICAL - A long, random string (64+ characters) for encrypting session data.
  • cookie_secure: Enable HTTPS-only cookies in production.
  • cookie_http_only: Prevent JavaScript access to session cookies.
  • cookie_max_age: Session lifetime in seconds.

Web Server

Built-in server configuration:

  • server_address: IP address to bind to (use 0.0.0.0 for all interfaces in production).
  • port: Server port (default: 8080).
  • compression: Enable response compression for better performance.

Resource Allocation

Thread allocation for different components:

  • python_threads: Threads for Python component execution.
  • template_renderer_threads: Threads for template rendering.
  • actix_web_threads: Threads for the web server.

Best Practices

Security

  1. Never commit secrets: Add config.yaml to .gitignore. Use environment variables for sensitive data.
  2. Use strong secret keys: Generate cryptographically secure random strings for secret_key.
  3. Enable HTTPS in production: Set cookie_secure: true when using HTTPS.
  4. Use secure session backends: Prefer Redis over memory for production deployments.

Performance

  1. Choose the right session backend: - cookie: Best for simple applications, no server storage needed - memory: Fast but sessions lost on restart - redis: Scalable, persistent sessions for production

  2. Configure resource allocation: Adjust thread counts based on your server capabilities and expected load.

  3. Enable compression: Set compression: true for better network performance.

Development vs Production

YAML 
# Development
cookie_secure: false
compression: false
port: 8080

# Production
cookie_secure: true
compression: true
port: 80
server_address: 0.0.0.0

Remember to restart your Noventa server after making configuration changes for them to take effect.