# Configuration Reference (Reference: https://docs.iqra.bot/developers/self-hosting/configuration) Each service in the Iqra AI cluster (Frontend, Proxy, Backend, Background) is configured via `appsettings.json`. To ensure the distributed system functions correctly, specific settings must be synchronized across nodes. 1. Shared Configuration [#1-shared-configuration] The following settings are the "glue" of the cluster. They must be configured **identically** across the specific services listed to ensure the distributed system functions as a single unit. | Section : Key | Description | Required By | Shared Value? | | :--------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------- | :------------ | | `MongoDatabase:ConnectionString` | Connection string to the primary MongoDB cluster. | **All Services** | ✅ **YES** | | `RedisDatabase:Endpoint` | Host:Port of the shared Redis instance (e.g., `redis:6379`). | **All Services** | ✅ **YES** | | `RedisDatabase:Password` | Password for the shared Redis instance. | **All Services** | ✅ **YES** | | `Milvus:Endpoint` | URL to the Vector Database (e.g., `http://milvus:19530`). | Frontend, Backend, Background | ✅ **YES** | | `Milvus:Database` | Database name (Default: `default`). | Frontend, Backend, Background | ✅ **YES** | | `Milvus:Username` | (Optional) Milvus Auth User. | Frontend, Backend, Background | ✅ **YES** | | `Milvus:Password` | (Optional) Milvus Auth Password. | Frontend, Backend, Background | ✅ **YES** | | `Integrations:EncryptionKey` | **32-Byte Key.** Used to encrypt/decrypt third-party API Keys (e.g., Twilio/OpenAI) stored in MongoDB. If this mismatches, the Backend cannot use keys saved by the Frontend. | Frontend, Proxy, Backend | ✅ **YES** | | `S3Storage:DefaultStorageRegionId` | The Region ID (e.g., `US-EAST`) where global assets like Business Logos are stored. | Frontend, Background | ✅ **YES** | **Do not lose the `Integrations:EncryptionKey`.** If you change this key after adding integrations, all existing connections (OpenAI, Twilio) will break because the system can no longer decrypt the stored credentials. *** 2. Hardware [#2-hardware] Defining how the application interacts with the physical server. | Section : Key | Description | Required By | Shared Value? | | :-------------------------------- | :----------------------------------------------------------------------------------------------------------------------- | :--------------- | :----------------- | | `Hardware:NetworkInterfaceName` | The exact name of the network adapter on the host (e.g., `eth0` or `Realtek...`). Used to generate unique Snowflake IDs. | **All Services** | ❌ No (Per Machine) | | `Hardware:MaxNetworkDownloadMbps` | Bandwidth for download. | Backend | ❌ No (Per Machine) | | `Hardware:MaxNetworkUploadMbps` | Bandwidth for upload. | Backend | ❌ No (Per Machine) | *** 3. Application Specific Settings [#3-application-specific-settings] Frontend App [#frontend-app] Controls the User Interface, Authentication, and Document Processing. | Block | Key | Description | | :----------------- | :------------------------------------- | :--------------------------------------------------------------------------------------------- | | - | `URL` | The public facing URL of the dashboard (no trailing slash). | | `Docling` | `EndPoint` | URL of the Docling parsing service (e.g., `http://docling:8000`). | | `MailSMTP` | `Host`, `Port`, `Username`, `Password` | SMTP settings for sending password reset emails and invites. | | `ForwardedHeaders` | `KnownProxies` | List of IP addresses (e.g., Load Balancer/Cloudflare) to trust `X-Forwarded-For` headers from. | | `UserApiKeys` | `ApiKeyEncryptionKey` | Key used to encrypt user-generated API tokens. | | `UserApiKeys` | `PayloadEncryptionKey` | Key used to sign JWT payloads for user sessions. | | `User` | `EmailHashPepper` | Secret string added to emails before hashing for privacy. | Proxy App [#proxy-app] Controls the Telephony Gateway and Queue Dispatching. | Block | Key | Description | | :------------------------- | :----------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `Proxy` | `Id` | **Unique UUID.** Must match the Server ID registered in [Admin Dashboard](/developers/admin/infrastructure). | | `Proxy` | `RegionId` | The geographic region code (e.g., `OM-MCT`) this Proxy serves. | | `Proxy` | `ApiKey` | A secret token used to authenticate internal API calls services. Must match the server api key registered in [Admin Dashboard](/developers/admin/infrastructure). | | `Proxy:OutboundProcessing` | `PollingIntervalSeconds` | Frequency (in seconds) to check MongoDB for new queued calls. | | `Proxy:OutboundProcessing` | `DbFetchBatchSize` | Number of queue items to fetch from DB in one go. | | `Proxy:OutboundProcessing` | `ProcessingBatchSize` | Number of items to process/dial in parallel. | Backend App [#backend-app] Controls the Real-time Audio processing and AI Orchestration. | Block | Key | Description | | :------------------- | :--------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `Server` | `Id` | **Unique UUID.** Must match the Server ID registered in [Admin Dashboard](/developers/admin/infrastructure). | | `Server` | `RegionId` | The geographic region code (e.g., `OM-MCT`) this Backend serves. | | `Server` | `ApiKey` | A secret token used to authenticate internal API calls services. Must match the server api key registered in [Admin Dashboard](/developers/admin/infrastructure). | | `Server` | `ExpectedMaxConcurrentCalls` | **Hard Limit.** The maximum number of active calls this node will accept before rejecting new connections. | | `Server` | `WebhookTokenSecret` | Secret used to verify signatures of internal webhooks. | | `LocalRedisDatabase` | `Endpoint` | Connection to a *local* (localhost) Redis on the Backend node. | | `LocalRedisDatabase` | `Password` | Password for Redis on the Backend node. | Background Processor [#background-processor] Controls maintenance jobs and cleanup. | Block | Key | Description | | :--------- | :------------------------------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `Milvus` | `ExpiryCheckIntervalSeconds` | How often to scan for stale vector collections to free up memory. | | `Milvus` | `CollectionStaleTimeoutMinutes` | How long a vector collection remains in memory before being unloaded. | | `Security` | `ApiKey` | A secret token used to authenticate internal API calls services. Must match the server api key registered in [Admin Dashboard](/developers/admin/infrastructure). |