Explore options to configure Kafkorama Portal.
| Description | Specifies the maximum memory (in megabytes) to be used |
| Default value | 128 MB |
| Required parameter | Required |
This parameter sets the maximum heap size (-Xmx) of the Java Virtual Machine (JVM) running the Kafkorama Portal, expressed in megabytes (MB).
For example, to allocate 512 megabytes of heap memory, use:
memory = 512 MB
| Description | Folder where logs will be written |
| Default value | logs |
| Required parameter | Optional |
If not set, the default folder logs is used relative to the directory from which the Kafkorama Portal is started.
You can specify an absolute path instead:
log.folder = /some/path/mylogs |
For Linux/Unix |
log.folder = C:/some/path/mylogs |
For Windows |
| Description | IP address for the portal to listen on |
| Default value | 0.0.0.0 |
| Required parameter | Optional |
Specifies the IP address on which the Kafkorama Portal will listen for incoming HTTP requests.
| Description | Port for the portal to listen on |
| Default value | 8080 |
| Required parameter | Optional |
Defines the TCP port on which the Kafkorama Portal listens for incoming HTTP requests.
| Description | Public URL of the Kafkorama Portal |
| Default value | No default value |
| Required parameter | Optional |
Defines the base URL used in emails and links sent to users.
| Description | Password for Gateway-to-Portal access |
| Default value | — |
| Required parameter | Required |
Specifies the password used by the Kafkorama Gateway to authenticate with the Kafkorama Portal when retrieving Kafka configurations, expired tokens, and other runtime data, as well as when sending logs and stats details to the Portal.
| Description | Enable HTTPS support |
| Default value | false |
| Required parameter | Optional |
Enables SSL/TLS for the Kafkorama Portal web server. Set to true to activate HTTPS using the below SSL configuration parameters.
| Description | Path used for Let's Encrypt domain validation |
| Default value | Empty |
| Required parameter | Optional |
If using Let's Encrypt certificates, this folder is used to temporarily store validation files required for domain ownership verification.
| Description | Path to the Java keystore file |
| Default value | 127.0.0.1.jks |
| Required parameter | Required if SSL is enabled |
Specifies the file path to the Java keystore (.jks) that contains the SSL certificate used by the Portal.
| Description | Password to access the keystore |
| Default value | password |
| Required parameter | Required if SSL is enabled |
The password required to open the keystore file specified in portal.ssl.keystorepath.
| Description | HTTPS port of the portal |
| Default value | 8443 |
| Required parameter | Optional |
Defines the port on which the Kafkorama Portal listens for HTTPS connections when SSL is enabled on the host provided by portal.listen.ip
| Description | Path to the PEM certificate file |
| Default value | — |
| Required parameter | Required if SSL is enabled and PEM configuration is used |
Specifies the file path to the PEM-encoded certificate file (.pem) used by the Portal when SSL is configured with PEM
files instead of a Java keystore.
| Description | Path to the PEM private key file |
| Default value | — |
| Required parameter | Required if SSL is enabled and PEM configuration is used |
Specifies the file path to the PEM-encoded private key file (.pem) corresponding to the certificate defined
in portal.ssl.pem.certpath.
| Description | Password for the PEM private key |
| Default value | — |
| Required parameter | Optional |
Defines the password used to decrypt the PEM private key file specified in portal.ssl.pem.keypath, if the key is encrypted. If the private key is not password-protected, this parameter is not required.
| Description | Enables SNI host name verification |
| Default value | true |
| Required parameter | Optional |
Determines whether the Portal validates the requested server name (SNI – Server Name Indication) against the configured SSL certificate during the TLS handshake.
When set to true, the Portal verifies that the host name provided by the client matches the certificate.
When set to false, SNI host name verification is disabled.
| Description | Email of the administrator account |
| Default value | — |
| Required parameter | Required at startup |
Specifies the email address of the default administrator account that is created when the Portal starts for the first time.
| Description | Password for the default admin user |
| Default value | — |
| Required parameter | Required at startup |
Defines the password for the administrator account specified in portal.admin.email.
| Description | Default organization for the admin account |
| Default value | — |
| Required parameter | Optional |
Specifies the name of the organization assigned to the administrator account at startup.
If not set, a default organization is created automatically.
| Description | Enable or disable email verification for users |
| Default value | false |
| Required parameter | Optional |
Set this to true to require email verification for new users.
| Description | Custom path for the Portal UI theme customization |
| Default value | ui |
| Required parameter | Optional |
Specifies the directory path that the Portal uses to load its UI theme customization.
| Description | Gateway cluster servers |
| Default value | — |
| Required parameter | Required |
Specifies the list of Kafkorama Gateway server addresses used by the Portal.
These addresses are used by the Portal’s debug console, demo live data features, and for generating client SDK code to establish connections with the Gateway cluster.
| Description | Enables TLS for connections to the Gateway |
| Default value | true |
| Required parameter | Optional |
Determines whether the Portal connects to the Gateway servers using TLS.
When set to true, all client connections initiated by the Portal use a secure TLS channel.
| Description | Signature algorithm type for client authentication |
| Default value | hmac |
| Required parameter | Optional |
Defines the type of signature used for authenticating clients with the Gateway.
Supported values are hmac for HMAC-based signatures or rsa for RSA-based signatures.
| Description | Secret key for HMAC signatures |
| Default value | — |
| Required parameter | Required if gateway.auth.signature.type is hmac |
Specifies the secret key used to generate HMAC signatures for client authentication to the Gateway.
| Description | Path to the RSA public key |
| Default value | — |
| Required parameter | Required if gateway.auth.signature.type is rsa |
Specifies the file path to the RSA public key used to verify client signatures when RSA authentication is enabled.
| Description | SMTP server host name |
| Default value | — |
| Required parameter | Required if email notifications are enabled |
Specifies the host name or IP address of the SMTP server used by the Portal to send emails (e.g., invitations, password resets, notifications).
| Description | SMTP server port |
| Default value | — |
| Required parameter | Required if email notifications are enabled |
Defines the port of the SMTP server.
Common values are 25, 465 (implicit SSL/TLS), or 587 (STARTTLS).
| Description | SMTP authentication username |
| Default value | — |
| Required parameter | Optional (required if authentication is enabled) |
Specifies the username used to authenticate with the SMTP server.
| Description | SMTP authentication password |
| Default value | — |
| Required parameter | Optional (required if authentication is enabled) |
Specifies the password used to authenticate with the SMTP server.
| Description | Sender email address |
| Default value | — |
| Required parameter | Required if email notifications are enabled |
Defines the email address that appears as the sender of all emails sent by the Portal.
| Description | Enables implicit SSL/TLS (SMTPS) |
| Default value | false |
| Required parameter | Optional |
When set to true, the Portal connects to the SMTP server using implicit SSL/TLS (commonly on port 465).
This establishes a secure connection immediately upon connecting to the server.
| Description | Enables STARTTLS (explicit TLS) |
| Default value | false |
| Required parameter | Optional |
When set to true, the Portal uses the STARTTLS command to upgrade a plain SMTP connection to a secure TLS connection (commonly on port 587).
Only one of smtp.ssl.on.connect or smtp.starttls.enabled should typically be enabled, depending on the SMTP server configuration.
| Description | Path or name of the database |
| Default value | ./data/push-cloud.db |
| Required parameter | Required |
Specifies the path to the SQLite database file or the database name for MySQL/PostgreSQL.
| Description | Credentials for database connection |
| Default value | root / empty |
| Required parameter | Required for remote DBs (MySQL/PostgreSQL) |
User and password used to authenticate with the database.
| Description | Type of database backend |
| Default value | sqlite |
| Required parameter | Required |
Defines the database backend type. Supported values:
sqlite – Local file-based databasemysql – Remote MySQL serverpostgres – Remote PostgreSQL server| Description | IP address and port for remote DB |
| Default value | 127.0.0.1 / 3306 |
| Required parameter | Required for MySQL/PostgreSQL |
Specifies the network address and port of the database server.
| Description | Java classpath for JDBC driver |
| Default value | org.sqlite.JDBC |
| Required parameter | Required |
The fully qualified class name of the JDBC driver:
org.sqlite.JDBCcom.mysql.cj.jdbc.Driverorg.postgresql.Driver| Description | Enable SSL/TLS for database connections |
| Default value | false |
| Required parameter | Optional |
When set to true, the database connection uses SSL/TLS. Relevant for MySQL/PostgreSQL.
| Description | Additional JDBC connection parameters |
| Default value | — |
| Required parameter | Optional |
Specifies extra parameters appended to the JDBC URL, e.g., &allowPublicKeyRetrieval=true for MySQL or ?sslmode=require for PostgreSQL.
| Description | GitHub OAuth credentials and callback URL |
| Default value | Empty |
| Required parameter | Required for GitHub OAuth |
Specifies the credentials used for GitHub OAuth login:
oauth.github.apikey – Client ID of the GitHub OAuth appoauth.github.apisecret – Client secret of the GitHub OAuth appoauth.github.callback – Callback URL that GitHub redirects to after authenticationThese values must match the configuration of your GitHub OAuth app.
| Description | Google OAuth credentials and callback URL |
| Default value | Empty |
| Required parameter | Required for Google OAuth |
Specifies the credentials used for Google OAuth login:
oauth.google.apikey – Client ID of the Google OAuth appoauth.google.apisecret – Client secret of the Google OAuth appoauth.google.callback – Callback URL that Google redirects to after authenticationThese values must match the configuration of your Google OAuth app.
| Description | Enable reCAPTCHA v3 verification |
| Default value | false |
| Required parameter | Optional |
Enables or disables Google reCAPTCHA v3 validation for forms and authentication flows.
| Description | Secret key for server-side verification |
| Default value | Empty |
| Required parameter | Required if reCAPTCHA is enabled |
The backend secret key provided by Google, used by the Portal to verify reCAPTCHA tokens submitted by clients.
| Description | Public site key for frontend |
| Default value | Empty |
| Required parameter | Optional |
The site key used by the client to render the reCAPTCHA widget and generate tokens for verification.
| Description | Minimum reCAPTCHA v3 score to allow access |
| Default value | 0.95 |
| Required parameter | Optional |
A float value between 0.0 and 1.0. Higher scores indicate more human-like behavior. Requests scoring below this threshold may be blocked.
| Description | Expected hostnames for verification |
| Default value | kafkorama.com,localhost |
| Required parameter | Optional |
Comma-separated list of hostnames that are considered valid in the reCAPTCHA verification response.
| Description | Timeout for server verification |
| Default value | 3000 (ms) |
| Required parameter | Optional |
Time in milliseconds the Portal waits for a response from Google's reCAPTCHA verification endpoint.
| Description | reCAPTCHA verification endpoint |
| Default value | https://www.google.com/recaptcha/api/siteverify |
| Required parameter | Optional |
The URL used by the Portal to verify reCAPTCHA tokens. Only change this for testing, proxying, or custom Google endpoints.
| Description | Enables demo APIs for testing and onboarding |
| Default value | true |
| Required parameter | Optional |
Activates demo APIs that can be used to explore the Kafkorama Portal features or for onboarding purposes.
⚠️ Warning:
demo.apismust be disabled in production environments.
| Description | Kafka bootstrap servers for demo APIs |
| Default value | localhost:9092 |
| Required parameter | Optional |
Specifies the Kafka cluster bootstrap server addresses that demo APIs use to produce or consume messages.
Multiple servers can be listed, separated by commas, e.g., server1:9092,server2:9092.
| Description | Default demo Kafka topic name |
| Default value | demo |
| Required parameter | Optional |
Specifies the Kafka topic used for demo operations within the Kafkorama Portal.
| Description | Key for accessing demo APIs |
| Default value | - |
| Required parameter | Optional |
Defines the key used by the Portal and client SDKs to authorize demo operations without requiring a full user account.