ProjectConfigOptions
Essential configurations related to the Medusa backend, such as database and CORS configurations.
Properties
database_logging
LoggerOptionsRequiredThis configuration specifies what database messages to log. Its value can be one of the following:
- (default) A boolean value that indicates whether any messages should be logged.
- The string value
all
that indicates all types of messages should be logged. - An array of log-level strings to indicate which type of messages to show in the logs. The strings can be
query
,schema
,error
,warn
,info
,log
, ormigration
. Refer to Typeorm’s documentation for more details on what each of these values means.
false
, meaning no database messages are logged.store_cors
stringThe Medusa backend’s API Routes are protected by Cross-Origin Resource Sharing (CORS). So, only allowed URLs or URLs matching a specified pattern can send requests to the backend’s API Routes.
store_cors
is a string used to specify the accepted URLs or patterns for store API Routes. It can either be one accepted origin, or a comma-separated list of accepted origins.
Every origin in that list must either be:
- A URL. For example,
http://localhost:8000
. The URL must not end with a backslash; - Or a regular expression pattern that can match more than one origin. For example,
.example.com
. The regex pattern that the backend tests for is^([/~@;%#'])(.*?)\1([gimsuy]*)$
.
admin_cors
stringThe Medusa backend’s API Routes are protected by Cross-Origin Resource Sharing (CORS). So, only allowed URLs or URLs matching a specified pattern can send requests to the backend’s API Routes.
admin_cors
is a string used to specify the accepted URLs or patterns for admin API Routes. It can either be one accepted origin, or a comma-separated list of accepted origins.
Every origin in that list must either be:
- A URL. For example,
http://localhost:7001
. The URL must not end with a backslash; - Or a regular expression pattern that can match more than one origin. For example,
.example.com
. The regex pattern that the backend tests for is^([/~@;%#'])(.*?)\1([gimsuy]*)$
.
auth_cors
stringThe Medusa backend’s API Routes are protected by Cross-Origin Resource Sharing (CORS). So, only allowed URLs or URLs matching a specified pattern can send requests to the backend’s API Routes.
auth_cors
is a string used to specify the accepted URLs or patterns for API Routes starting with /auth
. It can either be one accepted origin, or a comma-separated list of accepted origins.
Every origin in that list must either be:
- A URL. For example,
http://localhost:7001
. The URL must not end with a backslash; - Or a regular expression pattern that can match more than one origin. For example,
.example.com
. The regex pattern that the backend tests for is^([/~@;%#'])(.*?)\1([gimsuy]*)$
.
cookie_secret
stringA random string used to create cookie tokens. Although this configuration option is not required, it’s highly recommended to set it for better security.
In a development environment, if this option is not set, the default secret is
supersecret
However, in production, if this configuration is not set, an error is thrown and
the backend crashes.jwt_secret
stringA random string used to create authentication tokens. Although this configuration option is not required, it’s highly recommended to set it for better security.
In a development environment, if this option is not set the default secret is
supersecret
However, in production, if this configuration is not set an error, an
error is thrown and the backend crashes.database_database
stringThe name of the database to connect to. If specified in
database_url
, then it’s not required to include it.
Make sure to create the PostgreSQL database before using it. You can check how to create a database in
PostgreSQL's documentation.database_url
stringThe connection URL of the database. The format of the connection URL for PostgreSQL is:
Where:
postgres://[user][:password]@[host][:port]/[dbname]
[user]
: (required) your PostgreSQL username. If not specified, the system's username is used by default. The database user that you use must have create privileges. If you're using thepostgres
superuser, then it should have these privileges by default. Otherwise, make sure to grant your user create privileges. You can learn how to do that in PostgreSQL's documentation.[:password]
: an optional password for the user. When provided, make sure to put:
before the password.[host]
: (required) your PostgreSQL host. When run locally, it should belocalhost
.[:port]
: an optional port that the PostgreSQL server is listening on. By default, it's5432
. When provided, make sure to put:
before the port.[dbname]
: (required) the name of the database.
database_schema
stringThe database schema to connect to. This is not required to provide if you’re using the default schema, which is
public
.
1module.exports = {2 projectConfig: {3 database_schema: process.env.DATABASE_SCHEMA ||4 "custom",5 // ...6 },7 // ...8}
database_extra
Record<string, unknown> & objectAn object that includes additional configurations to pass to the database connection. You can pass any configuration. One defined configuration to pass is
ssl
which enables support for TLS/SSL connections.
This is useful for production databases, which can be supported by setting the rejectUnauthorized
attribute of ssl
object to false
.
During development, it’s recommended not to pass this option.
database_extra
Record<string, unknown> & objectssl
which enables support for TLS/SSL connections.
This is useful for production databases, which can be supported by setting the rejectUnauthorized
attribute of ssl
object to false
.
During development, it’s recommended not to pass this option.database_driver_options
Record<string, unknown> & objectAn object that includes additional configurations to pass to the database connection for v2. You can pass any configuration. One defined configuration to pass is
ssl
which enables support for TLS/SSL connections.
This is useful for production databases, which can be supported by setting the rejectUnauthorized
attribute of ssl
object to false
.
During development, it’s recommended not to pass this option.
database_driver_options
Record<string, unknown> & objectssl
which enables support for TLS/SSL connections.
This is useful for production databases, which can be supported by setting the rejectUnauthorized
attribute of ssl
object to false
.
During development, it’s recommended not to pass this option.redis_url
stringUsed to specify the URL to connect to Redis. This is only used for scheduled jobs. If you omit this configuration, scheduled jobs won't work.
:::note
You must first have Redis installed. You can refer to Redis's installation guide.
:::
The Redis connection URL has the following format:
For a local Redis installation, the connection URL should be
redis[s]://[[username][:password]@][host][:port][/db-number]
redis://localhost:6379
unless you’ve made any changes to the Redis configuration during installation.redis_prefix
stringThe prefix set on all keys stored in Redis. The default value is
sess:
.
If this configuration option is provided, it is prepended to sess:
.redis_options
RedisOptionsAn object of options to pass ioredis. You can refer to ioredis’s RedisOptions documentation
for the list of available options.
session_options
SessionOptionsAn object of options to pass to express-session.
session_options
SessionOptionshttp_compression
HttpCompressionOptionsConfigure HTTP compression from the application layer. If you have access to the HTTP server, the recommended approach would be to enable it there.
However, some platforms don't offer access to the HTTP layer and in those cases, this is a good alternative.
Its value is an object that has the following properties:
If you enable HTTP compression and you want to disable it for specific API Routes, you can pass in the request header "x-no-compression": true
.
http_compression
HttpCompressionOptions"x-no-compression": true
.jobs_batch_size
numberConfigure the number of staged jobs that are polled from the database. Default is
1000
.worker_mode
"worker" | "shared" | "server"Configure the application's worker mode. Default is
shared
.
- Use
shared
to run the application in a single process. - Use
worker
to run the a worker process only. - Use
server
to run the application server only.
Was this section helpful?