Skip to content



The Document Reader web service is configured via env variables. All relative paths below are sub-paths for the installation folder, or the /app/ folder for docker. Let's call it the app root folder.

To make configuration a bit easier, use the .env file. The .env file is located under the app root folder. This file is a text file containing key-value pairs of all the settings required by your application. Using the .env file will enable you to set environment variables for the web service without polluting the global environment namespace.

The universal order of precedence for all configuration options is as follows:

  1. set as an environment variable.
  2. set in .env file.
  3. built in defaults.


On some systems, files beginning with a dot are hidden by default. Thus, the .env file can't be seen using the standard file viewers or `ls` like commands.


Option Default Description
DOCREADER_BIND IpAddress:port server binding
DOCREADER_WORKERS 1 number of workers to process requests
DOCREADER_BACKLOG WORKERS x 15 maximum number of requests in a queue awaiting processing
DOCREADER_TIMEOUT 30 number of seconds for the worker to process the request. Workers that are silent for more than this number of seconds are killed and restarted.
DOCREADER_ENABLE_DEMO_WEB_APP "true" serve a demo web app under host root url (ex. localhost:8080/ )
DOCREADER_ROUTING_PREFIX add a url prefix to all endpoints (ex. localhost:8080/{prefix}/ )
DOCREADER_LIC_URL [docker only] URL to regula.license file for further download, if the mount option is not available

HTTP proxy, used to connect to the license service. Do not specify protocol prefix in proxy URL.

Do not specify protocol prefix in proxy URL. Instead HTTPS_PROXY=http(s)://host:port use HTTPS_PROXY=host:port

If you use your own TLS certs, place them in /etc/ssl/certs folder in Linux and docker envs.



While HTTPS and CORS can be set directly on the web service, we strongly recommend running reverse-proxy in front and moving configuration to proxy itself.

Option Default Description
DOCREADER_CORS_ORIGINS no default, that means the web browser will allow requests to the web server from the same domain only origin, allowed to use API
DOCREADER_CORS_METHODS all methods methods, allowed to invoke on the API. Specify comma-separated values as single string (ex. "GET,POST,PUT")
DOCREADER_CORS_HEADERS all headers headers, allowed to read from the API. Specify comma-separated values as a single string (ex. "content-type,date")


For more details, see a great article about CORS from Mozilla.

Option Default Description
DOCREADER_HTTPS "false" if enabled, serve web service via HTTPS using default cert and key file paths, specified in options below
DOCREADER_CERT_FILE "certs/tls.crt" specifies the custom file path containing cert file
DOCREADER_KEY_FILE "certs/tls.key" specifies the custom file path containing key file


Use key file without passphrase. Passphrase causes the web server to crash, or infinitely await stdin.


There are 3 log types in our service:

  1. access logs are just standard HTTP access logs.
  2. application logs are regular application logs, including errors and debug messages.
  3. document process results logs store document processing input and results in the JSON format.

    Space-consuming option, up to a few tens of Mb per request. Disabled by default.

Option Default Description
DOCREADER_LOGS_ACCESS_CONSOLE "true" controls whether to print access logs to a console
DOCREADER_LOGS_ACCESS_FILE "false" controls whether to save access logs to a file
DOCREADER_LOGS_ACCESS_FILE_PATH "logs/access/document-reader-access.log" specifies the custom file path to save access logs if DOCREADER_LOGS_ACCESS_FILE enabled
DOCREADER_LOGS_APP_CONSOLE "true" controls whether to print application logs to a console
DOCREADER_LOGS_APP_FILE "false" controls whether to save application logs to a file
DOCREADER_LOGS_APP_FILE_PATH "logs/app/document-reader-app.log" specifies the custom file path to save access logs if DOCREADER_LOGS_APP_FILE enabled
DOCREADER_PROCESS_RESULTS_LOG_FILE "false" controls whether to save the document process requests and results to a file
DOCREADER_PROCESS_RESULTS_LOG_PATH "logs/process" specifies the custom folder to save the document process requests and results if DOCREADER_PROCESS_RESULTS_LOG_FILE enabled. The final output is a zip file, located in the yyyy/mm/dd/hh folder under the specified in this property root path.
DOCREADER_LOGS_PROCESS_SAVE_RESULT "true" if false, only the document process requests are saved, the result is not.
DOCREADER_LOGS_LEVEL "info" specify application logs level. Possible values: "error", "warn", "info", "debug".
DOCREADER_LOGS_FORMATTER "text" possible values: "text"/"json". Some log collectors require logs to be printed in json format.

The access and application logs are printed to stdout.

For the access and applications log files, a day-based rotation occurs every midnight UTC. The service keeps the last 30 days of log files.

Chip Verification

Option Default Description
REGULA_SERVER_SIDE_CHIP_VERIFICATION "false" controls whether to enable server side chip verification
REGULA_STORAGE_URL "null" S3 object storage endpoint
REGULA_STORAGE_ACCESS_KEY "null" S3 object storage Access Key
REGULA_STORAGE_SECRET_KEY "null" S3 object storage Secret Key
REGULA_STORAGE_CHIP_DATA_BUCKET "null" specify the custom bucket to store CA keys and AA challenges


Option Default Description
RFID_PKD_PA "false" controls whether to enable rfid PA feature
RFID_PKD_PA_PATH "rfid_pkd" specify the custom folder prepopulated with masterlists for RFID PKD