Skip to content



The web service is configured via env variables. To avoid names conflict with other tools, use the FACEAPI_ prefix. While it is not mandatory, we strongly recommend setting the options with prefixes. For readability, we use the primary name for all the settings below.

All relative paths below are sub-paths for the installation folder or the /app/ folder for docker. Let's call it the app root folder.

To make configuration a bit easier, use the .env file. The .env file is located under the app root folder. This file is a text file containing key-value pairs of all the settings required by your application. Using the .env file will enable you to set environment variables for the web service without polluting the global environment namespace.

The universal order of precedence for all configuration options is as follows:

  1. set as an environment variable.
  2. set in .env file.
  3. built in defaults.


On some systems, files beginning with a dot are hidden by default. Thus, the .env file can't be seen using the standard file viewers or `ls` like commands.


Option Default Description
BIND IpAddress:port server binding
WORKERS 1 number of workers to process requests
BACKLOG WORKERS x 15 maximum number of requests in a queue awaiting processing
TIMEOUT 30 number of seconds for the worker to process the request. Workers that are silent for more than this number of seconds are killed and restarted.
ENABLE_DEMO_WEB_APP "true" serve a demo web app under host root url (ex. localhost:41101/ )
LIC_URL [docker only] URL to regula.license file for further download, if the mount option is not available

HTTP proxy, used to connect to license service. Do not specify protocol prefix in proxy URL.
Instead of HTTPS_PROXY=http(s)://host:port use HTTPS_PROXY=host:port

If you use your own TSL certs, place them in /etc/ssl/certs folder in Linux and docker envs.



While HTTPS and CORS can be set directly on the web service, we strongly recommend running reverse-proxy in front and moving a configuration to a proxy itself.

Option Default Description
CORS_ORIGINS no default, that means the web browser will allow requests to the web server from the same domain only origin, allowed to use API
CORS_METHODS all methods methods, allowed to invoke the API. Specify comma-separated values as single string (ex. "GET,POST,PUT")
CORS_HEADERS all headers headers, allowed to read from the API. Specify comma-separated values as a single string (ex. "content-type,date")


For more details, see a great article about CORS from Mozilla.

Option Default Description
HTTPS "false" if enabled, serve the web service via HTTPS using cert and key, specified in the options below
CERT_FILE "certs/cert.pem" specifies a file containing cert file
KEY_FILE "certs/key.pem" specifies a file containing cert key file


Use the key file without a passphrase. A passphrase causes the web server to crash or infinitely await stdin.


There are 3 log types in our service:

  1. access logs are just standard HTTP access logs.
  2. application logs are regular application logs, including errors and debug messages.
  3. processing results logs store the processing input and results in the JSON format.

Space-consuming option, up to a few tens of Mb per request. Disabled by default.

Option Default Description
LOGS_ACCESS_CONSOLE "false" controls whether to print access logs to a console
LOGS_ACCESS_FILE "false" controls whether to save access logs to a file
LOGS_ACCESS_FILE_PATH "logs/access/facesdk-reader-access.log" specifies a file to save access logs if LOGS_ACCESS_FILE enabled
LOGS_APP_CONSOLE "true" controls whether to print application logs to a console
LOGS_APP_FILE "false" on Docker \/ "true" on other installations controls whether to save application logs to a file
LOGS_APP_FILE_PATH "logs/app/facesdk-reader-app.log" specifies a file to save access logs if LOGS_APP_FILE enabled
PROCESS_RESULTS_LOG_PATH "logs/process" specifies a folder to save processing results. The final output is two files(with _in and _out suffixes), located in endpoint/yyyy/mm/dd/hh folder under specified in this property path
LOGS_LEVEL "info" specify application logs level. Possible values: "error", "warn", "info", "debug"
LOGS_FORMATTER "text" possible values: "text" / "json". Some log collectors require logs to be printed in json format

Access and application logs are printed to stdout.

For access and applications logs files, a day-based rotation occurs every midnight UTC. The service keeps the last 30 days of log files.

Sql Database

The 1:n identification module requires a sql database to operate. Currently, the functionality of the module is verified only on a PostgreSQL, MySQL and SQLite databases. A database can be specified as a single URL string or a set of options.

Option Default Description
SQL_DIALECT "mysql" dialect is a database type such as mysql, postgresql or sqlite
SQL_HOST "" database host and port
SQL_DB "regula_db" database name
SQL_USER "regula" database user
SQL_PASSWORD "Regulapasswd#1" database user password
SQL_URL database connection options as URL string. The form of the URL is dialect://user:password@host/dbname[?key=value..]


Option Default Description
ENABLE_IDENTIFICATION "false" specify "true" if you want to enable 1:n identification module
MATCHING_INPUT_COUNT_PER_TYPE 2 specify a maximum number of matching inputs of each type for matching request