Frontend service

Rafiki’s frontend service provides an optional internal admin interface, called the Rafiki Admin application, for you to manage your Rafiki instance through a Remix web app. This service communicates with the Backend Admin API to facilitate administrative tasks within Rafiki.

Requirements

The following are required when using the frontend service:

• A Rafiki backend service up and running to access the Backend Admin API.
• An identity provider for authentication and user management. Out of the box, the Rafiki Admin application uses Ory Kratos, a secure and fully open-source identity management solution.

Disabling authentication

Rafiki Admin provides access to sensitive data like peering relationships and wallet addresses. Authentication is enabled by default to restrict access to authorized users only.

In the Local Playground, authentication is disabled by default to simplify local development and testing. To disable it in other environments, set the environment variable AUTH_ENABLED to false. This should be done with extreme caution and only in specific scenarios:

• Secure, non-production environments like the Local Playground for local development and testing.
• Internal systems where Rafiki Admin is not exposed externally and other access controls (firewalls, local-only access) ensure that the system is secured.

You must also set the environment variables for the frontend service.

Rafiki Admin settings

While the frontend service is not required to run a Rafiki instance, it’s highly recommended. A number of administrative tasks could be performed programmatically via the Backend Admin API, but the frontend service makes these functions available through a user-friendly interface.

Environment variables

Required

Variable	Helm value name	Default	Description
GRAPHQL_URL	frontend.serviceUrls.GRAPHQL_URL	undefined	URL for Rafiki’s GraphQL Auth Admin API
OPEN_PAYMENTS_URL	frontend.serviceUrls.OPEN_PAYMENTS_URL	undefined	Your Open Payments API endpoint
PORT	frontend.port	undefined	Port from which to host the Rafiki Remix app

Conditionally required

The following variables are required only when AUTH_ENABLED is set to true.

Variable	Helm value name	Default	Description
KRATOS_ADMIN_URL	frontend.kratos.adminUrl	undefined	The admin endpoint/container address for Kratos
KRATOS_CONTAINER_PUBLIC_URL	frontend.kratos.containerPublicUrl	undefined	The URL for you to access the Kratos Docker container from within the Docker network. This is used for backend calls to Kratos.
KRATOS_BROWSER_PUBLIC_URL	frontend.kratos.browserPublicUrl	undefined	The URL for you to access the Kratos Docker container from a browser outside of the Docker network. This is used for calls from a browser (what you see in the Rafiki Admin UI) to the Kratos server on the backend.

Optional

Variable	Helm value name	Default	Description
AUTH_ENABLED	frontend.authEnabled	true	When true, only authenticated users can be granted access to Rafiki Admin by an administrator
SIGNATURE_SECRET	frontend.quoteSignatureSecret	undefined	The signature secret used to authenticate requests to the Backend Admin API.
SIGNATURE_VERSION	frontend.signatureVersion	1	The signature version number used to authenticate requests to the Backend Admin API.
ENABLE_INSECURE_MESSAGE_COOKIE	frontend.enableInsecureMessageCookie	true	When set to true, t, or 1, cookie will be transmitted over insecure HTTP connection. Insecure message cookies are required for flash messages to work over HTTP.
NODE_ENV	frontend.nodeEnv	production	The type of node environment: development, test, or production.
LOG_LEVEL	frontend.logLevel	info	Pino log level