--- title: "Private Configuration File" description: "Configure advanced Pangolin settings using the privateConfig.yml file for enterprise features" --- The `privateConfig.yml` file provides advanced configuration options for enterprise deployments. This file is mounted at `config/privateConfig.yml` in your Docker container. The private configuration file is only used on enterprise deployments. If you're using Pangolin Community, refer to the [main configuration file documentation](/self-host/advanced/config-file) instead. The private config file is not required. ## Setting up your `privateConfig.yml` Here's a basic example with common settings: ```yaml title="private-config.yml" flags: use_org_only_idp: false branding: app_name: "My Company Portal" hide_auth_layout_footer: false ``` ## Reference This section contains the complete reference for all configuration options in `private-config.yml`. ### Application Settings Regional and base domain configuration for multi-region deployments. The region identifier for this Pangolin instance. Used for multi-region deployments. ```yaml app: region: "us-east-1" ``` ### Server Configuration Advanced server configuration including encryption keys and API integrations. Path to the RSA private key used for encrypting sensitive data. Must be at least 8 characters long. THIS IS ONLY USED WITH pangolin_dns FEATURE FLAG ENABLED AND REQUIRES EXTERNAL COMPONENTS. ```yaml server: encryption_key_path: "./config/encryption.pem" ``` The `encryption_key_path` must point to a valid RSA key file. Generate one using: ```bash openssl genrsa -out encryption.pem 4096 ``` Keep this key secure and backed up - it encrypts sensitive data in your database. ### Redis Configuration Redis connection settings for caching, sessions, and rate limiting. Useful for clustering Pangolin nodes. Redis server hostname or IP address. ```yaml redis: host: "redis.example.com" ``` Redis server port (1-65535). ```yaml redis: port: 6379 ``` Redis authentication password. ```yaml redis: password: "your-secure-password" ``` Redis database number (0-15 typically). ```yaml redis: db: 0 ``` Array of read replica configurations for high-availability deployments. ```yaml redis: host: "redis-primary" port: 6379 replicas: - host: "redis-replica-1" port: 6379 password: "replica-password" db: 0 - host: "redis-replica-2" port: 6379 password: "replica-password" db: 0 ``` Replica server hostname. Replica server port. Replica authentication password. Database number on replica. ### Gerbil Tunnel Configuration Configuration for the Gerbil tunnel exit node integration. URL where the local Gerbil exit node can be reached by Pangolin. Useful when clustering multiple pangolin nodes. Overrides the value stored in the database. Useful when using Docker and address the local gerbil container using the host's address. ```yaml gerbil: local_exit_node_reachable_at: "http://gerbil:3004" ``` ### Feature Flags Feature toggles for advanced functionality. Restrict identity provider (IdP) authentication to organization-level only. ```yaml flags: use_org_only_idp: true ``` Enable Redis for caching and session management. Requires `redis` configuration. ```yaml flags: enable_redis: true ``` Use Pangolin DNS servers for client connections instead of external DNS servers for DNS delegation and CNAME setups. Used for clustering Pangolin nodes. REQUIRES EXTERNAL COMPONENTS. PLEASE CONTACT SUPPORT TO OBTAIN ACCESS BEFORE ENABLING. ```yaml flags: use_pangolin_dns: true ``` ### Branding Configuration Please refer to the [branding configuration documentation](/manage/branding).