Example configuration Hanami (up to v1.5.x): Basic‑Auth Docker installation
This bundle contains four complete YAML files required to run Hanami in Docker
with HTTP Basic authentication. Place them under
/opt/hanami-ext/config/ inside the container (or bind‑mount the directory).
Below is a quick reference for every angle-bracket placeholder in the BASIC AUTH-enabled Docker example and what value you should supply in a real deployment.
| Placeholder | Location(s) | What it should contain |
|---|---|---|
hanami application port | customer.yml → server.port | External port where the Hanami container listens (e.g. 80, 8080). |
catalogue application host | customer.yml → hanami.sync.catalogue.baseUrl | Hostname of the paired application. |
catalogue application port | same field | Port of the catalogue’s HTTP endpoint (often 80). |
catalogue application user | same field | Basic-Auth username for catalogue API. |
catalogue application password | same field | Basic-Auth password. Prefix with {noop} only if the value is clear-text. |
elastic hostname | customer-standalone.yml → env.hanami.elasticsearch.url and within indexTemplate prefixes | FQDN and optional port of your Elasticsearch/OpenSearch node (e.g. es.prod:9200). |
elastic username | customer-standalone.yml → env.hanami.elasticsearch.* | Service account that owns Hanami indices. |
elastic password | same block | Password or API key for that user. |
elastic max request size | customer-standalone.yml → maxRequestSizeBytes | Maximum bulk-request size (bytes) accepted by the cluster. |
triplestore hostname | customer-standalone.yml → rdfStore | Hostname (and optional port) of GraphDB/Virtuoso/etc. without protocol. |
triplestore port | same field | Port where the SPARQL endpoint is exposed (e.g. 7200). |
triplestore sparqlendpoint path | same field | Path after host/port, e.g. repositories/ep-data or sparql. |
triplestore user | rdfStoreUser | Username Hanami uses to write to the external triplestore. |
triplestore password | rdfStorePassword | Password for that user. |
admin password | security.yml → cognizone.security.basic-auth.users.admin.password | BCrypt-encoded password for the admin account (generate with `htpasswd -bnBC 10 "" yourPassword |
editor password | security.yml → users.editor.password | BCrypt hash for the editor account. |
Replace the entire placeholder—including angle brackets—with the real value.
1. customer.yml
Path: /opt/hanami-ext/config/customer.yml
server:
port: <hanami application port>
forward-headers-strategy: NATIVE
tomcat:
accesslog:
enabled: true
directory: /opt/hanami/logs
local:
assets:
folder: /opt/hanami/ext/override
hanami:
backup:
enabled: true
sync:
eventTransmission:
enabled: true
catalogue:
baseUrl: "http://<catalogue application host>:<catalogue application port>"
username: "<catalogue application user>"
password: "{noop}<catalogue application password>"
authorization:
provider: operations # operations / wac
elasticsearch:
url: ${env.hanami.elasticsearch.url}
user: ${env.hanami.elasticsearch.username}
username: ${env.hanami.elasticsearch.username}
password: ${env.hanami.elasticsearch.password}
trust: ${env.hanami.elasticsearch.trust}
lang:
app:
default-lang: en
available-langs:
- en
- fr
locale-mapping:
en: fr-BE
fr: fr-BE
data:
available-langs:
- en
- fr
prefixes:
adms: http://www.w3.org/ns/adms#
cz-internal: http://cogni.internal.system/model#
dc: http://purl.org/dc/elements/1.1/
dcat: http://www.w3.org/ns/dcat#
dct: http://purl.org/dc/terms/
eli: http://data.europa.eu/eli/ontology#
euvoc: http://publications.europa.eu/ontology/euvoc#
foaf: http://xmlns.com/foaf/0.1/
hanami: https://hanami.app/ontology#
jolux: http://data.legilux.public.lu/resource/ontology/jolux#
owl: http://www.w3.org/2002/07/owl#
prov: http://www.w3.org/ns/prov#
rdf: http://www.w3.org/1999/02/22-rdf-syntax-ns#
rdfs: http://www.w3.org/2000/01/rdf-schema#
schema: http://schema.org/
sh: http://www.w3.org/ns/shacl#
skos: http://www.w3.org/2004/02/skos/core#
sw-vocab-status: http://www.w3.org/2003/06/sw-vocab-status/ns#
uneskos: http://purl.org/umu/uneskos#
vann: http://purl.org/vocab/vann/
vcard: http://www.w3.org/2006/vcard/ns#
xsd: http://www.w3.org/2001/XMLSchema#
cognizone:
vinz:
routes:
- name: elasticsearch
path: /proxy/elasticsearch/**
url: ${hanami.elasticsearch.url}
2. customer-standalone.yml
Path: /opt/hanami-ext/config/customer-standalone.yml
info:
app:
environmentName: docker
env:
hanami:
id: "hanami-skos"
elasticsearch:
url: "https://<elastic hostname>"
username: "<elastic username>"
password: "<elastic password>"
trust: true
indexTemplate:
history: <elastic username>.history-{id}
data: <elastic username>.hanami-data-{id}
validation: <elastic username>.hanami-validation-{id}
maxRequestSizeBytes: <elastic max request size>
hanami:
security:
trusted: true
features:
actions:
enabled: false
index:
full-node-indexing:
enabled: true
partition-size: 1
pool:
size: 1
retry:
max-tries: 1
startup:
workspaces:
- uri: https://data.hanami.app/config/workspace/1
clear: true
collections:
permissions:
delete-enabled: true
create-enabled: true
customer:
template-arguments:
rdfStore: "http://<triplestore hostname>:<triplestore port>/<triplestore sparqlendpoint path>"
rdfStoreUser: "<triplestore user>"
rdfStorePassword: "<triplestore password>"
3. customer-workflow.yml
Path: /opt/hanami-ext/config/customer-workflow.yml
hanami:
features:
actions:
enabled: false
wfEnabled: true
workflow:
actions:
# Dataset actions
- id: dataset-publish
icon: publish
validationQuery: |
prefix adms: <http://www.w3.org/ns/adms#>
prefix dcat: <http://www.w3.org/ns/dcat#>
prefix foaf: <http://xmlns.com/foaf/0.1/>
prefix status: <https://data.in.ep.europa.eu/def/record-status/>
ASK WHERE {
GRAPH <#{[graphUri]}> {
?dataset a dcat:Dataset .
?record a dcat:CatalogRecord ;
foaf:primaryTopic ?dataset ;
adms:status ?status .
FILTER(?status IN (status:under-review, status:deprecated)) .
}
}
jobs:
- dataset-publish-action
excludeJobs: dataset-reset-onsave
i18n:
actionLabel: customer.workflow_actions.dataset.publish.action_label
confirmationTitle: customer.workflow_actions.dataset.publish.confirmation_title
confirmationBody: customer.workflow_actions.dataset.publish.confirmation_body
confirmationOk: customer.workflow_actions.dataset.publish.confirmation_ok
successLabel: customer.workflow_actions.dataset.publish.success_label
- id: dataset-deprecate
icon: archive
validationQuery: |
prefix adms: <http://www.w3.org/ns/adms#>
prefix dcat: <http://www.w3.org/ns/dcat#>
prefix foaf: <http://xmlns.com/foaf/0.1/>
prefix status: <https://data.in.ep.europa.eu/def/record-status/>
ASK WHERE {
GRAPH <#{[graphUri]}> {
?dataset a dcat:Dataset .
?record a dcat:CatalogRecord ;
foaf:primaryTopic ?dataset ;
adms:status status:current .
}
}
jobs:
- dataset-deprecate-action
excludeJobs: dataset-reset-onsave
i18n:
actionLabel: customer.workflow_actions.dataset.deprecate.action_label
confirmationTitle: customer.workflow_actions.dataset.deprecate.confirmation_title
confirmationBody: customer.workflow_actions.dataset.deprecate.confirmation_body
confirmationOk: customer.workflow_actions.dataset.deprecate.confirmation_ok
successLabel: customer.workflow_actions.dataset.deprecate.success_label
- id: dataset-to-review
icon: overview
validationQuery: |
prefix adms: <http://www.w3.org/ns/adms#>
prefix dcat: <http://www.w3.org/ns/dcat#>
prefix foaf: <http://xmlns.com/foaf/0.1/>
prefix status: <https://data.in.ep.europa.eu/def/record-status/>
ASK WHERE {
GRAPH <#{[graphUri]}> {
?dataset a dcat:Dataset .
?record a dcat:CatalogRecord ;
foaf:primaryTopic ?dataset ;
adms:status status:draft .
}
}
jobs:
- dataset-to-review-action
excludeJobs: dataset-reset-onsave
i18n:
actionLabel: customer.workflow_actions.dataset.to_review.action_label
confirmationTitle: customer.workflow_actions.dataset.to_review.confirmation_title
confirmationBody: customer.workflow_actions.dataset.to_review.confirmation_body
confirmationOk: customer.workflow_actions.dataset.to_review.confirmation_ok
successLabel: customer.workflow_actions.dataset.to_review.success_label
- id: dataset-back-to-draft
icon: plagiarism
validationQuery: |
prefix adms: <http://www.w3.org/ns/adms#>
prefix dcat: <http://www.w3.org/ns/dcat#>
prefix foaf: <http://xmlns.com/foaf/0.1/>
prefix status: <https://data.in.ep.europa.eu/def/record-status/>
ASK WHERE {
GRAPH <#{[graphUri]}> {
?dataset a dcat:Dataset .
?record a dcat:CatalogRecord ;
foaf:primaryTopic ?dataset ;
adms:status ?status .
FILTER(?status IN (status:under-review, status:current, status:deprecated)) .
}
}
jobs:
- dataset-back-to-draft-action
excludeJobs: dataset-reset-onsave
i18n:
actionLabel: customer.workflow_actions.dataset.back_to_draft.action_label
confirmationTitle: customer.workflow_actions.dataset.back_to_draft.confirmation_title
confirmationBody: customer.workflow_actions.dataset.back_to_draft.confirmation_body
confirmationOk: customer.workflow_actions.dataset.back_to_draft.confirmation_ok
successLabel: customer.workflow_actions.dataset.back_to_draft.success_label
# Data Service actions ... (truncated for brevity; include full definitions in production)
4. security.yml
Path: /opt/hanami-ext/config/security.yml
hanami:
security:
iam:
enable: false
user-onboarding:
enable: true
user-auto-create:
user-collection-graph: https://hanami.app/shacl/user/collection
user-model-template: | # supports {uuid} and {username} placeholders
@prefix hanami: <https://hanami.app/ontology#> .
@prefix vcard: <http://www.w3.org/2006/vcard/ns#> .
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
<https://hanami.app/auth/user/{username}>
a vcard:Individual ;
vcard:fn "{username}" ;
vcard:hasUID "{uuid}" ;
hanami:username "{username}" ;
hanami:isAdmin false.
user-group-collection: https://hanami.app/shacl/user-group/collection
user-group-graph-uri: https://hanami.app/auth/usergroup/basic-users/graph # supports {uuid} and {username} placeholders
user-graph-update-query-template: |
PREFIX vcard: <http://www.w3.org/2006/vcard/ns#>
PREFIX hanami: <https://hanami.app/ontology#>
INSERT DATA {
<https://hanami.app/auth/usergroup/basic-users> vcard:hasMember <https://hanami.app/auth/user/{username}> .
}
cognizone:
security:
auth-method: basic
basic-auth:
realm: Hanami
users:
admin:
password: "{bcrypt}<admin password>"
roles:
- ADMIN
editor:
password: "{bcrypt}<admin password>"
roles:
- EDITOR
team1Admin:
password: "{bcrypt}<admin password>"
roles:
- EDITOR
team1Editor:
password: "{bcrypt}<admin password>"
roles:
- EDITOR
team2Admin:
password: "{bcrypt}<admin password>"
roles:
- EDITOR
team2Editor:
password: "{bcrypt}<admin password>"
roles:
- EDITOR
dataAdmin:
password: "{bcrypt}<admin password>"
roles:
- EDITOR