<!-- CANARY: REQ=REQ-SERVER-REFACTOR-015; FEATURE="ServerRefactoring"; ASPECT=ConfigManagement; STATUS=TESTED; OWNER=server; UPDATED=2026-01-15 -->
<h3 id="overview" class="position-relative d-flex align-items-center group">
<span>Overview</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="overview"
aria-haspopup="dialog"
aria-label="Share link: Overview">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden>
<div class="hsm-dialog" role="document">
<div class="hsm-header">
<h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2>
<button type="button" class="hsm-close" aria-label="Close">
<i class="fa-solid fa-xmark"></i>
</button>
</div>
<div class="hsm-body">
<label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label>
<div class="input-group mb-4 hsm-url-group">
<input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" />
<button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy">
<i class="fa-duotone fa-clipboard" aria-hidden="true"></i>
</button>
</div>
<div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div>
<div class="hsm-share-grid">
<a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-twitter me-2"></i>Twitter
</a>
<a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-linkedin me-2"></i>LinkedIn
</a>
<a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-facebook me-2"></i>Facebook
</a>
</div>
</div>
</div>
</div>
<style>
.heading-share-modal {
position: fixed;
inset: 0;
display: flex;
justify-content: center;
align-items: center;
background: rgba(0, 0, 0, 0.6);
z-index: 1050;
padding: 1rem;
backdrop-filter: blur(4px);
-webkit-backdrop-filter: blur(4px);
}
.heading-share-modal[hidden] { display: none !important; }
.hsm-dialog {
max-width: 420px;
width: 100%;
background: var(--bs-body-bg, #fff);
color: var(--bs-body-color, #212529);
border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
border-radius: 1rem;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
overflow: hidden;
animation: hsm-fade-in 0.2s ease-out;
}
@keyframes hsm-fade-in {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
[data-bs-theme="dark"] .hsm-dialog {
background: #1e293b;
border-color: rgba(255,255,255,0.1);
color: #f8f9fa;
}
.hsm-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 1.5rem;
border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
background: rgba(0,0,0,0.02);
}
[data-bs-theme="dark"] .hsm-header {
background: rgba(255,255,255,0.02);
border-color: rgba(255,255,255,0.1);
}
.hsm-close {
background: transparent;
border: none;
color: inherit;
opacity: 0.5;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 1.2rem;
line-height: 1;
transition: opacity 0.2s;
}
.hsm-close:hover {
opacity: 1;
}
.hsm-body {
padding: 1.5rem;
}
.hsm-url-group {
display: flex !important;
align-items: stretch;
}
.hsm-url-group .form-control {
flex: 1;
min-width: 0;
margin: 0;
background: var(--bs-secondary-bg, #f8f9fa);
border-color: var(--bs-border-color, #dee2e6);
border-top-right-radius: 0;
border-bottom-right-radius: 0;
height: 42px;
}
.hsm-url-group .btn {
flex: 0 0 auto;
margin: 0;
margin-left: -1px;
border-top-left-radius: 0;
border-bottom-left-radius: 0;
height: 42px;
display: flex;
align-items: center;
justify-content: center;
padding: 0 1.25rem;
z-index: 2;
}
[data-bs-theme="dark"] .hsm-url-group .form-control {
background: #0f172a;
border-color: #334155;
color: #e2e8f0;
}
.hsm-share-grid {
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.hsm-share-grid .btn {
display: flex;
align-items: center;
justify-content: center;
font-size: 0.9rem;
padding: 0.6rem;
border-color: var(--bs-border-color);
width: 100%;
}
[data-bs-theme="dark"] .hsm-share-grid .btn {
color: #e2e8f0;
border-color: #475569;
}
[data-bs-theme="dark"] .hsm-share-grid .btn:hover {
background: #334155;
border-color: #cbd5e1;
}
</style>
<script>
(function(){
const modal = document.getElementById('headingShareModal');
if(!modal) return;
const input = modal.querySelector('#headingShareInput');
const copyBtn = modal.querySelector('.hsm-copy');
const twitter = modal.querySelector('#share-twitter');
const linkedin = modal.querySelector('#share-linkedin');
const facebook = modal.querySelector('#share-facebook');
const closeBtn = modal.querySelector('.hsm-close');
let lastFocus=null;
let trapBound=false;
function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; }
function isOpen(){ return !modal.hasAttribute('hidden'); }
function hydrate(id){
const url=buildUrl(id);
input.value=url;
const enc=encodeURIComponent(url);
const text=encodeURIComponent(document.title);
if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`;
if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`;
if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`;
}
function openModal(id){
lastFocus=document.activeElement;
hydrate(id);
if(!isOpen()){
modal.removeAttribute('hidden');
}
requestAnimationFrame(()=>{ input.focus(); });
trapFocus();
}
function closeModal(){
if(!isOpen()) return;
modal.setAttribute('hidden','');
if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus();
}
function copyCurrent(){
try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); }
catch(e){ fallback(); }
}
function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} }
function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); }
function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); }
function bindShareButtons(){
document.querySelectorAll('.h-share').forEach(btn=>{
if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; }
});
}
bindShareButtons();
if(document.readyState==='loading'){
document.addEventListener('DOMContentLoaded', bindShareButtons);
} else {
requestAnimationFrame(bindShareButtons);
}
document.addEventListener('click', function(e){
const shareBtn=e.target.closest && e.target.closest('.h-share');
if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); }
}, true);
document.addEventListener('click', e=>{
if(e.target===modal) closeModal();
if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); }
if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); }
});
document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); });
function trapFocus(){
if(trapBound) return;
trapBound=true;
modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } });
}
if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); });
})();
</script><p>This guide provides complete reference documentation for configuring the Geode database server. Configuration can be provided through:</p>
<ol>
<li><strong>Command-line flags</strong> - Highest precedence</li>
<li><strong>Environment variables</strong> - Medium precedence</li>
<li><strong>YAML configuration file</strong> - Lowest precedence</li>
</ol>
<p><strong>Quick Links:</strong></p>
<ul>
<li><a
href="https://geodedb.com/docs/configuration/server-configuration/#command-line-flags"
>Command-Line Flags</a>
</li>
<li><a
href="https://geodedb.com/docs/configuration/server-configuration/#environment-variables"
>Environment Variables</a>
</li>
<li><a
href="https://geodedb.com/docs/configuration/server-configuration/#yaml-configuration-file"
>YAML Configuration</a>
</li>
<li><a
href="https://geodedb.com/docs/configuration/server-configuration/#configuration-examples"
>Configuration Examples</a>
</li>
<li><a
href="https://geodedb.com/docs/configuration/server-configuration/#tls-certificate-setup"
>TLS/Certificate Setup</a>
</li>
</ul>
<hr>
<h3 id="command-line-flags" class="position-relative d-flex align-items-center group">
<span>Command-Line Flags</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="command-line-flags"
aria-haspopup="dialog"
aria-label="Share link: Command-Line Flags">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="server-binary-geode-serve" class="position-relative d-flex align-items-center group">
<span>Server Binary: <code>geode serve</code></span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="server-binary-geode-serve"
aria-haspopup="dialog"
aria-label="Share link: Server Binary: geode serve">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">geode serve <span class="o">[</span>OPTIONS<span class="o">]</span>
</span></span></code></pre></div><table>
<thead>
<tr>
<th>Flag</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>--listen</code></td>
<td>string</td>
<td><code>0.0.0.0:3141</code></td>
<td>QUIC listen address and port</td>
</tr>
<tr>
<td><code>--listen-quic</code></td>
<td>string</td>
<td><code>0.0.0.0:3141</code></td>
<td>(Alias for <code>--listen</code>) QUIC bind address</td>
</tr>
<tr>
<td><code>--data-dir</code></td>
<td>path</td>
<td><code>./data</code></td>
<td>Data directory for storage files</td>
</tr>
<tr>
<td><code>--tls-cert</code></td>
<td>path</td>
<td>(required)</td>
<td>Path to TLS certificate file (PEM format)</td>
</tr>
<tr>
<td><code>--tls-key</code></td>
<td>path</td>
<td>(required)</td>
<td>Path to TLS private key file (PEM format)</td>
</tr>
<tr>
<td><code>--log-level</code></td>
<td>string</td>
<td><code>info</code></td>
<td>Log level: <code>error</code>, <code>warn</code>, <code>info</code>, <code>debug</code>, <code>trace</code></td>
</tr>
<tr>
<td><code>--log-json</code></td>
<td>flag</td>
<td>false</td>
<td>Output logs in JSON format</td>
</tr>
<tr>
<td><code>--log-file</code></td>
<td>path</td>
<td>(stderr)</td>
<td>Log file path (default: stderr)</td>
</tr>
<tr>
<td><code>--enable-tde</code></td>
<td>flag</td>
<td>false</td>
<td>Enable Transparent Data Encryption</td>
</tr>
<tr>
<td><code>--max-connections</code></td>
<td>int</td>
<td><code>10000</code></td>
<td>Maximum concurrent connections</td>
</tr>
<tr>
<td><code>--page-cache-size</code></td>
<td>int</td>
<td><code>1024</code></td>
<td>Page cache size in MB</td>
</tr>
<tr>
<td><code>--wal-dir</code></td>
<td>path</td>
<td><code><data-dir>/wal</code></td>
<td>Write-ahead log directory</td>
</tr>
<tr>
<td><code>--config</code></td>
<td>path</td>
<td>-</td>
<td>Path to YAML configuration file</td>
</tr>
</tbody>
</table>
<h4 id="examples" class="position-relative d-flex align-items-center group">
<span>Examples</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="examples"
aria-haspopup="dialog"
aria-label="Share link: Examples">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>Basic Server Start</strong> (Development):</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Generate self-signed certificate first</span>
</span></span><span class="line"><span class="cl">openssl req -x509 -newkey rsa:4096 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -keyout server.key -out server.crt <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -days <span class="m">365</span> -nodes -subj <span class="s2">"/CN=localhost"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Start server</span>
</span></span><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --listen 0.0.0.0:3141 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cert server.crt <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-key server.key
</span></span></code></pre></div><p><strong>Production Server</strong> with all options:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --listen 0.0.0.0:3141 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --data-dir /var/lib/geode/data <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --wal-dir /var/lib/geode/wal <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cert /etc/geode/tls/server.crt <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-key /etc/geode/tls/server.key <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --log-level info <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --log-json <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --log-file /var/log/geode/server.log <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --enable-tde <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --max-connections <span class="m">50000</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --page-cache-size <span class="m">4096</span>
</span></span></code></pre></div><p><strong>Using Configuration File</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">geode serve --config /etc/geode/config.yaml
</span></span></code></pre></div><hr>
<h3 id="environment-variables" class="position-relative d-flex align-items-center group">
<span>Environment Variables</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="environment-variables"
aria-haspopup="dialog"
aria-label="Share link: Environment Variables">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="core-settings" class="position-relative d-flex align-items-center group">
<span>Core Settings</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="core-settings"
aria-haspopup="dialog"
aria-label="Share link: Core Settings">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_DATA_DIR</code></td>
<td>path</td>
<td><code>./data</code></td>
<td>Data directory path</td>
</tr>
<tr>
<td><code>GEODE_LOG_LEVEL</code></td>
<td>string</td>
<td><code>info</code></td>
<td>Log level (error, warn, info, debug, trace)</td>
</tr>
<tr>
<td><code>LOG_LEVEL</code></td>
<td>string</td>
<td><code>info</code></td>
<td>(Alternative) Log level for Docker compatibility</td>
</tr>
<tr>
<td><code>GEODE_LOG_FORMAT</code></td>
<td>string</td>
<td><code>text</code></td>
<td>Log format: <code>text</code> or <code>json</code></td>
</tr>
<tr>
<td><code>GEODE_LISTEN</code></td>
<td>string</td>
<td><code>0.0.0.0:3141</code></td>
<td>QUIC listen address</td>
</tr>
<tr>
<td><code>GEODE_TLS_CERT</code></td>
<td>path</td>
<td>-</td>
<td>TLS certificate path</td>
</tr>
<tr>
<td><code>GEODE_TLS_KEY</code></td>
<td>path</td>
<td>-</td>
<td>TLS private key path</td>
</tr>
</tbody>
</table>
<h4 id="performance-tuning" class="position-relative d-flex align-items-center group">
<span>Performance Tuning</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="performance-tuning"
aria-haspopup="dialog"
aria-label="Share link: Performance Tuning">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_MAX_CONNECTIONS</code></td>
<td>int</td>
<td><code>10000</code></td>
<td>Maximum concurrent connections</td>
</tr>
<tr>
<td><code>GEODE_PAGE_CACHE_SIZE</code></td>
<td>int</td>
<td><code>1024</code></td>
<td>Page cache size in MB</td>
</tr>
<tr>
<td><code>GEODE_QUERY_TIMEOUT</code></td>
<td>int</td>
<td><code>300</code></td>
<td>Query timeout in seconds</td>
</tr>
<tr>
<td><code>GEODE_TRANSACTION_TIMEOUT</code></td>
<td>int</td>
<td><code>300</code></td>
<td>Transaction timeout in seconds</td>
</tr>
</tbody>
</table>
<h4 id="security--encryption" class="position-relative d-flex align-items-center group">
<span>Security &amp; Encryption</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="security--encryption"
aria-haspopup="dialog"
aria-label="Share link: Security &amp; Encryption">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_ENABLE_TDE</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Enable Transparent Data Encryption</td>
</tr>
<tr>
<td><code>GEODE_DISK_KEY_HEX</code></td>
<td>string</td>
<td>-</td>
<td>TDE encryption key (64 hex characters)</td>
</tr>
<tr>
<td><code>GEODE_KMS_PROVIDER</code></td>
<td>string</td>
<td><code>env</code></td>
<td>KMS provider: <code>env</code>, <code>vault</code>, <code>aws</code></td>
</tr>
<tr>
<td><code>VAULT_ADDR</code></td>
<td>string</td>
<td>-</td>
<td>HashiCorp Vault address (if using Vault KMS)</td>
</tr>
<tr>
<td><code>VAULT_TOKEN</code></td>
<td>string</td>
<td>-</td>
<td>Vault authentication token</td>
</tr>
<tr>
<td><code>AWS_KMS_KEY_ID</code></td>
<td>string</td>
<td>-</td>
<td>AWS KMS key ID (if using AWS KMS)</td>
</tr>
</tbody>
</table>
<h4 id="query-optimization" class="position-relative d-flex align-items-center group">
<span>Query Optimization</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="query-optimization"
aria-haspopup="dialog"
aria-label="Share link: Query Optimization">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_TRACE_OPTIMIZER</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Enable optimizer trace logging</td>
</tr>
<tr>
<td><code>GEODE_ORDER_KEYS_EXPR</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Allow ORDER BY expressions (not just properties)</td>
</tr>
<tr>
<td><code>GEODE_TELEMETRY_PAGING</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Enable paging telemetry</td>
</tr>
</tbody>
</table>
<h4 id="cloud-backup-s3" class="position-relative d-flex align-items-center group">
<span>Cloud Backup (S3)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="cloud-backup-s3"
aria-haspopup="dialog"
aria-label="Share link: Cloud Backup (S3)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>AWS_ACCESS_KEY_ID</code></td>
<td>string</td>
<td>-</td>
<td>AWS/S3 access key ID</td>
</tr>
<tr>
<td><code>AWS_SECRET_ACCESS_KEY</code></td>
<td>string</td>
<td>-</td>
<td>AWS/S3 secret access key</td>
</tr>
<tr>
<td><code>AWS_REGION</code></td>
<td>string</td>
<td><code>us-east-1</code></td>
<td>AWS region</td>
</tr>
<tr>
<td><code>S3_ENDPOINT</code></td>
<td>string</td>
<td>-</td>
<td>Custom S3 endpoint (e.g., MinIO, DigitalOcean Spaces)</td>
</tr>
<tr>
<td><code>S3_BUCKET</code></td>
<td>string</td>
<td>-</td>
<td>S3 bucket name for backups</td>
</tr>
</tbody>
</table>
<h4 id="change-data-capture-cdc" class="position-relative d-flex align-items-center group">
<span>Change Data Capture (CDC)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="change-data-capture-cdc"
aria-haspopup="dialog"
aria-label="Share link: Change Data Capture (CDC)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_CDC_ENABLE</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Enable CDC</td>
</tr>
<tr>
<td><code>CDC_KAFKA_BROKERS</code></td>
<td>string</td>
<td>-</td>
<td>Kafka broker addresses (comma-separated)</td>
</tr>
<tr>
<td><code>CDC_WEBHOOK_ENDPOINT</code></td>
<td>string</td>
<td>-</td>
<td>HTTP webhook endpoint for CDC events</td>
</tr>
<tr>
<td><code>WEBHOOK_TOKEN</code></td>
<td>string</td>
<td>-</td>
<td>Authorization token for webhook</td>
</tr>
</tbody>
</table>
<h4 id="quic-transport" class="position-relative d-flex align-items-center group">
<span>QUIC Transport</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="quic-transport"
aria-haspopup="dialog"
aria-label="Share link: QUIC Transport">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_QUIC_FORCE_CLOSE</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Force immediate connection close</td>
</tr>
<tr>
<td><code>GEODE_QUIC_PASSIVE_TEARDOWN</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Use passive connection teardown</td>
</tr>
</tbody>
</table>
<h4 id="developmenttesting" class="position-relative d-flex align-items-center group">
<span>Development/Testing</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="developmenttesting"
aria-haspopup="dialog"
aria-label="Share link: Development/Testing">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GEODE_CAPTURE_SERVER_STDERR</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Capture server stderr (for testing)</td>
</tr>
<tr>
<td><code>GEODE_INSECURE</code></td>
<td>bool</td>
<td><code>false</code></td>
<td>Disable TLS verification (dev only!)</td>
</tr>
</tbody>
</table>
<hr>
<h3 id="yaml-configuration-file" class="position-relative d-flex align-items-center group">
<span>YAML Configuration File</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="yaml-configuration-file"
aria-haspopup="dialog"
aria-label="Share link: YAML Configuration File">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="file-structure" class="position-relative d-flex align-items-center group">
<span>File Structure</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="file-structure"
aria-haspopup="dialog"
aria-label="Share link: File Structure">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># geode.yaml - Complete configuration example</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">data_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/lib/geode/data'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">wal_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/lib/geode/wal'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">10000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">logging</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">level</span><span class="p">:</span><span class="w"> </span><span class="s1">'info'</span><span class="w"> </span><span class="c"># error, warn, info, debug, trace</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="s1">'json'</span><span class="w"> </span><span class="c"># text or json</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">file</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/log/geode/server.log'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/geode/tls/server.crt'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/geode/tls/server.key'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">auto_generate</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="c"># Auto-generate self-signed cert (dev only)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_size: 8192 # Bytes per page (default</span><span class="p">:</span><span class="w"> </span><span class="l">8KB)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'4GB'</span><span class="w"> </span><span class="c"># Page cache size (supports MB, GB suffixes)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enable_tde</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="c"># Transparent Data Encryption</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">disk_key_hex</span><span class="p">:</span><span class="w"> </span><span class="s1">'<64-hex-chars>'</span><span class="w"> </span><span class="c"># TDE encryption key</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">query_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w"> </span><span class="c"># Seconds</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">transaction_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w"> </span><span class="c"># Seconds</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">4096</span><span class="w"> </span><span class="c"># MB</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">optimizer</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">trace</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="c"># Enable optimizer trace logging</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">small_n_threshold</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w"> </span><span class="c"># Threshold for small-N optimization</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">federation</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="c"># Enable distributed query federation</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">coordinator</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="c"># This node is coordinator</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">shards</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard1'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'node1.cluster:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard2'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'node2.cluster:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard3'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'node3.cluster:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">backup</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">s3</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">bucket</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-backups'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prefix</span><span class="p">:</span><span class="w"> </span><span class="s1">'prod'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="s1">'us-east-1'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">''</span><span class="w"> </span><span class="c"># Custom endpoint (MinIO, DigitalOcean)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retention_days</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">access_key_id</span><span class="p">:</span><span class="w"> </span><span class="s1">'${AWS_ACCESS_KEY_ID}'</span><span class="w"> </span><span class="c"># From environment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">secret_access_key</span><span class="p">:</span><span class="w"> </span><span class="s1">'${AWS_SECRET_ACCESS_KEY}'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">cdc</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">webhooks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s1">'primary'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'https://api.example.com/webhook'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">Authorization</span><span class="p">:</span><span class="w"> </span><span class="s1">'Bearer ${WEBHOOK_TOKEN}'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">X-Tenant-ID</span><span class="p">:</span><span class="w"> </span><span class="s1">'tenant-123'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retry</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_attempts</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">base_delay_ms</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_delay_ms</span><span class="p">:</span><span class="w"> </span><span class="m">30000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dlq</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_size</span><span class="p">:</span><span class="w"> </span><span class="m">10000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retention_hours</span><span class="p">:</span><span class="w"> </span><span class="m">168</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">idempotency</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">header</span><span class="p">:</span><span class="w"> </span><span class="s1">'X-Idempotency-Key'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">security</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kms_provider</span><span class="p">:</span><span class="w"> </span><span class="s1">'vault'</span><span class="w"> </span><span class="c"># env, vault, aws</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vault</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">address</span><span class="p">:</span><span class="w"> </span><span class="s1">'https://vault.example.com:8200'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s1">'${VAULT_TOKEN}'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mount_path</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-keys'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">aws_kms</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key_id</span><span class="p">:</span><span class="w"> </span><span class="s1">'arn:aws:kms:us-east-1:123456789012:key/...'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="s1">'us-east-1'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">monitoring</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:9090'</span><span class="w"> </span><span class="c"># Prometheus metrics endpoint</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">health</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:8080'</span><span class="w"> </span><span class="c"># Health/readiness endpoints</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="loading-configuration" class="position-relative d-flex align-items-center group">
<span>Loading Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="loading-configuration"
aria-haspopup="dialog"
aria-label="Share link: Loading Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Load from file</span>
</span></span><span class="line"><span class="cl">geode serve --config /etc/geode/config.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Override with environment variables</span>
</span></span><span class="line"><span class="cl"><span class="nv">GEODE_LOG_LEVEL</span><span class="o">=</span>debug geode serve --config /etc/geode/config.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Override with command-line flags (highest precedence)</span>
</span></span><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --config /etc/geode/config.yaml <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --max-connections <span class="m">20000</span>
</span></span></code></pre></div><hr>
<h3 id="configuration-examples" class="position-relative d-flex align-items-center group">
<span>Configuration Examples</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="configuration-examples"
aria-haspopup="dialog"
aria-label="Share link: Configuration Examples">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="development-configuration" class="position-relative d-flex align-items-center group">
<span>Development Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="development-configuration"
aria-haspopup="dialog"
aria-label="Share link: Development Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>File: <code>dev-config.yaml</code></strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'127.0.0.1:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">data_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'./dev-data'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">logging</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">level</span><span class="p">:</span><span class="w"> </span><span class="s1">'debug'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="s1">'text'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">auto_generate</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="c"># Auto-generate self-signed cert</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'512MB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">256</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">optimizer</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">trace</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="c"># See optimizer decisions</span><span class="w">
</span></span></span></code></pre></div><p><strong>Start Command</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">geode serve --config dev-config.yaml
</span></span></code></pre></div>
<h4 id="staging-configuration" class="position-relative d-flex align-items-center group">
<span>Staging Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="staging-configuration"
aria-haspopup="dialog"
aria-label="Share link: Staging Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>File: <code>/etc/geode/staging-config.yaml</code></strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">data_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/lib/geode/staging/data'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">5000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">logging</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">level</span><span class="p">:</span><span class="w"> </span><span class="s1">'info'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="s1">'json'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">file</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/log/geode/staging.log'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/geode/tls/staging.crt'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/geode/tls/staging.key'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'2GB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enable_tde</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">2048</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">backup</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">s3</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">bucket</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-backups-staging'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prefix</span><span class="p">:</span><span class="w"> </span><span class="s1">'staging'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retention_days</span><span class="p">:</span><span class="w"> </span><span class="m">7</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">monitoring</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:9090'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">health</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:8080'</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="production-configuration" class="position-relative d-flex align-items-center group">
<span>Production Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="production-configuration"
aria-haspopup="dialog"
aria-label="Share link: Production Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>File: <code>/etc/geode/prod-config.yaml</code></strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">data_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/lib/geode/data'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">wal_dir</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/lib/geode/wal'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">50000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">logging</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">level: 'error' # Production</span><span class="p">:</span><span class="w"> </span><span class="l">errors only</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="s1">'json'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">file</span><span class="p">:</span><span class="w"> </span><span class="s1">'/var/log/geode/server.log'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tls</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cert</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/letsencrypt/live/geode.example.com/fullchain.pem'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="s1">'/etc/letsencrypt/live/geode.example.com/privkey.pem'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'8GB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enable_tde</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># GEODE_DISK_KEY_HEX from environment (managed by secrets manager)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">query_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">transaction_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">8192</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">federation</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">coordinator</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">shards</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard1'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-node1.internal:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard2'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-node2.internal:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="s1">'shard3'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-node3.internal:3141'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">backup</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">s3</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">bucket</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-backups-prod'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prefix</span><span class="p">:</span><span class="w"> </span><span class="s1">'prod'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="s1">'us-east-1'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retention_days</span><span class="p">:</span><span class="w"> </span><span class="m">90</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">cdc</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">webhooks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s1">'analytics'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="s1">'https://analytics.example.com/webhook'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">headers</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">Authorization</span><span class="p">:</span><span class="w"> </span><span class="s1">'Bearer ${WEBHOOK_TOKEN}'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retry</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_attempts</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">base_delay_ms</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_delay_ms</span><span class="p">:</span><span class="w"> </span><span class="m">30000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dlq</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_size</span><span class="p">:</span><span class="w"> </span><span class="m">100000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retention_hours</span><span class="p">:</span><span class="w"> </span><span class="m">168</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">idempotency</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">security</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kms_provider</span><span class="p">:</span><span class="w"> </span><span class="s1">'vault'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vault</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">address</span><span class="p">:</span><span class="w"> </span><span class="s1">'https://vault.prod.internal:8200'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s1">'${VAULT_TOKEN}'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mount_path</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-prod-keys'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">monitoring</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:9090'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">health</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:8080'</span><span class="w">
</span></span></span></code></pre></div><p><strong>Production Start (systemd)</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># /etc/systemd/system/geode.service</span>
</span></span><span class="line"><span class="cl"><span class="o">[</span>Unit<span class="o">]</span>
</span></span><span class="line"><span class="cl"><span class="nv">Description</span><span class="o">=</span>Geode Graph Database
</span></span><span class="line"><span class="cl"><span class="nv">After</span><span class="o">=</span>network.target vault.service
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="o">[</span>Service<span class="o">]</span>
</span></span><span class="line"><span class="cl"><span class="nv">Type</span><span class="o">=</span>simple
</span></span><span class="line"><span class="cl"><span class="nv">User</span><span class="o">=</span>geode
</span></span><span class="line"><span class="cl"><span class="nv">Group</span><span class="o">=</span>geode
</span></span><span class="line"><span class="cl"><span class="nv">WorkingDirectory</span><span class="o">=</span>/var/lib/geode
</span></span><span class="line"><span class="cl"><span class="nv">Environment</span><span class="o">=</span><span class="s2">"GEODE_DISK_KEY_HEX=<from-vault>"</span>
</span></span><span class="line"><span class="cl"><span class="nv">Environment</span><span class="o">=</span><span class="s2">"VAULT_TOKEN=<from-vault>"</span>
</span></span><span class="line"><span class="cl"><span class="nv">Environment</span><span class="o">=</span><span class="s2">"AWS_ACCESS_KEY_ID=<from-secrets>"</span>
</span></span><span class="line"><span class="cl"><span class="nv">Environment</span><span class="o">=</span><span class="s2">"AWS_SECRET_ACCESS_KEY=<from-secrets>"</span>
</span></span><span class="line"><span class="cl"><span class="nv">ExecStart</span><span class="o">=</span>/usr/local/bin/geode serve --config /etc/geode/prod-config.yaml
</span></span><span class="line"><span class="cl"><span class="nv">Restart</span><span class="o">=</span>on-failure
</span></span><span class="line"><span class="cl"><span class="nv">RestartSec</span><span class="o">=</span><span class="m">10</span>
</span></span><span class="line"><span class="cl"><span class="nv">LimitNOFILE</span><span class="o">=</span><span class="m">65536</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="o">[</span>Install<span class="o">]</span>
</span></span><span class="line"><span class="cl"><span class="nv">WantedBy</span><span class="o">=</span>multi-user.target
</span></span></code></pre></div>
<h4 id="docker-configuration" class="position-relative d-flex align-items-center group">
<span>Docker Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="docker-configuration"
aria-haspopup="dialog"
aria-label="Share link: Docker Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>docker-compose.yml</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">geodedb/geode:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"3141:3141/udp"</span><span class="w"> </span><span class="c"># QUIC</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"9090:9090"</span><span class="w"> </span><span class="c"># Metrics</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"8080:8080"</span><span class="w"> </span><span class="c"># Health</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data:/var/lib/geode/data</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-wal:/var/lib/geode/wal</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./config.yaml:/etc/geode/config.yaml:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./tls:/etc/geode/tls:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">LOG_LEVEL</span><span class="p">:</span><span class="w"> </span><span class="l">${LOG_LEVEL:-error}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">GEODE_DISK_KEY_HEX</span><span class="p">:</span><span class="w"> </span><span class="l">${GEODE_DISK_KEY_HEX}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">AWS_ACCESS_KEY_ID</span><span class="p">:</span><span class="w"> </span><span class="l">${AWS_ACCESS_KEY_ID}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">AWS_SECRET_ACCESS_KEY</span><span class="p">:</span><span class="w"> </span><span class="l">${AWS_SECRET_ACCESS_KEY}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">VAULT_TOKEN</span><span class="p">:</span><span class="w"> </span><span class="l">${VAULT_TOKEN}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"serve"</span><span class="p">,</span><span class="w"> </span><span class="s2">"--config"</span><span class="p">,</span><span class="w"> </span><span class="s2">"/etc/geode/config.yaml"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l">unless-stopped</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ulimits</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nofile</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">soft</span><span class="p">:</span><span class="w"> </span><span class="m">65536</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hard</span><span class="p">:</span><span class="w"> </span><span class="m">65536</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-wal</span><span class="p">:</span><span class="w">
</span></span></span></code></pre></div><p><strong>Start with override</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Production (error logs only)</span>
</span></span><span class="line"><span class="cl">docker-compose up -d
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Debug mode</span>
</span></span><span class="line"><span class="cl"><span class="nv">LOG_LEVEL</span><span class="o">=</span>debug docker-compose up
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># With secrets</span>
</span></span><span class="line"><span class="cl"><span class="nv">GEODE_DISK_KEY_HEX</span><span class="o">=</span><span class="k">$(</span>vault kv get -field<span class="o">=</span>key geode/tde<span class="k">)</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span><span class="nv">VAULT_TOKEN</span><span class="o">=</span><span class="k">$(</span>vault print token<span class="k">)</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span><span class="nv">AWS_ACCESS_KEY_ID</span><span class="o">=</span><span class="k">$(</span>vault kv get -field<span class="o">=</span>access_key aws/geode<span class="k">)</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span><span class="nv">AWS_SECRET_ACCESS_KEY</span><span class="o">=</span><span class="k">$(</span>vault kv get -field<span class="o">=</span>secret_key aws/geode<span class="k">)</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span>docker-compose up -d
</span></span></code></pre></div><hr>
<h3 id="tls-certificate-setup" class="position-relative d-flex align-items-center group">
<span>TLS Certificate Setup</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="tls-certificate-setup"
aria-haspopup="dialog"
aria-label="Share link: TLS Certificate Setup">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="development-self-signed" class="position-relative d-flex align-items-center group">
<span>Development (Self-Signed)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="development-self-signed"
aria-haspopup="dialog"
aria-label="Share link: Development (Self-Signed)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Generate self-signed certificate</span>
</span></span><span class="line"><span class="cl">openssl req -x509 -newkey rsa:4096 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -keyout server.key <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -out server.crt <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -days <span class="m">365</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -nodes <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -subj <span class="s2">"/CN=localhost"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Start server</span>
</span></span><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cert server.crt <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-key server.key
</span></span></code></pre></div>
<h4 id="production-lets-encrypt" class="position-relative d-flex align-items-center group">
<span>Production (Let&rsquo;s Encrypt)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="production-lets-encrypt"
aria-haspopup="dialog"
aria-label="Share link: Production (Lets Encrypt)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Install certbot</span>
</span></span><span class="line"><span class="cl">sudo apt-get install certbot
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Get certificate (requires domain and port 80/443 access)</span>
</span></span><span class="line"><span class="cl">sudo certbot certonly --standalone <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -d geode.example.com <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --agree-tos <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -m <span class="o">[</span>email protected<span class="o">]</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Certificates will be in:</span>
</span></span><span class="line"><span class="cl"><span class="c1"># /etc/letsencrypt/live/geode.example.com/fullchain.pem</span>
</span></span><span class="line"><span class="cl"><span class="c1"># /etc/letsencrypt/live/geode.example.com/privkey.pem</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Start server</span>
</span></span><span class="line"><span class="cl">sudo geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cert /etc/letsencrypt/live/geode.example.com/fullchain.pem <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-key /etc/letsencrypt/live/geode.example.com/privkey.pem
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Auto-renewal (add to crontab)</span>
</span></span><span class="line"><span class="cl"><span class="m">0</span> <span class="m">0</span> * * * certbot renew --quiet --post-hook <span class="s2">"systemctl restart geode"</span>
</span></span></code></pre></div>
<h4 id="production-custom-ca" class="position-relative d-flex align-items-center group">
<span>Production (Custom CA)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="production-custom-ca"
aria-haspopup="dialog"
aria-label="Share link: Production (Custom CA)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># If using internal CA, provide full chain</span>
</span></span><span class="line"><span class="cl">cat server.crt intermediate.crt root.crt > fullchain.pem
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Start server</span>
</span></span><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cert fullchain.pem <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-key server.key
</span></span></code></pre></div>
<h4 id="verify-certificate" class="position-relative d-flex align-items-center group">
<span>Verify Certificate</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="verify-certificate"
aria-haspopup="dialog"
aria-label="Share link: Verify Certificate">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check certificate details</span>
</span></span><span class="line"><span class="cl">openssl x509 -in server.crt -text -noout
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify certificate and key match</span>
</span></span><span class="line"><span class="cl">openssl x509 -noout -modulus -in server.crt <span class="p">|</span> openssl md5
</span></span><span class="line"><span class="cl">openssl rsa -noout -modulus -in server.key <span class="p">|</span> openssl md5
</span></span><span class="line"><span class="cl"><span class="c1"># MD5 hashes should match</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test TLS connection</span>
</span></span><span class="line"><span class="cl">openssl s_client -connect localhost:3141 -showcerts
</span></span></code></pre></div><hr>
<h3 id="performance-tuning-1" class="position-relative d-flex align-items-center group">
<span>Performance Tuning</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="performance-tuning-1"
aria-haspopup="dialog"
aria-label="Share link: Performance Tuning">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="memory-configuration" class="position-relative d-flex align-items-center group">
<span>Memory Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="memory-configuration"
aria-haspopup="dialog"
aria-label="Share link: Memory Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># For small deployments (<10GB data)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'1GB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">1024</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># For medium deployments (10-100GB data)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'4GB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">4096</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># For large deployments (>100GB data)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cache_size</span><span class="p">:</span><span class="w"> </span><span class="s1">'16GB'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">page_cache_size</span><span class="p">:</span><span class="w"> </span><span class="m">16384</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="connection-tuning" class="position-relative d-flex align-items-center group">
<span>Connection Tuning</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="connection-tuning"
aria-haspopup="dialog"
aria-label="Share link: Connection Tuning">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Low-concurrency workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">100</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Medium-concurrency workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># High-concurrency workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">server</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">max_connections</span><span class="p">:</span><span class="w"> </span><span class="m">50000</span><span class="w">
</span></span></span></code></pre></div><p><strong>System Limits</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Increase file descriptor limit</span>
</span></span><span class="line"><span class="cl"><span class="nb">ulimit</span> -n <span class="m">65536</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Or set in /etc/security/limits.conf</span>
</span></span><span class="line"><span class="cl">geode soft nofile <span class="m">65536</span>
</span></span><span class="line"><span class="cl">geode hard nofile <span class="m">65536</span>
</span></span></code></pre></div>
<h4 id="query-timeouts" class="position-relative d-flex align-items-center group">
<span>Query Timeouts</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="query-timeouts"
aria-haspopup="dialog"
aria-label="Share link: Query Timeouts">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># Short-lived queries (OLTP)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">query_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">transaction_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">60</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Mixed workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">query_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">transaction_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">300</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c"># Analytics workload</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">performance</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">query_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">3600</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">transaction_timeout</span><span class="p">:</span><span class="w"> </span><span class="m">3600</span><span class="w">
</span></span></span></code></pre></div><hr>
<h3 id="log-configuration" class="position-relative d-flex align-items-center group">
<span>Log Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="log-configuration"
aria-haspopup="dialog"
aria-label="Share link: Log Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="log-levels" class="position-relative d-flex align-items-center group">
<span>Log Levels</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="log-levels"
aria-haspopup="dialog"
aria-label="Share link: Log Levels">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><table>
<thead>
<tr>
<th>Level</th>
<th>Use Case</th>
<th>Volume</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>error</code></td>
<td>Production (default)</td>
<td>Minimal - errors only</td>
</tr>
<tr>
<td><code>warn</code></td>
<td>Production (with warnings)</td>
<td>Low - errors + warnings</td>
</tr>
<tr>
<td><code>info</code></td>
<td>Development/Staging</td>
<td>Medium - general info</td>
</tr>
<tr>
<td><code>debug</code></td>
<td>Troubleshooting</td>
<td>High - detailed debugging</td>
</tr>
<tr>
<td><code>trace</code></td>
<td>Deep troubleshooting</td>
<td>Very High - all events</td>
</tr>
</tbody>
</table>
<h4 id="log-formats" class="position-relative d-flex align-items-center group">
<span>Log Formats</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="log-formats"
aria-haspopup="dialog"
aria-label="Share link: Log Formats">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>Text Format</strong> (human-readable):</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">2026-01-23T10:30:45Z [INFO] Server started on 0.0.0.0:3141
</span></span><span class="line"><span class="cl">2026-01-23T10:30:46Z [DEBUG] Accepted connection from 192.168.1.100:54321
</span></span><span class="line"><span class="cl">2026-01-23T10:30:46Z [INFO] Query completed in 12ms
</span></span></code></pre></div><p><strong>JSON Format</strong> (machine-parsable):</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span><span class="nt">"timestamp"</span><span class="p">:</span><span class="s2">"2026-01-23T10:30:45Z"</span><span class="p">,</span><span class="nt">"level"</span><span class="p">:</span><span class="s2">"INFO"</span><span class="p">,</span><span class="nt">"message"</span><span class="p">:</span><span class="s2">"Server started on 0.0.0.0:3141"</span><span class="p">}</span>
</span></span><span class="line"><span class="cl"><span class="p">{</span><span class="nt">"timestamp"</span><span class="p">:</span><span class="s2">"2026-01-23T10:30:46Z"</span><span class="p">,</span><span class="nt">"level"</span><span class="p">:</span><span class="s2">"DEBUG"</span><span class="p">,</span><span class="nt">"message"</span><span class="p">:</span><span class="s2">"Accepted connection from 192.168.1.100:54321"</span><span class="p">}</span>
</span></span><span class="line"><span class="cl"><span class="p">{</span><span class="nt">"timestamp"</span><span class="p">:</span><span class="s2">"2026-01-23T10:30:46Z"</span><span class="p">,</span><span class="nt">"level"</span><span class="p">:</span><span class="s2">"INFO"</span><span class="p">,</span><span class="nt">"message"</span><span class="p">:</span><span class="s2">"Query completed in 12ms"</span><span class="p">,</span><span class="nt">"duration_ms"</span><span class="p">:</span><span class="mi">12</span><span class="p">}</span>
</span></span></code></pre></div>
<h4 id="log-rotation" class="position-relative d-flex align-items-center group">
<span>Log Rotation</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="log-rotation"
aria-haspopup="dialog"
aria-label="Share link: Log Rotation">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Using logrotate</span>
</span></span><span class="line"><span class="cl"><span class="c1"># /etc/logrotate.d/geode</span>
</span></span><span class="line"><span class="cl">/var/log/geode/*.log <span class="o">{</span>
</span></span><span class="line"><span class="cl"> daily
</span></span><span class="line"><span class="cl"> rotate <span class="m">7</span>
</span></span><span class="line"><span class="cl"> compress
</span></span><span class="line"><span class="cl"> delaycompress
</span></span><span class="line"><span class="cl"> missingok
</span></span><span class="line"><span class="cl"> notifempty
</span></span><span class="line"><span class="cl"> create <span class="m">0640</span> geode geode
</span></span><span class="line"><span class="cl"> sharedscripts
</span></span><span class="line"><span class="cl"> postrotate
</span></span><span class="line"><span class="cl"> systemctl reload geode >/dev/null 2><span class="p">&</span><span class="m">1</span> <span class="o">||</span> <span class="nb">true</span>
</span></span><span class="line"><span class="cl"> endscript
</span></span><span class="line"><span class="cl"><span class="o">}</span>
</span></span></code></pre></div><hr>
<h3 id="security-configuration" class="position-relative d-flex align-items-center group">
<span>Security Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="security-configuration"
aria-haspopup="dialog"
aria-label="Share link: Security Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="encryption-at-rest-tde" class="position-relative d-flex align-items-center group">
<span>Encryption at Rest (TDE)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="encryption-at-rest-tde"
aria-haspopup="dialog"
aria-label="Share link: Encryption at Rest (TDE)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">storage</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enable_tde</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># Provide key via environment (never hardcode!)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># disk_key_hex: from GEODE_DISK_KEY_HEX environment variable</span><span class="w">
</span></span></span></code></pre></div><p><strong>Generate Encryption Key</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Generate random 256-bit key</span>
</span></span><span class="line"><span class="cl">openssl rand -hex <span class="m">32</span> > /secure/location/tde-key.hex
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Set environment variable</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">GEODE_DISK_KEY_HEX</span><span class="o">=</span><span class="k">$(</span>cat /secure/location/tde-key.hex<span class="k">)</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Or use KMS</span>
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">GEODE_KMS_PROVIDER</span><span class="o">=</span>vault
</span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">VAULT_TOKEN</span><span class="o">=</span><span class="k">$(</span>vault login -token-only<span class="k">)</span>
</span></span></code></pre></div>
<h4 id="kms-integration" class="position-relative d-flex align-items-center group">
<span>KMS Integration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="kms-integration"
aria-haspopup="dialog"
aria-label="Share link: KMS Integration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>HashiCorp Vault</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">security</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kms_provider</span><span class="p">:</span><span class="w"> </span><span class="s1">'vault'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vault</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">address</span><span class="p">:</span><span class="w"> </span><span class="s1">'https://vault.example.com:8200'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">token</span><span class="p">:</span><span class="w"> </span><span class="s1">'${VAULT_TOKEN}'</span><span class="w"> </span><span class="c"># From environment</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mount_path</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode-keys'</span><span class="w">
</span></span></span></code></pre></div><p><strong>AWS KMS</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">security</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kms_provider</span><span class="p">:</span><span class="w"> </span><span class="s1">'aws'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">aws_kms</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">key_id</span><span class="p">:</span><span class="w"> </span><span class="s1">'arn:aws:kms:us-east-1:123456789012:key/...'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="s1">'us-east-1'</span><span class="w">
</span></span></span></code></pre></div><hr>
<h3 id="monitoring-configuration" class="position-relative d-flex align-items-center group">
<span>Monitoring Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="monitoring-configuration"
aria-haspopup="dialog"
aria-label="Share link: Monitoring Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="prometheus-metrics" class="position-relative d-flex align-items-center group">
<span>Prometheus Metrics</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="prometheus-metrics"
aria-haspopup="dialog"
aria-label="Share link: Prometheus Metrics">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">monitoring</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">metrics</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:9090'</span><span class="w">
</span></span></span></code></pre></div><p><strong>Scrape Config</strong> (<code>prometheus.yml</code>):</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">scrape_configs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">job_name</span><span class="p">:</span><span class="w"> </span><span class="s1">'geode'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">static_configs</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">targets</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s1">'geode-server:9090'</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scrape_interval</span><span class="p">:</span><span class="w"> </span><span class="l">15s</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="health-checks" class="position-relative d-flex align-items-center group">
<span>Health Checks</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="health-checks"
aria-haspopup="dialog"
aria-label="Share link: Health Checks">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">monitoring</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">health</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">listen</span><span class="p">:</span><span class="w"> </span><span class="s1">'0.0.0.0:8080'</span><span class="w">
</span></span></span></code></pre></div><p><strong>Kubernetes Probes</strong>:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">livenessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/health</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">30</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">10</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">readinessProbe</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">httpGet</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="l">/ready</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">port</span><span class="p">:</span><span class="w"> </span><span class="m">8080</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">initialDelaySeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">periodSeconds</span><span class="p">:</span><span class="w"> </span><span class="m">5</span><span class="w">
</span></span></span></code></pre></div><hr>
<h3 id="troubleshooting-configuration" class="position-relative d-flex align-items-center group">
<span>Troubleshooting Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="troubleshooting-configuration"
aria-haspopup="dialog"
aria-label="Share link: Troubleshooting Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="common-issues" class="position-relative d-flex align-items-center group">
<span>Common Issues</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="common-issues"
aria-haspopup="dialog"
aria-label="Share link: Common Issues">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>Issue: Server won’t start with config file</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check config syntax</span>
</span></span><span class="line"><span class="cl">geode serve --config /etc/geode/config.yaml --validate
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Use debug logging to see what's failing</span>
</span></span><span class="line"><span class="cl">geode serve <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --config /etc/geode/config.yaml <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --log-level debug
</span></span></code></pre></div><p><strong>Issue: Environment variables not working</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Verify environment is set</span>
</span></span><span class="line"><span class="cl">env <span class="p">|</span> grep GEODE
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Test with explicit values</span>
</span></span><span class="line"><span class="cl"><span class="nv">GEODE_LOG_LEVEL</span><span class="o">=</span>debug geode serve
</span></span></code></pre></div><p><strong>Issue: TLS certificate errors</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># See TLS Certificate Setup section above</span>
</span></span><span class="line"><span class="cl"><span class="c1"># Verify certificate paths in config</span>
</span></span><span class="line"><span class="cl">cat /etc/geode/config.yaml <span class="p">|</span> grep -A <span class="m">2</span> <span class="s2">"tls:"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check file permissions</span>
</span></span><span class="line"><span class="cl">ls -la /etc/geode/tls/
</span></span></code></pre></div><hr>
<h3 id="next-steps" class="position-relative d-flex align-items-center group">
<span>Next Steps</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="next-steps"
aria-haspopup="dialog"
aria-label="Share link: Next Steps">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><a
href="/docs/ops/deployment/"
>Deployment Guide</a>
- Production deployment patterns</li>
<li><a
href="/docs/security/overview/"
>Security Overview</a>
- Authentication and encryption</li>
<li><a
href="/docs/ops/observability/"
>Monitoring</a>
- Metrics and observability</li>
<li><a
href="/docs/guides/troubleshooting/"
>Troubleshooting</a>
- Diagnose configuration issues</li>
<li><a
href="/docs/query/performance-tuning/"
>Performance Tuning</a>
- Optimize query performance</li>
</ul>
Server Configuration Reference
Complete reference for Geode server configuration including command-line flags, environment variables, YAML configuration files, and deployment examples.