Canvas LMS configuration involves multiple aspects including domain settings, authentication, database connections, and security policies. Proper configuration is essential for secure and efficient operation.
Canvas LMS uses a set of environment variables for configuration. Create a config/database.yml and config/settings.yml file with your specific settings:
config/database.yml)production:
adapter: postgresql
encoding: utf8
host: <%= ENV['CANVAS_DB_HOST'] || 'localhost' %>
database: <%= ENV['CANVAS_DB_NAME'] || 'canvas_production' %>
username: <%= ENV['CANVAS_DB_USER'] || 'canvas' %>
password: <%= ENV['CANVAS_DB_PASSWORD'] %>
pool: 5
timeout: 5000
# Domain Configuration
CANVAS_LMS_HOSTS=yourdomain.com,yourdomain.edu
CANVAS_DEFAULT_SALT=your_unique_salt_value
CANVAS_SECRET_KEY_BASE=your_very_long_secret_key_base_value
# Database Configuration
CANVAS_DB_HOST=localhost
CANVAS_DB_NAME=canvas_production
CANVAS_DB_USER=canvas_user
CANVAS_DB_PASSWORD=your_secure_db_password
# Cache Configuration
CANVAS_CACHE_STORE=redis
CANVAS_REDIS_URL=redis://localhost:6379/0
# Email Configuration
CANVAS_SMTP_SERVER=smtp.yourmailserver.com
CANVAS_SMTP_PORT=587
CANVAS_SMTP_USERNAME=your_smtp_username
CANVAS_SMTP_PASSWORD=your_smtp_password
CANVAS_NOTIFICATION_EMAIL=no-reply@yourdomain.com
# File Storage Configuration
CANVAS_FILE_STORAGE=local # or s3, google_storage, etc.
CANVAS_ATTACHMENT_STORAGE_PATH=/var/canvas/files
# Security Settings
CANVAS_SECURE_COOKIES=true
CANVAS_HTTPS_ONLY=true
CANVAS_SESSION_ENCRYPTION_KEY=your_session_encryption_key
CANVAS_SESSION_STORE=database
Canvas LMS supports multiple authentication methods including SAML2, LDAP, and OAuth2:
# config/authenticationProviders.yml
-
auth_type: saml
name: 'Your Institution'
issuer: 'https://your-idp.com'
idp_sso_target_url: 'https://your-idp.com/sso'
idp_cert_fingerprint: 'XX:XX:XX:XX:...'
sp_private_key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
sp_cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
login_handle_name: 'Email'
identifier_normalization_type: 'None'
unique_id_field: 'email'
-
auth_type: ldap
auth_host: 'ldap.yourdomain.com'
auth_port: 636
auth_over_tls: true
auth_base: 'ou=people,dc=yourdomain,dc=com'
login_handle_name: 'Username'
identifier_normalization_type: 'LowerCase'
unique_id_field: 'uid'
Configure custom roles and permissions:
# Custom role definitions
custom_roles:
teaching_assistant:
base_role: 'TeacherEnrollment'
permissions:
manage_grades: true
view_all_grades: true
manage_students: false
course_observer:
base_role: 'ObserverEnrollment'
permissions:
read_course_content: true
view_all_grades: true
participate_in_discussions: false
Configure rate limits to prevent abuse:
# API rate limiting (requests per minute)
CANVAS_API_BULK_PROGRESS_CHECK_RATE_LIMIT=10
CANVAS_API_GLOBAL_RATE_LIMIT_PER_IP=1000
CANVAS_API_GLOBAL_RATE_LIMIT_PER_USER=500
For local file storage, configure the attachment storage path:
CANVAS_FILE_STORAGE=local
CANVAS_ATTACHMENT_STORAGE_PATH=/var/canvas/files
CANVAS_ATTACHMENT_THUMBNAIL_STORAGE_PATH=/var/canvas/thumbnails
For cloud storage using S3:
CANVAS_FILE_STORAGE=s3
AWS_ACCESS_KEY_ID=your_access_key
AWS_SECRET_ACCESS_KEY=your_secret_key
AWS_S3_BUCKET=your_canvas_bucket
AWS_S3_REGION=us-east-1
For Google Cloud Storage:
CANVAS_FILE_STORAGE=google_storage
GOOGLE_CLOUD_PROJECT=your_project_id
GOOGLE_CLOUD_KEYFILE_JSON={"type": "service_account", ...}
GOOGLE_CLOUD_BUCKET=your_canvas_bucket
Regular database dumps should be scheduled:
# Daily database backup script
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
pg_dump -U canvas_user -h localhost canvas_production > /backups/canvas_$DATE.sql
gzip /backups/canvas_$DATE.sql
Backup file storage separately from database:
# For local storage
rsync -avz /var/canvas/files/ /backup/canvas_files/
# For S3 storage
aws s3 sync s3://your_canvas_bucket /backup/canvas_s3_backup/
Regularly test your backup restoration process:
After making configuration changes, test the following:
# Verify configuration
bundle exec rake canvas:check_external_dependencies
# Test database connectivity
bundle exec rake db:verify
# Check file storage access
bundle exec rake canvas:verify_upload_destinations
# Test email delivery
bundle exec rake canvas:send_test_message
Any questions?
Feel free to contact us. Find all contact information on our contact page.