Hey there! I totally get your frustration—Hyperledger Fabric's official docs can feel surprisingly scattered when you're trying to track down a comprehensive list of environment variables for its core containers. I’ve spent plenty of time digging through source code, sample configs, and real-world deployments to compile these details, so let me share what I’ve gathered to help you out.

Fabric Orderer #

These variables control the behavior of the orderer node, responsible for ordering transactions into blocks:

• ORDERER_GENERAL_LOGLEVEL: Sets the logging verbosity. Valid values: DEBUG, INFO, WARN, ERROR, FATAL. Use DEBUG for troubleshooting, INFO or WARN in production to keep logs manageable.
• ORDERER_GENERAL_LISTENADDRESS: The IP address the orderer listens on. Defaults to 0.0.0.0 (all interfaces). Restrict to a specific IP if you need to limit network access.
• ORDERER_GENERAL_LISTENPORT: The port the orderer uses. Defaults to 7050. Adjust if you have port conflicts with other services.
• ORDERER_GENERAL_GENESISMETHOD: How the orderer obtains the genesis block. Valid values: file (load from a specified file) or provisional (generate a temporary block for testing). Always use file in production.
• ORDERER_GENERAL_GENESISFILE: Path to the genesis block file (e.g., /var/hyperledger/orderer/genesis.block). Required if GENESISMETHOD is file.
• ORDERER_GENERAL_LOCALMSPID: The MSP ID of the orderer's organization (e.g., OrdererMSP). Must match the MSP configuration in the genesis block.
• ORDERER_GENERAL_LOCALMSPDIR: Path to the orderer's MSP certificate directory (e.g., /var/hyperledger/orderer/msp). Stores identity certificates for the orderer.
• ORDERER_GENERAL_TLS_ENABLED: Enables TLS for orderer communications. Valid values: true/false. Always set to true in production.
• ORDERER_GENERAL_TLS_PRIVATEKEY: Path to the orderer's TLS private key (e.g., /var/hyperledger/orderer/tls/server.key). Required if TLS is enabled.
• ORDERER_GENERAL_TLS_CERTIFICATE: Path to the orderer's TLS certificate (e.g., /var/hyperledger/orderer/tls/server.crt). Required if TLS is enabled.
• ORDERER_GENERAL_TLS_ROOTCAS: Comma-separated list of paths to trusted root CA certificates (e.g., /var/hyperledger/orderer/tls/ca.crt). Used to verify client certificates when TLS is enabled.
• ORDERER_KAFKA_RETRY_SHORTINTERVAL: Time between short retry attempts for Kafka connections. Defaults to 5s. Adjust if you have unstable Kafka clusters.
• ORDERER_KAFKA_RETRY_SHORTTOTAL: Maximum number of short retry attempts for Kafka connections. Defaults to 10. Prevents infinite retries if Kafka is unreachable.

Fabric Peer #

These variables configure peer nodes, which maintain the ledger and execute chaincode:

• CORE_PEER_ID: Unique identifier for the peer (e.g., peer0.org1.example.com). Must be unique across the network.
• CORE_PEER_ADDRESS: The address and port other nodes/clients use to connect to this peer (e.g., peer0.org1.example.com:7051).
• CORE_PEER_LOCALMSPID: The MSP ID of the peer's organization (e.g., Org1MSP). Must match the organization's MSP configuration.
• CORE_PEER_MSPCONFIGPATH: Path to the peer's MSP certificate directory (e.g., /var/hyperledger/msp/users/Admin@org1.example.com/msp). Stores identity certificates for peer operations.
• CORE_PEER_GOSSIP_BOOTSTRAP: Address of an initial peer to connect to for gossip discovery (e.g., peer1.org1.example.com:7051). Helps the peer join the network.
• CORE_PEER_GOSSIP_EXTERNALENDPOINT: External address for the peer (e.g., peer0.org1.example.com:7051). Useful if the peer is behind a NAT, so other nodes can reach it.
• CORE_PEER_TLS_ENABLED: Enables TLS for peer communications. Valid values: true/false. Enable in production.
• CORE_PEER_TLS_CERT_FILE: Path to the peer's TLS certificate (e.g., /var/hyperledger/tls/server.crt). Required if TLS is enabled.
• CORE_PEER_TLS_KEY_FILE: Path to the peer's TLS private key (e.g., /var/hyperledger/tls/server.key). Required if TLS is enabled.
• CORE_PEER_TLS_ROOTCERT_FILE: Path to the trusted root CA certificate (e.g., /var/hyperledger/tls/ca.crt). Used to verify other nodes' certificates when TLS is enabled.
• CORE_LEDGER_STATE_STATEDATABASE: Type of state database to use. Valid values: goleveldb (default, simple key-value storage) or couchdb (supports complex queries). Use couchdb if you need rich query capabilities for chaincode data.
• CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS: Address of the CouchDB instance (e.g., couchdb:5984). Required if using couchdb.
• CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME: Username for CouchDB authentication. Required if CouchDB has auth enabled.
• CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD: Password for CouchDB authentication. Required if CouchDB has auth enabled.

Fabric CA Server #

These variables configure the Certificate Authority, responsible for issuing and managing identities:

• FABRIC_CA_SERVER_CA_NAME: Name of the CA instance (e.g., ca.org1.example.com). Useful in multi-CA networks to distinguish instances.
• FABRIC_CA_SERVER_CA_CERTFILE: Path to the CA's root certificate (e.g., /etc/hyperledger/fabric-ca-server/ca-cert.pem).
• FABRIC_CA_SERVER_CA_KEYFILE: Path to the CA's private key (e.g., /etc/hyperledger/fabric-ca-server/ca-key.pem). Used to sign issued certificates.
• FABRIC_CA_SERVER_PORT: Port the CA server listens on. Defaults to 7054. Adjust for port conflicts.
• FABRIC_CA_SERVER_DB_TYPE: Database used to store CA data. Valid values: sqlite3 (default, for testing), postgres, or mysql. Use postgres/mysql in production for scalability.
• FABRIC_CA_SERVER_DB_DATASOURCE: Database connection string (e.g., postgres://user:pass@localhost:5432/fabric_ca). Required if using non-sqlite3 databases.
• FABRIC_CA_SERVER_TLS_ENABLED: Enables TLS for CA communications. Valid values: true/false. Enable in production.
• FABRIC_CA_SERVER_TLS_CERTFILE: Path to the CA's TLS certificate (e.g., /etc/hyperledger/fabric-ca-server/tls-cert.pem). Required if TLS is enabled.
• FABRIC_CA_SERVER_TLS_KEYFILE: Path to the CA's TLS private key (e.g., /etc/hyperledger/fabric-ca-server/tls-key.pem). Required if TLS is enabled.
• FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS: Address for the CA's monitoring API (default 0.0.0.0:9443). Used by tools like Prometheus to collect metrics.

Fabric Tools #

The hyperledger/fabric-tools container provides CLI utilities for interacting with the Fabric network. Its environment variables set default values to avoid repeating flags in commands:

• CORE_PEER_ADDRESS: Default peer address to connect to (e.g., peer0.org1.example.com:7051). Eliminates needing to specify --peerAddresses in every CLI command.
• CORE_PEER_LOCALMSPID: Default MSP ID to use for operations (e.g., Org1MSP).
• CORE_PEER_MSPCONFIGPATH: Default path to MSP certificates (e.g., /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp). Sets the default identity for CLI commands.
• ORDERER_ADDRESS: Default orderer address to connect to (e.g., orderer.example.com:7050). Eliminates needing to specify --orderer in every command.
• FABRIC_CFG_PATH: Path to Fabric configuration files (default /etc/hyperledger/fabric). Use this to mount custom core.yaml or orderer.yaml files into the container.

Fabric Kafka #

Fabric uses standard Apache Kafka for ordering, but these environment variables configure Kafka specifically for Fabric deployments:

• KAFKA_BROKER_ID: Unique ID for the Kafka broker (e.g., 0). Must be unique across the Kafka cluster.
• KAFKA_ZOOKEEPER_CONNECT: Address of the ZooKeeper cluster (e.g., zookeeper:2181). Kafka relies on ZooKeeper for metadata storage.
• KAFKA_ADVERTISED_LISTENERS: External address for the broker (e.g., PLAINTEXT://kafka0:9092). Ensures orderers and other brokers can discover this node.
• KAFKA_LISTENERS: Address the broker listens on (e.g., PLAINTEXT://0.0.0.0:9092). Specifies the protocol and interface for incoming connections.
• KAFKA_MESSAGE_MAX_BYTES: Maximum size of a single Kafka message (default 1048576 bytes / 1MB). Increase this if you have large genesis blocks or transactions (e.g., 1073741824 for 1GB).
• KAFKA_REPLICA_FETCH_MAX_BYTES: Maximum size of messages fetched by replicas. Must be at least as large as KAFKA_MESSAGE_MAX_BYTES to avoid replication failures.

• Most environment variables map directly to settings in the container's configuration files (like core.yaml, orderer.yaml, or fabric-ca-server-config.yaml). If you need to tweak a setting not covered by environment variables, mount a custom config file into the container.
• For production, always use environment variables for sensitive data (like passwords or private key paths) instead of hardcoding them in config files.
• The most comprehensive source for these settings is the Fabric source code's sampleconfig directory. It includes full config file templates with detailed comments for every possible setting—this is where I found many of the less-documented variables.

内容的提问来源于stack exchange，提问作者rhinE