Daemon Configuration
Configuration options for Scanopy daemons.
Configuration Priority
Scanopy daemons use the following priority order (highest to lowest):
- Command-line arguments (highest priority)
- Environment variables
- Configuration file
- Default values (lowest priority)
Later sources override earlier ones. For example, an environment variable overrides the config file but is overridden by a command-line argument.
Configuration Methods
Command-line arguments:
scanopy-daemon --server-url http://192.168.1.100:60072 --api-key YOUR_KEYEnvironment variables:
export SCANOPY_SERVER_URL=http://192.168.1.100:60072
export SCANOPY_DAEMON_API_KEY=YOUR_KEY
scanopy-daemonDocker environment:
environment:
- SCANOPY_SERVER_URL=http://192.168.1.100:60072
- SCANOPY_DAEMON_API_KEY=YOUR_KEYConfiguration file:
The daemon automatically creates a config file at:
- Linux:
~/.config/scanopy/daemon/config.json - macOS:
~/Library/Application Support/com.scanopy.daemon/config.json - Windows:
%APPDATA%\scanopy\daemon\config.json
The config file stores runtime state (daemon ID, host ID) alongside your settings. Command-line and environment variables take priority over the file.
Parameter Reference
| Parameter | CLI Flag | Environment Variable | Config File Key | Default | Description |
|---|---|---|---|---|---|
| Server URL | --server-url | SCANOPY_SERVER_URL | server_url | http://127.0.0.1:60072 | URL where the daemon can reach the server |
| API Key | --daemon-api-key | SCANOPY_DAEMON_API_KEY | daemon_api_key | Required | Authentication key for daemon (generated via UI) |
| Network ID | --network-id | SCANOPY_NETWORK_ID | network_id | None | UUID of the network to scan |
| Name | --name | SCANOPY_NAME | name | Required | Name for this daemon |
| Daemon Mode | --mode | SCANOPY_MODE | mode | server_poll | DaemonPoll: Daemon connects to server; works behind NAT/firewall without opening ports. ServerPoll: Server connects to daemon, for deployments where daemon cannot make outbound connections - requires providing Daemon URL |
| Daemon URL | --daemon-url | SCANOPY_DAEMON_URL | daemon_url | Required | Base URL where server can reach daemon (without port). Port is specified separately |
| Port | --daemon-port | SCANOPY_DAEMON_PORT | daemon_port | 60073 | Port the daemon listens on. Combined with daemon URL for server to connect |
| Bind Address | --bind-address | SCANOPY_BIND_ADDRESS | bind_address | None | IP address to bind daemon to |
| Allow Self-Signed Certificates | --allow-self-signed-certs | SCANOPY_ALLOW_SELF_SIGNED_CERTS | allow_self_signed_certs | false | Allow self-signed certs for daemon -> server connections |
| Log Level | --log-level | SCANOPY_LOG_LEVEL | log_level | info | Logging verbosity |
| Heartbeat Interval | --heartbeat-interval | SCANOPY_HEARTBEAT_INTERVAL | heartbeat_interval | 30 | Seconds between heartbeat updates / work requests (for daemons in pull mode) to server |
| Docker Proxy | --docker-proxy | SCANOPY_DOCKER_PROXY | docker_proxy | None | Optional proxy for Docker API. Can use both non-SSL and SSL proxy; SSL proxy requires additional SSL config vars |
| Docker Proxy SSL Cert | --docker-proxy-ssl-cert | SCANOPY_DOCKER_PROXY_SSL_CERT | docker_proxy_ssl_cert | None | Path to SSL certificate if using a docker proxy with SSL |
| Docker Proxy SSL Key | --docker-proxy-ssl-key | SCANOPY_DOCKER_PROXY_SSL_KEY | docker_proxy_ssl_key | None | Path to SSL private key if using a docker proxy with SSL |
| Docker Proxy SSL Chain | --docker-proxy-ssl-chain | SCANOPY_DOCKER_PROXY_SSL_CHAIN | docker_proxy_ssl_chain | None | Path to SSL chain if using a docker proxy with SSL |
| Interfaces | --interfaces | SCANOPY_INTERFACES | interfaces | None | Restrict daemon to specific network interface(s). Comma-separated for multiple (e.g., eth0,eth1). Leave empty for all interfaces. Only applies to network discovery |
| Arp Retries | --arp-retries | SCANOPY_ARP_RETRIES | arp_retries | 2 | Number of ARP retry rounds for non-responding hosts (default: 2, meaning 3 total attempts) |
| Port Scan Packets per Second | --scan-rate-pps | SCANOPY_SCAN_RATE_PPS | scan_rate_pps | 500 | Maximum port scan probes per second (default: 500, controls rate of TCP/UDP connection attempts to avoid overwhelming target hosts) |
| Port Scan Batch Size | --port-scan-batch-size | SCANOPY_PORT_SCAN_BATCH_SIZE | port_scan_batch_size | 200 | Number of ports scanned concurrently per host. Higher values scan faster but may overwhelm some hosts |
| Arp Packets per Second | --arp-rate-pps | SCANOPY_ARP_RATE_PPS | arp_rate_pps | 50 | Maximum ARP packets per second (default: 50, go more conservative for networks with enterprise switches) |
| Use Npcap for ARP on Windows | --use-npcap-arp | SCANOPY_USE_NPCAP_ARP | use_npcap_arp | false | Enable faster ARP scanning on Windows by using broadcast ARP via Npcap instead of native SendARP, which doesn't support broadcast. **Requires Npcap installation**. Ignored on Linux/macOS |
| Concurrent Scans | --concurrent-scans | SCANOPY_CONCURRENT_SCANS | concurrent_scans | Auto | Maximum parallel host scans |
Concurrent Scans
Controls how many hosts the daemon scans simultaneously during network discovery.
Default behavior: Auto-detected based on system resources
- Calculates based on available memory
- Typical range: 10-20 for most systems
- Adjusts to prevent memory exhaustion
When to set manually:
- System crashes during scans
- Memory errors in logs
- Very large networks (100+ hosts)
- Resource-constrained devices (Raspberry Pi)
Recommended values:
- Raspberry Pi 4 (4GB): 5-10
- Standard desktop: 15-20
- Server: 20-30+
- Low memory: Start with 5, increase gradually
Setting:
# CLI
scanopy-daemon --concurrent-scans 10
# Environment
export SCANOPY_CONCURRENT_SCANS=10
# Docker
environment:
- SCANOPY_CONCURRENT_SCANS=10Symptoms of too high:
- Daemon crashes during scans
- "CONCURRENT_SCANS too high for this system" error
- Out of memory errors
- System becomes unresponsive
Impact:
- Lower value = slower scans, more stable
- Higher value = faster scans, more memory usage