Daemon Configuration
Configuration options for Scanopy daemons.
Configuration Priority
Scanopy daemons use the following priority order (highest to lowest):
- Command-line arguments (highest priority)
- Environment variables
- Configuration file
- Default values (lowest priority)
Later sources override earlier ones. For example, an environment variable overrides the config file but is overridden by a command-line argument.
Configuration Methods
Command-line arguments:
scanopy-daemon --server-url http://192.168.1.100:60072 --api-key YOUR_KEYEnvironment variables:
export SCANOPY_SERVER_URL=http://192.168.1.100:60072
export SCANOPY_DAEMON_API_KEY=YOUR_KEY
scanopy-daemonDocker environment:
environment:
- SCANOPY_SERVER_URL=http://192.168.1.100:60072
- SCANOPY_DAEMON_API_KEY=YOUR_KEYConfiguration file:
The daemon automatically creates a config file at:
- Linux:
~/.config/scanopy/daemon/config.json - macOS:
~/Library/Application Support/com.scanopy.daemon/config.json - Windows:
%APPDATA%\scanopy\daemon\config.json
The config file stores runtime state (daemon ID, host ID) alongside your settings. Command-line and environment variables take priority over the file.
Parameter Reference
| Parameter | CLI Flag | Environment Variable | Config File Key | Default | Description |
|---|---|---|---|---|---|
| Server URL | --server-url | SCANOPY_SERVER_URL | server_url | http://127.0.0.1:60072 | URL where the daemon can reach the server |
| API Key | --daemon-api-key | SCANOPY_DAEMON_API_KEY | daemon_api_key | Required | Authentication key for daemon (generated via UI) |
| Network ID | --network-id | SCANOPY_NETWORK_ID | network_id | None | UUID of the network to scan |
| Name | --name | SCANOPY_NAME | name | Required | Name for this daemon |
| Daemon Mode | --mode | SCANOPY_MODE | mode | Push | Select whether the daemon will Pull work from the server or have work Pushed to it. If set to Push, you will need to ensure that network you are deploying the daemon on can be reached by the server by opening/forwarding the port to the daemon, and provide the Daemon URL where the server should try to reach the daemon. If set to Pull, no port opening/forwarding is needed |
| Daemon URL | --daemon-url | SCANOPY_DAEMON_URL | daemon_url | None | Public URL where server can reach daemon in Push mode. Defaults to auto-detected IP + Daemon Port if not set |
| Port | --daemon-port | SCANOPY_DAEMON_PORT | daemon_port | 60073 | Port for daemon to listen on |
| Bind Address | --bind-address | SCANOPY_BIND_ADDRESS | bind_address | None | IP address to bind daemon to |
| Allow Self-Signed Certificates | --allow-self-signed-certs | SCANOPY_ALLOW_SELF_SIGNED_CERTS | allow_self_signed_certs | false | Allow self-signed certs for daemon -> server connections |
| Log Level | --log-level | SCANOPY_LOG_LEVEL | log_level | info | Logging verbosity |
| Heartbeat Interval | --heartbeat-interval | SCANOPY_HEARTBEAT_INTERVAL | heartbeat_interval | 30 | Seconds between heartbeat updates / work requests (for daemons in pull mode) to server |
| Docker Proxy | --docker-proxy | SCANOPY_DOCKER_PROXY | docker_proxy | None | Optional proxy for Docker API. Can use both non-SSL and SSL proxy; SSL proxy requires additional SSL config vars |
| Docker Proxy SSL Cert | --docker-proxy-ssl-cert | SCANOPY_DOCKER_PROXY_SSL_CERT | docker_proxy_ssl_cert | None | Path to SSL certificate if using a docker proxy with SSL |
| Docker Proxy SSL Key | --docker-proxy-ssl-key | SCANOPY_DOCKER_PROXY_SSL_KEY | docker_proxy_ssl_key | None | Path to SSL private key if using a docker proxy with SSL |
| Docker Proxy SSL Chain | --docker-proxy-ssl-chain | SCANOPY_DOCKER_PROXY_SSL_CHAIN | docker_proxy_ssl_chain | None | Path to SSL chain if using a docker proxy with SSL |
| Interfaces | --interfaces | SCANOPY_INTERFACES | interfaces | None | Restrict daemon to specific network interface(s). Comma-separated for multiple (e.g., eth0,eth1). Leave empty for all interfaces. Only applies to network discovery |
| Arp Retries | --arp-retries | SCANOPY_ARP_RETRIES | arp_retries | None | Number of ARP retry rounds for non-responding hosts (default: 2, meaning 3 total attempts) |
| Arp Packets per Second | --arp-rate-pps | SCANOPY_ARP_RATE_PPS | arp_rate_pps | None | Maximum ARP packets per second (default: 50, go more conservative for networks with enterprise switches) |
| Use Npcap for ARP on Windows | --use-npcap-arp | SCANOPY_USE_NPCAP_ARP | use_npcap_arp | false | Enable faster ARP scanning on Windows by using broadcast ARP via Npcap instead of native SendARP, which doesn't support broadcast. **Requires Npcap installation**. Ignored on Linux/macOS |
| Concurrent Scans | --concurrent-scans | SCANOPY_CONCURRENT_SCANS | concurrent_scans | Auto | Maximum parallel host scans |
Concurrent Scans
Controls how many hosts the daemon scans simultaneously during network discovery.
Default behavior: Auto-detected based on system resources
- Calculates based on available memory
- Typical range: 10-20 for most systems
- Adjusts to prevent memory exhaustion
When to set manually:
- System crashes during scans
- Memory errors in logs
- Very large networks (100+ hosts)
- Resource-constrained devices (Raspberry Pi)
Recommended values:
- Raspberry Pi 4 (4GB): 5-10
- Standard desktop: 15-20
- Server: 20-30+
- Low memory: Start with 5, increase gradually
Setting:
# CLI
scanopy-daemon --concurrent-scans 10
# Environment
export SCANOPY_CONCURRENT_SCANS=10
# Docker
environment:
- SCANOPY_CONCURRENT_SCANS=10Symptoms of too high:
- Daemon crashes during scans
- "CONCURRENT_SCANS too high for this system" error
- Out of memory errors
- System becomes unresponsive
Impact:
- Lower value = slower scans, more stable
- Higher value = faster scans, more memory usage