ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1#
2# -------------------------------------------
3# Axon Ivy Engine Configuration
4# -------------------------------------------
5#
6# This file shows configurations of the Axon Ivy Engine and its external systems.
7# https://developer.axonivy.com/doc/11.1/engine-guide/configuration/
8#
9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
10# them to your needs.
11# https://developer.axonivy.com/doc/11.1/engine-guide/configuration/files/ivy-yaml.html
12#
13# By default, the engine is pre-configured to run in demo mode.
14# To run an engine in a productive environment, at least the system database
15# has to be configured.
16#
17# SECRETS / PASSWORDS:
18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
19# This applies a reversible encryption private to this Ivy Engine.
20# You cannot copy the encrypted values from one engine to another.
21# Example:
22# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
23# https://developer.axonivy.com/doc/11.1/engine-guide/configuration/advanced-configuration.html#passwords
24#
25# OVERRIDING:
26# Any configuration value provided here can be set in alternative sources.
27# * environment variables: of the operating system can set app config entries.
28# Their key must be prefixed with 'IVY_'.
29# For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
30# https://developer.axonivy.com/doc/11.1/engine-guide/configuration/advanced-configuration.html#overriding-configuration
31#
32
33
34
35# == System Database Settings ==
36#
37# Axon Ivy requires a System Database to store the state of running workflow applications.
38#
39# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
40# that are able to connect to the database, are mandatory.
41#
42# [restart required]
43SystemDb:
44 # JDBC URL
45 Url: ""
46 # Name of the technical user to connect to system database on behalf of the engine. E.g. ivy, AxonIvy, workflowengine
47 # e.g. ivy
48 UserName: ""
49 # Password for above technical user.
50 # e.g. "${encrypt:1234}"
51 # [password]
52 Password: ""
53 # Defines if the creation of the system database should be made automatically.
54 Creation:
55 # If set to true, the system database will be created on startup, if it does not exist.
56 Enabled: true
57 # Tablespace which will be used (only for Oracle).
58 Tablespace: ""
59 # Username which will be taken to create the system database (only for Oracle).
60 UserName: ""
61 # Password which will be taken to create the system database (only for Oracle).
62 # [password]
63 Password: ""
64 # If set to true, the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
65 Autoconvert: false
66 # Defines how long ivy should wait (in seconds) at startup for the db server to be available
67 BootTimeout: 60
68 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
69 Driver: ""
70 # Additional driver specific connection properties.
71 DriverProperties: {}
72 # Maximum number of connections to the system database.
73 MaxConnections: 50
74
75
76
77# == Adminstrators ==
78#
79# Administrators can configure, monitor and manage the Axon Ivy Engine.
80#
81# Email is used to send info mails like license expiration
82# FullName is used to display a nice name for this user.
83#
84# For security reasons, please hash the password(s) using "${hash:mySecret}".
85# The real password cannot be recovered from the hash.
86#
87# Default administrator in demo mode is 'admin' with password 'admin'
88#Administrators:
89# #Example admin user with username james and password mySecret
90# james:
91# Password: "${hash:mySecret}"
92# Email: info@localhost
93# FullName: James David
94
95
96
97# == Security Systems ==
98#
99# List of Security Systems.
100# A security system defines how users and roles are managed.
101# Security systems that are configured here can be used by applications.
102# !! If you change a security system then all users that are no longer defined by the changed security system will be disabled.
103# !! Switching from an Identity Provider e.g. Azure Active Directory to Ivy Security System keeps all synchronized users, but
104# requires that you set (new) passwords for them. Before, passwords have been managed and kept by the Identity Provider for
105# all managed users.
106#
107SecuritySystems:
108
109 # 'default' security system which exists always
110 default:
111 # The security system slug name which will be used in URL as prefix for all resources
112 # which are part of the security system.
113 # If not set, then the security system name will be choosen. Only for the default security
114 # context this is empty, by default.
115 #UrlPath: ""
116 #
117 # The Security System manages the user and roles in the system database.
118 # For the Ivy Security System, no additional configuration is needed.
119 # For any other Security System, further configuration is need to integrate such a system.
120 # See https://developer.axonivy.com/doc/11.1/engine-guide/identity-provider
121 # [enum: ivy Security System, Microsoft Active Directory, Novell eDirectory, azure-active-directory]
122 Provider: "ivy Security System"
123
124 # == EMail Notification Settings ==
125 #
126 # These email notification settings will be applied to all users of a security system.
127 # Users still have the option to customize their e-mail notification settings for themselves.
128 # Applications can override the standard options or add their own.
129 #
130 EMailNotification:
131 # The settings here are standard values that apply for all users who do not alter their settings.
132 # Users can override these settings in the Portal menu.
133 #
134 # Shall users be notified by mail whenever a new task is assigned to them?
135 OnNewTasks: false
136 #
137 # On which weekdays shall the users receive a daily task summary?
138 # Possible values are: never, always, monday, tuesday, wednesday, thursday, friday, saturday, sunday
139 # Any combination of weekdays is allowed.
140 # You can configure when the summary email is sent in EMail:DailyTaskSummary:TriggerTime
141 DailySummaryOn: never
142 #
143 # Standard processes are a set of predefined processes, which you can customize in your ivy project.
144 # To enable these custom processes, the library id of the ivy project must be specified here.
145 # The library id is <group-id>:<project-id> from the ivy project deployment definition.
146 # e.g the library id of the portal is "com.axonivy.portal:portal"
147 # The default is 'auto' which means auto detection of standard process in your application
148 # https://developer.axonivy.com/doc/11.1/designer-guide/user-interface/standard-processes
149 StandardProcess: auto
150
151 # == Language Settings ==
152 #
153 # The default language settings, which apply to all users who have not explicitly set this
154 # in their profile settings.
155 #
156 Language:
157 # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
158 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
159 Content: en
160 # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
161 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
162 Formatting: en_GB
163
164
165
166# == Base Url ==
167#
168# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
169# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
170# This is necessary because ivy cannot reliably detect such a URL from within itself.
171BaseUrl: ""
172
173
174
175# == Single Sign-on ==
176#
177# Single Sign-on allows to auto login users. A reverse proxy has to be installed
178# in front of the Axon Ivy Engine. It is responsible for authenticating
179# the user. The name of the user must then be transmitted as a HTTP header.
180# !! Assert exclusive access to the Axon Ivy Engine otherwise
181# attackers can easily login as another user.
182# https://developer.axonivy.com/doc/11.1/engine-guide/integration/single-sign-on
183# [restart required]
184SSO:
185 # Shall SSO be enabled?
186 Enabled: false
187 # name of the HTTP header with the username that has to be provided by the reverse proxy
188 UserHeader: X-Forwarded-User
189
190
191
192# == Deployment Setting ==
193#
194Deployment:
195 # Directory where the server watches for files to deploy.
196 # https://developer.axonivy.com/doc/11.1/engine-guide/deployment
197 #
198 # You can speficy a remote network location using a UNC path:
199 # Linux: //servername/share/file
200 # Windows: \\servername\share\file
201 #
202 Directory: deploy
203
204 Backup:
205 # The number of backups of deployed projects that are kept on disk
206 # n < 0: infinite number of backups are kept
207 # n = 0: No backups are made or kept
208 # n > 0: Number of backups that are kept.
209 Keep: 5
210
211
212
213# == Data Settings ==
214#
215Data:
216 #-----------------------------------------------------------------------------------------------
217 # !! STOP YOUR ENGINE before changing these settings !!
218 #
219 # For all paths below,
220 # - absolute and relative paths (to the engine root directory) are supported
221 # - we recommend to use locations outside the engine root directory to facilitate migrations.
222 #-----------------------------------------------------------------------------------------------
223 #
224 # Folder where runtime data will be stored.
225 #
226 # [restart required]
227 Directory: data
228 #
229 # Folder where applications are stored, unless otherwise defined in application specific configuration.
230 #
231 # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applications
232 #
233 # [restart required]
234 AppDirectory: applications
235 #
236 # Root folder where application data files are stored.
237 #
238 # A change in this setting will NOT move existing application files to the new location.
239 # You have to move existing files manually to the new directory.
240 #
241 # If not set, the files will be stored beneath each application's file directory.
242 #
243 # [restart required]
244 FilesDirectory: ""
245 #
246 # Directory where the server writes temporary working files to.
247 #
248 # [restart required]
249 WorkDirectory: work
250
251
252# == Data Cache Settings ==
253#
254DataCache:
255 # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
256 # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
257 #
258 InvalidationInterval: 60000
259
260
261# == Elasticsearch Settings ==
262#
263# Axon Ivy uses an Elasticsearch instance to provide scalable full text search capabilities.
264# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
265#
266# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
267#
268# [restart required] except for UserName and Password of ExternalServer
269Elasticsearch:
270 # The bundled Elasticsearch server...
271 # - is started in a separate JVM when a feature requires Elasticsearch.
272 # - reachable only on 'localhost' but the access is unprotected.
273 # - JVM arguments used to start the bundled Elasticsearch server can be
274 # configured in the 'elasticsearch/config/jvm.options' file.
275 BundledServer:
276 #
277 # Path to the directory where the bundled Elasticsearch server stores data.
278 # It is recommended to configure a data directory that is located outsite of the Engine
279 # installation directory to ease the Engine migration to newer versions.
280 DataPath: elasticsearch/data
281 #
282 # Name of the cluster of the bundled Elasticsearch server.
283 ClusterName: ivy-elasticsearch-{uid}
284 #
285 # Port to communicate with bundled Elasticsearch server
286 #
287 # AUTO: A free port in port range 19200-19299 is searched automatically.
288 # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
289 # Make sure it is free.
290 #
291 Port: AUTO
292
293 #
294 # Configure access to your own Elasticsearch server if you want to use it instead of the bundled server.
295 #
296 # To install your own Elasticsearch server follow these steps
297 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup.html
298 #
299 # Currently, Axon Ivy supports Elasticsearch server versions in the 7.17.x range.
300 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
301 # You can achieve that with a front-end webserver like NGINX for Elasticsearch that enforces basic authentication.
302 #
303 ExternalServer:
304 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
305 Url: ""
306 # Name of the user to use to authenticate in the external Elasticsearch server
307 UserName: ""
308 # Password of the user to use to authenticate in the external Elasticsearch server.
309 # e.g. "${encrypt:}"
310 # [password]
311 Password: ""
312 #
313 # Settings for the indexes that are created in Elasticsearch.
314 Index:
315 # The name prefix for the indexes.
316 # If multiple Ivy Engines use the same Elasticsearch server instance, you need to define unique NamePrefixes per engine.
317 # You might add the engine host name as part of the name prefix, i.e. "servername"
318 NamePrefix: ivy
319 Reindex:
320 # The number of objects that Ivy reads in one batch from the system database
321 ReadWindowSize: 1000
322 # The number of objects that Ivy writes in one batch to Elasticsearch
323 WriteWindowSize: 1000
324 # The size of the queue that is used to store objects read from the database
325 # until they are written to the Elasticsearch
326 QueueSize: 10000
327 #
328 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
329 Client:
330 # Maximum seconds to wait until a connection to Elasticsearch can be established.
331 ConnectTimeout: 10
332 # Maximum seconds to wait for data to be sent by Elasticsearch.
333 # Raise this value if large datasets are expected.
334 ReadTimeout: 30
335
336
337
338# == EMail Settings ==
339#
340EMail:
341 Server:
342 Host: ""
343 Port: -1
344 # Email address that will be used for emails sent by the server (e.g. task notification emails)
345 MailAddress: noreply@ivyserver.local
346 User: guest
347 # [password]
348 Password: ""
349 # [enum: NONE, START_TLS, SSL]
350 EncryptionMethod: NONE
351 #
352 # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
353 SSL:
354 KeyAlias: ""
355 UseKey: false
356 DailyTaskSummary:
357 # Time of day when the task summary mails will be sent.
358 # The engine must be running at this time otherwise the daily task summary mails will not be sent.
359 # Format is hh:mm. e.g. "02:00" or "14:15"
360 # [daytime]
361 TriggerTime: "00:00"
362
363
364
365# == Show Error Messages To End Users Settings ==
366#
367# When an error occurs while processing a user request, an error screen is displayed to the user.
368#
369# The displayed error page can be customized for your needs:
370# https://developer.axonivy.com/doc/11.1/engine-guide/configuration/files/web-xml.html
371#
372Errors:
373 #
374 # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
375 #
376 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
377 #
378 # For security reasons, normal users should not see technical implementation details.
379 # But in development or pre-production environments, it might be safe to show the full error
380 # details directly to the end user.
381 #
382 ShowDetailsToEndUser: false
383
384
385
386# == Persistence Settings ==
387#
388Persistence:
389 JPA:
390 # Persist ivyScript auto initialized fields with NULL values. Affects types:
391 # - ch.ivyteam.ivy.scripting.objects.Date
392 # - ch.ivyteam.ivy.scripting.objects.DateTime
393 # - ch.ivyteam.ivy.scripting.objects.Time
394 # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
395 defaultInitializedAsNull: true
396
397
398
399# == Process Element Firing Statistic Settings ==
400#
401ProcessEngine:
402 FiringStatistic:
403 #
404 # If set to true, a process element statistic is written periodically to the log directory.
405 # May impact server performance.
406 Active: false
407 #
408 # Interval in seconds the 'process element statistic' is written to the log directory
409 #
410 Interval: 300
411
412
413
414# == SSL Client Settings ==
415#
416SSL:
417 Client:
418 #
419 # A key store is used to read client keys (certificates).
420 # This is only required if a remote server requests a client certificate in order to authenticate the client.
421 KeyStore:
422 UseCustom: false
423 # [password]
424 KeyPassword: changeit
425 Algorithm: SunX509
426 File: configuration/keystore.p12
427 # [password]
428 Password: changeit
429 Provider: ""
430 Type: pkcs12
431 #
432 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
433 # An SSL client autenticates a server by using the certificates in a trust store.
434 # Self signed or signed by an unknown certification authority can be added to this trustore.
435 TrustStore:
436 File: configuration/truststore.p12
437 Algorithm: PKIX
438 # [password]
439 Password: changeit
440 Provider: ""
441 Type: pkcs12
442 # Fully qualified class name of a trust manager class that is used to validate server certificates.
443 # If configured, the system trustore of the JVM and the trustore configured above are not used.
444 ManagerClass: ""
445
446
447
448# == Workflow Settings ==
449#
450Workflow:
451 # Can completed cases and tasks be seen by substitutes of the user who worked on them?
452 # [enum: VISIBLE, INVISIBLE]
453 History.ForSubstitutes: VISIBLE
454
455
456# == Failure Behaviour ==
457#
458SystemTask:
459 #
460 # Defines the behaviour in case a system task fails.
461 #
462 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
463 Failure.Behaviour: FAIL_TASK_DO_RETRY
464 #
465 # Interval in seconds between executions of the search job for system tasks.
466 # The job searches system tasks that were not executed because of failures.
467 #
468 SearchJob.Interval: 900
469
470
471
472# == Thread Pools Settings ==
473#
474ThreadPool:
475 #
476 # Executes process engine background operations like Database, WebService calls, etc.
477 BackgroundOperationExecutor:
478 # Minimum number of threads
479 CorePoolSize: 5
480 # Maximum number of threads
481 MaximumPoolSize: 200
482 # Executes unscheduled jobs
483 ImmediateJobExecutor:
484 # Minimum number of threads
485 CorePoolSize: 5
486 # Maximum number of threads
487 MaximumPoolSize: 50
488 # Executes scheduled jobs
489 ScheduledJobExecutor:
490 # Minimum number of threads
491 CorePoolSize: 5
492
493
494
495# == Update Checker Settings ==
496#
497# When newer Axon Ivy versions are available, a message will be displayed on the Axon Ivy Engine main web page.
498# The update message contains information about the new versions and where those can be downloaded.
499#
500# While checking for new versions the following statistic information is sent to the update server.
501# This information is only used to improve the product!
502# - Engine (version, up time)
503# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
504# - Licence information (number, organisation, individual)
505# - Operating system information (name, version, architecture, number of processors)
506# - System database (product name and version, driver, identification number)
507# - Java memory information (maximum heap memory, maximum non heap memory)
508# - JVM (Java virtual machine) information (version, vendor, name)
509# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
510#
511UpdateChecker:
512 #
513 # Shall update notification messages be shown and statistic information sent to the update server?
514 Enabled: true
515 #
516 # Time of day when a update check will be executed
517 # The engine must be running at this time otherwise the update check will not be executed.
518 # Format is hh:mm. e.g. "02:00" or "14:15"
519 # [daytime]
520 ExecutionTime: ""
521
522
523Boot:
524 # Switch to maintencance mode if a configuration problem is detected during startup.
525 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
526 # [enum: AUTO, DISABLED]
527 MaintenanceMode: AUTO
528
529
530Cluster:
531 #
532 # The name of this node.
533 # If not configured, a random name is generated.
534 # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
535 # https://developer.axonivy.com/doc/11.1/engine-guide/integration/cluster
536 # [restart required]
537 NodeName: ""
538 #
539 # The name of the cluster.
540 # It is used to find and communicate with other nodes of the same cluster.
541 # Multiple clusters located in the same network must have different cluster names.
542 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
543 # [restart required]
544 Name: "IvyCluster"