ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1# yaml-language-server: $schema=https://json-schema.axonivy.com/ivy/0.0.10/ivy.json
2#
3# -------------------------------------------
4# Axon Ivy Engine Configuration
5# -------------------------------------------
6#
7# This file shows configurations of the Axon Ivy Engine and its external systems.
8# https://developer.axonivy.com/doc/11.2/engine-guide/configuration/
9#
10# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
11# them to your needs.
12# https://developer.axonivy.com/doc/11.2/engine-guide/configuration/files/ivy-yaml.html
13#
14# By default, the engine is pre-configured to run in demo mode.
15# To run an engine in a productive environment, at least the system database
16# has to be configured.
17#
18# SECRETS / PASSWORDS:
19# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
20# This applies a reversible encryption private to this Ivy Engine.
21# You cannot copy the encrypted values from one engine to another.
22# Example:
23# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
24# https://developer.axonivy.com/doc/11.2/engine-guide/configuration/advanced-configuration.html#passwords
25#
26# OVERRIDING:
27# Any configuration value provided here can be set in alternative sources.
28# * environment variables: of the operating system can set app config entries.
29# Their key must be prefixed with 'IVY_'.
30# For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
31# https://developer.axonivy.com/doc/11.2/engine-guide/configuration/advanced-configuration.html#overriding-configuration
32#
33
34
35
36# == System Database Settings ==
37#
38# Axon Ivy requires a System Database to store the state of running workflow applications.
39#
40# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
41# that are able to connect to the database, are mandatory.
42#
43# [restart required]
44SystemDb:
45 # JDBC URL
46 Url: ""
47 # Name of the technical user to connect to system database on behalf of the engine. E.g. ivy, AxonIvy, workflowengine
48 # e.g. ivy
49 UserName: ""
50 # Password for above technical user.
51 # e.g. "${encrypt:1234}"
52 # [password]
53 Password: ""
54 # Defines if the creation of the system database should be made automatically.
55 Creation:
56 # If set to true, the system database will be created on startup, if it does not exist.
57 Enabled: true
58 # Tablespace which will be used (only for Oracle).
59 Tablespace: ""
60 # Username which will be taken to create the system database (only for Oracle).
61 UserName: ""
62 # Password which will be taken to create the system database (only for Oracle).
63 # [password]
64 Password: ""
65 # If set to true, the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
66 Autoconvert: false
67 # Defines how long ivy should wait (in seconds) at startup for the db server to be available
68 BootTimeout: 60
69 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
70 Driver: ""
71 # Additional driver specific connection properties.
72 DriverProperties: {}
73 # Maximum number of connections to the system database.
74 MaxConnections: 50
75
76
77
78# == Adminstrators ==
79#
80# Administrators can configure, monitor and manage the Axon Ivy Engine.
81#
82# Email is used to send info mails like license expiration
83# FullName is used to display a nice name for this user.
84#
85# For security reasons, please hash the password(s) using "${hash:mySecret}".
86# The real password cannot be recovered from the hash.
87#
88# Default administrator in demo mode is 'admin' with password 'admin'
89#Administrators:
90# #Example admin user with username james and password mySecret
91# james:
92# Password: "${hash:mySecret}"
93# Email: info@localhost
94# FullName: James David
95
96
97
98# == Security Systems ==
99#
100# List of Security Systems.
101# A security system defines how users and roles are managed.
102# Security systems that are configured here can be used by applications.
103# !! If you change a security system then all users that are no longer defined by the changed security system will be disabled.
104# !! Switching from an Identity Provider e.g. Azure Active Directory to Ivy Security System keeps all synchronized users, but
105# requires that you set (new) passwords for them. Before, passwords have been managed and kept by the Identity Provider for
106# all managed users.
107#
108SecuritySystems:
109
110 # 'default' security system which exists always
111 default:
112 # The security system slug name which will be used in URL as prefix for all resources
113 # which are part of the security system.
114 # If not set, then the security system name will be choosen. Only for the default security
115 # context this is empty, by default.
116 #UrlPath: ""
117
118 IdenitityProvider:
119 # The Security System manages the user and roles in the system database.
120 # For the Ivy Security System, no additional configuration is needed.
121 # For any other Security System, further configuration is need to integrate such a system.
122 # See https://developer.axonivy.com/doc/11.2/engine-guide/identity-provider
123 # [enum: ivy, microsoft-active-directory, novell-edirectory, azure-active-directory]
124 Name: ivy
125
126 # == Notification Settings ==
127 #
128 # These notification settings allow enabling or disabling specific notification channels.
129 # They also allow to configure the default subscription settings which will be applied to all users of a security system.
130 # Users still have the option to customize their notification settings for enabled channels for themselves.
131 # Applications can override the standard options.
132 #
133 Notification:
134 # Contains the settings for cleaning up notifications.
135 Cleanup:
136 # Notifications older than this will be deleted on a daily basis.
137 DaysUntilDeletion: 90
138 # Contains the settings for each individual channel identified by the channels id.
139 Channels:
140 web:
141 # The name of the channel
142 Name: web
143 # Each channel can be enabled or disabled.
144 Enabled: true
145 # The default subscription settings which will be applied to all users of a security system.
146 Events:
147 # If enabled, all events are subscribed.
148 # Otherwise, only events mentioned under 'Kinds' are subscribed.
149 AllKinds: enabled
150 Kinds: []
151 mail:
152 Name: mail
153 Enabled: false
154 Events:
155 AllKinds: enabled
156 Kinds: []
157 microsoft-teams:
158 Name: microsoft-teams
159 Enabled: false
160 Events:
161 AllKinds: enabled
162 Kinds: []
163
164 # == Document Storage ==
165 #
166 # Where to store the workflow documents.
167 #
168 DocumentStorage:
169 # The document storage define where the workflow documents should be stored.
170 # [enum: local, s3]
171 Name: local
172
173 # == Language Settings ==
174 #
175 # The default language settings, which apply to all users who have not explicitly set this
176 # in their profile settings.
177 #
178 Language:
179 # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
180 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
181 Content: en
182 # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
183 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
184 Formatting: en_GB
185
186
187
188# == Base Url ==
189#
190# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
191# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
192# This is necessary because ivy cannot reliably detect such a URL from within itself.
193BaseUrl: ""
194
195
196
197# == Single Sign-on ==
198#
199# Single Sign-on allows to auto login users. A reverse proxy has to be installed
200# in front of the Axon Ivy Engine. It is responsible for authenticating
201# the user. The name of the user must then be transmitted as a HTTP header.
202# !! Assert exclusive access to the Axon Ivy Engine otherwise
203# attackers can easily login as another user.
204# https://developer.axonivy.com/doc/11.2/engine-guide/integration/single-sign-on
205# [restart required]
206SSO:
207 # Shall SSO be enabled?
208 Enabled: false
209 # name of the HTTP header with the username that has to be provided by the reverse proxy
210 UserHeader: X-Forwarded-User
211
212
213
214# == Deployment Setting ==
215#
216Deployment:
217 # Directory where the server watches for files to deploy.
218 # https://developer.axonivy.com/doc/11.2/engine-guide/deployment
219 #
220 # You can speficy a remote network location using a UNC path:
221 # Linux: //servername/share/file
222 # Windows: \\servername\share\file
223 #
224 Directory: deploy
225
226 Backup:
227 # The number of backups of deployed projects that are kept on disk
228 # n < 0: infinite number of backups are kept
229 # n = 0: No backups are made or kept
230 # n > 0: Number of backups that are kept.
231 Keep: 5
232
233
234
235# == Data Settings ==
236#
237Data:
238 #-----------------------------------------------------------------------------------------------
239 # !! STOP YOUR ENGINE before changing these settings !!
240 #
241 # For all paths below,
242 # - absolute and relative paths (to the engine root directory) are supported
243 # - we recommend to use locations outside the engine root directory to facilitate migrations.
244 #-----------------------------------------------------------------------------------------------
245 #
246 # Folder where runtime data will be stored.
247 #
248 # [restart required]
249 Directory: data
250 #
251 # Folder where applications are stored, unless otherwise defined in application specific configuration.
252 #
253 # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applications
254 #
255 # [restart required]
256 AppDirectory: applications
257 #
258 # Root folder where application data files are stored.
259 #
260 # A change in this setting will NOT move existing application files to the new location.
261 # You have to move existing files manually to the new directory.
262 #
263 # If not set, the files will be stored beneath each application's file directory.
264 #
265 # [restart required]
266 FilesDirectory: ""
267 #
268 # Directory where the server writes temporary working files to.
269 #
270 # [restart required]
271 WorkDirectory: work
272
273
274# == Data Cache Settings ==
275#
276DataCache:
277 # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
278 # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
279 #
280 InvalidationInterval: 60000
281
282
283# == Elasticsearch Settings ==
284#
285# Axon Ivy uses an Elasticsearch instance to provide scalable full text search capabilities.
286# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
287#
288# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
289#
290# [restart required] except for UserName and Password of ExternalServer
291Elasticsearch:
292 # The bundled Elasticsearch server...
293 # - is started in a separate JVM when a feature requires Elasticsearch.
294 # - reachable only on 'localhost' but the access is unprotected.
295 # - JVM arguments used to start the bundled Elasticsearch server can be
296 # configured in the 'elasticsearch/config/jvm.options' file.
297 BundledServer:
298 #
299 # Path to the directory where the bundled Elasticsearch server stores data.
300 # It is recommended to configure a data directory that is located outsite of the Engine
301 # installation directory to ease the Engine migration to newer versions.
302 DataPath: elasticsearch/data
303 #
304 # Name of the cluster of the bundled Elasticsearch server.
305 ClusterName: ivy-elasticsearch-{uid}
306 #
307 # Port to communicate with bundled Elasticsearch server
308 #
309 # AUTO: A free port in port range 19200-19299 is searched automatically.
310 # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
311 # Make sure it is free.
312 #
313 Port: AUTO
314
315 #
316 # Configure access to your own Elasticsearch server if you want to use it instead of the bundled server.
317 #
318 # To install your own Elasticsearch server follow these steps
319 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup.html
320 #
321 # Currently, Axon Ivy supports Elasticsearch server versions in the 7.17.x range.
322 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
323 # You can achieve that with a front-end webserver like NGINX for Elasticsearch that enforces basic authentication.
324 #
325 ExternalServer:
326 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
327 Url: ""
328 # Name of the user to use to authenticate in the external Elasticsearch server
329 UserName: ""
330 # Password of the user to use to authenticate in the external Elasticsearch server.
331 # e.g. "${encrypt:}"
332 # [password]
333 Password: ""
334 #
335 # Settings for the indexes that are created in Elasticsearch.
336 Index:
337 # The name prefix for the indexes.
338 # If multiple Ivy Engines use the same Elasticsearch server instance, you need to define unique NamePrefixes per engine.
339 # You might add the engine host name as part of the name prefix, i.e. "servername"
340 NamePrefix: ivy
341 Reindex:
342 # The number of objects that Ivy reads in one batch from the system database
343 ReadWindowSize: 1000
344 # The number of objects that Ivy writes in one batch to Elasticsearch
345 WriteWindowSize: 1000
346 # The size of the queue that is used to store objects read from the database
347 # until they are written to the Elasticsearch
348 QueueSize: 10000
349 # If BusinessData are not well modeled for Elasticsearch, you may have to increase the 'total_fields.limit' of the mapping.
350 # Performance may decrease. If you change this setting, you need to reindex all business data in Engine Cockpit.
351 TotalFieldsLimit: 4000
352 #
353 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
354 Client:
355 # Maximum seconds to wait until a connection to Elasticsearch can be established.
356 ConnectTimeout: 10
357 # Maximum seconds to wait for data to be sent by Elasticsearch.
358 # Raise this value if large datasets are expected.
359 ReadTimeout: 30
360
361
362
363# == EMail Settings ==
364#
365EMail:
366 Server:
367 Host: ""
368 Port: -1
369 # Email address that will be used for emails sent by the server (e.g. task notification emails)
370 MailAddress: noreply@ivyserver.local
371 User: guest
372 # [password]
373 Password: ""
374 # [enum: NONE, START_TLS, SSL]
375 EncryptionMethod: NONE
376 # Additional properties which will be set on the mail session
377 # Read https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
378 SessionProperties:
379 # mail.smtp.auth.xoauth2.disable: false
380 #
381 # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
382 SSL:
383 KeyAlias: ""
384 UseKey: false
385
386
387
388# == Show Error Messages To End Users Settings ==
389#
390# When an error occurs while processing a user request, an error screen is displayed to the user.
391#
392# The displayed error page can be customized for your needs:
393# https://developer.axonivy.com/doc/11.2/engine-guide/configuration/files/web-xml.html
394#
395Errors:
396 #
397 # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
398 #
399 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
400 #
401 # For security reasons, normal users should not see technical implementation details.
402 # But in development or pre-production environments, it might be safe to show the full error
403 # details directly to the end user.
404 #
405 ShowDetailsToEndUser: false
406
407
408
409# == Persistence Settings ==
410#
411Persistence:
412 JPA:
413 # Persist ivyScript auto initialized fields with NULL values. Affects types:
414 # - ch.ivyteam.ivy.scripting.objects.Date
415 # - ch.ivyteam.ivy.scripting.objects.DateTime
416 # - ch.ivyteam.ivy.scripting.objects.Time
417 # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
418 defaultInitializedAsNull: true
419
420
421
422# == Process Element Firing Statistic Settings ==
423#
424ProcessEngine:
425 FiringStatistic:
426 #
427 # If set to true, a process element statistic is written periodically to the log directory.
428 # May impact server performance.
429 Active: false
430 #
431 # Interval in seconds the 'process element statistic' is written to the log directory
432 #
433 Interval: 300
434
435
436
437# == SSL Client Settings ==
438#
439SSL:
440 Client:
441 # Manipulates the JVMs default SSLSocketFactory, so that untrusted (self signed or outdated) certificates are silently accepted.
442 # This could for instance be useful to generate a Webservice stub from an insecure WSDL location.
443 EnableInsecureSSL: false
444 #
445 # A key store is used to read client keys (certificates).
446 # This is only required if a remote server requests a client certificate in order to authenticate the client.
447 KeyStore:
448 UseCustom: false
449 # [password]
450 KeyPassword: changeit
451 Algorithm: SunX509
452 File: configuration/keystore.p12
453 # [password]
454 Password: changeit
455 Provider: ""
456 Type: PKCS12
457 #
458 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
459 # An SSL client autenticates a server by using the certificates in a trust store.
460 # Self signed or signed by an unknown certification authority can be added to this trustore.
461 TrustStore:
462 File: configuration/truststore.p12
463 Algorithm: PKIX
464 # [password]
465 Password: changeit
466 Provider: ""
467 Type: PKCS12
468
469
470
471# == Workflow Settings ==
472#
473Workflow:
474 # Can completed cases and tasks be seen by substitutes of the user who worked on them?
475 # [enum: VISIBLE, INVISIBLE]
476 History.ForSubstitutes: VISIBLE
477
478
479# == Failure Behaviour ==
480#
481SystemTask:
482 #
483 # Defines the behaviour in case a system task fails.
484 #
485 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
486 Failure.Behaviour: FAIL_TASK_DO_RETRY
487 #
488 # Interval in seconds between executions of the search job for system tasks.
489 # The job searches system tasks that were not executed because of failures.
490 #
491 SearchJob.Interval: 900
492
493
494
495# == Thread Pools Settings ==
496#
497ThreadPool:
498 #
499 # Executes process engine background operations like Database, WebService calls, etc.
500 BackgroundOperationExecutor:
501 # Minimum number of threads
502 CorePoolSize: 5
503 # Maximum number of threads
504 MaximumPoolSize: 200
505 # Executes unscheduled jobs
506 ImmediateJobExecutor:
507 # Minimum number of threads
508 CorePoolSize: 5
509 # Maximum number of threads
510 MaximumPoolSize: 50
511 # Executes scheduled jobs
512 ScheduledJobExecutor:
513 # Minimum number of threads
514 CorePoolSize: 5
515
516
517
518# == Update Checker Settings ==
519#
520# When newer Axon Ivy versions are available, a message will be displayed on the Axon Ivy Engine main web page.
521# The update message contains information about the new versions and where those can be downloaded.
522#
523# While checking for new versions the following statistic information is sent to the update server.
524# This information is only used to improve the product!
525# - Engine (version, up time)
526# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
527# - Licence information (number, organisation, individual)
528# - Operating system information (name, version, architecture, number of processors)
529# - System database (product name and version, driver, identification number)
530# - Java memory information (maximum heap memory, maximum non heap memory)
531# - JVM (Java virtual machine) information (version, vendor, name)
532# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
533#
534UpdateChecker:
535 #
536 # Shall update notification messages be shown and statistic information sent to the update server?
537 Enabled: true
538 #
539 # Time of day when a update check will be executed
540 # The engine must be running at this time otherwise the update check will not be executed.
541 # Format is hh:mm. e.g. "02:00" or "14:15"
542 # [daytime]
543 ExecutionTime: ""
544
545
546Boot:
547 # Switch to maintencance mode if a configuration problem is detected during startup.
548 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
549 # [enum: AUTO, DISABLED]
550 MaintenanceMode: AUTO
551
552
553Cluster:
554 #
555 # The name of this node.
556 # If not configured, a random name is generated.
557 # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
558 # https://developer.axonivy.com/doc/11.2/engine-guide/integration/cluster
559 # [restart required]
560 NodeName: ""
561 #
562 # The name of the cluster.
563 # It is used to find and communicate with other nodes of the same cluster.
564 # Multiple clusters located in the same network must have different cluster names.
565 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
566 # [restart required]
567 Name: "IvyCluster"