ivy.yaml

[engineDir]/configuration/reference/ivy.yaml

  1# yaml-language-server: $schema=https://json-schema.axonivy.com/ivy/12.0.7/ivy.json
  2#
  3# -------------------------------------------
  4# Axon Ivy Engine Configuration
  5# -------------------------------------------
  6# 
  7# This file shows configurations of the Axon Ivy Engine and its external systems.
  8# https://developer.axonivy.com/doc/12.0/engine-guide/configuration/
  9#
 10# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
 11# them to your needs.
 12# https://developer.axonivy.com/doc/12.0/engine-guide/configuration/files/ivy-yaml.html
 13#
 14# By default, the engine is pre-configured to run in demo mode.
 15# To run an engine in a productive environment, at least the system database
 16# has to be configured.
 17#
 18# SECRETS / PASSWORDS:
 19# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
 20# This applies a reversible encryption private to this Ivy Engine.
 21# You cannot copy the encrypted values from one engine to another.
 22# Example:
 23# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
 24#   https://developer.axonivy.com/doc/12.0/engine-guide/configuration/advanced-configuration.html#passwords
 25#
 26# OVERRIDING:
 27# Any configuration value provided here can be set in alternative sources. 
 28# * environment variables: of the operating system can set app config entries. 
 29#    Their key must be prefixed with 'IVY_'. 
 30#    For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
 31#    https://developer.axonivy.com/doc/12.0/engine-guide/configuration/advanced-configuration.html#overriding-configuration
 32#
 33
 34# Axon Ivy requires a System Database to store the state of running workflow applications.
 35# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials are mandatory.
 36# [restart required]
 37SystemDb:
 38  # JDBC URL
 39  # [examples: jdbc:postgresql://localhost:5432/AxonIvySystemDatabase, jdbc:sqlserver://localhost:1433;databaseName=AxonIvySystemDatabase, jdbc:mariadb://localhost:3306/AxonIvySystemDatabase, jdbc:mysql://localhost:3306/AxonIvySystemDatabase, jdbc:oracle:thin:@//localhost:1521/ServiceName, jdbc:oracle:thin:@localhost:1521:ServiceId, jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ServiceName)(SERVER=DEDICATED)))]
 40  Url: ""
 41  # Name of the technical user to connect to system database on behalf of the engine.
 42  # [examples: ivy, AxonIvy, workflowengine]
 43  UserName: ""
 44  # Password for the technical user (see UserName).
 45  Password: ""
 46  # Defines how long ivy should wait (in seconds) at startup for the db server to be available
 47  BootTimeout: 60
 48  # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
 49  Driver: ""
 50  # Additional driver specific connection properties.
 51  DriverProperties:
 52  # Maximum number of connections to the system database.
 53  MaxConnections: 50
 54  Creation:
 55    # If set to true, the system database will be created on startup, if it does not exist.
 56    Enabled: true
 57    # Password which will be taken to create the system database (only for Oracle).
 58    Password: ""
 59    # Tablespace which will be used (only for Oracle).
 60    Tablespace: ivy
 61    # Username which will be taken to create the system database (only for Oracle).
 62    UserName: ""
 63
 64# Administrators can configure, monitor and manage the Axon Ivy Engine.
 65# The default administrator in demo mode is 'admin' with password 'admin'.
 66Administrators:
 67#  # example Administrator
 68#  exampleAdministrator:
 69#    # Will be used to send info mails like license expiration
 70#    Email: ""
 71#    # Used to display a nice name for this user
 72#    FullName: ""
 73#    # For security reasons, please hash the password(s) using "${hash:mySecret}"
 74#    # The real password cannot be recovered from the hash.
 75#    # [examples: "${hash:mySecret}"]
 76#    Password: ""
 77#  
 78
 79SecuritySystems:
 80  # 'default' security system which exists always
 81  default:
 82    # The security system slug name which will be used in URL as prefix for all resources which are part of the security system.
 83    # If not set, then the security system name will be choosen.
 84    # Only for the default security context this is empty, by default.
 85    UrlPath:
 86    IdentityProvider:
 87      # The Security System manages the user and roles in the system database.
 88      # For the Ivy Security System, no additional configuration is needed.
 89      # For any other Security System, further configuration is need to integrate such a system.
 90      # [examples: ivy, keycloak, microsoft-active-directory, novell-edirectory, microsoft-entra-id]
 91      Name: ivy
 92    
 93    # The notification channel settings including their default subscription settings which apply to all users.
 94    Notification:
 95      # Settings for cleaning up notifications.
 96      Cleanup:
 97        # Notifications older than this will be deleted on a daily basis.
 98        DaysUntilDeletion: 90
 99      
100      # Parameters to disable notifications if a user is absent.
101      # Is no property set, it will act like NotifyAbsentUser:always.
102      # If NotifyAbsentUser is set to:
103      # always: Send a notification regardless of the user’s absence.
104      # never: Does not send a notification if the user is absent.
105      # noActiveSubstitute: Send a notification only the absent user does not have an active substitute.
106      # [enum: always, never, noActiveSubstitute]
107      NotifyAbsentUser: always
108      # Settings for an individual Channel.
109      # [examples: web, mail, microsoft-teams]
110      Channels:
111        mail:
112          # Name of the channel.
113          # [examples: web, mail, microsoft-teams]
114          Name: ""
115          # Whether the channel is enabled or not.
116          Enabled: false
117          # The default subscription settings.
118          Events:
119            # Whether all events are enabled or not.
120            # [enum: enabled, disabled]
121            AllKinds: disabled
122            # Array of subscribed events.
123            # [examples: new-task]
124            Kinds:
125        
126        microsoft-teams:
127          # Name of the channel.
128          # [examples: web, mail, microsoft-teams]
129          Name: ""
130          # Whether the channel is enabled or not.
131          Enabled: false
132          # The default subscription settings.
133          Events:
134            # Whether all events are enabled or not.
135            # [enum: enabled, disabled]
136            AllKinds: disabled
137            # Array of subscribed events.
138            # [examples: new-task]
139            Kinds:
140        
141        web:
142          # Name of the channel.
143          # [examples: web, mail, microsoft-teams]
144          Name: ""
145          # Whether the channel is enabled or not.
146          Enabled: false
147          # The default subscription settings.
148          Events:
149            # Whether all events are enabled or not.
150            # [enum: enabled, disabled]
151            AllKinds: disabled
152            # Array of subscribed events.
153            # [examples: new-task]
154            Kinds:
155    
156    # Single Sign-on allows to auto login users.
157    # A reverse proxy has to be installed in front of the Axon Ivy Engine.
158    # It is responsible for authenticating the user.
159    # The name of the user must then be transmitted as a HTTP header.
160    # !! Assert exclusive access to the Axon Ivy Engine otherwise attackers can easily login as another user.
161    # https://developer.axonivy.com/doc/12.0/engine-guide/integration/single-sign-on
162    # [restart required]
163    SSO:
164      # Whether SSO is enabled
165      Enabled: false
166      # name of the HTTP header with the username that has to be provided by the reverse proxy
167      UserHeader: X-Forwarded-User
168    
169    UserSynch:
170      # Shall we synchronize a user with the Identity Provider at login?
171      # If the user does not exist yet, he will be synchronized anyway.
172      # In case of slow Identity Provider connections, it can make sense to set this to false.
173      OnLogin: true
174      OnSchedule:
175        # Unix Cron expression for the user synchronization.
176        # Format is: minutes, hours, day of month, month, day of the week. e.g. "32 13 * * *" is everyday at 13:32
177        Cron: 0 0 * * *
178        # Shall we run the daily Identity Provider user synchronization job?
179        # When the synchronization runs is defined by 'Cron'.
180        Enabled: true
181        # Shall we import NEW users with the Identity Provider on schedule?
182        # This setting does not affect synchronization of existing users.
183        # If ImportUsers is set to:
184        # true:  NEW users are imported on schedule.
185        # If a user has not yet been imported by the user synchronization job, she is also imported the first time she logs in.
186        # false: NEW users are not imported on schedule.
187        # Instead, a NEW user is only imported the first time she logs in.
188        ImportUsers: true
189    
190    DocumentStorage:
191      # The document storage defines where the workflow documents should be stored.
192      # [enum: local, s3]
193      # [examples: local, s3]
194      Name: local
195    
196    # The default language settings, which applies to all users, who have not explicitly set this in their profile settings.
197    Language:
198      # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
199      # [examples: en, en_GB, en_US, de, de_CH, de_AT, de_DE, fr, vi]
200      Content: en
201      # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
202      # [examples: en, en_GB, en_US, de, de_CH, de_AT, de_DE, fr, vi]
203      Formatting: en_GB
204
205# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
206# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
207# This is necessary because ivy cannot reliably detect such a URL from within itself.
208# [examples: https://yourdomain.com/]
209BaseUrl: ""
210# The purpose of a reverse proxy is to provide a single point of entry for
211# one or more services from outside the network. The reverse proxy receives all requests from the
212# clients and forwards them to the Axon Ivy Engine which handles them.
213# https://developer.axonivy.com/doc/12.0/engine-guide/integration/reverse-proxy
214# [restart required]
215ReverseProxy:
216  # HTTP headers which are interpreted by the Axon Ivy Engine to generate the correct URLs for links and redirects.
217  # [restart required]
218  HttpHeaders:
219    # Name of the HTTP Header for identifying the originating IP address of a client connecting to the reverse proxy server.
220    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
221    # [examples: X-Forwarded-For]
222    ForwardedFor: X-Forwarded-For
223    # Name of the HTTP header for identifying the original host requested by the client. Not needed if the reverse proxy preserves the original host in the 'Host' HTTP Header.
224    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
225    # [examples: X-Forwarded-Host]
226    ForwardedHost: X-Forwarded-Host
227    # Name of the HTTP header used to represent the port number used by the client for the request. Not needed if your reverse proxy uses standard ports (80, 443). Only in charge when the HTTP Header of 'ForwardedProtocol' is also set on request.
228    # [examples: X-Forwarded-Port]
229    ForwardedPort: X-Forwarded-Port
230    # Name of the HTTP header for identifying the protocol used between the client and the reverse proxy server.
231    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
232    # [examples: X-Forwarded-Proto, X-Forwarded-Ssl, X-Forwarded-Protocol, Front-End-Https, X-Url-Scheme]
233    ForwardedProtocol: X-Forwarded-Proto
234    # Value of the 'ForwardedProtocol' header to indicate that it is an HTTPS request.
235    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
236    # [examples: https, "on"]
237    ForwardedProtocolHttps: https
238
239SSL:
240  Client:
241    # Manipulates the JVMs default SSLSocketFactory, so that untrusted (self signed or outdated) certificates are silently accepted.
242    # This could for instance be useful to generate a Webservice stub from an insecure WSDL location.
243    EnableInsecureSSL: false
244    # A trust store is used to specify trusted server certificates or certificates of certification authorities.
245    # An SSL client authenticates a server by using the certificates in a trust store.
246    # Self signed or signed by an unknown certification authority can be added to this trustore.
247    TrustStore:
248      Algorithm: PKIX
249      File: configuration/truststore.p12
250      # Password to access the store.
251      # [password]
252      Password: changeit
253      Provider: ""
254      Type: PKCS12
255    
256    # A key store is used to read client keys (certificates).
257    # This is only required if a remote server requests a client certificate in order to authenticate the client.
258    KeyStore:
259      Algorithm: SunX509
260      File: configuration/keystore.p12
261      # Password of the 'ivy' certificate.
262      # [password]
263      KeyPassword: changeit
264      # Password to access the store.
265      # [password]
266      Password: changeit
267      Provider: ""
268      Type: PKCS12
269      UseCustom: false
270
271Deployment:
272  # Directory where the server watches for files to deploy.
273  # You can specify a remote network location using a UNC path.
274  # https://developer.axonivy.com/doc/12.0/engine-guide/deployment
275  # [examples: //servername/share/file]
276  Directory: deploy
277  Backup:
278    # The number of backups of deployed projects that are kept on disk
279    # n < 0: infinite number of backups are kept
280    # n = 0: No backups are made or kept
281    # n > 0: Number of backups that are kept.
282    Keep: 5
283
284Data:
285  # Folder where applications are stored, unless otherwise defined in application specific configuration.
286  # 
287  # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applicationsAbsolute and relative paths (to the engine root directory) are supported,
288  # we recommend to use locations outside the engine root directory to facilitate migrations.
289  # !! STOP YOUR ENGINE before changing this setting !!
290  # [restart required]
291  AppDirectory: applications
292  # Folder where runtime data will be stored.Absolute and relative paths (to the engine root directory) are supported,
293  # we recommend to use locations outside the engine root directory to facilitate migrations.
294  # !! STOP YOUR ENGINE before changing this setting !!
295  # [restart required]
296  Directory: data
297  # DEPRECATED: All runtime data will be stored by default in Data.Directory specified in ivy.yaml. Use Data.Directory
298  # to change the location of stored files.
299  # 
300  # Root folder where application data files are stored.
301  # A change in this setting will NOT move existing application files to the new location.
302  # You have to move existing files manually to the new directory.
303  # 
304  # If not set the files will be stored under the path Data.Directory configured in ivy.yaml.Absolute and relative paths (to the engine root directory) are supported,
305  # we recommend to use locations outside the engine root directory to facilitate migrations.
306  # !! STOP YOUR ENGINE before changing this setting !!
307  # [restart required]
308  FilesDirectory: ""
309
310DataCache:
311  # Invalidate data cache groups and entries.
312  # Checks if the lifetime of caches has ended and invalidates them.
313  # You can set the delay in milliseconds between each check.
314  # This delay has to be greater than 0.
315  InvalidationInterval: 60000
316
317# Axon Ivy uses an search engine to provide scalable full text search capabilities.
318# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
319# You can operate Axon Ivy with the bundled search engine server or with your own external search engine cluster.
320SearchEngine:
321  # The bundled search engine server...
322  # - is started in a separate JVM.
323  # - reachable only on 'localhost' but the access is unprotected.
324  # - JVM arguments used to start the bundled search engine server can be configured in the '[ivyEngine]/configuration/opensearch/jvm.options' file.
325  # [restart required]
326  BundledServer:
327    # Path to the directory where the bundled search engine server stores data.
328    # It is recommended to configure a data directory that is located outside of
329    # the Engine installation directory to ease the Engine migration to newer versions.
330    # [restart required]
331    DataPath: data/_/opensearch
332    # Path to the directory where the bundled search engine should log.
333    # [restart required]
334    LogPath: logs/opensearch
335    # Name of the cluster of the bundled search engine server.
336    # [restart required]
337    ClusterName: ivy-opensearch-{uid}
338    # Port to communicate with bundled search engine server
339    # AUTO: A free port in port range 19200-19299 is searched automatically.
340    # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
341    # Make sure it is free.
342    # [restart required]
343    Port: AUTO
344  
345  # Configure access to your own search engine server if you want to use it instead of the bundled server.
346  # 
347  # To install your own search engine server follow these steps
348  # https://opensearch.org/docs/2.19/install-and-configure/install-opensearch/index/
349  # 
350  # Currently, Axon Ivy supports OpenSearch in version 2.19.
351  # If your OpenSearch server is running on another host, the access to that instance has to be protected.
352  # You can achieve that with a front-end webserver like NGINX that enforces basic authentication.
353  # [restart required]
354  ExternalServer:
355    # Configure the URL of your own OpenSearch server if you want to use it instead of the bundled server.
356    # [restart required]
357    Url: ""
358    # Name of the user to use to authenticate in the external OpenSearch server
359    UserName: ""
360    # Password of the user to use to authenticate in the external OpenSearch server.
361    # [examples: "${encrypt:}"]
362    # [password]
363    Password: ""
364  
365  # Settings for the indexes that are created in the search engine.
366  Index:
367    # The name prefix for the indexes.
368    # If multiple Ivy Engines use the same OpenSearch server instance, you need to define unique NamePrefixes per engine.
369    # You might add the engine host name as part of the name prefix, i.e. 'servername'
370    # [restart required]
371    NamePrefix: ivy
372    Reindex:
373      # The size of the queue that is used to store objects read from the database until they are written to the search engine
374      # [restart required]
375      QueueSize: 10000
376      # The number of objects that Ivy reads in one batch from the system database.
377      # [restart required]
378      ReadWindowSize: 1000
379      # The number of objects that Ivy writes in one batch to the search engine.
380      # [restart required]
381      WriteWindowSize: 1000
382    
383    # If BusinessData are not well modeled for OpenSearch, you may have to increase the 'total_fields.limit' of the mapping.
384    # Performance may decrease. If you change this setting, you need to reindex all business data in Engine Cockpit.
385    # [restart required]
386    TotalFieldsLimit: 4000
387  
388  # Configures the search engine client. The client is the ivy engine which communicates with the search engine.
389  Client:
390    # Maximum seconds to wait until a connection to the search engine can be established.
391    # [restart required]
392    ConnectTimeout: 10
393    # Maximum seconds to wait for data to be sent by search engine.
394    # Raise this value if large datasets are expected.
395    # [restart required]
396    ReadTimeout: 30
397
398EMail:
399  Server:
400    Host: ""
401    Port: -1
402    # Email address that will be used for emails sent by the server (e.g. task notification emails)
403    MailAddress: noreply@ivyserver.local
404    User: guest
405    # The password for the mail user
406    # [password]
407    Password: ""
408    PasswordProvider:
409      # A password provider set the password on the mail session from an external resource
410      # [examples: office365-oauth2]
411      Name: ""
412    
413    # [enum: NONE, START_TLS, SSL]
414    EncryptionMethod: NONE
415    # Additional properties which will be set on the mail session
416    # Read https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
417    SessionProperties:
418      mail.smtp.auth.xoauth2.disable: false
419    
420    # Specifies the maximum number of emails that can be sent concurrently
421    # [restart required]
422    MaxConcurrentSendings: 10
423    # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
424    SSL:
425      KeyAlias: ""
426      UseKey: false
427
428# Detection of Axon Ivy versions. Available updates are listed on the Axon Ivy Engine main web page.
429UpdateChecker:
430  # Shall update notification messages be shown and statistic information sent to the update server?
431  # 
432  # While checking for new versions the following statistic information is sent to the update server.
433  # This information is only used to improve the product!
434  # - Engine (version, up time)
435  # - Configuration (number of: cluster nodes, users, licensed users, applications, process model, process model version, deleted process model version, running workflows)
436  # - Licence information (number, organisation, individual)
437  # - Operating system information (name, version, architecture, number of processors)
438  # - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
439  # - System database (product name and version, driver, identification number)
440  # - JVM (Java virtual machine) information (version, vendor, name, memory)
441  # - Used features: we collect the features you are using such as the active connector technologies (REST, SOAP, JPA, ...).
442  # You may inspect the sent information on your own, by enabling the Logger `ch.ivyteam.ivy.update.metrics` on level `DEBUG`.
443  Enabled: true
444  # Time of day when a update check will be executed
445  # The engine must be running at this time otherwise the update check will not be executed.
446  # Format is hh:mm.
447  # [daytime]
448  # [examples: 02:00, 14:15]
449  ExecutionTime: ""
450
451Cluster:
452  # The name of the cluster.
453  # It is used to find and communicate with other nodes of the same cluster.
454  # Multiple clusters located in the same network must have different cluster names.
455  # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
456  # [restart required]
457  Name: IvyCluster
458  # The name of this node.
459  # If not configured, a random name is generated.
460  # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
461  # https://developer.axonivy.com/doc/12.0/engine-guide/integration/cluster
462  # [restart required]
463  NodeName: ""
464
465# When an error occurs while processing a user request, an error screen is displayed to the user.
466# The displayed error page can be customized for your needs:
467# https://developer.axonivy.com/doc/12.0/engine-guide/configuration/files/web-xml.html
468Errors:
469  # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
470  # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
471  # For security reasons, normal users should not see technical implementation details.
472  # But in development or pre-production environments, it might be safe to show the full error details directly to the end user.
473  ShowDetailsToEndUser: false
474
475Persistence:
476  JPA:
477    # Persist ivyScript auto initialized fields with NULL values. Affects types:
478    # - ch.ivyteam.ivy.scripting.objects.Date
479    # - ch.ivyteam.ivy.scripting.objects.DateTime
480    # - ch.ivyteam.ivy.scripting.objects.Time
481    # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
482    defaultInitializedAsNull: true
483
484ProcessEngine:
485  FiringStatistic:
486    # If set to true, a process element statistic is written periodically to the log directory.
487    # May impact server performance.
488    Active: false
489    # Interval in seconds the 'process element statistic' is written to the log directory
490    Interval: 300
491
492Boot:
493  # Switch to maintencance mode if a configuration problem is detected during startup.
494  # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
495  # [enum: AUTO, DISABLED]
496  MaintenanceMode: AUTO
497
498Workflow:
499  History:
500    # Can completed cases and tasks be seen by substitutes of the user who worked on them?
501    # [enum: VISIBLE, INVISIBLE]
502    ForSubstitutes: VISIBLE
503
504ThreadPool:
505  # Executes process engine background operations like Database, WebService calls, etc.
506  BackgroundOperationExecutor:
507    # Minimum number of threads
508    CorePoolSize: 5
509    # Maximum number of threads
510    MaximumPoolSize: 200
511  
512  # Executes unscheduled jobs
513  ImmediateJobExecutor:
514    # Minimum number of threads
515    CorePoolSize: 5
516    # Maximum number of threads
517    MaximumPoolSize: 50
518  
519  # Executes scheduled jobs
520  ScheduledJobExecutor:
521    # Minimum number of threads
522    CorePoolSize: 5
523
524SystemTask:
525  Failure:
526    # Defines the behaviour in case a system task fails.
527    # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
528    Behaviour: FAIL_TASK_DO_RETRY
529  
530  SearchJob:
531    # Interval in seconds between executions of the search job for system tasks.
532    # The job searches system tasks that were not executed because of failures.
533    Interval: 900
534
535# Configures the RESTful services provided.
536REST:
537  Servlet:
538    # Controls the REST servlet interface. If disabled no REST resources will be accessible.
539    # Calls to remote REST services are still possible.
540    # [restart required]
541    Enabled: true
542    # Controls whether the REST resources provided by the Axon Ivy Engine should be available or not
543    # [restart required]
544    API: true
545    # Controls whether the REST resource for remote deployment under '/system/api/apps/{application} is available or not
546    # [restart required]
547    Deployment: true
548    # Cross Site Request Forgery (CRSF) settings
549    # [restart required]
550    CSRF:
551      # Provides the general CSRF protection via 'X-Requested-By' header for REST services.
552      # [restart required]
553      Protection: true
554    
555    # Allows the service developer to get diagnostic information about request processing by Jersey.
556    # Those diagnostic/tracing information are returned in response headers (X-Jersey-Tracing-nnn).
557    # On productive environments this feature should not be turned on.
558    # [restart required]
559    # [enum: OFF, ON_DEMAND, ALL]
560    Tracing: 'OFF'
561
562Session:
563  # Session identifier will be renewed on login to prevent the 'Session Fixation' attack.
564  RenewIdOnLogin: true
565
566WebServer:
567  # Name of the Ivy servlet context. Use a simple name without any special characters.
568  # [restart required]
569  # [examples: ivy, workflow]
570  IvyContextName: ""
571
572OfflineDialog:
573  # Disable it if you don't use the Mobile Offline Dialog feature.
574  # [restart required]
575  Enabled: true
576
577Connector:
578  # https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
579  # [restart required]
580  HTTP:
581    # Whether the HTTP connector is enabled.
582    # [restart required]
583    Enabled: true
584    # The TCP port number on which this Connector will create a server socket and await incoming connections.
585    # [restart required]
586    Port: 8080
587    # The maximum length of the operating system provided queue for incoming connection requests when maxConnections has been reached.
588    # [restart required]
589    AcceptCount: 100
590    # For servers with more than one IP address, this attribute specifies which address will be used for listening
591    # on the specified port.
592    # By default, the connector will listen all local addresses.
593    # [restart required]
594    # [examples: 0.0.0.0, ::]
595    Address: ""
596    # A boolean value which can be used to enable or disable the TRACE HTTP method.
597    # [restart required]
598    AllowTrace: false
599    # The value is a comma separated list of MIME types for which HTTP compression may be used.
600    # [restart required]
601    CompressibleMimeType: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml
602    # The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth.
603    # [restart required]
604    # [examples: on, off, force]
605    Compression: 'off'
606    # The number of seconds during which the sockets used by this Connector will linger when they are closed. The default value is -1 which disables socket linger.
607    # [restart required]
608    ConnectionLinger: -1
609    # The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented.
610    # [restart required]
611    ConnectionTimeout: 60000
612    # This flag allows the servlet container to use a different, usually longer connection timeout during data upload.
613    # [restart required]
614    DisableUploadTimeout: true
615    # Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client.
616    # Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance).
617    # [restart required]
618    EnableLookups: false
619    # Provides the default value for maxHttpRequestHeaderSize and maxHttpResponseHeaderSize.
620    # [restart required]
621    MaxHttpHeaderSize: 8192
622    # The maximum number of HTTP requests which can be pipelined until the connection is closed by the server.
623    # Setting this attribute to 1 will disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.
624    # Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.
625    # [restart required]
626    MaxKeepAliveRequests: 100
627    # The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing.
628    # The limit can be disabled by setting this attribute to a value less than zero.
629    # [restart required]
630    MaxPostSize: 2097152
631    # The maximum size in bytes of the request body which will be saved/buffered by
632    # the container during FORM or CLIENT-CERT authentication or during HTTP/1.1 upgrade.
633    # [restart required]
634    MaxSavePostSize: 4096
635    # The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled.
636    # [restart required]
637    MaxThreads: 200
638    # The minimum number of threads always kept running. This includes both active and idle threads.
639    # [restart required]
640    MinSpareThreads: 10
641    # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
642    # for which compression should not be used.
643    # [restart required]
644    NoCompressionUserAgents: ""
645    # If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName().
646    # [restart required]
647    ProxyName: ""
648    # If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().
649    # [restart required]
650    ProxyPort:
651    # If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.
652    # [restart required]
653    RedirectPort: 8443
654    # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
655    # for which HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients advertise support for these features.
656    # [restart required]
657    RestrictedUserAgents: ""
658    # Overrides the Server header for the http response.
659    # If set, the value for this attribute overrides any Server header set by a web application.
660    # If not set, any value specified by the application is used.
661    # If the application does not specify a value then no Server header is set.
662    # [restart required]
663    Server: ""
664    # If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances.
665    # [restart required]
666    TcpNoDelay: true
667    # The priority of the request processing threads within the JVM.
668    # [restart required]
669    ThreadPriority: 5
670    # This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL.
671    # [restart required]
672    URIEncoding: UTF-8
673    # This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding.
674    # [restart required]
675    UseBodyEncodingForURI: false
676    # Set this attribute to true to cause Tomcat to use the IP address that the request was received on to determine the Host to send the request to.
677    # [restart required]
678    UseIPVHosts: false
679    # Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification.
680    # [restart required]
681    XpoweredBy: false
682  
683  # https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
684  # [restart required]
685  HTTPS:
686    # Whether the HTTPS connector is enabled.
687    # [restart required]
688    Enabled: false
689    # The TCP port number on which this Connector will create a server socket and await incoming connections.
690    # [restart required]
691    Port: 8443
692    # The maximum length of the operating system provided queue for incoming connection requests when maxConnections has been reached.
693    # [restart required]
694    AcceptCount: 100
695    # For servers with more than one IP address, this attribute specifies which address will be used for listening
696    # on the specified port.
697    # By default, the connector will listen all local addresses.
698    # [restart required]
699    # [examples: 0.0.0.0, ::]
700    Address: ""
701    # A boolean value which can be used to enable or disable the TRACE HTTP method.
702    # [restart required]
703    AllowTrace: false
704    # 
705    # [restart required]
706    ClientAuth: NONE
707    # The value is a comma separated list of MIME types for which HTTP compression may be used.
708    # [restart required]
709    CompressibleMimeType: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml
710    # The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth.
711    # [restart required]
712    # [examples: on, off, force]
713    Compression: 'off'
714    # The number of seconds during which the sockets used by this Connector will linger when they are closed. The default value is -1 which disables socket linger.
715    # [restart required]
716    ConnectionLinger: -1
717    # The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented.
718    # [restart required]
719    ConnectionTimeout: 60000
720    # This flag allows the servlet container to use a different, usually longer connection timeout during data upload.
721    # [restart required]
722    DisableUploadTimeout: true
723    # Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client.
724    # Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance).
725    # [restart required]
726    EnableLookups: false
727    # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
728    # for which HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients advertise support for these features.
729    # [restart required]
730    RestrictedUserAgents: ""
731    # The name of the protocol to support when communicating with clients.
732    # If you need a fine granular selection of multiple protocols, use the 'SslHostConfig.Protocols' property.
733    # [restart required]
734    # [examples: TLS, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
735    SslProtocol: TLS
736    SslHostConfig:
737      # The names of the protocols to support when communicating with clients.
738      # Multiple protocols can be enabled by separating them with a comma.
739      # [restart required]
740      # [examples: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, all]
741      Protocols: all
742    
743    # 
744    # [restart required]
745    KeyAlias: ""
746    # [password]
747    # [restart required]
748    KeyPass: ""
749    # 
750    # [restart required]
751    KeystoreFile: configuration/keystore.p12
752    # [password]
753    # [restart required]
754    KeystorePass: changeit
755    # 
756    # [restart required]
757    KeystoreType: pkcs12
758    # Provides the default value for maxHttpRequestHeaderSize and maxHttpResponseHeaderSize.
759    # [restart required]
760    MaxHttpHeaderSize: 8192
761    # The maximum number of HTTP requests which can be pipelined until the connection is closed by the server.
762    # Setting this attribute to 1 will disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.
763    # Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.
764    # [restart required]
765    MaxKeepAliveRequests: 100
766    # The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing.
767    # The limit can be disabled by setting this attribute to a value less than zero.
768    # [restart required]
769    MaxPostSize: 2097152
770    # The maximum size in bytes of the request body which will be saved/buffered by
771    # the container during FORM or CLIENT-CERT authentication or during HTTP/1.1 upgrade.
772    # [restart required]
773    MaxSavePostSize: 4096
774    # The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled.
775    # [restart required]
776    MaxThreads: 200
777    # The minimum number of threads always kept running. This includes both active and idle threads.
778    # [restart required]
779    MinSpareThreads: 10
780    # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
781    # for which compression should not be used.
782    # [restart required]
783    NoCompressionUserAgents: ""
784    # If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName().
785    # [restart required]
786    ProxyName: ""
787    # If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().
788    # [restart required]
789    ProxyPort:
790    # If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.
791    # [restart required]
792    RedirectPort: 8443
793    # Overrides the Server header for the http response.
794    # If set, the value for this attribute overrides any Server header set by a web application.
795    # If not set, any value specified by the application is used.
796    # If the application does not specify a value then no Server header is set.
797    # [restart required]
798    Server: ""
799    # If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances.
800    # [restart required]
801    TcpNoDelay: true
802    # The priority of the request processing threads within the JVM.
803    # [restart required]
804    ThreadPriority: 5
805    # 
806    # [restart required]
807    TruststoreFile: ""
808    # [password]
809    # [restart required]
810    TruststorePass: ""
811    # 
812    # [restart required]
813    TruststoreType: JKS
814    # This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL.
815    # [restart required]
816    URIEncoding: UTF-8
817    # This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding.
818    # [restart required]
819    UseBodyEncodingForURI: false
820    # Set this attribute to true to cause Tomcat to use the IP address that the request was received on to determine the Host to send the request to.
821    # [restart required]
822    UseIPVHosts: false
823    # Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification.
824    # [restart required]
825    XpoweredBy: false
826
827HealthCheck:
828  # Whether health check is enabled
829  Enabled:
830  Checks:
831    DatabasesConnectionPoolCheck:
832      Enabled: true
833    
834    EngineModeCheck:
835      Enabled: true
836    
837    HeapMemoryCheck:
838      Enabled: true
839    
840    ReleaseCandidateCheck:
841      Enabled: true
842    
843    RestartRequiredCheck:
844      Enabled: true
845    
846    RestClientsConnectionPoolCheck:
847      Enabled: true
848    
849    SysDbConnectionPoolCheck:
850      Enabled: true
851    
852    SystemCpuLoadCheck:
853      Enabled: true
854    
855    SystemMemoryCheck:
856      Enabled: true