ivy.yamlΒΆ

[engineDir]/configuration/reference/ivy.yaml

  1#
  2# -------------------------------------------
  3# Axon Ivy Engine Configuration
  4# -------------------------------------------
  5# 
  6# This file shows configurations of the Axon Ivy Engine and its external systems.
  7# https://developer.axonivy.com/doc/9.2/engine-guide/configuration/
  8#
  9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
 10# them to your needs.
 11# https://developer.axonivy.com/doc/9.2/engine-guide/configuration/files/ivy-yaml.html
 12#
 13# By default the engine is pre-configured to run in demo mode.
 14# To run an engine in a productive environment at least the system database
 15# must be configured.
 16#
 17# SECRETS / PASSWORDS:
 18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
 19# * to encrypt the string myPassword write "${encrypt:myPassword}"
 20#   https://developer.axonivy.com/doc/9.2/engine-guide/configuration/advanced-configuration.html#passwords
 21#
 22# OVERRIDING:
 23# Any configuration value provided here can be set in alternative sources. 
 24# * environment variables: of the operating system can set app config entries. 
 25#    Their key must be prefixed with 'IVY_'. 
 26#    E.g. use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
 27#    https://developer.axonivy.com/doc/9.2/engine-guide/configuration/advanced-configuration.html#overriding-configuration
 28#
 29
 30
 31
 32# == System Database Settings == 
 33#
 34# Axon Ivy requires a System Database to store the state of running workflow applications.
 35#
 36# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
 37# that are able to connect to the database are mandatory.
 38# 
 39# [restart required]
 40SystemDb:
 41  # JDBC URL
 42  Url: ""
 43
 44  # Name of the user to connect to system database. E.g. root, sa, admin, ivy, AxonIvy
 45  # e.g. root
 46  UserName: ""
 47
 48  # Password of the user to connect to the system database.
 49  # e.g. "${encrypt:1234}"
 50  # [password]
 51  Password: ""
 52
 53  # If set to true the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
 54  Autoconvert: false
 55
 56  # Defines how long ivy should wait (in seconds) at startup for the availability of the db server
 57  BootTimeout: 60
 58
 59  # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
 60  Driver: ""
 61
 62  # Additional driver specific connection properties.
 63  DriverProperties:
 64    #driverProperty: propertyValue
 65
 66  # Maximum number of connections to the system database.
 67  MaxConnections: 50
 68
 69
 70
 71# == Adminstrators ==
 72#
 73# Administrators can configure, monitor and manage the Axon Ivy Engine.
 74#
 75# Email is used to send info mails like license expiration
 76# FullName is used to display a nice name for this user.
 77# 
 78# You should hash the password with "${hash:mySecret}".
 79# The real password cannot be recovered from the hash.
 80#
 81# Default administrator in demo mode is 'admin' with password 'admin'
 82#Administrators:
 83
 84  # Example admin user with username james and password mySecret
 85  #  
 86  #james:
 87    #Password: "${hash:mySecret}"
 88    #Email: info@localhost
 89    #FullName: James David
 90
 91
 92
 93# == Base Url ==
 94#
 95# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
 96# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
 97# This is necessary because ivy cannot reliably detect such a URL from within itself.
 98BaseUrl: ""
 99
100
101
102# == Single Sign-on ==
103#
104# Single Sign-on allows to auto login users. Therefore a reverse proxy
105# in front of the Axon Ivy Engine must be installed which is responsible to authenticate
106# the user. The name of the user must then be transmitted as HTTP header.
107# Attention: Ensure exclusive access to the Axon Ivy Engine otherwise
108# attackers can easily login as another user.
109# https://developer.axonivy.com/doc/9.2/engine-guide/integration/single-sign-on
110# [restart required]
111SSO:
112  # Whether SSO is enabled or not
113  Enabled: false
114
115  # name of the HTTP header with the username which must be set by the reverse proxy
116  UserHeader: X-Forwarded-User
117
118
119
120# == Deployment Setting ==
121#
122Deployment:
123
124  # Directory where the server watches for files to deploy.
125  # https://developer.axonivy.com/doc/9.2/engine-guide/deployment
126  #
127  # You may want to use a UNC path to specify a remote network location.
128  Directory: deploy
129
130
131
132# == Data Settings ==
133#
134Data:
135
136  # Folder where applications are stored, unless otherwise defined in the deployment.
137  # If you change this path, proceed as follows...
138  #   1. Stop the engine
139  #   2. Change this path and move the existing applications to this new directory
140  #   3. Start the engine
141  # Absolute paths and relative paths are supported
142  # In demo mode not configurable and set to: [Data.WorkDirectory]/demo-applications
143  # [restart required] for existing apps
144  AppDirectory: applications
145
146  # Root folder where application files are stored.
147  # A change in this setting will NOT automatically move existing application files to the new location.
148  # A change will require to manually move existing files to the new directory.
149  # Absolute and relative (to the engine root directory) paths are supported.
150  # If not set the files will be stored underneath each application's file directory.
151  # [restart required] for existing apps
152  FilesDirectory: ""
153
154  # Directory where the server writes temporary working files to.
155  # [restart required]
156  WorkDirectory: work
157
158
159# == Data Cache Settings ==
160#
161DataCache:
162  
163  # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
164  # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
165  InvalidationInterval: 60000
166
167
168# == Elasticsearch Settings ==
169#
170# Axon Ivy uses an Elasticsearch instance to provide a fast query interface against BusinessData.
171# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
172#
173# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
174#
175# [restart required] except for UserName and Password of ExternalServer
176Elasticsearch:
177
178  # The bundled Elasticsearch server...
179  # - is started in a separate JVM when a feature requires BusinessData access.
180  # - reachable only on 'localhost' but the access is unprotected. 
181  # - JVM arguments used to start the bundled Elasticsearch server can be 
182  #   configured in the 'elasticsearch/config/jvm.options' file.
183  BundledServer:
184
185    # Path to the directory where the bundled Elasticsearch server stores data.
186    # It is recommended to configure a data directory that is located outsite of the Engine 
187    # installation directory to ease the Engine migration to newer versions.
188    DataPath: elasticsearch/data
189
190    # Name of the cluster of the bundled Elasticsearch server.
191    ClusterName: ivy-elasticsearch-{uid}
192
193    # Whether the bundled Elasticsearch server should be started lazy or not.
194    # If set to true the bundled Elasticsearch server will be started on first usage
195    # otherwise the Elasticsearch server will be started on engine startup.
196    LazyStart: false
197
198
199  # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
200  #
201  # To install your own Elasticsearch server follow these steps
202  # https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html
203  #
204  # Currently Axon Ivy supports Elasticsearch server versions in the 7.3.x range. 
205  # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
206  # You can achieve that with a front-end webserver like NGINX that enforces basic authentication.
207  ExternalServer:
208  
209    # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
210    Url: ""
211
212    # Name of the user to use to authenticate in the external Elasticsearch server
213    UserName: ""
214    
215    # Password of the user to use to authenticate in the external Elasticsearch server.
216    # e.g. "${encrypt:}"
217    # [password]
218    Password: ""
219    
220    # Defines how long ivy should wait (in seconds) for the availability of the external Elasticsearch server while booting.
221    BootTimeout: 60
222
223  # For every business data type an Elasticsearch index will be created. E.g. for type ch.ivy.Dossier the index name is <NamePrefix>-ch.ivy.dossier.
224  Index:
225    # The name prefix of the index to use to store business data.
226    # If multiple ivy Engines use the same Elasticsearch server instance, you need to change this property, that every ivy Engine has an unique indices.
227    NamePrefix: ivy.businessdata
228    
229    Reindex:
230      # The number of business data objects that should be read in one batch from the system database
231      ReadWindowSize: 1000
232      # The number of business data objects that should be write in one batch to Elasticsearch
233      WriteWindowSize: 1000
234      # The size of the queue that is used to store business data objects read from the database 
235      # until they are written to the Elasticsearch
236      QueueSize: 10000
237
238
239  # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
240  Client:
241    # Maximum seconds to wait until a connection to Elastisearch can be established.
242    ConnectTimeout: 10
243    
244    # Maximum seconds to wait for data sent by Elastisearch. 
245    # Raise this value if large datasets are expected.
246    ReadTimeout: 30
247         
248
249
250
251# == EMail Settings ==
252#
253EMail:
254  Server:
255    Host: ""
256
257    Port: -1
258
259    # Email address that will be used for emails sent by the server (e.g. task notification emails)
260    MailAddress: noreply@ivyserver.local
261
262    User: guest
263
264    # [password]
265    Password: ""
266
267    # [enum: NONE, START_TLS, SSL]
268    EncryptionMethod: NONE
269
270    SSL:
271      KeyAlias: ""
272
273      UseKey: false
274
275  DailyTaskSummary:
276    # Time of day when the task summary mails will be sent.
277    # The engine must be running at this time otherwise the daily task summary mails will not be sent.
278    # Format is hh:mm. e.g. "02:00" or "14:15"
279    # [daytime]
280    TriggerTime: "00:00"
281
282
283
284# == Show Error Messages To End Users Settings ==
285#
286# When an error occurs while processing a user request an error screen is displayed to the user. 
287# 
288# The displayed error page can be customized for your needs: 
289# https://developer.axonivy.com/doc/9.2/engine-guide/configuration/files/web-xml.html
290#
291Errors:
292  # Whether stacktraces, detailed error reports, etc. should be shown to end users.
293  #
294  # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
295  # 
296  # For security reasons normal users should not see technical implementation details.
297  # But in development or pre-production environments it might be save to show the full error
298  # details directly to the end user.
299  ShowDetailsToEndUser: false
300
301
302
303# == Persistence Setting ==
304#
305Persistence:
306  JPA:
307    # Persist ivyScript auto initialized fields with NULL values. Affects types are...
308    #  - ch.ivyteam.ivy.scripting.objects.Date
309    #  - ch.ivyteam.ivy.scripting.objects.DateTime
310    #  - ch.ivyteam.ivy.scripting.objects.Time
311    # If this option is disabled auto initialized values are stored as before Axon Ivy 6.4.
312    defaultInitializedAsNull: true
313
314
315
316# == Process Element Firing Statistic Settings ==
317#
318ProcessEngine:
319  FiringStatistic:
320
321    # If activated, a process element statistic is written periodically to the log-directory. If activated may slow down the server performance.
322    Active: false
323
324    # Interval in seconds the 'process element statistic' is written to the log directory
325    Interval: 300
326
327
328
329# == SSL Client Settings ==
330#
331SSL:
332  Client:
333    # A key store is used to read client keys (certificates). 
334    # This is only required if a remote server requests a client certificate in order to authenticate the client. 
335    KeyStore:
336      UseCustom: false
337      # [password]
338      KeyPassword: changeit
339      Algorithm: SunX509
340      File: configuration/keystore.p12
341      # [password]
342      Password: changeit
343      Provider: ""
344      Type: pkcs12
345
346    # A trust store is used to specify trusted server certificates or certificates of certification authorities. 
347    # An SSL client autenticates a server by using the certificates in a trust store. 
348    # Self signed or signed by an unknown certification authority can be added to this trustore. 
349    TrustStore:
350      File: configuration/truststore.p12
351      Algorithm: PKIX
352      # [password]
353      Password: changeit
354      Provider: ""
355      Type: pkcs12
356
357      # Full qualified class name of a trust manager class that is used to validate server certificates. 
358      # If configured the system trustore of the JVM and the configured trustore are not in charge.
359      ManagerClass: ""
360
361
362
363# == Workflow Settings ==
364#
365Workflow:
366
367  # Whether done cases and tasks can be seen by substitutes of the user who has worked on them.
368  # [enum: VISIBLE, INVISIBLE]
369  History.ForSubstitutes: VISIBLE
370
371
372# == Failure Behaviour ==
373#
374SystemTask:
375  # Defines the behaviour in case a system task fails. 
376  # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
377  Failure.Behaviour: FAIL_TASK_DO_RETRY
378
379  # Interval in seconds between executions of the search job for system tasks.
380  # The job searches system tasks that were not executed because of failures.
381  SearchJob.Interval: 900
382
383
384
385# == Thread Pools Settings ==
386#
387ThreadPool:
388  # Executes process engine background operations like Database, WebService calls, etc.
389  BackgroundOperationExecutor:
390    # Minimum number of threads
391    CorePoolSize: 5
392    # Maximum number of threads
393    MaximumPoolSize: 200
394  
395  # Executes unscheduled jobs
396  ImmediateJobExecutor:
397    # Minimum number of threads
398    CorePoolSize: 5
399    # Maximum number of threads
400    MaximumPoolSize: 50
401  
402  # Executes scheduled jobs
403  ScheduledJobExecutor:
404    # Minimum number of threads
405    CorePoolSize: 5
406
407
408
409# == Update Checker Settings ==
410#
411# When newer Axon Ivy versions are available a message will be displayed on the Axon Ivy Engine main web page. 
412# The update message contains information about the new versions and where those can be downloaded. 
413#
414# While checking for new versions the following statistic information are sent to the update server. 
415# These information are only used to improve the product:
416# - Engine (version, up time)
417# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
418# - Licence information (number, organisation, individual)
419# - Operating system information (name, version, architecture, number of processors)
420# - System database (product name and version, driver, identification number)
421# - Java memory information (maximum heap memory, maximum non heap memory)
422# - JVM (Java virtual machine) information (version, vendor, name)
423# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
424#
425UpdateChecker:
426  #  Whether Update notification messages are shown and statistic information are sent to the update server 
427  Enabled: true
428
429  # Time of day when a update check will be executed
430  # The engine must be running at this time otherwise the update check will not be executed.
431  # Format is hh:mm. e.g. "02:00" or "14:15"
432  # [daytime]
433  ExecutionTime: ""
434  
435
436
437Boot:
438  # Switch to maintencance mode if a configuration problem is detected during startup.
439  # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
440  # [enum: AUTO, DISABLED]
441  MaintenanceMode: AUTO
442  
443  
444  
445Cluster:
446  # The name of this node. 
447  # If not configured a random name is generated.
448  # The name of a node is also used as jvm route identifier, which is used by some load balancer to provide sticky sessions.
449  # https://developer.axonivy.com/doc/9.2/engine-guide/integration/cluster
450  # [restart required] 
451  NodeName: ""