ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1#
2# -------------------------------------------
3# Axon Ivy Engine Configuration
4# -------------------------------------------
5#
6# This file shows configurations of the Axon Ivy Engine and its external systems.
7# https://developer.axonivy.com/doc/10.0/engine-guide/configuration/
8#
9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
10# them to your needs.
11# https://developer.axonivy.com/doc/10.0/engine-guide/configuration/files/ivy-yaml.html
12#
13# By default, the engine is pre-configured to run in demo mode.
14# To run an engine in a productive environment, at least the system database
15# has to be configured.
16#
17# SECRETS / PASSWORDS:
18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
19# This applies a reversible encryption private to this Ivy Engine.
20# You cannot copy the encrypted values from one engine to another.
21# Example:
22# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
23# https://developer.axonivy.com/doc/10.0/engine-guide/configuration/advanced-configuration.html#passwords
24#
25# OVERRIDING:
26# Any configuration value provided here can be set in alternative sources.
27# * environment variables: of the operating system can set app config entries.
28# Their key must be prefixed with 'IVY_'.
29# For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
30# https://developer.axonivy.com/doc/10.0/engine-guide/configuration/advanced-configuration.html#overriding-configuration
31#
32
33
34
35# == System Database Settings ==
36#
37# Axon Ivy requires a System Database to store the state of running workflow applications.
38#
39# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
40# that are able to connect to the database, are mandatory.
41#
42# [restart required]
43SystemDb:
44 # JDBC URL
45 Url: ""
46 # Name of the technical user to connect to system database on behalf of the engine. E.g. ivy, AxonIvy, workflowengine
47 # e.g. ivy
48 UserName: ""
49 # Password for above technical user.
50 # e.g. "${encrypt:1234}"
51 # [password]
52 Password: ""
53 # If the database will be created with the Engine Config CLI, these params will be respected.
54 # This is used on LTS 10.0 in the Axon Ivy Engine Docker Image (docker-entrypoint.sh).
55 Creation:
56 # Tablespace which will be used (only for Oracle).
57 Tablespace: ivy
58 # Username which will be taken to create the system database (only for Oracle).
59 UserName: ""
60 # Password which will be taken to create the system database (only for Oracle).
61 # [password]
62 Password: ""
63 # If set to true, the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
64 Autoconvert: false
65 # Defines how long ivy should wait (in seconds) at startup for the db server to be available
66 BootTimeout: 60
67 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
68 Driver: ""
69 # Additional driver specific connection properties.
70 DriverProperties: {}
71 # Maximum number of connections to the system database.
72 MaxConnections: 50
73
74
75
76# == Adminstrators ==
77#
78# Administrators can configure, monitor and manage the Axon Ivy Engine.
79#
80# Email is used to send info mails like license expiration
81# FullName is used to display a nice name for this user.
82#
83# For security reasons, please hash the password(s) using "${hash:mySecret}".
84# The real password cannot be recovered from the hash.
85#
86# Default administrator in demo mode is 'admin' with password 'admin'
87#Administrators:
88# #Example admin user with username james and password mySecret
89# james:
90# Password: "${hash:mySecret}"
91# Email: info@localhost
92# FullName: James David
93
94
95
96# == Security Systems ==
97#
98# List of Security Systems.
99# A security system defines how users and roles are managed.
100# Security systems that are configured here can be used by applications.
101# !! If you change a security system then all users that are no longer defined by the changed security system will be disabled.
102# !! Switching from an Identity Provider e.g. Azure Active Directory to Ivy Security System keeps all synchronized users, but
103# requires that you set (new) passwords for them. Before, passwords have been managed and kept by the Identity Provider for
104# all managed users.
105#
106SecuritySystems:
107
108 # 'default' security system which exists always
109 default:
110 # The Security System manages the user and roles in the system database.
111 # For the Ivy Security System, no additional configuration is needed.
112 # For any other Security System, further configuration is need to integrate such a system.
113 # See https://developer.axonivy.com/doc/10.0/engine-guide/identity-provider
114 # [enum: ivy Security System, Microsoft Active Directory, Novell eDirectory, azure-active-directory]
115 Provider: "ivy Security System"
116
117 # == EMail Notification Settings ==
118 #
119 # These email notification settings will be applied to all users of a security system.
120 # Users still have the option to customize their e-mail notification settings for themselves.
121 # Applications can override the standard options or add their own.
122 #
123 EMailNotification:
124 # The settings here are standard values that apply for all users who do not alter their settings.
125 # Users can override these settings in the Portal menu.
126 #
127 # Shall users be notified by mail whenever a new task is assigned to them?
128 OnNewTasks: false
129 #
130 # On which weekdays shall the users receive a daily task summary?
131 # Possible values are: never, always, monday, tuesday, wednesday, thursday, friday, saturday, sunday
132 # Any combination of weekdays is allowed.
133 # You can configure when the summary email is sent in EMail:DailyTaskSummary:TriggerTime
134 DailySummaryOn: never
135 #
136 # Standard processes are a set of predefined processes, which you can customize in your ivy project.
137 # To enable these custom processes, the library id of the ivy project must be specified here.
138 # The library id is <group-id>:<project-id> from the ivy project deployment definition.
139 # e.g the library id of the portal is "com.axonivy.portal:portal"
140 # The default is 'auto' which means auto detection of standard process in your application
141 # https://developer.axonivy.com/doc/10.0/designer-guide/user-interface/standard-processes
142 StandardProcess: auto
143
144 # == Language Settings ==
145 #
146 # The default language settings, which apply to all users who have not explicitly set this
147 # in their profile settings.
148 #
149 Language:
150 # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
151 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
152 Content: en
153 # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
154 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
155 Formatting: en_GB
156
157
158
159# == Base Url ==
160#
161# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
162# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
163# This is necessary because ivy cannot reliably detect such a URL from within itself.
164BaseUrl: ""
165
166
167
168# == Single Sign-on ==
169#
170# Single Sign-on allows to auto login users. A reverse proxy has to be installed
171# in front of the Axon Ivy Engine. It is responsible for authenticating
172# the user. The name of the user must then be transmitted as a HTTP header.
173# !! Assert exclusive access to the Axon Ivy Engine otherwise
174# attackers can easily login as another user.
175# https://developer.axonivy.com/doc/10.0/engine-guide/integration/single-sign-on
176# [restart required]
177SSO:
178 # Shall SSO be enabled?
179 Enabled: false
180 # name of the HTTP header with the username that has to be provided by the reverse proxy
181 UserHeader: X-Forwarded-User
182
183
184
185# == Deployment Setting ==
186#
187Deployment:
188 # Directory where the server watches for files to deploy.
189 # https://developer.axonivy.com/doc/10.0/engine-guide/deployment
190 #
191 # You can speficy a remote network location using a UNC path:
192 # Linux: //servername/share/file
193 # Windows: \\servername\share\file
194 #
195 Directory: deploy
196
197 Backup:
198 # The number of backups of deployed projects that are kept on disk
199 # n < 0: infinite number of backups are kept
200 # n = 0: No backups are made or kept
201 # n > 0: Number of backups that are kept.
202 Keep: 5
203
204
205
206# == Data Settings ==
207#
208Data:
209 #-----------------------------------------------------------------------------------------------
210 # !! STOP YOUR ENGINE before changing these settings !!
211 #
212 # For all paths below,
213 # - absolute and relative paths (to the engine root directory) are supported
214 # - we recommend to use locations outside the engine root directory to facilitate migrations.
215 #-----------------------------------------------------------------------------------------------
216 #
217 # Folder where runtime data will be stored.
218 #
219 # [restart required]
220 Directory: data
221 #
222 # Folder where applications are stored, unless otherwise defined in application specific configuration.
223 #
224 # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applications
225 #
226 # [restart required]
227 AppDirectory: applications
228 #
229 # Root folder where application data files are stored.
230 #
231 # A change in this setting will NOT move existing application files to the new location.
232 # You have to move existing files manually to the new directory.
233 #
234 # If not set, the files will be stored beneath each application's file directory.
235 #
236 # [restart required]
237 FilesDirectory: ""
238 #
239 # Directory where the server writes temporary working files to.
240 #
241 # [restart required]
242 WorkDirectory: work
243
244
245# == Data Cache Settings ==
246#
247DataCache:
248 # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
249 # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
250 #
251 InvalidationInterval: 60000
252
253
254# == Elasticsearch Settings ==
255#
256# Axon Ivy uses an Elasticsearch instance to provide a fast query interface against BusinessData.
257# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
258#
259# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
260#
261# [restart required] except for UserName and Password of ExternalServer
262Elasticsearch:
263 # The bundled Elasticsearch server...
264 # - is started in a separate JVM when a feature requires BusinessData access.
265 # - reachable only on 'localhost' but the access is unprotected.
266 # - JVM arguments used to start the bundled Elasticsearch server can be
267 # configured in the 'elasticsearch/config/jvm.options' file.
268 BundledServer:
269 #
270 # Path to the directory where the bundled Elasticsearch server stores data.
271 # It is recommended to configure a data directory that is located outsite of the Engine
272 # installation directory to ease the Engine migration to newer versions.
273 DataPath: elasticsearch/data
274 #
275 # Name of the cluster of the bundled Elasticsearch server.
276 ClusterName: ivy-elasticsearch-{uid}
277 #
278 # Start the bundled Elasticsearch server lazy (on demand)?
279 # If true, the bundled Elasticsearch server will be started on first usage
280 # If false, the Elasticsearch server will be started on engine startup.
281 #
282 LazyStart: false
283 #
284 # Port to communicate with bundled Elasticsearch server
285 #
286 # AUTO: A free port in port range 19200-19299 is searched automatically.
287 # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
288 # Make sure it is free.
289 #
290 Port: AUTO
291
292 #
293 # Configure access to your own Elasticsearch server if you want to use it instead of the bundled server.
294 #
295 # To install your own Elasticsearch server follow these steps
296 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup.html
297 #
298 # Currently, Axon Ivy supports Elasticsearch server versions in the 7.17.x range.
299 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
300 # You can achieve that with a front-end webserver like NGINX for Elasticsearch that enforces basic authentication.
301 #
302 ExternalServer:
303 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
304 Url: ""
305 # Name of the user to use to authenticate in the external Elasticsearch server
306 UserName: ""
307 # Password of the user to use to authenticate in the external Elasticsearch server.
308 # e.g. "${encrypt:}"
309 # [password]
310 Password: ""
311 # Defines how long ivy should wait (in seconds) for the availability of the external Elasticsearch server while booting.
312 BootTimeout: 60
313 #
314 # For every business data type an Elasticsearch index will be created.
315 Index:
316 # The name prefix of the index to use to store business data.
317 # Example: for type ch.ivy.Dossier the index name is <NamePrefix>-ch.ivy.dossier.
318 # If multiple Ivy Engines use the same Elasticsearch server instance, you need to define unique NamePrefixes per engine.
319 # You might add the engine host name as part of the name prefix, i.e. "servername.ivy.businessdata", or "servername.data"
320 NamePrefix: ivy.businessdata
321 Reindex:
322 # The number of business data objects that Ivy reads in one batch from the system database
323 ReadWindowSize: 1000
324 # The number of business data objects that Ivy writes in one batch to Elasticsearch
325 WriteWindowSize: 1000
326 # The size of the queue that is used to store business data objects read from the database
327 # until they are written to the Elasticsearch
328 QueueSize: 10000
329 # If BusinessData are not well modeled for Elasticsearch, you may have to increase the 'total_fields.limit' of the mapping.
330 # Performance may decrease. If you change this setting, you need to shutdown the Axon Ivy Engine and delete the data directory of Elasticsearch.
331 TotalFieldsLimit: 4000
332 #
333 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
334 Client:
335 # Maximum seconds to wait until a connection to Elasticsearch can be established.
336 ConnectTimeout: 10
337 # Maximum seconds to wait for data to be sent by Elasticsearch.
338 # Raise this value if large datasets are expected.
339 ReadTimeout: 30
340
341
342
343# == EMail Settings ==
344#
345EMail:
346 Server:
347 Host: ""
348 Port: -1
349 # Email address that will be used for emails sent by the server (e.g. task notification emails)
350 MailAddress: noreply@ivyserver.local
351 User: guest
352 # [password]
353 Password: ""
354 # [enum: NONE, START_TLS, SSL]
355 EncryptionMethod: NONE
356 #
357 # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
358 SSL:
359 KeyAlias: ""
360 UseKey: false
361 DailyTaskSummary:
362 # Time of day when the task summary mails will be sent.
363 # The engine must be running at this time otherwise the daily task summary mails will not be sent.
364 # Format is hh:mm. e.g. "02:00" or "14:15"
365 # [daytime]
366 TriggerTime: "00:00"
367
368
369
370# == Show Error Messages To End Users Settings ==
371#
372# When an error occurs while processing a user request, an error screen is displayed to the user.
373#
374# The displayed error page can be customized for your needs:
375# https://developer.axonivy.com/doc/10.0/engine-guide/configuration/files/web-xml.html
376#
377Errors:
378 #
379 # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
380 #
381 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
382 #
383 # For security reasons, normal users should not see technical implementation details.
384 # But in development or pre-production environments, it might be safe to show the full error
385 # details directly to the end user.
386 #
387 ShowDetailsToEndUser: false
388
389
390
391# == Persistence Settings ==
392#
393Persistence:
394 JPA:
395 # Persist ivyScript auto initialized fields with NULL values. Affects types:
396 # - ch.ivyteam.ivy.scripting.objects.Date
397 # - ch.ivyteam.ivy.scripting.objects.DateTime
398 # - ch.ivyteam.ivy.scripting.objects.Time
399 # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
400 defaultInitializedAsNull: true
401
402
403
404# == Process Element Firing Statistic Settings ==
405#
406ProcessEngine:
407 FiringStatistic:
408 #
409 # If set to true, a process element statistic is written periodically to the log directory.
410 # May impact server performance.
411 Active: false
412 #
413 # Interval in seconds the 'process element statistic' is written to the log directory
414 #
415 Interval: 300
416
417
418
419# == SSL Client Settings ==
420#
421SSL:
422 Client:
423 #
424 # A key store is used to read client keys (certificates).
425 # This is only required if a remote server requests a client certificate in order to authenticate the client.
426 KeyStore:
427 UseCustom: false
428 # [password]
429 KeyPassword: changeit
430 Algorithm: SunX509
431 File: configuration/keystore.p12
432 # [password]
433 Password: changeit
434 Provider: ""
435 Type: pkcs12
436 #
437 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
438 # An SSL client autenticates a server by using the certificates in a trust store.
439 # Self signed or signed by an unknown certification authority can be added to this trustore.
440 TrustStore:
441 File: configuration/truststore.p12
442 Algorithm: PKIX
443 # [password]
444 Password: changeit
445 Provider: ""
446 Type: pkcs12
447 # Fully qualified class name of a trust manager class that is used to validate server certificates.
448 # If configured, the system trustore of the JVM and the trustore configured above are not used.
449 ManagerClass: ""
450
451
452
453# == Workflow Settings ==
454#
455Workflow:
456 # Can completed cases and tasks be seen by substitutes of the user who worked on them?
457 # [enum: VISIBLE, INVISIBLE]
458 History.ForSubstitutes: VISIBLE
459
460
461# == Failure Behaviour ==
462#
463SystemTask:
464 #
465 # Defines the behaviour in case a system task fails.
466 #
467 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
468 Failure.Behaviour: FAIL_TASK_DO_RETRY
469 #
470 # Interval in seconds between executions of the search job for system tasks.
471 # The job searches system tasks that were not executed because of failures.
472 #
473 SearchJob.Interval: 900
474
475
476
477# == Thread Pools Settings ==
478#
479ThreadPool:
480 #
481 # Executes process engine background operations like Database, WebService calls, etc.
482 BackgroundOperationExecutor:
483 # Minimum number of threads
484 CorePoolSize: 5
485 # Maximum number of threads
486 MaximumPoolSize: 200
487 # Executes unscheduled jobs
488 ImmediateJobExecutor:
489 # Minimum number of threads
490 CorePoolSize: 5
491 # Maximum number of threads
492 MaximumPoolSize: 50
493 # Executes scheduled jobs
494 ScheduledJobExecutor:
495 # Minimum number of threads
496 CorePoolSize: 5
497
498
499
500# == Update Checker Settings ==
501#
502# When newer Axon Ivy versions are available, a message will be displayed on the Axon Ivy Engine main web page.
503# The update message contains information about the new versions and where those can be downloaded.
504#
505# While checking for new versions the following statistic information is sent to the update server.
506# This information is only used to improve the product!
507# - Engine (version, up time)
508# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
509# - Licence information (number, organisation, individual)
510# - Operating system information (name, version, architecture, number of processors)
511# - System database (product name and version, driver, identification number)
512# - Java memory information (maximum heap memory, maximum non heap memory)
513# - JVM (Java virtual machine) information (version, vendor, name)
514# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
515#
516UpdateChecker:
517 #
518 # Shall update notification messages be shown and statistic information sent to the update server?
519 Enabled: true
520 #
521 # Time of day when a update check will be executed
522 # The engine must be running at this time otherwise the update check will not be executed.
523 # Format is hh:mm. e.g. "02:00" or "14:15"
524 # [daytime]
525 ExecutionTime: ""
526
527
528Boot:
529 # Switch to maintencance mode if a configuration problem is detected during startup.
530 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
531 # [enum: AUTO, DISABLED]
532 MaintenanceMode: AUTO
533
534
535Cluster:
536 #
537 # The name of this node.
538 # If not configured, a random name is generated.
539 # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
540 # https://developer.axonivy.com/doc/10.0/engine-guide/integration/cluster
541 # [restart required]
542 NodeName: ""
543 #
544 # The name of the cluster.
545 # It is used to find and communicate with other nodes of the same cluster.
546 # Multiple clusters located in the same network must have different cluster names.
547 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
548 # [restart required]
549 Name: "IvyCluster"
550
551
552# The purpose of a reverse proxy is to provide a single point of entry for
553# one or more services from outside the network. The reverse proxy receives all requests from the
554# clients and forwards them to the Axon Ivy Engine which handles them.
555# https://developer.axonivy.com/doc/10.0/engine-guide/integration/reverse-proxy
556# [restart required]
557ReverseProxy:
558 # HTTP headers which are interpreted by the Axon Ivy Engine to generate the correct URLs for links and redirects.
559 # [restart required]
560 HttpHeaders:
561 # Name of the HTTP Header for identifying the originating IP address of a client connecting to the reverse proxy server.
562 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
563 # [examples: X-Forwarded-For]
564 ForwardedFor: X-Forwarded-For
565 # Name of the HTTP header for identifying the original host requested by the client. Not needed if the reverse proxy preserves the original host in the 'Host' HTTP Header.
566 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
567 # [examples: X-Forwarded-Host]
568 ForwardedHost: X-Forwarded-Host
569 # Name of the HTTP header used to represent the port number used by the client for the request. Not needed if your reverse proxy uses standard ports (80, 443). Only in charge when the HTTP Header of 'ForwardedProtocol' is also set on request.
570 # [examples: X-Forwarded-Port]
571 ForwardedPort: X-Forwarded-Port
572 # Name of the HTTP header for identifying the protocol used between the client and the reverse proxy server.
573 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
574 # [examples: X-Forwarded-Proto, X-Forwarded-Ssl, X-Forwarded-Protocol, Front-End-Https, X-Url-Scheme]
575 ForwardedProtocol: X-Forwarded-Proto
576 # Value of the 'ForwardedProtocol' header to indicate that it is an HTTPS request.
577 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
578 # [examples: https, "on"]
579 ForwardedProtocolHttps: https