ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1# yaml-language-server: $schema=https://json-schema.axonivy.com/ivy/11.3.13/ivy.json
2#
3# -------------------------------------------
4# Axon Ivy Engine Configuration
5# -------------------------------------------
6#
7# This file shows configurations of the Axon Ivy Engine and its external systems.
8# https://developer.axonivy.com/doc/11.3/engine-guide/configuration/
9#
10# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
11# them to your needs.
12# https://developer.axonivy.com/doc/11.3/engine-guide/configuration/files/ivy-yaml.html
13#
14# By default, the engine is pre-configured to run in demo mode.
15# To run an engine in a productive environment, at least the system database
16# has to be configured.
17#
18# SECRETS / PASSWORDS:
19# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
20# This applies a reversible encryption private to this Ivy Engine.
21# You cannot copy the encrypted values from one engine to another.
22# Example:
23# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
24# https://developer.axonivy.com/doc/11.3/engine-guide/configuration/advanced-configuration.html#passwords
25#
26# OVERRIDING:
27# Any configuration value provided here can be set in alternative sources.
28# * environment variables: of the operating system can set app config entries.
29# Their key must be prefixed with 'IVY_'.
30# For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
31# https://developer.axonivy.com/doc/11.3/engine-guide/configuration/advanced-configuration.html#overriding-configuration
32#
33
34# Axon Ivy requires a System Database to store the state of running workflow applications.
35# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials are mandatory.
36# [restart required]
37SystemDb:
38 # JDBC URL
39 # [examples: jdbc:postgresql://localhost:5432/AxonIvySystemDatabase, jdbc:sqlserver://localhost:1433;databaseName=AxonIvySystemDatabase, jdbc:mariadb://localhost:3306/AxonIvySystemDatabase, jdbc:mysql://localhost:3306/AxonIvySystemDatabase, jdbc:oracle:thin:@//localhost:1521/ServiceName, jdbc:oracle:thin:@localhost:1521:ServiceId, jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ServiceName)(SERVER=DEDICATED)))]
40 Url: ""
41 # Name of the technical user to connect to system database on behalf of the engine.
42 # [examples: ivy, AxonIvy, workflowengine]
43 UserName: ""
44 # Password for the technical user (see UserName).
45 Password: ""
46 # Defines how long ivy should wait (in seconds) at startup for the db server to be available
47 BootTimeout: 60
48 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
49 Driver: ""
50 # Additional driver specific connection properties.
51 DriverProperties:
52 # Maximum number of connections to the system database.
53 MaxConnections: 50
54 Creation:
55 # If set to true, the system database will be created on startup, if it does not exist.
56 Enabled: true
57 # Password which will be taken to create the system database (only for Oracle).
58 Password: ""
59 # Tablespace which will be used (only for Oracle).
60 Tablespace: ivy
61 # Username which will be taken to create the system database (only for Oracle).
62 UserName: ""
63
64# Administrators can configure, monitor and manage the Axon Ivy Engine.
65# The default administrator in demo mode is 'admin' with password 'admin'.
66Administrators:
67# # example Administrator
68# exampleAdministrator:
69# # Will be used to send info mails like license expiration
70# Email: ""
71# # Used to display a nice name for this user
72# FullName: ""
73# # For security reasons, please hash the password(s) using "${hash:mySecret}"
74# # The real password cannot be recovered from the hash.
75# # [examples: "${hash:mySecret}"]
76# Password: ""
77#
78
79SecuritySystems:
80 # 'default' security system which exists always
81 default:
82 # The security system slug name which will be used in URL as prefix for all resources which are part of the security system.
83 # If not set, then the security system name will be choosen.
84 # Only for the default security context this is empty, by default.
85 UrlPath:
86 IdentityProvider:
87 # The Security System manages the user and roles in the system database.
88 # For the Ivy Security System, no additional configuration is needed.
89 # For any other Security System, further configuration is need to integrate such a system.
90 # [examples: ivy, microsoft-active-directory, novell-edirectory, microsoft-entra-id]
91 Name: ivy
92
93 # The notification channel settings including their default subscription settings which apply to all users.
94 Notification:
95 # Settings for cleaning up notifications.
96 Cleanup:
97 # Notifications older than this will be deleted on a daily basis.
98 DaysUntilDeletion: 90
99
100 # Settings for an individual Channel.
101 # [examples: web, mail, microsoft-teams]
102 Channels:
103 mail:
104 # Name of the channel.
105 # [examples: web, mail, microsoft-teams]
106 Name: ""
107 # Whether the channel is enabled or not.
108 Enabled: false
109 # The default subscription settings.
110 Events:
111 # Whether all events are enabled or not.
112 # [enum: enabled, disabled]
113 AllKinds: disabled
114 # Array of subscribed events.
115 # [examples: new-task]
116 Kinds:
117
118 microsoft-teams:
119 # Name of the channel.
120 # [examples: web, mail, microsoft-teams]
121 Name: ""
122 # Whether the channel is enabled or not.
123 Enabled: false
124 # The default subscription settings.
125 Events:
126 # Whether all events are enabled or not.
127 # [enum: enabled, disabled]
128 AllKinds: disabled
129 # Array of subscribed events.
130 # [examples: new-task]
131 Kinds:
132
133 web:
134 # Name of the channel.
135 # [examples: web, mail, microsoft-teams]
136 Name: ""
137 # Whether the channel is enabled or not.
138 Enabled: false
139 # The default subscription settings.
140 Events:
141 # Whether all events are enabled or not.
142 # [enum: enabled, disabled]
143 AllKinds: disabled
144 # Array of subscribed events.
145 # [examples: new-task]
146 Kinds:
147
148 UserSynch:
149 # Shall we synchronize a user with the Identity Provider at login?
150 # If the user does not exist yet, he will be synchronized anyway.
151 # In case of slow Identity Provider connections, it can make sense to set this to false.
152 OnLogin: true
153 OnSchedule:
154 # Unix Cron expression for the user synchronization.
155 # Format is: minutes, hours, day of month, month, day of the week. e.g. "32 13 * * *" is everyday at 13:32
156 Cron: 0 0 * * *
157 # Shall we run the daily Identity Provider user synchronization job?
158 # When the synchronization runs is defined by 'Cron'.
159 Enabled: true
160 # Shall we import NEW users with the Identity Provider on schedule?
161 # This setting does not affect synchronization of existing users.
162 # If ImportUsers is set to:
163 # true: NEW users are imported on schedule.
164 # If a user has not yet been imported by the user synchronization job, she is also imported the first time she logs in.
165 # false: NEW users are not imported on schedule.
166 # Instead, a NEW user is only imported the first time she logs in.
167 ImportUsers: true
168
169 DocumentStorage:
170 # The document storage defines where the workflow documents should be stored.
171 # [enum: local, s3]
172 Name: local
173
174 # The default language settings, which applies to all users, who have not explicitly set this in their profile settings.
175 Language:
176 # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
177 # [examples: en, en_GB, en_US, de, de_CH, de_AT, de_DE, fr, vi]
178 Content: en
179 # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
180 # [examples: en, en_GB, en_US, de, de_CH, de_AT, de_DE, fr, vi]
181 Formatting: en_GB
182
183# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
184# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
185# This is necessary because ivy cannot reliably detect such a URL from within itself.
186# [examples: https://yourdomain.com/]
187BaseUrl: ""
188# Single Sign-on allows to auto login users.
189# A reverse proxy has to be installed in front of the Axon Ivy Engine.
190# It is responsible for authenticating the user.
191# The name of the user must then be transmitted as a HTTP header.
192# !! Assert exclusive access to the Axon Ivy Engine otherwise attackers can easily login as another user.
193# https://developer.axonivy.com/doc/11.3/engine-guide/integration/single-sign-on
194# [restart required]
195SSO:
196 # Whether SSO is enabled
197 Enabled: false
198 # name of the HTTP header with the username that has to be provided by the reverse proxy
199 UserHeader: X-Forwarded-User
200
201# The purpose of a reverse proxy is to provide a single point of entry for
202# one or more services from outside the network. The reverse proxy receives all requests from the
203# clients and forwards them to the Axon Ivy Engine which handles them.
204# https://developer.axonivy.com/doc/11.3/engine-guide/integration/reverse-proxy
205# [restart required]
206ReverseProxy:
207 # HTTP headers which are interpreted by the Axon Ivy Engine to generate the correct URLs for links and redirects.
208 # [restart required]
209 HttpHeaders:
210 # Name of the HTTP Header for identifying the originating IP address of a client connecting to the reverse proxy server.
211 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
212 # [examples: X-Forwarded-For]
213 ForwardedFor: X-Forwarded-For
214 # Name of the HTTP header for identifying the original host requested by the client. Not needed if the reverse proxy preserves the original host in the 'Host' HTTP Header.
215 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
216 # [examples: X-Forwarded-Host]
217 ForwardedHost: X-Forwarded-Host
218 # Name of the HTTP header used to represent the port number used by the client for the request. Not needed if your reverse proxy uses standard ports (80, 443). Only in charge when the HTTP Header of 'ForwardedProtocol' is also set on request.
219 # [examples: X-Forwarded-Port]
220 ForwardedPort: X-Forwarded-Port
221 # Name of the HTTP header for identifying the protocol used between the client and the reverse proxy server.
222 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
223 # [examples: X-Forwarded-Proto, X-Forwarded-Ssl, X-Forwarded-Protocol, Front-End-Https, X-Url-Scheme]
224 ForwardedProtocol: X-Forwarded-Proto
225 # Value of the 'ForwardedProtocol' header to indicate that it is an HTTPS request.
226 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
227 # [examples: https, "on"]
228 ForwardedProtocolHttps: https
229
230SSL:
231 Client:
232 # Manipulates the JVMs default SSLSocketFactory, so that untrusted (self signed or outdated) certificates are silently accepted.
233 # This could for instance be useful to generate a Webservice stub from an insecure WSDL location.
234 EnableInsecureSSL: false
235 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
236 # An SSL client authenticates a server by using the certificates in a trust store.
237 # Self signed or signed by an unknown certification authority can be added to this trustore.
238 TrustStore:
239 Algorithm: PKIX
240 File: configuration/truststore.p12
241 # Password to access the store.
242 # [password]
243 Password: changeit
244 Provider: ""
245 Type: PKCS12
246
247 # A key store is used to read client keys (certificates).
248 # This is only required if a remote server requests a client certificate in order to authenticate the client.
249 KeyStore:
250 Algorithm: SunX509
251 File: configuration/keystore.p12
252 # Password of the 'ivy' certificate.
253 # [password]
254 KeyPassword: changeit
255 # Password to access the store.
256 # [password]
257 Password: changeit
258 Provider: ""
259 Type: PKCS12
260 UseCustom: false
261
262Deployment:
263 # Directory where the server watches for files to deploy.
264 # You can specify a remote network location using a UNC path.
265 # https://developer.axonivy.com/doc/11.3/engine-guide/deployment
266 # [examples: //servername/share/file]
267 Directory: deploy
268 Backup:
269 # The number of backups of deployed projects that are kept on disk
270 # n < 0: infinite number of backups are kept
271 # n = 0: No backups are made or kept
272 # n > 0: Number of backups that are kept.
273 Keep: 5
274
275Data:
276 # Folder where applications are stored, unless otherwise defined in application specific configuration.
277 #
278 # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applicationsAbsolute and relative paths (to the engine root directory) are supported,
279 # we recommend to use locations outside the engine root directory to facilitate migrations.
280 # !! STOP YOUR ENGINE before changing this setting !!
281 # [restart required]
282 AppDirectory: applications
283 # Folder where runtime data will be stored.Absolute and relative paths (to the engine root directory) are supported,
284 # we recommend to use locations outside the engine root directory to facilitate migrations.
285 # !! STOP YOUR ENGINE before changing this setting !!
286 # [restart required]
287 Directory: data
288 # Root folder where application data files are stored.
289 # A change in this setting will NOT move existing application files to the new location.
290 # You have to move existing files manually to the new directory.
291 #
292 # If not set, the files will be stored beneath each application's file directory.Absolute and relative paths (to the engine root directory) are supported,
293 # we recommend to use locations outside the engine root directory to facilitate migrations.
294 # !! STOP YOUR ENGINE before changing this setting !!
295 # [restart required]
296 FilesDirectory: ""
297
298DataCache:
299 # Invalidate data cache groups and entries.
300 # Checks if the lifetime of caches has ended and invalidates them.
301 # You can set the delay in milliseconds between each check.
302 # This delay has to be greater than 0.
303 InvalidationInterval: 60000
304
305# Axon Ivy uses an Elasticsearch instance to provide scalable full text search capabilities.
306# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
307# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
308Elasticsearch:
309 # The bundled Elasticsearch server...
310 # - is started in a separate JVM when a feature requires Elasticsearch.
311 # - reachable only on 'localhost' but the access is unprotected.
312 # - JVM arguments used to start the bundled Elasticsearch server can be configured in the 'elasticsearch/config/jvm.options' file.
313 # [restart required]
314 BundledServer:
315 # Path to the directory where the bundled Elasticsearch server stores data.
316 # It is recommended to configure a data directory that is located outside of
317 # the Engine installation directory to ease the Engine migration to newer versions.
318 # [restart required]
319 DataPath: elasticsearch/data
320 # Name of the cluster of the bundled Elasticsearch server.
321 # [restart required]
322 ClusterName: ivy-elasticsearch-{uid}
323 # Port to communicate with bundled Elasticsearch server
324 # AUTO: A free port in port range 19200-19299 is searched automatically.
325 # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
326 # Make sure it is free.
327 # [restart required]
328 Port: AUTO
329
330 # Configure access to your own Elasticsearch server if you want to use it instead of the bundled server.
331 #
332 # To install your own Elasticsearch server follow these steps
333 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup.html
334 #
335 # Currently, Axon Ivy supports Elasticsearch server versions in the 7.17.x range.
336 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
337 # You can achieve that with a front-end webserver like NGINX for Elasticsearch that enforces basic authentication.
338 # [restart required]
339 ExternalServer:
340 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
341 # [restart required]
342 Url: ""
343 # Name of the user to use to authenticate in the external Elasticsearch server
344 UserName: ""
345 # Password of the user to use to authenticate in the external Elasticsearch server.
346 # [examples: "${encrypt:}"]
347 # [password]
348 Password: ""
349
350 # Settings for the indexes that are created in Elasticsearch.
351 Index:
352 # The name prefix for the indexes.
353 # If multiple Ivy Engines use the same Elasticsearch server instance, you need to define unique NamePrefixes per engine.
354 # You might add the engine host name as part of the name prefix, i.e. 'servername'
355 # [restart required]
356 NamePrefix: ivy
357 Reindex:
358 # The size of the queue that is used to store objects read from the database until they are written to the Elasticsearch
359 # [restart required]
360 QueueSize: 10000
361 # The number of objects that Ivy reads in one batch from the system database.
362 # [restart required]
363 ReadWindowSize: 1000
364 # The number of objects that Ivy writes in one batch to Elasticsearch.
365 # [restart required]
366 WriteWindowSize: 1000
367
368 # If BusinessData are not well modeled for Elasticsearch, you may have to increase the 'total_fields.limit' of the mapping.
369 # Performance may decrease. If you change this setting, you need to reindex all business data in Engine Cockpit.
370 # [restart required]
371 TotalFieldsLimit: 4000
372
373 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
374 Client:
375 # Maximum seconds to wait until a connection to Elasticsearch can be established.
376 # [restart required]
377 ConnectTimeout: 10
378 # Maximum seconds to wait for data to be sent by Elasticsearch.
379 # Raise this value if large datasets are expected.
380 # [restart required]
381 ReadTimeout: 30
382
383EMail:
384 Server:
385 Host: ""
386 Port: -1
387 # Email address that will be used for emails sent by the server (e.g. task notification emails)
388 MailAddress: noreply@ivyserver.local
389 User: guest
390 # The password for the mail user
391 # [password]
392 Password: ""
393 # [enum: NONE, START_TLS, SSL]
394 EncryptionMethod: NONE
395 # Additional properties which will be set on the mail session
396 # Read https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
397 SessionProperties:
398 mail.smtp.auth.xoauth2.disable: false
399
400 # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
401 SSL:
402 KeyAlias: ""
403 UseKey: false
404
405# Detection of Axon Ivy versions. Available updates are listed on the Axon Ivy Engine main web page.
406UpdateChecker:
407 # Shall update notification messages be shown and statistic information sent to the update server?
408 #
409 # While checking for new versions the following statistic information is sent to the update server.
410 # This information is only used to improve the product!
411 # - Engine (version, up time)
412 # - Configuration (number of: cluster nodes, users, licensed users, applications, process model, process model version, deleted process model version, running cases, running tasks)
413 # - Licence information (number, organisation, individual)
414 # - Operating system information (name, version, architecture, number of processors)
415 # - System database (product name and version, driver, identification number)
416 # - Java memory information (maximum heap memory, maximum non heap memory)
417 # - JVM (Java virtual machine) information (version, vendor, name)
418 # - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
419 Enabled: true
420 # Time of day when a update check will be executed
421 # The engine must be running at this time otherwise the update check will not be executed.
422 # Format is hh:mm.
423 # [daytime]
424 # [examples: 02:00, 14:15]
425 ExecutionTime: ""
426
427Cluster:
428 # The name of the cluster.
429 # It is used to find and communicate with other nodes of the same cluster.
430 # Multiple clusters located in the same network must have different cluster names.
431 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
432 # [restart required]
433 Name: IvyCluster
434 # The name of this node.
435 # If not configured, a random name is generated.
436 # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
437 # https://developer.axonivy.com/doc/11.3/engine-guide/integration/cluster
438 # [restart required]
439 NodeName: ""
440
441# When an error occurs while processing a user request, an error screen is displayed to the user.
442# The displayed error page can be customized for your needs:
443# https://developer.axonivy.com/doc/11.3/engine-guide/configuration/files/web-xml.html
444Errors:
445 # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
446 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
447 # For security reasons, normal users should not see technical implementation details.
448 # But in development or pre-production environments, it might be safe to show the full error details directly to the end user.
449 ShowDetailsToEndUser: false
450
451Persistence:
452 JPA:
453 # Persist ivyScript auto initialized fields with NULL values. Affects types:
454 # - ch.ivyteam.ivy.scripting.objects.Date
455 # - ch.ivyteam.ivy.scripting.objects.DateTime
456 # - ch.ivyteam.ivy.scripting.objects.Time
457 # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
458 defaultInitializedAsNull: true
459
460ProcessEngine:
461 FiringStatistic:
462 # If set to true, a process element statistic is written periodically to the log directory.
463 # May impact server performance.
464 Active: false
465 # Interval in seconds the 'process element statistic' is written to the log directory
466 Interval: 300
467
468Boot:
469 # Switch to maintencance mode if a configuration problem is detected during startup.
470 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
471 # [enum: AUTO, DISABLED]
472 MaintenanceMode: AUTO
473
474Workflow:
475 History:
476 # Can completed cases and tasks be seen by substitutes of the user who worked on them?
477 # [enum: VISIBLE, INVISIBLE]
478 ForSubstitutes: VISIBLE
479
480ThreadPool:
481 # Executes process engine background operations like Database, WebService calls, etc.
482 BackgroundOperationExecutor:
483 # Minimum number of threads
484 CorePoolSize: 5
485 # Maximum number of threads
486 MaximumPoolSize: 200
487
488 # Executes unscheduled jobs
489 ImmediateJobExecutor:
490 # Minimum number of threads
491 CorePoolSize: 5
492 # Maximum number of threads
493 MaximumPoolSize: 50
494
495 # Executes scheduled jobs
496 ScheduledJobExecutor:
497 # Minimum number of threads
498 CorePoolSize: 5
499
500SystemTask:
501 Failure:
502 # Defines the behaviour in case a system task fails.
503 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
504 Behaviour: FAIL_TASK_DO_RETRY
505
506 SearchJob:
507 # Interval in seconds between executions of the search job for system tasks.
508 # The job searches system tasks that were not executed because of failures.
509 Interval: 900
510
511# Configures the RESTful services provided.
512REST:
513 Servlet:
514 # Controls the REST servlet interface. If disabled no REST resources will be accessible.
515 # Calls to remote REST services are still possible.
516 # [restart required]
517 Enabled: true
518 # Controls whether the REST resources provided by the Axon Ivy Engine should be available or not
519 # [restart required]
520 API: true
521 # Controls whether the REST resource for remote deployment under '/system/api/apps/{application} is available or not
522 # [restart required]
523 Deployment: true
524 # Cross Site Request Forgery (CRSF) settings
525 # [restart required]
526 CSRF:
527 # Provides the general CSRF protection via 'X-Requested-By' header for REST services.
528 # [restart required]
529 Protection: true
530
531 # Allows the service developer to get diagnostic information about request processing by Jersey.
532 # Those diagnostic/tracing information are returned in response headers (X-Jersey-Tracing-nnn).
533 # On productive environments this feature should not be turned on.
534 # [restart required]
535 # [enum: OFF, ON_DEMAND, ALL]
536 Tracing: 'OFF'
537
538Session:
539 # Session identifier will be renewed on login to prevent the 'Session Fixation' attack.
540 RenewIdOnLogin: true
541
542WebServer:
543 # Name of the Ivy servlet context. Use a simple name without any special characters.
544 # [restart required]
545 # [examples: ivy, workflow]
546 IvyContextName: ""
547
548OfflineDialog:
549 # Disable it if you don't use the Mobile Offline Dialog feature.
550 # [restart required]
551 Enabled: true
552
553Connector:
554 # https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
555 # [restart required]
556 HTTP:
557 # Whether the HTTP connector is enabled.
558 # [restart required]
559 Enabled: true
560 # The TCP port number on which this Connector will create a server socket and await incoming connections.
561 # [restart required]
562 Port: 8080
563 # The maximum length of the operating system provided queue for incoming connection requests when maxConnections has been reached.
564 # [restart required]
565 AcceptCount: 100
566 # For servers with more than one IP address, this attribute specifies which address will be used for listening
567 # on the specified port.
568 # By default, the connector will listen all local addresses.
569 # [restart required]
570 # [examples: 0.0.0.0, ::]
571 Address: ""
572 # A boolean value which can be used to enable or disable the TRACE HTTP method.
573 # [restart required]
574 AllowTrace: false
575 # The value is a comma separated list of MIME types for which HTTP compression may be used.
576 # [restart required]
577 CompressibleMimeType: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml
578 # The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth.
579 # [restart required]
580 # [examples: on, off, force]
581 Compression: 'off'
582 # The number of seconds during which the sockets used by this Connector will linger when they are closed. The default value is -1 which disables socket linger.
583 # [restart required]
584 ConnectionLinger: -1
585 # The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented.
586 # [restart required]
587 ConnectionTimeout: 60000
588 # This flag allows the servlet container to use a different, usually longer connection timeout during data upload.
589 # [restart required]
590 DisableUploadTimeout: true
591 # Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client.
592 # Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance).
593 # [restart required]
594 EnableLookups: false
595 # Provides the default value for maxHttpRequestHeaderSize and maxHttpResponseHeaderSize.
596 # [restart required]
597 MaxHttpHeaderSize: 8192
598 # The maximum number of HTTP requests which can be pipelined until the connection is closed by the server.
599 # Setting this attribute to 1 will disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.
600 # Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.
601 # [restart required]
602 MaxKeepAliveRequests: 100
603 # The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing.
604 # The limit can be disabled by setting this attribute to a value less than zero.
605 # [restart required]
606 MaxPostSize: 2097152
607 # The maximum size in bytes of the request body which will be saved/buffered by
608 # the container during FORM or CLIENT-CERT authentication or during HTTP/1.1 upgrade.
609 # [restart required]
610 MaxSavePostSize: 4096
611 # The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled.
612 # [restart required]
613 MaxThreads: 200
614 # The minimum number of threads always kept running. This includes both active and idle threads.
615 # [restart required]
616 MinSpareThreads: 10
617 # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
618 # for which compression should not be used.
619 # [restart required]
620 NoCompressionUserAgents: ""
621 # If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName().
622 # [restart required]
623 ProxyName: ""
624 # If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().
625 # [restart required]
626 ProxyPort:
627 # If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.
628 # [restart required]
629 RedirectPort: 8443
630 # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
631 # for which HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients advertise support for these features.
632 # [restart required]
633 RestrictedUserAgents: ""
634 # Overrides the Server header for the http response.
635 # If set, the value for this attribute overrides any Server header set by a web application.
636 # If not set, any value specified by the application is used.
637 # If the application does not specify a value then no Server header is set.
638 # [restart required]
639 Server: ""
640 # If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances.
641 # [restart required]
642 TcpNoDelay: true
643 # The priority of the request processing threads within the JVM.
644 # [restart required]
645 ThreadPriority: 5
646 # This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL.
647 # [restart required]
648 URIEncoding: UTF-8
649 # This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding.
650 # [restart required]
651 UseBodyEncodingForURI: false
652 # Set this attribute to true to cause Tomcat to use the IP address that the request was received on to determine the Host to send the request to.
653 # [restart required]
654 UseIPVHosts: false
655 # Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification.
656 # [restart required]
657 XpoweredBy: false
658
659 # https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
660 # [restart required]
661 HTTPS:
662 # Whether the HTTPS connector is enabled.
663 # [restart required]
664 Enabled: false
665 # The TCP port number on which this Connector will create a server socket and await incoming connections.
666 # [restart required]
667 Port: 8443
668 # The maximum length of the operating system provided queue for incoming connection requests when maxConnections has been reached.
669 # [restart required]
670 AcceptCount: 100
671 # For servers with more than one IP address, this attribute specifies which address will be used for listening
672 # on the specified port.
673 # By default, the connector will listen all local addresses.
674 # [restart required]
675 # [examples: 0.0.0.0, ::]
676 Address: ""
677 # A boolean value which can be used to enable or disable the TRACE HTTP method.
678 # [restart required]
679 AllowTrace: false
680 #
681 # [restart required]
682 ClientAuth: NONE
683 # The value is a comma separated list of MIME types for which HTTP compression may be used.
684 # [restart required]
685 CompressibleMimeType: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml
686 # The Connector may use HTTP/1.1 GZIP compression in an attempt to save server bandwidth.
687 # [restart required]
688 # [examples: on, off, force]
689 Compression: 'off'
690 # The number of seconds during which the sockets used by this Connector will linger when they are closed. The default value is -1 which disables socket linger.
691 # [restart required]
692 ConnectionLinger: -1
693 # The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented.
694 # [restart required]
695 ConnectionTimeout: 60000
696 # This flag allows the servlet container to use a different, usually longer connection timeout during data upload.
697 # [restart required]
698 DisableUploadTimeout: true
699 # Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client.
700 # Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance).
701 # [restart required]
702 EnableLookups: false
703 # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
704 # for which HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients advertise support for these features.
705 # [restart required]
706 RestrictedUserAgents: ""
707 # The name of the protocol to support when communicating with clients.
708 # If you need a fine granular selection of multiple protocols, use the 'SslHostConfig.Protocols' property.
709 # [restart required]
710 # [examples: TLS, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
711 SslProtocol: TLS
712 SslHostConfig:
713 # The names of the protocols to support when communicating with clients.
714 # Multiple protocols can be enabled by separating them with a comma.
715 # [restart required]
716 # [examples: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, all]
717 Protocols: all
718
719 #
720 # [restart required]
721 KeyAlias: ""
722 # [password]
723 # [restart required]
724 KeyPass: ""
725 #
726 # [restart required]
727 KeystoreFile: configuration/keystore.p12
728 # [password]
729 # [restart required]
730 KeystorePass: changeit
731 #
732 # [restart required]
733 KeystoreType: pkcs12
734 # Provides the default value for maxHttpRequestHeaderSize and maxHttpResponseHeaderSize.
735 # [restart required]
736 MaxHttpHeaderSize: 8192
737 # The maximum number of HTTP requests which can be pipelined until the connection is closed by the server.
738 # Setting this attribute to 1 will disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.
739 # Setting this to -1 will allow an unlimited amount of pipelined or keep-alive HTTP requests.
740 # [restart required]
741 MaxKeepAliveRequests: 100
742 # The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing.
743 # The limit can be disabled by setting this attribute to a value less than zero.
744 # [restart required]
745 MaxPostSize: 2097152
746 # The maximum size in bytes of the request body which will be saved/buffered by
747 # the container during FORM or CLIENT-CERT authentication or during HTTP/1.1 upgrade.
748 # [restart required]
749 MaxSavePostSize: 4096
750 # The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled.
751 # [restart required]
752 MaxThreads: 200
753 # The minimum number of threads always kept running. This includes both active and idle threads.
754 # [restart required]
755 MinSpareThreads: 10
756 # The value is a regular expression (using java.util.regex) matching the user-agent header of HTTP clients
757 # for which compression should not be used.
758 # [restart required]
759 NoCompressionUserAgents: ""
760 # If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName().
761 # [restart required]
762 ProxyName: ""
763 # If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().
764 # [restart required]
765 ProxyPort:
766 # If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.
767 # [restart required]
768 RedirectPort: 8443
769 # Overrides the Server header for the http response.
770 # If set, the value for this attribute overrides any Server header set by a web application.
771 # If not set, any value specified by the application is used.
772 # If the application does not specify a value then no Server header is set.
773 # [restart required]
774 Server: ""
775 # If set to true, the TCP_NO_DELAY option will be set on the server socket, which improves performance under most circumstances.
776 # [restart required]
777 TcpNoDelay: true
778 # The priority of the request processing threads within the JVM.
779 # [restart required]
780 ThreadPriority: 5
781 #
782 # [restart required]
783 TruststoreFile: ""
784 # [password]
785 # [restart required]
786 TruststorePass: ""
787 #
788 # [restart required]
789 TruststoreType: JKS
790 # This specifies the character encoding used to decode the URI bytes, after %xx decoding the URL.
791 # [restart required]
792 URIEncoding: UTF-8
793 # This specifies if the encoding specified in contentType should be used for URI query parameters, instead of using the URIEncoding.
794 # [restart required]
795 UseBodyEncodingForURI: false
796 # Set this attribute to true to cause Tomcat to use the IP address that the request was received on to determine the Host to send the request to.
797 # [restart required]
798 UseIPVHosts: false
799 # Set this attribute to true to cause Tomcat to advertise support for the Servlet specification using the header recommended in the specification.
800 # [restart required]
801 XpoweredBy: false