ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1#
2# -------------------------------------------
3# Axon Ivy Engine Configuration
4# -------------------------------------------
5#
6# This file shows configurations of the Axon Ivy Engine and its external systems.
7# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/
8#
9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
10# them to your needs.
11# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/files/ivy-yaml.html
12#
13# By default the engine is pre-configured to run in demo mode.
14# To run an engine in a productive environment at least the system database
15# must be configured.
16#
17# SECRETS / PASSWORDS:
18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
19# * to encrypt the string myPassword write "${encrypt:myPassword}"
20# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/advanced-configuration.html#passwords
21#
22# OVERRIDING:
23# Any configuration value provided here can be set in alternative sources.
24# * environment variables: of the operating system can set app config entries.
25# Their key must be prefixed with 'IVY_'.
26# E.g. use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
27# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/advanced-configuration.html#overriding-configuration
28#
29
30
31
32# == System Database Settings ==
33#
34# Axon Ivy requires a System Database to store the state of running workflow applications.
35#
36# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
37# that are able to connect to the database are mandatory.
38#
39# [restart required]
40SystemDb:
41 # JDBC URL
42 Url: ""
43 # Name of the user to connect to system database. E.g. root, sa, admin, ivy, AxonIvy
44 # e.g. root
45 UserName: ""
46 # Password of the user to connect to the system database.
47 # e.g. "${encrypt:1234}"
48 # [password]
49 Password: ""
50 # If set to true the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
51 Autoconvert: false
52 # Defines how long ivy should wait (in seconds) at startup for the availability of the db server
53 BootTimeout: 60
54 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
55 Driver: ""
56 # Additional driver specific connection properties.
57 DriverProperties: {}
58 # Maximum number of connections to the system database.
59 MaxConnections: 50
60
61
62
63# == Adminstrators ==
64#
65# Administrators can configure, monitor and manage the Axon Ivy Engine.
66#
67# Email is used to send info mails like license expiration
68# FullName is used to display a nice name for this user.
69#
70# You should hash the password with "${hash:mySecret}".
71# The real password cannot be recovered from the hash.
72#
73# Default administrator in demo mode is 'admin' with password 'admin'
74#Administrators:
75# #Example admin user with username james and password mySecret
76# james:
77# Password: "${hash:mySecret}"
78# Email: info@localhost
79# FullName: James David
80
81
82
83# == Base Url ==
84#
85# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
86# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
87# This is necessary because ivy cannot reliably detect such a URL from within itself.
88BaseUrl: ""
89
90
91
92# == Single Sign-on ==
93#
94# Single Sign-on allows to auto login users. Therefore a reverse proxy
95# in front of the Axon Ivy Engine must be installed which is responsible to authenticate
96# the user. The name of the user must then be transmitted as HTTP header.
97# Attention: Ensure exclusive access to the Axon Ivy Engine otherwise
98# attackers can easily login as another user.
99# https://developer.axonivy.com/doc/9.3/engine-guide/integration/single-sign-on
100# [restart required]
101SSO:
102 # Whether SSO is enabled or not
103 Enabled: false
104 # name of the HTTP header with the username which must be set by the reverse proxy
105 UserHeader: X-Forwarded-User
106
107
108
109# == Deployment Setting ==
110#
111Deployment:
112 # Directory where the server watches for files to deploy.
113 # https://developer.axonivy.com/doc/9.3/engine-guide/deployment
114 #
115 # You may want to use a UNC path to specify a remote network location.
116 Directory: deploy
117
118 Backup:
119 # The number of backups of deployed projects that are kept on disk
120 # n < 0: infinite number of backups are kept
121 # n = 0: No backups are made or kept
122 # n > 0: Number of backups that are kept.
123 Keep: 5
124
125
126
127# == Data Settings ==
128#
129Data:
130 # Folder where applications are stored, unless otherwise defined in the deployment.
131 # To change this path, proceed as follows...
132 # 1. Adjust the path to point to its new location
133 # 2. Stop the running Engine immediatelly to avoid files being written to the old location
134 # 3. Move the existing applications to this new directory
135 # 4. Start the engine
136 # Absolute paths and relative paths are supported
137 # In demo mode not configurable and set to: [Data.WorkDirectory]/demo-applications
138 # [restart required] for existing apps
139 AppDirectory: applications
140 # Root folder where application files are stored.
141 # A change in this setting will NOT automatically move existing application files to the new location.
142 # A change will require to manually move existing files to the new directory.
143 # Absolute and relative (to the engine root directory) paths are supported.
144 # If not set the files will be stored underneath each application's file directory.
145 # [restart required] for existing apps
146 FilesDirectory: ""
147 # Directory where the server writes temporary working files to.
148 # [restart required]
149 WorkDirectory: work
150
151
152# == Data Cache Settings ==
153#
154DataCache:
155 # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
156 # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
157 InvalidationInterval: 60000
158
159
160# == Elasticsearch Settings ==
161#
162# Axon Ivy uses an Elasticsearch instance to provide a fast query interface against BusinessData.
163# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
164#
165# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
166#
167# [restart required] except for UserName and Password of ExternalServer
168Elasticsearch:
169 # The bundled Elasticsearch server...
170 # - is started in a separate JVM when a feature requires BusinessData access.
171 # - reachable only on 'localhost' but the access is unprotected.
172 # - JVM arguments used to start the bundled Elasticsearch server can be
173 # configured in the 'elasticsearch/config/jvm.options' file.
174 BundledServer:
175 # Path to the directory where the bundled Elasticsearch server stores data.
176 # It is recommended to configure a data directory that is located outsite of the Engine
177 # installation directory to ease the Engine migration to newer versions.
178 DataPath: elasticsearch/data
179 # Name of the cluster of the bundled Elasticsearch server.
180 ClusterName: ivy-elasticsearch-{uid}
181 # Whether the bundled Elasticsearch server should be started lazy or not.
182 # If set to true the bundled Elasticsearch server will be started on first usage
183 # otherwise the Elasticsearch server will be started on engine startup.
184 LazyStart: false
185 # A free port in a certain port range is searched automatically.
186 # However, you can also fix the port by defining a port number.
187 Port: AUTO
188
189 #
190 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
191 #
192 # To install your own Elasticsearch server follow these steps
193 # https://www.elastic.co/guide/en/elasticsearch/reference/current/setup.html
194 #
195 # Currently Axon Ivy supports Elasticsearch server versions in the 7.3.x range.
196 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
197 # You can achieve that with a front-end webserver like NGINX that enforces basic authentication.
198 ExternalServer:
199 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
200 Url: ""
201 # Name of the user to use to authenticate in the external Elasticsearch server
202 UserName: ""
203 # Password of the user to use to authenticate in the external Elasticsearch server.
204 # e.g. "${encrypt:}"
205 # [password]
206 Password: ""
207 # Defines how long ivy should wait (in seconds) for the availability of the external Elasticsearch server while booting.
208 BootTimeout: 60
209 # For every business data type an Elasticsearch index will be created. E.g. for type ch.ivy.Dossier the index name is <NamePrefix>-ch.ivy.dossier.
210 Index:
211 # The name prefix of the index to use to store business data.
212 # If multiple ivy Engines use the same Elasticsearch server instance, you need to change this property, that every ivy Engine has an unique indices.
213 NamePrefix: ivy.businessdata
214 Reindex:
215 # The number of business data objects that should be read in one batch from the system database
216 ReadWindowSize: 1000
217 # The number of business data objects that should be write in one batch to Elasticsearch
218 WriteWindowSize: 1000
219 # The size of the queue that is used to store business data objects read from the database
220 # until they are written to the Elasticsearch
221 QueueSize: 10000
222 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
223 Client:
224 # Maximum seconds to wait until a connection to Elastisearch can be established.
225 ConnectTimeout: 10
226 # Maximum seconds to wait for data sent by Elastisearch.
227 # Raise this value if large datasets are expected.
228 ReadTimeout: 30
229
230
231
232# == EMail Settings ==
233#
234EMail:
235 Server:
236 Host: ""
237 Port: -1
238 # Email address that will be used for emails sent by the server (e.g. task notification emails)
239 MailAddress: noreply@ivyserver.local
240 User: guest
241 # [password]
242 Password: ""
243 # [enum: NONE, START_TLS, SSL]
244 EncryptionMethod: NONE
245 SSL:
246 KeyAlias: ""
247 UseKey: false
248 DailyTaskSummary:
249 # Time of day when the task summary mails will be sent.
250 # The engine must be running at this time otherwise the daily task summary mails will not be sent.
251 # Format is hh:mm. e.g. "02:00" or "14:15"
252 # [daytime]
253 TriggerTime: "00:00"
254
255
256
257# == Show Error Messages To End Users Settings ==
258#
259# When an error occurs while processing a user request an error screen is displayed to the user.
260#
261# The displayed error page can be customized for your needs:
262# https://developer.axonivy.com/doc/9.3/engine-guide/configuration/files/web-xml.html
263#
264Errors:
265 # Whether stacktraces, detailed error reports, etc. should be shown to end users.
266 #
267 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
268 #
269 # For security reasons normal users should not see technical implementation details.
270 # But in development or pre-production environments it might be save to show the full error
271 # details directly to the end user.
272 ShowDetailsToEndUser: false
273
274
275
276# == Persistence Setting ==
277#
278Persistence:
279 JPA:
280 # Persist ivyScript auto initialized fields with NULL values. Affects types are...
281 # - ch.ivyteam.ivy.scripting.objects.Date
282 # - ch.ivyteam.ivy.scripting.objects.DateTime
283 # - ch.ivyteam.ivy.scripting.objects.Time
284 # If this option is disabled auto initialized values are stored as before Axon Ivy 6.4.
285 defaultInitializedAsNull: true
286
287
288
289# == Process Element Firing Statistic Settings ==
290#
291ProcessEngine:
292 FiringStatistic:
293 # If activated, a process element statistic is written periodically to the log-directory. If activated may slow down the server performance.
294 Active: false
295 # Interval in seconds the 'process element statistic' is written to the log directory
296 Interval: 300
297
298
299
300# == SSL Client Settings ==
301#
302SSL:
303 Client:
304 # A key store is used to read client keys (certificates).
305 # This is only required if a remote server requests a client certificate in order to authenticate the client.
306 KeyStore:
307 UseCustom: false
308 # [password]
309 KeyPassword: changeit
310 Algorithm: SunX509
311 File: configuration/keystore.p12
312 # [password]
313 Password: changeit
314 Provider: ""
315 Type: pkcs12
316 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
317 # An SSL client autenticates a server by using the certificates in a trust store.
318 # Self signed or signed by an unknown certification authority can be added to this trustore.
319 TrustStore:
320 File: configuration/truststore.p12
321 Algorithm: PKIX
322 # [password]
323 Password: changeit
324 Provider: ""
325 Type: pkcs12
326 # Full qualified class name of a trust manager class that is used to validate server certificates.
327 # If configured the system trustore of the JVM and the configured trustore are not in charge.
328 ManagerClass: ""
329
330
331
332# == Workflow Settings ==
333#
334Workflow:
335 # Whether done cases and tasks can be seen by substitutes of the user who has worked on them.
336 # [enum: VISIBLE, INVISIBLE]
337 History.ForSubstitutes: VISIBLE
338
339
340# == Failure Behaviour ==
341#
342SystemTask:
343 # Defines the behaviour in case a system task fails.
344 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
345 Failure.Behaviour: FAIL_TASK_DO_RETRY
346 # Interval in seconds between executions of the search job for system tasks.
347 # The job searches system tasks that were not executed because of failures.
348 SearchJob.Interval: 900
349
350
351
352# == Thread Pools Settings ==
353#
354ThreadPool:
355 # Executes process engine background operations like Database, WebService calls, etc.
356 BackgroundOperationExecutor:
357 # Minimum number of threads
358 CorePoolSize: 5
359 # Maximum number of threads
360 MaximumPoolSize: 200
361 # Executes unscheduled jobs
362 ImmediateJobExecutor:
363 # Minimum number of threads
364 CorePoolSize: 5
365 # Maximum number of threads
366 MaximumPoolSize: 50
367 # Executes scheduled jobs
368 ScheduledJobExecutor:
369 # Minimum number of threads
370 CorePoolSize: 5
371
372
373
374# == Update Checker Settings ==
375#
376# When newer Axon Ivy versions are available a message will be displayed on the Axon Ivy Engine main web page.
377# The update message contains information about the new versions and where those can be downloaded.
378#
379# While checking for new versions the following statistic information are sent to the update server.
380# These information are only used to improve the product:
381# - Engine (version, up time)
382# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
383# - Licence information (number, organisation, individual)
384# - Operating system information (name, version, architecture, number of processors)
385# - System database (product name and version, driver, identification number)
386# - Java memory information (maximum heap memory, maximum non heap memory)
387# - JVM (Java virtual machine) information (version, vendor, name)
388# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
389#
390UpdateChecker:
391 # Whether Update notification messages are shown and statistic information are sent to the update server
392 Enabled: true
393 # Time of day when a update check will be executed
394 # The engine must be running at this time otherwise the update check will not be executed.
395 # Format is hh:mm. e.g. "02:00" or "14:15"
396 # [daytime]
397 ExecutionTime: ""
398
399
400
401Boot:
402 # Switch to maintencance mode if a configuration problem is detected during startup.
403 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
404 # [enum: AUTO, DISABLED]
405 MaintenanceMode: AUTO
406
407
408
409Cluster:
410 # The name of this node.
411 # If not configured a random name is generated.
412 # The name of a node is also used as jvm route identifier, which is used by some load balancer to provide sticky sessions.
413 # https://developer.axonivy.com/doc/9.3/engine-guide/integration/cluster
414 # [restart required]
415 NodeName: ""
416 # The name of the cluster.
417 # It is used to find and communicate with other nodes of the same cluster.
418 # Multiple clusters located in the same network must have different cluster names.
419 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
420 # [restart required]
421 Name: "IvyCluster"