ivy.yaml
[engineDir]/configuration/reference/ivy.yaml
1#
2# -------------------------------------------
3# Axon Ivy Engine Configuration
4# -------------------------------------------
5#
6# This file shows configurations of the Axon Ivy Engine and its external systems.
7# https://developer.axonivy.com/doc/9.4/engine-guide/configuration/
8#
9# Copy contents of this reference file to 'configuration/ivy.yaml' before adjusting
10# them to your needs.
11# https://developer.axonivy.com/doc/9.4/engine-guide/configuration/files/ivy-yaml.html
12#
13# By default, the engine is pre-configured to run in demo mode.
14# To run an engine in a productive environment, at least the system database
15# has to be configured.
16#
17# SECRETS / PASSWORDS:
18# Any configuration value can be encrypted just by enclosing it with "${encrypt:}".
19# This applies a reversible encryption private to this Ivy Engine.
20# You cannot copy the encrypted values from one engine to another.
21# Example:
22# * to encrypt the string "myPassword", write "${encrypt:myPassword}"
23# https://developer.axonivy.com/doc/9.4/engine-guide/configuration/advanced-configuration.html#passwords
24#
25# OVERRIDING:
26# Any configuration value provided here can be set in alternative sources.
27# * environment variables: of the operating system can set app config entries.
28# Their key must be prefixed with 'IVY_'.
29# For instance, use 'IVY_SYSTEMDB_URL' to override the jdbc driver url.
30# https://developer.axonivy.com/doc/9.4/engine-guide/configuration/advanced-configuration.html#overriding-configuration
31#
32
33
34
35# == System Database Settings ==
36#
37# Axon Ivy requires a System Database to store the state of running workflow applications.
38#
39# Unless you run the engine in Demo mode, a valid System DB driver, url and the user+password credentials
40# that are able to connect to the database, are mandatory.
41#
42# [restart required]
43SystemDb:
44 # JDBC URL
45 Url: ""
46 # Name of the technical user to connect to system database on behalf of the engine. E.g. ivy, AxonIvy, workflowengine
47 # e.g. ivy
48 UserName: ""
49 # Password for above technical user.
50 # e.g. "${encrypt:1234}"
51 # [password]
52 Password: ""
53 # If set to true, the system database is automatically converted to the latest version during startup of the Axon Ivy Engine if needed.
54 Autoconvert: false
55 # Defines how long ivy should wait (in seconds) at startup for the db server to be available
56 BootTimeout: 60
57 # JDBC Driver. If not set, it is auto determined based on the JDBC URL.
58 Driver: ""
59 # Additional driver specific connection properties.
60 DriverProperties: {}
61 # Maximum number of connections to the system database.
62 MaxConnections: 50
63
64
65
66# == Adminstrators ==
67#
68# Administrators can configure, monitor and manage the Axon Ivy Engine.
69#
70# Email is used to send info mails like license expiration
71# FullName is used to display a nice name for this user.
72#
73# For security reasons, please hash the password(s) using "${hash:mySecret}".
74# The real password cannot be recovered from the hash.
75#
76# Default administrator in demo mode is 'admin' with password 'admin'
77#Administrators:
78# #Example admin user with username james and password mySecret
79# james:
80# Password: "${hash:mySecret}"
81# Email: info@localhost
82# FullName: James David
83
84
85
86# == Security Systems ==
87#
88# List of Security Systems.
89# A security system defines how users and roles are managed.
90# Security systems that are configured here can be used by applications.
91# !! If you change a security system then all users that are no longer defined by the changed security system will be disabled.
92# !! Switching from an Identity Provider e.g. Azure Active Directory to Ivy Security System keeps all synchronized users, but
93# requires that you set (new) passwords for them. Before, passwords have been managed and kept by the Identity Provider for
94# all managed users.
95#
96SecuritySystems:
97
98 # 'default' security system which exists always
99 default:
100 # The Security System manages the user and roles in the system database.
101 # For the Ivy Security System, no additional configuration is needed.
102 # For any other Security System, further configuration is need to integrate such a system.
103 # See https://developer.axonivy.com/doc/9.4/engine-guide/identity-provider
104 # [enum: ivy Security System, Microsoft Active Directory, Novell eDirectory, azure-active-directory]
105 Provider: "ivy Security System"
106
107 # == EMail Notification Settings ==
108 #
109 # These email notification settings will be applied to all users of a security system.
110 # Users still have the option to customize their e-mail notification settings for themselves.
111 # Applications can override the standard options or add their own.
112 #
113 EMailNotification:
114 # The settings here are standard values that apply for all users who do not alter their settings.
115 # Users can override these settings in the Portal menu.
116 #
117 # Shall users be notified by mail whenever a new task is assigned to them?
118 OnNewTasks: false
119 #
120 # On which weekdays shall the users receive a daily task summary?
121 # Possible values are: never, always, monday, tuesday, wednesday, thursday, friday, saturday, sunday
122 # Any combination of weekdays is allowed.
123 # You can configure when the summary email is sent in EMail:DailyTaskSummary:TriggerTime
124 DailySummaryOn: never
125 #
126 # Standard processes are a set of predefined processes, which you can customize in your ivy project.
127 # To enable these custom processes, the library id of the ivy project must be specified here.
128 # The library id is <group-id>:<project-id> from the ivy project deployment definition.
129 # e.g the library id of the portal is "com.axonivy.portal:portal"
130 # The default is 'auto' which means auto detection of standard process in your application
131 # https://developer.axonivy.com/doc/9.4/designer-guide/user-interface/standard-processes
132 StandardProcess: auto
133
134 # == Language Settings ==
135 #
136 # The default language settings, which apply to all users who have not explicitly set this
137 # in their profile settings.
138 #
139 Language:
140 # Content is displayed in this language if the content exists in this language. A locale (language[_COUNTRY])
141 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
142 Content: en
143 # Data like numbers, dates, times and much more are formatted according to this language. A locale (language[_COUNTRY])
144 # must be specified for example de, de_CH, de_AT, de_DE, en, en_GB, en_US, fr, vi
145 Formatting: en_GB
146
147
148
149# == Base Url ==
150#
151# Web address of the Axon Ivy Engine installation, such as https://yourdomain/.
152# This value is used to let ivy know how to refer to itself, ie. to create links in emails.
153# This is necessary because ivy cannot reliably detect such a URL from within itself.
154BaseUrl: ""
155
156
157
158# == Single Sign-on ==
159#
160# Single Sign-on allows to auto login users. A reverse proxy has to be installed
161# in front of the Axon Ivy Engine. It is responsible for authenticating
162# the user. The name of the user must then be transmitted as a HTTP header.
163# !! Assert exclusive access to the Axon Ivy Engine otherwise
164# attackers can easily login as another user.
165# https://developer.axonivy.com/doc/9.4/engine-guide/integration/single-sign-on
166# [restart required]
167SSO:
168 # Shall SSO be enabled?
169 Enabled: false
170 # name of the HTTP header with the username that has to be provided by the reverse proxy
171 UserHeader: X-Forwarded-User
172
173
174
175# == Deployment Setting ==
176#
177Deployment:
178 # Directory where the server watches for files to deploy.
179 # https://developer.axonivy.com/doc/9.4/engine-guide/deployment
180 #
181 # You can speficy a remote network location using a UNC path:
182 # Linux: //servername/share/file
183 # Windows: \\servername\share\file
184 #
185 Directory: deploy
186
187 Backup:
188 # The number of backups of deployed projects that are kept on disk
189 # n < 0: infinite number of backups are kept
190 # n = 0: No backups are made or kept
191 # n > 0: Number of backups that are kept.
192 Keep: 5
193
194
195
196# == Data Settings ==
197#
198Data:
199 #-----------------------------------------------------------------------------------------------
200 # !! STOP YOUR ENGINE before changing these settings !!
201 #
202 # For all paths below,
203 # - absolute and relative paths (to the engine root directory) are supported
204 # - we recommend to use locations outside the engine root directory to facilitate migrations.
205 #-----------------------------------------------------------------------------------------------
206 #
207 # Folder where runtime data will be stored.
208 #
209 # [restart required]
210 Directory: data
211 #
212 # Folder where applications are stored, unless otherwise defined in application specific configuration.
213 #
214 # In demo mode: not configurable and set to: [Data.WorkDirectory]/demo-applications
215 #
216 # [restart required]
217 AppDirectory: applications
218 #
219 # Root folder where application data files are stored.
220 #
221 # A change in this setting will NOT move existing application files to the new location.
222 # You have to move existing files manually to the new directory.
223 #
224 # If not set, the files will be stored beneath each application's file directory.
225 #
226 # [restart required]
227 FilesDirectory: ""
228 #
229 # Directory where the server writes temporary working files to.
230 #
231 # [restart required]
232 WorkDirectory: work
233
234
235# == Data Cache Settings ==
236#
237DataCache:
238 # Invalidate data cache groups and entries. Checks if the lifetime of caches has ended and invalidates them.
239 # You can set the delay in milliseconds between each check. This delay has to be greater than 0.
240 #
241 InvalidationInterval: 60000
242
243
244# == Elasticsearch Settings ==
245#
246# Axon Ivy uses an Elasticsearch instance to provide a fast query interface against BusinessData.
247# The bundled instance is started on demand, in a separate JVM, when an API request needs it.
248#
249# You can operate Axon Ivy with the bundled Elasticsearch server or with your own external Elasticsearch cluster.
250#
251# [restart required] except for UserName and Password of ExternalServer
252Elasticsearch:
253 # The bundled Elasticsearch server...
254 # - is started in a separate JVM when a feature requires BusinessData access.
255 # - reachable only on 'localhost' but the access is unprotected.
256 # - JVM arguments used to start the bundled Elasticsearch server can be
257 # configured in the 'elasticsearch/config/jvm.options' file.
258 BundledServer:
259 #
260 # Path to the directory where the bundled Elasticsearch server stores data.
261 # It is recommended to configure a data directory that is located outsite of the Engine
262 # installation directory to ease the Engine migration to newer versions.
263 DataPath: elasticsearch/data
264 #
265 # Name of the cluster of the bundled Elasticsearch server.
266 ClusterName: ivy-elasticsearch-{uid}
267 #
268 # Start the bundled Elasticsearch server lazy (on demand)?
269 # If true, the bundled Elasticsearch server will be started on first usage
270 # If false, the Elasticsearch server will be started on engine startup.
271 #
272 LazyStart: false
273 #
274 # Port to communicate with bundled Elasticsearch server
275 #
276 # AUTO: A free port in port range 19200-19299 is searched automatically.
277 # <integer>: A fixed port number that you define. We recommend to use a number > 10000.
278 # Make sure it is free.
279 #
280 Port: AUTO
281
282 #
283 # Configure access to your own Elasticsearch server if you want to use it instead of the bundled server.
284 #
285 # To install your own Elasticsearch server follow these steps
286 # https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup.html
287 #
288 # Currently, Axon Ivy supports Elasticsearch server versions in the 7.17.x range.
289 # If your Elasticsearch server is running on another host, the access to that instance has to be protected.
290 # You can achieve that with a front-end webserver like NGINX for Elasticsearch that enforces basic authentication.
291 #
292 ExternalServer:
293 # Configure the URL of your own Elasticsearch server if you want to use it instead of the bundled server.
294 Url: ""
295 # Name of the user to use to authenticate in the external Elasticsearch server
296 UserName: ""
297 # Password of the user to use to authenticate in the external Elasticsearch server.
298 # e.g. "${encrypt:}"
299 # [password]
300 Password: ""
301 # Defines how long ivy should wait (in seconds) for the availability of the external Elasticsearch server while booting.
302 BootTimeout: 60
303 #
304 # For every business data type an Elasticsearch index will be created.
305 Index:
306 # The name prefix of the index to use to store business data.
307 # Example: for type ch.ivy.Dossier the index name is <NamePrefix>-ch.ivy.dossier.
308 # If multiple Ivy Engines use the same Elasticsearch server instance, you need to define unique NamePrefixes per engine.
309 # You might add the engine host name as part of the name prefix, i.e. "servername.ivy.businessdata", or "servername.data"
310 NamePrefix: ivy.businessdata
311 Reindex:
312 # The number of business data objects that Ivy reads in one batch from the system database
313 ReadWindowSize: 1000
314 # The number of business data objects that Ivy writes in one batch to Elasticsearch
315 WriteWindowSize: 1000
316 # The size of the queue that is used to store business data objects read from the database
317 # until they are written to the Elasticsearch
318 QueueSize: 10000
319 #
320 # Configures the Elasticsearch client. The client is the ivy engine which communicates with Elasticsearch.
321 Client:
322 # Maximum seconds to wait until a connection to Elasticsearch can be established.
323 ConnectTimeout: 10
324 # Maximum seconds to wait for data to be sent by Elasticsearch.
325 # Raise this value if large datasets are expected.
326 ReadTimeout: 30
327
328
329
330# == EMail Settings ==
331#
332EMail:
333 Server:
334 Host: ""
335 Port: -1
336 # Email address that will be used for emails sent by the server (e.g. task notification emails)
337 MailAddress: noreply@ivyserver.local
338 User: guest
339 # [password]
340 Password: ""
341 # [enum: NONE, START_TLS, SSL]
342 EncryptionMethod: NONE
343 #
344 # certificates are to be stored in the Ivy keystore (default: configuration/keystore.p12; see below at SSL / Client), with the alias defined below.
345 SSL:
346 KeyAlias: ""
347 UseKey: false
348 DailyTaskSummary:
349 # Time of day when the task summary mails will be sent.
350 # The engine must be running at this time otherwise the daily task summary mails will not be sent.
351 # Format is hh:mm. e.g. "02:00" or "14:15"
352 # [daytime]
353 TriggerTime: "00:00"
354
355
356
357# == Show Error Messages To End Users Settings ==
358#
359# When an error occurs while processing a user request, an error screen is displayed to the user.
360#
361# The displayed error page can be customized for your needs:
362# https://developer.axonivy.com/doc/9.4/engine-guide/configuration/files/web-xml.html
363#
364Errors:
365 #
366 # Shall the end user see detailed error information (stacktraces, detailed error reports, etc.)?
367 #
368 # By default (false) we only show a unique 'Error Id'. This 'Error Id' can be used to find the error in the log files.
369 #
370 # For security reasons, normal users should not see technical implementation details.
371 # But in development or pre-production environments, it might be safe to show the full error
372 # details directly to the end user.
373 #
374 ShowDetailsToEndUser: false
375
376
377
378# == Persistence Settings ==
379#
380Persistence:
381 JPA:
382 # Persist ivyScript auto initialized fields with NULL values. Affects types:
383 # - ch.ivyteam.ivy.scripting.objects.Date
384 # - ch.ivyteam.ivy.scripting.objects.DateTime
385 # - ch.ivyteam.ivy.scripting.objects.Time
386 # If this option is set to false, auto initialized values are stored as before Axon Ivy 6.4.
387 defaultInitializedAsNull: true
388
389
390
391# == Process Element Firing Statistic Settings ==
392#
393ProcessEngine:
394 FiringStatistic:
395 #
396 # If set to true, a process element statistic is written periodically to the log directory.
397 # May impact server performance.
398 Active: false
399 #
400 # Interval in seconds the 'process element statistic' is written to the log directory
401 #
402 Interval: 300
403
404
405
406# == SSL Client Settings ==
407#
408SSL:
409 Client:
410 #
411 # A key store is used to read client keys (certificates).
412 # This is only required if a remote server requests a client certificate in order to authenticate the client.
413 KeyStore:
414 UseCustom: false
415 # [password]
416 KeyPassword: changeit
417 Algorithm: SunX509
418 File: configuration/keystore.p12
419 # [password]
420 Password: changeit
421 Provider: ""
422 Type: pkcs12
423 #
424 # A trust store is used to specify trusted server certificates or certificates of certification authorities.
425 # An SSL client autenticates a server by using the certificates in a trust store.
426 # Self signed or signed by an unknown certification authority can be added to this trustore.
427 TrustStore:
428 File: configuration/truststore.p12
429 Algorithm: PKIX
430 # [password]
431 Password: changeit
432 Provider: ""
433 Type: pkcs12
434 # Fully qualified class name of a trust manager class that is used to validate server certificates.
435 # If configured, the system trustore of the JVM and the trustore configured above are not used.
436 ManagerClass: ""
437
438
439
440# == Workflow Settings ==
441#
442Workflow:
443 # Can completed cases and tasks be seen by substitutes of the user who worked on them?
444 # [enum: VISIBLE, INVISIBLE]
445 History.ForSubstitutes: VISIBLE
446
447
448# == Failure Behaviour ==
449#
450SystemTask:
451 #
452 # Defines the behaviour in case a system task fails.
453 #
454 # [enum: FAIL_TASK_DO_RETRY, FAIL_TASK_DO_NOT_RETRY, DESTROY_TASK, DESTROY_CASE]
455 Failure.Behaviour: FAIL_TASK_DO_RETRY
456 #
457 # Interval in seconds between executions of the search job for system tasks.
458 # The job searches system tasks that were not executed because of failures.
459 #
460 SearchJob.Interval: 900
461
462
463
464# == Thread Pools Settings ==
465#
466ThreadPool:
467 #
468 # Executes process engine background operations like Database, WebService calls, etc.
469 BackgroundOperationExecutor:
470 # Minimum number of threads
471 CorePoolSize: 5
472 # Maximum number of threads
473 MaximumPoolSize: 200
474 # Executes unscheduled jobs
475 ImmediateJobExecutor:
476 # Minimum number of threads
477 CorePoolSize: 5
478 # Maximum number of threads
479 MaximumPoolSize: 50
480 # Executes scheduled jobs
481 ScheduledJobExecutor:
482 # Minimum number of threads
483 CorePoolSize: 5
484
485
486
487# == Update Checker Settings ==
488#
489# When newer Axon Ivy versions are available, a message will be displayed on the Axon Ivy Engine main web page.
490# The update message contains information about the new versions and where those can be downloaded.
491#
492# While checking for new versions the following statistic information is sent to the update server.
493# This information is only used to improve the product!
494# - Engine (version, up time)
495# - Configuration (number of: cluster nodes, users, licenced users, applications, process model, process model version, deleted process model version, running cases, running tasks)
496# - Licence information (number, organisation, individual)
497# - Operating system information (name, version, architecture, number of processors)
498# - System database (product name and version, driver, identification number)
499# - Java memory information (maximum heap memory, maximum non heap memory)
500# - JVM (Java virtual machine) information (version, vendor, name)
501# - Host information (host name, SHA-256 hashes of IP address and MAC address to identify the host without being able to read the original IP address and MAC address itself)
502#
503UpdateChecker:
504 #
505 # Shall update notification messages be shown and statistic information sent to the update server?
506 Enabled: true
507 #
508 # Time of day when a update check will be executed
509 # The engine must be running at this time otherwise the update check will not be executed.
510 # Format is hh:mm. e.g. "02:00" or "14:15"
511 # [daytime]
512 ExecutionTime: ""
513
514
515Boot:
516 # Switch to maintencance mode if a configuration problem is detected during startup.
517 # If set to DISABLED you can explicit start the engine in maintenance mode by using the command line option '-maintenance'.
518 # [enum: AUTO, DISABLED]
519 MaintenanceMode: AUTO
520
521
522Cluster:
523 #
524 # The name of this node.
525 # If not configured, a random name is generated.
526 # The name of a node is also used as jvm route identifier that is used by some load balancers to provide sticky sessions.
527 # https://developer.axonivy.com/doc/9.4/engine-guide/integration/cluster
528 # [restart required]
529 NodeName: ""
530 #
531 # The name of the cluster.
532 # It is used to find and communicate with other nodes of the same cluster.
533 # Multiple clusters located in the same network must have different cluster names.
534 # Otherwise the nodes of both clusters find each other and build one cluster instead of two.
535 # [restart required]
536 Name: "IvyCluster"