-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathapplication.properties
More file actions
161 lines (137 loc) · 9.1 KB
/
application.properties
File metadata and controls
161 lines (137 loc) · 9.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
## These properties are used for development and test deployments.
## Many properties here will be filled in and uncommented by the Gradle 'pickPg' and 'pickMssql' tasks
server.port=@@serverPort@@
## To use ssl, update the properties below for your local installation
#server.ssl.enabled=true
#server.ssl.enabled-protocols=TLSv1.3,TLSv1.2
#server.ssl.protocol=TLS
#server.ssl.key-alias=tomcat
#server.ssl.key-store=@@keyStore@@
#server.ssl.key-store-password=@@keyStorePassword@@
## Typically either PKCS12 or JKS
#server.ssl.key-store-type=PKCS12
#server.ssl.ciphers=HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20
server.error.include-stacktrace=always
server.error.include-message=always
## HTTP-only port for servers that need to handle both HTTPS (configure via server.port and server.ssl above) and HTTP
#context.httpPort=8080
## Database connections.
## All deployments need a "labkeyDataSource" as their primary database.
context.resources.jdbc.labkeyDataSource.type=javax.sql.DataSource
context.resources.jdbc.labkeyDataSource.driverClassName=@@jdbcDriverClassName@@
context.resources.jdbc.labkeyDataSource.url=@@jdbcURL@@
context.resources.jdbc.labkeyDataSource.username=@@jdbcUser@@
context.resources.jdbc.labkeyDataSource.password=@@jdbcPassword@@
context.resources.jdbc.labkeyDataSource.maxTotal=50
context.resources.jdbc.labkeyDataSource.maxIdle=10
context.resources.jdbc.labkeyDataSource.maxWaitMillis=120000
context.resources.jdbc.labkeyDataSource.accessToUnderlyingConnectionAllowed=true
context.resources.jdbc.labkeyDataSource.validationQuery=SELECT 1
## Add additional external data sources with a prefix of context.resources.jdbc.<dataSourceName>.
## At a minimum, they must include the required properties: driverClassName, url, username, and password
#context.resources.jdbc.@@extraJdbcDataSource@@.driverClassName=@@extraJdbcDriverClassName@@
#context.resources.jdbc.@@extraJdbcDataSource@@.url=@@extraJdbcUrl@@
#context.resources.jdbc.@@extraJdbcDataSource@@.username=@@extraJdbcUsername@@
#context.resources.jdbc.@@extraJdbcDataSource@@.password=@@extraJdbcPassword@@
#context.resources.jdbc.@@extraJdbcDataSource@@.logQueries=true
#context.resources.jdbc.@@extraJdbcDataSource@@.displayName=Alternative Display Name
#useLocalBuild#context.webAppLocation=@@pathToServer@@/build/deploy/labkeyWebapp
context.encryptionKey=@@encryptionKey@@
#context.oldEncryptionKey=
## By default, we serve LabKey at the root context path (e.g. http://localhost:8080)
## You may customize the context path if you wish (e.g. http://localhost:8080/labkey)
#context.contextPath=/labkey
## Using a legacy context path provides backwards compatibility with old deployments. A typical use case would be to
## deploy to the root context (the default) and configure /labkey as the legacy path. GETs will be redirected.
## All other methods (POSTs, PUTs, etc) will be handled server-side via a servlet forward.
#context.legacyContextPath=/labkey
## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the
## property name after the "context.additionalWebapps." prefix, and the value is the location of the webapp on disk
#context.additionalWebapps.firstContextPath=/my/webapp/path
#context.additionalWebapps.secondContextPath=/my/other/webapp/path
#context.requiredModules=
#context.pipelineConfig=/path/to/pipeline/config/dir
#context.serverGUID=
#context.bypass2FA=true
#context.workDirLocation=/path/to/desired/workDir
## SMTP configuration
mail.smtpHost=@@smtpHost@@
mail.smtpPort=@@smtpPort@@
mail.smtpUser=@@smtpUser@@
#mail.smtpFrom=@@smtpFrom@@
#mail.smtpPassword=@@smtpPassword@@
#mail.smtpStartTlsEnable=@@smtpStartTlsEnable@@
#mail.smtpSocketFactoryClass=@@smtpSocketFactoryClass@@
#mail.smtpAuth=@@smtpAuth@@
# Optional - JMS configuration for remote ActiveMQ message management for distributed pipeline jobs
# https://www.labkey.org/Documentation/wiki-page.view?name=jmsQueue
#context.resources.jms.ConnectionFactory.type=org.apache.activemq.ActiveMQConnectionFactory
#context.resources.jms.ConnectionFactory.factory=org.apache.activemq.jndi.JNDIReferenceFactory
#context.resources.jms.ConnectionFactory.description=JMS Connection Factory
# Use an in-process ActiveMQ queue
#context.resources.jms.ConnectionFactory.brokerURL=vm://localhost?broker.persistent=false&broker.useJmx=false
# Use an out-of-process ActiveMQ queue
#context.resources.jms.ConnectionFactory.brokerURL=tcp://localhost:61616
#context.resources.jms.ConnectionFactory.brokerName=LocalActiveMQBroker
# Optional - LDAP configuration for LDAP group/user synchronization
# https://www.labkey.org/Documentation/wiki-page.view?name=LDAP_sync
#context.resources.ldap.ConfigFactory.type=org.labkey.premium.ldap.LdapConnectionConfigFactory
#context.resources.ldap.ConfigFactory.factory=org.labkey.premium.ldap.LdapConnectionConfigFactory
#context.resources.ldap.ConfigFactory.host=myldap.mydomain.com
#context.resources.ldap.ConfigFactory.port=389
#context.resources.ldap.ConfigFactory.principal=cn=read_user
#context.resources.ldap.ConfigFactory.credentials=read_user_password
#context.resources.ldap.ConfigFactory.useTls=false
#context.resources.ldap.ConfigFactory.useSsl=false
#context.resources.ldap.ConfigFactory.sslProtocol=SSLv3
#useLocalBuild#spring.devtools.restart.additional-paths=@@pathToServer@@/build/deploy/modules
#useLocalBuild#spring.devtools.restart.trigger-file=.restartTrigger
# HTTP session timeout for users - defaults to 30 minutes
#server.servlet.session.timeout=30m
## Enable shutdown endpoint
management.endpoint.shutdown.enabled=true
## turn off other endpoints
management.endpoints.enabled-by-default=false
## allow access via http
management.endpoints.web.exposure.include=*
## Use a separate port for management endpoints. Required if LabKey is using default (ROOT) context path
management.server.port=@@shutdownPort@@
## Turn on JSON-formatted HTTP access logging to stdout. See issue 48565
## https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#JSON_Access_Log_Valve
#jsonaccesslog.enabled=true
## Optional configuration, modeled on the non-JSON Spring Boot properties
## https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.tomcat.accesslog.buffered
#jsonaccesslog.pattern=%h %t %m %U %s %b %D %S "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s %{X-Forwarded-For}i
#jsonaccesslog.condition-if=attributeName
#jsonaccesslog.condition-unless=attributeName
## START OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)
#useLocalBuild#csp.enforce=\
#useLocalBuild# default-src 'self' https: ;\
#useLocalBuild# connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
#useLocalBuild# object-src 'none' ;\
#useLocalBuild# style-src 'self' https: 'unsafe-inline' ;\
#useLocalBuild# img-src 'self' https: data: ;\
#useLocalBuild# font-src 'self' http: https: data: ;\
#useLocalBuild# script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
#useLocalBuild# base-uri 'self' ;\
#useLocalBuild# frame-ancestors 'self' ;\
#useLocalBuild# report-uri /admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
## END OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)
## START OF CSP REPORT BLOCK (DO NOT CHANGE THIS TEXT)
csp.report=\
default-src 'self' ; /* Limit the default to only the current server */\
connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ; /* For security purposes limit allowed connection sources, can be substituted and appended via the LabKey Admin UI */\
object-src 'none' ; /* These tags are not currently used by LKS */\
style-src 'self' 'unsafe-inline' ; /* We currently have a few inline <style> tags that we are weeding out */\
img-src 'self' data: ; /* Limit image loading locations */\
font-src 'self' http: https: data: ; /* Limit font source loading locations */\
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ; /* Limit scripts that are allowed to those with nonces or transitive scripts */\
base-uri 'self' ; /* Limit the base tags to only source from current server */\
frame-ancestors 'self' ; /* Only allow embedding resources to the current server */\
report-uri /admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ; /* Reports any encountered CSP conflicts to the supplied URL */
## END OF CSP REPORT BLOCK (DO NOT CHANGE THIS TEXT)
## Use a custom logging configuration
#logging.config=path/to/alternative/log4j2.xml
## File-based Tomcat HTTP access logs are enabled by default and use our recommended pattern. Override as needed.
#server.tomcat.accesslog.enabled=false
#server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %S %I "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s %{X-Forwarded-For}i