env.properties

#    Copyright (C) 2014 Infinite Automation Systems Inc. All rights reserved.
#    @author Matthew Lohbihler

###############################################################################
# TO OVERRIDE VALUES IN THIS FILE...
#
# Do not change the values in this file, because when you upgrade your core 
# your changes will be overwritten. Instead, create a new file called 
# <MA_HOME>/overrides/properties/env.properties and override properties 
# there. The overrides directory will never be overwritten by an upgrade, so 
# your customizations will be safe.
# 
###############################################################################

# The port at which Mango Automation will listen for browser connections
web.port=8080
# The host interface to which Mango Automation will bind and listen for new connections
#  0.0.0.0 is the special interface that will force a bind to all available interfaces
web.host=0.0.0.0

# Should Mango Automation open (if possible) a browser window when it starts up?
web.openBrowserOnStartup=true

# Web caching settings

# disable caching
web.cache.noStore=false
web.cache.noStore.rest=true
web.cache.noStore.resources=false

# set max age of cached files in seconds, only if noStore=false
# versioned resources are those with ?v=xxx on the query string
web.cache.maxAge=0
web.cache.maxAge.rest=0
web.cache.maxAge.resources=86400
web.cache.maxAge.versionedResources=31536000

#Upload file size limit (bytes) -1 means no limit
web.fileUpload.maxSize=250000000

# Set this to true if you are running Mango behind a reverse proxy that sends "Forwarded" or "X-Forwarded-*" headers.
# This includes accessing Mango via Cloud Connect module. By default only requests from localhost are trusted.
web.forwardedHeaders.enabled=true
# Set a comma separated list of IP ranges from which to trust Forwarded headers
web.forwardedHeaders.trustedIpRanges=127.0.0.0/8,::1

# Default database settings
# The path in the db.url is relative to MA_HOME, or can be absolute
db.type=h2
db.url=jdbc:h2:databases/mah2
db.username=
db.password=
#For web console
db.web.start=false
db.web.port=8091
#to compact the database size at shutdown (may take longer but will free up disk space)
db.h2.shutdownCompact=false

#General Database Settings
db.pool.maxActive=100
db.pool.maxIdle=10
# relative to the logs directory configured via paths.logs, leave blank to use the same directory
db.update.log.dir=

# setting to show query times in the logs as INFO
db.useMetrics=false
# if set, will only log slow queries, above this threshold in ms. Will be logged at WARN level instead of INFO
db.metricsThreshold=100

#Tell the jdbc driver to fetch this many rows at a time, useful over network connected dbs (Not MySQL)
# negative values will force use jdbc driver default
db.fetchSize=-1
#Number of retries for failed transactions before bailing out on error
db.transaction.retries=5


# MySQL database settings. Your MySQL instance must already be running and configured before this can be used.
#db.type=mysql
#db.url=jdbc:mysql://localhost/<your mysql schema name>
#db.username=<your mysql username>
#db.password=<your mysql password>
#db.mysqldump=<location/command for mysqldump executable for backups>
#db.mysql=<location/command for mysql executable for restore>

# Database settings for conversion. If the db.* settings point to a new database instance, and the convert type setting
# is set, Mango Automation will attempt to convert from the convert.db.* settings to the db.* settings
# Note that database conversions should not be performed in the same step as an upgrade. First upgrade, then convert.
convert.db.type=
convert.db.url=
convert.db.username=${db.username}
convert.db.password=${db.password}

#Set the base path for where the NoSQL data will be stored, relative to $MA_HOME (can also be set to an absolute path)
db.nosql.location=databases
#Set the folder name of the point value store
db.nosql.pointValueStoreName=mangoTSDB
#Set the number of files the database can have open at one time
db.nosql.maxOpenFiles=500
#Time after which a shard will be closed
db.nosql.shardStalePeriod=36000000
#Period to check for stale shards
db.nosql.flushInterval=300000
#Query Performance Tuning, File Access Type: Available[INPUT_STREAM,FILE_CHANNEL,RANDOM_ACCESS_FILE,MAPPED_BYTE_BUFFER]
db.nosql.shardStreamType=MAPPED_BYTE_BUFFER
#Setting to speed up NoSQL queries at the expense of a small increase in disk usage
db.nosql.reversible=true
#Setting this will convert your existing point value store [NONE, REVERSIBLE, UNREVERSIBLE]
db.nosql.convert=NONE
#Number of concurrent threads to use to convert the database
db.nosql.convertThreads=4
#Run the corruption scan if the db is marked dirty
db.nosql.runCorruptionOnStartupIfDirty=false

#Password encryption scheme [BCRYPT, SHA-1, NONE]
#Legacy is SHA-1, 2.8+ BCRYPT
#security.hashAlgorithm=BCRYPT

#Size of in memory cache to hold a role's inheritance list, this represents the 
# maximum number of roles to keep in the cache at any given time
cache.roles.size=1000
#Size of in memory cache for Users, this represents the 
# maximum number of roles to keep in the cache at any given time
cache.users.size=1000
#Size of in memory cache to hold created Permissions, this represents the 
# maximum number of roles to keep in the cache at any given time
cache.permission.size=1000

# The location of the Mango Automation store from which to get license files.
store.url=https://store.infiniteautomation.com

# SSL control

# *** NOTE ***
# You can generate a self-signed certificate for testing using the following command
# keytool -genkey -keyalg RSA -alias mango -keystore /location/to/keystore/file.jks -validity 365 -keysize 2048

# Enter keystore password: {type your keystore password <ENTER>}
# Re-enter new password: {type your keystore password <ENTER>}
# What is your first and last name?
#   [Unknown]: {the hostname mango is running on e.g. mymangotest.com OR localhost <ENTER>}
# What is the name of your organizational unit?
#   [Unknown]: {e.g. Mango testing <ENTER>}
# What is the name of your organization?
#   [Unknown]: {e.g. Infinite Automation Systems Inc. <ENTER>}
# What is the name of your City or Locality?
#   [Unknown]: {e.g. Erie <ENTER>}
# What is the name of your State or Province?
#   [Unknown]: {e.g. Colorado <ENTER>}
# What is the two-letter country code for this unit?
#   [Unknown]: {e.g. US <ENTER>}
# Is CN=localhost, OU=Development, O=Infinite Automation Systems Inc., L=Erie, ST=Colorado, C=US correct?
#   [no]:  {type yes <ENTER>}
# 
# Enter key password for <mango>
#         (RETURN if same as keystore password): {type your key password or just press <ENTER>}

# Note: Enabling SSL also turns on HSTS which may not be desirable, see below
ssl.on=false
ssl.port=8443
ssl.keystore.watchFile=true
ssl.keystore.location=overrides/keystore.p12
ssl.keystore.password=freetextpassword
# If they key password is commented out, it is assumed to be the same as the keystore password
#ssl.key.password=
#Time socket can be idle before being closed (ms)
ssl.socketIdleTimeout=70000

#Enable ALPN (Application-Layer Protocol Negotiation) for HTTP/2
# on current browsers HTTP/2 is only available for TLS/SSL connections.
# Note that with this setting you must also have the ALPN script extension enabled for Mango to start on pre Java 10.
# (Adds -javaagent:${MA_HOME}/boot/jetty-alpn-agent.jar to the java options)
# If you are running on Java 10+ this library is not required and will actually cause problems, so make sure you don't use that extension.
ssl.alpn.on=true
#Show debug output for alpn connections in log
ssl.alpn.debug=false

# Configure HSTS (HTTP Strict Transport Security)
# Enabled by default when ssl.on=true
# Sets the Strict-Transport-Security header, web browsers will always connect using HTTPS when they
# see this header and they will cache the result for max-age seconds
ssl.hsts.enabled=true
ssl.hsts.maxAge=31536000
ssl.hsts.includeSubDomains=false

# System time zone. Leave blank to use default VM time zone.
timezone=

#Rest API Configuration
rest.enabled=true

#Enable to make JSON More readable
rest.indentJSON=false
#Cross Origin Request Handling
rest.cors.enabled=false
rest.cors.allowedOrigins=
rest.cors.allowedMethods=PUT,POST,GET,OPTIONS,DELETE,HEAD
rest.cors.allowedHeaders=content-type,x-requested-with,authorization
rest.cors.exposedHeaders=
rest.cors.allowCredentials=false
rest.cors.maxAge=3600
# disable browser redirects
rest.disableErrorRedirects=false

# Limits the rate at which an unauthenticated IP address can access the REST API
# Defaults to an initial 10 request burst then 2 requests per 1 second thereafter
rateLimit.rest.anonymous.enabled=true
rateLimit.rest.anonymous.burstQuantity=40
rateLimit.rest.anonymous.quanitity=5
rateLimit.rest.anonymous.period=1
rateLimit.rest.anonymous.periodUnit=SECONDS

# Limits the rate at which an authenticated user can access the REST API
# Disabled by default
rateLimit.rest.user.enabled=false
rateLimit.rest.user.burstQuantity=20
rateLimit.rest.user.quanitity=10
rateLimit.rest.user.period=1
rateLimit.rest.user.periodUnit=SECONDS

# Limits the rate at which authentication attempts can occur by an IP address
# Defaults to an initial 5 attempt burst then 1 attempt per 1 minute thereafter
rateLimit.authentication.ip.enabled=true
rateLimit.authentication.ip.burstQuantity=5
rateLimit.authentication.ip.quanitity=1
rateLimit.authentication.ip.period=1
rateLimit.authentication.ip.periodUnit=MINUTES

# Limits the rate at which authentication attempts can occur against a username
# Defaults to an initial 5 attempt burst then 1 attempt per 1 minute thereafter
rateLimit.authentication.user.enabled=true
rateLimit.authentication.user.burstQuantity=5
rateLimit.authentication.user.quanitity=1
rateLimit.authentication.user.period=1
rateLimit.authentication.user.periodUnit=MINUTES

#For rest API Documentation at /swagger-ui.html
swagger.enabled=false
#path to api-docs for swagger tools, will be appended to base REST api version URL i.e. /rest/v1/
springfox.documentation.swagger.v2.path=/swagger/v2/api-docs
# Require authentication to access Swagger API documentation.
# If you set this to false then you can use an authentication token (generated on the Mango Users page) from the swagger UI instead.
# To use, enter: Bearer <space> <token value> into the Authorize value input in the swagger ui
swagger.apidocs.protected=true

#Distributor Settings
distributor=IA

#Jetty Thread Pool Tuning
# Time a thread must be idle before killing to keep pool size at minimum
web.threads.msIdleTimeout=30000
# Number of threads allowed to be created to handle incoming requests as needed (defaults to 10x number of processors, or 200, whichever is greater)
web.threads.maximum=
# Number of threads to keep around to handle incoming connections (defaults to max threads, or 8, whichever is lesser)
web.threads.minimum=
# Number of Requests To queue if all threads are busy (defaults 1280)
web.requests.queueSize=
# Ping timeout for response from browser
web.websocket.pingTimeoutMs=10000
#Time socket can be idle before being closed (ms)
web.socketIdleTimeout=70000

#Jetty QoS filter settings 
# https://www.eclipse.org/jetty/documentation/current/qos-filter.html
# Filter enabled setting
web.qos.enabled=false
#The maximum number of requests to be serviced at a time. The default is 10.
web.qos.maxRequests=10
#The length of time, in milliseconds, to wait while trying to accept a new request. Used when the maxRequests limit is reached. Default is 50 ms
web.qos.waitMs=50
#Length of time, in milliseconds, that the request will be suspended if it is not accepted immediately. If set to -1, the container default timeout applies. Default is 30000 ms.
web.qos.suspendMs=30000

#Jetty DoS filter settings 
# https://www.eclipse.org/jetty/documentation/current/dos-filter.html
# Filter enabled setting
web.dos.enabled=false
#Maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. Default is 25.
web.dos.maxRequestsPerSec=75
#Delay imposed on all requests over the rate limit, before they are considered at all
#  100ms default, -1 = Reject request, 0 = no delay, any other value is delay in ms
web.dos.delayMs=100
#Length of time, in ms, to blocking wait for the throttle semaphore. Default is 50 ms.
web.dos.maxWaitMs=50
#Number of requests over the rate limit able to be considered at once. Default is 5.
web.dos.throttledRequests=5
#Length of time, in ms, to async wait for semaphore. Default is 30000.
web.dos.throttleMs=30000
#Length of time to let the request run, default is 30000 (Keep above 60s for DWR Long Poll to work in legacy UI) 
web.dos.maxRequestMs=120000
#Length of time, in ms, to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it. Default is 30000.
web.dos.maxIdleTrackerMs=30000
#If true, insert the DoSFilter headers into the response. Defaults to true.
web.dos.insertHeaders=true
#If true, usage rate is tracked by session if a session exists. Defaults to true.
web.dos.trackSessions=true
#If true and session tracking is not used, then rate is tracked by IP and port (effectively connection). Defaults to false.
web.dos.remotePort=false
#A comma-separated list of IP addresses that will not be rate limited.
# Note: These are actual client IPs when behind a proxy server if you configure web.forwardedHeaders.trustedIpRanges to trust your proxy's IP
web.dos.ipWhitelist=

#Jetty Low Resource Management (Used to attempt to free resources when under heavy load)
# https://www.eclipse.org/jetty/documentation/current/limit-load.html
web.lowResource.enabled=false
# Period in ms to check for a low resource condition, default 10000
web.lowResource.checkPeriod=10000
# In low resource condition all existing connection idle timeouts are set to this value, default 1000
web.lowResource.lowResourcesIdleTimeout=1000
# check connectors executors to see if their ThreadPool instances that are low on threads, default true
web.lowResource.monitorThreads=true
# The maximum memory in bytes that Java is allowed to use before the low resource condition is triggered.
# If left empty, the default is 90% of the maximum memory the JVM is configured to use.
# Set to 0 to disable the memory usage checks.
web.lowResource.maxMemory=
# The time in milliseconds that a low resource state can persist before the low resource idle timeout is reapplied to all connections, default 5000
web.lowResource.maxLowResourceTime=5000
# If false, new connections are not accepted while in low resources
web.lowResource.acceptingInLowResources=true

# Maximum number of allowed connections, defaults to 0 (disabled)
web.connectionLimit=0

# Jetty default servlet configuration (init parameters)
# See for descriptions
# https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-webapp/src/main/config/etc/webdefault.xml
web.defaultServlet.dirAllowed=false
web.defaultServlet.maxCacheSize=256000000
web.defaultServlet.maxCachedFileSize=200000000
web.defaultServlet.maxCachedFiles=2048
web.defaultServlet.etags=false
# defaults to false for Windows, defaults to true for all other OS
# see https://www.eclipse.org/jetty/documentation/current/troubleshooting-locked-files-on-windows.html
#web.defaultServlet.useFileMappedBuffer=true

#iFrame Header Control iFrame Header Control 'X-Frame-Options' (case sensitive options)
# SAMEORIGIN - Only allow Mango to embed i-frames when the requesting page was loaded from the Mango domain
# DENY - Do not allow at all
# ANY - Do not even use the header at all 
# One specific domain name can be supplied so that the header becomes: ALLOW-FROM http://foo.bar.com 
web.security.iFrameAccess=SAMEORIGIN

#Follow symbolic links when serving files from Jetty
web.security.followSymlinks=true

# Content Security Policy settings, please see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# The reasons for the default policy are outlined below
# style-src 'unsafe-inline' - inline styles are used by AngularJS Material for the dynamic theming
# script-src 'unsafe-eval' - needed by Fabric.js used in amCharts for drawing on charts, also gives AngularJS a 30% performance boost
# connect-src ws: wss: - necessary as 'self' does not permit connections to websockets on the same origin, this should be configured to restrict it to your server's actual hostname
# img-src data: - allows for small base64 encoded images to be embedded inline into the html
# img-src/script-src https://www.google-analytics.com - allows for enabling Google analytics (not enabled by default, must be manually enabled by admin via UI Settings page)
# img-src/script-src https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com - allows for using the Google maps component
# style-src/font-src https://fonts.googleapis.com https://fonts.gstatic.com - allows for using Google fonts in dashboards
web.security.contentSecurityPolicy.enabled=false
web.security.contentSecurityPolicy.reportOnly=false
web.security.contentSecurityPolicy.defaultSrc='self'
web.security.contentSecurityPolicy.scriptSrc='self' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com
web.security.contentSecurityPolicy.styleSrc='self' 'unsafe-inline' https://fonts.googleapis.com
web.security.contentSecurityPolicy.connectSrc='self' ws: wss:
web.security.contentSecurityPolicy.imgSrc='self' data: https://maps.google.com https://maps.gstatic.com https://www.google-analytics.com
web.security.contentSecurityPolicy.fontSrc='self' https://fonts.gstatic.com
web.security.contentSecurityPolicy.mediaSrc=
web.security.contentSecurityPolicy.objectSrc=
web.security.contentSecurityPolicy.frameSrc=
web.security.contentSecurityPolicy.workerSrc=
web.security.contentSecurityPolicy.manifestSrc=
web.security.contentSecurityPolicy.other=

#Regex used to match serial ports so they show up in the menu
serial.port.linux.regex=((cu|ttyS|ttyUSB|ttyACM|ttyAMA|rfcomm|ttyO|COM)[0-9]{1,3}|rs(232|485)-[0-9])
serial.port.linux.path=/dev/
serial.port.windows.regex=
serial.port.windows.path=
serial.port.osx.path=/dev/
serial.port.osx.regex=(cu|tty)..*
#Number of bytes read events to queue up before discarding
serial.port.eventQueueSize=10000
#Rate at which to poll the serial port for new data in Linux (Windows uses interrupts)
serial.port.linux.readPeriods=100
serial.port.linux.readPeriodType=NANOSECONDS

#Start data sources in parallel threads
runtime.datasource.startupThreads=8
#Log startup times for runtime manager
runtime.datasource.logStartupMetrics=true
#Log number of aborted polls for a polling data source this often at a minimum (only logged after next aborted poll past this time)
runtime.datasource.pollAbortedLogFrequency=3600000

#Report Javascript Execution Times at INFO Level logging
# add this to log4j.xml   <category name="org.perf4j.TimingLogger"><level value="info"/></category>
runtime.javascript.metrics=false

#Default task queue size for the Real Time Timer, should multiple tasks of the same type be queued up?
# Tasks are rejected from a full queue, a size of 0 means reject multiple instances of the same task
runtime.realTimeTimer.defaultTaskQueueSize=0
#When a task queue is full should the waiting tasks be discarded and replaced with the most recent
runtime.realTimeTimer.flushTaskQueueOnReject=false
#Delay (in ms) to wait to rate limit task rejection log messages so they don't fill up logs and use too much cpu doing it
runtime.taskRejectionLogPeriod=10000
#Maximum counts to wait to terminate the thread pool's tasks that are running or queued to run
# each count is 1 second.  So the default of 60 = 1 minute.  Note that the medium and low
# timeout happens first and then the remaining time is spent waiting of the high priority tasks.
# So by setting both to the same value will result in waiting only as long as that value.
runtime.shutdown.medLowTimeout=60
runtime.shutdown.highTimeout=60

# The following paths are relative to $MA_HOME unless they are set to an absolute path
# path to the filestore base directory
filestore.location=filestore
# path to the module data base directory
moduleData.location=data
# path to temporary files base directory
paths.temp=work
# path to the filedata base directory (Used to store point values for the IMAGE data type)
paths.filedata=filedata
# path to the log files base directory
paths.logs=logs
# default path for backups (e.g. configuration backups, SQL backups, NoSQL point value backups)
# note: this is the default, some of these locations are configurable via system settings
paths.backup=backup

# HTTP session (authentication) cookie name and domain name settings.
#
# Use the Mango GUID as the session cookie name
sessionCookie.useGuid=true
# name takes precedence over useGuid if set
sessionCookie.name=
# Set the domain name that the cookie is valid for, can be used to make the session login valid for subdomains too.
# If left blank the session cookie can only be used for the domain that you login at.
sessionCookie.domain=
# Persist sessions into the database
sessionCookie.persistent=true
# Check to see if session should be saved, only saved if session was changed, 0 means always save after every request
sessionCookie.persistPeriodSeconds=30

# Controls the poll period for collecting internal metrics
internal.monitor.pollPeriod=10000
# Controls the poll period for collecting disk usage
internal.monitor.diskUsage.pollPeriod=1200000
# Should MA_HOME and each file store directory be monitored individually in addition to the partitions?
internal.monitor.diskUsage.monitorDirectories=false