Configuration files

System Properties

XP_HOME/config/system.properties

Changes to this file requires a full restart of the XP instance in order to take effect.

Default version of system.properties

# Installation settings
# xp.name = demo

# Global security settings
# xp.suPassword = password
# xp.suPassword = {sha1}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

# Initialization settings
# xp.init.adminUserCreation = true
# xp.init.maxTries = 900

# Configuration FileMonitor properties
# felix.fileinstall.poll = 1000
# felix.fileinstall.noInitialDelay = true

# Config loading properties
# xp.config.paths = ${xp.home}/appconfig,/usr/local/xp/${node.role},/etc/xp/config

xp.name: sets the name displayed to users from the admin console main menu, use to clarify what environment the user is working in
xp.suPassword: override su user’s password in database, if any. Can also be used with hashing, the following are supported: sha1, sha256, sha512 and md5.
xp.init.maxTries: Number of attampts system initializers will do to check if initialization is done. Default is 300 (which equals to 5 minutes) - before XP 7.14.3 and 900 (which equals to 5 minutes) after.
xp.stop.gracePeriod: Time in milliseconds XP waits for all services to stop. Default is 600000 (10 minutes). Before XP 7.14.3 value was 10000 (10 seconds) and not configurable.
felix.fileinstall.poll: Frequency in ms for how often the configuration folders are scanned for changes
xp.config.paths: Config folders to scan in addition to XP_HOME/config/. Useful for fine grained control over configuration management. Folders will be scanned in the defined order. The first file found per configuration will be used.

Vhost

XP_HOME/config/com.enonic.xp.web.vhost.cfg

The standard XP port (default: 8080) provides access to webapps/, site/ and admin/ endpoints. Vhosts enable you to define controlled and secured access to a single webapp, site or even the admin console.

Virtual hosts are automatically updated upon change.

Sample vhost config file with a one entry

enabled = true

mapping.myapp.host = company.com
mapping.myapp.source = /app
mapping.myapp.target = /webapp/name.of.my.app
mapping.myapp.idProvider.myldap = default

enabled: turns on or of vhosts, enabled = false should only be used for development purposes
host: specifies the hostname (aka domain) the vhost will handle
source: refers to basepath used in request, sample above handles company.com/app
target: is the internal route in XP to the specific endpoint/service
idProvider: optionally adds one or more idProviders to the vhost. idProvider must be followed by the name of an existing idProvider. The example above refers to the idProvider called myldap. Supported values are default or enabled. Only one entry may use default.

Each mapping must define a unique name to separate the mappings when multiple mappings in the same file. In the example above myapp is used.

Sample vhost config file with both site and admin entries

mapping.website.host = example.com
mapping.website.source = /
mapping.website.target = /site/default/master/website
mapping.website.idProvider.adfs = default
mapping.website.idProvider.system = enabled

mapping.admin.host = example.com
mapping.admin.source = /admin
mapping.admin.target = /admin
mapping.admin.idProvider.system = default

Mail

XP_HOME/config/com.enonic.xp.mail.cfg

Use this file to configure global mail server settings for XP.

Sample mail configuration with authentication and TLS enabled

smtpHost=mail.server.com
smtpPort=25
smtpAuth=true
smtpUser=user
smtpPassword=secret
smtpTLS=true
defaultFromEmail=noreply@domain.com

smtpHost: Host name of the SMTP server. Default: localhost.
smtpPort: TCP port of the SMTP server. Default: 25.
smtpAuth: Enable authentication with SMTP server. Default: false
smtpUser: User to be used during authentication with the SMTP server, if ‘smtpAuth = true`.
smtpPassword: Password to be used during authentication with the SMTP server, if ‘smtpAuth = true`.
smtpTLS: Turns on Transport Layer Security (TLS) security for SMTP if required. Default: false.
defaultFromEmail: Default email address to use as sender for all emails sent from XP if sender is not explicitly specified.

Repo

XP_HOME/config/com.enonic.xp.repo.cfg

Use this file to configure the node repository layer.

Example below uses default settings

cache.size = 1000000
snapshots.dir = ${xp.home}/snapshots

cache.size: Specifies the maximum number of nodes to keep in memory. Default: 100000
snapshots.dir: Specifies the root location for where to find and place snapshot files. Default: ${xp.home}/snapshots

If you change this value, remember to update value for path.repo in com.enonic.xp.elasticsearch.cfg as well.

Blobstore

XP_HOME/config/com.enonic.xp.blobstore.cfg

Control settings for the blobstore persistence layer.

Sample showing default settings

provider = file
cache = true
cache.sizeThreshold = 1mb
cache.FCapacity = 100mb

provider: is the blobstore provider to use. Default value is file. Other providers will be made available in future releases. Each provider will have a separate configuration file named com.enonic.xp.blobstore.<providername>.cfg
cache: enables or disables memory caching of blobs fetched from the blobstore. Default: true
cache.sizeThreshold: specifies the maximum size for objects to be cached. Default: 1mb. The size notation accepts a number plus byte-size identifier (b/kb/mb/gb/tb/pb)
cache.memoryCapacity: is the maximum memory footprint of the blob cache. Default: 100mb. The size notation accepts a number plus byte-size identifier (b/kb/mb/gb/tb/pb)

File blobstore

XP_HOME/config/com.enonic.xp.blobstore.file.cfg

Control settings for the file-based blobstore implementation

Sample showing default settings

baseDir = ${xp.home}/repo/blob
readThrough.provider = none
readThrough.enabled = false
readThrough.sizeThreshold = 100mb

baseDir: specifies root location of blobs. Default: `${xp.home}/repo/blob.
readThrough.enabled: enables or disables readthough provider. Default: false.
readThrough.sizeThreshold: specifies he maximum size of objects to be cache in readthrough provider. Default: 100mb. The size notation accepts a number plus byte-size idenfier (b/kb/mb/gb/tb/pb)

Cluster

XP_HOME/config/com.enonic.xp.cluster.cfg

Basic cluster settings

Sample cluster configuration

cluster.enabled = false
node.name = Anode

discovery.unicast.hosts = 127.0.0.1
network.host = 127.0.0.1
network.publish.host = 127.0.0.1

cluster.enabled: When true node wil try to join a cluster. Default: false.
node.name: should normally not be set. Default: auto generated value
discovery.unicast.hosts: is an explicit list of nodes that can join the cluster. Default: 127.0.0.1.
network.host: sets the bind address. Default: 127.0.0.1. Can be an explicit IP-address, a host-name or an alias. See the section below for an overview of aliases.
network.publish.host: sets the address other nodes will use to communicate with this node. Default: not set (127.0.0.1 before XP 7.5.0). Cannot be more than one IP-address. Can be an explicit IP-address, a host-name or an alias. See the section below for an overview of aliases.

Using host-name values is not recommended because DNS can be spoofed. NOTE: Values set as host-name are resolved to a single IP-address of the host-name.

Network host aliases:

_local_ : Will be resolved to the local ip address.
_[networkInterface]_ : Resolves to the ip address of the provided network interface. For example _en0_
_[networkInterface]:ipv4_ : Resolves to the ipv4 address of the provided network interface. For example _en0:ipv4_
_[networkInterface]:ipv6_ : Resolves to the ipv6 address of the provided network interface. For example _en0:ipv6_

Elasticsearch

XP_HOME/config/com.enonic.xp.elasticsearch.cfg

Tuning of all relevant settings for the embedded Elasticsearch component

Sample ES configuration

node.data = true
node.master = true

path = ${xp.home}/repo/index
path.data = ${path}/data
path.repo = ${xp.home}/snapshots
path.work = ${path}/work
path.conf = ${path}/conf
path.logs = ${path}/logs
path.plugins = ${path}/plugins

cluster.name = mycluster
cluster.routing.allocation.disk.threshold_enabled = false

http.enabled = false
transport.tcp.port = 9300-9400

gateway.expected_nodes = 1
gateway.recover_after_time = 5m
gateway.recover_after_nodes = 1
discovery.zen.minimum_master_nodes = 1
discovery.unicast.port = 9300
index.recovery.initial_shards = 1

discovery.unicast.sockets =

node.data: Allow data to be distributed to this node. Default: true.
node.master: Allow this node to be eligible as a master node. Default: true.
path: Path to directory where elasticsearch stores files. Default: ${xp.home}/repo/index. Should be on a local file-system, not sharded.
path.data: Path to directory where to store index data allocated for this node. Default: $path/data.
path.repo: Allowed location for placing snapshots. NB! Use same value as for snapshots.dir as specified in com.enonic.xp.repo.cfg
path.work: Path to temporary files. Default: ${xp.home}/repo/index/work.
path.conf: Path to directory containing configuration. Default: $path/conf.
path.logs: Path to log files. Default: ${xp.home}/repo/index/logs.
path.plugins: Path to where plugins are installed. Default: $path/plugins.
cluster.name: Elasticsearch cluster name. Default: mycluster.
cluster.routing.allocation.disk.threshold_enabled: Prevent shard allocation on nodes depending on disk usage. Default: false.
http.enabled: Enable the HTTP module. Default false.
transport.tcp.port: Custom port for the node to node communication. Default: 9300-9400.
gateway.expected_nodes: Number of nodes expected to be in the cluster to start the recovery immediately. Default: 1.
gateway.recover_after_time: Time to wait until recovery happens once the nodes are met. Default: 5m.
gateway.recover_after_nodes: Number of nodes expected to be in the cluster to start the recovery after gateway.recover_after_time. Default: 1.
discovery.unicast.port: List of ports to perform discovery when new nodes are started. Default: 9300.
discovery.unicast.sockets: Comma separated list of hosts to be discovered as seed nodes.
index.recovery.initial_shards: Number of shards expected to be found on full cluster restart per index. Default: quorum.
index.auto_expand_replicas: Auto-expand the number of replicas based on the number of available nodes. Set to a dash delimited lower and upper bound (e.g. 0-5) or use all for the upper bound (e.g. 0-all). Defaults to false (i.e. disabled).

Hazelcast

XP_HOME/config/com.enonic.xp.hazelcast.cfg

Tuning of all relevant settings for the embedded Hazelcast component

Sample Hazelcast configuration

network.port=5702
network.join.tcpIp.members=127.0.0.1:5701,127.0.0.1:5702
system.hazelcast.initial.min.cluster.size=2

Sample Hazelcast configuration for Kubernetes DNS discovery

clusterConfigDefaults=false
system.hazelcast.initial.min.cluster.size=2
network.join.tcpIp.enabled=false
network.join.kubernetes.enabled=true
network.join.kubernetes.serviceDns=main.default.svc.cluster.local

Sample Hazelcast configuration for Kubernetes API discovery

clusterConfigDefaults=false
system.hazelcast.initial.min.cluster.size=2
network.join.tcpIp.enabled=false
network.join.kubernetes.enabled=true
network.join.kubernetes.serviceName=cluster-discovery
network.join.kubernetes.namespace=my-namespace
network.join.kubernetes.kubernetesApiRetries=10
network.join.kubernetes.resolveNotReadyAddresses=true

clusterConfigDefaults: If true some properties set based on xp cluster configuration. Default: true
liteMember: Hazelcast Lite member which does not own any partitions. Default: false.
network.port: Custom port for the node to node communication. Default: 5701.
network.portCount: How many ports try to bind while searching for available port. Default: 100.
network.portAutoIncrement: Enables available port search. Default: false.
network.publicAddress: Overrides the public address of a member. It should be set in the format "host IP address:port number". Ignored when clusterConfigDefaults is true.
network.join.multicast.enabled: Enable Multicast discovery. Default: false.
network.join.kubernetes.enabled: Enable Kubernetes discovery. Default: false.
network.join.kubernetes.serviceDns: Service DNS for Kubernetes discovery. If not set, discovery over Kubernetes API is used. Default is not set.
network.join.kubernetes.namespace: Kubernetes Namespace where Hazelcast is running. Default is not set.
network.join.kubernetes.serviceName: Service name used to scan only PODs connected to the given service. Default is not set.
network.join.kubernetes.serviceLabelName: Service label used to tag services that should form the Hazelcast cluster together. Default is not set.
network.join.kubernetes.serviceLabelValue: Service value used to tag services that should form the Hazelcast cluster together. Default is not set.
network.join.kubernetes.podLabelName: POD label used to tag PODs that should form the Hazelcast cluster together. Default is not set.
network.join.kubernetes.podLabelValue: POD value used to tag PODs that should form the Hazelcast cluster together. Default is not set.
network.join.kubernetes.resolveNotReadyAddresses: If set to true, it checks also the addresses of PODs which are not ready. Default: false.
network.join.kubernetes.useNodeNameAsExternalAddress: If set to true, uses the node name to connect to a NodePort service instead of looking up the external IP using the API. Default: false.
network.join.kubernetes.kubernetesApiRetries: Number of retries in case of issues while connecting to Kubernetes API. Default: 3.
network.join.tcpIp.enabled: Enable TcpIP discovery. Default: true.
network.join.tcpIp.members: Comma separated list of well-known members. If not provided and clusterDefaults=true then cluster’s discovery.unicast.hosts used instead.
network.interfaces.enabled: Enables specification of which network interfaces that Hazelcast should use. Default: false. Ignored when clusterConfigDefaults is true.
network.interfaces: Comma separated list of ip addresses for binding. Ignored when clusterConfigDefaults is true.
network.restApi.enabled: Enable Hazelcast REST API. Default: false.
network.restApi.restEndpointGroups: Comma separated list of REST API Endpoint Groups. Default: HEALTH_CHECK, CLUSTER_READ.
partition.group.enabled: Enable partition grouping. Default: false.
partition.group.groupType: Partition grouping type. Default: PER_MEMBER.
system.hazelcast.phone.home.enabled: Enable or disable the sending of phone home data to Hazelcast’s phone home server. Default: true.
system.hazelcast.socket.bind.any: Bind both server-socket and client-sockets to any local interface. Default: true.
system.hazelcast.initial.min.cluster.size: Initial expected cluster size to wait before the node to start completely. Default: 2.
system.hazelcast.prefer.ipv4.stack: Prefer IPv4 Stack, don’t use IPv6. Default: true.
system.hazelcast.tcp.join.port.try.count: The number of incremental ports, starting with the port number defined in the network configuration, that is used to connect to a host. Default: 1.
system.hazelcast.max.no.heartbeat.seconds: Maximum timeout of heartbeat in seconds for a member to assume it is dead. Default: 60.
system.hazelcast.heartbeat.interval.seconds: Heartbeat send interval in seconds. Default: 5.
system.hazelcast.mastership.claim.timeout.seconds: Timeout which defines when master candidate gives up waiting for response to its mastership claim. Default: 120.
hazelcast.wait.seconds.before.join: Wait time in seconds before join operation. Default: 5.
hazelcast.max.wait.seconds.before.join: Maximum wait time in seconds before join operation Default: 20.

In case of using Kubernetes API discovery each node makes a call to Kubernetes Master in order to discover PODs. It also requires granting certain permissions. You can find more information in the documentation of Hazelcast Discovery Plugin for Kubernetes.

Admin

XP_HOME/config/com.enonic.xp.admin.cfg

General setting for /admin

Disable Content Security Policy for site preview

site.preview.contentSecurityPolicy=

Allow scripts from maps.googleapis.com

site.preview.contentSecurityPolicy=default-src 'self'; base-uri 'self'; form-action 'self'; script-src 'self' maps.googleapis.com; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:

site.preview.contentSecurityPolicy: Defines default value for Content-Security-Policy header for the site engine - when running in Admin Context. The policy is applied in preview and inline mode - if the page controllers do not specify a Content-Security-Policy header itself. Default: default-src 'self'; base-uri 'self'; form-action 'self'; script-src 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:

Home app

XP_HOME/config/com.enonic.xp.app.main.cfg

Disable welcome tour

# Disable the "Welcome tour". Default: false
tourDisabled = true

tourDisabled: Specify if welcome tour should be enabled or not. Default: false

Applications app

XP_HOME/config/com.enonic.xp.app.applications.cfg

Disable installation of apps from UI

readonlyMode = true

readonlyMode: Activate read only mode to prevent installation and stop/start of applications via UI. Default: false

Jetty

XP_HOME/config/com.enonic.xp.web.jetty.cfg

Selected options to configure the embedded servlet engine Jetty

Sample Jetty configuration

host =
sendServerHeader = false

# Connection
timeout = 60000

# HTTP settings
http.enabled = true
http.port = 8080
http.requestHeaderSize = 32768
http.responseHeaderSize = 32768

# Session
session.timeout = 60
session.cookieName = JSESSIONID

# Compression
gzip.enabled = true
gzip.minSize = 23

# Logging
log.enabled = false
log.file = ${xp.home}/logs/jetty-yyyy_mm_dd.request.log
log.append = true
log.extended = true
log.timeZone = GMT
log.retainDays = 31

# Thread Pool
threadPool.maxThreads = 200
threadPool.minThreads = 8
threadPool.idleTimeout = 60000

# Websocket
websocket.idleTimeout = 300000

host: should only be set this if host name (or ip) needs to be fixed.
sendServerHeader: True to send server name in header. Default: false.
timeout: specifies socket timeout for connections in ms.
http.enabled: true enables HTTP connections. Default: true.
http.port: specifies http port number to use. Default: 8080.
http.requestHeaderSize: Maximum request header size. Default: 32K.
http.requestHeaderSize: Maximum response header size. Default: 32K.
session.timeout: Session timeout (when inactive) in minutes. Default: 60.
session.cookieSameSite: :: Specifies SameSite flag for session cookie. Can be Lax, None, Strict or unspecified. Default: Lax.
session.cookieAlwaysSecure: :: If true, forces session cooke Secure flag even for HTTP connections. Default: false.
session.cookiename: Cookie name to use for sessions. Default: JSESSIONID.
gzip.enabled: Enables GZIP compression for responses. Default: true.
gzip.minsize: Minimum number of bytes in response to consider compressing the response. Default: 23.
log.enabled: Turns on request logging. Default: false.
log.file: Request log file location. Default: ${xp.home}/logs/jetty-yyyy_mm_dd.request.log.
log.append: append to existing file, or create new one when started. Default: true.
log.extended: turns on extended logging format. Default: true.
log.timeZone: Timezone to display timestamp in. Default: GMT.
log.retainDays: Number of days to retain the logs. Default: 31.
threadPool.maxThreads: Maximum number of threads. Default: 200.
threadPool.minThreads: Minimum number of threads. Default: 8.
threadPool.idleTimeout: Thread idle timeout (in milliseconds). Default: 60000.
websocket.idleTimeout: The time (in milliseconds) that a websocket may be idle before closing. Default: 300000.

Setting session.cookieAlwaysSecure to true would make session-involved login on HTTP connections impossible.

SessionStore

XP_HOME/config/com.enonic.xp.web.sessionstore.cfg

Sample SessionStore configuration

storeMode = replicated
saveOnCreate = true
flushOnResponseCommit = true

storeMode: Switches between SessionStore mode. Can be replicated or non-persistent. In Replicated mode sessions are distributed over nodes in the cluster using Jetty-Hazelcast integration. Default: non-persistent.
savePeriodSeconds: A non-zero value means that session won’t be persisted if only the access time changed, and it has been less than savePeriodSeconds since the last time the session was written. Has no effect in non-persistent storeMode. Default: 0.
gracePeriodSeconds: Specifies how many seconds to wait for non-session-owner nodes to be checked to verify an expired session is in fact expired throughout the cluster before closing it. Has no effect in non-persistent storeMode. Default: 3600.
saveOnCreate: Controls whether a session that is newly created will be immediately (true) or lazily (false) persisted as the last request for the session exits. Has no effect in non-persistent storeMode. Default: false.
flushOnResponseCommit: Controls whether a session that is changed ("dirty") will be persisted as the response is about to commit. If false, a dirty session will only be persisted when the last simultaneous request for it leaves the session. Has no effect in non-persistent storeMode. Default: false.

Media

XP_HOME/config/com.enonic.xp.media.cfg

Specify additional mime types if you are missing something.

Sample additional mime types

# Media type mappings
ext.mp3 = audio/mpeg3
ext.p = text/x-pascal

ext.<file-extension>: value must match a defined mime type

OSGi shell

XP_HOME/config/com.enonic.xp.server.shell.cfg

Optionally activate shell to manage OSGi bundles remotely

Sample config to activate shell

enabled = true
telnet.ip = 127.0.0.1
telnet.port = 5555
telnet.maxConnect = 2
telnet.socketTimeout = 0

enabled: turns on shell service. Default: false.
telnet.ip: Default: 127.0.0.1
telnet.port: Port to use for service. Default: 5555.
telnet.maxConnect: Maximum number of concurrent connections. Default: 2.
telnet.socketTimeout: Default: 0

DoS filter

XP_HOME/config/com.enonic.xp.web.dos.cfg

Activate and configure the DoS (Denial Of Service) feature.

Sample config to activate shell

enabled = true

maxRequestsPerSec = 25
delayMs = 100
maxWaitMs = 50
throttledRequests = 5
throttleMs = 30000
maxRequestMs = 30000
maxIdleTrackerMs = 30000
insertHeaders = true
trackSessions = true
remotePort = false
ipWhitelist =

enabled: enables the DOS filter. Default: false.
maxRequestsPerSec: Maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. Default: 25.
delayMs: Delay imposed on all requests over the rate limit. -1 = reject request, 0 delay. Default: 100.
maxWaitMs: Duration in ms to blocking wait for the throttle semaphore. Default: 50.
throttledRequests: Number of requests over the rate limit to be considered at once. Default: 5.
throttleMs: Duration in ms to async wait for semaphore. Default: 30000.
maxRequestMs: Duration in ms to allow the request to run. Default: 30000.
maxIdleTrackersMs: Duration in ms to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it. Default: 30000.
insertHeaders: If true, insert the DoSFilter headers into the response. Default: true.
trackSessions: If true, usage rate is tracked by session if a session exists. Default: true.
remotePort: If true and session tracking is not used, then rate is tracked by IP+port (effectively connection). Default: false.
ipWhitelist: A comma-separated list of IP addresses that will not be rate limited.

Header Filter

XP_HOME/config/com.enonic.xp.web.header.cfg

Configure default HTTP response headers.

Cross site scripting prevention headers

headerConfig = set X-Frame-Options: SAMEORIGIN,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff

headerConfig: Customizes default HTTP response headers. Accepts the following format: [action] [header name]: [header value](,[action] [header name]: [header value]). Supported header actions are set, add, setDate and addDate. Default: set X-Frame-Options: DENY,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff

Market

XP_HOME/config/com.enonic.xp.market.cfg

Enonic Market configuration options:

Default config file settings

marketUrl = https://market.enonic.com/applications

UDC

XP_HOME/config/com.enonic.xp.server.udc.cfg

UDC (Usage Data Collector) is passing anonymous usage data 10 minutes after startup and then every 24 hours. This is only used to see what platforms are used and improve platform stability.

Sample UDC config file - default true

enabled = true

Standard IDprovider

XP_HOME/config/com.enonic.xp.app.standardidprovider.cfg

The Standard ID Provider, in charge of the login for admin by default, has a “Create Admin User” mode for new installations. When enabled, you may postpone creation of the admin user. You may turn off this feature.

Sample idprovider config file

loginWithoutUser = true

loginWithoutUser: Set to false to force creation of user before logging in. Default: true.

Logging

XP_HOME/config/logback.xml

Configure all logging inside the system.

Default logback file

<configuration scan="true" scanPeriod="60 seconds"> (1)
  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> (2)
    <file>${xp.home}/logs/server.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
      <fileNamePattern>${xp.home}/logs/server.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
      <maxFileSize>100MB</maxFileSize>
      <maxHistory>7</maxHistory>
      <totalSizeCap>3GB</totalSizeCap>
    </rollingPolicy>
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>

  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <withJansi>true</withJansi>
    <encoder>
      <pattern>%date{ISO8601} %highlight(%-5level) %cyan(%logger{36}) - %msg%n</pattern>
    </encoder>
  </appender>

  <root level="info"> (3)
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </root>

  <logger name="Events.Service" level="WARN" additivity="false">
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </logger>

  <logger name="Events.Bundle" level="WARN" additivity="false">
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </logger>
</configuration>

1	Configuration scan: If true sets the file in scan mode and will reconfigure itself when the configuration file changes. scanPeriod: Sets the scanning period. Values can be specified in units of miliseconds, seconds, miniutes or hours. Defaults to every minute. If no unit of time is specified, milisceonds will be used.
2	Appender creates a new logging component class Points to what java class you want handle your logging Possible classes: ConsoleAppender: "ch.qos.logback.core.ConsoleAppender" ConsoleAppender FileAppender: "ch.qos.logback.core.FileAppender" FileAppender RollingFileAppender: "ch.qos.logback.core.rolling.RollingFileAppender" RollingFileAppender
3	Root Configuring the root logger. level Can be set on <logger> and <root> to specify the importance of the message logged. values: "DEBUG", "INFO", "WARN", "ERROR", "ALL", "OFF" or "TRACE" See: Logger, Root for additional information

Additional information can be found here: Logback documentation

Audit

This config file was first introduced in v7.2

XP_HOME/config/com.enonic.xp.audit.cfg

Configure the audit log feature.

Sample audit config file

enabled = true
outputLogs = false
ageThreshold =

enabled: Set to false to disable the creation of audit log entries. Default: true.
outputLogs: Set to true to log the stored audit log entries. Default: false.
ageThreshold: Age of data to be removed by a cleanup task. The format is based on the ISO-8601 duration format PnDTnHnMn.nS with days considered to be exactly 24 hours. Nothing will be removed by default, duration must me set.

Content

This config file was first introduced in v7.2

XP_HOME/config/com.enonic.xp.content.cfg

Configure the content layer behaviour.

Sample content config file

auditlog.enabled = true

auditlog.enabled

Set to false to disable the creation of audit log entries on content API operations. Default: true.

Audit log can be disabled by common enabled property. Content flag won’t affect anything in this case.

auditlog.filter

Comma separated values rule(,rule)* of allow/deny rules. Default: !system.content.update,* (allow everything except "content update" event).

A rule prefixed with ! is a deny rule, otherwise it is an allow rule. A rule suffixed with * is a wildcard rule.

Rules are applied in sequence. A first matching rule wins. If no matching rule found, event type is denied. Only content event types can be filtered.

None of events will be logged

auditlog.filter = !*

Allow all event types

auditlog.filter = *

Every event type except 'system.content.update' will be logged (default behavior)

auditlog.filter = !system.content.update,*

Allow only event types with "system.content.set*" prefix.

auditlog.filter = system.content.set*

attachments.allowUnsafeNames: Set to true to allow suspicious characters in content attachment file names. Default: false.
resolveEmptyRegions: Set to true to use deprecated Content API functionality that will read Page/Layout descriptors and inject empty regions into fetched content objects. Default: false.

Setting resolveEmptyRegions to true can adversely impact system performance. By using this deprecated Content API functionality to read Page/Layout descriptors and inject empty regions into fetched content objects, additional computational resources and processing time are required. As such, it may lead to slower system response and reduced efficiency. Importantly, this functionality is deprecated and will be removed in future versions of Enonic XP. It is advisable to adapt your workflows to operate without this feature to ensure future compatibility.

Vacuum

XP_HOME/config/com.enonic.xp.vacuum.cfg

Configure default properties for vacuum process. .Sample vacuum config file

ageThreshold = P21D

ageThreshold: Age of data to be vacuumed. The format is based on the ISO-8601 duration format PnDTnHnMn.nS with days considered to be exactly 24 hours. Default: P21D (21 days).

Application

XP_HOME/config/com.enonic.xp.app.cfg

Configure applications behavior.

Deny all applications (system and local apps will still be installed)

filter = !*

Deny snapshotter app to be installed (still possible to install locally), all other applications allowed.

filter = !com.enonic.app.snapshotter,*

Allow only applications with "my.secure.corp." prefix.

filter = my.secure.corp.*

filter: Comma separated values rule(,rule)* of allow/deny rules. Default: * (allow all).

Rule can be prefixed with ! - that it is a deny rule, otherwise it is an allow rule. Rule can be suffixed with * - that is a wildcard rule.

Application names that start with ! or end with * or contain , or contain (space) are not supported.

Rules applied in order. First matching rule wins. If no matching rule found, application is denied.

System and local applications are not filtered. Global application installation is denied (error is thrown), if filter denies it. Stored application installation is skipped if filter denies it.

Filter rules apply separately on different nodes in cluster. If one cluster node denies an app, another cluster node may still allow it.

virtual.enabled: Allows the use of virtual applications. If set to true then schemas from virtual applications will be visible as resources. Default: false.
virtual.schema.override: When set to true, virtual application schemes will have a priority over schemes in a real application with the same name. When set to false virtual application schemes have no affect if real application with the same name exists. Default: true.

Disables virtual applications.

virtual.enabled = false

Disables priority of schemas from virtual applications.

virtual.schema.override = false

Task

XP_HOME/config/com.enonic.xp.task.cfg

Configure the task behaviour.

Sample task config file

distributable.acceptInbound = false
clustered.timeout = PT10S

distributable.acceptInbound: If true, accept inbound distributable tasks. Default: true.
clustered.timeout: The time (in ISO-8601 Period format) the node waits for a job (task or task-info job) to be submitted to another cluster node. Default: PT5S (5 seconds).

Scheduler

XP_HOME/config/com.enonic.xp.scheduler.cfg

Configure default custom jobs to be created for scheduling when an XP instance start. Skip creation if a job with the same name exists already. Only recurring (cron) jobs can be created by the config file. There is no guaranteed order for distributed environment, so the first started node will create its version of a job for the whole cluster.

Properties prefixed with init-job.<my-job-name> will describe properties of a job with <my-job-name> name.

Table 1. Params
Property	Type	Description
`init-job.<my-job-name>.enabled`	required	`true` - a created job will be able to be run according to its cron value and timezone. `false` - the job will be created, but never run until this property is set to true".
`init-job.<my-job-name>.cron`	required	Cron value describes how often the described task should be run. See string format.
`init-job.<my-job-name>.timezone`	optional	Timezone used for cron. See string format. JVM value will be used if nothing is set.
`init-job.<my-job-name>.descriptor`	required	Descriptor of the task to be scheduled. Format: `<idProvider>:<user>`
`init-job.<my-job-name>.config`	optional	JSON string with params for described task.
`init-job.<my-job-name>.user`	required	Principal key of the task submitter. Format: `<applicationKey>:<taskName>`
`init-job.<my-job-name>.description`	optional	contains string-format description of scheduled job.

Sample scheduler config file

init-job.my-job1.enabled=true
init-job.my-job1.cron=* * * * *
init-job.my-job1.descriptor=com.enonic.xp.app.myapp:task1
init-job.my-job1.description=Job to run `myapp:task1` every minute without params
init-job.my-job1.user=system:user1

init-job.my-job2.enabled=false
init-job.my-job2.cron=0 5 * * *
init-job.my-job2.timezone=GMT+2:00
init-job.my-job2.descriptor=com.enonic.xp.app.myapp:task2
init-job.my-job2.description=Job to run `myapp:task2` at 5:00AM every day according to it's timezone.
init-job.my-job2.user=system:user1
init-job.my-job2.config={"myparam1":"value1","myset":{"myparam2":"value2"}}

Properties prefixed with init-job.my-job1 describe properties of my-job1 job.

init-job.my-job1.enabled: true - job will be scheduled at server start.
init-job.my-job1.cron: * * * * * - will be run every minute.

Properties prefixed with init-job.my-job2 describe properties of my-job2 job.

init-job.my-job2.enabled: False - job will be created, but never run until it changes.
init-job.my-job2.cron: 0 5 * * * - job will be created to run task at 5:00AM every day according to it’s timezone.

Portal

XP_HOME/config/com.enonic.xp.portal.cfg

Configure the portal behaviour.

Sample content config file

asset.cacheControl = public, max-age=31536000, immutable
media.public.cacheControl = public, max-age=31536000, immutable
media.private.cacheControl = private, max-age=31536000, immutable
draftBranchAllowedFor = role:system.admin.login

Disable Content Security Policy for media

media.contentSecurityPolicy =
media.contentSecurityPolicy.svg =

asset.cacheControl: Defines assets cache-control header when asset is cachable. Default: public, max-age=31536000, immutable
media.public.cacheControl: Defines media (images, attachments) Cache-Control header when media is cachable and accessible by Everyone. Default: public, max-age=31536000, immutable
media.private.cacheControl: Defines media (images, attachments) Cache-Control header when media is cachable and not accessible by Everyone. Default: private, max-age=31536000, immutable
media.contentSecurityPolicy: Defines media (images, attachments) Content-Security-Policy header. Default: default-src 'none'; base-uri 'none'; form-action 'none'
media.contentSecurityPolicy.svg: Defines media (images, attachments) Content-Security-Policy header in cases when it is image/svg+xml mime type. Default: default-src 'none'; base-uri 'none'; form-action 'none'; style-src 'self' 'unsafe-inline'
draftBranchAllowedFor: Defines comma separated list of roles which are allowed to access the draft branch. Default: role:system.admin.login. Also, a user with role role:system.admin implicitly has access to the draft branch.

Image

XP_HOME/config/com.enonic.xp.image.cfg

Configure the image service behaviour.

Sample content config file

scale.maxDimension = 8000
filters.maxTotal = 5
memoryLimit = 100mb

scale.maxDimension: Defines maximum dimension size (both height and width) when scaling is done. Default: 8000
filters.maxTotal: Defines maximum total filters applied per call. Default: 25
memoryLimit: Defines Heap memory limit for image processing. If the memory limit is reached, the Image Service will start to protect itself from being overwhelmed by additional requests. It does so by responding with an HTTP 429 Too Many Requests status code to subsequent incoming requests. This memory limit acts as a soft cap rather than a hard limit. This means that the used memory can momentarily exceed the limit. The value is set in percentage of total Heap, or in memory units (mb, gb, …). Default: 10%

Export

XP_HOME/config/com.enonic.xp.export.cfg

Configure exports service behaviour.

Sample content config file

exports.dir = /xp-exports

exports.dir: Defines location of exports directory. Default: ${xp.home}/data/export

Binary Extractor

XP_HOME/config/com.enonic.xp.extractor.cfg

Configure binary extractor service behaviour.

Sample content config file

body.size.limit = 500000

body.size.limit: Defines maximum number of characters from a textual media. Default: 500000

Configuration files

Contents

Contents

Contents