Configuration files

Contents

This section describes how to configure Enonic XP and installed 3rd party applications.

XP_HOME/config

The XP_HOME/config/ folder contains all instance specific configuration.

XP_HOME/license

Some apps require a license to work. The XP_HOME/license folder is where the system looks for the licenses. The license should be named <appKey>.lic. If you are running an app with a license, please ask the supplier for the app key.

The Enonic apps, Content Studio+, Live Trace and Booster, all require an XP license to run. The app key for XP is "enonic.platform.subscription", so the license should be named enonic.platform.subscription.lic.

Format

All configuration files (both .cfg and .properties) use the properties format. This is a simple key = value format.

Sample config file
mySetting = true
another.setting = Not so sure
multiline.value = another \
                  line

Variables

XP also offers support for value variables, as this is often useful to handle dynamic settings.

Sample config with variable
another.setting = ${myvaraible}
somePath = ${xp.home}/myfolder

.properties vs .cfg

When changing files ending with .cfg, it’s respective application will automatically restart with the new configuration. Files ending with .properties require a full restart of the XP instance to be applied.

In a clustered environment, configuration files must be distributed to all nodes where it is relevant.

Custom config

To provide file based configuration to custom applications, simply place a file with the name <app-name>.cfg i.e. my.custom.app.cfg. in the XP_HOME/config/ folder, and it will instantly be available for the application.

Changing these files while XP is running will restart the application. When the application boots, it will use the new version of the configuration.

This configuration is instantly available for developers via the global app object.

Standard config files

The following are standard configuration files for Enonic XP

System Properties

XP_HOME/config/system.properties

Changes to this file requires a full restart of the XP instance in order to take effect.

Default version of system.properties
# Installation settings
# xp.name = demo

# Global security settings
# xp.suPassword = password
# xp.suPassword = {sha1}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

# Initialization settings
# xp.init.adminUserCreation = true
# xp.init.maxTries = 900

# Configuration FileMonitor properties
# felix.fileinstall.poll = 1000
# felix.fileinstall.noInitialDelay = true

# Config loading properties
# xp.config.paths = ${xp.home}/appconfig,/usr/local/xp/${node.role},/etc/xp/config
xp.name

sets the name displayed to users from the admin console main menu, use to clarify what environment the user is working in

xp.suPassword

override su user’s password in database, if any. Can also be used with hashing, the following are supported: sha1, sha256, sha512 and md5.

xp.init.maxTries

Number of attampts system initializers will do to check if initialization is done. Default is 300 (which equals to 5 minutes) - before XP 7.14.3 and 900 (which equals to 5 minutes) after.

xp.stop.gracePeriod

Time in milliseconds XP waits for all services to stop. Default is 600000 (10 minutes). Before XP 7.14.3 value was 10000 (10 seconds) and not configurable.

felix.fileinstall.poll

Frequency in ms for how often the configuration folders are scanned for changes

xp.config.paths

Config folders to scan in addition to XP_HOME/config/. Useful for fine grained control over configuration management. Folders will be scanned in the defined order. The first file found per configuration will be used.

Vhost

XP_HOME/config/com.enonic.xp.web.vhost.cfg

The standard XP port (default: 8080) provides access to webapps/, site/ and admin/ endpoints. Vhosts enable you to define controlled and secured access to a single webapp, site or even the admin console.

Virtual hosts are automatically updated upon change.

Sample vhost config file with a one entry
enabled = true

mapping.myapp.host = company.com
mapping.myapp.source = /app
mapping.myapp.target = /webapp/name.of.my.app
mapping.myapp.idProvider.myldap = default
enabled

turns on or of vhosts, enabled = false should only be used for development purposes

host

specifies the hostname (aka domain) the vhost will handle

source

refers to basepath used in request, sample above handles company.com/app

target

is the internal route in XP to the specific endpoint/service

idProvider

optionally adds one or more idProviders to the vhost. idProvider must be followed by the name of an existing idProvider. The example above refers to the idProvider called myldap. Supported values are default or enabled. Only one entry may use default.

Each mapping must define a unique name to separate the mappings when multiple mappings in the same file. In the example above myapp is used.
Sample vhost config file with both site and admin entries
mapping.website.host = example.com
mapping.website.source = /
mapping.website.target = /site/default/master/website
mapping.website.idProvider.adfs = default
mapping.website.idProvider.system = enabled

mapping.admin.host = example.com
mapping.admin.source = /admin
mapping.admin.target = /admin
mapping.admin.idProvider.system = default

Mail

XP_HOME/config/com.enonic.xp.mail.cfg

Use this file to configure global mail server settings for XP.

Sample mail configuration with authentication and TLS enabled
smtpHost=mail.server.com
smtpPort=25
smtpAuth=true
smtpUser=user
smtpPassword=secret
smtpTLS=true
defaultFromEmail=noreply@domain.com
smtpHost

Host name of the SMTP server. Default: localhost.

smtpPort

TCP port of the SMTP server. Default: 25.

smtpAuth

Enable authentication with SMTP server. Default: false

smtpUser

User to be used during authentication with the SMTP server, if ‘smtpAuth = true`.

smtpPassword

Password to be used during authentication with the SMTP server, if ‘smtpAuth = true`.

smtpTLS

Turns on Transport Layer Security (TLS) security for SMTP if required. Default: false.

defaultFromEmail

Default email address to use as sender for all emails sent from XP if sender is not explicitly specified.

Repo

XP_HOME/config/com.enonic.xp.repo.cfg

Use this file to configure the node repository layer.

Example below uses default settings
cache.size = 1000000
snapshots.dir = ${xp.home}/snapshots
cache.size

XP XP 7.13.0 7.13.0 Specifies the maximum number of nodes to keep in memory. Default: 100000

snapshots.dir

Specifies the root location for where to find and place snapshot files. Default: ${xp.home}/snapshots

If you change this value, remember to update value for path.repo in com.enonic.xp.elasticsearch.cfg as well.

Blobstore

XP_HOME/config/com.enonic.xp.blobstore.cfg

Control settings for the blobstore persistence layer.

Sample showing default settings
provider = file
cache = true
cache.sizeThreshold = 1mb
cache.FCapacity = 100mb
provider

is the blobstore provider to use. Default value is file. Other providers will be made available in future releases. Each provider will have a separate configuration file named com.enonic.xp.blobstore.<providername>.cfg

cache

enables or disables memory caching of blobs fetched from the blobstore. Default: true

cache.sizeThreshold

specifies the maximum size for objects to be cached. Default: 1mb. The size notation accepts a number plus byte-size identifier (b/kb/mb/gb/tb/pb)

cache.memoryCapacity

is the maximum memory footprint of the blob cache. Default: 100mb. The size notation accepts a number plus byte-size identifier (b/kb/mb/gb/tb/pb)

File blobstore

XP_HOME/config/com.enonic.xp.blobstore.file.cfg

Control settings for the file-based blobstore implementation

Sample showing default settings
baseDir = ${xp.home}/repo/blob
readThrough.provider = none
readThrough.enabled = false
readThrough.sizeThreshold = 100mb
baseDir

specifies root location of blobs. Default: `${xp.home}/repo/blob.

readThrough.enabled

enables or disables readthough provider. Default: false.

readThrough.sizeThreshold

specifies he maximum size of objects to be cache in readthrough provider. Default: 100mb. The size notation accepts a number plus byte-size idenfier (b/kb/mb/gb/tb/pb)

Cluster

XP_HOME/config/com.enonic.xp.cluster.cfg

Basic cluster settings

Sample cluster configuration
cluster.enabled = false
node.name = Anode

discovery.unicast.hosts = 127.0.0.1
network.host = 127.0.0.1
network.publish.host = 127.0.0.1
cluster.enabled

When true node wil try to join a cluster. Default: false.

node.name

should normally not be set. Default: auto generated value

discovery.unicast.hosts

is an explicit list of nodes that can join the cluster. Default: 127.0.0.1.

network.host

sets the bind address. Default: 127.0.0.1. Can be an explicit IP-address, a host-name or an alias. See the section below for an overview of aliases.

network.publish.host

sets the address other nodes will use to communicate with this node. Default: not set (127.0.0.1 before XP 7.5.0). Cannot be more than one IP-address. Can be an explicit IP-address, a host-name or an alias. See the section below for an overview of aliases.

Using host-name values is not recommended because DNS can be spoofed. NOTE: Values set as host-name are resolved to a single IP-address of the host-name.

Network host aliases:

  • _local_ : Will be resolved to the local ip address.

  • _[networkInterface]_ : Resolves to the ip address of the provided network interface. For example _en0_

  • _[networkInterface]:ipv4_ : Resolves to the ipv4 address of the provided network interface. For example _en0:ipv4_

  • _[networkInterface]:ipv6_ : Resolves to the ipv6 address of the provided network interface. For example _en0:ipv6_

Elasticsearch

XP_HOME/config/com.enonic.xp.elasticsearch.cfg

Tuning of all relevant settings for the embedded Elasticsearch component

Sample ES configuration
node.data = true
node.master = true

path = ${xp.home}/repo/index
path.data = ${path}/data
path.repo = ${xp.home}/snapshots
path.work = ${path}/work
path.conf = ${path}/conf
path.logs = ${path}/logs
path.plugins = ${path}/plugins

cluster.name = mycluster
cluster.routing.allocation.disk.threshold_enabled = false

http.enabled = false
transport.tcp.port = 9300-9400

gateway.expected_nodes = 1
gateway.recover_after_time = 5m
gateway.recover_after_nodes = 1
discovery.zen.minimum_master_nodes = 1
discovery.unicast.port = 9300
index.recovery.initial_shards = 1

discovery.unicast.sockets =
node.data

Allow data to be distributed to this node. Default: true.

node.master

Allow this node to be eligible as a master node. Default: true.

path

Path to directory where elasticsearch stores files. Default: ${xp.home}/repo/index. Should be on a local file-system, not sharded.

path.data

Path to directory where to store index data allocated for this node. Default: $path/data.

path.repo

Allowed location for placing snapshots. NB! Use same value as for snapshots.dir as specified in com.enonic.xp.repo.cfg

path.work

Path to temporary files. Default: ${xp.home}/repo/index/work.

path.conf

Path to directory containing configuration. Default: $path/conf.

path.logs

Path to log files. Default: ${xp.home}/repo/index/logs.

path.plugins

Path to where plugins are installed. Default: $path/plugins.

cluster.name

Elasticsearch cluster name. Default: mycluster.

cluster.routing.allocation.disk.threshold_enabled

Prevent shard allocation on nodes depending on disk usage. Default: false.

http.enabled

Enable the HTTP module. Default false.

transport.tcp.port

Custom port for the node to node communication. Default: 9300-9400.

gateway.expected_nodes

Number of nodes expected to be in the cluster to start the recovery immediately. Default: 1.

gateway.recover_after_time

Time to wait until recovery happens once the nodes are met. Default: 5m.

gateway.recover_after_nodes

Number of nodes expected to be in the cluster to start the recovery after gateway.recover_after_time. Default: 1.

discovery.unicast.port

List of ports to perform discovery when new nodes are started. Default: 9300.

discovery.unicast.sockets

Comma separated list of hosts to be discovered as seed nodes.

index.recovery.initial_shards

Number of shards expected to be found on full cluster restart per index. Default: quorum.

index.auto_expand_replicas

Auto-expand the number of replicas based on the number of available nodes. Set to a dash delimited lower and upper bound (e.g. 0-5) or use all for the upper bound (e.g. 0-all). Defaults to false (i.e. disabled).

Hazelcast

XP XP 7.4.0 7.4.0

XP_HOME/config/com.enonic.xp.hazelcast.cfg

Tuning of all relevant settings for the embedded Hazelcast component

Sample Hazelcast configuration
network.port=5702
network.join.tcpIp.members=127.0.0.1:5701,127.0.0.1:5702
system.hazelcast.initial.min.cluster.size=2
Sample Hazelcast configuration for Kubernetes DNS discovery
clusterConfigDefaults=false
system.hazelcast.initial.min.cluster.size=2
network.join.tcpIp.enabled=false
network.join.kubernetes.enabled=true
network.join.kubernetes.serviceDns=main.default.svc.cluster.local
Sample Hazelcast configuration for Kubernetes API discovery
clusterConfigDefaults=false
system.hazelcast.initial.min.cluster.size=2
network.join.tcpIp.enabled=false
network.join.kubernetes.enabled=true
network.join.kubernetes.serviceName=cluster-discovery
network.join.kubernetes.namespace=my-namespace
network.join.kubernetes.kubernetesApiRetries=10
network.join.kubernetes.resolveNotReadyAddresses=true
clusterConfigDefaults

If true some properties set based on xp cluster configuration. Default: true

liteMember

Hazelcast Lite member which does not own any partitions. Default: false.

network.port

Custom port for the node to node communication. Default: 5701.

network.portCount

How many ports try to bind while searching for available port. Default: 100.

network.portAutoIncrement

Enables available port search. Default: false.

network.publicAddress

Overrides the public address of a member. It should be set in the format "host IP address:port number". Ignored when clusterConfigDefaults is true.

network.join.multicast.enabled

Enable Multicast discovery. Default: false.

network.join.kubernetes.enabled

Enable Kubernetes discovery. Default: false.

network.join.kubernetes.serviceDns

XP XP 7.7.0 7.7.0 Service DNS for Kubernetes discovery. If not set, discovery over Kubernetes API is used. Default is not set.

network.join.kubernetes.namespace

XP XP 7.7.0 7.7.0 Kubernetes Namespace where Hazelcast is running. Default is not set.

network.join.kubernetes.serviceName

XP XP 7.7.0 7.7.0 Service name used to scan only PODs connected to the given service. Default is not set.

network.join.kubernetes.serviceLabelName

XP XP 7.7.0 7.7.0 Service label used to tag services that should form the Hazelcast cluster together. Default is not set.

network.join.kubernetes.serviceLabelValue

XP XP 7.7.0 7.7.0 Service value used to tag services that should form the Hazelcast cluster together. Default is not set.

network.join.kubernetes.podLabelName

XP XP 7.7.0 7.7.0 POD label used to tag PODs that should form the Hazelcast cluster together. Default is not set.

network.join.kubernetes.podLabelValue

XP XP 7.7.0 7.7.0 POD value used to tag PODs that should form the Hazelcast cluster together. Default is not set.

network.join.kubernetes.resolveNotReadyAddresses

XP XP 7.7.0 7.7.0 If set to true, it checks also the addresses of PODs which are not ready. Default: false.

network.join.kubernetes.useNodeNameAsExternalAddress

XP XP 7.7.0 7.7.0 If set to true, uses the node name to connect to a NodePort service instead of looking up the external IP using the API. Default: false.

network.join.kubernetes.kubernetesApiRetries

XP XP 7.7.0 7.7.0 Number of retries in case of issues while connecting to Kubernetes API. Default: 3.

network.join.tcpIp.enabled

Enable TcpIP discovery. Default: true.

network.join.tcpIp.members

Comma separated list of well-known members. If not provided and clusterDefaults=true then cluster’s discovery.unicast.hosts used instead.

network.interfaces.enabled

Enables specification of which network interfaces that Hazelcast should use. Default: false. Ignored when clusterConfigDefaults is true.

network.interfaces

Comma separated list of ip addresses for binding. Ignored when clusterConfigDefaults is true.

network.restApi.enabled

Enable Hazelcast REST API. Default: false.

network.restApi.restEndpointGroups

Comma separated list of REST API Endpoint Groups. Default: HEALTH_CHECK, CLUSTER_READ.

partition.group.enabled

XP XP 7.7.0 7.7.0 Enable partition grouping. Default: false.

partition.group.groupType

XP XP 7.7.0 7.7.0 Partition grouping type. Default: PER_MEMBER.

system.hazelcast.phone.home.enabled

Enable or disable the sending of phone home data to Hazelcast’s phone home server. Default: true.

system.hazelcast.socket.bind.any

Bind both server-socket and client-sockets to any local interface. Default: true.

system.hazelcast.initial.min.cluster.size

Initial expected cluster size to wait before the node to start completely. Default: 2.

system.hazelcast.prefer.ipv4.stack

Prefer IPv4 Stack, don’t use IPv6. Default: true.

system.hazelcast.tcp.join.port.try.count

The number of incremental ports, starting with the port number defined in the network configuration, that is used to connect to a host. Default: 1.

system.hazelcast.max.no.heartbeat.seconds

Maximum timeout of heartbeat in seconds for a member to assume it is dead. Default: 60.

system.hazelcast.heartbeat.interval.seconds

Heartbeat send interval in seconds. Default: 5.

system.hazelcast.mastership.claim.timeout.seconds

Timeout which defines when master candidate gives up waiting for response to its mastership claim. Default: 120.

hazelcast.wait.seconds.before.join

Wait time in seconds before join operation. Default: 5.

hazelcast.max.wait.seconds.before.join

Maximum wait time in seconds before join operation Default: 20.

In case of using Kubernetes API discovery each node makes a call to Kubernetes Master in order to discover PODs. It also requires granting certain permissions. You can find more information in the documentation of Hazelcast Discovery Plugin for Kubernetes.

Admin

XP_HOME/config/com.enonic.xp.admin.cfg

General setting for /admin

Disable Content Security Policy for site preview
site.preview.contentSecurityPolicy=
Allow scripts from maps.googleapis.com
site.preview.contentSecurityPolicy=default-src 'self'; base-uri 'self'; form-action 'self'; script-src 'self' maps.googleapis.com; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:
site.preview.contentSecurityPolicy

Defines default value for Content-Security-Policy header for the site engine - when running in Admin Context. The policy is applied in preview and inline mode - if the page controllers do not specify a Content-Security-Policy header itself. Default: default-src 'self'; base-uri 'self'; form-action 'self'; script-src 'self'; object-src 'none'; img-src * data:; style-src * 'unsafe-inline'; font-src * data:

Home app

XP_HOME/config/com.enonic.xp.app.main.cfg

Disable welcome tour
# Disable the "Welcome tour". Default: false
tourDisabled = true
tourDisabled

Specify if welcome tour should be enabled or not. Default: false

Applications app

XP_HOME/config/com.enonic.xp.app.applications.cfg

Disable installation of apps from UI
readonlyMode = true
readonlyMode

Activate read only mode to prevent installation and stop/start of applications via UI. Default: false

Jetty

XP_HOME/config/com.enonic.xp.web.jetty.cfg

Selected options to configure the embedded servlet engine Jetty

Sample Jetty configuration
host =
sendServerHeader = false

# Connection
timeout = 60000

# HTTP settings
http.enabled = true
http.port = 8080
http.requestHeaderSize = 32768
http.responseHeaderSize = 32768

# Session
session.timeout = 60
session.cookieName = JSESSIONID

# Compression
gzip.enabled = true
gzip.minSize = 23

# Logging
log.enabled = false
log.file = ${xp.home}/logs/jetty-yyyy_mm_dd.request.log
log.append = true
log.extended = true
log.timeZone = GMT
log.retainDays = 31

# Thread Pool
threadPool.maxThreads = 200
threadPool.minThreads = 8
threadPool.idleTimeout = 60000

# Websocket
websocket.idleTimeout = 300000
host

should only be set this if host name (or ip) needs to be fixed.

sendServerHeader

True to send server name in header. Default: false.

timeout

specifies socket timeout for connections in ms.

http.enabled

true enables HTTP connections. Default: true.

http.port

specifies http port number to use. Default: 8080.

http.requestHeaderSize

Maximum request header size. Default: 32K.

http.requestHeaderSize

Maximum response header size. Default: 32K.

session.timeout

Session timeout (when inactive) in minutes. Default: 60.

session.cookieSameSite

XP XP 7.3.0 7.3.0 :: Specifies SameSite flag for session cookie. Can be Lax, None, Strict or unspecified. Default: Lax.

session.cookieAlwaysSecure

XP XP 7.3.0 7.3.0 :: If true, forces session cooke Secure flag even for HTTP connections. Default: false.

session.cookiename

Cookie name to use for sessions. Default: JSESSIONID.

gzip.enabled

Enables GZIP compression for responses. Default: true.

gzip.minsize

Minimum number of bytes in response to consider compressing the response. Default: 23.

log.enabled

Turns on request logging. Default: false.

log.file

Request log file location. Default: ${xp.home}/logs/jetty-yyyy_mm_dd.request.log.

log.append

append to existing file, or create new one when started. Default: true.

log.extended

turns on extended logging format. Default: true.

log.timeZone

Timezone to display timestamp in. Default: GMT.

log.retainDays

Number of days to retain the logs. Default: 31.

threadPool.maxThreads XP XP 7.3.0 7.3.0

Maximum number of threads. Default: 200.

threadPool.minThreads XP XP 7.3.0 7.3.0

Minimum number of threads. Default: 8.

threadPool.idleTimeout XP XP 7.3.0 7.3.0

Thread idle timeout (in milliseconds). Default: 60000.

websocket.idleTimeout XP XP 7.3.0 7.3.0

The time (in milliseconds) that a websocket may be idle before closing. Default: 300000.

Setting session.cookieAlwaysSecure to true would make session-involved login on HTTP connections impossible.

SessionStore

XP XP 7.4.0 7.4.0

XP_HOME/config/com.enonic.xp.web.sessionstore.cfg

Sample SessionStore configuration
storeMode = replicated
saveOnCreate = true
flushOnResponseCommit = true
storeMode

Switches between SessionStore mode. Can be replicated or non-persistent. In Replicated mode sessions are distributed over nodes in the cluster using Jetty-Hazelcast integration. Default: non-persistent.

savePeriodSeconds

A non-zero value means that session won’t be persisted if only the access time changed, and it has been less than savePeriodSeconds since the last time the session was written. Has no effect in non-persistent storeMode. Default: 0.

gracePeriodSeconds

Specifies how many seconds to wait for non-session-owner nodes to be checked to verify an expired session is in fact expired throughout the cluster before closing it. Has no effect in non-persistent storeMode. Default: 3600.

saveOnCreate

Controls whether a session that is newly created will be immediately (true) or lazily (false) persisted as the last request for the session exits. Has no effect in non-persistent storeMode. Default: false.

flushOnResponseCommit

Controls whether a session that is changed ("dirty") will be persisted as the response is about to commit. If false, a dirty session will only be persisted when the last simultaneous request for it leaves the session. Has no effect in non-persistent storeMode. Default: false.

Media

XP_HOME/config/com.enonic.xp.media.cfg

Specify additional mime types if you are missing something.

Sample additional mime types
# Media type mappings
ext.mp3 = audio/mpeg3
ext.p = text/x-pascal
ext.<file-extension>

value must match a defined mime type

OSGi shell

XP_HOME/config/com.enonic.xp.server.shell.cfg

Optionally activate shell to manage OSGi bundles remotely

Sample config to activate shell
enabled = true
telnet.ip = 127.0.0.1
telnet.port = 5555
telnet.maxConnect = 2
telnet.socketTimeout = 0
enabled

turns on shell service. Default: false.

telnet.ip

Default: 127.0.0.1

telnet.port

Port to use for service. Default: 5555.

telnet.maxConnect

Maximum number of concurrent connections. Default: 2.

telnet.socketTimeout

Default: 0

DoS filter

XP_HOME/config/com.enonic.xp.web.dos.cfg

Activate and configure the DoS (Denial Of Service) feature.

Sample config to activate shell
enabled = true

maxRequestsPerSec = 25
delayMs = 100
maxWaitMs = 50
throttledRequests = 5
throttleMs = 30000
maxRequestMs = 30000
maxIdleTrackerMs = 30000
insertHeaders = true
trackSessions = true
remotePort = false
ipWhitelist =
enabled

enables the DOS filter. Default: false.

maxRequestsPerSec

Maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. Default: 25.

delayMs

Delay imposed on all requests over the rate limit. -1 = reject request, 0 delay. Default: 100.

maxWaitMs

Duration in ms to blocking wait for the throttle semaphore. Default: 50.

throttledRequests

Number of requests over the rate limit to be considered at once. Default: 5.

throttleMs

Duration in ms to async wait for semaphore. Default: 30000.

maxRequestMs

Duration in ms to allow the request to run. Default: 30000.

maxIdleTrackersMs

Duration in ms to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it. Default: 30000.

insertHeaders

If true, insert the DoSFilter headers into the response. Default: true.

trackSessions

If true, usage rate is tracked by session if a session exists. Default: true.

remotePort

If true and session tracking is not used, then rate is tracked by IP+port (effectively connection). Default: false.

ipWhitelist

A comma-separated list of IP addresses that will not be rate limited.

Header Filter

XP_HOME/config/com.enonic.xp.web.header.cfg

Configure default HTTP response headers.

Cross site scripting prevention headers
headerConfig = set X-Frame-Options: SAMEORIGIN,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff
headerConfig

Customizes default HTTP response headers. Accepts the following format: [action] [header name]: [header value](,[action] [header name]: [header value]). Supported header actions are set, add, setDate and addDate. Default: set X-Frame-Options: DENY,set X-XSS-Protection: 1; mode=block,set X-Content-Type-Options: nosniff

Market

XP_HOME/config/com.enonic.xp.market.cfg

Enonic Market configuration options:

Default config file settings
marketUrl = https://market.enonic.com/applications

UDC

XP_HOME/config/com.enonic.xp.server.udc.cfg

UDC (Usage Data Collector) is passing anonymous usage data 10 minutes after startup and then every 24 hours. This is only used to see what platforms are used and improve platform stability.

Sample UDC config file - default true
enabled = true

Standard IDprovider

XP_HOME/config/com.enonic.xp.app.standardidprovider.cfg

The Standard ID Provider, in charge of the login for admin by default, has a “Create Admin User” mode for new installations. When enabled, you may postpone creation of the admin user. You may turn off this feature.

Sample idprovider config file
loginWithoutUser = true
loginWithoutUser

Set to false to force creation of user before logging in. Default: true.

Logging

XP_HOME/config/logback.xml

Configure all logging inside the system.

Default logback file
<configuration scan="true" scanPeriod="60 seconds"> (1)
  <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> (2)
    <file>${xp.home}/logs/server.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
      <fileNamePattern>${xp.home}/logs/server.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
      <maxFileSize>100MB</maxFileSize>
      <maxHistory>7</maxHistory>
      <totalSizeCap>3GB</totalSizeCap>
    </rollingPolicy>
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>

  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <withJansi>true</withJansi>
    <encoder>
      <pattern>%date{ISO8601} %highlight(%-5level) %cyan(%logger{36}) - %msg%n</pattern>
    </encoder>
  </appender>

  <root level="info"> (3)
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </root>

  <logger name="Events.Service" level="WARN" additivity="false">
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </logger>

  <logger name="Events.Bundle" level="WARN" additivity="false">
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
  </logger>
</configuration>
1 Configuration

scan: If true sets the file in scan mode and will reconfigure itself when the configuration file changes.

scanPeriod: Sets the scanning period. Values can be specified in units of miliseconds, seconds, miniutes or hours. Defaults to every minute. If no unit of time is specified, milisceonds will be used.

2 Appender creates a new logging component

class Points to what java class you want handle your logging

Possible classes:

ConsoleAppender: "ch.qos.logback.core.ConsoleAppender" ConsoleAppender
FileAppender: "ch.qos.logback.core.FileAppender" FileAppender
RollingFileAppender: "ch.qos.logback.core.rolling.RollingFileAppender" RollingFileAppender

3 Root Configuring the root logger.

level Can be set on <logger> and <root> to specify the importance of the message logged.

values: "DEBUG", "INFO", "WARN", "ERROR", "ALL", "OFF" or "TRACE" See: Logger, Root for additional information

Additional information can be found here: Logback documentation

Audit

This config file was first introduced in v7.2

XP_HOME/config/com.enonic.xp.audit.cfg

Configure the audit log feature.

Sample audit config file
enabled = true
outputLogs = false
ageThreshold =
enabled

Set to false to disable the creation of audit log entries. Default: true.

outputLogs

Set to true to log the stored audit log entries. Default: false.

ageThreshold

Age of data to be removed by a cleanup task. The format is based on the ISO-8601 duration format PnDTnHnMn.nS with days considered to be exactly 24 hours. Nothing will be removed by default, duration must me set.

Content

This config file was first introduced in v7.2

XP_HOME/config/com.enonic.xp.content.cfg

Configure the content layer behaviour.

Sample content config file
auditlog.enabled = true
auditlog.enabled

Set to false to disable the creation of audit log entries on content API operations. Default: true.

Audit log can be disabled by common enabled property. Content flag won’t affect anything in this case.
auditlog.filter

XP XP 7.12.0 7.12.0 Comma separated values rule(,rule)* of allow/deny rules. Default: !system.content.update,* (allow everything except "content update" event).

A rule prefixed with ! is a deny rule, otherwise it is an allow rule. A rule suffixed with * is a wildcard rule.

Rules are applied in sequence. A first matching rule wins. If no matching rule found, event type is denied. Only content event types can be filtered.

None of events will be logged
auditlog.filter = !*
Allow all event types
auditlog.filter = *
Every event type except 'system.content.update' will be logged (default behavior)
auditlog.filter = !system.content.update,*
Allow only event types with "system.content.set*" prefix.
auditlog.filter = system.content.set*
attachments.allowUnsafeNames

Set to true to allow suspicious characters in content attachment file names. Default: false.

resolveEmptyRegions

XP XP 7.13.1 7.13.1 Set to true to use deprecated Content API functionality that will read Page/Layout descriptors and inject empty regions into fetched content objects. Default: false.

Setting resolveEmptyRegions to true can adversely impact system performance. By using this deprecated Content API functionality to read Page/Layout descriptors and inject empty regions into fetched content objects, additional computational resources and processing time are required. As such, it may lead to slower system response and reduced efficiency. Importantly, this functionality is deprecated and will be removed in future versions of Enonic XP. It is advisable to adapt your workflows to operate without this feature to ensure future compatibility.

Vacuum

XP_HOME/config/com.enonic.xp.vacuum.cfg

Configure default properties for vacuum process. .Sample vacuum config file

ageThreshold = P21D
ageThreshold

Age of data to be vacuumed. The format is based on the ISO-8601 duration format PnDTnHnMn.nS with days considered to be exactly 24 hours. Default: P21D (21 days).

Application

XP XP 7.6.0 7.6.0

XP_HOME/config/com.enonic.xp.app.cfg

Configure applications behavior.

Deny all applications (system and local apps will still be installed)
filter = !*
Deny snapshotter app to be installed (still possible to install locally), all other applications allowed.
filter = !com.enonic.app.snapshotter,*
Allow only applications with "my.secure.corp." prefix.
filter = my.secure.corp.*
filter

Comma separated values rule(,rule)* of allow/deny rules. Default: * (allow all).

Rule can be prefixed with ! - that it is a deny rule, otherwise it is an allow rule. Rule can be suffixed with * - that is a wildcard rule.

Application names that start with ! or end with * or contain , or contain   (space) are not supported.

Rules applied in order. First matching rule wins. If no matching rule found, application is denied.

System and local applications are not filtered. Global application installation is denied (error is thrown), if filter denies it. Stored application installation is skipped if filter denies it.

Filter rules apply separately on different nodes in cluster. If one cluster node denies an app, another cluster node may still allow it.

XP XP 7.11.0 7.11.0

virtual.enabled

Allows the use of virtual applications. If set to true then schemas from virtual applications will be visible as resources. Default: false.

virtual.schema.override

When set to true, virtual application schemes will have a priority over schemes in a real application with the same name. When set to false virtual application schemes have no affect if real application with the same name exists. Default: true.

Disables virtual applications.
virtual.enabled = false
Disables priority of schemas from virtual applications.
virtual.schema.override = false

Task

XP XP 7.6.0 7.6.0

XP_HOME/config/com.enonic.xp.task.cfg

Configure the task behaviour.

Sample task config file
distributable.acceptInbound = false
clustered.timeout = PT10S
distributable.acceptInbound

If true, accept inbound distributable tasks. Default: true.

clustered.timeout

The time (in ISO-8601 Period format) the node waits for a job (task or task-info job) to be submitted to another cluster node. Default: PT5S (5 seconds).

Scheduler

XP XP 7.7.0 7.7.0

XP_HOME/config/com.enonic.xp.scheduler.cfg

Configure default custom jobs to be created for scheduling when an XP instance start. Skip creation if a job with the same name exists already. Only recurring (cron) jobs can be created by the config file. There is no guaranteed order for distributed environment, so the first started node will create its version of a job for the whole cluster.

Properties prefixed with init-job.<my-job-name> will describe properties of a job with <my-job-name> name.

Table 1. Params
Property Type Description

init-job.<my-job-name>.enabled

required

true - a created job will be able to be run according to its cron value and timezone. false - the job will be created, but never run until this property is set to true".

init-job.<my-job-name>.cron

required

Cron value describes how often the described task should be run. See string format.

init-job.<my-job-name>.timezone

optional

Timezone used for cron. See string format. JVM value will be used if nothing is set.

init-job.<my-job-name>.descriptor

required

Descriptor of the task to be scheduled. Format: <idProvider>:<user>

init-job.<my-job-name>.config

optional

JSON string with params for described task.

init-job.<my-job-name>.user

required

Principal key of the task submitter. Format: <applicationKey>:<taskName>

init-job.<my-job-name>.description

optional

contains string-format description of scheduled job.

Sample scheduler config file
init-job.my-job1.enabled=true
init-job.my-job1.cron=* * * * *
init-job.my-job1.descriptor=com.enonic.xp.app.myapp:task1
init-job.my-job1.description=Job to run `myapp:task1` every minute without params
init-job.my-job1.user=system:user1

init-job.my-job2.enabled=false
init-job.my-job2.cron=0 5 * * *
init-job.my-job2.timezone=GMT+2:00
init-job.my-job2.descriptor=com.enonic.xp.app.myapp:task2
init-job.my-job2.description=Job to run `myapp:task2` at 5:00AM every day according to it's timezone.
init-job.my-job2.user=system:user1
init-job.my-job2.config={"myparam1":"value1","myset":{"myparam2":"value2"}}

Properties prefixed with init-job.my-job1 describe properties of my-job1 job.

init-job.my-job1.enabled

true - job will be scheduled at server start.

init-job.my-job1.cron

* * * * * - will be run every minute.

Properties prefixed with init-job.my-job2 describe properties of my-job2 job.

init-job.my-job2.enabled

False - job will be created, but never run until it changes.

init-job.my-job2.cron

0 5 * * * - job will be created to run task at 5:00AM every day according to it’s timezone.

Portal

XP XP 7.7.0 7.7.0

XP_HOME/config/com.enonic.xp.portal.cfg

Configure the portal behaviour.

Sample content config file
asset.cacheControl = public, max-age=31536000, immutable
media.public.cacheControl = public, max-age=31536000, immutable
media.private.cacheControl = private, max-age=31536000, immutable
draftBranchAllowedFor = role:system.admin.login
Disable Content Security Policy for media
media.contentSecurityPolicy =
media.contentSecurityPolicy.svg =
asset.cacheControl

Defines assets cache-control header when asset is cachable. Default: public, max-age=31536000, immutable

media.public.cacheControl

Defines media (images, attachments) Cache-Control header when media is cachable and accessible by Everyone. Default: public, max-age=31536000, immutable

media.private.cacheControl

Defines media (images, attachments) Cache-Control header when media is cachable and not accessible by Everyone. Default: private, max-age=31536000, immutable

media.contentSecurityPolicy

Defines media (images, attachments) Content-Security-Policy header. Default: default-src 'none'; base-uri 'none'; form-action 'none'

media.contentSecurityPolicy.svg

Defines media (images, attachments) Content-Security-Policy header in cases when it is image/svg+xml mime type. Default: default-src 'none'; base-uri 'none'; form-action 'none'; style-src 'self' 'unsafe-inline'

draftBranchAllowedFor

Defines comma separated list of roles which are allowed to access the draft branch. Default: role:system.admin.login. Also, a user with role role:system.admin implicitly has access to the draft branch.

Image

XP XP 7.7.0 7.7.0

XP_HOME/config/com.enonic.xp.image.cfg

Configure the image service behaviour.

Sample content config file
scale.maxDimension = 8000
filters.maxTotal = 5
memoryLimit = 100mb
scale.maxDimension

Defines maximum dimension size (both height and width) when scaling is done. Default: 8000

filters.maxTotal

Defines maximum total filters applied per call. Default: 25

memoryLimit

XP XP 7.8.0 7.8.0 Defines Heap memory limit for image processing. If the memory limit is reached, the Image Service will start to protect itself from being overwhelmed by additional requests. It does so by responding with an HTTP 429 Too Many Requests status code to subsequent incoming requests. This memory limit acts as a soft cap rather than a hard limit. This means that the used memory can momentarily exceed the limit. The value is set in percentage of total Heap, or in memory units (mb, gb, …​). Default: 10%

Export

XP XP 7.8.0 7.8.0

XP_HOME/config/com.enonic.xp.export.cfg

Configure exports service behaviour.

Sample content config file
exports.dir = /xp-exports
exports.dir

Defines location of exports directory. Default: ${xp.home}/data/export

Binary Extractor

XP XP 7.2.0 7.2.0

XP_HOME/config/com.enonic.xp.extractor.cfg

Configure binary extractor service behaviour.

Sample content config file
body.size.limit = 500000
body.size.limit

Defines maximum number of characters from a textual media. Default: 500000


Contents

Contents

AI-powered search

Juke AI