MTG EST Configuration

spring.profiles.active

true

prod

server.port

false

8503

Server HTTP port.

clm.url

true

-

Points to the HTTP location where the CLM is running.

clm.apiclient.id

true

-

The provider ID that the RA API Client uses for the connection to the CLM. This can be obtained from the CLM when an API client with a default policy is configured.

Example: ffc0d281-f9df-45cd-a30d-1881cd67012a

clm.apiclient.secret

true

-

The secret that the RA API Client uses for the connection to the CLM. This can be obtained from the CLM when an API client with a default policy is configured.

openid.provider.baseUrl

true

-

Points to the HTTP location where the Keycloak server is running.

logging.level.app

false

INFO

Specifies the log level of the log messages which are created directly by the application. This property is only used if the property logging.file.name or logging.file.path is configured.

logging.level.web

false

WARN

This property sets the log level of the webserver layer.

logging.level.sql

false

WARN

This property sets the log level of the database layer.

logging.config

false

WARN

Specifies the path to a log4j2/logback configuration file. The path can be an exact location or to the current directory. This property cannot be used together with the logging.file.name or logging.file.path property.

logging.file.path

false

/var/log/mtg/mtg-est-server/

Specifies the directory where the application log files are stored. The directory path can be an exact location or relative to the current directory. This property cannot be used together with the logging.config or logging.file.name property.

logging.level.*

false

-

Specifies the level of the log messages which are created by third party components. It allows very fine granular control of the logging level. See also docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#logging.level . This property is only used if the property logging.file.name or logging.file.path is configured.

Examples: logging.level.sql=DEBUG, logging.level.web=WARN

logging.logback.rollingpolicy.file-name-pattern

false

${LOG_FILE}.%d{yyyy-MM-dd}.%i.gz

The filename pattern used to create log archives. (Copied verbatim from LogRotation.)

logging.logback.rollingpolicy.clean-history-on-start

false

false

If log archive cleanup should occur when the application starts. (Copied verbatim from LogRotation.)

logging.logback.rollingpolicy.max-file-size

false

10MB

The maximum size of log file before it is archived. (Copied verbatim from LogRotation.)

logging.logback.rollingpolicy.total-size-cap

false

0B

The maximum amount of size log archives can take before being deleted. (Copied verbatim from LogRotation.)

logging.logback.rollingpolicy.max-history

false

7

The maximum number of archive log files to keep. (Copied verbatim from LogRotation.)

tomcat.ajp.enabled

false

false

If set to true, this property enables the additional embedded tomcat ajp connector that is required by Apache HTTPd.

tomcat.ajp.port

false

8703

Specifies the port for the ajp connector. It is used only if tomcat.ajp.enabled is set to true.

tomcat.ajp.secret.required

false

false

If set to true, this property specified that an ajp secret is required by the ajp connector. It is used only if tomcat.ajp.enabled is set to true.

tomcat.ajp.secret

false

-

Specifies the ajp secret to be used by the ajp connector. It is used only if tomcat.ajp.enabled is set to true.

server.ssl.enabled

false

true

Aktiviert TLS für den CMP-Server

Enables TLS for CMP server

server.ssl.enabled-protocols

false

TLSv1.2

Define SSL enabled protocols

server.ssl.key-store

false

classpath:keystore.p12

Path to the server SSL keystore

server.ssl.key-store-type

false

PKCS12

Das Format des Keystores (siehe Parameter server.ssl.key-store)

The format used for the keystore. It could be set to JKS in case it is a JKS file

server.ssl.key-store-password

false

-

The password of the keystore (see parameter server.ssl.key-store).

server.ssl.key-alias

false

-

The alias of the keystore entry used

server.ssl.trust-store

false

-

The location of a truststore file containing trusted certificates that are used to verify all TLS connections that the application is initiating.

server.ssl.trust-store-type

false

JKS

The type of the truststore (see parameter server.ssl.trust-store).

server.ssl.trust-store-password

false

-

Trust store password (see parameter server.ssl.trust-store).

server.ssl.client-auth

false

need

SSL client authentication

clm.client.truststore.path

false

-

The location of a keystore file containing certificates that are used to verify the TLS connection to the RA. It can be left empty.

clm.client.truststore.password

false

-

The password protecting the truststore (see property clm.client.truststore.path). It can be left empty.

clm.client.truststore.type

false

JKS

The format of the truststore (see property clm.client.truststore.path). Valid values are JKS, JCEKS or PKCS12.

clm.client.tls.version

false

TLSv1.2

The version of the TLS protocol to use in the connection to the CLM. Valid values are TLSv1.2 or TLSv1.3. It can be left empty.

clm.client.timeout.seconds

false

120

An integer value specifying the seconds to timeout the connection to the CLM. It can be left empty.

openid.client.truststore.path

false

-

The location of a keystore file containing certificates that are used to verify the TLS connection to the Keycloak server. It can be left empty.

openid.client.truststore.password

false

-

The password protecting the truststore (see property openid.client.truststore.path). It can be left empty.

openid.client.truststore.type

false

JKS

The format of the truststore (see property openid.client.truststore.path). Valid values are JKS, JCEKS or PKCS12. It can be left empty.

openid.client.tls.version

false

TLSv1.2

The version of the TLS protocol to use in the connection to the Keycloak server. Valid values are TLSv1.2 or TLSv1.3. It can be left empty.

openid.client.timeout.seconds

false

120

An integer value specifying the seconds to timeout the connection to Keycloak server. It can be left empty.

clm.client.http.proxy.host

false

-

Specifies the host of the HTTP proxy server for the connection to CLM. It can be left empty.

clm.client.http.proxy.port

false

-

Specifies the port of the HTTP proxy server for the connection to CLM. It can be left empty.

openid.client.http.proxy.host

false

-

Specifies the host of the HTTP proxy server for the connection to the OpenID server. It can be left empty.

openid.client.http.proxy.port

false

-

Specifies the port of the HTTP proxy server for the connection to the OpenID server. It can be left empty.

management.elastic.metrics.export.enabled

false

-

If set to true then metrics are sent to an OpenSearch server. It can be left empty.

management.elastic.metrics.export.host

false

-

Specifies the URL where the OpenSearch server can be accessed. It can be left empty.

management.elastic.metrics.export.user-name

false

-

Specifies the user who has access to the OpenSearch server. It can be left empty.

management.elastic.metrics.export.password

false

-

Specifies the password of the user of the OpenSearch server. It can be left empty.

spring.profiles.include

false

-

If set to value json-file-logging, then it activates the additional logging of the log data in JSON format. This support the sending of the log data to an OpenSearch server. It should not be used, if this is not required.

tomcat.ssl-valve.enabled

false

-

If set to true, this property enables an HTTP-based connector, which can be used by Apache HTTPd for reverse proxying.

tomcat.ssl-valve.ssl-client-cert-header

x-ssl-client-cert

-

Specifies the name of the header in which the reverse proxy places the verified client certificate.