// Load base configuration.
ProjectConfig config = ConfigUtil.loadConfig("project.yml", null, ProjectConfig.class);
// Load local overrides.
config = ConfigUtil.loadConfig("project.local.yml", config, ProjectConfig.class);
This section describes all the configuration options of Gentics Portal | java.
The portal configuration is loaded from the config/server.yml file, which has to be a valid YAML file.
The default configuration is available at the end of this section.
There are default values for most entries but the following settings must be explicitly set for every project:
the Mesh project
the portal API key
the server URL, and
the Mesh API key
While it is advisable to manage the portal configuration for a project in a version control system, it is often necessary to overwrite some settings for a local development setup, or because of project staging.
All settings in config/server.local.yml will override (or extend) the values specified in the main configuration file. Note that list values, are not merged but completely overwritten.
Many settings can be overwritten by setting environment variables. What settings can be specified this way, and the names of the environment variables are listed in this table.
This section contains all available settings for Gentics Portal | java.
In the general section setting the meshProject
, portalAPIKey
and serverUrl
is mandatory, for
portal to start.
While configuring the startPage
is not mandatory, the portal cannot serve /
without the setting
(requests for valid paths will be fine).
Variable | Type | Default value | Description |
---|---|---|---|
|
String |
Mandatory |
Name of the Mesh project. |
|
URL |
Mandatory |
The URL used for link resolving. |
|
boolean |
Whether to automatically delete uploaded files when the request is handled. |
|
|
int |
0 (unlimited) |
The maximum number of breadcrumb entries displayed (beginning at the end). |
|
String |
Path to the cookie hint page. |
|
|
String |
en |
The default language the portal assumes when it cannot infer the desired language from the request. |
|
String |
null |
The name of the folder index template to use when listing contents of folders. If no template is specified, requesting a folder will result in a 404 response. |
|
String |
data/i18n |
Path to YAML resource bundles |
|
String |
null |
The implementation version of the branch to use. When this is null, branches are not restricted by implementation versions. |
|
String |
The license key |
|
|
String |
license.key |
Path to the license key file |
|
String |
null |
Prefix of schemas in Mesh, if different from the project name. When this is null, the name of the Mesh project is used as the prefix. When using the 'Project per Node' setting in Gentics CMS, make sure that the prefix is different from the projectname. |
|
int |
30 |
Timeout for network requests (in- and outbound) in seconds |
|
String |
data/queries |
Path to files containing graphql queries. |
|
String |
0.0.0.0 |
The host IP address the portal binds to. Note that by default the portal will bind to all interfaces. When a reverse proxy is used, it is advised to only bind to 127.0.0.1. |
|
int |
3000 |
The port the portal runs on. If this is different then the port in the serverUrl, a reverse proxy will be needed to resolve links correctly |
|
String |
Path to the start page. A path to any language is enough, language fallback will be done automatically. While not mandatory, the portal cannot serve the path / when this is not set correctly. |
|
|
String |
data/templates |
Path to handlebar templates. |
|
String |
data/uploads |
Path to a custom directories for temporary storing uploaded files. |
Note that authentication must be explicitly enabled by initializing an
implementation of AuthenticationBaseHandler
in the projects
BootstrapInitializer
(see also the
authentication documentation).
Variable | Type | Default value | Description |
---|---|---|---|
|
boolean |
false |
Flag to allow insecure SSL connections to the OAuth2 server. |
|
Keycloak specific authentication options |
||
|
String |
/auth/login |
Path to the API endpoint that can be called to start login procedure. |
|
Configuration for redirects after a successful login |
||
|
String |
/auth/logout |
Path to the API endpoint that can be called to start logout procedure. |
|
String |
/ |
Path to which the user will be redirected after logout. The default is to redirect to / |
|
List<EndpointOptions> |
List of endpoints that are protected. |
|
|
int |
-1 (session cookie) |
Maximum age of the authentication redirect cookie in seconds, or -1 for session cookies. |
|
Single sign out configuration |
||
|
boolean |
false |
Ignore the max age from original authentication cookies and create session cookies instead |
|
boolean |
false |
Whether to redirect anonymous requests to protected resources to the 401 error page |
Missing settings will be taken from the …/config/keycloak.json if it is available.
Variable | Type | Default value | Description |
---|---|---|---|
|
String |
Mandatory |
The client ID the portal should use |
|
String |
Mandatory |
The URL to the Keycloak realm this portal uses |
|
String |
/auth/callback |
The path to the OAuth2 callback endpoint |
|
String |
The client secret taken from the configuration of the Keycloak realm |
|
|
int |
If set to greater than zero, the Keycloak connection initialization will try to start again, if Keycloak server is unreachable. If zero, the portal is shut down. If less than zero, the old behavior (instant fail) is applied |
|
|
boolean |
false |
Whether the portal should redirect to Keycloaks "end_session_endpoint" on a logout request |
There are no mandatory fields, but endpoint definitions without any permissions, or an invalid
path (e.g. an *
that is not at the end of the path) will be ignored. See the detailed
authentication documentation for examples.
Variable | Type | Default value | Description |
---|---|---|---|
|
ALL, ANY |
ANY |
Mode for checking permissions. ALL means that user needs to have all roles, ANY means that user needs to have at least one role. |
|
String |
The path to protect. The path may end with an * to also catch paths which start with this value. |
|
|
List<String> |
List of required role names. |
All single sign out settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
List<String> |
List of all URLs of external portals |
|
|
String |
/auth/logoutAll |
Endpoint for starting single sign out. |
All caching settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
int |
86400 seconds (1 day) |
The max-age cache-control setting for binaries loaded from Mesh. |
|
List<String> |
Custom values from the routing context to be added to content cache keys. |
|
|
String |
config/cache.ccf |
Path of the JCS configuration file. |
|
String |
content |
Name of the disk cache region to be used for the caching handler. The in-memory cache solution will be used when no region name has been specified. |
|
boolean |
true |
Enable or disable caching. |
|
int |
60 |
The time after which elements in the cache expire when they are not accessed. |
|
int |
256 |
The maximum number of elements stored in a cache. |
All compatibility settings are disabled by default.
Variable | Type | Default value | Description |
---|---|---|---|
|
boolean |
true |
Whether the NodeResponse to GraphQL response mapper should be applied for previews. |
|
boolean |
false |
Whether to use preview modes for GCMS versions older than 5.34.x. |
All data provider options have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
Map<String, List<String>> |
Map of data keys → webroot paths of Mesh content to provide |
|
|
boolean |
false |
Flag to prevent startup of the portal in case of errors during loading the configured data. |
|
int |
60 |
Refresh interval in seconds. |
|
boolean |
true |
Flag to retry loading data in case of errors. |
|
Map<String, WebDataOptions> |
Map of data keys → web data to provide |
Variable | Type | Default value | Description |
---|---|---|---|
|
String |
Mandatory |
URL of the web page to load. |
|
JSON, RAW |
RAW |
Format of the loaded web page. RAW means the loaded data is interpreted as text. When the format is JSON, the loaded data will be parsed into a Vert.x JsonObject. |
|
Map<String, String> |
Options for the post processor. |
|
|
String |
null |
Fully qualified class name of an optional post processor implementation, which must implement the interface DataProviderPostProcessor. |
The apiKey
should be configured in a server.local.yml file, to prevent
storing the API key in a version control system.
Variable | Type | Default value | Description |
---|---|---|---|
|
String |
Mandatory |
API key for accessing Mesh as admin user. |
|
BOTH, COOKIE, HEADER |
Whether to send the API token via authentication header, cookie, or both (default: both) |
|
|
Set<String> |
Names of cookies which can be forwarded to Mesh by plugin proxy requests (default: forms-data, forms-voted). |
|
|
Eventbus Configuration |
||
|
String |
localhost |
Mesh host. |
|
int |
64 |
Set the maximum number of requests to execute concurrently. Above this requests queue in memory, waiting for the running calls to complete. |
|
int |
64 |
Set the maximum number of requests for each host to execute concurrently. Above this requests queue in memory, waiting for the running calls to complete. |
|
int |
8081 |
The port of the monitoring verticle. |
|
int |
8080 |
Mesh port. |
|
Set<String> |
Accept, Authorization, Content-Encoding, Content-Length, Content-Type, Cookie |
Whitelist for HTTP headers which may be forwarded to Mesh plugins. Note that the default values are always allowed and cannot be removed. |
|
List<String> |
(none) |
List of Mesh plugins which must be present for this portal |
|
boolean |
false |
Mesh SSL flag. |
|
int |
8192 |
Set the maximum number of bytes stored in the write queue when forwarding incoming requests to Mesh using the okHttp Client. |
All eventbus settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
int |
100 |
Eventbus ping interval in ms. |
|
int |
5000 |
Eventbus retry timeout in ms. |
All monitoring settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
boolean |
false |
Whether the portal state should change to NETWORK_ERROR as soon as a GraphQL request to Mesh fails with a network error. |
|
boolean |
false |
Whether the monitoring server should be enabled. |
|
String |
127.0.0.1 |
The host which is used for the monitoring server. |
|
boolean |
true |
Whether to ignore the Mesh ready status for the portal ready check. |
|
boolean |
false |
Whether JMX should be enabled |
|
String |
gpj.live |
Path to the file which tracks liveness of the portal |
|
int |
10 |
Set the interval in seconds for updating the modified time of the live file |
|
int |
10 |
Maximum number of timeouts of the MeshRestClient before conservativePortalState will cause a state change to NETWORK_ERROR. |
|
int |
3001 |
The port which is used for the monitoring server. |
|
OFF, ABORT, UNREADY |
ABORT |
How to handle failing start-up checks. |
All navigation settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
int |
unlimited |
The maximum number of displayed breadcrumb entries (set to 0 for unlimited) |
|
int |
15s |
The time in seconds after which elements in the navigation cache expire |
|
String |
navhidden |
The name of the field indicating that an element is not shown in the navigation |
|
String |
navsortorder |
The name of the field used for sorting elements |
While there are no mandatory redirect settings, it is highly recommended to at least define redirects for the HTTP status codes 404 Not Found and 500 Internal Server Error (and 403 Forbidden if authentication is enabled). Otherwise these errors will just result in an empty response.
Variable | Type | Default value | Description |
---|---|---|---|
|
Optional custom redirects. |
||
|
Map<String, String> |
Map of status pages. Keys are HTTP response status codes, and values are the webroot paths of the error respective pages. Language fallback will be done automatically. |
See the documentation for the custom redirects feature for
a detailed description about the source
and helperClass
settings.
Variable | Type | Default value | Description |
---|---|---|---|
|
String |
Mandatory |
Fully qualified class name of helper implementation, which must implement RedirectHelper. |
|
String |
Mandatory |
Source for custom redirects. Use prefix 'dataProvider:' to use data from the data provider. |
|
Map<String, String> |
Configuration options for helper class. |
|
|
boolean |
false |
Flag to use "301 Moved Permanently" responses instead of "303 See Other". |
|
boolean |
false |
Flag to reload the redirects source for every request. |
Variable | Type | Default value | Description |
---|---|---|---|
|
Map<String, String> |
No additional headers |
Additional HTTP headers added to each response |
|
Set<String> |
Empty (no IPs allowed) |
Allowed IPs which can access backend API endpoints of the portal |
|
String |
None |
The API key required by some backend API endpoints |
|
None, Strict, Lax |
STRICT |
The SameSite policy to use for cookies (NONE, LAX or STRICT) |
|
boolean |
false |
Whether to encrypt the authentication cookies |
|
DISABLED, PASSWORD_ONLY_KEY, AUTO_GENERATED_KEY |
DISABLED |
How keys for encryption are generated. DISABLED means no encryption, PASSWORD_ONLY_KEY uses the configured password, AUTO_GENERATED_KEY creates a secret key during portal startup. |
|
String |
(empty) |
The password to use for encryption. Only used when encryptionMode is set to PASSWORD_ONLY_KEY. |
|
boolean |
false |
Whether secure cookie names will be prefixed with "__Host-" |
All static handler settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
boolean |
false |
Flag to turn on caching of static files. |
|
long |
86400s (one day) |
Maximum age in seconds for caching of static files. |
|
String |
data/static |
Path to static files. |
All Vert.x settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
int |
Number of CPUs times two |
The thread pool size for standard verticles |
|
int |
20 |
The thread pool size for worker verticles |
All search handler settings have usable default values.
Variable | Type | Default value | Description |
---|---|---|---|
|
boolean |
false |
Whether the search handler should be used. |
|
String |
/search |
The endpoint for the search handler. Custom searches can be made by appending the custom query name as a path segment. |
|
String |
… |
The string to use for the ellipsis when there are more pages as can be displayed in the pagination. |
|
int |
6 |
The maximum number of links in the pagination. |
|
String |
> |
The string to use for the "next" link in the pagination. |
|
String |
< |
The string to use for the "previous" link in the pagination. |
|
int |
10 |
The number of hits returned in a single result page. This must be the same in the configuration of the search plugin, or the results will be undefined. |
|
String |
searchresults |
The name of the handlebars template to render results. May contain directory segments, and the .hbs extension is optional. |
The following environment variables can be used to override configuration settings.
Variable | Field | Description |
---|
There are two possibilities to provide project specific settings for a portal: loading a custom configuration file, or configuring a custom options map in the server.yml.
To avoid polluting the server configuration, this is the recommended way to load project specific settings.
Create a custom configuration class which extends com.gentics.mesh.portal.api.Config
(assume it is called ProjectConfig
)
Create a YAML file corresponding to your ProjectConfig
and place it in the config
directory of the portal (assume the file is called project.yml)
Load the custom configuration by calling ConfigUtil#loadConfig()
which will return an
instance of ProjectConfig
with the settings from project.yml.
Optionally call loadConfig()
again, with a local override file
// Load base configuration.
ProjectConfig config = ConfigUtil.loadConfig("project.yml", null, ProjectConfig.class);
// Load local overrides.
config = ConfigUtil.loadConfig("project.local.yml", config, ProjectConfig.class);
When the project specific configuration is very simple it might also suffice to use
ConfigUtil#loadJson(String filename)
to load a JSON file into a Vert.x JsonObject
.
Note that using a custom options map is not recommended.
The configMap
can hold a custom class with the specified values.
Variable | Type | Default value | Description |
---|---|---|---|
|
Map<String, Object> |
Map of custom configuration options. |
The following configuration will result in an entry customConfig
of type CustomConfig
where the String field setting1
has the value "value1"
:
customConfigMap:
configMap:
key1: !<com.gentics.mesh.portal.config.CustomConfig>
setting1: "value1"
This is the complete default configuration.
Using this file as is will not work, because the Mesh and Portal API keys, as well as the Mesh project and the server URL are missing. |
---
portalAPIKey: "64d751ed7fb844c1904169c0405e66b0"
meshProject: "demo"
serverUrl: "https://demo"
serverPort: 3000
serverHost: "0.0.0.0"
templatesPath: "data/templates"
queryPath: "data/queries"
i18nPath: "data/i18n"
breadcrumbsLevel: 0
startPage: ""
cookieHintPage: ""
autoDeleteUploads: false
uploadDir: "data/uploads"
licenseKeyPath: "license.key"
defaultLanguage: "en"
networkTimeout: 30
additionalResponseHeaders: {}
checkedQueries: []
mesh:
host: "localhost"
port: 8080
monitoringPort: 8081
ssl: false
apiKey: "3f2e001515f44e96b3a1b9c35e05af73"
requiredPlugins: []
networkTimeout: 30
proxyHeaderWhitelist:
- "Authorization"
- "Cookie"
- "Accept"
- "Content-Encoding"
- "Accept-Encoding"
- "Content-Length"
- "Content-Type"
maxRequests: 64
maxRequestsPerHost: 64
writeQueueMaxSize: 8192
cookieForwardWhitelist:
- "forms-voted"
- "forms-data"
authenticationMode: "BOTH"
webrootFieldAvailable: false
eventbus:
pingInterval: 100
retryTimeout: 5000
vertx:
workerPoolSize: 20
eventPoolSize: 64
developmentMode: false
dataProvider:
refreshTime: 60
preventStartupOnError: false
retryOnError: true
meshData: {}
webData: {}
mail:
hostname: "localhost"
port: 25
ssl: false
trustAll: false
maxPoolSize: 10
keepAlive: true
redirects:
statusPages: {}
security:
allowedIps: []
additionalResponseHeaders: {}
useHostCookiePrefix: false
encryptCookies: false
encryptionMode: "DISABLED"
cookieSameSitePolicy: "STRICT"
authentication:
loginEndpoint: "/auth/login"
logoutEndpoint: "/auth/logout"
insecureSsl: false
logoutRedirect: "/"
redirectCookieMaxAge: -1
useUnauthorizedRedirect: false
redirectCookieSameSiteStrict: true
useSessionCookies: false
maxTemporaryEntries: 0
protectedEndpoints: []
keycloak:
callbackPath: "/auth/callback"
rpInitiatedLogout: false
retryPeriodSeconds: 60
singleSignOut:
externalPortals: []
singleSignOutPath: "/auth/logoutAll"
loginRedirect:
path: "/auth/loggedin"
defaultRedirect: "/"
cmsPage: false
proxy:
active: false
customConfigMap:
configMap: {}
static:
path: "data/static"
caching: false
maxAge: 86400
navigation:
breadcrumbsLevel: 0
sortOrderField: "navsortorder"
hiddenField: "navhidden"
expireTime: 15
caching:
enabled: true
maximumSize: 256
expireTime: 60
customParameters: []
diskCacheConfig: "config/cache.ccf"
diskCacheRegionName: "content"
binaryMaxAge: 86400
monitoring:
enabled: false
ignoreMeshReady: true
jmxEnabled: false
port: 3001
host: "127.0.0.1"
conservativePortalState: false
maxTimeouts: 10
startupCheckMode: "ABORT"
livePath: "gpj.live"
liveUpdateInterval: 10
compatibility:
preview: false
mapNodeResponse: true
search:
enabled: false
template: "searchresults"
endpoint: "/search"
querySize: 10
paginationMaxPages: 6
paginationPrevious: "<"
paginationEllipsis: "..."
paginationNext: ">"