close

Filter

loading table of contents...

Deployment Manual / Version 2412.0

Table Of Contents

3.2.1 General Content Server Properties

cap.server.allow-synthetic-replay
Type Boolean
Default true
Description

Whether it is allowed for clients to request a synthetic replay of the content repository, for example using the constant Timestamp.SYNTHETIC_REPLAY Unified API. This is a very expensive operation that is rarely used except when setting up a Replication Live Server from scratch.

cap.server.base-dir
Type String
Default user.dir
Description

Used as base directory for handling relative file-paths in the content-server configuration. Defaults to the value of system-property user.dir.

cap.server.blob-channel-timeout
Type Duration
Default 1m
Description

This property sets the timeout duration for streaming blobs to and from the database. (Default unit is seconds) In general, you don't have to change the default value. It is provided for exceptional cases, when the connection to the database is unreliable.

cap.server.blob-md5-permission-check
Type Boolean
Default true
Description

Blob access by clients is protected against URL guessing. If you want to use clients from releases < CMCC 2110 with content servers of CMCC 2110 or newer, you must set this flag to false for the new content servers.

cap.server.blob-url-pattern
Type String
Default https?:.*
Description

A regular expression that must match the entire URL string for URL blobs, that is, blobs that are only referenced by their URL in the content repository and are resolved at the client side on access. Using URL blobs can significantly reduce the storage requirements of the Content Server. The pattern must match the entire URL string, starting with the protocol. Before matching, the path component of the URL is normalized according to java.net.URI#normalize() where applicable. URLs with the schemes s3: and classpath: are not normalized.

By default, only http: and https: URLs are allowed. Allowing too many URLs may cause security problems. For example, allowing file:.* would also grant access to all configuration files. Instead, a single path like file:///share/blobData/.* should be sufficient in most cases. Alternative patterns can be given according to the Java regular expression syntax as implemented by java.util.regex.Pattern: file:///share/blobData/.*|http://blobstorage.internal/.*

cap.server.blobstore.s3.bucketname
Type String
Description

The name of the S3 bucket that is used to store blobs. If this property is not specified, the S3 media store is not enabled.

cap.server.blobstore.s3.encryption-mode
Type String
Description

The server side encryption mode to use for storing blobs in S3. Only valid for the enhanced S3 store implementation. If not set, the default encryption mode of the bucket is used. Valid values are AES256, aws_kms and aws_kms_dsse.

cap.server.blobstore.s3.enhanced
Type Boolean
Default false
Description

Flag indicating whether to use an enhanced store implementation for S3 operations. If not set or set to false, the legacy S3 store without the possibility to configure additional properties like path style URLs and encryption settings is used.

cap.server.blobstore.s3.force-path-style
Type Boolean
Default false
Description

Flag indicating whether to use path style URLs for S3 requests. Only valid for the enhanced S3 store implementation. If set to true, legacy path style URLs are used for all requests. If not set or set to false, virtual host style URLs are used, which is the AWS recommended way to access S3 buckets.

cap.server.blobstore.s3.rootdir
Type String
Description

The name of an S3 path prefix, used to disambiguate multiple media stores in one S3 bucket. If possible, it is recommended to use separate buckets instead, improving performance by avoiding constant path prefixes.

cap.server.blobstore.s3.tags
Type Map<String,String>
Description

A map of additional tags to apply to all objects stored in the S3 bucket. Only valid for the enhanced S3 store implementation.

cap.server.cache.group-cache-size
Type Integer
Default 500
Description

This property defines the size of the group cache. It limits the maximum number of groups which can be found in one search for groups by CMS clients. Set the property so that all groups connected to rights can be cached in memory.

cap.server.cache.group-cache-status-interval
Type Duration
Default 0
Description

The duration between two log messages reporting the current state of the group cache. (Default unit is seconds)

The minimum value is 10 seconds, the maximum value is 1 hour.

cap.server.cache.member-folder-rights-cache-size
Type Integer
Default 1000
Description

This property defines the size of the folder-specific rights cache. This cache stores the results of right calculations per folder and member, aggregating the results for all content types. This cache might help custom code using APIs other than the Unified API. Change this setting only if you observe the method getRights(MemberKey) in thread dumps of a slow Content Server.

cap.server.cache.resource-cache-size
Type Integer
Default 60000
Description

The capacity of the resource cache of the Content Server; the maximum value is 1000000, the minimum value is 100. This property defines the resource cache size, that is, the number of resources the server holds in memory. This value should sometimes be adapted to the increasing number of resources in the actual working set. If the value is too small, the server does not perform well. One resource needs about 2kB of heap space.

cap.server.cache.resource-cache-status-interval
Type Duration
Default 5m
Description

The duration between two log messages reporting the current state of the resource cache. (Default unit is seconds)

The minimum value is 10 seconds, the maximum value is 1 hour.

cap.server.cache.rights-cache-size
Type Integer
Default 3000
Description

This property defines the size of the rights cache. This cache stores the results of right calculations per resource, content type and member. If you have lots of different resources, content types and users you might need to adapt the value of the property. Check the proper size of the cache by examining the cache misses and faults in the log. To activate the log output of the rights cache set the cap.server.cache.rights-cache-status-interval property to a value larger than zero.

cap.server.cache.rights-cache-status-interval
Type Duration
Default 0
Description

This property defines the interval at which log output of the rights cache is written. (Default unit is seconds)

"0" means, that no log output is written.

cap.server.cache.user-cache-size
Type Integer
Default 500
Description

This property defines the size of the user cache. It limits the maximum number of users which can be found in one search for users by CMS clients. Set the property to the size of the largest user search you want to perform, or the number of concurrently working users, whichever is greater.

cap.server.cache.user-cache-status-interval
Type Duration
Default 0
Description

The duration between two log messages reporting the current state of the user cache. (Default unit is seconds)

The minimum value is 10 seconds, the maximum value is 1 hour.

cap.server.check-unique-db-access
Type Boolean
Default true
Description

This property determines whether to check for another server that is running concurrently on the same database on server startup.

cap.server.document-types
Type List<String>
Default classpath*:framework/doctypes/**/*.xml
Description

This property defines where the server finds the XML file(s) containing the content type definitions.

The pattern supports resources from classpath or the filesystem. Relative file-paths are resolved against cap.server.base-dir).

Examples:

 classpath*:/framework/doctypes/**/*.xml (Default), file:///coremedia/doctypes/**/*.xml, config/contentserver/doctypes/**/*.xml 
cap.server.encrypt-passwords-key-file
Type String
Description

The location of the key generated by cm encryptpasswords (absolute or relative to cap.server.base-dir). If empty, defaults to etc/keys/DATABASE_NAME.DATABASE_USER.rijndael

cap.server.http-port
Type Integer
Default 0
Description

Defines the HTTP(S) port of the application container containing the Content Server. The entry /Server/Service/Connector@port in server.xml has to have the same value as this property.

cap.server.init-runlevel
Type String
Default online
Description

The initial runlevel that the server will try to reach on startup. Possible runlevels are: online, administration, maintenance. This property does not override the default behavior of the Replication Live Server for the initial replication.

cap.server.initial-password
Type Map<String,String>
Description

The initial password to set for the default user with the indicated name. This password is set when the server is started for the first time. You can change the passwords later on at any time.

cap.server.license
Type String
Default license.zip
Description

Defines where the server finds the license file (url or file-path absolute or relative to cap.server.base-dir).

cap.server.login-service-webserver-privileged
Type Boolean
Default false
Description

This property specifies whether client connections of the login service 'webserver' are privileged and may log in as different users without further authentication. The default is false. It may be set to true to make the 'webserver' login service a privileged service as it was the case in releases before 1907.

cap.server.login.authentication
Type String
Default classpath:coremedia-jaas.conf
Description

Defines where the server finds the JAAS login configuration file (url or file-path absolute or relative to cap.server.base-dir). Will be set on the java.security.auth.login.config System property (in case of a URL, a temporary file is created).

cap.server.login.bouncers
Type String
Description

This property points to the optional login bouncer configuration file (absolute or relative to cap.server.base-dir). A login bouncer can grant or deny access to the Content Server based on the characteristics of the user and the set of currently logged in users.

cap.server.login.password-hash-algorithm
Type String
Default bcrypt:10
Description

A specification of the hash algorithm used for storing passwords.

Allowed values are md5 for MD5-based password hashing and bcrypt:N with N being an integer between 4 and 30 (inclusive) for bcrypt-based password hashing. In the latter case N denotes the work factor which should adapted to the available CPU resources. This parameter applies to passwords of users defined in the built-in user repository of the Content Server, only.

The value md5 is discouraged, because it makes brute-force attacks on passwords of low and medium strength possible. It should only be used if passwords need to be changed by clients (Studio, cm changepassword) that have not been updated to a CMS release that supports configurable password hashing.

Old clients can login even after a password change without any restrictions. After changing this property, it is recommended to update the passwords of all users to ensure that all hashes have been computed according to the desired algorithm.

cap.server.maximum-startup-delay
Type Integer
Default 120
Description

Configured maximum time for Content Server startup in seconds

This is the maximum time the startup of the server's Spring-Boot component is delayed if the configured initial runlevel has not been reached. After this timeout expires or the initial runlevel is reached the following things will happen:

  • The Spring-Boot component will resume its startup and open the web application and actuator ports.

  • The server will listen to 'health', 'liveness' and 'readiness' actuator requests. However, the 'health' and 'readiness' probes will block until the initial runlevel is reached.

  • The server will serve the CORBA IOR via the IOR-Servlet. As the server may not be fully initialized yet, clients should not connect to the server before the 'readiness' probe returns a positive result.

As it is possible that the server is not fully initialized after this timeout expires, e.g. when running a database schema upgrade, it is recommended to delay the startup of dependent services until the 'health' or 'readiness' probes return a positive result. Additionally, health checks for the server are best based on the 'liveness' probe but must take the configured startup delay into account as the server may be unresponsive for this time.

cap.server.multiple-live-servers
Type Boolean
Default false
Description

This property defines whether the server publishes to multiple live servers. Note that this flag cannot be easily changed after the first start of the Content Management Server.

cap.server.naming-policy-allow-at
Type Boolean
Default false
Description

Allow '@' in member names (may cause confusion with user domains)

cap.server.persistent-property-writers
Type List<String>
Default *
Description

A list of names of groups that may write or delete persistent properties. The magic group "*" grants rights to all users. This is the default for compatibility reasons. Connections using the publisher and replicator login service are always allowed to write persistent properties.

cap.server.repository-home
Type String
Default /Home
Description

Defines the folder which will be used to store the home folders of the users. The whole folder hierarchy of the home folders is only visible to the administrator. Other user will only see one home folder with the path defined in cap.server.repository-home containing his personal files, such as the preferences. The default folder is /Home which will be automatically created by the system. If you define another folder, you need to create this folder by your own.

cap.server.repository-system
Type String
Default /System
Description

Defines the system folder. It contains for example the public dictionary of the spell checker. The default folder is /System which will be automatically created by the system. If you define another folder, you need to create this folder by your own.

cap.server.search.enable
Type Boolean
Default false
Description

If true full text search is enabled.

cap.server.session-ping-interval
Type Duration
Default 1m
Description

The maximum duration that a ping is delayed when there are no available events. (Default unit is seconds)

The session ping interval must not be less than 10 seconds to avoid possible session loss and ping flooding and not more than half an hour so that dead sessions are detected after an hour.

cap.server.termination-timeout-seconds
Type Duration
Default 30s
Description

Timeout for waiting on running threads on shutdown

cap.server.unique-db-access-write-interval
Type Duration
Default 0
Description

If unique DB access is checked and if this property is positive, this property determines the duration between two writes of the current timestamp to the database to indicate the liveliness of the server. (Default unit is seconds) If 0 or negative the server neither writes a timestamp regularly nor expects a timestamp to be written.

cap.server.use-strict-workflow
Type Boolean
Default false
Description

This property enforces the strict workflow mode. That is, the approver of a resource must be different from the editor. This is checked independently of the workflow engine, and should only be used in cases where a custom workflow definition is not an option.

cap.server.userproviders
Type List<hox.​corem.​server.​ServerConfigurationProperties$Userproviders>
Description

Configurations for UserProviders

For details see hox.corem.server.ServerConfigurationProperties.Userproviders.

Table 3.7. Content Server Properties


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.