Environment Variables
To configure Connectware's system-wide settings, you must define environment variables before starting the system. The specific method for setting these variables depends on your deployment orchestration tool:
If you're using Docker Compose, you must define the variables in your
docker-compose.yml
configuration file.If you're deploying with Kubernetes, you must set the variables in your Kubernetes manifests.
Docker Compose
When using Docker Compose, we recommend that you define all environment variable values in a .env
file located in the same directory as your docker-compose.yml
file. Those two files are in your Connectware installation directory. If you have used the default values during installation, the installation directory is /opt/connectware
.
Available exposed environment variables (.env
)
.env
)Variable | Default Value | Choices | Description |
---|---|---|---|
admin-web-app | |||
| 172.30.0.0/24 | AAA.BBB.CCC.DDD/XX | Network configuration used to manually set masks for the internal Connectware network. |
auth-server | |||
| 172.30.0.0/24 | true, false | Should the default ‘admin’ user be enabled? |
| {“min”:5} | Password policy rules in JSON format. | |
| YWRtaW4= | The initial password of ‘admin’ user, as base64-encoded value. It must comply with any password policy rules if there are some. | |
| false | true, false | Enable LDAP authentication. |
| group | LDAP mode for authentication. | |
| false | Trust all certificates for LDAPS (LDAP over SSL). | |
| ‘’ | Distinguished Name (DN) for LDAP binding. | |
| ‘’ | Password for LDAP binding. | |
| employeeType | LDAP attribute to determine user roles. | |
| memberOf | LDAP attribute to determine group membership. | |
| ‘’ | LDAP search base for user authentication. | |
| ‘’ | LDAP search filter for user authentication. | |
| ‘’ | LDAP server URL for user authentication. | |
| cn | LDAP user relative distinguished name. | |
| ‘’ | Support for nested LDAP groups. | |
| ‘’ | File path for LDAPS (LDAP over SSL) CA certificate. | |
| ‘’ | true, false | LDAP users get enforced to enroll MFA after first login |
broker | |||
| no | yes, no | Use mutual TLS for broker connections. |
connectware | |||
container-manager | |||
| ‘’ | The password for connecting to the Cybus registry. | |
| license | The username for connecting to the Cybus registry. | |
doc-server | |||
ingress-controller | |||
postgresql | |||
protocol-mapper | |||
service-manager | |||
system-control-server | |||
| ‘’ | The password for connecting to the Cybus registry. | |
| ‘’ | HTTP proxy server for network connections. | |
| ‘’ | A comma separated list of hosts that should not be accessed via the proxy. | |
workbench | |||
| false | true, false | Whether projects are enabled in the Cybus Workbench. |
| ‘’ | HTTP proxy server for network connections. | |
| ‘’ | A list of hosts that should not be accessed via the proxy. |
Available exposed environment variables (docker-compose.yml
)
docker-compose.yml
)The following environment variable settings are provided for advanced configuration and should typically not be modified unless you have a deep understanding of their implications. Incorrect changes to these variables can impact the stability and security of the system. Proceed with caution and only make changes if you are confident in their necessity and the potential consequences.
It is strongly recommended to consult Customer Success or follow the guidance provided in the documentation before altering any of these values. Modifying these settings without proper understanding can lead to unexpected behavior and may compromise the functionality of the system.
Variable | Default | Choices | Description |
---|---|---|---|
admin-web-app | |||
| 6000 | The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios. | |
auth-server | |||
broker | |||
connectware | |||
container-manager | |||
| 6000 | The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios. | |
doc-server | |||
ingress-controller | |||
postgresql | |||
protocol-mapper | |||
| mqtt | The scheme for MQTT communication. | |
| broker | The MQTT broker host. | |
| 1883 | The MQTT broker port. | |
| ‘’ | MQTT username for authentication. | |
| ‘’ | Password for the Protocol Mapper. | |
| 20 | Maximum depth for MQTT topics. | |
| ‘’ | MQTT data host. | |
| ‘’ | MQTT data port. | |
| auth-server | The hostname of the Auth Server. | |
| 443 | The HTTP port. | |
| /api | The root path for the HTTP server. | |
| info | Log level for the Protocol Mapper. | |
| 1000 | Drop milliseconds for log entries. | |
| 6000 | The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios. | |
| /data | The directory for storing data. | |
| 127.0.0.1 | The network bind address. | |
| centralized | centralized, distributed | The mode of the agent (centralized or distributed). |
| protocol-mapper | The name of the agent. | |
| false | true, false | Whether to use mutual TLS for connections. |
| true | true, false | Whether to trust all certificates. |
| service-manager | The hostname of the Service Manager. | |
| 1500 | 0-N | The default setting of 1500 tries translates to 5 minutes of operation since each attempt includes a 200ms delay. In contrast, setting the value to “0” results in an indefinite number of retries. |
| see CYBUS_MQTT_HOST | See CYBUS_MQTT_HOST. | |
| 9999 | The port for readiness probes. | |
| /connectware/certs/client/tls.key | The TLS key for the agent. | |
| /connectware/certs/client/tls.crt | The TLS certificate for the agent. | |
| /connectware/certs/ca/ca-chain.pem | The CA certificate. | |
service-manager | |||
| 6000 | The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios. | |
system-control-server | |||
| 6000 | The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios. | |
workbench | |||
Kubernetes
When you're installing Connectware on Kubernetes, you must use the provided Helm Chart. This chart includes a values.yaml
file that provides default configurations for the necessary settings. The only mandatory value that you must set is the licensekey
of your Connectware license.
To understand all available configuration options:
The Helm Chart's
README.md
file contains a summary of all configurable options.The
values.yaml
file contains detailed documentation for each property and instructions on how to use them.
While the Helm Chart provides many default settings, you may need to customize these based on your specific deployment requirements. Always review the documentation thoroughly to ensure you're configuring Connectware correctly for your Kubernetes environment.
Last updated