Environment Variables
To configure Connectware's system-wide settings, you must define environment variables before starting the system. The specific method for setting these variables depends on your deployment orchestration tool:
If you're using Docker Compose, you must define the variables in your
docker-compose.ymlconfiguration file.If you're deploying with Kubernetes, you must set the variables in your Kubernetes manifests.
Docker Compose
When using Docker Compose, we recommend that you define all environment variable values in a .env file located in the same directory as your docker-compose.yml file. Those two files are in your Connectware installation directory. If you have used the default values during installation, the installation directory is /opt/connectware.
Available exposed environment variables (.env)
.env)admin-web-app
CYBUS_NETWORK_MASK
172.30.0.0/24
AAA.BBB.CCC.DDD/XX
Network configuration used to manually set masks for the internal Connectware network.
auth-server
CYBUS_ADMIN_USER_ENABLED
172.30.0.0/24
true, false
Should the default ‘admin’ user be enabled?
CYBUS_AUTH_PASSWORD_POLICY_RULES
{“min”:5}
Password policy rules in JSON format.
CYBUS_INITIAL_ADMIN_USER_PASSWORD
YWRtaW4=
The initial password of ‘admin’ user, as base64-encoded value. It must comply with any password policy rules if there are some.
CYBUS_LDAP_ENABLED
false
true, false
Enable LDAP authentication.
CYBUS_LDAP_MODE
group
LDAP mode for authentication.
CYBUS_LDAPS_TRUST_ALL_CERTS
false
Trust all certificates for LDAPS (LDAP over SSL).
CYBUS_LDAP_BIND_DN
‘’
Distinguished Name (DN) for LDAP binding.
CYBUS_LDAP_BIND_PASSWORD
‘’
Password for LDAP binding.
CYBUS_LDAP_ROLES_ATTRIBUTE
employeeType
LDAP attribute to determine user roles.
CYBUS_LDAP_MEMBER_ATTRIBUTE
memberOf
LDAP attribute to determine group membership.
CYBUS_LDAP_SEARCH_BASE
‘’
LDAP search base for user authentication.
CYBUS_LDAP_SEARCH_FILTER
‘’
LDAP search filter for user authentication.
CYBUS_LDAP_URL
‘’
LDAP server URL for user authentication.
CYBUS_LDAP_USER_RDN
cn
LDAP user relative distinguished name.
CYBUS_LDAP_NEST_GROUP_SUPPORT
‘’
Support for nested LDAP groups.
CYBUS_LDAPS_CA_FILE
‘’
File path for LDAPS (LDAP over SSL) CA certificate.
CYBUS_LDAP_AUTO_ENFORCE_MFA
‘’
true, false
LDAP users get enforced to enroll MFA after first login
broker
CYBUS_BROKER_USE_MUTUAL_TLS
no
yes, no
Use mutual TLS for broker connections.
connectware
container-manager
CYBUS_REGISTRY_PASS
‘’
The password for connecting to the Cybus registry.
CYBUS_REGISTRY_USER
license
The username for connecting to the Cybus registry.
doc-server
ingress-controller
postgresql
protocol-mapper
service-manager
system-control-server
CYBUS_REGISTRY_PASS
‘’
The password for connecting to the Cybus registry.
CYBUS_PROXY
‘’
HTTP proxy server for network connections.
CYBUS_NO_PROXY
‘’
A comma separated list of hosts that should not be accessed via the proxy.
CYBUS_INGRESS_DNS_NAMES
Specifies all external hostnames that can be used to access Connectware, separated by commas.
workbench
CYBUS_WORKBENCH_PROJECTS_ENABLED
false
true, false
Whether projects are enabled in the Cybus Workbench.
CYBUS_PROXY
‘’
HTTP proxy server for network connections.
CYBUS_NO_PROXY
‘’
A list of hosts that should not be accessed via the proxy.
Available exposed environment variables (docker-compose.yml)
docker-compose.yml)The following environment variable settings are provided for advanced configuration and should typically not be modified unless you have a deep understanding of their implications. Incorrect changes to these variables can impact the stability and security of the system. Proceed with caution and only make changes if you are confident in their necessity and the potential consequences.
It is strongly recommended to consult Customer Success or follow the guidance provided in the documentation before altering any of these values. Modifying these settings without proper understanding can lead to unexpected behavior and may compromise the functionality of the system.
admin-web-app
CYBUS_ADMIN_WEB_APP_VRPC_TIMEOUT
6000
The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.
auth-server
broker
connectware
container-manager
CYBUS_CM_RPC_TIMEOUT
6000
The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.
CYBUS_SENSITIVE_ENVIRONMENT_VARIABLES
predefined list of sensitive vars
Specifies the environment variable names, as a comma-separated list, that must be hidden when container (core and service) data is sent to a client.
doc-server
ingress-controller
CYBUS_ALLOW_INSECURE_TLS_CIPHERS
false
true, false
Controls the use of insecure Transport Layer Security (TLS) cipher suites in Connectware. When set to false, Connectware enforces stronger encryption standards by disabling insecure cipher suites. When set to true, Connectware allows the use of insecure TLS cipher suites, which can reduce connection security.
nats
CYBUS_NATS_WRITE_DEADLINE
15s
Defines how long the NATS server maintains information about slow-running operations. Important: Do not specify values below the default value. Changing this variable may impact system stability.
postgresql
protocol-mapper
CYBUS_MQTT_SCHEME
mqtt
The scheme for MQTT communication.
CYBUS_MQTT_HOST
broker
The MQTT broker host.
CYBUS_MQTT_PORT
1883
The MQTT broker port.
CYBUS_MQTT_USERNAME
‘’
MQTT username for authentication.
CYBUS_PROTOCOL_MAPPER_PASSWORD
‘’
Password for the Protocol Mapper.
CYBUS_MQTT_TOPIC_MAX_DEPTH
20
Maximum depth for MQTT topics.
CYBUS_MQTT_DATA_HOST
‘’
MQTT data host.
CYBUS_MQTT_DATA_PORT
‘’
MQTT data port.
CYBUS_AUTH_SERVER_HOST
auth-server
The hostname of the Auth Server.
CYBUS_HTTP_PORT
443
The HTTP port.
CYBUS_HTTP_ROOT
/api
The root path for the HTTP server.
CYBUS_LOG_LEVEL
info
Log level for the Protocol Mapper.
CYBUS_LOG_DROP_MILLISECONDS
1000
Drop milliseconds for log entries.
CYBUS_PM_RPC_TIMEOUT
6000
The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.
CYBUS_STORAGE_DIR
/data
The directory for storing data.
CYBUS_NETWORK_BIND_ADDRESS
127.0.0.1
The network bind address.
CYBUS_AGENT_MODE
centralized
centralized, distributed
The mode of the agent (centralized or distributed).
CYBUS_AGENT_NAME
protocol-mapper
The name of the agent.
USE_MUTUAL_TLS
false
true, false
Whether to use mutual TLS for connections.
TRUST_ALL_CERTS
true
true, false
Whether to trust all certificates.
CYBUS_SERVICE_MANAGER_HOST
service-manager
The hostname of the Service Manager.
CYBUS_MAX_TRIES_TO_REACH_SERVICE_MANAGER
1500
0-N
The default setting of 1500 tries translates to 5 minutes of operation since each attempt includes a 200ms delay. In contrast, setting the value to “0” results in an indefinite number of retries.
CYBUS_HOSTNAME_INGRESS
see CYBUS_MQTT_HOST
See CYBUS_MQTT_HOST.
REDINESS_PROBE_PORT
9999
The port for readiness probes.
AGENT_KEY
/connectware/certs/client/tls.key
The TLS key for the agent.
AGENT_CERT
/connectware/certs/client/tls.crt
The TLS certificate for the agent.
CA
/connectware/certs/ca/ca-chain.pem
The CA certificate.
service-manager
CYBUS_SM_RPC_TIMEOUT
6000
The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.
system-control-server
CYBUS_SCS_RPC_TIMEOUT
6000
The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.
workbench
Kubernetes
When you're installing Connectware on Kubernetes, you must use the provided Helm Chart. This chart includes a values.yaml file that provides default configurations for the necessary settings. The only mandatory value that you must set is the licensekey of your Connectware license.
To understand all available configuration options:
The Helm Chart's
README.mdfile contains a summary of all configurable options.The
values.yamlfile contains detailed documentation for each property and instructions on how to use them.
While the Helm Chart provides many default settings, you may need to customize these based on your specific deployment requirements. Always review the documentation thoroughly to ensure you're configuring Connectware correctly for your Kubernetes environment.
Last updated
Was this helpful?