LogoLogo
Contact Uscybus.io
Connectware 1.11.0
Connectware 1.11.0
  • Getting Started
    • Introduction
    • System Requirements
    • Connectware Admin UI
    • Basic Components of Connectware
    • Connecting your First Machine
      • Your First Service Commissioning File
  • Documentation
    • Installation and Upgrades
      • Installing Connectware
        • Installing Connectware (Kubernetes)
        • Installing Connectware (Docker)
      • Upgrading Connectware
        • Upgrading Connectware (Kubernetes)
          • Version-Specific Upgrades (Kubernetes)
        • Upgrading Connectware (Docker)
          • Version-Specific Upgrades (Docker)
      • Uninstalling Connectware
        • Uninstalling Connectware (Kubernetes)
        • Uninstalling Connectware (Docker)
      • Licensing
      • Restarting Connectware
    • User Management
      • Users and Roles View
      • Users
      • Roles
      • Permissions
      • Password Policy Rules
      • Default Admin User
      • MQTT Users
      • Adding a MQTT Publish Prefix for Users
      • Multi-Factor Authentication
      • Single Sign-On (SS0)
        • Single Sign-On with Microsoft Entra ID
        • Single Sign-On with LDAP
      • JSON Web Tokens
      • Access Permissions for Admin-UI
        • UI Access
        • Minimum Access Role Pages
    • Services
      • Service Overview
      • Service Resources View
        • Service Links View
        • Servers View
        • Containers View
        • Volumes View
        • Connections View
        • Endpoints View
        • Mappings View
      • Service Details View
      • Service Commissioning Files
        • Version
        • Description
        • Metadata
        • Parameters
        • Definitions
        • Resources
          • Cybus::Connection
          • Cybus::Container
            • Docker Problem with Network Changes
          • Cybus::Endpoint
          • Cybus::File
          • Cybus::IngressRoute
          • Cybus::Link
          • Cybus:Mapping
          • Cybus::Node
          • Cybus::Role
          • Cybus::Server
          • Cybus::User
          • Cybus::Volume
      • Setting Up and Configuring Services
        • Installing Services
        • Enabling Services
        • Updating Services
        • Disabling Services
        • Deleting Services
      • FlowSync
        • Example 1 - Node with Transaction Mode (HTTP)
        • Example 2 - Node Responds (HTTP)
        • Example 3 - Node with Error (HTTP)
        • Example 4 - Node with Timeout Error Code and Error Message (HTTP)
        • Example 5 - Full Transactional Data Flow (HTTP)
        • Example 6 - Full Transactional Data Flow (OPC UA)
      • ServiceID
      • Inter-Service Referencing
      • Deviations
      • Service Logs
        • Logs of Individual Services
        • Logs of All Services
      • Rule Engine
        • Data Processing Rules
        • Rule Sandbox
      • Shared Subscriptions
        • Setting Up Shared Subscriptions
    • Agents
      • Agents View
      • Installing Agents
        • Installing Agents via Docker
        • Installing Agents via Docker Compose
        • Installing Agents via Kubernetes
        • Using Mutual TLS for Agents
      • Registering Agents in Connectware
      • Using Agents
      • Monitoring Agents
      • Agents in Kubernetes
        • Adding Agents Inside your Connectware Installation
        • Remote Agents with the connectware-agent Helm Chart
        • Kubernetes Cluster Requirements for the connectware-agent Helm Chart
        • Installing Connectware Agents using the connectware-agent Helm Chart
        • Installing Connectware Agents without a License Key Using the connectware-agent Helm Chart
        • Upgrading the connectware-agent Helm Chart
        • Uninstalling Connectware agents with the connectware-agent Helm chart
        • Configuration Principles for the connectware-agent Helm Chart
        • Configuring Agents with the connectware-agent Helm Chart
          • Configuring Target Connectware for the connectware-agent Helm Chart
          • Configuring Agent Persistence for the connectware-agent Helm Chart
          • Configuring Compute Resources for the connectware-agent Helm Chart
          • Using a Custom Image Registry for the connectware-agent Helm Chart
          • Configuring Image Pull Policy for the connectware-agent Helm Chart
          • Using Mutual Transport Layer Security (mTLS) for agents with the connectware-agent Helm chart
          • Configuring image name and version for the connectware-agent Helm chart
          • Configuring Environment Variables for the connectware-agent Helm Chart
          • Configuring Labels and Annotations for the connectware-agent Helm Chart
          • Configuring podAntiAffinity for the connectware-agent Helm Chart
          • Assigning Agents to Kubernetes Nodes for the connectware-agent Helm Chart
          • Configuring Security Context for the connectware-agent Helm Chart
          • Controlling the Name of Kubernetes Objects for the connectware-agent Helm Chart
      • Troubleshooting Agents
    • Client Registry
      • Implicit Flow
      • Explicit Flow
      • Granting Access
    • Certificates
      • Certificates View
      • Adding Certificates
      • Removing Certificates
    • Monitoring
      • Data Explorer
      • Live Data
    • Node-RED Workbench
    • System Status
      • Info
      • Metrics
      • Status
      • Retrieving More System Information
      • System Health
    • Backup and Restore
      • Volumes
      • User Database
    • CybusMQ
      • Configuring CybusMQ
    • Connectware on Kubernetes
      • Connectware Helm Chart
      • Resizing Broker Volumes in Kubernetes
      • Configuring Core Services
      • LDAP Authentication
        • Configuring LDAP Authentication
        • Enabling TLS for LDAP Authentication
        • Manual Kubernetes Secret for LDAP Authentication Bind User
        • Customizing the Search Filter for LDAP Authentication
        • Customizing the User RDN for LDAP Authentication
      • Troubleshooting Connectware on Kubernetes
    • Environment Variables
    • Industry Protocol Details
      • ADS
        • ADS Connection Properties
        • ADS Endpoint Properties
      • BACnet
        • BACnet Connection Properties
        • BACnet Endpoint Properties
      • Custom Connectors
        • Developing Custom Connectors
        • Deploying Custom Connectors
        • Using Custom Connectors
      • EtherNet/IP
        • EtherNet/Ip Connection Properties
        • EtherNet/Ip Endpoint Properties
      • FOCAS
        • FOCAS Connection Properties
        • FOCAS Endpoint Properties
      • Hottinger Baldwin Messtechnik (HBM)
        • HBM Connection Properties
        • HBM Endpoint Properties
      • Heidenhain DNC
        • Heidenhain DNC Connection Properties
        • Heidenhain DNC Endpoint Properties
      • HTTP/REST
        • HTTP/REST Connection Properties
        • HTTP/REST Endpoint Properties
      • HTTP Server/Node
        • HTTP Server Properties
        • HTTP Node Properties
      • InfluxDB
        • InfluxDB Connection Properties
        • InfluxDB Endpoint Properties
      • Kafka
        • Kafka Connection Properties
        • Kafka Endpoint Properties
      • Modbus/TCP
        • Modbus/TCP Connection Properties
        • Modbus/TCP Endpoint Properties
      • MQTT
        • MQTT Connection Properties
        • MQTT Endpoint Properties
      • MSSQL
        • Mssql Connection Properties
        • Mssql Endpoint Properties
      • OPC DA
        • OPC DA Connection Properties
        • OPC DA Endpoint Properties
      • OPC UA
        • OPC UA Client
          • OPC UA Client Connection Properties
          • OPC UA Client Endpoint Properties
        • OPC UA Server
          • OPC UA Server Properties
          • OPC UA Node Properties
        • OPC UA Object Types
        • OPC UA Server References
          • OPC UA Reference Node
          • OPC UA Object Node
      • Siemens SIMATIC S7
        • Siemens S7 Connection Properties
        • Siemens S7 Endpoint Properties
      • Shdr
        • Shdr Connection Properties
        • Shdr Endpoint Properties
      • SINUMERIK
        • SINUMERIK Connection Properties
        • SINUMERIK Endpoint Properties
      • SOPAS
        • SOPAS Connection Properties
        • SOPAS Endpoint Properties
      • SQL
        • SQL Connection Properties
        • SQL Endpoint Properties
      • Werma WIN Ethernet
        • Werma WIN Ethernet Connection Properties
        • Werma WIN Ethernet Endpoint Properties
      • Systemstate
        • Systemstate Endpoint Properties
    • API Reference
      • User Management (API)
      • Client Registry (API)
      • Services (API)
      • Resources (API)
      • System Status (API)
      • Resource Status Tracking (HTTP API)
      • Industry Protocol Details (API)
    • Changelog
Powered by GitBook
LogoLogo

Cybus

  • Terms and Condition
  • Imprint
  • Data Privacy

© Copyright 2025, Cybus GmbH

On this page
  • Docker Compose
  • Available exposed environment variables (.env)
  • Available exposed environment variables (docker-compose.yml)
  • Kubernetes

Was this helpful?

  1. Documentation

Environment Variables

To configure Connectware's system-wide settings, you must define environment variables before starting the system. The specific method for setting these variables depends on your deployment orchestration tool:

  • If you're using Docker Compose, you must define the variables in your docker-compose.yml configuration file.

  • If you're deploying with Kubernetes, you must set the variables in your Kubernetes manifests.

Docker Compose

When using Docker Compose, we recommend that you define all environment variable values in a .env file located in the same directory as your docker-compose.yml file. Those two files are in your Connectware installation directory. If you have used the default values during installation, the installation directory is /opt/connectware.

Available exposed environment variables (.env)

Variable
Default Value
Choices
Description

admin-web-app

CYBUS_NETWORK_MASK

172.30.0.0/24

AAA.BBB.CCC.DDD/XX

Network configuration used to manually set masks for the internal Connectware network.

auth-server

CYBUS_ADMIN_USER_ENABLED

172.30.0.0/24

true, false

Should the default ‘admin’ user be enabled?

CYBUS_AUTH_PASSWORD_POLICY_RULES

{“min”:5}

Password policy rules in JSON format.

CYBUS_INITIAL_ADMIN_USER_PASSWORD

YWRtaW4=

The initial password of ‘admin’ user, as base64-encoded value. It must comply with any password policy rules if there are some.

CYBUS_LDAP_ENABLED

false

true, false

Enable LDAP authentication.

CYBUS_LDAP_MODE

group

LDAP mode for authentication.

CYBUS_LDAPS_TRUST_ALL_CERTS

false

Trust all certificates for LDAPS (LDAP over SSL).

CYBUS_LDAP_BIND_DN

‘’

Distinguished Name (DN) for LDAP binding.

CYBUS_LDAP_BIND_PASSWORD

‘’

Password for LDAP binding.

CYBUS_LDAP_ROLES_ATTRIBUTE

employeeType

LDAP attribute to determine user roles.

CYBUS_LDAP_MEMBER_ATTRIBUTE

memberOf

LDAP attribute to determine group membership.

CYBUS_LDAP_SEARCH_BASE

‘’

LDAP search base for user authentication.

CYBUS_LDAP_SEARCH_FILTER

‘’

LDAP search filter for user authentication.

CYBUS_LDAP_URL

‘’

LDAP server URL for user authentication.

CYBUS_LDAP_USER_RDN

cn

LDAP user relative distinguished name.

CYBUS_LDAP_NEST_GROUP_SUPPORT

‘’

Support for nested LDAP groups.

CYBUS_LDAPS_CA_FILE

‘’

File path for LDAPS (LDAP over SSL) CA certificate.

CYBUS_LDAP_AUTO_ENFORCE_MFA

‘’

true, false

LDAP users get enforced to enroll MFA after first login

broker

CYBUS_BROKER_USE_MUTUAL_TLS

no

yes, no

Use mutual TLS for broker connections.

connectware

container-manager

CYBUS_REGISTRY_PASS

‘’

The password for connecting to the Cybus registry.

CYBUS_REGISTRY_USER

license

The username for connecting to the Cybus registry.

doc-server

ingress-controller

postgresql

protocol-mapper

service-manager

system-control-server

CYBUS_REGISTRY_PASS

‘’

The password for connecting to the Cybus registry.

CYBUS_PROXY

‘’

HTTP proxy server for network connections.

CYBUS_NO_PROXY

‘’

A comma separated list of hosts that should not be accessed via the proxy.

CYBUS_INGRESS_DNS_NAMES

Specifies all external hostnames that can be used to access Connectware, separated by commas.

workbench

CYBUS_WORKBENCH_PROJECTS_ENABLED

false

true, false

Whether projects are enabled in the Cybus Workbench.

CYBUS_PROXY

‘’

HTTP proxy server for network connections.

CYBUS_NO_PROXY

‘’

A list of hosts that should not be accessed via the proxy.

Available exposed environment variables (docker-compose.yml)

The following environment variable settings are provided for advanced configuration and should typically not be modified unless you have a deep understanding of their implications. Incorrect changes to these variables can impact the stability and security of the system. Proceed with caution and only make changes if you are confident in their necessity and the potential consequences.

It is strongly recommended to consult Customer Success or follow the guidance provided in the documentation before altering any of these values. Modifying these settings without proper understanding can lead to unexpected behavior and may compromise the functionality of the system.

Variable
Default
Choices
Description

admin-web-app

CYBUS_ADMIN_WEB_APP_VRPC_TIMEOUT

6000

The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.

auth-server

broker

connectware

container-manager

CYBUS_CM_RPC_TIMEOUT

6000

The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.

CYBUS_SENSITIVE_ENVIRONMENT_VARIABLES

predefined list of sensitive vars

Specifies the environment variable names, as a comma-separated list, that must be hidden when container (core and service) data is sent to a client.

doc-server

ingress-controller

CYBUS_ALLOW_INSECURE_TLS_CIPHERS

false

true, false

Controls the use of insecure Transport Layer Security (TLS) cipher suites in Connectware. When set to false, Connectware enforces stronger encryption standards by disabling insecure cipher suites. When set to true, Connectware allows the use of insecure TLS cipher suites, which can reduce connection security.

nats

CYBUS_NATS_WRITE_DEADLINE

15s

Defines how long the NATS server maintains information about slow-running operations. Important: Do not specify values below the default value. Changing this variable may impact system stability.

postgresql

protocol-mapper

CYBUS_MQTT_SCHEME

mqtt

The scheme for MQTT communication.

CYBUS_MQTT_HOST

broker

The MQTT broker host.

CYBUS_MQTT_PORT

1883

The MQTT broker port.

CYBUS_MQTT_USERNAME

‘’

MQTT username for authentication.

CYBUS_PROTOCOL_MAPPER_PASSWORD

‘’

Password for the Protocol Mapper.

CYBUS_MQTT_TOPIC_MAX_DEPTH

20

Maximum depth for MQTT topics.

CYBUS_MQTT_DATA_HOST

‘’

MQTT data host.

CYBUS_MQTT_DATA_PORT

‘’

MQTT data port.

CYBUS_AUTH_SERVER_HOST

auth-server

The hostname of the Auth Server.

CYBUS_HTTP_PORT

443

The HTTP port.

CYBUS_HTTP_ROOT

/api

The root path for the HTTP server.

CYBUS_LOG_LEVEL

info

Log level for the Protocol Mapper.

CYBUS_LOG_DROP_MILLISECONDS

1000

Drop milliseconds for log entries.

CYBUS_PM_RPC_TIMEOUT

6000

The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.

CYBUS_STORAGE_DIR

/data

The directory for storing data.

CYBUS_NETWORK_BIND_ADDRESS

127.0.0.1

The network bind address.

CYBUS_AGENT_MODE

centralized

centralized, distributed

The mode of the agent (centralized or distributed).

CYBUS_AGENT_NAME

protocol-mapper

The name of the agent.

USE_MUTUAL_TLS

false

true, false

Whether to use mutual TLS for connections.

TRUST_ALL_CERTS

true

true, false

Whether to trust all certificates.

CYBUS_SERVICE_MANAGER_HOST

service-manager

The hostname of the Service Manager.

CYBUS_MAX_TRIES_TO_REACH_SERVICE_MANAGER

1500

0-N

The default setting of 1500 tries translates to 5 minutes of operation since each attempt includes a 200ms delay. In contrast, setting the value to “0” results in an indefinite number of retries.

CYBUS_HOSTNAME_INGRESS

see CYBUS_MQTT_HOST

See CYBUS_MQTT_HOST.

REDINESS_PROBE_PORT

9999

The port for readiness probes.

AGENT_KEY

/connectware/certs/client/tls.key

The TLS key for the agent.

AGENT_CERT

/connectware/certs/client/tls.crt

The TLS certificate for the agent.

CA

/connectware/certs/ca/ca-chain.pem

The CA certificate.

service-manager

CYBUS_SM_RPC_TIMEOUT

6000

The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.

system-control-server

CYBUS_SCS_RPC_TIMEOUT

6000

The RPC timeout used for inter-service communications. Useful for configuring higher values for some high load scenarios.

workbench

Kubernetes

When you're installing Connectware on Kubernetes, you must use the provided Helm Chart. This chart includes a values.yaml file that provides default configurations for the necessary settings. The only mandatory value that you must set is the licensekey of your Connectware license.

To understand all available configuration options:

  1. The Helm Chart's README.md file contains a summary of all configurable options.

  2. The values.yaml file contains detailed documentation for each property and instructions on how to use them.

While the Helm Chart provides many default settings, you may need to customize these based on your specific deployment requirements. Always review the documentation thoroughly to ensure you're configuring Connectware correctly for your Kubernetes environment.

PreviousTroubleshooting Connectware on KubernetesNextIndustry Protocol Details

Last updated 2 months ago

Was this helpful?