Top.Mail.Ru
System Configuration Files
CTRL+K

System Configuration Files

In this article

Some system settings can be modified through configuration files or environment variables, depending on the operating system:

  • Windows: changes are made in configuration files
  • Linux: settings are configured via environment variables when running the Docker container

Below is a list of the main configuration files and parameters and environment variables that can be modified. Note that some environment variables are not associated with specific configuration files.

An example of passing a parameter on Linux:

-e JVM_MAX_MEMORY='4G'

Configuration Files

Below are the main configuration files and parameters that can be changed, along with their corresponding environment variables (if available).

com.operavix.subsystem.frontend.json

ParameterEnvironment VariableDescription
"protocol"Web interface protocol — HTTP or HTTPS
"port"Port on which the web interface will operate
"ssl_cert_store"Path to the PFX file containing the certificate and private key for HTTPS. Supported formats: JKS, PKCS#12

Backslashes must be escaped with an additional backslash
"ssl_cert_store_password"Password for the PFX file

To specify an empty password, enter the following: ""
"trust_store"Full path to the trusted certificates store. Supported formats: JKS, PKCS#12
"trust_store_password"Password for the trusted certificates store

If the certificate store and trust store passwords match, this field can be left empty
"crl"Full path to the certificate revocation list (optional)
"url"FE_URLOperavix server address

Must be specified fully, including protocol and port

Used by the system to generate all inbound links. For example, based on this parameter, links in email messages for password reset and invitations are created
"service_mode"FE_SERVICE_MODEEnables or disables service mode

Disabled by default. To enable, set to true

See Working with the System for details
"service_mode_message"FE_SERVICE_MODE_MESSAGEMessage displayed to users on the login page when service mode is enabled

Markdown formatting is supported
"session_timeout"FE_SESSION_TIMEOUTUser session lifetime

By default, inactive session duration is 7 days

Can be specified in hours (h) or days (d)
"support_iframe"Allows embedding the Operavix interface into an iframe on a third-party website

To enable, set to true (the default is false)
"web_dir"Path to the web interface files relative to the Operavix working directory
"add_exclude_cipher_suites"Excluded encryption algorithms
"host"Network interface on which the system is accessible

Default is 0.0.0.0 (available on all interfaces). If set to 127.0.0.1, access is limited to localhost only
"add_exclude_protocols"Excluded SSL connection protocols
"request_timeout"Amount of time for HTTP request timeout
"temp_dir"Web server temporary files directory relative to the Operavix working directory
"disable_websocket"Disables or enables WebSocket functionality (subscriptions) for the web server

Enabled by default (false)
"use_unsupported_applications"Enables working with Operavix in Internet Explorer

To enable, set to true

Default is false — Operavix unavailable in IE
"prometheus"FE_PROMETHEUSEnables Prometheus metrics collection and exposure

To enable, set to true

Default is false — metrics collection is disabled
"cors_policy"FE_CORS_POLICYConfigures CORS for cross-origin data exchange

Set to * to allow cross-origin requests from any site. To restrict access, list allowed URLs separated by commas, e.g., ["https://operavix.com", "https://example.com"] on Windows or "https://operavix.com , https://example.com" on Linux

Wildcard support for subdomains: ["https://(.*).operavix.com"] (Windows), "https://(.*).operavix.com" (Linux)

"graphql_disable"FE_GRAPHQL_DISABLEDisables the ability to run GraphQL queries
"graphql_introspection_disabled"FE_GRAPHQL_INTROSPECTION_DISABLEEnables GraphQL introspection

To enable, set to false

Default is true — introspection is disabled

com.operavix.subsystem.core.json

ParameterEnvironment VariableDescription
"reset_count_invalid_logon_duration"Period after which failed login attempts are reset

Can be specified in days, hours, minutes, or seconds
"restorelink_timeout"Password recovery link lifetime

Default is 24 hours

Can be specified in days, hours, minutes, or seconds
"secret_key_path"Path to the secret key (relative to the Operavix working directory) used to encrypt sensitive data
"logon_type"Authentication method via built-in authentication

Use login for login-based authentication, email for email-based authentication
"system_notification_message"CR_NOTIFICATION_MESSAGEConfigures the informational message displayed after system update

Any text can be entered and will appear in the notification window

If the parameter value is empty or the attribute is missing, the notification is considered disabled and will not be shown

See System Setup for details
"employee_tree_depth"Sets the number of employees displayed in the list before Show more

Range: 1–100. Default is 20. Change manually if required

If the module configuration file is deleted and the service restarted, the value resets to default
"auth_without_role"CR_AUTH_WITHOUT_ROLEControls authentication without access roles

If the value is empty or set to true (default), authentication without roles is allowed. If false, at least one access role is required for authentication (the role without privileges may be used)

"open_org_structure"CR_OPEN_ORG_STRUCTURESwitches between open and closed organization structure modes

In open mode, employee lists can be requested without access checks. Employee profile restrictions on department and employee access are lifted

In closed mode, requesting employee lists without access checks is prohibited. Department visibility in profiles requires permissions. Adding employees is done via email without search (profile lookup by email is available)

Default is true

com.operavix.subsystem.monitoring.json

ParameterEnvironment VariableDescription
"phased_agent_upgrade"Enables phased agent updates

Configure:
"stable_version" — stable agent version (must match pattern XXX.XXX.XXX)
"host_mask" — array of FQDNs as regular expressions for hosts to update above "stable_version" (cannot be empty)
"agent_log_config"Configures logging level for sessionInspector.log on monitoring agents
"parsing_activity_enabled"Enables or disables background processes for parsing and synchronizing activity archives in ClickHouse
"agent_activity_queue_dir"To move the raw activity folder to another disk, specify the new location here

Backslashes must be escaped with an additional backslash
"activity_queue_retention"Retention period for raw activity data

Raw data is kept for re-upload if errors occur

Default is 14 days (14d), minimum is 1 day (1d)
"partition_life_circle_time"Number of days to retain monitoring agent logs in the monitoring_agent_inspector_log table

Default is 14 days
"rdb_ch_synchronization"MN_SYNC_CH_DELAY
MN_SYNC_CH_INTERVAL
Configures synchronization of agent-collected activity between the built-in file database and ClickHouse

Sets first (after startup) and subsequent sync delays/intervals: { "delay": "10s", "interval": "30s" }
"delay" — initial sync delay
"interval" — interval between syncs
"parameters_hashing"Global hashing parameter — controls whether input form data collected by the monitoring agent is hashed

"default" (default): hashing enabled
"none": data sent unencrypted

This parameter overrides "email_hashing". Changes take effect after server restart
"email_hashing"Enables or disables hashing of To and Cc fields in Microsoft Outlook

Only configurable if "parameters_hashing" is disabled
"storage_guid"MN_STORAGE_GUIDDefines the ClickHouse storage GUID connected to Operavix where monitoring agent activity is stored. Determines which ClickHouse server the system connects to

Changing this value redirects new activity to the new storage. Accumulated data is automatically migrated starting from the earliest record

Used with "monitoring_database_name" to specify the database within the selected storage

The activity_table variable dynamically resolves the path to monitoring_activity, allowing automation scripts to access data without manual path updates during migration

"monitoring_database_name"MN_DB_NAMEName of the database in the ClickHouse storage ("storage_guid") where the monitoring_activity table is stored

If omitted or empty, defaults to "main"

If specified, new activity is written to the specified database

Requirements for database name:
1. Up to 255 characters
2. Only Latin letters, digits, underscores
3. Must start with a letter

The activity_table variable uses this value to resolve the full path

Table names monitoring_activity and monitoring_agent_inspector_log do not change
"researches_enabled"MN_RESEARCHESEnables or disables research functionality

Default is true

"monitoring_screenshot_blur"Configures blur level for screenshots collected by the monitoring agent

Default is 50

Range: 1–100. Set to 0 to disable blurring

com.operavix.subsystem.bidata.json

ParameterEnvironment VariableDescription
"temp_table_lifetime"Lifetime of temporary tables created in ClickHouse when uploading CSV files

Default is 2h (2 hours)
"max_transition_count_for_process_map"Process explorer: maximum number of transitions for the processor

Default: 300
"max_variant_count_for_process_map"Process explorer: maximum number of process variants

Default: 100
"max_variant_length_for_process_map"Process explorer: maximum length of a variant chain

Default: 100

com.operavix.subsystem.dashboard.json

ParameterEnvironment VariableDescription
"rows_export_limit"DB_ROWS_LIMITLimits the number of rows exported to .xlsx and .csv from dashboards

Default: 5000

Any value allowed

"temp_table_lifetime"Retention period for temporary tables

Default is 1 day

Specify in days (d) or hours (h)

com.operavix.subsystem.automation.json

ParameterEnvironment VariableDescription
"is_production"AU_PRODDetermines which blocks are available in scripts: all or only stable versions

If false, experimental features become available. Default is true
"script_version_lifetime"Script version retention period. Can be specified in seconds (s), minutes (m), hours (h)

Set to 0d for infinite retention

com.operavix.subsystem.clickhouse.standalone.json

ParameterDescription
"repeat_sql_query_count"Number of retries for SQL queries in case of error
"repeat_sql_query_time"Delay between retry attempts

Specified in milliseconds
"log_queries"Controls whether SQL queries generated by dashboards and widgets are logged in the ClickHouse system.query_log table

false (default): no logging
true: logging enabled
"checkout_timeout"Maximum time Operavix waits for a ClickHouse connection when the connection pool is exhausted

Specified in milliseconds

com.operavix.platform.component.database.json

ParameterDescription
"periodical_backup_enabled"Enables or disables periodic overwriting backup of the built-in file database, performed daily at midnight
"backup_path"Path to the directory where the periodic backup of the built-in file database is stored, relative to the Operavix working directory

Default is "backup". Another directory can be specified if needed

Backslashes must be escaped with an additional backslash

cluster.json

ParameterEnvironment VariableDescription
"name"CL_NAMEName of the current node in the Operavix cluster

See Installing Automation Module on Another Server for details
"port"CL_PORTPort of the current node for operation in the Operavix cluster

See Installing Automation Module on Another Server for details
"nodes"CL_REMOTE_NODESList of other nodes in the Operavix cluster

Environment Variables

Note

Some environment variables are not associated with specific configuration files.

Environment VariableDescription
CR_LOG_LEVELTechnical log level (main.log)

Possible values: trace, debug, info, warn, error

Default: debug

See Security Log Rotation for details
JVM_MAX_MEMORYJava machine memory limit

Default is 4G

On Windows, the value can be altered via the registry

See Installing Operavix on Linux and Specifying Available RAM for Operavix App for details

Editing Configuration Files on Linux

Note

Not all parameters can be modified via environment variables, as not all system settings are exposed.

If the provided environment variables are insufficient, you can use the SKIP_CONFIGURE variable. When included in the Docker container startup command, all environment variables except JVM_MAX_MEMORY are ignored. In this case, configuration must be edited manually in files located in the /var/lib/operavix/config/ directory inside the container.

To use SKIP_CONFIGURE:

  1. Start the Operavix system normally. This ensures configuration files are populated with necessary data.
  2. Copy configuration files from the container to the host:
    docker cp a382:/var/lib/operavix/config/ /home/user/config
    
    Where a382 is the container ID (find with docker ps) and /home/user/config is the target directory on your host.
  3. Stop the container:
    docker service rm operavix-app
    
  4. Open and edit the required configuration files in the target directory.
  5. On the next startup, specify the location of the configuration files using the --mount parameter and add -e SKIP_CONFIGURE='yes' to prevent the system from modifying settings.

Example:

docker service create --name operavix-app \
--secret operavix_app_https_certificate \
--secret operavix_app_https_certificate_password \
--mount type=volume,src=operavix-app-data-t,target=/var/lib/operavix/data/ \
--mount type=volume,src=operavix-app-log-t,target=/var/log/operavix/ \
--mount type=bind,source=/home/user/config,target=/var/lib/operavix/config/ \
--publish published=443,target=8010,mode=host \
--restart-max-attempts 5 \
--restart-condition "on-failure" \
-e JVM_MAX_MEMORY='4G' \
-e FE_URL="https://operavix.local" \
-e SKIP_CONFIGURE='yes' \
dockerhub.office.operavix.com/operavix/operavix_app:d240710
Warning

Since configuration files reside on the server, all variables from previous runs are preserved. However, new variables specified in the next run may not take effect. To apply changes, update the values manually in the config files or restart services without SKIP_CONFIGURE and the bind mount. Then repeat the process: copy updated files, make changes, and restart with SKIP_CONFIGURE.

Was the article helpful?

Yes
No
Previous
Working with the System
We use cookies to improve our website for you.