System Configuration Files
In this article
- System Configuration Files
- Configuration Files
- Com.operavix.subsystem.frontend.json
- Com.operavix.subsystem.core.json
- Com.operavix.subsystem.monitoring.json
- Com.operavix.subsystem.bidata.json
- Com.operavix.subsystem.dashboard.json
- Com.operavix.subsystem.automation.json
- Com.operavix.subsystem.clickhouse.standalone.json
- Com.operavix.platform.component.database.json
- Cluster.json
- Environment Variables
- Editing Configuration Files on Linux
Some system settings can be modified through configuration files or environment variables, depending on the operating system:
- Windows: changes are made in configuration files
- Linux: settings are configured via environment variables when running the Docker container
Below is a list of the main configuration files and parameters and environment variables that can be modified. Note that some environment variables are not associated with specific configuration files.
An example of passing a parameter on Linux:
-e JVM_MAX_MEMORY='4G'
Configuration Files
Below are the main configuration files and parameters that can be changed, along with their corresponding environment variables (if available).
com.operavix.subsystem.frontend.json
| Parameter | Environment Variable | Description |
|---|---|---|
"protocol" | — | Web interface protocol — HTTP or HTTPS |
"port" | — | Port on which the web interface will operate |
"ssl_cert_store" | — | Path to the PFX file containing the certificate and private key for HTTPS. Supported formats: JKS, PKCS#12 Backslashes must be escaped with an additional backslash |
"ssl_cert_store_password" | — | Password for the PFX file To specify an empty password, enter the following: "" |
"trust_store" | — | Full path to the trusted certificates store. Supported formats: JKS, PKCS#12 |
"trust_store_password" | — | Password for the trusted certificates store If the certificate store and trust store passwords match, this field can be left empty |
"crl" | — | Full path to the certificate revocation list (optional) |
"url" | FE_URL | Operavix server address Must be specified fully, including protocol and port Used by the system to generate all inbound links. For example, based on this parameter, links in email messages for password reset and invitations are created |
"service_mode" | FE_SERVICE_MODE | Enables or disables service mode Disabled by default. To enable, set to trueSee Working with the System for details |
"service_mode_message" | FE_SERVICE_MODE_MESSAGE | Message displayed to users on the login page when service mode is enabled Markdown formatting is supported |
"session_timeout" | FE_SESSION_TIMEOUT | User session lifetime By default, inactive session duration is 7 days Can be specified in hours ( h) or days (d) |
"support_iframe" | — | Allows embedding the Operavix interface into an iframe on a third-party website To enable, set to true (the default is false) |
"web_dir" | — | Path to the web interface files relative to the Operavix working directory |
"add_exclude_cipher_suites" | — | Excluded encryption algorithms |
"host" | — | Network interface on which the system is accessible Default is 0.0.0.0 (available on all interfaces). If set to 127.0.0.1, access is limited to localhost only |
"add_exclude_protocols" | — | Excluded SSL connection protocols |
"request_timeout" | — | Amount of time for HTTP request timeout |
"temp_dir" | — | Web server temporary files directory relative to the Operavix working directory |
"disable_websocket" | — | Disables or enables WebSocket functionality (subscriptions) for the web server Enabled by default ( false) |
"use_unsupported_applications" | — | Enables working with Operavix in Internet Explorer To enable, set to trueDefault is false — Operavix unavailable in IE |
"prometheus" | FE_PROMETHEUS | Enables Prometheus metrics collection and exposure To enable, set to trueDefault is false — metrics collection is disabled |
"cors_policy" | FE_CORS_POLICY | Configures CORS for cross-origin data exchange Set to * to allow cross-origin requests from any site. To restrict access, list allowed URLs separated by commas, e.g., ["https://operavix.com", "https://example.com"] on Windows or "https://operavix.com , https://example.com" on LinuxWildcard support for subdomains: ["https://(.*).operavix.com"] (Windows), "https://(.*).operavix.com" (Linux) |
"graphql_disable" | FE_GRAPHQL_DISABLE | Disables the ability to run GraphQL queries |
"graphql_introspection_disabled" | FE_GRAPHQL_INTROSPECTION_DISABLE | Enables GraphQL introspection To enable, set to falseDefault is true — introspection is disabled |
com.operavix.subsystem.core.json
| Parameter | Environment Variable | Description |
|---|---|---|
"reset_count_invalid_logon_duration" | — | Period after which failed login attempts are reset Can be specified in days, hours, minutes, or seconds |
"restorelink_timeout" | — | Password recovery link lifetime Default is 24 hours Can be specified in days, hours, minutes, or seconds |
"secret_key_path" | — | Path to the secret key (relative to the Operavix working directory) used to encrypt sensitive data |
"logon_type" | — | Authentication method via built-in authentication Use login for login-based authentication, email for email-based authentication |
"system_notification_message" | CR_NOTIFICATION_MESSAGE | Configures the informational message displayed after system update Any text can be entered and will appear in the notification window If the parameter value is empty or the attribute is missing, the notification is considered disabled and will not be shown See System Setup for details |
"employee_tree_depth" | — | Sets the number of employees displayed in the list before Show more Range: 1–100. Default is 20. Change manually if requiredIf the module configuration file is deleted and the service restarted, the value resets to default |
"auth_without_role" | CR_AUTH_WITHOUT_ROLE | Controls authentication without access roles If the value is empty or set to true (default), authentication without roles is allowed. If false, at least one access role is required for authentication (the role without privileges may be used) |
"open_org_structure" | CR_OPEN_ORG_STRUCTURE | Switches between open and closed organization structure modes In open mode, employee lists can be requested without access checks. Employee profile restrictions on department and employee access are lifted In closed mode, requesting employee lists without access checks is prohibited. Department visibility in profiles requires permissions. Adding employees is done via email without search (profile lookup by email is available) Default is true |
com.operavix.subsystem.monitoring.json
| Parameter | Environment Variable | Description |
|---|---|---|
"phased_agent_upgrade" | — | Enables phased agent updates Configure: — "stable_version" — stable agent version (must match pattern XXX.XXX.XXX)— "host_mask" — array of FQDNs as regular expressions for hosts to update above "stable_version" (cannot be empty) |
"agent_log_config" | — | Configures logging level for sessionInspector.log on monitoring agents |
"parsing_activity_enabled" | — | Enables or disables background processes for parsing and synchronizing activity archives in ClickHouse |
"agent_activity_queue_dir" | — | To move the raw activity folder to another disk, specify the new location here Backslashes must be escaped with an additional backslash |
"activity_queue_retention" | — | Retention period for raw activity data Raw data is kept for re-upload if errors occur Default is 14 days ( 14d), minimum is 1 day (1d) |
"partition_life_circle_time" | — | Number of days to retain monitoring agent logs in the monitoring_agent_inspector_log tableDefault is 14 days |
"rdb_ch_synchronization" | MN_SYNC_CH_DELAYMN_SYNC_CH_INTERVAL | Configures synchronization of agent-collected activity between the built-in file database and ClickHouse Sets first (after startup) and subsequent sync delays/intervals: { "delay": "10s", "interval": "30s" }— "delay" — initial sync delay— "interval" — interval between syncs |
"parameters_hashing" | — | Global hashing parameter — controls whether input form data collected by the monitoring agent is hashed"default" (default): hashing enabled"none": data sent unencryptedThis parameter overrides "email_hashing". Changes take effect after server restart |
"email_hashing" | — | Enables or disables hashing of To and Cc fields in Microsoft Outlook Only configurable if "parameters_hashing" is disabled |
"storage_guid" | MN_STORAGE_GUID | Defines the ClickHouse storage GUID connected to Operavix where monitoring agent activity is stored. Determines which ClickHouse server the system connects to Changing this value redirects new activity to the new storage. Accumulated data is automatically migrated starting from the earliest record Used with "monitoring_database_name" to specify the database within the selected storageThe activity_table variable dynamically resolves the path to monitoring_activity, allowing automation scripts to access data without manual path updates during migration |
"monitoring_database_name" | MN_DB_NAME | Name of the database in the ClickHouse storage ("storage_guid") where the monitoring_activity table is storedIf omitted or empty, defaults to "main"If specified, new activity is written to the specified database Requirements for database name: 1. Up to 255 characters 2. Only Latin letters, digits, underscores 3. Must start with a letter The activity_table variable uses this value to resolve the full path Table names monitoring_activity and monitoring_agent_inspector_log do not change |
"researches_enabled" | MN_RESEARCHES | Enables or disables research functionality Default is true |
"monitoring_screenshot_blur" | — | Configures blur level for screenshots collected by the monitoring agent Default is 50 Range: 1–100. Set to 0 to disable blurring |
com.operavix.subsystem.bidata.json
| Parameter | Environment Variable | Description |
|---|---|---|
"temp_table_lifetime" | — | Lifetime of temporary tables created in ClickHouse when uploading CSV files Default is 2h (2 hours) |
"max_transition_count_for_process_map" | — | Process explorer: maximum number of transitions for the processor Default: 300 |
"max_variant_count_for_process_map" | — | Process explorer: maximum number of process variants Default: 100 |
"max_variant_length_for_process_map" | — | Process explorer: maximum length of a variant chain Default: 100 |
com.operavix.subsystem.dashboard.json
| Parameter | Environment Variable | Description |
|---|---|---|
"rows_export_limit" | DB_ROWS_LIMIT | Limits the number of rows exported to .xlsx and .csv from dashboards Default: 5000 Any value allowed |
"temp_table_lifetime" | — | Retention period for temporary tables Default is 1 day Specify in days ( d) or hours (h) |
com.operavix.subsystem.automation.json
| Parameter | Environment Variable | Description |
|---|---|---|
"is_production" | AU_PROD | Determines which blocks are available in scripts: all or only stable versions If false, experimental features become available. Default is true |
"script_version_lifetime" | — | Script version retention period. Can be specified in seconds (s), minutes (m), hours (h)Set to 0d for infinite retention |
com.operavix.subsystem.clickhouse.standalone.json
| Parameter | Description |
|---|---|
"repeat_sql_query_count" | Number of retries for SQL queries in case of error |
"repeat_sql_query_time" | Delay between retry attempts Specified in milliseconds |
"log_queries" | Controls whether SQL queries generated by dashboards and widgets are logged in the ClickHouse system.query_log tablefalse (default): no loggingtrue: logging enabled |
"checkout_timeout" | Maximum time Operavix waits for a ClickHouse connection when the connection pool is exhausted Specified in milliseconds |
com.operavix.platform.component.database.json
| Parameter | Description |
|---|---|
"periodical_backup_enabled" | Enables or disables periodic overwriting backup of the built-in file database, performed daily at midnight |
"backup_path" | Path to the directory where the periodic backup of the built-in file database is stored, relative to the Operavix working directory Default is "backup". Another directory can be specified if neededBackslashes must be escaped with an additional backslash |
cluster.json
| Parameter | Environment Variable | Description |
|---|---|---|
"name" | CL_NAME | Name of the current node in the Operavix cluster See Installing Automation Module on Another Server for details |
"port" | CL_PORT | Port of the current node for operation in the Operavix cluster See Installing Automation Module on Another Server for details |
"nodes" | CL_REMOTE_NODES | List of other nodes in the Operavix cluster |
Environment Variables
Note
Some environment variables are not associated with specific configuration files.
| Environment Variable | Description |
|---|---|
CR_LOG_LEVEL | Technical log level (main.log) Possible values: trace, debug, info, warn, errorDefault: debugSee Security Log Rotation for details |
JVM_MAX_MEMORY | Java machine memory limit Default is 4G On Windows, the value can be altered via the registry See Installing Operavix on Linux and Specifying Available RAM for Operavix App for details |
Editing Configuration Files on Linux
Note
Not all parameters can be modified via environment variables, as not all system settings are exposed.
If the provided environment variables are insufficient, you can use the SKIP_CONFIGURE variable. When included in the Docker container startup command, all environment variables except JVM_MAX_MEMORY are ignored. In this case, configuration must be edited manually in files located in the /var/lib/operavix/config/ directory inside the container.
To use SKIP_CONFIGURE:
- Start the Operavix system normally. This ensures configuration files are populated with necessary data.
- Copy configuration files from the container to the host:
Where
docker cp a382:/var/lib/operavix/config/ /home/user/configa382is the container ID (find withdocker ps) and/home/user/configis the target directory on your host. - Stop the container:
docker service rm operavix-app - Open and edit the required configuration files in the target directory.
- On the next startup, specify the location of the configuration files using the
--mountparameter and add-e SKIP_CONFIGURE='yes'to prevent the system from modifying settings.
Example:
docker service create --name operavix-app \
--secret operavix_app_https_certificate \
--secret operavix_app_https_certificate_password \
--mount type=volume,src=operavix-app-data-t,target=/var/lib/operavix/data/ \
--mount type=volume,src=operavix-app-log-t,target=/var/log/operavix/ \
--mount type=bind,source=/home/user/config,target=/var/lib/operavix/config/ \
--publish published=443,target=8010,mode=host \
--restart-max-attempts 5 \
--restart-condition "on-failure" \
-e JVM_MAX_MEMORY='4G' \
-e FE_URL="https://operavix.local" \
-e SKIP_CONFIGURE='yes' \
dockerhub.office.operavix.com/operavix/operavix_app:d240710
Warning
Since configuration files reside on the server, all variables from previous runs are preserved. However, new variables specified in the next run may not take effect. To apply changes, update the values manually in the config files or restart services without SKIP_CONFIGURE and the bind mount. Then repeat the process: copy updated files, make changes, and restart with SKIP_CONFIGURE.
Was the article helpful?
Yes
No