Dockerfile/application.properties at develop · LabKey/Dockerfile · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# debug=true
# trace=true

server.tomcat.basedir=${TOMCAT_BASE_DIR}

server.port=${LABKEY_PORT}

spring.main.log-startup-info=true

spring.main.banner-mode=off

spring.application.name=labkey
server.servlet.application-display-name=labkey

context.resources.jdbc.labkeyDataSource.type=javax.sql.DataSource
context.resources.jdbc.labkeyDataSource.driverClassName=org.postgresql.Driver
# context.resources.jdbc.labkeyDataSource.url=jdbc:postgresql://${POSTGRES_HOST:-localhost}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-${POSTGRES_USER}}${POSTGRES_PARAMETERS:-}
# context.resources.jdbc.labkeyDataSource.username=${POSTGRES_USER:-postgres}
# context.resources.jdbc.labkeyDataSource.password=${POSTGRES_PASSWORD:-}

# AWS SSM prefix for resolving ssm: references below. Set LABKEY_SSM_PREFIX to /${app_param_path} (e.g. /myapp/myenv/).
# Leave unset for non-AWS deployments as the post-processor is a no-op when no ssm: values are present.
context.awsParameterStore.prefix=${LABKEY_SSM_PREFIX}

context.resources.jdbc.labkeyDataSource.url=@@jdbcUrl@@
# context.resources.jdbc.labkeyDataSource.username=@@jdbcUser@@
# context.resources.jdbc.labkeyDataSource.password=@@jdbcPassword@@
context.resources.jdbc.labkeyDataSource.username=ssm:database_user
context.resources.jdbc.labkeyDataSource.password=ssm:database_password
context.resources.jdbc.labkeyDataSource.maxTotal=${POSTGRES_MAX_TOTAL_CONNECTIONS}
context.resources.jdbc.labkeyDataSource.maxIdle=${POSTGRES_MAX_IDLE_CONNECTIONS}
context.resources.jdbc.labkeyDataSource.maxWaitMillis=${POSTGRES_MAX_WAIT_MILLIS}
context.resources.jdbc.labkeyDataSource.accessToUnderlyingConnectionAllowed=${POSTGRES_ACCESS_UNDERLYING_CONNECTIONS}
context.resources.jdbc.labkeyDataSource.validationQuery=${POSTGRES_VALIDATION_QUERY}

context.externalModules=${LABKEY_EXTERNAL_MODULES}

# send access logs to file:
# server.tomcat.accesslog.directory=/tmp
# server.tomcat.accesslog.enabled=true
# server.tomcat.accesslog.prefix=access
# server.tomcat.accesslog.suffix=.log
# server.tomcat.accesslog.rotate=false
## File-based Tomcat HTTP access logs are enabled by default and use our recommended pattern. Override as needed.
# server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %S %I "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s %{X-Forwarded-For}i

# send access logs to stdout (preferred for ECS):
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.directory=/dev
server.tomcat.accesslog.prefix=stdout
server.tomcat.accesslog.buffered=false
server.tomcat.accesslog.suffix=
server.tomcat.accesslog.file-date-format=

server.http2.enabled=true

server.ssl.enabled=true

# must match values in entrypoint.sh
server.ssl.key-alias=${TOMCAT_KEYSTORE_ALIAS}
server.ssl.key-store=${LABKEY_HOME}/${TOMCAT_KEYSTORE_FILENAME}
# server.ssl.key-store-password=${TOMCAT_KEYSTORE_PASSWORD}
server.ssl.key-store-type=${TOMCAT_KEYSTORE_FORMAT}

# context.encryptionKey=@@encryptionKey@@
context.encryptionKey=ssm:ek


#
# as of time of writing, this cannot be changed via app props but is needed for
# management.endpoints.web.base-path below
#
server.servlet.context-path=/_

server.error.whitelabel.enabled=false

mail.smtpHost=@@smtpHost@@
# mail.smtpUser=@@smtpUser@@
# LABKEY_VPC_SSM_PREFIX is the VPC-level shared SSM path prefix (e.g. /shared/vpc/myvpc/), expanded by envsubst at startup.
mail.smtpUser=ssm:${LABKEY_VPC_SSM_PREFIX}smtp_user
mail.smtpPort=@@smtpPort@@
# mail.smtpPassword=@@smtpPassword@@
mail.smtpPassword=ssm:${LABKEY_VPC_SSM_PREFIX}smtp_password
mail.smtpAuth=@@smtpAuth@@
mail.smtpFrom=@@smtpFrom@@
mail.smtpStartTlsEnable=@@smtpStartTlsEnable@@

management.endpoints.web.base-path=/

management.endpoints.enabled-by-default=false
management.endpoint.health.enabled=true
management.endpoint.shutdown.enabled=false

management.endpoints.web.exposure.include=health
management.endpoints.jmx.exposure.exclude=*

management.endpoint.env.keys-to-sanitize=.*user.*,.*pass.*,secret,key,token,.*credentials.*,vcap_services,sun.java.command,.*key-store.*

info.labkey.version=${LABKEY_VERSION}
info.labkey.distribution=${LABKEY_DISTRIBUTION}

server.tomcat.max-threads=50
server.servlet.session.timeout=60m
context.workDirLocation=/work/Tomcat/localhost

## Example CSP Enforce policy
# csp.enforce=\
#     default-src 'self' ; \
#     connect-src 'self' ${CONNECTION.SOURCES} ; \
#     object-src 'none' ; \
#     style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ; \
#     img-src 'self' data: ${IMAGE.SOURCES} ; \
#     font-src 'self' data: ${FONT.SOURCES} ; \
#     script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ; \
#     base-uri 'self' ; \
#     frame-src 'self' ${FRAME.SOURCES} ; \
#     ${UPGRADE.INSECURE.REQUESTS} \
#     frame-ancestors 'self' ; \
#     report-uri /admin-contentSecurityPolicyReport.api?cspVersion=e12&${CSP.REPORT.PARAMS} ;

## Example CSP Report policy
# csp.report=\
#     default-src 'self' ; \
#     connect-src 'self' ${CONNECTION.SOURCES} ; \
#     object-src 'none' ; \
#     style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ; \
#     img-src 'self' data: ${IMAGE.SOURCES} ; \
#     font-src 'self' data: ${FONT.SOURCES} ; \
#     script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ; \
#     base-uri 'self' ; \
#     frame-src 'self' ${FRAME.SOURCES} ; \
#     report-uri /admin-contentSecurityPolicyReport.api?cspVersion=r12&${CSP.REPORT.PARAMS} ;

## Load optional application.properties if file exists - used for one-off labkey cloud use cases etc.
spring.config.import=optional:file:${LABKEY_HOME}/config/optional.application.properties