diff --git a/packaging/distribution/pom.xml b/packaging/distribution/pom.xml new file mode 100644 index 0000000000..12a7438aea --- /dev/null +++ b/packaging/distribution/pom.xml @@ -0,0 +1,14 @@ + + + 4.0.0 + org.alfresco + alfresco-community-repo-distribution + Package Licences and Keystore for Distribution + jar + + + org.alfresco + alfresco-community-repo-packaging + 8.300-TEST6-SNAPSHOT + + diff --git a/packaging/distribution/src/main/resources/keystore/CreateSSLKeystores.txt b/packaging/distribution/src/main/resources/keystore/CreateSSLKeystores.txt new file mode 100644 index 0000000000..25addea011 --- /dev/null +++ b/packaging/distribution/src/main/resources/keystore/CreateSSLKeystores.txt @@ -0,0 +1,141 @@ +Instructions for Generating Repository SSL Keystores +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + is the keystore password. The file ${dir.keystore}/ssl-keystore-passwords.properties contains passwords for the SSL keystore, +${dir.keystore}/ssl-truststore-passwords.properties contains passwords for the SSL truststore. + +These instructions will create an RSA public/private key pair for the repository with a certificate that has been signed by the Alfresco Certificate Authority (CA). +It will also create a truststore for the repository containing the CA certificate; this will be used to authenticate connections to specific repository +URLs from Solr. It assumes the existence of the Alfresco CA key and certificate to sign the repository certificate; for security reasons these are not generally available. +You can either generate your own CA key and certificate (see instructions below) or use a recognised Certificate Authority such as Verisign. For Alfresco employees the key +and certificate are available in svn. + +(i) Generate the repository public/private key pair in a keystore: + +$ keytool -genkey -alias ssl.repo -keyalg RSA -keystore ssl.keystore -storetype JCEKS -storepass +Enter keystore password: +Re-enter new password: +What is your first and last name? + [Unknown]: Alfresco Repository +What is the name of your organizational unit? + [Unknown]: +What is the name of your organization? + [Unknown]: Alfresco Software Ltd. +What is the name of your City or Locality? + [Unknown]: Maidenhead +What is the name of your State or Province? + [Unknown]: UK +What is the two-letter country code for this unit? + [Unknown]: GB +Is CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB correct? + [no]: yes + +Enter key password for + (RETURN if same as keystore password): + +(ii) Generate a certificate request for the repository key + +$ keytool -keystore ssl.keystore -alias ssl.repo -certreq -file repo.csr -storetype JCEKS -storepass + +(iii) Alfresco CA signs the certificate request, creating a certificate that is valid for 365 days. + +$ openssl x509 -CA ca.crt -CAkey ca.key -CAcreateserial -req -in repo.csr -out repo.crt -days 365 +Signature ok +subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Alfresco Repository +Getting CA Private Key +Enter pass phrase for ca.key: + +(iv) Import the Alfresco CA key into the repository key store + +$ keytool -import -alias ssl.alfreco.ca -file ca.crt -keystore ssl.keystore -storetype JCEKS -storepass +Enter keystore password: +Owner: CN=Alfresco CA, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB +Issuer: CN=Alfresco CA, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB +Serial number: 805ba6dc8f62f8b8 +Valid from: Fri Aug 12 13:28:58 BST 2011 until: Mon Aug 09 13:28:58 BST 2021 +Certificate fingerprints: + MD5: 4B:45:94:2D:8E:98:E8:12:04:67:AD:AE:48:3C:F5:A0 + SHA1: 74:42:22:D0:52:AD:82:7A:FD:37:46:37:91:91:F4:77:89:3A:C9:A3 + Signature algorithm name: SHA1withRSA + Version: 3 + +Extensions: + +#1: ObjectId: 2.5.29.14 Criticality=false +SubjectKeyIdentifier [ +KeyIdentifier [ +0000: 08 42 40 DC FE 4A 50 87 05 2B 38 4D 92 70 8E 51 .B@..JP..+8M.p.Q +0010: 4E 38 71 D6 N8q. +] +] + +#2: ObjectId: 2.5.29.19 Criticality=false +BasicConstraints:[ + CA:true + PathLen:2147483647 +] + +#3: ObjectId: 2.5.29.35 Criticality=false +AuthorityKeyIdentifier [ +KeyIdentifier [ +0000: 08 42 40 DC FE 4A 50 87 05 2B 38 4D 92 70 8E 51 .B@..JP..+8M.p.Q +0010: 4E 38 71 D6 N8q. +] + +[CN=Alfresco CA, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB] +SerialNumber: [ 805ba6dc 8f62f8b8] +] + +Trust this certificate? [no]: yes +Certificate was added to keystore + +(v) Import the CA-signed repository certificate into the repository keystore + +$ keytool -import -alias ssl.repo -file repo.crt -keystore ssl.keystore -storetype JCEKS -storepass +Enter keystore password: +Certificate reply was installed in keystore + +(vi) Convert the repository keystore to a pkcs12 keystore (for use in browsers such as Firefox). Give the pkcs12 key store the key store password 'alfresco'. + +keytool -importkeystore -srckeystore ssl.keystore -srcstorepass -srcstoretype JCEKS -srcalias ssl.repo -srckeypass kT9X6oe68t -destkeystore firefox.p12 -deststoretype pkcs12 -deststorepass alfresco -destalias ssl.repo -destkeypass alfresco + +(vi) Create a repository truststore containing the Alfresco CA certificate + +keytool -import -alias ssl.alfreco.ca -file ca.crt -keystore ssl.keystore -storetype JCEKS -storepass +keytool -import -alias alfreco.ca -file ca.crt -keystore ssl.truststore -storetype JCEKS -storepass + +(vii) Copy the keystore and truststore to the repository keystore location defined by the property 'dir.keystore'. +(viii) Update the SSL properties i.e. properties starting with the prefixes 'alfresco.encryption.ssl.keystore' and 'alfresco.encryption.ssl.truststore'. + +Instructions for Generating a Certificate Authority (CA) Key and Certificate +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +(i) Generate the CA private key + +$ openssl genrsa -des3 -out ca.key 1024 +Generating RSA private key, 1024 bit long modulus +..........++++++ +..++++++ +e is 65537 (0x10001) +Enter pass phrase for ca.key: +Verifying - Enter pass phrase for ca.key: + +(ii) Generate the CA self-signed certificate + +$ openssl req -new -x509 -days 3650 -key ca.key -out ca.crt +Enter pass phrase for ca.key: +You are about to be asked to enter information that will be incorporated +into your certificate request. +What you are about to enter is what is called a Distinguished Name or a DN. +There are quite a few fields but you can leave some blank +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [AU]:GB +State or Province Name (full name) [Some-State]:UK +Locality Name (eg, city) []:Maidenhead +Organization Name (eg, company) [Internet Widgits Pty Ltd]:Alfresco Software Ltd. +Organizational Unit Name (eg, section) []: +Common Name (eg, YOUR name) []:Alfresco CA +Email Address []: + diff --git a/packaging/distribution/src/main/resources/keystore/generate_keystores.bat b/packaging/distribution/src/main/resources/keystore/generate_keystores.bat new file mode 100644 index 0000000000..5aed5e9fa0 --- /dev/null +++ b/packaging/distribution/src/main/resources/keystore/generate_keystores.bat @@ -0,0 +1,58 @@ +@rem Please edit the variables below to suit your installation +@rem Note: for an installation created by the Alfresco installer, you only need to edit ALFRESCO_HOME + +@rem Alfresco installation directory +set ALFRESCO_HOME=C:\Alfresco-5.2 +@rem The directory containing the alfresco keystores, as referenced by keystoreFile and truststoreFile attributes in tomcat\conf\server.xml +set ALFRESCO_KEYSTORE_HOME=%ALFRESCO_HOME%\alf_data\keystore +@rem Java installation directory +set JAVA_HOME=%ALFRESCO_HOME%\java +@rem Location in which new keystore files will be generated +set CERTIFICATE_HOME=%USERPROFILE% +@rem The repository server certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repository" +set REPO_CERT_DNAME=CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB +@rem The SOLR client certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repoclient" +set SOLR_CLIENT_CERT_DNAME=CN=Alfresco Repository Client, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB +@rem The number of days before the certificate expires +set CERTIFICATE_VALIDITY=36525 + +@rem Ensure certificate output dir exists +@if not exist "%CERTIFICATE_HOME%" mkdir "%CERTIFICATE_HOME%" + +@rem Remove old output files (note they are backed up elsewhere) +@if exist "%CERTIFICATE_HOME%\ssl.keystore" del "%CERTIFICATE_HOME%\ssl.keystore" +@if exist "%CERTIFICATE_HOME%\ssl.truststore" del "%CERTIFICATE_HOME%\ssl.truststore" +@if exist "%CERTIFICATE_HOME%\browser.p12" del "%CERTIFICATE_HOME%\browser.p12" +@if exist "%CERTIFICATE_HOME%\ssl.repo.client.keystore" del "%CERTIFICATE_HOME%\ssl.repo.client.keystore" +@if exist "%CERTIFICATE_HOME%\ssl.repo.client.truststore" del "%CERTIFICATE_HOME%\ssl.repo.client.truststore" + +@rem Generate new self-signed certificates for the repository and solr +"%JAVA_HOME%\bin\keytool" -genkeypair -keyalg RSA -dname "%REPO_CERT_DNAME%" -validity %CERTIFICATE_VALIDITY% -alias ssl.repo -keypass kT9X6oe68t -keystore "%CERTIFICATE_HOME%\ssl.keystore" -storetype JCEKS -storepass kT9X6oe68t +"%JAVA_HOME%\bin\keytool" -exportcert -alias ssl.repo -file "%CERTIFICATE_HOME%\ssl.repo.crt" -keystore "%CERTIFICATE_HOME%\ssl.keystore" -storetype JCEKS -storepass kT9X6oe68t +"%JAVA_HOME%\bin\keytool" -genkeypair -keyalg RSA -dname "%SOLR_CLIENT_CERT_DNAME%" -validity %CERTIFICATE_VALIDITY% -alias ssl.repo.client -keypass kT9X6oe68t -keystore "%CERTIFICATE_HOME%\ssl.repo.client.keystore" -storetype JCEKS -storepass kT9X6oe68t +"%JAVA_HOME%\bin\keytool" -exportcert -alias ssl.repo.client -file "%CERTIFICATE_HOME%\ssl.repo.client.crt" -keystore "%CERTIFICATE_HOME%\ssl.repo.client.keystore" -storetype JCEKS -storepass kT9X6oe68t + +@rem Create trust relationship between repository and solr +"%JAVA_HOME%\bin\keytool" -importcert -noprompt -alias ssl.repo.client -file "%CERTIFICATE_HOME%\ssl.repo.client.crt" -keystore "%CERTIFICATE_HOME%\ssl.truststore" -storetype JCEKS -storepass kT9X6oe68t +@rem Create trust relationship between repository and itself - used for searches +"%JAVA_HOME%\bin\keytool" -importcert -noprompt -alias ssl.repo -file "%CERTIFICATE_HOME%\ssl.repo.crt" -keystore "%CERTIFICATE_HOME%\ssl.truststore" -storetype JCEKS -storepass kT9X6oe68t +@rem Create trust relationship between solr and repository +"%JAVA_HOME%\bin\keytool" -importcert -noprompt -alias ssl.repo -file "%CERTIFICATE_HOME%\ssl.repo.crt" -keystore "%CERTIFICATE_HOME%\ssl.repo.client.truststore" -storetype JCEKS -storepass kT9X6oe68t +@rem Export repository keystore to pkcs12 format for browser compatibility +"%JAVA_HOME%\bin\keytool" -importkeystore -srckeystore "%CERTIFICATE_HOME%\ssl.keystore" -srcstorepass kT9X6oe68t -srcstoretype JCEKS -srcalias ssl.repo -srckeypass kT9X6oe68t -destkeystore "%CERTIFICATE_HOME%\browser.p12" -deststoretype pkcs12 -deststorepass alfresco -destalias ssl.repo -destkeypass alfresco + +@rem Ensure keystore dir actually exists +@if not exist "%ALFRESCO_KEYSTORE_HOME%" mkdir "%ALFRESCO_KEYSTORE_HOME%" + +@rem Install the new files +copy /Y "%CERTIFICATE_HOME%\ssl.keystore" "%ALFRESCO_KEYSTORE_HOME%\ssl.keystore" +copy /Y "%CERTIFICATE_HOME%\ssl.truststore" "%ALFRESCO_KEYSTORE_HOME%\ssl.truststore" +copy /Y "%CERTIFICATE_HOME%\browser.p12" "%ALFRESCO_KEYSTORE_HOME%\browser.p12" + +@echo **************************************** +@echo You must copy the following files to the correct location. +@echo %CERTIFICATE_HOME%\ssl.repo.client.keystore +@echo %CERTIFICATE_HOME%\ssl.repo.client.truststore +@echo eg. for Solr 4 the location is SOLR_HOME\workspace-SpacesStore\conf and SOLR_HOME\archive-SpacesStore\conf +@echo Please ensure that you set dir.keystore=%ALFRESCO_KEYSTORE_HOME% in alfresco-global.properties +@echo **************************************** \ No newline at end of file diff --git a/packaging/distribution/src/main/resources/keystore/generate_keystores.sh b/packaging/distribution/src/main/resources/keystore/generate_keystores.sh new file mode 100644 index 0000000000..180c990945 --- /dev/null +++ b/packaging/distribution/src/main/resources/keystore/generate_keystores.sh @@ -0,0 +1,82 @@ +#! /bin/sh +# Please edit the variables below to suit your installation +# Note: for an installation created by the Alfresco installer, you only need to edit ALFRESCO_HOME + +# Alfresco installation directory +if [ -z "$ALFRESCO_HOME" ]; then + ALFRESCO_HOME=/opt/alfresco-5.2 + echo "Setting ALFRESCO_HOME to $ALFRESCO_HOME" +fi + +# The directory containing the alfresco keystores, as referenced by keystoreFile and truststoreFile attributes in tomcat/conf/server.xml +ALFRESCO_KEYSTORE_HOME=$ALFRESCO_HOME/alf_data/keystore + +# Location in which new keystore files will be generated +if [ -z "$CERTIFICATE_HOME" ]; then + CERTIFICATE_HOME=$HOME + echo "Certificates will be generated in $CERTIFICATE_HOME and then moved to $ALFRESCO_KEYSTORE_HOME" +fi + +# Java installation directory +JAVA_HOME=$ALFRESCO_HOME/java + +# The repository server certificate subject name, as specified in tomcat/conf/tomcat-users.xml with roles="repository" +REPO_CERT_DNAME="CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" +# The SOLR client certificate subject name, as specified in tomcat/conf/tomcat-users.xml with roles="repoclient" +SOLR_CLIENT_CERT_DNAME="CN=Alfresco Repository Client, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" +# The number of days before the certificate expires +CERTIFICATE_VALIDITY=36525 + +# Stop +if [ -f "$ALFRESCO_HOME/alfresco.sh" ]; then "$ALFRESCO_HOME/alfresco.sh" stop; fi + +# Ensure certificate output dir exists +mkdir -p "$CERTIFICATE_HOME" + +# Remove old output files (note they are backed up elsewhere) +if [ -f "$CERTIFICATE_HOME/ssl.keystore" ]; then rm "$CERTIFICATE_HOME/ssl.keystore"; fi +if [ -f "$CERTIFICATE_HOME/ssl.truststore" ]; then rm "$CERTIFICATE_HOME/ssl.truststore"; fi +if [ -f "$CERTIFICATE_HOME/browser.p12" ]; then rm "$CERTIFICATE_HOME/browser.p12"; fi +if [ -f "$CERTIFICATE_HOME/ssl.repo.client.keystore" ]; then rm "$CERTIFICATE_HOME/ssl.repo.client.keystore"; fi +if [ -f "$CERTIFICATE_HOME/ssl.repo.client.truststore" ]; then rm "$CERTIFICATE_HOME/ssl.repo.client.truststore"; fi + +# Generate new self-signed certificates for the repository and solr +"$JAVA_HOME/bin/keytool" -genkeypair -keyalg RSA -dname "$REPO_CERT_DNAME" -validity $CERTIFICATE_VALIDITY -alias ssl.repo -keypass kT9X6oe68t -keystore "$CERTIFICATE_HOME/ssl.keystore" -storetype JCEKS -storepass kT9X6oe68t +"$JAVA_HOME/bin/keytool" -exportcert -alias ssl.repo -file "$CERTIFICATE_HOME/ssl.repo.crt" -keystore "$CERTIFICATE_HOME/ssl.keystore" -storetype JCEKS -storepass kT9X6oe68t +"$JAVA_HOME/bin/keytool" -genkeypair -keyalg RSA -dname "$SOLR_CLIENT_CERT_DNAME" -validity $CERTIFICATE_VALIDITY -alias ssl.repo.client -keypass kT9X6oe68t -keystore "$CERTIFICATE_HOME/ssl.repo.client.keystore" -storetype JCEKS -storepass kT9X6oe68t +"$JAVA_HOME/bin/keytool" -exportcert -alias ssl.repo.client -file "$CERTIFICATE_HOME/ssl.repo.client.crt" -keystore "$CERTIFICATE_HOME/ssl.repo.client.keystore" -storetype JCEKS -storepass kT9X6oe68t + +# Create trust relationship between repository and solr +"$JAVA_HOME/bin/keytool" -importcert -noprompt -alias ssl.repo.client -file "$CERTIFICATE_HOME/ssl.repo.client.crt" -keystore "$CERTIFICATE_HOME/ssl.truststore" -storetype JCEKS -storepass kT9X6oe68t +# Create trust relationship between repository and itself - used for searches +"$JAVA_HOME/bin/keytool" -importcert -noprompt -alias ssl.repo -file "$CERTIFICATE_HOME/ssl.repo.crt" -keystore "$CERTIFICATE_HOME/ssl.truststore" -storetype JCEKS -storepass kT9X6oe68t +# Create trust relationship between solr and repository +"$JAVA_HOME/bin/keytool" -importcert -noprompt -alias ssl.repo -file "$CERTIFICATE_HOME/ssl.repo.crt" -keystore "$CERTIFICATE_HOME/ssl.repo.client.truststore" -storetype JCEKS -storepass kT9X6oe68t +# Export repository keystore to pkcs12 format for browser compatibility +"$JAVA_HOME/bin/keytool" -importkeystore -srckeystore "$CERTIFICATE_HOME/ssl.keystore" -srcstorepass kT9X6oe68t -srcstoretype JCEKS -srcalias ssl.repo -srckeypass kT9X6oe68t -destkeystore "$CERTIFICATE_HOME/browser.p12" -deststoretype pkcs12 -deststorepass alfresco -destalias ssl.repo -destkeypass alfresco + +# Ensure keystore dir actually exists +mkdir -p "$ALFRESCO_KEYSTORE_HOME" + +# Back up old files +cp "$ALFRESCO_KEYSTORE_HOME/ssl.keystore" "$ALFRESCO_KEYSTORE_HOME/ssl.keystore.old" +cp "$ALFRESCO_KEYSTORE_HOME/ssl.truststore" "$ALFRESCO_KEYSTORE_HOME/ssl.truststore.old" +cp "$ALFRESCO_KEYSTORE_HOME/browser.p12" "$ALFRESCO_KEYSTORE_HOME/browser.p12.old" + +# Install the new files +cp "$CERTIFICATE_HOME/ssl.keystore" "$ALFRESCO_KEYSTORE_HOME/ssl.keystore" +cp "$CERTIFICATE_HOME/ssl.truststore" "$ALFRESCO_KEYSTORE_HOME/ssl.truststore" +cp "$CERTIFICATE_HOME/browser.p12" "$ALFRESCO_KEYSTORE_HOME/browser.p12" + +echo " " +echo "*******************************************" +echo "You must copy the following files to the correct location." +echo " " +echo " $CERTIFICATE_HOME/ssl.repo.client.keystore" +echo " $CERTIFICATE_HOME/ssl.repo.client.truststore" +echo " eg. for Solr 4 the location is SOLR_HOME/workspace-SpacesStore/conf/ and SOLR_HOME/archive-SpacesStore/conf/" +echo " " +echo "$ALFRESCO_KEYSTORE_HOME/browser.p12 has also been generated." +echo " " +echo "Please ensure that you set dir.keystore=$ALFRESCO_KEYSTORE_HOME in alfresco-global.properties" +echo "*******************************************" diff --git a/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore b/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore new file mode 100644 index 0000000000..22d2b69a41 Binary files /dev/null and b/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore differ diff --git a/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore-passwords.properties b/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore-passwords.properties new file mode 100644 index 0000000000..5b31ff26c6 --- /dev/null +++ b/packaging/distribution/src/main/resources/keystore/metadata-keystore/keystore-passwords.properties @@ -0,0 +1,10 @@ +# This file and the keystore is deprecated +# Please generate a new keystore for new systems and use JVM properties for it's configuration + +aliases=metadata +# The password protecting the keystore entries +keystore.password=mp6yc0UD9e +# The password protecting the alias: metadata +metadata.keyData= +metadata.algorithm=DESede +metadata.password=oKIWzVdEdA \ No newline at end of file diff --git a/packaging/distribution/src/main/resources/keystore/readme.txt b/packaging/distribution/src/main/resources/keystore/readme.txt new file mode 100644 index 0000000000..fbc76233aa --- /dev/null +++ b/packaging/distribution/src/main/resources/keystore/readme.txt @@ -0,0 +1,7 @@ +See https://wiki.alfresco.com/wiki/Data_Encryption and https://wiki.alfresco.com/wiki/Alfresco_And_SOLR. + +keystore is the secret key keystore, containing the secret key used to encrypt and decrypt node properties. +ssl.keystore is the repository keystore, containing the repository private/public key pair and certificate. +ssl.truststore is the repository truststore, containing certificates that the repository trusts. + +browser.p12 is a pkcs12 keystore generated from ssl.keystore that contains the repository private key and certificate for use in browsers such as Firefox. \ No newline at end of file diff --git a/packaging/docker-alfresco/Dockerfile b/packaging/docker-alfresco/Dockerfile index fbde104bc6..ad3546211b 100644 --- a/packaging/docker-alfresco/Dockerfile +++ b/packaging/docker-alfresco/Dockerfile @@ -19,6 +19,8 @@ ARG TOMCAT_DIR=/usr/local/tomcat RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes && \ mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/renditions && \ mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/pipelines && \ + mkdir /licenses && \ + mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/keystore && \ mkdir ${TOMCAT_DIR}/alfresco-mmt && \ touch ${TOMCAT_DIR}/shared/classes/alfresco-global.properties @@ -27,11 +29,12 @@ RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes && \ # Copy the JDBC drivers for the database you are using to the lib/ directory. # Copy the alfresco-mmt.jar # Copy Licenses to the root of the Docker image -RUN mkdir /licenses -COPY ${resource_path}/licenses/ /licenses/ +# Copy default keystore COPY ${resource_path}/war ${TOMCAT_DIR}/webapps COPY ${resource_path}/connector/* ${TOMCAT_DIR}/lib/ COPY ${resource_path}/alfresco-mmt/* ${TOMCAT_DIR}/alfresco-mmt/ +COPY ${resource_path}/dependency/licenses/ /licenses/ +COPY ${resource_path}/dependency/keystore/metadata-keystore ${TOMCAT_DIR}/shared/classes/alfresco/extension/keystore/ # Change the value of the shared.loader= property to the following: # shared.loader=${catalina.base}/shared/classes @@ -70,13 +73,6 @@ RUN yum install -y fontconfig-2.13.0-4.3.el7 \ dejavu-sans-fonts-2.33-6.el7 && \ yum clean all -# Generate default keystore. Please generate a new one for production systems -ARG CERT_DNAME="CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" -ARG CERT_VALIDITY=36525 -ARG KEYSTORE_PASSWORD=mp6yc0UD9e -RUN mkdir ${TOMCAT_DIR}/shared/classes/alfresco/keystore && \ - keytool -genseckey -dname "$CERT_DNAME" -validity ${CERT_VALIDITY} -alias metadata -keyalg AES -keysize 256 -keystore ${TOMCAT_DIR}/shared/classes/alfresco/keystore/keystore -storetype pkcs12 -storepass ${KEYSTORE_PASSWORD} - # The standard configuration is to have all Tomcat files owned by root with group GROUPNAME and whilst owner has read/write privileges, # group only has restricted permissions and world has no permissions. RUN mkdir -p ${TOMCAT_DIR}/conf/Catalina/localhost && \ diff --git a/packaging/docker-alfresco/pom.xml b/packaging/docker-alfresco/pom.xml index 6ac663c0d1..d24b9d0e37 100644 --- a/packaging/docker-alfresco/pom.xml +++ b/packaging/docker-alfresco/pom.xml @@ -16,29 +16,6 @@ - - org.apache.maven.plugins - maven-resources-plugin - - - copy-licenses - process-resources - - copy-resources - - - - - - ../distribution/src/main/resources/licenses - false - - - ${project.build.directory}/licenses - - - - org.apache.maven.plugins maven-dependency-plugin @@ -126,6 +103,24 @@ + + + unpack-licenses-and-keystore + process-resources + + unpack + + + + + org.alfresco + alfresco-community-repo-distribution + jar + ${project.version} + + + + diff --git a/packaging/pom.xml b/packaging/pom.xml index 2c216dc77f..bb2c2dea06 100644 --- a/packaging/pom.xml +++ b/packaging/pom.xml @@ -18,6 +18,7 @@ war + distribution docker-alfresco @@ -25,18 +26,21 @@ community war + distribution communityDocker war + distribution docker-alfresco all-tas-tests + distribution tests diff --git a/packaging/tests/environment/docker-compose-minimal+transforms.yml b/packaging/tests/environment/docker-compose-minimal+transforms.yml index 30dfa8f706..f524927a29 100644 --- a/packaging/tests/environment/docker-compose-minimal+transforms.yml +++ b/packaging/tests/environment/docker-compose-minimal+transforms.yml @@ -10,6 +10,16 @@ services: image: alfresco/alfresco-community-repo-base:latest environment: CATALINA_OPTS : "-agentlib:jdwp=transport=dt_socket,address=*:8000,server=y,suspend=n" + JAVA_TOOL_OPTIONS: " + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.password=mp6yc0UD9e + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.password=oKIWzVdEdA + -Dmetadata-keystore.metadata.algorithm=DESede + " JAVA_OPTS : " -Ddb.driver=org.postgresql.Driver @@ -39,10 +49,6 @@ services: -Dftp.port=1221 -Dcors.enabled=true -Dcors.allowed.origins=http://localhost:4200,http://localhost:8080 - -Dmetadata-keystore.password=mp6yc0UD9e - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.password=mp6yc0UD9e - -Dmetadata-keystore.metadata.algorithm=AES " ports: - 8082:8080 diff --git a/packaging/tests/environment/docker-compose-minimal.yml b/packaging/tests/environment/docker-compose-minimal.yml index cb746e94b1..53e45f19b5 100644 --- a/packaging/tests/environment/docker-compose-minimal.yml +++ b/packaging/tests/environment/docker-compose-minimal.yml @@ -10,6 +10,16 @@ services: image: alfresco/alfresco-community-repo-base:latest environment: CATALINA_OPTS : "-agentlib:jdwp=transport=dt_socket,address=*:8000,server=y,suspend=n" + JAVA_TOOL_OPTIONS: " + -Dencryption.keystore.type=JCEKS + -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding + -Dencryption.keyAlgorithm=DESede + -Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore + -Dmetadata-keystore.password=mp6yc0UD9e + -Dmetadata-keystore.aliases=metadata + -Dmetadata-keystore.metadata.password=oKIWzVdEdA + -Dmetadata-keystore.metadata.algorithm=DESede + " JAVA_OPTS : " -Ddb.driver=org.postgresql.Driver @@ -35,10 +45,6 @@ services: -Dftp.port=1221 -Dcors.enabled=true -Dcors.allowed.origins=http://localhost:4200,http://localhost:8080 - -Dmetadata-keystore.password=mp6yc0UD9e - -Dmetadata-keystore.aliases=metadata - -Dmetadata-keystore.metadata.password=mp6yc0UD9e - -Dmetadata-keystore.metadata.algorithm=AES " ports: - 8082:8080 @@ -53,6 +59,8 @@ services: - POSTGRES_PASSWORD=alfresco - POSTGRES_USER=alfresco - POSTGRES_DB=alfresco + ports: + - 5432:5432 solr6: image: alfresco/alfresco-search-services:${SOLR6_TAG} diff --git a/repository/src/main/resources/alfresco/repository.properties b/repository/src/main/resources/alfresco/repository.properties index 1323a331ce..773f76d83b 100644 --- a/repository/src/main/resources/alfresco/repository.properties +++ b/repository/src/main/resources/alfresco/repository.properties @@ -1,1335 +1,1335 @@ -# Repository configuration - -repository.name=Main Repository - -# Schema number -version.schema=14001 - -# Directory configuration - -dir.root=./alf_data - -dir.contentstore=${dir.root}/contentstore -dir.contentstore.deleted=${dir.root}/contentstore.deleted -dir.contentstore.bucketsPerMinute=0 - -# ContentStore subsystem: default choice -filecontentstore.subsystem.name=unencryptedContentStore - -# The location of cached content -dir.cachedcontent=${dir.root}/cachedcontent - -# The value for the maximum permitted size in bytes of all content. -# No value (or a negative long) will be taken to mean that no limit should be applied. -# See content-services-context.xml -system.content.maximumFileSizeLimit= - -# -# The server mode. Set value in alfresco-global.properties -# UNKNOWN | TEST | BACKUP | PRODUCTION -# -system.serverMode=UNKNOWN - -# The location for lucene index files -dir.indexes=${dir.root}/lucene-indexes - -# The location for index backups -dir.indexes.backup=${dir.root}/backup-lucene-indexes - -# The location for lucene index locks -dir.indexes.lock=${dir.indexes}/locks - -#Directory to find external license -dir.license.external=. -# Spring resource location of external license files -location.license.external=file://${dir.license.external}/*.lic -# Spring resource location of embedded license files -location.license.embedded=/WEB-INF/alfresco/license/*.lic -# Spring resource location of license files on shared classpath -location.license.shared=classpath*:/alfresco/extension/license/*.lic - -# WebDAV initialization properties -system.webdav.servlet.enabled=true -system.webdav.url.path.prefix= -system.webdav.storeName=${protocols.storeName} -system.webdav.rootPath=${protocols.rootPath} -# File name patterns that trigger rename shuffle detection -# pattern is used by move - tested against full path after it has been lower cased. -system.webdav.renameShufflePattern=(.*/\\..*)|(.*[a-f0-9]{8}+$)|(.*\\.tmp$)|(.*atmp[0-9]+$)|(.*\\.wbk$)|(.*\\.bak$)|(.*\\~$)|(.*backup.*\\.do[ct]{1}[x]?[m]?$)|(.*\\.sb\\-\\w{8}\\-\\w{6}$) -system.webdav.activities.enabled=false - - -system.workflow.jbpm.comment.property.max.length=-1 -system.workflow.comment.property.max.length=4000 - -#Determines if Activiti definitions are visible -system.workflow.engine.activiti.definitions.visible=true - - -# Determines if the Activiti engine is enabled -system.workflow.engine.activiti.enabled=true -system.workflow.engine.activiti.idblocksize=100 -system.workflow.engine.activiti.taskvariableslimit=20000 - -# Determines if the workflows that are deployed to the activiti engine should -# be deployed in the tenant-context of the thread IF the tenant-service is enabled -# If set to false, all workflows deployed will be shared among tenants. Recommended -# setting is true unless there is a good reason to not allow deploy tenant-specific -# worklfows when a MT-environment is set up. -system.workflow.deployWorkflowsInTenant=true -#Determines if historic process instance are retained in case of canceling a process instance -system.workflow.engine.activiti.retentionHistoricProcessInstance=false - -# The maximum number of groups to check for pooled tasks. For performance -# reasons, this is limited to 500 by default. -system.workflow.maxAuthoritiesForPooledTasks=500 - -# The maximum number of pooled tasks to return in a query. It may be necessary -# to limit this depending on UI limitations. -system.workflow.maxPooledTasks=-1 - -# The maximum number of reviewers for "Group Review and Approve" workflow. -# Use '0' for unlimited. -system.workflow.maxGroupReviewers=0 - -index.subsystem.name=noindex - -# ######################################### # -# Index Tracking Configuration # -# ######################################### # -# -# Index tracking information of a certain age is cleaned out by a scheduled job. -# Any clustered system that has been offline for longer than this period will need to be seeded -# with a more recent backup of the Lucene indexes or the indexes will have to be fully rebuilt. -# Use -1 to disable purging. This can be switched on at any stage. -index.tracking.minRecordPurgeAgeDays=30 -# Unused transactions will be purged in chunks determined by commit time boundaries. 'index.tracking.purgeSize' specifies the size -# of the chunk (in ms). Default is a couple of hours. -index.tracking.purgeSize=7200000 - -# Change the failure behaviour of the configuration checker -system.bootstrap.config_check.strict=true - - -# -# How long should shutdown wait to complete normally before -# taking stronger action and calling System.exit() -# in ms, 10,000 is 10 seconds -# -shutdown.backstop.timeout=10000 -shutdown.backstop.enabled=false - -# Server Single User Mode -# note: -# only allow named user (note: if blank or not set then will allow all users) -# assuming maxusers is not set to 0 -#server.singleuseronly.name=admin - -# Server Max Users - limit number of users with non-expired tickets -# note: -# -1 allows any number of users, assuming not in single-user mode -# 0 prevents further logins, including the ability to enter single-user mode -server.maxusers=-1 - -# -# Disable all shared caches (mutable and immutable) -# These properties are used for diagnostic purposes -system.cache.disableMutableSharedCaches=false -system.cache.disableImmutableSharedCaches=false - -# The maximum capacity of the parent assocs cache (the number of nodes whose parents can be cached) -system.cache.parentAssocs.maxSize=130000 - -# The average number of parents expected per cache entry. This parameter is multiplied by the above -# value to compute a limit on the total number of cached parents, which will be proportional to the -# cache's memory usage. The cache will be pruned when this limit is exceeded to avoid excessive -# memory usage. -system.cache.parentAssocs.limitFactor=8 - -# -# Properties to limit resources spent on individual searches -# -# The maximum time spent pruning results -system.acl.maxPermissionCheckTimeMillis=10000 -# The maximum number of search results to perform permission checks against -system.acl.maxPermissionChecks=1000 - -# The maximum number of filefolder list results -system.filefolderservice.defaultListMaxResults=5000 -# DEPRECATED: Use 'system.auditableData.preserve' -system.preserve.modificationData=false -# The default to preserve all cm:auditable data on a node when the process is not directly driven by a user action -system.auditableData.preserve=${system.preserve.modificationData} -# Specific control of how the FileFolderService treats cm:auditable data when performing moves -system.auditableData.FileFolderService=${system.auditableData.preserve} -# Specific control of whether ACL changes on a node trigger the cm:auditable aspect -system.auditableData.ACLs=${system.auditableData.preserve} - -# Properties to control read permission evaluation for acegi -system.readpermissions.optimise=true -system.readpermissions.bulkfetchsize=1000 - -# -# Manually control how the system handles maximum string lengths. -# Any zero or negative value is ignored. -# Only change this after consulting support or reading the appropriate Javadocs for -# org.alfresco.repo.domain.schema.SchemaBootstrap for V2.1.2. -# Before database migration, the string value storage may need to be adjusted using the scheduled job -system.maximumStringLength=-1 -system.maximumStringLength.jobCronExpression=* * * * * ? 2099 -system.maximumStringLength.jobQueryRange=10000 -system.maximumStringLength.jobThreadCount=4 - -# -# Limit hibernate session size by trying to amalgamate events for the L2 session invalidation -# - hibernate works as is up to this size -# - after the limit is hit events that can be grouped invalidate the L2 cache by type and not instance -# events may not group if there are post action listener registered (this is not the case with the default distribution) -system.hibernateMaxExecutions=20000 - -# -# Determine if modification timestamp propagation from child to parent nodes is respected or not. -# Even if 'true', the functionality is only supported for child associations that declare the -# 'propagateTimestamps' element in the dictionary definition. -system.enableTimestampPropagation=true - -# -# Enable system model integrity checking. -# WARNING: Changing this is unsupported; bugs may corrupt data -system.integrity.enabled=true -# Do integrity violations fail transactions -# WARNING: Changing this is unsupported; bugs may corrupt data -system.integrity.failOnViolation=true -# The number of errors to report when violations are detected -system.integrity.maxErrorsPerTransaction=5 -# Add call stacks to integrity events so that errors are logged with possible causes -# WARNING: This is expensive and should only be switched on for diagnostic purposes -system.integrity.trace=false - -# -# Decide if content should be removed from the system immediately after being orphaned. -# Do not change this unless you have examined the impact it has on your backup procedures. -system.content.eagerOrphanCleanup=false -# The number of days to keep orphaned content in the content stores. -# This has no effect on the 'deleted' content stores, which are not automatically emptied. -system.content.orphanProtectDays=14 -# The action to take when a store or stores fails to delete orphaned content -# IGNORE: Just log a warning. The binary remains and the record is expunged -# KEEP_URL: Log a warning and create a URL entry with orphan time 0. It won't be processed or removed. -system.content.deletionFailureAction=IGNORE -# The CRON expression to trigger the deletion of resources associated with orphaned content. -system.content.orphanCleanup.cronExpression=0 0 4 * * ? - -# #################### # -# Lucene configuration # -# #################### # -# -# Millisecond threshold for text transformations -# Slower transformers will force the text extraction to be asynchronous -# -lucene.maxAtomicTransformationTime=100 -# -# The maximum number of clauses that are allowed in a lucene query -# -lucene.query.maxClauses=10000 -# -# The size of the queue of nodes waiting for index -# Events are generated as nodes are changed, this is the maximum size of the queue used to coalesce event -# When this size is reached the lists of nodes will be indexed -# -# http://issues.alfresco.com/browse/AR-1280: Setting this high is the workaround as of 1.4.3. -# -lucene.indexer.batchSize=1000000 -fts.indexer.batchSize=1000 -# -# Index cache sizes -# -lucene.indexer.cacheEnabled=true -lucene.indexer.maxDocIdCacheSize=100000 -lucene.indexer.maxDocumentCacheSize=100 -lucene.indexer.maxIsCategoryCacheSize=-1 -lucene.indexer.maxLinkAspectCacheSize=10000 -lucene.indexer.maxParentCacheSize=100000 -lucene.indexer.maxPathCacheSize=100000 -lucene.indexer.maxTypeCacheSize=10000 -# -# Properties for merge (not this does not affect the final index segment which will be optimised) -# Max merge docs only applies to the merge process not the resulting index which will be optimised. -# -lucene.indexer.mergerMaxMergeDocs=1000000 -lucene.indexer.mergerMergeFactor=5 -lucene.indexer.mergerMaxBufferedDocs=-1 -lucene.indexer.mergerRamBufferSizeMb=16 -# -# Properties for delta indexes (not this does not affect the final index segment which will be optimised) -# Max merge docs only applies to the index building process not the resulting index which will be optimised. -# -lucene.indexer.writerMaxMergeDocs=1000000 -lucene.indexer.writerMergeFactor=5 -lucene.indexer.writerMaxBufferedDocs=-1 -lucene.indexer.writerRamBufferSizeMb=16 -# -# Target number of indexes and deltas in the overall index and what index size to merge in memory -# -lucene.indexer.mergerTargetIndexCount=8 -lucene.indexer.mergerTargetOverlayCount=5 -lucene.indexer.mergerTargetOverlaysBlockingFactor=2 -lucene.indexer.maxDocsForInMemoryMerge=60000 -lucene.indexer.maxRamInMbForInMemoryMerge=16 -lucene.indexer.maxDocsForInMemoryIndex=60000 -lucene.indexer.maxRamInMbForInMemoryIndex=16 -# -# Other lucene properties -# -lucene.indexer.termIndexInterval=128 -lucene.indexer.useNioMemoryMapping=true -# over-ride to false for pre 3.0 behaviour -lucene.indexer.postSortDateTime=true -lucene.indexer.defaultMLIndexAnalysisMode=EXACT_LANGUAGE_AND_ALL -lucene.indexer.defaultMLSearchAnalysisMode=EXACT_LANGUAGE_AND_ALL -# -# The number of terms from a document that will be indexed -# -lucene.indexer.maxFieldLength=10000 - -# Should we use a 'fair' locking policy, giving queue-like access behaviour to -# the indexes and avoiding starvation of waiting writers? Set to false on old -# JVMs where this appears to cause deadlock -lucene.indexer.fairLocking=true - -# -# Index locks (mostly deprecated and will be tidied up with the next lucene upgrade) -# -lucene.write.lock.timeout=10000 -lucene.commit.lock.timeout=100000 -lucene.lock.poll.interval=100 - -lucene.indexer.useInMemorySort=true -lucene.indexer.maxRawResultSetSizeForInMemorySort=1000 -lucene.indexer.contentIndexingEnabled=true - -index.backup.cronExpression=0 0 3 * * ? - -lucene.defaultAnalyserResourceBundleName=alfresco/model/dataTypeAnalyzers - - -# When transforming archive files (.zip etc) into text representations (such as -# for full text indexing), should the files within the archive be processed too? -# If enabled, transformation takes longer, but searches of the files find more. -transformer.Archive.includeContents=false - -# Database configuration -db.schema.name= -db.schema.stopAfterSchemaBootstrap=false -db.schema.update=true -db.schema.update.lockRetryCount=24 -db.schema.update.lockRetryWaitSeconds=5 -db.driver=org.gjt.mm.mysql.Driver -db.name=alfresco -db.url=jdbc:mysql:///${db.name} -db.username=alfresco -db.password=alfresco -db.pool.initial=10 -db.pool.max=275 -db.txn.isolation=-1 -db.pool.statements.enable=true -db.pool.statements.max=40 -db.pool.min=10 -db.pool.idle=10 -db.pool.wait.max=5000 - -db.pool.validate.query= -db.pool.evict.interval=600000 -db.pool.evict.idle.min=1800000 -# -# note: for 'db.pool.evict.num.tests' see http://commons.apache.org/dbcp/configuration.html (numTestsPerEvictionRun) -# and also following extract from "org.apache.commons.pool.impl.GenericKeyedObjectPool" (1.5.5) -# -# * The number of objects to examine during each run of the idle object evictor thread (if any). -# * When a negative value is supplied, ceil({@link #getNumIdle})/abs({@link #getNumTestsPerEvictionRun}) -# * tests will be run. I.e., when the value is -n, roughly one nth of the -# * idle objects will be tested per run. -# -db.pool.evict.num.tests=-1 - -db.pool.evict.validate=false -db.pool.validate.borrow=true -db.pool.validate.return=false - -db.pool.abandoned.detect=false -db.pool.abandoned.time=300 -# -# db.pool.abandoned.log=true (logAbandoned) adds overhead (http://commons.apache.org/dbcp/configuration.html) -# and also requires db.pool.abandoned.detect=true (removeAbandoned) -# -db.pool.abandoned.log=false - - -# Audit configuration -audit.enabled=true -audit.tagging.enabled=true -audit.alfresco-access.enabled=false -audit.alfresco-access.sub-actions.enabled=false -audit.cmischangelog.enabled=false -audit.dod5015.enabled=false -# Setting this flag to true will force startup failure when invalid audit configurations are detected -audit.config.strict=false -# Audit map filter for AccessAuditor - restricts recorded events to user driven events -audit.filter.alfresco-access.default.enabled=false -audit.filter.alfresco-access.transaction.user=~System;~null;.* -audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site -audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.* - - -# System Configuration -system.store=system://system -system.descriptor.childname=sys:descriptor -system.descriptor.current.childname=sys:descriptor-current - -# User config -alfresco_user_store.store=user://alfrescoUserStore -alfresco_user_store.system_container.childname=sys:system -alfresco_user_store.user_container.childname=sys:people - -# note: default admin username - should not be changed after installation -alfresco_user_store.adminusername=admin - -# Initial password - editing this will not have any effect once the repository is installed -alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634 - -# note: default guest username - should not be changed after installation -alfresco_user_store.guestusername=guest - -# Used to move home folders to a new location -home_folder_provider_synchronizer.enabled=false -home_folder_provider_synchronizer.override_provider= -home_folder_provider_synchronizer.keep_empty_parents=false - -# Spaces Archive Configuration -spaces.archive.store=archive://SpacesStore - -# Spaces Configuration -spaces.store=workspace://SpacesStore -spaces.company_home.childname=app:company_home -spaces.guest_home.childname=app:guest_home -spaces.dictionary.childname=app:dictionary -spaces.templates.childname=app:space_templates -spaces.imap_attachments.childname=cm:Imap Attachments -spaces.imap_home.childname=cm:Imap Home -spaces.imapConfig.childname=app:imap_configs -spaces.imap_templates.childname=app:imap_templates -spaces.scheduled_actions.childname=cm:Scheduled Actions -spaces.emailActions.childname=app:email_actions -spaces.searchAction.childname=cm:search -spaces.templates.content.childname=app:content_templates -spaces.templates.email.childname=app:email_templates -spaces.templates.email.invite1.childname=app:invite_email_templates -spaces.templates.email.notify.childname=app:notify_email_templates -spaces.templates.email.following.childname=app:following -spaces.templates.rss.childname=app:rss_templates -spaces.savedsearches.childname=app:saved_searches -spaces.scripts.childname=app:scripts -spaces.content_forms.childname=app:forms -spaces.user_homes.childname=app:user_homes -spaces.user_homes.regex.key=userName -spaces.user_homes.regex.pattern= -spaces.user_homes.regex.group_order= -spaces.sites.childname=st:sites -spaces.templates.email.invite.childname=cm:invite -spaces.templates.email.activities.childname=cm:activities -spaces.rendition.rendering_actions.childname=app:rendering_actions -spaces.replication.replication_actions.childname=app:replication_actions -spaces.transfers.childname=app:transfers -spaces.transfer_groups.childname=app:transfer_groups -spaces.transfer_temp.childname=app:temp -spaces.inbound_transfer_records.childname=app:inbound_transfer_records -spaces.webscripts.childname=cm:webscripts -spaces.extension_webscripts.childname=cm:extensionwebscripts -spaces.models.childname=app:models -spaces.workflow.definitions.childname=app:workflow_defs -spaces.templates.email.workflowemailnotification.childname=cm:workflownotification -spaces.nodetemplates.childname=app:node_templates -spaces.shared.childname=app:shared -spaces.solr_facets.root.childname=srft:facets -spaces.smartfolders.childname=app:smart_folders -spaces.smartdownloads.childname=app:smart_downloads -spaces.transfer_summary_report.location=/${spaces.company_home.childname}/${spaces.dictionary.childname}/${spaces.transfers.childname}/${spaces.inbound_transfer_records.childname} -spaces.quickshare.link_expiry_actions.childname=app:quick_share_link_expiry_actions - - -# ADM VersionStore Configuration -version.store.initialVersion=true -version.store.enableAutoVersioning=true -version.store.enableAutoVersionOnUpdateProps=false -version.store.deprecated.lightWeightVersionStore=workspace://lightWeightVersionStore -version.store.version2Store=workspace://version2Store - -# Optional Comparator class name to sort versions. -# Set to: org.alfresco.repo.version.common.VersionLabelComparator -# if upgrading from a version that used unordered sequences in a cluster. -version.store.versionComparatorClass= - -# Folders for storing people -system.system_container.childname=sys:system -system.people_container.childname=sys:people -system.authorities_container.childname=sys:authorities -system.zones_container.childname=sys:zones - -# Folders for storing workflow related info -system.workflow_container.childname=sys:workflow - -# Folder for storing shared remote credentials -system.remote_credentials_container.childname=sys:remote_credentials - -# Folder for storing syncset definitions -system.syncset_definition_container.childname=sys:syncset_definitions - -# Folder for storing download archives -system.downloads_container.childname=sys:downloads - -# Folder for storing IdP's certificate definitions -system.certificate_container.childname=sys:samlcertificate - -# Are user names case sensitive? -user.name.caseSensitive=false -domain.name.caseSensitive=false -domain.separator= - -#Format caption extracted from the XML Schema. -xforms.formatCaption=true - -# ECM content usages/quotas -system.usages.enabled=false -system.usages.clearBatchSize=0 -system.usages.updateBatchSize=50 - -# Repository endpoint - used by Activity Service -repo.remote.endpoint=/service - -# Some authentication mechanisms may need to create people -# in the repository on demand. This enables that feature. -# If disabled an error will be generated for missing -# people. If enabled then a person will be created and -# persisted. -create.missing.people=${server.transaction.allow-writes} - -# Create home folders (unless disabled, see next property) as people are created (true) or create them lazily (false) -home.folder.creation.eager=true -# Disable home folder creation - if true then home folders are not created (neither eagerly nor lazily) -home.folder.creation.disabled=false - -# Should we consider zero byte content to be the same as no content when firing -# content update policies? Prevents 'premature' firing of inbound content rules -# for some clients such as Mac OS X Finder -policy.content.update.ignoreEmpty=true - -# Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'. -# This allows connections to JMX both remotely and locally. -# -alfresco.rmi.services.port=50500 -alfresco.rmi.services.external.host=localhost -alfresco.rmi.services.host=0.0.0.0 - -# If the RMI address is in-use, how many retries should be done before aborting -# Default value of alfresco.rmi.services.retries is 0 which means 'Don't retry if the address is in-use' -alfresco.rmi.services.retries=4 -# How long in milliseconds to wait after a failed server socket bind, before retrying -alfresco.rmi.services.retryInterval=250 - -# RMI service ports for the individual services. -# These eight services are available remotely. -# -# Assign individual ports for each service for best performance -# or run several services on the same port, you can even run everything on 50500 if -# running through a firewall. -# -# Specify 0 to use a random unused port. -# -monitor.rmi.service.port=50508 - -# -# enable or disable individual RMI services -# -monitor.rmi.service.enabled=false - - -# Should the Mbean server bind to an existing server. Set to true for most application servers. -# false for WebSphere clusters. -mbean.server.locateExistingServerIfPossible=true - -# External executable locations -img.root=./ImageMagick -img.dyn=${img.root}/lib -img.exe=${img.root}/bin/convert - -# Legacy imageMagick transformer url to T-Engine to service transform requests via http. Disabled by default. -img.url= - -# When img.url is set, this value indicates the amount of time to wait after a connection failure -# before retrying the connection to allow a docker container to (re)start. -img.startupRetryPeriodSeconds=60 - -# Rendition Service 2 -renditionService2.enabled=true - -# Thumbnail Service -system.thumbnail.generate=true - -# Default thumbnail limits -# When creating thumbnails, only use the first pageLimit pages -system.thumbnail.definition.default.timeoutMs=-1 -system.thumbnail.definition.default.readLimitTimeMs=-1 -system.thumbnail.definition.default.maxSourceSizeKBytes=-1 -system.thumbnail.definition.default.readLimitKBytes=-1 -system.thumbnail.definition.default.pageLimit=1 -system.thumbnail.definition.default.maxPages=-1 - -# Max mimetype sizes to create thumbnail icons -system.thumbnail.mimetype.maxSourceSizeKBytes.pdf=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.txt=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.docx=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.xlsx=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.pptx=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.odt=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.ods=-1 -system.thumbnail.mimetype.maxSourceSizeKBytes.odp=-1 - -# Configuration for handling of failing thumbnails. -# See NodeEligibleForRethumbnailingEvaluator's javadoc for details. -# -# Retry periods limit the frequency with which the repository will attempt to create Share thumbnails -# for content nodes which have previously failed in their thumbnail attempts. -# These periods are in seconds. -# -# 604800s = 60s * 60m * 24h * 7d = 1 week -system.thumbnail.retryPeriod=60 -system.thumbnail.retryCount=2 -system.thumbnail.quietPeriod=604800 -system.thumbnail.quietPeriodRetriesEnabled=true -system.thumbnail.redeployStaticDefsOnStartup=true - -# The default timeout for metadata mapping extracters -content.metadataExtracter.default.timeoutMs=20000 - -# Legacy tika and misc transformer url to T-Engines to service transform requests via http. Disabled by default. -tika.url= -transform.misc.url= - -# When the legacy tika and misc transformer .url is set, this value indicates the amount of time to wait after a connection failure -# before retrying the connection to allow a docker container to (re)start. -tika.startupRetryPeriodSeconds=60 -transform.misc.startupRetryPeriodSeconds=60 - -# Local transformer urls to T-engines to service transform requests via http. Enabled by default. -localTransform.core-aio.url=http://localhost:8090/ - -# When a local transformer .url is set, this value indicates the amount of time to wait after a connection failure -# before retrying the connection to allow a docker container to (re)start. -localTransform.core-aio.startupRetryPeriodSeconds=60 - -# -content.metadataExtracter.pdf.maxDocumentSizeMB=10 -content.metadataExtracter.pdf.maxConcurrentExtractionsCount=5 - -# The default overwrite policy for PdfBoxMetadataExtracter -content.metadataExtracter.pdf.overwritePolicy=PRAGMATIC - -#True if bookmarks content should be extracted for PDFBox -content.transformer.PdfBox.extractBookmarksText=true - -# Property to enable upgrade from 2.1-A -V2.1-A.fixes.to.schema=0 -#V2.1-A.fixes.to.schema=82 - -# The default authentication chain -authentication.chain=alfrescoNtlm1:alfrescoNtlm - -# Do authentication tickets expire or live for ever? -authentication.ticket.ticketsExpire=true - -# If ticketsEpire is true then how they should expire? -# Valid values are: AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE -# The default is AFTER_FIXED_TIME -authentication.ticket.expiryMode=AFTER_INACTIVITY - -# If authentication.ticket.ticketsExpire is true and -# authentication.ticket.expiryMode is AFTER_FIXED_TIME or AFTER_INACTIVITY, -# this controls the minimum period for which tickets are valid. -# The default is PT1H for one hour. -authentication.ticket.validDuration=PT1H - -# Use one ticket for all user sessions -# For the pre 4.2 behaviour of one ticket per session set this to false. -authentication.ticket.useSingleTicketPerUser=true - -authentication.alwaysAllowBasicAuthForAdminConsole.enabled=true -authentication.getRemoteUserTimeoutMilliseconds=10000 - -# FTP access -ftp.enabled=false - -# Default root path for protocols -protocols.storeName=${spaces.store} -protocols.rootPath=/${spaces.company_home.childname} - -# OpenCMIS -opencmis.connector.default.store=${spaces.store} -opencmis.connector.default.rootPath=/${spaces.company_home.childname} -opencmis.connector.default.typesDefaultMaxItems=500 -opencmis.connector.default.typesDefaultDepth=-1 -opencmis.connector.default.objectsDefaultMaxItems=10000 -opencmis.connector.default.objectsDefaultDepth=100 -opencmis.connector.default.contentChangesDefaultMaxItems=10000 -opencmis.connector.default.openHttpSession=false -opencmis.activities.enabled=true -opencmis.bulkUpdateProperties.maxItemsSize=1000 -opencmis.bulkUpdateProperties.batchSize=20 -opencmis.bulkUpdateProperties.workerThreads=2 -opencmis.maxContentSizeMB=4096 -opencmis.memoryThresholdKB=4096 - -# URL generation overrides - -# if true, the context path of OpenCMIS generated urls will be set to "opencmis.context.value", otherwise it will be taken from the request url -opencmis.context.override=false -opencmis.context.value= -# if true, the servlet path of OpenCMIS generated urls will be set to "opencmis.servletpath.value", otherwise it will be taken from the request url -opencmis.servletpath.override=false -opencmis.servletpath.value= -opencmis.server.override=false -opencmis.server.value= - -# IMAP -imap.server.enabled=false -imap.server.port=143 -imap.server.attachments.extraction.enabled=true - -# Default IMAP mount points -imap.config.home.store=${spaces.store} -imap.config.home.rootPath=/${spaces.company_home.childname} -imap.config.home.folderPath=${spaces.imap_home.childname} -imap.config.server.mountPoints=AlfrescoIMAP -imap.config.server.mountPoints.default.mountPointName=IMAP -imap.config.server.mountPoints.default.modeName=ARCHIVE -imap.config.server.mountPoints.default.store=${spaces.store} -imap.config.server.mountPoints.default.rootPath=${protocols.rootPath} -imap.config.server.mountPoints.value.AlfrescoIMAP.mountPointName=Alfresco IMAP -imap.config.server.mountPoints.value.AlfrescoIMAP.modeName=MIXED - -#Imap extraction settings -#imap.attachments.mode: -# SEPARATE -- All attachments for each email will be extracted to separate folder. -# COMMON -- All attachments for all emails will be extracted to one folder. -# SAME -- Attachments will be extracted to the same folder where email lies. -imap.attachments.mode=SEPARATE -imap.attachments.folder.store=${spaces.store} -imap.attachments.folder.rootPath=/${spaces.company_home.childname} -imap.attachments.folder.folderPath=${spaces.imap_attachments.childname} - -# Activities Feed - refer to subsystem - -# Feed max ID range to limit maximum number of entries -activities.feed.max.idRange=1000000 -# Feed max size (number of entries) -activities.feed.max.size=200 -# Feed max age (eg. 44640 mins => 31 days) -activities.feed.max.ageMins=44640 - -activities.feed.generator.jsonFormatOnly=true -activities.feed.fetchBatchSize=250 -activities.feedNotifier.batchSize=200 -activities.feedNotifier.numThreads=2 - -# Subsystem unit test values. Will not have any effect on production servers -subsystems.test.beanProp.default.longProperty=123456789123456789 -subsystems.test.beanProp.default.anotherStringProperty=Global Default -subsystems.test.beanProp=inst1,inst2,inst3 -subsystems.test.beanProp.value.inst2.boolProperty=true -subsystems.test.beanProp.value.inst3.anotherStringProperty=Global Instance Default -subsystems.test.simpleProp2=true -subsystems.test.simpleProp3=Global Default3 - -# Default Async Action Thread Pool -default.async.action.threadPriority=1 -default.async.action.corePoolSize=8 -default.async.action.maximumPoolSize=20 - -# Deployment Service -deployment.service.numberOfSendingThreads=5 -deployment.service.corePoolSize=2 -deployment.service.maximumPoolSize=3 -deployment.service.threadPriority=5 -# How long to wait in mS before refreshing a target lock - detects shutdown servers -deployment.service.targetLockRefreshTime=60000 -# How long to wait in mS from the last communication before deciding that deployment has failed, possibly -# the destination is no longer available? -deployment.service.targetLockTimeout=3600000 -# Deployment method used to deploy this Alfresco instance (DEFAULT, INSTALLER, DOCKER_COMPOSE, HELM_CHART, ZIP, QUICK_START) -deployment.method=DEFAULT - -#Invitation Service -# Should send emails as part of invitation process. -notification.email.siteinvite=true -# Moderated invite Activiti workflow -site.invite.moderated.workflowId=activiti$activitiInvitationModerated -# Add intneral users Activiti workflow (use activiti$activitiInvitationNominated to revert to requiring accept of invite for internal users) -site.invite.nominated.workflowId=activiti$activitiInvitationNominatedAddDirect -# Add external users Activiti workflow -site.invite.nominatedExternal.workflowId=activiti$activitiInvitationNominated - -# Replication Service -replication.enabled=false - -# Transfer Service -transferservice.receiver.enabled=false -transferservice.receiver.stagingDir=${java.io.tmpdir}/alfresco-transfer-staging -# -# How long to wait in mS before refreshing a transfer lock - detects shutdown servers -# Default 1 minute. -transferservice.receiver.lockRefreshTime=60000 -# -# How many times to attempt retry the transfer lock -transferservice.receiver.lockRetryCount=3 -# How long to wait, in mS, before retrying the transfer lock -transferservice.receiver.lockRetryWait=100 -# -# How long to wait, in mS, since the last contact with from the client before -# timing out a transfer. Needs to be long enough to cope with network delays and "thinking -# time" for both source and destination. Default 5 minutes. -transferservice.receiver.lockTimeOut=300000 - -# OrphanReaper -orphanReaper.lockRefreshTime=60000 -orphanReaper.lockTimeOut=3600000 - - -# security -security.anyDenyDenies=true -# Whether to post-process denies. Only applies to solr4+ when anyDenyDenies is true. -security.postProcessDenies=false - -# -# Encryption properties -# -# default keystores location -dir.keystore=classpath:alfresco/keystore - -# general encryption parameters -encryption.keySpec.class=org.alfresco.encryption.DESEDEKeyGenerator -encryption.keyAlgorithm=AES -encryption.cipherAlgorithm=AES/CBC/PKCS5Padding - -# secret key keystore configuration -encryption.keystore.location=${dir.keystore}/keystore -# configuration via metadata is deprecated -encryption.keystore.keyMetaData.location= -encryption.keystore.provider= -encryption.keystore.type=pkcs12 - -# backup secret key keystore configuration -encryption.keystore.backup.location=${dir.keystore}/backup-keystore -# configuration via metadata is deprecated -encryption.keystore.backup.keyMetaData.location= -encryption.keystore.backup.provider= -encryption.keystore.backup.type=pkcs12 - -# Should encryptable properties be re-encrypted with new encryption keys on botstrap? -encryption.bootstrap.reencrypt=false - -# mac/md5 encryption -encryption.mac.messageTimeout=30000 -encryption.mac.algorithm=HmacSHA1 - -# ssl encryption -encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore -encryption.ssl.keystore.provider= -encryption.ssl.keystore.type=JCEKS -# configuration via metadata is deprecated -encryption.ssl.keystore.keyMetaData.location= -encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore -encryption.ssl.truststore.provider= -encryption.ssl.truststore.type=JCEKS -# configuration via metadata is deprecated -encryption.ssl.truststore.keyMetaData.location= - -# Re-encryptor properties -encryption.reencryptor.chunkSize=100 -encryption.reencryptor.numThreads=2 - -# SOLR connection details (e.g. for JMX) -solr.host=localhost -solr.port=8983 -solr.port.ssl=8984 -solr.solrUser=solr -solr.solrPassword=solr -# none, https -solr.secureComms=https -solr.cmis.alternativeDictionary=DEFAULT_DICTIONARY - -solr.max.total.connections=40 -solr.max.host.connections=40 - -# Solr connection timeouts -# solr connect timeout in ms -solr.solrConnectTimeout=5000 - -# cron expression defining how often the Solr Admin client (used by JMX) pings Solr if it goes away -solr.solrPingCronExpression=0 0/5 * * * ? * - - -#Default SOLR store mappings mappings -solr.store.mappings=solrMappingAlfresco,solrMappingArchive -solr.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory -solr.store.mappings.value.solrMappingAlfresco.baseUrl=/solr/alfresco -solr.store.mappings.value.solrMappingAlfresco.protocol=workspace -solr.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore -solr.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory -solr.store.mappings.value.solrMappingArchive.baseUrl=/solr/archive -solr.store.mappings.value.solrMappingArchive.protocol=archive -solr.store.mappings.value.solrMappingArchive.identifier=SpacesStore - -#Default SOLR 4 store mappings mappings -solr4.store.mappings=solrMappingAlfresco,solrMappingArchive -solr4.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory -solr4.store.mappings.value.solrMappingAlfresco.baseUrl=/solr4/alfresco -solr4.store.mappings.value.solrMappingAlfresco.protocol=workspace -solr4.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore -solr4.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory -solr4.store.mappings.value.solrMappingArchive.baseUrl=/solr4/archive -solr4.store.mappings.value.solrMappingArchive.protocol=archive -solr4.store.mappings.value.solrMappingArchive.identifier=SpacesStore - -#Default SOLR 6 store mappings mappings -solr6.store.mappings=solrMappingAlfresco,solrMappingArchive,solrMappingHistory -solr6.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory -solr6.store.mappings.value.solrMappingAlfresco.baseUrl=/solr/alfresco -solr6.store.mappings.value.solrMappingAlfresco.protocol=workspace -solr6.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore -solr6.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory -solr6.store.mappings.value.solrMappingArchive.baseUrl=/solr/archive -solr6.store.mappings.value.solrMappingArchive.protocol=archive -solr6.store.mappings.value.solrMappingArchive.identifier=SpacesStore -solr6.store.mappings.value.solrMappingHistory.httpClientFactory=solrHttpClientFactory -solr6.store.mappings.value.solrMappingHistory.baseUrl=/solr/history -solr6.store.mappings.value.solrMappingHistory.protocol=workspace -solr6.store.mappings.value.solrMappingHistory.identifier=history - -# -# URL Shortening Properties -# -urlshortening.bitly.username=brianalfresco -urlshortening.bitly.api.key=R_ca15c6c89e9b25ccd170bafd209a0d4f -urlshortening.bitly.url.length=20 - -# -# Bulk Filesystem Importer -# - -# The number of threads to employ in a batch import -bulkImport.batch.numThreads=4 - -# The size of a batch in a batch import i.e. the number of files to import in a -# transaction/thread -bulkImport.batch.batchSize=20 - - -# -# Caching Content Store -# -system.content.caching.cacheOnInbound=true -system.content.caching.maxDeleteWatchCount=1 -# Clean up every day at 3 am -system.content.caching.contentCleanup.cronExpression=0 0 3 * * ? -system.content.caching.minFileAgeMillis=60000 -system.content.caching.maxUsageMB=4096 -# maxFileSizeMB - 0 means no max file size. -system.content.caching.maxFileSizeMB=0 -# When the CachingContentStore is about to write a cache file but the disk usage is in excess of panicThresholdPct -# (default 90%) then the cache file is not written and the cleaner is started (if not already running) in a new thread. -system.content.caching.panicThresholdPct=90 -# When a cache file has been written that results in cleanThresholdPct (default 80%) of maxUsageBytes -# being exceeded then the cached content cleaner is invoked (if not already running) in a new thread. -system.content.caching.cleanThresholdPct=80 -# An aggressive cleaner is run till the targetUsagePct (default 70%) of maxUsageBytes is achieved -system.content.caching.targetUsagePct=70 -# Threshold in seconds indicating a minimal gap between normal cleanup starts -system.content.caching.normalCleanThresholdSec=0 - -mybatis.useLocalCaches=false - -fileFolderService.checkHidden.enabled=true - - -ticket.cleanup.cronExpression=0 0 * * * ? - -# -# Download Service Cleanup -# -download.cleaner.startDelayMilliseconds=3600000 -# 1 hour -download.cleaner.repeatIntervalMilliseconds=3600000 -download.cleaner.maxAgeMins=60 -# -1 or 0 for not using batches -download.cleaner.batchSize=1000 - -# you could set this to false for new installations greater then ACS 6.2 -# see MNT-20212 -download.cleaner.cleanAllSysDownloadFolders=true - -# -# Download Service Limits, in bytes -# -download.maxContentSize=2152852358 - -# Max size of view trashcan files -# -trashcan.MaxSize=1000 - -# -# Use bridge tables for caching authority evaluation. -# -authority.useBridgeTable=true - -# Limit the number of results from findAuthority query -authority.findAuthorityLimit=10000 - -# enable QuickShare - if false then the QuickShare-specific REST APIs will return 403 Forbidden -system.quickshare.enabled=true -system.quickshare.email.from.default=noreply@alfresco.com -# By default the difference between the quick share expiry date and the current time must be at least 1 day (24 hours). -# However, this can be changed to at least 1 hour or 1 minute for testing purposes. For example, -# setting the value to MINUTES, means the service will calculate the difference between NOW and the given expiry date -# in terms of minutes and checks for the difference to be greater than 1 minute. -# DAYS | HOURS | MINUTES -system.quickshare.expiry_date.enforce.minimum.period=DAYS - -# Oubound Mail -mail.service.corePoolSize=8 -mail.service.maximumPoolSize=20 - -nodes.bulkLoad.cachingThreshold=10 - -# Multi-Tenancy - -# if "dir.contentstore.tenants" is set then -# tenants are not co-mingled and all content roots will appear below this container (in sub-folder) -# and when creating a tenant the "contentRootPath" (root content store directory for a given tenant) will be ignored -dir.contentstore.tenants= - -# Gateway Authentication -# gateway authentication is disabled if empty host is specified -alfresco.authentication.gateway.host= -alfresco.authentication.gateway.protocol=https -alfresco.authentication.gateway.port=443 -alfresco.authentication.gateway.outboundHeaders=Authorization,key -alfresco.authentication.gateway.inboundHeaders=X-Alfresco-Authenticator-Key,X-Alfresco-Remote-User -alfresco.authentication.gateway.prefixUrl=/publicapi -alfresco.authentication.gateway.bufferSize=2048 -alfresco.authentication.gateway.connectTimeout=10000 -alfresco.authentication.gateway.readTimeout=120000 -alfresco.authentication.gateway.httpTcpNodelay=true -alfresco.authentication.gateway.httpConnectionStalecheck=true - -# webscripts config -webscripts.encryptTempFiles=false -webscripts.tempDirectoryName=Alfresco-WebScripts -# 4mb -webscripts.memoryThreshold=4194304 -# 4gb -webscripts.setMaxContentSize=5368709120 - -# Property to enable index upgrade for metadata query (MDQ) -# -# The indexes are not added unless this value is changed -# Adding each the supporting indexes may take several hours depending on the size of the database. -# The required indexes may be added in stages. -# See: classpath:alfresco/dbscripts/upgrade/4.2/${db.script.dialect}/metadata-query-indexes.sql -# See: classpath:alfresco/dbscripts/upgrade/5.1/${db.script.dialect}/metadata-query-indexes-2.sql -system.metadata-query-indexes.ignored=true -system.metadata-query-indexes-more.ignored=true - -# -# Do we defer running the shared folder patch? -# -system.patch.sharedFolder.deferred=false -# Default value is run new years day 2030 i.e. not run. -system.patch.sharedFolder.cronExpression=0 0 0 ? 1 1 2030 - -# -# Default values for deferring the running of the addUnmovableAspect patch -# -system.patch.addUnmovableAspect.deferred=false -system.patch.addUnmovableAspect.cronExpression=0 0 0 ? 1 1 2030 - -# Property to enable removal of all JBPM related data from the database -# -# The tables are not removed from the databasen unless explicitly requested by setting this property to false. -# See: classpath:alfresco/dbscripts/upgrade/5.2/${db.script.dialect}/remove-jbpm-tables-from-db.sql -system.remove-jbpm-tables-from-db.ignored=true - -# -# Use a canned query when requested to search for people if " [hint:useCQ]" is provided in search term -# -people.search.honor.hint.useCQ=true - -# Delays cron jobs after bootstrap to allow server to fully come up before jobs start -system.cronJob.startDelayMilliseconds=60000 - -# Schedule for reading mimetype config definitions dynamically. Initially checks every 10 seconds and then switches to -# every hour after the configuration is read successfully. If there is a error later reading the config, the -# checks return to every 10 seconds. -mimetype.config.cronExpression=0 30 0/1 * * ? -mimetype.config.initialAndOnError.cronExpression=0/10 * * * * ? - -# Optional property to specify an external file or directory that will be read for mimetype definitions from YAML -# files (possibly added to a volume via k8 ConfigMaps). -mimetype.config.dir=shared/classes/alfresco/extension/mimetypes - -# Schedule for reading rendition config definitions dynamically. Initially checks every 10 seconds and then switches to -# every hour after the configuration is read successfully. If there is a error later reading the config, the -# checks return to every 10 seconds. -rendition.config.cronExpression=2 30 0/1 * * ? -rendition.config.initialAndOnError.cronExpression=0/10 * * * * ? - -# Optional property to specify an external file or directory that will be read for rendition definitions from YAML -# files (possibly added to a volume via k8 ConfigMaps). -rendition.config.dir=shared/classes/alfresco/extension/transform/renditions - -# Optional property to specify an external file or directory that will be read for transformer json config. -local.transform.pipeline.config.dir=shared/classes/alfresco/extension/transform/pipelines - -# Used to disable transforms locally. -local.transform.service.enabled=true - -# Schedule for reading local transform config, so that T-Engines and local pipeline config is dynamically -# picked up, or reintegrated after an outage. Initially checks every 10 seconds and then switches to every hour -# after the configuration is read successfully. If there is a error later reading the config, the checks return to -# every 10 seconds. -local.transform.service.cronExpression=4 30 0/1 * * ? -local.transform.service.initialAndOnError.cronExpression=0/10 * * * * ? - -# Used to disable transforms that extend AbstractContentTransformer2 -legacy.transform.service.enabled=true - -# -# Check that the declared mimetype (of the Node) is the same as the derived -# mimetype of the content (via Tika) before a transformation takes place. -# Only files in the repository (not intermediate files in a transformer -# pipeline) are checked. This property provides a trade off between a -# security check and a relatively expensive (Tika) operation. -# -# There are a few issues with the Tika mimetype detection. So that transformations -# still take place where the detected mimetype is not the same as the declared mimetype, -# another property (transformer.strict.mimetype.check.whitelist.mimetypes) contains pairs -# of declared and detected mimetypes that should be allowed. This parameter value is a -# sequence of ; separated pairs. The declared and derived mimetypes are also ; separated. -# -transformer.strict.mimetype.check=true - -# A white list of declared and detected mimetypes, that don't match, but should still be transformed. -transformer.strict.mimetype.check.whitelist.mimetypes=application/eps;application/postscript;application/illustrator;application/pdf;application/x-tar;application/x-gtar;application/acp;application/zip;application/vnd.stardivision.math;application/x-tika-msoffice - -# -# Enable transformation retrying if the file has MIME type differ than file extension. -# Ignored if transformer.strict.mimetype.check is true as these transformations -# will not take place. -# -content.transformer.retryOn.different.mimetype=true - -# -# Lock timeout configuration -# -system.lockTryTimeout=100 -system.lockTryTimeout.DictionaryDAOImpl=10000 -system.lockTryTimeout.MessageServiceImpl=${system.lockTryTimeout} -system.lockTryTimeout.PolicyComponentImpl=${system.lockTryTimeout} - - -# Scheduled job to clean up unused properties from the alf_prop_xxx tables. -# Default setting of "0 0 3 ? * SAT" is to run every Saturday at 3am. -attributes.propcleaner.cronExpression=0 0 3 ? * SAT - -# Control Alfresco JMX connectivity -alfresco.jmx.connector.enabled=false - -# Dissallow Attribute Service Entries with "Serializable" objects in key Segments -# Please, see MNT-11895 for details. -system.propval.uniquenessCheck.enabled=true - -# Requests for ephemeral (in-memory) locks with expiry times (in seconds) greater -# than this value will result in persistent locks being created instead. By default -# this value is equal to the maximum allowed expiry for ephemeral locks, therefore -# this feature is disabled by default. Setting this to -1 would mean that ALL -# requests for ephemeral locks would result in persistent locks being created. -alfresco.ephemeralLock.expiryThresh=172800 - -# SurfConfigFolder Patch -# -# Do we defer running the surf-config folder patch? -# -system.patch.surfConfigFolder.deferred=false -# Default value. i.e. never run. It can be triggered using JMX -system.patch.surfConfigFolder.cronExpression=* * * * * ? 2099 - -# -# Solr Facets Config Properties -# -solr_facets.root.path=/app:company_home/app:dictionary -solr_facets.root=${solr_facets.root.path}/${spaces.solr_facets.root.childname} -solr_facets.inheritanceHierarchy=default,custom - -models.enforceTenantInNamespace=false - -# Allowed protocols for links -links.protocosl.white.list=http,https,ftp,mailto - -# Fixed ACLs -# Required for fixing MNT-15368 - Time Consumed for Updating Folder Permission -# ADMAccessControlListDAO.setFixedAcls called on a large folder hierarchy will take a long time for its execution. -# For this reason now method can also be called asynchronously if transaction reaches system.fixedACLs.maxTransactionTime. -# In this case setFixedAcls method recursion will be stopped and unfinished nodes will be marked with ASPECT_PENDING_FIX_ACL. -# Pending nodes will be processed by FixedAclUpdater, programmatically called but also configured as a scheduled job. -system.fixedACLs.maxTransactionTime=10000 -# fixedACLsUpdater - lock time to live -system.fixedACLsUpdater.lockTTL=10000 -# fixedACLsUpdater - maximum number of nodes to process per execution -system.fixedACLsUpdater.maxItemBatchSize=100 -# fixedACLsUpdater - the number of threads to use -system.fixedACLsUpdater.numThreads=4 -# fixedACLsUpdater cron expression - fire at midnight every day -system.fixedACLsUpdater.cronExpression=0 0 0 * * ? - -cmis.disable.hidden.leading.period.files=false - -#Smart Folders Config Properties -smart.folders.enabled=false - -#Smart reference config -smart.reference.classpath.hash=${smart.folders.config.vanilla.processor.classpath}->1,${smart.folders.config.system.templates.classpath}->2 - -#Smart store config - -#Company home relative download associations of smart entries -smart.download.associations.folder=${spaces.dictionary.childname}/${spaces.smartdownloads.childname} - -#Generic virtualization methods config - -#Vanilla JSON templates javascript processor classpath. A java script processor used to -#covert JSON templates to internal smart folder definitions. - -smart.folders.config.vanilla.processor.classpath=/org/alfresco/repo/virtual/node/vanilla.js - -#System virtualization method config - -#System virtualization method aspect. -smart.folders.config.system.aspect=smf:systemConfigSmartFolder -#System virtualization method aspect defined template location property. -smart.folders.config.system.aspect.template.location.property=smf:system-template-location -#Classpath to be explored for *.json entries defining system templates. -smart.folders.config.system.templates.classpath=/org/alfresco/repo/virtual/node -#A company home relative name or qname path location of repository system templates. -smart.folders.config.system.templates.path=${spaces.dictionary.childname}/${spaces.smartfolders.childname} -#Content sub type of repository system templates. -smart.folders.config.system.templates.template.type=smf:smartFolderTemplate - -#Custom virtualization method config - -#Custom virtualization method aspect. -smart.folders.config.custom.aspect=smf:customConfigSmartFolder -#Custom virtualization method aspect template content association. -smart.folders.config.custom.aspect.template.association=smf:custom-template-association - - -#Type virtualization method config - -#A company home relative name or qname path location of the type mapped templates. -smart.folders.config.type.templates.path=${spaces.dictionary.childname}/${spaces.smartfolders.childname} -#Type and aspect qname regular expression filter. -smart.folders.config.type.templates.qname.filter=none - -# Preferred password encoding, md4, sha256, bcrypt10 -system.preferred.password.encoding=md4 - -# Upgrade Password Hash Job -system.upgradePasswordHash.jobBatchSize=100 -system.upgradePasswordHash.jobQueryRange=10000 -system.upgradePasswordHash.jobThreadCount=4 -system.upgradePasswordHash.jobCronExpression=* * * * * ? 2099 - -system.api.discovery.enabled=true - -# Maximum query size for category/tag fetch when not explicitly set by paging parameters -category.queryFetchSize=5000 - -# Brute force protection -authentication.protection.enabled=true -authentication.protection.limit=10 -authentication.protection.periodSeconds=6 - -system.email.sender.default=noreply@alfresco.com -# reset password workflow will expire in an hour -system.reset-password.endTimer=PT1H -system.reset-password.sendEmailAsynchronously=true - -# HeartBeat -heartbeat.target.url= -heartbeat.enabled=true - -# CSRF filter overrides -csrf.filter.enabled=true -csrf.filter.referer= -csrf.filter.referer.always=false -csrf.filter.origin= -csrf.filter.origin.always=false - -# CORS settings -cors.enabled=false -cors.allowed.origins= -cors.allowed.methods=GET,POST,HEAD,OPTIONS,PUT,DELETE -cors.allowed.headers=Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token -cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials -cors.support.credentials=true -cors.preflight.maxage=10 - -# Alfresco Rest Api-Explorer -api-explorer.url= - -# Events subsystem -events.subsystem.autoStart=false -# Messaging subsystem -messaging.subsystem.autoStart=true - - -# Raw events -acs.repo.rendition.events.endpoint=jms:acs-repo-rendition-events?jmsMessageType=Text - -# Transform request events -acs.repo.transform.request.endpoint=jms:acs-repo-transform-request?jmsMessageType=Text - -# If enabled doesn't allow to set content properties via NodeService -contentPropertyRestrictions.enabled=true -contentPropertyRestrictions.whitelist= - -# Repo events2 -# Type and aspect filters which should be excluded -# Note: System folders node types are added by default -repo.event2.filter.nodeTypes=sys:*, fm:*, cm:thumbnail, cm:failedThumbnail, cm:rating, rma:rmsite include_subtypes -repo.event2.filter.nodeAspects=sys:* -repo.event2.filter.childAssocTypes=rn:rendition -# Comma separated list of users which should be excluded -# Note: username's case-sensitivity depends on the {user.name.caseSensitive} setting -repo.event2.filter.users=System, null -# Topic name -repo.event2.topic.endpoint=amqp:topic:alfresco.repo.event2 - -# MNT-21083 -# --DELETE_NOT_EXISTS - default settings -system.delete_not_exists.batchsize=100000 -system.delete_not_exists.delete_batchsize=1000 -system.delete_not_exists.read_only=false -system.delete_not_exists.timeout_seconds=-1 -system.prop_table_cleaner.algorithm=V2 - -# Configure the expiration time of the direct access url. This is the length of time in seconds that the link is valid for. -# Note: It is up to the actual ContentStore implementation if it can fulfil this request or not. +# Repository configuration + +repository.name=Main Repository + +# Schema number +version.schema=14001 + +# Directory configuration + +dir.root=./alf_data + +dir.contentstore=${dir.root}/contentstore +dir.contentstore.deleted=${dir.root}/contentstore.deleted +dir.contentstore.bucketsPerMinute=0 + +# ContentStore subsystem: default choice +filecontentstore.subsystem.name=unencryptedContentStore + +# The location of cached content +dir.cachedcontent=${dir.root}/cachedcontent + +# The value for the maximum permitted size in bytes of all content. +# No value (or a negative long) will be taken to mean that no limit should be applied. +# See content-services-context.xml +system.content.maximumFileSizeLimit= + +# +# The server mode. Set value in alfresco-global.properties +# UNKNOWN | TEST | BACKUP | PRODUCTION +# +system.serverMode=UNKNOWN + +# The location for lucene index files +dir.indexes=${dir.root}/lucene-indexes + +# The location for index backups +dir.indexes.backup=${dir.root}/backup-lucene-indexes + +# The location for lucene index locks +dir.indexes.lock=${dir.indexes}/locks + +#Directory to find external license +dir.license.external=. +# Spring resource location of external license files +location.license.external=file://${dir.license.external}/*.lic +# Spring resource location of embedded license files +location.license.embedded=/WEB-INF/alfresco/license/*.lic +# Spring resource location of license files on shared classpath +location.license.shared=classpath*:/alfresco/extension/license/*.lic + +# WebDAV initialization properties +system.webdav.servlet.enabled=true +system.webdav.url.path.prefix= +system.webdav.storeName=${protocols.storeName} +system.webdav.rootPath=${protocols.rootPath} +# File name patterns that trigger rename shuffle detection +# pattern is used by move - tested against full path after it has been lower cased. +system.webdav.renameShufflePattern=(.*/\\..*)|(.*[a-f0-9]{8}+$)|(.*\\.tmp$)|(.*atmp[0-9]+$)|(.*\\.wbk$)|(.*\\.bak$)|(.*\\~$)|(.*backup.*\\.do[ct]{1}[x]?[m]?$)|(.*\\.sb\\-\\w{8}\\-\\w{6}$) +system.webdav.activities.enabled=false + + +system.workflow.jbpm.comment.property.max.length=-1 +system.workflow.comment.property.max.length=4000 + +#Determines if Activiti definitions are visible +system.workflow.engine.activiti.definitions.visible=true + + +# Determines if the Activiti engine is enabled +system.workflow.engine.activiti.enabled=true +system.workflow.engine.activiti.idblocksize=100 +system.workflow.engine.activiti.taskvariableslimit=20000 + +# Determines if the workflows that are deployed to the activiti engine should +# be deployed in the tenant-context of the thread IF the tenant-service is enabled +# If set to false, all workflows deployed will be shared among tenants. Recommended +# setting is true unless there is a good reason to not allow deploy tenant-specific +# worklfows when a MT-environment is set up. +system.workflow.deployWorkflowsInTenant=true +#Determines if historic process instance are retained in case of canceling a process instance +system.workflow.engine.activiti.retentionHistoricProcessInstance=false + +# The maximum number of groups to check for pooled tasks. For performance +# reasons, this is limited to 500 by default. +system.workflow.maxAuthoritiesForPooledTasks=500 + +# The maximum number of pooled tasks to return in a query. It may be necessary +# to limit this depending on UI limitations. +system.workflow.maxPooledTasks=-1 + +# The maximum number of reviewers for "Group Review and Approve" workflow. +# Use '0' for unlimited. +system.workflow.maxGroupReviewers=0 + +index.subsystem.name=noindex + +# ######################################### # +# Index Tracking Configuration # +# ######################################### # +# +# Index tracking information of a certain age is cleaned out by a scheduled job. +# Any clustered system that has been offline for longer than this period will need to be seeded +# with a more recent backup of the Lucene indexes or the indexes will have to be fully rebuilt. +# Use -1 to disable purging. This can be switched on at any stage. +index.tracking.minRecordPurgeAgeDays=30 +# Unused transactions will be purged in chunks determined by commit time boundaries. 'index.tracking.purgeSize' specifies the size +# of the chunk (in ms). Default is a couple of hours. +index.tracking.purgeSize=7200000 + +# Change the failure behaviour of the configuration checker +system.bootstrap.config_check.strict=true + + +# +# How long should shutdown wait to complete normally before +# taking stronger action and calling System.exit() +# in ms, 10,000 is 10 seconds +# +shutdown.backstop.timeout=10000 +shutdown.backstop.enabled=false + +# Server Single User Mode +# note: +# only allow named user (note: if blank or not set then will allow all users) +# assuming maxusers is not set to 0 +#server.singleuseronly.name=admin + +# Server Max Users - limit number of users with non-expired tickets +# note: +# -1 allows any number of users, assuming not in single-user mode +# 0 prevents further logins, including the ability to enter single-user mode +server.maxusers=-1 + +# +# Disable all shared caches (mutable and immutable) +# These properties are used for diagnostic purposes +system.cache.disableMutableSharedCaches=false +system.cache.disableImmutableSharedCaches=false + +# The maximum capacity of the parent assocs cache (the number of nodes whose parents can be cached) +system.cache.parentAssocs.maxSize=130000 + +# The average number of parents expected per cache entry. This parameter is multiplied by the above +# value to compute a limit on the total number of cached parents, which will be proportional to the +# cache's memory usage. The cache will be pruned when this limit is exceeded to avoid excessive +# memory usage. +system.cache.parentAssocs.limitFactor=8 + +# +# Properties to limit resources spent on individual searches +# +# The maximum time spent pruning results +system.acl.maxPermissionCheckTimeMillis=10000 +# The maximum number of search results to perform permission checks against +system.acl.maxPermissionChecks=1000 + +# The maximum number of filefolder list results +system.filefolderservice.defaultListMaxResults=5000 +# DEPRECATED: Use 'system.auditableData.preserve' +system.preserve.modificationData=false +# The default to preserve all cm:auditable data on a node when the process is not directly driven by a user action +system.auditableData.preserve=${system.preserve.modificationData} +# Specific control of how the FileFolderService treats cm:auditable data when performing moves +system.auditableData.FileFolderService=${system.auditableData.preserve} +# Specific control of whether ACL changes on a node trigger the cm:auditable aspect +system.auditableData.ACLs=${system.auditableData.preserve} + +# Properties to control read permission evaluation for acegi +system.readpermissions.optimise=true +system.readpermissions.bulkfetchsize=1000 + +# +# Manually control how the system handles maximum string lengths. +# Any zero or negative value is ignored. +# Only change this after consulting support or reading the appropriate Javadocs for +# org.alfresco.repo.domain.schema.SchemaBootstrap for V2.1.2. +# Before database migration, the string value storage may need to be adjusted using the scheduled job +system.maximumStringLength=-1 +system.maximumStringLength.jobCronExpression=* * * * * ? 2099 +system.maximumStringLength.jobQueryRange=10000 +system.maximumStringLength.jobThreadCount=4 + +# +# Limit hibernate session size by trying to amalgamate events for the L2 session invalidation +# - hibernate works as is up to this size +# - after the limit is hit events that can be grouped invalidate the L2 cache by type and not instance +# events may not group if there are post action listener registered (this is not the case with the default distribution) +system.hibernateMaxExecutions=20000 + +# +# Determine if modification timestamp propagation from child to parent nodes is respected or not. +# Even if 'true', the functionality is only supported for child associations that declare the +# 'propagateTimestamps' element in the dictionary definition. +system.enableTimestampPropagation=true + +# +# Enable system model integrity checking. +# WARNING: Changing this is unsupported; bugs may corrupt data +system.integrity.enabled=true +# Do integrity violations fail transactions +# WARNING: Changing this is unsupported; bugs may corrupt data +system.integrity.failOnViolation=true +# The number of errors to report when violations are detected +system.integrity.maxErrorsPerTransaction=5 +# Add call stacks to integrity events so that errors are logged with possible causes +# WARNING: This is expensive and should only be switched on for diagnostic purposes +system.integrity.trace=false + +# +# Decide if content should be removed from the system immediately after being orphaned. +# Do not change this unless you have examined the impact it has on your backup procedures. +system.content.eagerOrphanCleanup=false +# The number of days to keep orphaned content in the content stores. +# This has no effect on the 'deleted' content stores, which are not automatically emptied. +system.content.orphanProtectDays=14 +# The action to take when a store or stores fails to delete orphaned content +# IGNORE: Just log a warning. The binary remains and the record is expunged +# KEEP_URL: Log a warning and create a URL entry with orphan time 0. It won't be processed or removed. +system.content.deletionFailureAction=IGNORE +# The CRON expression to trigger the deletion of resources associated with orphaned content. +system.content.orphanCleanup.cronExpression=0 0 4 * * ? + +# #################### # +# Lucene configuration # +# #################### # +# +# Millisecond threshold for text transformations +# Slower transformers will force the text extraction to be asynchronous +# +lucene.maxAtomicTransformationTime=100 +# +# The maximum number of clauses that are allowed in a lucene query +# +lucene.query.maxClauses=10000 +# +# The size of the queue of nodes waiting for index +# Events are generated as nodes are changed, this is the maximum size of the queue used to coalesce event +# When this size is reached the lists of nodes will be indexed +# +# http://issues.alfresco.com/browse/AR-1280: Setting this high is the workaround as of 1.4.3. +# +lucene.indexer.batchSize=1000000 +fts.indexer.batchSize=1000 +# +# Index cache sizes +# +lucene.indexer.cacheEnabled=true +lucene.indexer.maxDocIdCacheSize=100000 +lucene.indexer.maxDocumentCacheSize=100 +lucene.indexer.maxIsCategoryCacheSize=-1 +lucene.indexer.maxLinkAspectCacheSize=10000 +lucene.indexer.maxParentCacheSize=100000 +lucene.indexer.maxPathCacheSize=100000 +lucene.indexer.maxTypeCacheSize=10000 +# +# Properties for merge (not this does not affect the final index segment which will be optimised) +# Max merge docs only applies to the merge process not the resulting index which will be optimised. +# +lucene.indexer.mergerMaxMergeDocs=1000000 +lucene.indexer.mergerMergeFactor=5 +lucene.indexer.mergerMaxBufferedDocs=-1 +lucene.indexer.mergerRamBufferSizeMb=16 +# +# Properties for delta indexes (not this does not affect the final index segment which will be optimised) +# Max merge docs only applies to the index building process not the resulting index which will be optimised. +# +lucene.indexer.writerMaxMergeDocs=1000000 +lucene.indexer.writerMergeFactor=5 +lucene.indexer.writerMaxBufferedDocs=-1 +lucene.indexer.writerRamBufferSizeMb=16 +# +# Target number of indexes and deltas in the overall index and what index size to merge in memory +# +lucene.indexer.mergerTargetIndexCount=8 +lucene.indexer.mergerTargetOverlayCount=5 +lucene.indexer.mergerTargetOverlaysBlockingFactor=2 +lucene.indexer.maxDocsForInMemoryMerge=60000 +lucene.indexer.maxRamInMbForInMemoryMerge=16 +lucene.indexer.maxDocsForInMemoryIndex=60000 +lucene.indexer.maxRamInMbForInMemoryIndex=16 +# +# Other lucene properties +# +lucene.indexer.termIndexInterval=128 +lucene.indexer.useNioMemoryMapping=true +# over-ride to false for pre 3.0 behaviour +lucene.indexer.postSortDateTime=true +lucene.indexer.defaultMLIndexAnalysisMode=EXACT_LANGUAGE_AND_ALL +lucene.indexer.defaultMLSearchAnalysisMode=EXACT_LANGUAGE_AND_ALL +# +# The number of terms from a document that will be indexed +# +lucene.indexer.maxFieldLength=10000 + +# Should we use a 'fair' locking policy, giving queue-like access behaviour to +# the indexes and avoiding starvation of waiting writers? Set to false on old +# JVMs where this appears to cause deadlock +lucene.indexer.fairLocking=true + +# +# Index locks (mostly deprecated and will be tidied up with the next lucene upgrade) +# +lucene.write.lock.timeout=10000 +lucene.commit.lock.timeout=100000 +lucene.lock.poll.interval=100 + +lucene.indexer.useInMemorySort=true +lucene.indexer.maxRawResultSetSizeForInMemorySort=1000 +lucene.indexer.contentIndexingEnabled=true + +index.backup.cronExpression=0 0 3 * * ? + +lucene.defaultAnalyserResourceBundleName=alfresco/model/dataTypeAnalyzers + + +# When transforming archive files (.zip etc) into text representations (such as +# for full text indexing), should the files within the archive be processed too? +# If enabled, transformation takes longer, but searches of the files find more. +transformer.Archive.includeContents=false + +# Database configuration +db.schema.name= +db.schema.stopAfterSchemaBootstrap=false +db.schema.update=true +db.schema.update.lockRetryCount=24 +db.schema.update.lockRetryWaitSeconds=5 +db.driver=org.gjt.mm.mysql.Driver +db.name=alfresco +db.url=jdbc:mysql:///${db.name} +db.username=alfresco +db.password=alfresco +db.pool.initial=10 +db.pool.max=275 +db.txn.isolation=-1 +db.pool.statements.enable=true +db.pool.statements.max=40 +db.pool.min=10 +db.pool.idle=10 +db.pool.wait.max=5000 + +db.pool.validate.query= +db.pool.evict.interval=600000 +db.pool.evict.idle.min=1800000 +# +# note: for 'db.pool.evict.num.tests' see http://commons.apache.org/dbcp/configuration.html (numTestsPerEvictionRun) +# and also following extract from "org.apache.commons.pool.impl.GenericKeyedObjectPool" (1.5.5) +# +# * The number of objects to examine during each run of the idle object evictor thread (if any). +# * When a negative value is supplied, ceil({@link #getNumIdle})/abs({@link #getNumTestsPerEvictionRun}) +# * tests will be run. I.e., when the value is -n, roughly one nth of the +# * idle objects will be tested per run. +# +db.pool.evict.num.tests=-1 + +db.pool.evict.validate=false +db.pool.validate.borrow=true +db.pool.validate.return=false + +db.pool.abandoned.detect=false +db.pool.abandoned.time=300 +# +# db.pool.abandoned.log=true (logAbandoned) adds overhead (http://commons.apache.org/dbcp/configuration.html) +# and also requires db.pool.abandoned.detect=true (removeAbandoned) +# +db.pool.abandoned.log=false + + +# Audit configuration +audit.enabled=true +audit.tagging.enabled=true +audit.alfresco-access.enabled=false +audit.alfresco-access.sub-actions.enabled=false +audit.cmischangelog.enabled=false +audit.dod5015.enabled=false +# Setting this flag to true will force startup failure when invalid audit configurations are detected +audit.config.strict=false +# Audit map filter for AccessAuditor - restricts recorded events to user driven events +audit.filter.alfresco-access.default.enabled=false +audit.filter.alfresco-access.transaction.user=~System;~null;.* +audit.filter.alfresco-access.transaction.type=cm:folder;cm:content;st:site +audit.filter.alfresco-access.transaction.path=~/sys:archivedItem;~/ver:;.* + + +# System Configuration +system.store=system://system +system.descriptor.childname=sys:descriptor +system.descriptor.current.childname=sys:descriptor-current + +# User config +alfresco_user_store.store=user://alfrescoUserStore +alfresco_user_store.system_container.childname=sys:system +alfresco_user_store.user_container.childname=sys:people + +# note: default admin username - should not be changed after installation +alfresco_user_store.adminusername=admin + +# Initial password - editing this will not have any effect once the repository is installed +alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634 + +# note: default guest username - should not be changed after installation +alfresco_user_store.guestusername=guest + +# Used to move home folders to a new location +home_folder_provider_synchronizer.enabled=false +home_folder_provider_synchronizer.override_provider= +home_folder_provider_synchronizer.keep_empty_parents=false + +# Spaces Archive Configuration +spaces.archive.store=archive://SpacesStore + +# Spaces Configuration +spaces.store=workspace://SpacesStore +spaces.company_home.childname=app:company_home +spaces.guest_home.childname=app:guest_home +spaces.dictionary.childname=app:dictionary +spaces.templates.childname=app:space_templates +spaces.imap_attachments.childname=cm:Imap Attachments +spaces.imap_home.childname=cm:Imap Home +spaces.imapConfig.childname=app:imap_configs +spaces.imap_templates.childname=app:imap_templates +spaces.scheduled_actions.childname=cm:Scheduled Actions +spaces.emailActions.childname=app:email_actions +spaces.searchAction.childname=cm:search +spaces.templates.content.childname=app:content_templates +spaces.templates.email.childname=app:email_templates +spaces.templates.email.invite1.childname=app:invite_email_templates +spaces.templates.email.notify.childname=app:notify_email_templates +spaces.templates.email.following.childname=app:following +spaces.templates.rss.childname=app:rss_templates +spaces.savedsearches.childname=app:saved_searches +spaces.scripts.childname=app:scripts +spaces.content_forms.childname=app:forms +spaces.user_homes.childname=app:user_homes +spaces.user_homes.regex.key=userName +spaces.user_homes.regex.pattern= +spaces.user_homes.regex.group_order= +spaces.sites.childname=st:sites +spaces.templates.email.invite.childname=cm:invite +spaces.templates.email.activities.childname=cm:activities +spaces.rendition.rendering_actions.childname=app:rendering_actions +spaces.replication.replication_actions.childname=app:replication_actions +spaces.transfers.childname=app:transfers +spaces.transfer_groups.childname=app:transfer_groups +spaces.transfer_temp.childname=app:temp +spaces.inbound_transfer_records.childname=app:inbound_transfer_records +spaces.webscripts.childname=cm:webscripts +spaces.extension_webscripts.childname=cm:extensionwebscripts +spaces.models.childname=app:models +spaces.workflow.definitions.childname=app:workflow_defs +spaces.templates.email.workflowemailnotification.childname=cm:workflownotification +spaces.nodetemplates.childname=app:node_templates +spaces.shared.childname=app:shared +spaces.solr_facets.root.childname=srft:facets +spaces.smartfolders.childname=app:smart_folders +spaces.smartdownloads.childname=app:smart_downloads +spaces.transfer_summary_report.location=/${spaces.company_home.childname}/${spaces.dictionary.childname}/${spaces.transfers.childname}/${spaces.inbound_transfer_records.childname} +spaces.quickshare.link_expiry_actions.childname=app:quick_share_link_expiry_actions + + +# ADM VersionStore Configuration +version.store.initialVersion=true +version.store.enableAutoVersioning=true +version.store.enableAutoVersionOnUpdateProps=false +version.store.deprecated.lightWeightVersionStore=workspace://lightWeightVersionStore +version.store.version2Store=workspace://version2Store + +# Optional Comparator class name to sort versions. +# Set to: org.alfresco.repo.version.common.VersionLabelComparator +# if upgrading from a version that used unordered sequences in a cluster. +version.store.versionComparatorClass= + +# Folders for storing people +system.system_container.childname=sys:system +system.people_container.childname=sys:people +system.authorities_container.childname=sys:authorities +system.zones_container.childname=sys:zones + +# Folders for storing workflow related info +system.workflow_container.childname=sys:workflow + +# Folder for storing shared remote credentials +system.remote_credentials_container.childname=sys:remote_credentials + +# Folder for storing syncset definitions +system.syncset_definition_container.childname=sys:syncset_definitions + +# Folder for storing download archives +system.downloads_container.childname=sys:downloads + +# Folder for storing IdP's certificate definitions +system.certificate_container.childname=sys:samlcertificate + +# Are user names case sensitive? +user.name.caseSensitive=false +domain.name.caseSensitive=false +domain.separator= + +#Format caption extracted from the XML Schema. +xforms.formatCaption=true + +# ECM content usages/quotas +system.usages.enabled=false +system.usages.clearBatchSize=0 +system.usages.updateBatchSize=50 + +# Repository endpoint - used by Activity Service +repo.remote.endpoint=/service + +# Some authentication mechanisms may need to create people +# in the repository on demand. This enables that feature. +# If disabled an error will be generated for missing +# people. If enabled then a person will be created and +# persisted. +create.missing.people=${server.transaction.allow-writes} + +# Create home folders (unless disabled, see next property) as people are created (true) or create them lazily (false) +home.folder.creation.eager=true +# Disable home folder creation - if true then home folders are not created (neither eagerly nor lazily) +home.folder.creation.disabled=false + +# Should we consider zero byte content to be the same as no content when firing +# content update policies? Prevents 'premature' firing of inbound content rules +# for some clients such as Mac OS X Finder +policy.content.update.ignoreEmpty=true + +# Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'. +# This allows connections to JMX both remotely and locally. +# +alfresco.rmi.services.port=50500 +alfresco.rmi.services.external.host=localhost +alfresco.rmi.services.host=0.0.0.0 + +# If the RMI address is in-use, how many retries should be done before aborting +# Default value of alfresco.rmi.services.retries is 0 which means 'Don't retry if the address is in-use' +alfresco.rmi.services.retries=4 +# How long in milliseconds to wait after a failed server socket bind, before retrying +alfresco.rmi.services.retryInterval=250 + +# RMI service ports for the individual services. +# These eight services are available remotely. +# +# Assign individual ports for each service for best performance +# or run several services on the same port, you can even run everything on 50500 if +# running through a firewall. +# +# Specify 0 to use a random unused port. +# +monitor.rmi.service.port=50508 + +# +# enable or disable individual RMI services +# +monitor.rmi.service.enabled=false + + +# Should the Mbean server bind to an existing server. Set to true for most application servers. +# false for WebSphere clusters. +mbean.server.locateExistingServerIfPossible=true + +# External executable locations +img.root=./ImageMagick +img.dyn=${img.root}/lib +img.exe=${img.root}/bin/convert + +# Legacy imageMagick transformer url to T-Engine to service transform requests via http. Disabled by default. +img.url= + +# When img.url is set, this value indicates the amount of time to wait after a connection failure +# before retrying the connection to allow a docker container to (re)start. +img.startupRetryPeriodSeconds=60 + +# Rendition Service 2 +renditionService2.enabled=true + +# Thumbnail Service +system.thumbnail.generate=true + +# Default thumbnail limits +# When creating thumbnails, only use the first pageLimit pages +system.thumbnail.definition.default.timeoutMs=-1 +system.thumbnail.definition.default.readLimitTimeMs=-1 +system.thumbnail.definition.default.maxSourceSizeKBytes=-1 +system.thumbnail.definition.default.readLimitKBytes=-1 +system.thumbnail.definition.default.pageLimit=1 +system.thumbnail.definition.default.maxPages=-1 + +# Max mimetype sizes to create thumbnail icons +system.thumbnail.mimetype.maxSourceSizeKBytes.pdf=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.txt=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.docx=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.xlsx=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.pptx=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.odt=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.ods=-1 +system.thumbnail.mimetype.maxSourceSizeKBytes.odp=-1 + +# Configuration for handling of failing thumbnails. +# See NodeEligibleForRethumbnailingEvaluator's javadoc for details. +# +# Retry periods limit the frequency with which the repository will attempt to create Share thumbnails +# for content nodes which have previously failed in their thumbnail attempts. +# These periods are in seconds. +# +# 604800s = 60s * 60m * 24h * 7d = 1 week +system.thumbnail.retryPeriod=60 +system.thumbnail.retryCount=2 +system.thumbnail.quietPeriod=604800 +system.thumbnail.quietPeriodRetriesEnabled=true +system.thumbnail.redeployStaticDefsOnStartup=true + +# The default timeout for metadata mapping extracters +content.metadataExtracter.default.timeoutMs=20000 + +# Legacy tika and misc transformer url to T-Engines to service transform requests via http. Disabled by default. +tika.url= +transform.misc.url= + +# When the legacy tika and misc transformer .url is set, this value indicates the amount of time to wait after a connection failure +# before retrying the connection to allow a docker container to (re)start. +tika.startupRetryPeriodSeconds=60 +transform.misc.startupRetryPeriodSeconds=60 + +# Local transformer urls to T-engines to service transform requests via http. Enabled by default. +localTransform.core-aio.url=http://localhost:8090/ + +# When a local transformer .url is set, this value indicates the amount of time to wait after a connection failure +# before retrying the connection to allow a docker container to (re)start. +localTransform.core-aio.startupRetryPeriodSeconds=60 + +# +content.metadataExtracter.pdf.maxDocumentSizeMB=10 +content.metadataExtracter.pdf.maxConcurrentExtractionsCount=5 + +# The default overwrite policy for PdfBoxMetadataExtracter +content.metadataExtracter.pdf.overwritePolicy=PRAGMATIC + +#True if bookmarks content should be extracted for PDFBox +content.transformer.PdfBox.extractBookmarksText=true + +# Property to enable upgrade from 2.1-A +V2.1-A.fixes.to.schema=0 +#V2.1-A.fixes.to.schema=82 + +# The default authentication chain +authentication.chain=alfrescoNtlm1:alfrescoNtlm + +# Do authentication tickets expire or live for ever? +authentication.ticket.ticketsExpire=true + +# If ticketsEpire is true then how they should expire? +# Valid values are: AFTER_INACTIVITY, AFTER_FIXED_TIME, DO_NOT_EXPIRE +# The default is AFTER_FIXED_TIME +authentication.ticket.expiryMode=AFTER_INACTIVITY + +# If authentication.ticket.ticketsExpire is true and +# authentication.ticket.expiryMode is AFTER_FIXED_TIME or AFTER_INACTIVITY, +# this controls the minimum period for which tickets are valid. +# The default is PT1H for one hour. +authentication.ticket.validDuration=PT1H + +# Use one ticket for all user sessions +# For the pre 4.2 behaviour of one ticket per session set this to false. +authentication.ticket.useSingleTicketPerUser=true + +authentication.alwaysAllowBasicAuthForAdminConsole.enabled=true +authentication.getRemoteUserTimeoutMilliseconds=10000 + +# FTP access +ftp.enabled=false + +# Default root path for protocols +protocols.storeName=${spaces.store} +protocols.rootPath=/${spaces.company_home.childname} + +# OpenCMIS +opencmis.connector.default.store=${spaces.store} +opencmis.connector.default.rootPath=/${spaces.company_home.childname} +opencmis.connector.default.typesDefaultMaxItems=500 +opencmis.connector.default.typesDefaultDepth=-1 +opencmis.connector.default.objectsDefaultMaxItems=10000 +opencmis.connector.default.objectsDefaultDepth=100 +opencmis.connector.default.contentChangesDefaultMaxItems=10000 +opencmis.connector.default.openHttpSession=false +opencmis.activities.enabled=true +opencmis.bulkUpdateProperties.maxItemsSize=1000 +opencmis.bulkUpdateProperties.batchSize=20 +opencmis.bulkUpdateProperties.workerThreads=2 +opencmis.maxContentSizeMB=4096 +opencmis.memoryThresholdKB=4096 + +# URL generation overrides + +# if true, the context path of OpenCMIS generated urls will be set to "opencmis.context.value", otherwise it will be taken from the request url +opencmis.context.override=false +opencmis.context.value= +# if true, the servlet path of OpenCMIS generated urls will be set to "opencmis.servletpath.value", otherwise it will be taken from the request url +opencmis.servletpath.override=false +opencmis.servletpath.value= +opencmis.server.override=false +opencmis.server.value= + +# IMAP +imap.server.enabled=false +imap.server.port=143 +imap.server.attachments.extraction.enabled=true + +# Default IMAP mount points +imap.config.home.store=${spaces.store} +imap.config.home.rootPath=/${spaces.company_home.childname} +imap.config.home.folderPath=${spaces.imap_home.childname} +imap.config.server.mountPoints=AlfrescoIMAP +imap.config.server.mountPoints.default.mountPointName=IMAP +imap.config.server.mountPoints.default.modeName=ARCHIVE +imap.config.server.mountPoints.default.store=${spaces.store} +imap.config.server.mountPoints.default.rootPath=${protocols.rootPath} +imap.config.server.mountPoints.value.AlfrescoIMAP.mountPointName=Alfresco IMAP +imap.config.server.mountPoints.value.AlfrescoIMAP.modeName=MIXED + +#Imap extraction settings +#imap.attachments.mode: +# SEPARATE -- All attachments for each email will be extracted to separate folder. +# COMMON -- All attachments for all emails will be extracted to one folder. +# SAME -- Attachments will be extracted to the same folder where email lies. +imap.attachments.mode=SEPARATE +imap.attachments.folder.store=${spaces.store} +imap.attachments.folder.rootPath=/${spaces.company_home.childname} +imap.attachments.folder.folderPath=${spaces.imap_attachments.childname} + +# Activities Feed - refer to subsystem + +# Feed max ID range to limit maximum number of entries +activities.feed.max.idRange=1000000 +# Feed max size (number of entries) +activities.feed.max.size=200 +# Feed max age (eg. 44640 mins => 31 days) +activities.feed.max.ageMins=44640 + +activities.feed.generator.jsonFormatOnly=true +activities.feed.fetchBatchSize=250 +activities.feedNotifier.batchSize=200 +activities.feedNotifier.numThreads=2 + +# Subsystem unit test values. Will not have any effect on production servers +subsystems.test.beanProp.default.longProperty=123456789123456789 +subsystems.test.beanProp.default.anotherStringProperty=Global Default +subsystems.test.beanProp=inst1,inst2,inst3 +subsystems.test.beanProp.value.inst2.boolProperty=true +subsystems.test.beanProp.value.inst3.anotherStringProperty=Global Instance Default +subsystems.test.simpleProp2=true +subsystems.test.simpleProp3=Global Default3 + +# Default Async Action Thread Pool +default.async.action.threadPriority=1 +default.async.action.corePoolSize=8 +default.async.action.maximumPoolSize=20 + +# Deployment Service +deployment.service.numberOfSendingThreads=5 +deployment.service.corePoolSize=2 +deployment.service.maximumPoolSize=3 +deployment.service.threadPriority=5 +# How long to wait in mS before refreshing a target lock - detects shutdown servers +deployment.service.targetLockRefreshTime=60000 +# How long to wait in mS from the last communication before deciding that deployment has failed, possibly +# the destination is no longer available? +deployment.service.targetLockTimeout=3600000 +# Deployment method used to deploy this Alfresco instance (DEFAULT, INSTALLER, DOCKER_COMPOSE, HELM_CHART, ZIP, QUICK_START) +deployment.method=DEFAULT + +#Invitation Service +# Should send emails as part of invitation process. +notification.email.siteinvite=true +# Moderated invite Activiti workflow +site.invite.moderated.workflowId=activiti$activitiInvitationModerated +# Add intneral users Activiti workflow (use activiti$activitiInvitationNominated to revert to requiring accept of invite for internal users) +site.invite.nominated.workflowId=activiti$activitiInvitationNominatedAddDirect +# Add external users Activiti workflow +site.invite.nominatedExternal.workflowId=activiti$activitiInvitationNominated + +# Replication Service +replication.enabled=false + +# Transfer Service +transferservice.receiver.enabled=false +transferservice.receiver.stagingDir=${java.io.tmpdir}/alfresco-transfer-staging +# +# How long to wait in mS before refreshing a transfer lock - detects shutdown servers +# Default 1 minute. +transferservice.receiver.lockRefreshTime=60000 +# +# How many times to attempt retry the transfer lock +transferservice.receiver.lockRetryCount=3 +# How long to wait, in mS, before retrying the transfer lock +transferservice.receiver.lockRetryWait=100 +# +# How long to wait, in mS, since the last contact with from the client before +# timing out a transfer. Needs to be long enough to cope with network delays and "thinking +# time" for both source and destination. Default 5 minutes. +transferservice.receiver.lockTimeOut=300000 + +# OrphanReaper +orphanReaper.lockRefreshTime=60000 +orphanReaper.lockTimeOut=3600000 + + +# security +security.anyDenyDenies=true +# Whether to post-process denies. Only applies to solr4+ when anyDenyDenies is true. +security.postProcessDenies=false + +# +# Encryption properties +# +# default keystores location +dir.keystore=classpath:alfresco/keystore + +# general encryption parameters +encryption.keySpec.class=org.alfresco.encryption.DESEDEKeyGenerator +encryption.keyAlgorithm=AES +encryption.cipherAlgorithm=AES/CBC/PKCS5Padding + +# secret key keystore configuration +encryption.keystore.location=${dir.keystore}/keystore +# configuration via metadata is deprecated +encryption.keystore.keyMetaData.location= +encryption.keystore.provider= +encryption.keystore.type=pkcs12 + +# backup secret key keystore configuration +encryption.keystore.backup.location=${dir.keystore}/backup-keystore +# configuration via metadata is deprecated +encryption.keystore.backup.keyMetaData.location= +encryption.keystore.backup.provider= +encryption.keystore.backup.type=pkcs12 + +# Should encryptable properties be re-encrypted with new encryption keys on botstrap? +encryption.bootstrap.reencrypt=false + +# mac/md5 encryption +encryption.mac.messageTimeout=30000 +encryption.mac.algorithm=HmacSHA1 + +# ssl encryption +encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore +encryption.ssl.keystore.provider= +encryption.ssl.keystore.type=JCEKS +# configuration via metadata is deprecated +encryption.ssl.keystore.keyMetaData.location= +encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore +encryption.ssl.truststore.provider= +encryption.ssl.truststore.type=JCEKS +# configuration via metadata is deprecated +encryption.ssl.truststore.keyMetaData.location= + +# Re-encryptor properties +encryption.reencryptor.chunkSize=100 +encryption.reencryptor.numThreads=2 + +# SOLR connection details (e.g. for JMX) +solr.host=localhost +solr.port=8983 +solr.port.ssl=8984 +solr.solrUser=solr +solr.solrPassword=solr +# none, https +solr.secureComms=https +solr.cmis.alternativeDictionary=DEFAULT_DICTIONARY + +solr.max.total.connections=40 +solr.max.host.connections=40 + +# Solr connection timeouts +# solr connect timeout in ms +solr.solrConnectTimeout=5000 + +# cron expression defining how often the Solr Admin client (used by JMX) pings Solr if it goes away +solr.solrPingCronExpression=0 0/5 * * * ? * + + +#Default SOLR store mappings mappings +solr.store.mappings=solrMappingAlfresco,solrMappingArchive +solr.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory +solr.store.mappings.value.solrMappingAlfresco.baseUrl=/solr/alfresco +solr.store.mappings.value.solrMappingAlfresco.protocol=workspace +solr.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore +solr.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory +solr.store.mappings.value.solrMappingArchive.baseUrl=/solr/archive +solr.store.mappings.value.solrMappingArchive.protocol=archive +solr.store.mappings.value.solrMappingArchive.identifier=SpacesStore + +#Default SOLR 4 store mappings mappings +solr4.store.mappings=solrMappingAlfresco,solrMappingArchive +solr4.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory +solr4.store.mappings.value.solrMappingAlfresco.baseUrl=/solr4/alfresco +solr4.store.mappings.value.solrMappingAlfresco.protocol=workspace +solr4.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore +solr4.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory +solr4.store.mappings.value.solrMappingArchive.baseUrl=/solr4/archive +solr4.store.mappings.value.solrMappingArchive.protocol=archive +solr4.store.mappings.value.solrMappingArchive.identifier=SpacesStore + +#Default SOLR 6 store mappings mappings +solr6.store.mappings=solrMappingAlfresco,solrMappingArchive,solrMappingHistory +solr6.store.mappings.value.solrMappingAlfresco.httpClientFactory=solrHttpClientFactory +solr6.store.mappings.value.solrMappingAlfresco.baseUrl=/solr/alfresco +solr6.store.mappings.value.solrMappingAlfresco.protocol=workspace +solr6.store.mappings.value.solrMappingAlfresco.identifier=SpacesStore +solr6.store.mappings.value.solrMappingArchive.httpClientFactory=solrHttpClientFactory +solr6.store.mappings.value.solrMappingArchive.baseUrl=/solr/archive +solr6.store.mappings.value.solrMappingArchive.protocol=archive +solr6.store.mappings.value.solrMappingArchive.identifier=SpacesStore +solr6.store.mappings.value.solrMappingHistory.httpClientFactory=solrHttpClientFactory +solr6.store.mappings.value.solrMappingHistory.baseUrl=/solr/history +solr6.store.mappings.value.solrMappingHistory.protocol=workspace +solr6.store.mappings.value.solrMappingHistory.identifier=history + +# +# URL Shortening Properties +# +urlshortening.bitly.username=brianalfresco +urlshortening.bitly.api.key=R_ca15c6c89e9b25ccd170bafd209a0d4f +urlshortening.bitly.url.length=20 + +# +# Bulk Filesystem Importer +# + +# The number of threads to employ in a batch import +bulkImport.batch.numThreads=4 + +# The size of a batch in a batch import i.e. the number of files to import in a +# transaction/thread +bulkImport.batch.batchSize=20 + + +# +# Caching Content Store +# +system.content.caching.cacheOnInbound=true +system.content.caching.maxDeleteWatchCount=1 +# Clean up every day at 3 am +system.content.caching.contentCleanup.cronExpression=0 0 3 * * ? +system.content.caching.minFileAgeMillis=60000 +system.content.caching.maxUsageMB=4096 +# maxFileSizeMB - 0 means no max file size. +system.content.caching.maxFileSizeMB=0 +# When the CachingContentStore is about to write a cache file but the disk usage is in excess of panicThresholdPct +# (default 90%) then the cache file is not written and the cleaner is started (if not already running) in a new thread. +system.content.caching.panicThresholdPct=90 +# When a cache file has been written that results in cleanThresholdPct (default 80%) of maxUsageBytes +# being exceeded then the cached content cleaner is invoked (if not already running) in a new thread. +system.content.caching.cleanThresholdPct=80 +# An aggressive cleaner is run till the targetUsagePct (default 70%) of maxUsageBytes is achieved +system.content.caching.targetUsagePct=70 +# Threshold in seconds indicating a minimal gap between normal cleanup starts +system.content.caching.normalCleanThresholdSec=0 + +mybatis.useLocalCaches=false + +fileFolderService.checkHidden.enabled=true + + +ticket.cleanup.cronExpression=0 0 * * * ? + +# +# Download Service Cleanup +# +download.cleaner.startDelayMilliseconds=3600000 +# 1 hour +download.cleaner.repeatIntervalMilliseconds=3600000 +download.cleaner.maxAgeMins=60 +# -1 or 0 for not using batches +download.cleaner.batchSize=1000 + +# you could set this to false for new installations greater then ACS 6.2 +# see MNT-20212 +download.cleaner.cleanAllSysDownloadFolders=true + +# +# Download Service Limits, in bytes +# +download.maxContentSize=2152852358 + +# Max size of view trashcan files +# +trashcan.MaxSize=1000 + +# +# Use bridge tables for caching authority evaluation. +# +authority.useBridgeTable=true + +# Limit the number of results from findAuthority query +authority.findAuthorityLimit=10000 + +# enable QuickShare - if false then the QuickShare-specific REST APIs will return 403 Forbidden +system.quickshare.enabled=true +system.quickshare.email.from.default=noreply@alfresco.com +# By default the difference between the quick share expiry date and the current time must be at least 1 day (24 hours). +# However, this can be changed to at least 1 hour or 1 minute for testing purposes. For example, +# setting the value to MINUTES, means the service will calculate the difference between NOW and the given expiry date +# in terms of minutes and checks for the difference to be greater than 1 minute. +# DAYS | HOURS | MINUTES +system.quickshare.expiry_date.enforce.minimum.period=DAYS + +# Oubound Mail +mail.service.corePoolSize=8 +mail.service.maximumPoolSize=20 + +nodes.bulkLoad.cachingThreshold=10 + +# Multi-Tenancy + +# if "dir.contentstore.tenants" is set then +# tenants are not co-mingled and all content roots will appear below this container (in sub-folder) +# and when creating a tenant the "contentRootPath" (root content store directory for a given tenant) will be ignored +dir.contentstore.tenants= + +# Gateway Authentication +# gateway authentication is disabled if empty host is specified +alfresco.authentication.gateway.host= +alfresco.authentication.gateway.protocol=https +alfresco.authentication.gateway.port=443 +alfresco.authentication.gateway.outboundHeaders=Authorization,key +alfresco.authentication.gateway.inboundHeaders=X-Alfresco-Authenticator-Key,X-Alfresco-Remote-User +alfresco.authentication.gateway.prefixUrl=/publicapi +alfresco.authentication.gateway.bufferSize=2048 +alfresco.authentication.gateway.connectTimeout=10000 +alfresco.authentication.gateway.readTimeout=120000 +alfresco.authentication.gateway.httpTcpNodelay=true +alfresco.authentication.gateway.httpConnectionStalecheck=true + +# webscripts config +webscripts.encryptTempFiles=false +webscripts.tempDirectoryName=Alfresco-WebScripts +# 4mb +webscripts.memoryThreshold=4194304 +# 4gb +webscripts.setMaxContentSize=5368709120 + +# Property to enable index upgrade for metadata query (MDQ) +# +# The indexes are not added unless this value is changed +# Adding each the supporting indexes may take several hours depending on the size of the database. +# The required indexes may be added in stages. +# See: classpath:alfresco/dbscripts/upgrade/4.2/${db.script.dialect}/metadata-query-indexes.sql +# See: classpath:alfresco/dbscripts/upgrade/5.1/${db.script.dialect}/metadata-query-indexes-2.sql +system.metadata-query-indexes.ignored=true +system.metadata-query-indexes-more.ignored=true + +# +# Do we defer running the shared folder patch? +# +system.patch.sharedFolder.deferred=false +# Default value is run new years day 2030 i.e. not run. +system.patch.sharedFolder.cronExpression=0 0 0 ? 1 1 2030 + +# +# Default values for deferring the running of the addUnmovableAspect patch +# +system.patch.addUnmovableAspect.deferred=false +system.patch.addUnmovableAspect.cronExpression=0 0 0 ? 1 1 2030 + +# Property to enable removal of all JBPM related data from the database +# +# The tables are not removed from the databasen unless explicitly requested by setting this property to false. +# See: classpath:alfresco/dbscripts/upgrade/5.2/${db.script.dialect}/remove-jbpm-tables-from-db.sql +system.remove-jbpm-tables-from-db.ignored=true + +# +# Use a canned query when requested to search for people if " [hint:useCQ]" is provided in search term +# +people.search.honor.hint.useCQ=true + +# Delays cron jobs after bootstrap to allow server to fully come up before jobs start +system.cronJob.startDelayMilliseconds=60000 + +# Schedule for reading mimetype config definitions dynamically. Initially checks every 10 seconds and then switches to +# every hour after the configuration is read successfully. If there is a error later reading the config, the +# checks return to every 10 seconds. +mimetype.config.cronExpression=0 30 0/1 * * ? +mimetype.config.initialAndOnError.cronExpression=0/10 * * * * ? + +# Optional property to specify an external file or directory that will be read for mimetype definitions from YAML +# files (possibly added to a volume via k8 ConfigMaps). +mimetype.config.dir=shared/classes/alfresco/extension/mimetypes + +# Schedule for reading rendition config definitions dynamically. Initially checks every 10 seconds and then switches to +# every hour after the configuration is read successfully. If there is a error later reading the config, the +# checks return to every 10 seconds. +rendition.config.cronExpression=2 30 0/1 * * ? +rendition.config.initialAndOnError.cronExpression=0/10 * * * * ? + +# Optional property to specify an external file or directory that will be read for rendition definitions from YAML +# files (possibly added to a volume via k8 ConfigMaps). +rendition.config.dir=shared/classes/alfresco/extension/transform/renditions + +# Optional property to specify an external file or directory that will be read for transformer json config. +local.transform.pipeline.config.dir=shared/classes/alfresco/extension/transform/pipelines + +# Used to disable transforms locally. +local.transform.service.enabled=true + +# Schedule for reading local transform config, so that T-Engines and local pipeline config is dynamically +# picked up, or reintegrated after an outage. Initially checks every 10 seconds and then switches to every hour +# after the configuration is read successfully. If there is a error later reading the config, the checks return to +# every 10 seconds. +local.transform.service.cronExpression=4 30 0/1 * * ? +local.transform.service.initialAndOnError.cronExpression=0/10 * * * * ? + +# Used to disable transforms that extend AbstractContentTransformer2 +legacy.transform.service.enabled=true + +# +# Check that the declared mimetype (of the Node) is the same as the derived +# mimetype of the content (via Tika) before a transformation takes place. +# Only files in the repository (not intermediate files in a transformer +# pipeline) are checked. This property provides a trade off between a +# security check and a relatively expensive (Tika) operation. +# +# There are a few issues with the Tika mimetype detection. So that transformations +# still take place where the detected mimetype is not the same as the declared mimetype, +# another property (transformer.strict.mimetype.check.whitelist.mimetypes) contains pairs +# of declared and detected mimetypes that should be allowed. This parameter value is a +# sequence of ; separated pairs. The declared and derived mimetypes are also ; separated. +# +transformer.strict.mimetype.check=true + +# A white list of declared and detected mimetypes, that don't match, but should still be transformed. +transformer.strict.mimetype.check.whitelist.mimetypes=application/eps;application/postscript;application/illustrator;application/pdf;application/x-tar;application/x-gtar;application/acp;application/zip;application/vnd.stardivision.math;application/x-tika-msoffice + +# +# Enable transformation retrying if the file has MIME type differ than file extension. +# Ignored if transformer.strict.mimetype.check is true as these transformations +# will not take place. +# +content.transformer.retryOn.different.mimetype=true + +# +# Lock timeout configuration +# +system.lockTryTimeout=100 +system.lockTryTimeout.DictionaryDAOImpl=10000 +system.lockTryTimeout.MessageServiceImpl=${system.lockTryTimeout} +system.lockTryTimeout.PolicyComponentImpl=${system.lockTryTimeout} + + +# Scheduled job to clean up unused properties from the alf_prop_xxx tables. +# Default setting of "0 0 3 ? * SAT" is to run every Saturday at 3am. +attributes.propcleaner.cronExpression=0 0 3 ? * SAT + +# Control Alfresco JMX connectivity +alfresco.jmx.connector.enabled=false + +# Dissallow Attribute Service Entries with "Serializable" objects in key Segments +# Please, see MNT-11895 for details. +system.propval.uniquenessCheck.enabled=true + +# Requests for ephemeral (in-memory) locks with expiry times (in seconds) greater +# than this value will result in persistent locks being created instead. By default +# this value is equal to the maximum allowed expiry for ephemeral locks, therefore +# this feature is disabled by default. Setting this to -1 would mean that ALL +# requests for ephemeral locks would result in persistent locks being created. +alfresco.ephemeralLock.expiryThresh=172800 + +# SurfConfigFolder Patch +# +# Do we defer running the surf-config folder patch? +# +system.patch.surfConfigFolder.deferred=false +# Default value. i.e. never run. It can be triggered using JMX +system.patch.surfConfigFolder.cronExpression=* * * * * ? 2099 + +# +# Solr Facets Config Properties +# +solr_facets.root.path=/app:company_home/app:dictionary +solr_facets.root=${solr_facets.root.path}/${spaces.solr_facets.root.childname} +solr_facets.inheritanceHierarchy=default,custom + +models.enforceTenantInNamespace=false + +# Allowed protocols for links +links.protocosl.white.list=http,https,ftp,mailto + +# Fixed ACLs +# Required for fixing MNT-15368 - Time Consumed for Updating Folder Permission +# ADMAccessControlListDAO.setFixedAcls called on a large folder hierarchy will take a long time for its execution. +# For this reason now method can also be called asynchronously if transaction reaches system.fixedACLs.maxTransactionTime. +# In this case setFixedAcls method recursion will be stopped and unfinished nodes will be marked with ASPECT_PENDING_FIX_ACL. +# Pending nodes will be processed by FixedAclUpdater, programmatically called but also configured as a scheduled job. +system.fixedACLs.maxTransactionTime=10000 +# fixedACLsUpdater - lock time to live +system.fixedACLsUpdater.lockTTL=10000 +# fixedACLsUpdater - maximum number of nodes to process per execution +system.fixedACLsUpdater.maxItemBatchSize=100 +# fixedACLsUpdater - the number of threads to use +system.fixedACLsUpdater.numThreads=4 +# fixedACLsUpdater cron expression - fire at midnight every day +system.fixedACLsUpdater.cronExpression=0 0 0 * * ? + +cmis.disable.hidden.leading.period.files=false + +#Smart Folders Config Properties +smart.folders.enabled=false + +#Smart reference config +smart.reference.classpath.hash=${smart.folders.config.vanilla.processor.classpath}->1,${smart.folders.config.system.templates.classpath}->2 + +#Smart store config + +#Company home relative download associations of smart entries +smart.download.associations.folder=${spaces.dictionary.childname}/${spaces.smartdownloads.childname} + +#Generic virtualization methods config + +#Vanilla JSON templates javascript processor classpath. A java script processor used to +#covert JSON templates to internal smart folder definitions. + +smart.folders.config.vanilla.processor.classpath=/org/alfresco/repo/virtual/node/vanilla.js + +#System virtualization method config + +#System virtualization method aspect. +smart.folders.config.system.aspect=smf:systemConfigSmartFolder +#System virtualization method aspect defined template location property. +smart.folders.config.system.aspect.template.location.property=smf:system-template-location +#Classpath to be explored for *.json entries defining system templates. +smart.folders.config.system.templates.classpath=/org/alfresco/repo/virtual/node +#A company home relative name or qname path location of repository system templates. +smart.folders.config.system.templates.path=${spaces.dictionary.childname}/${spaces.smartfolders.childname} +#Content sub type of repository system templates. +smart.folders.config.system.templates.template.type=smf:smartFolderTemplate + +#Custom virtualization method config + +#Custom virtualization method aspect. +smart.folders.config.custom.aspect=smf:customConfigSmartFolder +#Custom virtualization method aspect template content association. +smart.folders.config.custom.aspect.template.association=smf:custom-template-association + + +#Type virtualization method config + +#A company home relative name or qname path location of the type mapped templates. +smart.folders.config.type.templates.path=${spaces.dictionary.childname}/${spaces.smartfolders.childname} +#Type and aspect qname regular expression filter. +smart.folders.config.type.templates.qname.filter=none + +# Preferred password encoding, md4, sha256, bcrypt10 +system.preferred.password.encoding=md4 + +# Upgrade Password Hash Job +system.upgradePasswordHash.jobBatchSize=100 +system.upgradePasswordHash.jobQueryRange=10000 +system.upgradePasswordHash.jobThreadCount=4 +system.upgradePasswordHash.jobCronExpression=* * * * * ? 2099 + +system.api.discovery.enabled=true + +# Maximum query size for category/tag fetch when not explicitly set by paging parameters +category.queryFetchSize=5000 + +# Brute force protection +authentication.protection.enabled=true +authentication.protection.limit=10 +authentication.protection.periodSeconds=6 + +system.email.sender.default=noreply@alfresco.com +# reset password workflow will expire in an hour +system.reset-password.endTimer=PT1H +system.reset-password.sendEmailAsynchronously=true + +# HeartBeat +heartbeat.target.url= +heartbeat.enabled=true + +# CSRF filter overrides +csrf.filter.enabled=true +csrf.filter.referer= +csrf.filter.referer.always=false +csrf.filter.origin= +csrf.filter.origin.always=false + +# CORS settings +cors.enabled=false +cors.allowed.origins= +cors.allowed.methods=GET,POST,HEAD,OPTIONS,PUT,DELETE +cors.allowed.headers=Authorization,Content-Type,Cache-Control,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-CSRF-Token +cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials +cors.support.credentials=true +cors.preflight.maxage=10 + +# Alfresco Rest Api-Explorer +api-explorer.url= + +# Events subsystem +events.subsystem.autoStart=false +# Messaging subsystem +messaging.subsystem.autoStart=true + + +# Raw events +acs.repo.rendition.events.endpoint=jms:acs-repo-rendition-events?jmsMessageType=Text + +# Transform request events +acs.repo.transform.request.endpoint=jms:acs-repo-transform-request?jmsMessageType=Text + +# If enabled doesn't allow to set content properties via NodeService +contentPropertyRestrictions.enabled=true +contentPropertyRestrictions.whitelist= + +# Repo events2 +# Type and aspect filters which should be excluded +# Note: System folders node types are added by default +repo.event2.filter.nodeTypes=sys:*, fm:*, cm:thumbnail, cm:failedThumbnail, cm:rating, rma:rmsite include_subtypes +repo.event2.filter.nodeAspects=sys:* +repo.event2.filter.childAssocTypes=rn:rendition +# Comma separated list of users which should be excluded +# Note: username's case-sensitivity depends on the {user.name.caseSensitive} setting +repo.event2.filter.users=System, null +# Topic name +repo.event2.topic.endpoint=amqp:topic:alfresco.repo.event2 + +# MNT-21083 +# --DELETE_NOT_EXISTS - default settings +system.delete_not_exists.batchsize=100000 +system.delete_not_exists.delete_batchsize=1000 +system.delete_not_exists.read_only=false +system.delete_not_exists.timeout_seconds=-1 +system.prop_table_cleaner.algorithm=V2 + +# Configure the expiration time of the direct access url. This is the length of time in seconds that the link is valid for. +# Note: It is up to the actual ContentStore implementation if it can fulfil this request or not. alfresco.content.directAccessUrl.lifetimeInSec=300 \ No newline at end of file