^\./.*\.schema\.json$
Must be at least 1 characters long
Must be at most 64 characters long
Configuration of asynchronous job solver
No Additional PropertiesEnable or disable asynchronous job handling
Maximum cpu count that the solver is allowed to dedicate for workers
Value must be greater or equal to 1 and lesser or equal to 64
Maximum memory that the solver is allowed to dedicate for workers. See administration manual to check memory requirements per job types.
Value must be greater or equal to 1024 and lesser or equal to 65536
Allows to choose which OpenGL implementation should be used. none : will not load OpenGL support, making some export jobs unprocessable. system : will use OpenGL implementation provided by the OS. mesa : will use Mesa3D LLVM software renderer (only available on Windows)
List of supported async job types. If the list is empty assums all job types are acceptable.
Must contain a minimum of 0 items
All items must be unique
No Additional Itemsexport2draster: 2D raster image export.<br/>export2dvecto: 2D vectorial image export.<br/>export3d: 3D or BOM export.
enables rfDebug for doc river
∞Directory api key, if null m2m bearer will be used
If null http.*_key authentication methods will be disabled.
Api key secret used to protect api endpoints, this secret will be used as http Basic authentication with 'infinite' login. It will be preferred over OAuth2 method if both are specified.
Must be at least 1 characters long
url to the directory, preferably a backend vhost
Must match regular expression:^https?:\/\/[^@\/A-Z]+?(:[1-9][0-9]{0,4})(\/.*)?\/directory$
Must be at most 1024 characters long
Host and port of elasticsearch node http interface. The node should be fully dedicated to this proxy. It is preferable to host the node on the same server as proxy service.
No Additional PropertiesElasticsearch connection login, could be empty if xpack.security is disabled.
Must be at least 0 characters long
Elasticsearch connection password, could be empty if xpack.security is disabled.
Must be at least 0 characters long
url to the local elasticsearch cluster
Must match regular expression:^http:\/\/[^@\/]+?(:[1-9][0-9]{0,4})(\/.*)?$
Must be at most 1024 characters long
http configuration
No Additional Propertiesfile path to client PEM certificate
Must be at least 1 characters long
file path to client PEM private key
Must be at least 1 characters long
private key password if any
file path to client P12 certificate
Must be at least 1 characters long
private key password if any
Disable use of certificate
Enforce use of provided http proxy for http calls
Must match regular expression:^https?:\/\/.*$
Must be at most 1024 characters long
Disable use of any http proxy for http calls
Enforce use of the automatic http proxy configuration from the system for http calls
Set this value to false to disable ssl peer verification
rfDebug output that should be omitted
All items must be unique
No Additional ItemsMust be at least 1 characters long
loglevel should be used instead. Enables DEBUG log level. This SHOULD NOT BE MAINTAINED IN PRODUCTION as it will log sensitive data and have a negative impact on overall performances.
change default log location. If relative, will be resolved relative to configuration or job file.
Must be at least 1 characters long
use default log location
Must be at least 0 characters long
Must be at most 0 characters long
disable file logging
enable log output to console
Specifies log level. INFO > DEBUG > TRACE. A log level lower than INFO SHOULD NOT BE MAINTAINED IN PRODUCTION as it will log sensitive data and have a negative impact on overall performances.
Configuration for Grafana Loki http push log handler
No Additional Propertieshttp configuration for calls to calls to loki endpoint
No Additional PropertiesUse global configuration
file path to client PEM certificate
Must be at least 1 characters long
file path to client PEM private key
Must be at least 1 characters long
private key password if any
file path to client P12 certificate
Must be at least 1 characters long
private key password if any
Disable use of certificate
Use global configuration
Enforce use of provided http proxy for http calls
Must match regular expression:^https?:\/\/.*$
Must be at most 1024 characters long
Disable use of any http proxy for http calls
Enforce use of the automatic http proxy configuration from the system for http calls
Use global configuration
Set this value to false to disable ssl peer verification
optional labels that will be added to loki streams
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^(?!log$).*$
Must be at least 1 characters long
Must be at most 64 characters long
Additional Properties of any type are allowed.
Type: objectloki connection login
maximum size in bytes of log message send to loki, if log entry is longer it will be truncated. If zero full message will not be truncated.
Value must be greater or equal to 0
loki connection password
an url that should point to an endpoint compatible with POST /loki/api/v1/push, body will be gziped json, this endpoint is expected to return 200 or 204 on success. Url should not contains credentials.
Must match regular expression:^https?:\/\/[^@\/]+?(\/.*)$
Must be at most 1024 characters long
Maximum log file size
Value must be greater or equal to 16 and lesser or equal to 1024
Number of backup log to keep, if -1 all logs will be kept
Value must be greater or equal to -1 and lesser or equal to 512
Enable time base log rotation
common OpenID connect settings
No Additional PropertiesOpenID Provider configuration url (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest)
Must match regular expression:^https:\/\/([^\/]*?)\/.*$
Must be at most 1024 characters long
http configuration for calls to calls to the OpenID server
No Additional PropertiesUse global configuration
file path to client PEM certificate
Must be at least 1 characters long
file path to client PEM private key
Must be at least 1 characters long
private key password if any
file path to client P12 certificate
Must be at least 1 characters long
private key password if any
Disable use of certificate
Use global configuration
Enforce use of provided http proxy for http calls
Must match regular expression:^https?:\/\/.*$
Must be at most 1024 characters long
Disable use of any http proxy for http calls
Enforce use of the automatic http proxy configuration from the system for http calls
Use global configuration
Set this value to false to disable ssl peer verification
No OAuth2 configuration for machine to machine communication, http.m2m_bearer will be disabled and api key will be used.
Configure OAuth2 machine to machine identification using OpenID Connect client credentials flow. See http.m2m_bearer authentication method. Those settings will be used to acquire a token and to validate received tokens.
No Additional Propertiesspecifies additional query parameters that should be added to oidc endpoint calls
No Additional Propertiesadditional query parameters for token_endpoint
No Additional PropertiesAll properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^(?!scope$).*$
Additional scope string that will be passed to the OpenID server on the token call to obtain and access_token. infinite.* scopes will be added automatically.
Must match regular expression:^(()|([\x21\x23-\x5B\x5d-\x7e]+)( [\x21\x23-\x5B\x5d-\x7e]+)*)$
Must be at least 0 characters long
Must be at most 1024 characters long
List of algorithm that will be allowed for JWT (idtoken and accesstoken) delivered by the OpenID server
All items must be unique
No Additional ItemsOpenID application id
Must be at least 1 characters long
OpenID application secret
Must be at least 1 characters long
audience (aud) value is assumed to contain client_id.
disable aud field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
value that should be contained in access tokens aud field.
Must be at least 1 characters long
list of potential aud field values. At least one should be equal to access tokens aud field.
Must contain a minimum of 1 items
Must contain a maximum of 16 items
value that should be contained in access tokens aud field.
Must be at least 1 characters long
Authorized party (azp) value is assumed to contain client_id
disable azp field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
list of accepted azp values, at least one should be contained in access tokens azp field
Must contain a minimum of 1 items
Must contain a maximum of 32 items
All items must be unique
No Additional ItemsMust be at least 1 characters long
issuer (iss) value will be retrieved from configuration endpoint.
disable iss field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
value that should be contained in access tokens iss field.
Must be at least 1 characters long
list of potential iss field values. At least one should be equal to access tokens iss field.
Must contain a minimum of 1 items
Must contain a maximum of 16 items
value that should be contained in access tokens iss field.
Must be at least 1 characters long
List of algorithm that will be allowed for JWT (idtoken and accesstoken) delivered by the OpenID server
All items must be unique
No Additional Itemsaudience (aud) value is assumed to contain client_id.
disable aud field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
value that should be contained in access tokens aud field.
Must be at least 1 characters long
list of potential aud field values. At least one should be equal to access tokens aud field.
Must contain a minimum of 1 items
Must contain a maximum of 16 items
value that should be contained in access tokens aud field.
Must be at least 1 characters long
Authorized party (azp) value is assumed to contain client_id
disable azp field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
list of accepted azp values, at least one should be contained in access tokens azp field
Must contain a minimum of 1 items
Must contain a maximum of 32 items
All items must be unique
No Additional ItemsMust be at least 1 characters long
issuer (iss) value will be retrieved from configuration endpoint.
disable iss field validation. Not recommanded but could be usefull when dealing with a weird oidc server.
Specific value:false
value that should be contained in access tokens iss field.
Must be at least 1 characters long
list of potential iss field values. At least one should be equal to access tokens iss field.
Must contain a minimum of 1 items
Must contain a maximum of 16 items
value that should be contained in access tokens iss field.
Must be at least 1 characters long
Enable use of accesstoken (OpendID server should also return a refreshtoken) delivered by OpenID server to protect ∞Directory and ∞Proxy api calls from client applications (http.session_bearer security scheme). If disabled, tokens delivered by the Directory will be used.
maximum wait duration per host while trying to establish a connection. Value is in secondes.
Value must be greater or equal to 2
target database name
Must be at least 1 characters long
list of host, allowing to specify primary and replicat servers. Connection attempt will respect list order, to distribute read-only load on hot standby servers, put them first in the list.
Must contain a minimum of 1 items
Must contain a maximum of 8 items
hostname or ip
Must be at least 1 characters long
tcp port
Value must be greater or equal to 1 and lesser or equal to 65535
PostgreSQL database connection login, could be empty if using SSPI or GSS authentication.
Must be at least 0 characters long
PostgreSQL database connection password, could be empty if using SSPI or GSS authentication.
Must be at least 0 characters long
file path to client PEM certificate
Must be at least 1 characters long
file path to client PEM private key
Must be at least 1 characters long
private key password if any
file path to client P12 certificate
Must be at least 1 characters long
private key password if any
Disable use of certificate
should we use ssl connection
file path to rootCA.crt that will be used to verify server certificat, if empty default libpq cert location will be used
if disabled, server certificat will not be validated
If null http.*_key authentication methods will be disabled.
Api key secret used to protect api endpoints, this secret will be used as http Basic authentication with 'infinite' login. It will be preferred over OAuth2 method if both are specified.
Must be at least 1 characters long
optional proxy api vhost for backend usage (used by proxy service and directory), if specified this vhost will not accept client security schemes. This vhost should be accessible by all directory instances.
No Additional PropertiesAllows to restrict security flows accepted on this vhost
Accept all security schemes
List of security flows accepted by the ∞Proxy.
Must contain a minimum of 1 items
Allows to restrict security schemes accepted on this vhost
Accept all security schemes
List of security schemes accepted by the ∞Proxy.
Must contain a minimum of 1 items
^https?:\/\/[^@\/A-Z]+?(:[1-9][0-9]{0,4})(\/.*)?\/proxy$
Must be at most 1024 characters long
bind port for proxy api http implementation
Value must be greater or equal to 1 and lesser or equal to 65535
If true, authorization and vhost check will be disabled for /api/getversion endpoint. This is useful to run healthcheck of containers behind a load balancer were load balancer will use internal IP or hostname.
enables log of received http requests
Define which headers should be used to determine host and port used by the client.Unfortunately 2 sets of headers ('Forwarded' and 'X-Forwarded-*') exist for reverse proxy. So depending on your infrastructure you might need to change evaluation order. Evaluation will stop on the first header found. If no headers were found the 'Host' header will be used. Sometimes exotic configuration (like AWS) may preserve the Host header, add X-forwarded-port and discard X-forwarded-Host, in this case, the policy host-with-x-forwarded-port may be used.
All items must be unique
No Additional Itemsenables log of received http requests
how long (in secondes) a bearer is kept in cache
Value must be greater or equal to 0 and lesser or equal to 500
specify if proxy api http implementation should listen on any addresses, if false only loopback will be bound
main proxy vhost always used by client. If a backendvhost security schemes is defined, implicit restrictions will be applied to this vhost. Should use HTTPS !
No Additional PropertiesAllows to restrict security flows accepted on this vhost
Accept all security schemes
List of security flows accepted by the ∞Proxy.
Must contain a minimum of 1 items
Allows to restrict security schemes accepted on this vhost
Accept all security schemes
List of security schemes accepted by the ∞Proxy.
Must contain a minimum of 1 items
^https?:\/\/[^@\/A-Z]+?(:[1-9][0-9]{0,4})(\/.*)?\/proxy$
Must be at most 1024 characters long
Defines replication restriction, allowing to retrieve only a subset of builds available on the Directory
No Additional Propertiesworking folder were ∞Proxy data are stored. If relative, will be resolved relative to job file.