You configure the Sophora Server with a sophora.properties file. Its location can be specified with the Java VM option -Dsophora.properties. Here is a minimal example to extend on:
sophora.home=/path/to/sophora/home
sophora.persistence.postgres.hostname=localhost
sophora.persistence.postgres.port=5432
sophora.persistence.postgres.username=postgres
sophora.persistence.postgres.password=postgres
sophora.persistence.postgres.database=sophora
sophora.replication.mode=master
sophora.binarystore=fs
Configuration Parameters of the Sophora Server
The following tables list all valid parameters for the sophora.properties file.
Messaging and Interfaces
| Parameter | Description |
|---|---|
sophora.http.proxy.host | HTTP proxy host address for the RemoteDataManager (See the section on Java network properties for an alternative solution) |
sophora.http.proxy.port | HTTP proxy port for the RemoteDataManager |
sophora.http.proxy.username | HTTP proxy username for the RemoteDataManager |
sophora.http.proxy.password | HTTP proxy password for the RemoteDataManager |
sophora.http.proxy.noProxy | List of excluded host names. Default is "127.0.0.1,localhost" |
sophora.jmx.enabled | Activate the JMX interface: true or false |
sophora.jmx.username, sophora.jmx.password | Username and password for the JMX interface (optional). If no username and password are given, no authentication is required to use the JMX interface. |
sophora.local.jmsbroker.host,sophora.remote.jmsbroker.host | Use sophora.local.jmsbroker.host to specify the host name or IP address of the embedded JMS Broker. sophora.remote.jmsbroker.host refers to the host name or IP address of its Sophora Primary Server.On Sophora Staging Servers, sophora.remote.jmsbroker.host must be configured. But as Sophora Staging Servers do not have an embedded JMS Broker, the configuration of sophora.local.jmsbroker.host is not necessary. Default is localhost. |
sophora.local.jmsbroker.port,sophora.remote.jmsbroker.port | Use sophora.local.jmsbroker.port to specify the port of the actual configured Sophora Server and sophora.remote.jmsbroker.port to specify the port of the Sophora Server to which this server is connected.On Sophora Staging Servers, only the property sophora.remote.jmsbroker.port is required. As Sophora Staging Servers do not have an embedded JMS Broker, the configuration of sophora.local.jmsbroker.port is not necessary.Default is 1197. |
sophora.remote.jmsbroker.maxSyncCompletionDelayMs | The maximum time, in milliseconds, that the replica waits for additional events after synchronization. If new events occur within this period, synchronization is completed immediately. Otherwise, it is considered complete once the delay has elapsed. The default value is 10,000 ms. |
sophora.remote.api.http.address | IP address to bind the HTTP port to |
sophora.remote.api.http.port | HTTP port to access the content manager API via HTTP. If this property is blank, the port will be calculated as follows: sophora.remote.api.http.port = sophora.rmi.registryPort - 3. Thus, by default this is 1196. |
sophora.remote.api.external.hostname | An external hostname that points to this server and should be used by clients to connect to the server. Clients switching their connection to this server will prefer the external connection URL if defined unless they are configured to only use internal connections The 3 external properties are intended to be used when the server is in various networks and uses internal connections for server-to-server communication (e.g in a kubernets setup) and external connections for clients (e.g. through ingresses). The external properties are not set by default. |
sophora.remote.api.external.port | Port counterpart for sophora.remote.api.external.hostname. If unset the external URL will not contain a port. |
sophora.remote.api.external.protocol | Protocol counterpart for sophora.remote.api.external.hostname.The protocol can be different from the servers preferred protocol. You can use SSL termination infront of a Sophora Server running on http. If unset "http" is used for the external URL. |
sophora.remote.api.grpc.port | The port the HTTP/2 gRPC API server will bind to. (default 2026) |
sophora.remote.api.grpc.external.hostname | The external hostname that points to the this server (see sophora.remote.api.external.hostname above). This can be configured the same as the sophora.remote.api.external.hostname as long as a reverse-proxy will be able to direct the traffic correctly to the backend. |
sophora.remote.api.grpc.external.port | The port counterpart for sophora.remote.api.grpc.external.hostname. This can also be configured the same as sophora.remote.api.external.port, as long as the reverse-proxy is configured correctly. |
sophora.remote.api.grpc.external.protocol | Protocol counterpart for sophora.remote.api.grpc.external.hostname.The protocol can be different from the servers preferred protocol (e.g. you can use a reverse-proxy for SSL termination). If unset only "http" is used. |
sophora.rmi.registryPort | RMI registry port. Default is 1199. |
sophora.rmi.servicePort | RMI port. Default is 1198. |
PostgreSQL
| Property | Description | Default Value |
|---|---|---|
sophora.persistence.postgres.hostname | Specifies the host name of the machine on which the PostgreSQL server is running | |
sophora.persistence.postgres.port | Specifies the port of the machine on which the PostgreSQL server is running | |
sophora.persistence.postgres.username | PostgreSQL username with read and write permissions | |
sophora.persistence.postgres.password | PostgreSQL password | |
sophora.persistence.postgres.database | Existing database in PostgreSQL for Sophora | |
sophora.persistence.postgres.sslMode | Sets the SSL mode. To enforce a connection over TLS use require. Valid modes can be seen in the official documentation. | |
sophora.persistence.postgres.maxPoolSize | The maximum number of idle and in-use connections in the pool. Must be greater than 1. | 10 |
sophora.persistence.postgres.minIdleConnections | If the number of idle connections is lower than this value, it will be restored to this value with the best effort. Must be greater than 0. | |
sophora.persistence.postgres.connectionTimeoutMs | The maximum time in milliseconds that the Sophora Server will wait for a connection from the pool. Must be greater than 250ms. | 30000 (30s) |
sophora.persistence.postgres.idleTimeoutMs | The maximum time in milliseconds that a connection is allowed to sit idle in the pool. Must be greater than 0ms. | 10000 (10s) |
sophora.persistence.postgres.validationTimeoutMs | The maximum time in milliseconds that the pool will wait for a connection to be validated as alive. Must be greater than 250ms. | 5000 (5s) |
The PostgreSQL connections are held in a connection pool. The following optional properties can be used to configure the connection pool. If not specified, the properties will take the default values from HikariCP, a Java library for JDBC connection pool.
Every Sophora Server requires its own Postgres-Database. Currently this must be at least version 17. In a production environment we recommend one PostgreSQL server per Sophora Server.
Server Cluster and Replication
| Parameter | Description |
|---|---|
sophora.cluster.readAnywhere.available | En- or disables the Sophora Replica Server's availability for readAnywhere connections. Default value is trueChange the state in JMX, go to ContentManager-MBean and you will see the current value for ReadAnywhereAvailable. There is also an operation toggleReadAnywhereStatus() to toggle the value. |
sophora.replication.delivery.<index>.groups | Associates the delivery to at least one group (see sophora.replication.delivery.<index>.url). Multiple groups are associated using a comma separated list of group names (an example is given below). |
sophora.replication.delivery.<index>.url | URL of the delivery web app that is bound to this server. Hereby, <index> is a key to associate certain delivery groups (see sophora.replication.delivery.<index>.groups). For each URL there has to be an assigned group with the same <index>. |
sophora.replication.ignoreWebsites | Comma separated list of websites' UUIDs. Only applicable if sophora.replication.mode=stagingslave. A Sophora Staging Server ignores documents located at the given websites. The documents are not transferred to the Sophora Staging Servers' repositories. |
sophora.replication.maxQueueSizeForAvailableState | Number of events in the replication queue before the Sophora Replica Server is marked as unavailable. (Default: 500) |
sophora.replication.mode | Type of the server. Possible values are none, cluster, master, slave (meaning the fall-back Sophora Replica Server) and Sophora Staging Server. With none, the Server has no connection to other servers but works as a standalone server. By using the replication mode cluster it is mandatory to specify the concrete mode via the system property clusterMode. Valid values for the system property are: master, slave and open (the server which starts first becomes the Sophora Primary Server). |
sophora.replication.restartDate | Date to start the synchronisation at. Format is "yyyy.MM.dd HH:mm". Only applicable if sophora.replication.mode=stagingslave or =slave. |
sophora.replication.slaveHostname | Host name of the server. This name is used for the communication between Sophora Servers. If this property is left blank, the host name will be determined automatically. It is mandatory to specify the hostname in a cluster server. |
sophora.replication.syncQueueLimit | Maximum queue size (in bytes) to be held in the central memory. When this value is reached, the synchronisation waits until the Sophora Replica Server has removed enough messages from the queue so that the queue size falls below this threshold again. |
sophora.replication.userName, sophora.replication.password | Username and password for JMS queues. If no username and password are provided, the default values (userName=sophora and password=jms) are taken. |
Document Related Settings
| Parameter | Description |
|---|---|
sophora.autoPublish.legacyMode | This must be set to true if automated publishing using the released state is used. This should only be set for legacy installations. If set to false, automated publishing must be done by setting the "Publish at" property and publishing the document.In previous releases of Sophora, a document could automatically be published at a future date by settings the "Publish at" property and then releasing the document. The default is false. |
sophora.autoPublish.username | Name of the user that will appear as the one who triggered a document's automated publication. Needs to be a valid user with corresponding publish permissions upon the node types that might be published this way. Read the user guide's instructions on how users can schedule this automatic process. The default value is admin. However, it is advisable to alter this property to identify corresponding documents easily, e.g. to search for them or find log file entries. If you set this property to the special value [LAST_MODIFIER] the automated publication is done by the last modifier of the document. In this way the document is published by the same user who has released the document.There's an internal thread that is run periodically which looks for scheduled publications. |
sophora.cleanOfflineFilter.properties | Comma separated list of properties that should be removed from documents when they are set offline. This ensures that future publishing does not conflict with these historical values. |
sophora.deleteDocuments.blockSize | Sets the maximum number of deleted documents that should be processed in one run. Default 300. |
sophora.deleteDocuments.cronTriggerExpression | Cron expression defining when to run the job for deleted documents. Default 0 15 * * * ? (Every hour, a quarter past the full hour) |
sophora.deleteDocuments.enabledOnStartup | Enable the removal job for deleted documents when starting the server? Possible values are true and false. Default is true. |
sophora.deleteDocuments.minimumAgeDays | Specifies the minimum age (in days) of deleted documents to be processed by the worker job. The Sophora Primary Server needs deleted documents for synchronizing temporary unavailable Sophora Replica Servers. Therefore, the minimum age should not be set too small. |
sophora.deleteProposals.afterDays | Number of days deleted proposals are retained in the repository. Deleted proposals are not visible to the user but are needed for synchronizing Sophora Replica Servers to the Sophora Primary Server. Default: 30 |
sophora.documentManager.childNodeIdPropertyNames | Comma-separated list of property names. Upon loading and saving a document, all childnodes are scanned if they have such a property defined in their CND without a value assigned yet. If so, they will get assigned a random long number. This will be done for the properties sophora:childNodeId and sophora-epg:childNodeId regardless of this configuration. Properties of mix-ins cannot be set in this way. |
sophora.documentManager.clone.additionalTags | Space-separated list of tags to be added to a cloned document after cloning. Can be empty. Default value: "kopie". |
sophora.documentManager.generateEvenIds | Create document IDs only with even numbers: true or false. Default: true |
sophora.documentManager.thumbnail.big.maxHeight | Maximum height of big thumbnails, e.g. for tooltips of image documents. Default 300. |
sophora.documentManager.thumbnail.big.maxWidth | Maximum width of big thumbnails, e.g. for tooltips of image documents. Default 300. |
sophora.documentManager.thumbnail.maxHeight | Maximum height of thumbnails in the light box. Default 100. |
sophora.documentManager.thumbnail.maxWidth | Maximum width of thumbnails in the light box. Default 100. |
sophora.cache.thumbnail.cleanup.afterDays | Defines the maximum time since a thumbnail was created before beeing marked for deletion by the cleanup job. Default: 60Setting this to a negative number or 0 will deactivate the thumbnail cleanup. |
sophora.cache.thumbnail.cleanup.cron | Cron expression defining when the file based thumbnail store (cache) should be cleaned. Default: 0 0 3 * * ? |
sophora.documentTimingActions.batchLimit | Sets the batch limit for document timing actions (default: 10000). The batch limit is the maximum number of documents which are handled in a single run for each script. |
sophora.documentTimingActions.cronTriggerExpression | This cron expression defines when the server-side timing scripts should be executed (more detailed imformation about the timing action can be found in the documentation about Script managed Sophora extensions). The format and construction of a cron expression is given in the Quartz documentation or use the Cron Maker to generate the expression you need. Some examples: 0 0 3 * * ? (every night at 3 AM) or 0 0 0/1 * * ? (every full hour) When processing more documents per run as the value in the 'batchLimit' is, the timing script should run only once per day |
sophora.events.ddce.batchSize | Specifies the maximum number of document IDs included in a single Derived Document Changed Event (DDCE). If the number of document IDs is greater than the configured batch size, multiple DDCEs will be emitted. Default is 10,000. Warning: Increasing the batch size beyond 10,000 is strongly discouraged. A batch size that is too large may exceed gRPC serialization limits and result in exceptions. |
sophora.proposals.cache.maxSections | Max number of cached proposal sections. Defaults to 2000. |
sophora.proposals.cache.maxProposals | Max number of cached proposals. Defaults to 20000. |
Document Store
| Parameter | Descriptions | Default |
|---|---|---|
sophora.documentstore.sophoraids.declutter.cron | The point in time at which the Sophora ID table should be cleaned up. During this process, Sophora IDs of completely deleted documents are removed from the table, provided that their ID stem has already been continued by other documents. | 0 0 0 * * * (00:00) |
sophora.documentstore.cache.documents.maxSize | Number of documents to cache in-memory. The working- and live version both count towards the total. | 5000 |
sophora.documentstore.cache.summaries.maxSize | Number of document summaries to cache in-memory. The working- and live version both count towards the total. | 5000 |
sophora.documentstore.cache.ids.maxSize | Number of document ids to cache in-memory. The working- and live version both count towards the total. | 100000 |
sophora.documentstore.cache.primaryTypes.maxSize | Number of primary types to cache in-memory. This cache is used by the working and live workspace. | 100000 |
Version Store
| Property | Description | Default |
|---|---|---|
sophora.versionstore.declutter.cron | Cron expression to control when the Version Store decluttering job starts to remove old versions. | 0 0 2 * * ? |
sophora.versionstore.maxVersionsToKeep | Maximum versions to keep in the Version Store per document before they are marked for deletion. | |
sophora.versionstore.maxAgeInDays | Maximum age in days for versions before they are marked for deletion. At least 15 versions always remain. | |
sophora.versionstore.byNodeType.[label].nodeType | Sets the node type for the [label]. Required for all properties starting with sophora.versionstore.byNodeType. All properties following this schema only configure this node type. | |
sophora.versionstore.byNodeType.[label].maxVersionsToKeep | Maximum versions to keep in the Version Store per document of a specific node type before they are marked for deletion. | |
sophora.versionstore.byNodeType.[label].maxAgeInDays | Maximum age in days for versions of a specific node type before they are marked for deletion. At least 15 versions always remain. |
Repository
| Parameter | Description |
|---|---|
sophora.repository.defaultNodeTypes | Path to the sophora.cnd file that should be imported at the server's start-up. An empty string specifies that no CND should be imported. |
sophora.repository.jcrNodeTypes | Path to the jcr.cnd file that contains JCR internal node types like "nt:base" that aren't stored in PostgreSQL. Only overwrite this property when you know about the implications. |
sophora.repository.language | The repository's language. If a repository is initialised from scratch, the descriptors of basic properties and system documents will be set in the given language. Currently, Sophora supports German and English, whereas German is the default language. Possible values for this property are en (for English) and de (for German). |
sophora.lucene.maxClauseCount | Set the maximum number of boolean clauses permitted in lucene queries. (Default: 10000) |
User Authentication
| Parameter | Description |
|---|---|
sophora.authenticate.checkForIncorrectLogins | Determines whether the server checks for invalid logins (if a user enters his password incorrectly several times) and locks the account after this number of failed login attempts (default: false). This property is accessible via JMX |
sophora.authenticate.enableUserLogin | Determines whether users are allowed to log in to the server (default: true). Admin users are always allowed to log in, even if this property is set to false. |
sophora.authenticate.incorrectLoginCount | Defines, how many times a user may enter a wrong password before the account is locked (default: 3). To reset the failed login attempts of a user, you can open the admin area of the user and reset the field Incorrect logins to 0. |
sophora.authenticate.user.ignoreUppercase | If set to true, the server ignores the case of user names during login. In addition, the creation of users with an uppercase user name is prohibited, while already existing users with uppercase characters cannot log in to the Sophora Server.Default is false.NB: the Sophora Importer will keep the case of any user names found in Sophora XML import files. For example, if an imported document is added to a proposal section, the user name given in the <sender> element is kept as-is. |
Solr Cloud
| Parameter | Description |
|---|---|
sophora.solr.cloud.enabled | If set to true, the external solr cloud instance is used instead of the internal one. (Default: false) |
sophora.solr.cloud.zk-hosts | List of ZooKeeper hosts that are part of the Solr Cloud cluster. |
sophora.solr.cloud.username | Solr username if the Solr Basic Authentication Plugin is enabled |
sophora.solr.cloud.password | Solr password if the Solr Basic Authentication Plugin is enabled |
sophora.solr.cloud.connection-timeout | Solr connection timeout in ms. (Default: 15000) |
sophora.solr.cloud.socket-timeout | Solr socket timeout in ms. (Default: 120000) |
sophora.solr.cloud.maxConnections | Maximum number of concurrent connections to Solr Cloud (default: 512) |
Connecting to ZooKeeper with ACLs
If you set up ZooKeeper with ACLs on the SolrCloud ZK nodes you will need to pass the ACL credentials to the Indexing Service through one of the following options:
- as VM arguments, for example:
-DzkDigestUsername=user-readonly -DzkDigestPassword=onlyread -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider - in the environment variable
SOLR_ZK_CREDS_AND_ACLScontaining all the required VM arguments
Using the environment variable is our recommended approach for deployments in containers. Consult the SolrCloud and ZooKeeper documentation for more information about ACLs.
URL Generation
| Parameter | Description | |
|---|---|---|
sophora.url.create-url-without-site-prefix | Whether the Sophora document URLs should contain the site prefix. (Default: false) | |
sophora.url.default-domain | The URL prefix that should be used as default when composing a URL. If the site has a configured URL, this prefix will be used instead. (Default: http://localhost) | |
sophora.url.image-service-active | Whether the Sophora Image Service is active and its URL component should be used for parsing and composing URLs for image documents. (Default: false) | |
sophora.url.image-service-default-domain | The default URL prefix for the Sophora Image Service. The value of this property is used, when the property imageUrl in the site of the image document isn't set. (Default: http://localhost) |
Miscellaneous
| Parameter | Description | Feature |
|---|---|---|
sophora.cache.selectValues.refreshInterval | The time interval in seconds to run the cache refresh job; e.g. 60. Currently, this functionality is only used for select value fields, whose values are determined via a query on documents (Default: 300) (see documentation for administrators) | |
sophora.configuration.document.externalId | Defines the configuration system document by its external ID (default: sophora.configuration.configuration). | |
sophora.home | Workspace of the Sophora Server. This folder contains the subdirectories config, data, logs, repository. | |
sophora.ibf.enabled | Enables the feature of Invertible Bloom Filters for efficient document count comparisons using the Advanced Admin Dashboard. This will slightly increase the memory usage of the server. (Default: false) | |
sophora.loadCachesOnServerStart | ||
sophora.mail.sender.username | The username is used to authenticate to the SMTP server. | password lost |
sophora.mail.sender.password | The password is used with the user name to authenticate to the SMTP server. | password lost |
sophora.mail.sender.email | The email address is used as sender's email address. An account on a mail server may accociate with several email addresses. Therefore, specifying this lets the mail server know which one to use. | |
sophora.mail.sender.name | The name that is used as the sender's personal name in mails. | password lost |
sophora.mail.smtp.host | The host name of the SMTP server that is used to send mails. | password lost |
sophora.mail.smtp.port | The port number of the SMTP server that is used to send mails. 25 is the default port number. | password lost |
vmargs | Parameters for the java process. | |
sophora.changeRegistry.derby.connectionTimeout | The maximum time in milliseconds to connect to the derby database used by the change registry. If the time is elapsed and no connection could be made the server will shut down. The smallest applicable value for this property is 250ms. If this property is not set the connection timeout will default to 30000ms (30 seconds). If the server cant make a connection to the database while starting it might help to increase the timeout. | |
sophora.tasks.cleanup.olderThan | Tasks older than the given age will get cleaned up. This will only clean up completed or cancelled tasks and will use their end date or cancellation date to measure the age. The property is read duration. Examples are "PT15M" parses as "15 minutes" "P2D" prases as "2 days". The default is P5D, thus 5 days. | |
sophora.tasks.cleanup.at | This cron expression controls when old tasks are cleaned up. Completed or cancelled tasks will only be cleaned up when they are considered old (see the property above) when the task cleanup is performed. The default is "0 27 2 * * ?", thus every night at 2:27 |
Reading Environment Variables
The following environment variables can be used to configure the server:
| Environment Variable Name | Description |
|---|---|
SOPHORA_INITIALADMINUSERS_0_USERNAME and SOPHORA_INITIALADMINUSERS_0_PASSWORD | These parameters can be used to define the username and password of the users that will initially be created when starting the Sophora Server with an empty repository. The 0 is an index and can be counted up to create more than one user at the first startup. It is necessary that the index starts at 0 and that the following indices are counted up consecutively. A user with the username "admin" will always be created, even if these variables are set. When not overwritten by these parameters, the "admin" user's password will be "admin" initially. All users created using these variables will get the "admin" role. We recommend to only add functional users (e.g. a user for the Sophora Importer) using environment variables. This configuration has no effect on existing installations. |
Logging
Logging is done using logback. The server will take logging configuration from any logback.xml file within the class path. We propose to put your logback.xml inside your config directory next to your sophora.properties file. Its location can be specified with the Java VM option -Dlogback.configurationFile.
To use active profile logging refer to the configuration page.
Java network properties
In addition to these sophora specific configuration options, outgoing http connections can be configured using the java network properties. The full list is specified by the httpclient's api docs and contains all the properties:
- ssl.TrustManagerFactory.algorithm
- javax.net.ssl.trustStoreType
- javax.net.ssl.trustStore
- javax.net.ssl.trustStoreProvider
- javax.net.ssl.trustStorePassword
- java.home
- ssl.KeyManagerFactory.algorithm
- javax.net.ssl.keyStoreType
- javax.net.ssl.keyStore
- javax.net.ssl.keyStoreProvider
- javax.net.ssl.keyStorePassword
- http.proxyHost
- http.proxyPort
- https.proxyHost
- https.proxyPort
- http.nonProxyHosts
- http.keepAlive
- http.maxConnections
Some of these properties overlap with explicit sophora configuration options, e.g. sophora.http.proxy.host. We propose to not mix them in order to avoid side effects.
JCR Repository
The JCR Repository will be removed in later Sophora version but is still required during migration in Sophora 6. More information
The current release of Sophora 6 does not query or write to the JCR repository but still requires its configuration and availability. This dependency will be removed in a later minor version. Until then you can keep your current JCR configuration or use the following one for PostgreSQL.
You need to setup three JCR configuration files to connect JCR to postgres. These configuration files contain variables starting with SOPHORA_ and JCR_ like ${SOPHORA_PERSISTENCE_POSTGRES_HOSTNAME}. You need to replace them accordingly. Do not replace the lower cased variables.
repository/repository.xml
<?xml version="1.0"?>
<!DOCTYPE Repository
PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 2.0//EN"
"http://jackrabbit.apache.org/dtd/repository-2.0.dtd">
<Repository>
<!--
virtual file system where the repository stores global state (e.g.
registered namespaces, custom node types, etc.)
-->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/repository" />
</FileSystem>
<!--
security configuration
-->
<Security appName="Jackrabbit">
<AccessManager class="org.apache.jackrabbit.core.security.simple.SimpleAccessManager">
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
</AccessManager>
<LoginModule class="org.apache.jackrabbit.core.security.simple.SimpleLoginModule">
<!--
anonymous user name ('anonymous' is the default value)
-->
<param name="anonymousId" value="anonymous"/>
<!--
administrator user id (default value if param is missing is 'admin')
-->
<param name="adminId" value="admin"/>
</LoginModule>
</Security>
<!--
location of workspaces root directory and name of default workspace
-->
<Workspaces rootPath="${rep.home}/workspaces"
defaultWorkspace="default" />
<!--
workspace configuration template: used to create the initial workspace
if there's no workspace yet
-->
<Workspace name="${wsp.name}">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>
<!--
persistence manager of the workspace: class: FQN of class
implementing the PersistenceManager interface
-->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="consistencyCheck" value="false"/>
<param name="minBlobSize" value="16384"/>
<param name="url" value="jdbc:postgresql://${SOPHORA_PERSISTENCE_POSTGRES_HOSTNAME}:${SOPHORA_PERSISTENCE_POSTGRES_PORT}/${JCR_REPOSITORY_DEFAULT_POSTGRES_DB}"/>
<param name="user" value="${SOPHORA_PERSISTENCE_POSTGRES_USERNAME}"/>
<param name="password" value="${SOPHORA_PERSISTENCE_POSTGRES_PASSWORD}"/>
<param name="schema" value="postgresql"/>
<param name="bundleCacheSize" value="1024"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>
<!--
Search index and the file system it uses. class: FQN of class
implementing the QueryHandler interface
-->
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="respectDocumentOrder" value="false"/>
<param name="minMergeDocs" value="10000"/>
<param name="mergeFactor" value="5"/>
<param name="cacheSize" value="10000"/>
<param name="initializeHierarchyCache" value="false"/>
</SearchIndex>
</Workspace>
<!--
Configures the versioning
-->
<Versioning rootPath="${rep.home}/version">
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${rep.home}/version" />
</FileSystem>
<!--
persistence manager of the workspace: class: FQN of class
implementing the PersistenceManager interface
-->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="consistencyCheck" value="false"/>
<param name="minBlobSize" value="16384"/>
<param name="url" value="jdbc:postgresql://${SOPHORA_PERSISTENCE_POSTGRES_HOSTNAME}:${SOPHORA_PERSISTENCE_POSTGRES_PORT}/${JCR_REPOSITORY_VERSIONS_POSTGRES_DB}"/>
<param name="user" value="${SOPHORA_PERSISTENCE_POSTGRES_USERNAME}"/>
<param name="password" value="${SOPHORA_PERSISTENCE_POSTGRES_PASSWORD}"/>
<param name="schema" value="postgresql"/>
<param name="bundleCacheSize" value="1024"/>
<param name="schemaObjectPrefix" value="ver_"/>
</PersistenceManager>
</Versioning>
<!--
Search index and the file system it uses. class: FQN of class
implementing the QueryHandler interface
-->
<SearchIndex
class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${rep.home}/repository/index" />
<param name="respectDocumentOrder" value="false" />
<param name="minMergeDocs" value="10000" />
<param name="mergeFactor" value="5" />
<param name="cacheSize" value="10000" />
<param name="initializeHierarchyCache" value="false" />
</SearchIndex>
</Repository>
repository/workspaces/default/workspace.default.xml
<?xml version="1.0" encoding="UTF-8"?>
<Workspace name="default">
<!--
virtual file system of the workspace: class: FQN of class
implementing the FileSystem interface
-->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>
<!--
persistence manager of the workspace: class: FQN of class
implementing the PersistenceManager interface
-->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="consistencyCheck" value="false"/>
<param name="minBlobSize" value="16384"/>
<param name="url" value="jdbc:postgresql://${SOPHORA_PERSISTENCE_POSTGRES_HOSTNAME}:${SOPHORA_PERSISTENCE_POSTGRES_PORT}/${JCR_REPOSITORY_DEFAULT_POSTGRES_DB}"/>
<param name="user" value="${SOPHORA_PERSISTENCE_POSTGRES_USERNAME}"/>
<param name="password" value="${SOPHORA_PERSISTENCE_POSTGRES_PASSWORD}"/>
<param name="schema" value="postgresql"/>
<param name="bundleCacheSize" value="1024"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>
<!--
Search index and the file system it uses. class: FQN of class
implementing the QueryHandler interface
-->
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="respectDocumentOrder" value="false"/>
<param name="minMergeDocs" value="10000"/>
<param name="mergeFactor" value="5"/>
<param name="cacheSize" value="10000"/>
<param name="initializeHierarchyCache" value="false"/>
</SearchIndex>
</Workspace>
repository/workspaces/live/workspace.live.xml
<?xml version="1.0" encoding="UTF-8"?>
<Workspace name="live">
<!--
virtual file system of the workspace: class: FQN of class
implementing the FileSystem interface
-->
<FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
<param name="path" value="${wsp.home}"/>
</FileSystem>
<!--
persistence manager of the workspace: class: FQN of class
implementing the PersistenceManager interface
-->
<PersistenceManager class="org.apache.jackrabbit.core.persistence.pool.PostgreSQLPersistenceManager">
<param name="driver" value="org.postgresql.Driver"/>
<param name="consistencyCheck" value="false"/>
<param name="minBlobSize" value="16384"/>
<param name="url" value="jdbc:postgresql://${SOPHORA_PERSISTENCE_POSTGRES_HOSTNAME}:${SOPHORA_PERSISTENCE_POSTGRES_PORT}/${JCR_REPOSITORY_LIVE_POSTGRES_DB}"/>
<param name="user" value="${SOPHORA_PERSISTENCE_POSTGRES_USERNAME}"/>
<param name="password" value="${SOPHORA_PERSISTENCE_POSTGRES_PASSWORD}"/>
<param name="schema" value="postgresql"/>
<param name="bundleCacheSize" value="1024"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
</PersistenceManager>
<!--
Search index and the file system it uses. class: FQN of class
implementing the QueryHandler interface
-->
<SearchIndex class="org.apache.jackrabbit.core.query.lucene.SearchIndex">
<param name="path" value="${wsp.home}/index"/>
<param name="respectDocumentOrder" value="false"/>
<param name="minMergeDocs" value="10000"/>
<param name="mergeFactor" value="5"/>
<param name="cacheSize" value="10000"/>
<param name="initializeHierarchyCache" value="false"/>
</SearchIndex>
</Workspace>
Recommended Configuration for Productive Environments
The Sophora Server's default configuration is completely sufficient for test systems. However, when running a productive Sophora Server, you should have a look at our recommended settings for productive environments.
Configuring HTTPS
As of Sophora 6 the server does not support native HTTPS configuration.
To connect to the Server via HTTPS, Sophora needs to be run behind a reverse proxy like nginx, which can handle the SSL termination. This can also be achieved using an ingress controller (e.g. ingress-nginx) in Kubernetes deployments. Please read the following section for general instructions on running the Sophora Server behind a reverse proxy.
Running the Sophora Server behind a reverse proxy
The Sophora Server can be run behind a reverse proxy like nginx. As the Server's API is based on gRPC, it is necessary to configure the proxy to handle these connections properly. We recommend to use nginx but all proxies with gRPC support should be suitable. The following example shows a minimal nginx configuration which ensures that gRPC traffic is sent correctly to the gRPC port while the other traffic is still being sent to the default http port.
http {
server {
listen 80;
listen [::]:80;
http2 on;
location /sophora.srpc {
grpc_pass grpc://sophora-server:2026;
}
location / {
proxy_pass http://sophora-server:1196;
}
}
}
The above configuration ensures that all gRPC API calls are proxied as gRPC calls, while the rest of the Sophora Server's endpoints are proxied as regular HTTP requests. If required, the configuration can be extended to support HTTPS. Additionally, nginx supports many fine-grained configuration options for reverse-proxying.
When a reverse proxy is used to connect to Sophora it is required to configure the properties
sophora.remote.api.external.hostname, sophora.remote.api.external.port, sophora.remote.api.external.protocol, sophora.remote.api.grpc.external.hostname, sophora.remote.api.grpc.external.port and sophora.remote.api.grpc.external.protocol. Otherwise clients may refuse to connect to the server or may fail to operate correctly.