TIBCO EBX® Container Edition is tested with the Docker Engine version 20.10.
Current EBX® Container Edition release was tested with a certified Kubernetes implementation version 1.26 and Red Hat® OpenShift® 4.13.1.
We provides Helm chart samples for EBX® Container Edition that are available on GitHub. See https://github.com/TIBCOSoftware/ebx-container-edition for more information.
To start EBX® with default configuration that includes an embedded H2 database, execute command:
docker run -p 8080:8080 -d ebx:6.2.1 |
Using a browser, you can connect to EBX® with URL http://localhost:8080 . This will display the first-launch assistant that will help you configure EBX®.
For more information on the first launch assistant, see chapter Initialization and first-launch assistant .
To start EBX® with automatic initialisation on first startup and an embedded H2 database, execute command:
docker run -d -p 8080:8080 \ -e "EBX_FLA_DISABLED=true" \ -e "EBX_INSTALL_ADMIN_PASSWORD=<password>" \ ebx:6.2.1 |
The EBX® repository will be automatically created on first startup.
Using a browser, you can connect to EBX® with URL http://localhost:8080 . This will display the EBX® login screen. The username for administrator is admin and the password is the one specified in previous command.
Note
It’s possible to specify another username for the administrator. For more information see Automatic repository installation on first launch .
For details a supported browsers see: Supported Web Browsers .
The following command will start a bash shell inside the EBX® container using default user:
docker exec -it <container-id> bash |
To connect as root, use command:
docker exec -it --user root <container-id> bash |
This chapter describes the environment variables supported by EBX® Container Edition .
All are optional.
For security reasons, one might want to disable the first-launch assistant in all circumstances.
This is achieved by setting environment variable to EBX_FLA_DISABLED to true .
If the repository is not yet initialized and first-launch assistant is disabled, EBX® will automatically trigger its installation if following mandatory variables are provided:
| Name | Default | Description |
|---|---|---|
EBX_INSTALL_ADMIN_LOGIN | admin | Sets the EBX® administrator login name. This parameter is ignored if repository variable EBX_FLA_DISABLED value is not true or if repository is already initialized. |
EBX_INSTALL_ADMIN_PASSWORD | Sets the EBX® administrator password. This parameter is mandatory if EBX_FLA_DISABLED value is true and is ignored if repository variable EBX_FLA_DISABLED value is not true or if repository is already initialized. |
Note
If mandatory variables are not provided, EBX® will display an error message.
Example
To automatically install repository launch EBX® using following command:
docker run -d -p 8080:8080 \ -e "EBX_FLA_DISABLED=true" \ -e "EBX_INSTALL_ADMIN_LOGIN=<login-name>" \ -e "EBX_INSTALL_ADMIN_PASSWORD=<password>" \ ebx:6.2.1 |
Some EBX® features require generating URLs. Specific configuration may be required to achieve this, for example if EBX® is running behind a reverse proxy or on a Kubernetes cluster.
| Name | Default | Description |
|---|---|---|
EBX_IS_SECURED | If incoming request is HTTPS, "true" is assumed or else "false" is assumed. | If "true", the protocol "HTTPS" is always assumed. This value can be useful if the container is behind a reverse proxy, a firewall or an ingress that takes care of HTTPS encryption. This will also set the EBX® authentication cookie to be secure . This means that a user using a modern browser will not be able to log in using HTTP. If "false", the protocol "HTTP" is assumed. |
EBX_AUTHENTICATION_REDIRECT_TO_HTTPS | Default is "false". | If "true" and the incoming request to the login form is HTTP, a redirect occurs to to force HTTPS. This property it should be set to false if the container is behind a reverse proxy, a firewall or an ingress that takes care of HTTPS encryption. |
EBX_HOSTNAME | The host name specified by the incoming HTTP(S) request. | The EBX® server host name. |
EBX_PORT | The port number specified by the incoming HTTP request. | The EBX® server HTTP port number. |
EBX_PORT_SECURED | The port number specified by the incoming HTTPS request. | The EBX® server HTTPS port number. Note HTTPS support must be provided by a reverse proxy or an ingress that takes care of encryption. |
EBX_ROOT_PATH | By default, the context path is empty. | If set, all EBX® urls will be prefixed by this value. The value must have a leading / and must not have a trailing / except if value is / . For example a valid value is /mdm/sales . Setting this variable is useful when running more than one instance of EBX® with the same host name. |
EBX_URL_DEFAULT | This environment variable is used when a background task needs to calculate a URL to EBX®. It should be set to a full URL without the path component (EBX_ROOT_PATH applies for the path component). For example a valid value is: https://host_name . If EBX_URL_DEFAULT is not specified and EBX_HOSTNAME is specified, a default is calculated with following assumptions: - If EBX_IS_SECURED is true , then HTTPS is assumed with port number equal to EBX_PORT_SECURED (443 is the default). - If EBX_IS_SECURED is false or not set, then HTTP is assumed with port number equal to EBX_PORT (80 is the default). |
For information on supported databases see chapter Supported databases .
By default, an embedded H2 database is used. Data for this H2 database is persisted at location /ebx/data/h2 .
An external database may be configured using the following variables:
| Name | TIBCO EBX® main configuration file equivalent | Description |
|---|---|---|
EBX_DB_FACTORY | ebx.persistence.factory | Specifies the type of database server. |
EBX_DB_URL | ebx.persistence.url | The JDBC URL. Its format is: jdbc:<dialect>://<database_host>:<database_port_number>/<database_name> . |
EBX_DB_USER | ebx.persistence.user | The database user id. |
EBX_DB_PASSWORD | ebx.persistence.password | The database user password. |
For more information on these variables see their TIBCO EBX® main configuration file equivalent in chapter Configuring the EBX® repository .
Note
The container includes JDBC drivers only for H2, PostgreSQL and Microsoft SQL Server. Using other databases that are supported by EBX® requires adding the driver.
For instructions on how to add a driver, see Adding a new JDBC driver .
Example
To start an instance of EBX® that connects to a PostgreSQL database, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_DB_FACTORY=postgresql" \ -e "EBX_DB_URL=jdbc:postgresql://<database_host>:5432/<database_name>" \ -e "EBX_DB_USER=<user_name>" \ -e "EBX_DB_PASSWORD=<user_password>" \ ebx:6.2.1 |
This setting is available only if the metadata management feature is activated on the image.
Metadata uses the SQLAlchemy toolkit to connect to its database. The SQLAlchemy toolkit supports most common databases.
By default, an embedded SQLite database is used. Data for this SQLite database is persisted at this location: /ebx/data/sqlite/ebx-metadata-classifier.db .
An external database may be configured using the following variables:
| Name | Description |
|---|---|
METADATA_DB_URL | The SQLAlchemy URL. Its format is: <dialect>://<database_host>:<database_port_number>/<database_name> . |
METADATA_DB_USER | The database user id. |
METADATA_DB_PASSWORD | The database user password. |
The container includes only the driver for the default database (SQLite). Using other databases that are supported by SQLAlchemy requires adding the driver.
For instructions on how to add a driver, see Adding a driver for the Metadata database .
Example
To start an instance of Metadata that connects to a PostgreSQL database, execute the following command:
docker run -d -p 8080:8080 \ -e "METADATA_DB_URL=postgresql://<database_host>:5432/<database_name>" \ -e "METADATA_DB_USER=<user_name>" \ -e "METADATA_DB_PASSWORD=<user_password>" \ ebx:6.2.1 |
Notes
The Metadata database name ( database_name ) can be the same as Database connectivity .
For information about how to use a specific database driver and how to escape special characters in the connection URL, please refer to the SQLAlchemy’s documentation.
The H2 database is not supported by SQLAlchemy.
Use the following environmental variable to configure the EBX® directory class:
| Name | TIBCO EBX® main configuration file equivalent | description |
|---|---|---|
EBX_DIRECTORY_FACTORY | ebx.directory.factory | Specifies the Java directory factory class name (optional) |
See Configuring the user and roles directory for more information.
Use the following environmental variables to configure EBX® integration in an existing LDAP directory:
| Name | TIBCO EBX® main configuration file equivalent |
|---|---|
EBX_LDAP_DEFAULT_HOSTNAME | ebx.directory.ldap.default.hostName |
EBX_LDAP_DEFAULT_PORT | ebx.directory.ldap.default.port |
EBX_LDAP_DEFAULT_CONNECTION_TIMEOUT | ebx.directory.ldap.default. connectionTimeOutInSeconds |
EBX_LDAP_DEFAULT_BIND_DN_OR_USER | ebx.directory.ldap.default.bindDnOrUser |
EBX_LDAP_DEFAULT_BIND_PASSWORD | ebx.directory.ldap.default.bindPassword |
EBX_LDAP_DEFAULT_AUTHENTICATION_METHOD | ebx.directory.ldap.default.authenticationMethod |
EBX_LDAP_DEFAULT_ENCRYPTION_METHOD | ebx.directory.ldap.default.encryptionMethod |
EBX_LDAP_DEFAULT_MAPPING_ROLE_REFERENCE_ATTRIBUTE | ebx.directory.ldap.default.mapping. role.referenceAttribute |
EBX_LDAP_DEFAULT_MAPPING_ROLE_MEMBER_ATTRIBUTE | ebx.directory.ldap.default.mapping. role.memberAttribute |
EBX_LDAP_DEFAULT_MAPPING_ROLE_BUILTIN_ADMINISTRATOR | ebx.directory.ldap.default.mapping. role.builtin.administrator |
EBX_LDAP_DEFAULT_MAPPING_ROLE_BUILTIN_READONLY | ebx.directory.ldap.default.mapping. role.builtin.readOnly |
EBX_LDAP_DEFAULT_MAPPING_USER_REFERENCE_ATTRIBUTE | ebx.directory.ldap.default.mapping. user.referenceAttribute |
EBX_LDAP_DEFAULT_MAPPING_ROLE_MAIL_ATTRIBUTE | ebx.directory.ldap.default.mapping. role.mailAttribute |
EBX_LDAP_DEFAULT_MAPPING_USER_MAIL_ATTRIBUTE | ebx.directory.ldap.default.mapping. user.mailAttribute |
EBX_LDAP_DEFAULT_DISPLAY_ROLE | ebx.directory.ldap.default.display.role |
EBX_LDAP_DEFAULT_DISPLAY_USER | ebx.directory.ldap.default.display.user |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_BASEDN | ebx.directory.ldap.default.request. userSearch.baseDN |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_FILTER | ebx.directory.ldap.default.request. userSearch.filter |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_SCOPE | ebx.directory.ldap.default.request. userSearch.scope |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_CACHE_EXPIRATION | ebx.directory.ldap.default.request. userSearch.cache.expirationInSeconds |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_CACHE_MAX_SIZE | ebx.directory.ldap.default.request. userSearch.cache.maxSize |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_PAGE_SIZE | ebx.directory.ldap.default.request. userSearch.pageSize |
EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_TIME_LIMIT | ebx.directory.ldap.default.request. userSearch.timeLimitInSeconds |
EBX_LDAP_DEFAULT_REQUEST_USER_GROUPS_SEARCH_BASEDN | ebx.directory.ldap.default.request. userGroupsSearch.baseDN |
EBX_LDAP_DEFAULT_REQUEST_USER_GROUPS_SEARCH_FILTER | ebx.directory.ldap.default.request. userGroupsSearch.filter |
EBX_LDAP_DEFAULT_REQUEST_USER_GROUPS_SEARCH_SCOPE | ebx.directory.ldap.default.request. userGroupsSearch.scope |
EBX_LDAP_DEFAULT_REQUEST_GROUP_USERS_SEARCH_BASEDN | ebx.directory.ldap.default.request. groupUsersSearch.baseDN |
EBX_LDAP_DEFAULT_REQUEST_GROUP_USERS_SEARCH_FILTER | ebx.directory.ldap.default.request. groupUsersSearch.filter |
EBX_LDAP_DEFAULT_REQUEST_GROUP_USERS_SEARCH_SCOPE | ebx.directory.ldap.default.request. groupUsersSearch.scope |
EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_BASEDN | ebx.directory.ldap.default.request. allGroupsSearch.baseDN |
EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_FILTER | ebx.directory.ldap.default.request. allGroupsSearch.filter |
EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_SCOPE | ebx.directory.ldap.default.request. allGroupsSearch.scope |
EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_EXPIRATION | ebx.directory.ldap.default.request. allGroupsSearch.cache.expirationInSeconds |
EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_PAGE_SIZE | ebx.directory.ldap.default.request. allGroupsSearch.pageSize |
EBX_LDAP_DEFAULT_REQUEST_ALL_USERS_SEARCH_BASEDN | ebx.directory.ldap.default.request. allUsersSearch.baseDN |
EBX_LDAP_DEFAULT_REQUEST_ALL_USERS_SEARCH_FILTER | ebx.directory.ldap.default.request. allUsersSearch.filter |
See Built-in LDAP directory for more information.
Example
To start an instance of Metadata that connects to a PostgreSQL database, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_DIRECTORY_FACTORY=com.orchestranetworks.service.directory.ldap.LdapDirectoryFactory" \ -e "EBX_LDAP_DEFAULT_HOSTNAME=localhost" \ -e "EBX_LDAP_DEFAULT_PORT=389" \ -e "EBX_LDAP_DEFAULT_MAPPING_ROLE_REFERENCE_ATTRIBUTE=cn" \ -e "EBX_LDAP_DEFAULT_MAPPING_ROLE_MEMBER_ATTRIBUTE=member" \ -e "EBX_LDAP_DEFAULT_MAPPING_ROLE_BUILTIN_ADMINISTRATOR=administrator" \ -e "EBX_LDAP_DEFAULT_MAPPING_ROLE_BUILTIN_READONLY=read_only" \ -e "EBX_LDAP_DEFAULT_MAPPING_USER_REFERENCE_ATTRIBUTE=uid" \ -e "EBX_LDAP_DEFAULT_DISPLAY_ROLE={{cn}}" \ -e "EBX_LDAP_DEFAULT_DISPLAY_USER={{cn}} ({{mail}})" \ -e "EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_BASEDN=dc=example,dc=org" \ -e "EBX_LDAP_DEFAULT_REQUEST_USER_SEARCH_FILTER=(uid={{login}})" \ -e "EBX_LDAP_DEFAULT_REQUEST_USER_GROUPS_SEARCH_BASEDN=dc=example,dc=org" \ -e "EBX_LDAP_DEFAULT_REQUEST_USER_GROUPS_SEARCH_FILTER=(&(objectClass=groupOfNames)(member={{dn}}))" \ -e "EBX_LDAP_DEFAULT_REQUEST_GROUP_USERS_SEARCH_BASEDN=dc=example,dc=org" \ -e "EBX_LDAP_DEFAULT_REQUEST_GROUP_USERS_SEARCH_FILTER=(&(objectClass=groupOfNames)(cn={{role}}))" \ -e "EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_BASEDN=dc=example,dc=org" \ -e "EBX_LDAP_DEFAULT_REQUEST_ALL_GROUPS_SEARCH_FILTER=(objectClass=groupOfNames)" \ -e "EBX_LDAP_DEFAULT_REQUEST_ALL_USERS_SEARCH_BASEDN=dc=example,dc=org" \ -e "EBX_LDAP_DEFAULT_REQUEST_ALL_USERS_SEARCH_FILTER=(objectClass=inetOrgPerson)" \ ebx:6.2.1 |
Note
To enable LDAP directory, EBX_DIRECTORY_FACTORY must be defined to com.orchestranetworks.service.directory.ldap.LdapDirectoryFactory .
The EBX® Single Sign-On (SSO) SAML 2.0 built-in can be configured through the following environment variables:
| Name | TIBCO EBX® main configuration file equivalent |
|---|---|
EBX_SAML2_DEFAULT_ENABLED | ebx.directory.saml2.default.enabled |
EBX_SAML2_DEFAULT_SP_BASE_URL | ebx.directory.saml2.default.sp.base.url |
EBX_SAML2_DEFAULT_SP_ENTITY_ID | ebx.directory.saml2.default.sp.entity.id |
EBX_SAML2_DEFAULT_KEYSTORE_URI | ebx.directory.saml2.default.keystore.uri |
EBX_SAML2_DEFAULT_KEYSTORE_ALIAS | ebx.directory.saml2.default.keystore.alias |
EBX_SAML2_DEFAULT_KEYSTORE_KEY_PASSWORD | ebx.directory.saml2.default.keystore.key.password |
EBX_SAML2_DEFAULT_KEYSTORE_STORE_PASSWORD | ebx.directory.saml2.default.keystore.store.password |
EBX_SAML2_DEFAULT_NAME_ID_ATTRIBUTE | ebx.directory.saml2.default.name.id.attribute |
EBX_SAML2_DEFAULT_NAME_ID_FORMAT | ebx.directory.saml2.default.name.id.format |
EBX_SAML2_DEFAULT_AUTHN_REQUESTS_SIGNED | ebx.directory.saml2.default.authn.requests.signed |
EBX_SAML2_DEFAULT_WANT_ASSERTIONS_SIGNED | ebx.directory.saml2.default.want.assertions.signed |
EBX_SAML2_DEFAULT_WANT_RESPONSES_SIGNED | ebx.directory.saml2.default.want.responses.signed |
EBX_SAML2_DEFAULT_SP_LOGOUT_REQUEST_SIGNED | ebx.directory.saml2.default.sp.logout.request.signed |
See SAML 2.0 for more information.
Example
To start an instance with SSO SAML2, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_SAML2_DEFAULT_ENABLED=true" \ -e "EBX_SAML2_DEFAULT_SP_BASE_URL=http[s]://<hostname>:<port>" \ -e "EBX_SAML2_DEFAULT_SP_ENTITY_ID=" \ -e "EBX_SAML2_DEFAULT_KEYSTORE_URI=" \ -e "EBX_SAML2_DEFAULT_KEYSTORE_ALIAS=" \ -e "EBX_SAML2_DEFAULT_KEYSTORE_KEY_PASSWORD=" \ -e "EBX_SAML2_DEFAULT_KEYSTORE_STORE_PASSWORD=" \ ebx:6.2.1 |
The EBX® Single Sign-On (SSO) OpenID Connect built-in can be configured through the following environment variables:
| Name | TIBCO EBX® main configuration file equivalent |
|---|---|
EBX_OIDC_DEFAULT_ENABLED | ebx.directory.oidc.default.enabled |
EBX_OIDC_DEFAULT_CLIENT_BASE_URL | ebx.directory.oidc.default.client.base.url |
EBX_OIDC_DEFAULT_CLIENT_ID | ebx.directory.oidc.default.client.id |
EBX_OIDC_DEFAULT_CLIENT_SECRET | ebx.directory.oidc.default.client.secret |
EBX_OIDC_DEFAULT_DISCOVERY_URI | ebx.directory.oidc.default.discovery.uri |
EBX_OIDC_DEFAULT_HTTP_CONNECT_TIMEOUT | ebx.directory.oidc.default.http.connect.timeout |
EBX_OIDC_DEFAULT_HTTP_READ_TIMEOUT | ebx.directory.oidc.default.http.read.timeout |
See OpenID Connect for more information.
Example
To start an instance with SSO OpenID Connect, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_OIDC_DEFAULT_ENABLED=true" \ -e "EBX_OIDC_DEFAULT_CLIENT_BASE_URL=http[s]://<hostname>:<port>" \ -e "EBX_OIDC_DEFAULT_CLIENT_ID=" \ -e "EBX_OIDC_DEFAULT_CLIENT_SECRET=" \ -e "EBX_OIDC_DEFAULT_DISCOVERY_URI=http[s]://<hostname>:<port>/<configuration-path>" \ ebx:6.2.1 |
The EBX® Bearer Authentication can be configured through the following environment variables:
| Name | TIBCO EBX® main configuration file equivalent |
|---|---|
EBX_BEARER_DEFAULT_ENABLED | ebx.directory.bearer.default.enabled |
EBX_BEARER_DEFAULT_JWT_JWKS_URI | ebx.directory.bearer.default.jwt.jwks.uri |
EBX_BEARER_DEFAULT_JWT_ISSUERS | ebx.directory.bearer.default.jwt.issuers |
EBX_BEARER_DEFAULT_SCOPE_DATASERVICES | ebx.directory.bearer.default.scope.dataservices |
EBX_BEARER_DEFAULT_JWT_ENCRYPTION_ENABLED | ebx.directory.bearer.default.jwt.encryption. enabled |
EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_URI | ebx.directory.bearer.default.jwt.encryption. key.uri |
EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_ALIAS | ebx.directory.bearer.default.jwt.encryption. key.alias |
EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_PASSWORD | ebx.directory.bearer.default.jwt.encryption. key.password |
EBX_BEARER_DEFAULT_JWT_ENCRYPTION_STORE_PASSWORD | ebx.directory.bearer.default.jwt.encryption. store.password |
EBX_BEARER_DEFAULT_INTROSPECTION_REQUEST | ebx.directory.bearer.default.introspection.request |
See Bearer Authentication properties for more information.
Example
To start an instance with Bearer Authentication, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_BEARER_DEFAULT_ENABLED=true" \ -e "EBX_BEARER_DEFAULT_JWT_JWKS_URI=http[s]://<hostname>:<port>/<jwks-path>" \ -e "EBX_BEARER_DEFAULT_JWT_ISSUERS=http[s]://<hostname>:<port>/<issuers-path>" \ -e "EBX_BEARER_DEFAULT_JWT_ENCRYPTION_ENABLED=false" \ -e "EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_URI=" \ -e "EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_ALIAS=" \ -e "EBX_BEARER_DEFAULT_JWT_ENCRYPTION_KEY_PASSWORD=" \ -e "EBX_BEARER_DEFAULT_JWT_ENCRYPTION_STORE_PASSWORD=" \ -e "EBX_BEARER_DEFAULT_INTROSPECTION_REQUEST=\ @method [POST] \ @uri [http[s]://<hostname>:<port>/<introspect-path>] \ @header [Content-Type: application/x-www-form-urlencoded] \ @content [token={{token}}&client_id=oauth2&client_secret=<secret>]" \ ebx:6.2.1 |
The EBX® SCIM feature can be configured through the following environment variables:
| Name | TIBCO EBX® main configuration file equivalent |
|---|---|
EBX_SCIM_DEFAULT_ENABLED | ebx.directory.scim.default.enabled |
EBX_SCIM_DEFAULT_MAPPING_ROLE_BUILTIN_ADMINISTRATOR | ebx.directory.scim.default.mapping.role.builtin. administrator |
EBX_SCIM_DEFAULT_MAPPING_ROLE_BUILTIN_READ_ONLY | ebx.directory.scim.default.mapping.role.builtin. read.only |
EBX_SCIM_DEFAULT_REQUEST_USERS_URL | ebx.directory.scim.default.request.users.url |
EBX_SCIM_DEFAULT_REQUEST_USERS_HEADERS | ebx.directory.scim.default.request.users.headers |
EBX_SCIM_DEFAULT_REQUEST_USERS_PAGE_SIZE | ebx.directory.scim.default.request.users.page.size |
EBX_SCIM_DEFAULT_REQUEST_USERS_CACHE_MAX_SIZE | ebx.directory.scim.default.request.users.cache. max.size |
EBX_SCIM_DEFAULT_REQUEST_USERS_CACHE_EXPIRATION | ebx.directory.scim.default.request.users.cache. expiration |
EBX_SCIM_DEFAULT_REQUEST_GROUPS_URL | ebx.directory.scim.default.request.groups.url |
EBX_SCIM_DEFAULT_REQUEST_GROUPS_HEADERS | ebx.directory.scim.default.request.groups.headers |
EBX_SCIM_DEFAULT_REQUEST_GROUPS_PAGE_SIZE | ebx.directory.scim.default.request.groups.page.size |
EBX_SCIM_DEFAULT_REQUEST_GROUPS_CACHE_MAX_SIZE | ebx.directory.scim.default.request.groups.cache. max.size |
EBX_SCIM_DEFAULT_REQUEST_GROUPS_CACHE_EXPIRATION | ebx.directory.scim.default.request.groups.cache. expiration |
See SCIM feature properties for more information.
Example
To start an instance with SCIM, execute the following command:
docker run -d -p 8080:8080 \ -e "EBX_SCIM_DEFAULT_ENABLED=true" \ -e "EBX_SCIM_DEFAULT_MAPPING_ROLE_BUILTIN_ADMINISTRATOR=admin-ebx" \ -e "EBX_SCIM_DEFAULT_MAPPING_ROLE_BUILTIN_READ_ONLY=read_only_ebx" \ -e "EBX_SCIM_DEFAULT_REQUEST_USERS_URL=http[s]://<hostname>:<port>/<users-path>" \ -e "EBX_SCIM_DEFAULT_REQUEST_USERS_HEADERS=Authorization: Bearer <token> % Content-Type: application/json" \ -e "EBX_SCIM_DEFAULT_REQUEST_USERS_PAGE_SIZE=2" \ -e "EBX_SCIM_DEFAULT_REQUEST_GROUPS_URL=http[s]://<hostname>:<port>/<groups-path>" \ -e "EBX_SCIM_DEFAULT_REQUEST_GROUPS_HEADERS=" \ -e "EBX_SCIM_DEFAULT_REQUEST_GROUPS_PAGE_SIZE=2"\ ebx:6.2.1 |
The EBX Mail service can be configured through the following environment variables :
| Name | TIBCO EBX® main configuration file equivalent | Default | Description |
|---|---|---|---|
EBX_SMTP_HOST | ebx.mail.smtp.host | SMTP server host name. | |
EBX_SMTP_PORT | ebx.mail.smtp.port | SMTP server port number. | |
EBX_SMTP_CONNECTION_TIMEOUT | ebx.mail.smtp.connectionTimeout | 600000 | SMTP socket connection timeout value in milliseconds. |
EBX_SMTP_TIMEOUT | ebx.mail.smtp.timeout | 600000 | SMTP socket read timeout value in milliseconds. |
EBX_SMTP_WRITE_TIMEOUT | ebx.mail.smtp.writeTimeout | 600000 | SMTP socket write timeout value in milliseconds. |
EBX_SMTP_LOGIN | ebx.mail.smtp.login | SMTP server login id. | |
EBX_SMTP_PASSWORD | ebx.mail.smtp.password | SMTP server login password. | |
EBX_SMTP_SSL_ENABLED | ebx.mail.smtp.ssl.activate | true | Enables SSL. Value can be 'true' or 'false'. |
EBX_WORKFLOW_MAIL_SENDER | ebx.manager.workflow.mail.sender | The workflow sender email. If not set, Workflows cannot send notifications. |
More information on the used properties can be found in chapter Activating and configuring SMTP and emails .
Environment variables JAVA_MEMORY_PERCENT may be used to configure the percentage of the container memory that is assigned to the JVM the runs EBX®. It must be an integer value between 0 and 100.
If not set, a default value is used at startup.
Note
This variable is for advanced usage. Setting it too low or too high may cause runtime issues.
Basic authentication for REST services is not enabled by default.
To enable this feature, set environment variable EBX_REST_AUTHENTICATION_BASIC to true .
The environment variable EBX_STAGING_ACTIVATED activates, if value is true , or deactivates, if value is false , the staging feature.
By default, staging is activated.
Two Java property files are currently used to configure EBX®.
On startup EBX® reads property files in the following order:
/opt/ebx/webapps/ebx/WEB-INF/ebx-default.properties
/my_custom/conf/ebx-container.properties
The file /opt/ebx/webapps/ebx/WEB-INF/ebx-default.properties sets default EBX® configuration properties for the container.
It should never be modified at runtime as this may prevent easily updating EBX® to a next version, instead use /opt/ebx/conf/ebx-container.properties .
The file /opt/ebx/conf/ebx-container.properties is by default empty. Any property value specified here will override the value set by ebx-default.properties .
This file is useful to change a property at runtime. To change a property at run time, create a new file, for example /my_custom/conf/ebx-container.properties , containing the new property values and mount de parent folder from the host to the container:
docker run -v /my-custom/conf:/opt/ebx/conf -p 8080:8080 -d ebx:6.2.1 |
For the list of properties supported by EBX® see chapter TIBCO EBX® main configuration file .
This image defines the following volumes:
| Location | Description |
|---|---|
/ebx/data | The EBX® root directory is located in this volume. It contains EBX® indexes and, when H2 embedded database is used, persisted data. It is recommended to use a high performance volume, for example an SSD. Using a shared network volume, for example a NFS mount, is not recommended and may cause performance and stability issues. |
/ebx/logs | This volume is used for log files. |
/ebx/temp | This volume is used for temporary files. |
Note
The volume /ebx/data should be mapped to a persistent volume even when an external database is used. If not, EBX will have to rebuild its indexes on startup which may considerably increase boot time.
The container is started using user ebx (uid 1500). User ebx’s primary group is root (guid 0).
Note
Red Hat® OpenShift® may use another UID than 1500 when starting the container. For details see Red Hat® OpenShift® documentation.
It may be necessary to configure the Host so that the EBX Container can reserve the resources required by numerous memory-mapped files.
On a Linux OS:
Command ulimit -n should return a value equal or greater than 512000 .
Command sysctl vm.max_map_count should return a value equal or greater than 262144 .
Logs are sent to the stdout and stderr output streams and can be viewed using the following command:
docker logs <container-id> |
Logs for both EBX® and Tomcat will be displayed.
Log files are also available under folder /ebx/logs :
EBX® logs files are in folder /ebx/logs/ebx
Tomcat logs files are in folder /ebx/logs/tomcat .