Skip to content

Backend Environment Variable configuration



IVAAP
Backend Environment Variable Configuration




IVAAP 2025.1

Introduction

This document provides a comprehensive list of configurable environment variables used across various components of IVAAP’s backend. Many of these variables are primarily used during the containerization and configuration of IVAAP’s backend services, ensuring efficient deployment, management, and traceability of the components within Docker containers. Intended to provide a clear reference for adjusting and customizing IVAAP’s backend services to meet specific needs in terms of performance, storage, security, and other operational requirements.

Container Metadata

Below are the environment variables used within a backend node as metadata. These are all used during the containerization process for IVAAP’s backend.

IVAAP_CONTAINER_BASE_IMAGE_CONTAINERIZATION_COMMIT_HASH: Identifies the Git commit hash associated with the containerization process for traceability.

IVAAP_CONTAINER_BASE_IMAGE_DOCKER_VERSION: Specifies the Docker version used to build the image.

IVAAP_CONTAINER_BASE_IMAGE_STATIC_TAG: Provides the static tag of the IVAAP base image including its repository, image name, and build timestamp.

IVAAP_CONTAINER_BASE_IMAGE_TYPE: Specifies the type of IVAAP base image used.

IVAAP_CONTAINER_BASE_IMAGE_FROM: Specifies the upstream base image used for the IVAAP image.

IVAAP_CONTAINER_BASE_IMAGE_BUILD_TIMESTAMP: Specifies the human-readable build timestamp.

IVAAP_CONTAINER_BASE_FILENAME: Represents the name of the file related to the IVAAP image, including its version and build identifier.

IVAAP_CONTAINER_BASE_IMAGE_BUILD_TIMESTAMP_UNIX: Indicates the build timestamp in Unix epoch format.

IVAAP_CONTAINER_BASE_IMAGE_BUILD_SERVER_HOSTNAME: Indicates the hostname of the server where the IVAAP base image was built.

IVAAP_CONTAINER_BUILD_SERVER_HOSTNAME: Specifies the hostname of the server where the IVAAP image was built.

IVAAP_CONTAINER_BUILD_TIMESTAMP: Represents the timestamp when the IVAAP image was built.

IVAAP_CONTAINER_BUILD_TIMESTAMP_UNIX: Indicates the UNIX timestamp when the IVAAP image was built.

IVAAP_CONTAINER_CONTAINERIZATION_COMMIT_HASH: Specifies the Git commit hash associated with the containerization process of the IVAAP image.

IVAAP_CONTAINER_DOCKER_VERSION: Specifies the version of Docker that was used to build the IVAAP image.

IVAAP_CONTAINER_FILENAME_TAG: Specifies the Docker image tag used based on the filename version.

IVAAP_CONTAINER_FULL_VERSIONED_TAG: Specifies the fully versioned Docker image tag, including a timestamp for precise identification.

IVAAP_CONTAINER_IMAGE_REPO: Specifies the repository location in a registry where the image is stored.

IVAAP_CONTAINER_PRECONFIGURED_BASE_IMAGE: Specifies the full IVAAP base image and registry used to build the IVAAP image.

IVAAP_CONTAINER_STATIC_TAG: Specifies the full static tag of the image.

IVAAP_CONTAINER_TIMESTAMPED_TAG: Specifies the timestamped tag for the container image, combining the application version with the exact build timestamp.

IVAAP_CONTAINER_VERSIONED_TAG: Specifies the versioned tag for the container image.

IVAAPData jars/nodes

Many of IVAAP's components rely on compressed .jar files, which bundle Java archives containing compiled code and dependencies for running applications; these are deployed in Docker containers to streamline backend services, ensuring consistency, portability, and scalability across environments.

The adminserver’s .jar files are located within ivaap-adminserver:/usr/local/tomcat/lib.

The .jar for backend data nodes are located within ivaap-backend-<backend-node>:/opt/ivaap/ivaap-playserver/deployment/ivaapnode/lib.

Image

IVAAP_IMAGE_TILE_SMOOTHING_MODE: specifies image-scaling algorithm. Default is java.awt.Image.SCALE_AREA_AVERAGING

IVAAP_DISABLE_RASTER_IMAGE_CACHE: indicates whether to disable the raster image cache and use data finders each time you make a HTTP call to a web service. Default is false

IVAAP_RASTER_IMAGE_CACHE_BIG_THRESHOLD: specifies a size in bytes of the raster image big threshold. All images which size is equal or greater this threshold will be placed to a big images cache. Default is 1Gb

IVAAP_RASTER_IMAGE_CACHE_MEDIUM_THRESHOLD: specifies a size in bytes of the raster image medium threshold. All images which size is equal or greater this threshold will be placed to a medium images cache. Default is 100Mb

IVAAP_RASTER_IMAGE_CACHE_MAX_NUMBER_OF_BIG_IMAGES: specifies the maximum number of the raster images that big cache can have. Default is 5

IVAAP_RASTER_IMAGE_CACHE_MAX_NUMBER_OF_MEDIUM_IMAGES: specifies the maximum number of the raster images that medium cache can have. Default is 5

IVAAP_RASTER_IMAGE_CACHE_MAX_NUMBER_OF_SMALL_IMAGES: specifies the maximum number of the raster images that small cache can have. Default is 5

Data Pools

IVAAP_BLOB_STORAGE_DATA_POOL_DISABLED: indicates whether blob storage data pool is disabled. Default is false

IVAAP_MAXIMUM_BLOB_STORAGE_DATA_POOL_MEMORY: specifies the maximum amount of memory (in bytes) that the blob storage data pool should hold. Default is 100 MB

IVAAP_MAXIMUM_BLOB_STORAGE_DATA_POOL_SIZE: specifies the maximum number of items in the blob storage data pool. Default is 0

IVAAP_CLOUD_STORAGE_DATA_POOL_DISABLED: indicates whether cloud storage data pool is disabled. Default is false

IVAAP_MAXIMUM_CLOUD_STORAGE_DATA_POOL_MEMORY: specifies the maximum amount of memory (in bytes) that the cloud storage data pool should hold. Default is 100 MB

IVAAP_MAXIMUM_CLOUD_STORAGE_DATA_POOL_SIZE: specifies the maximum number of items in the cloud storage data pool. Default is 0

IVAAP_GEOFILES_DATA_POOL_DISABLED: indicates whether "geofiles" data pool is disabled. Default is false

IVAAP_S3_DATA_POOL_DISABLED: indicates whether s3 data pool is disabled. Default is false

IVAAP_WEBFS_DATA_POOL_DISABLED: indicates whether webfs data pool is disabled. Default is false

Well Data Loading

IVAAP_DEFAULT_DEPTH_UNIT_SYMBOL: specifies a default depth index unit symbol. Default is 'm' (meters)

IVAAP_DEFAULT_TIME_UNIT_SYMBOL: specifies a default time index unit symbol. Default is 'ms' (milliseconds)

Real Time

IVAAP_FEED_DATA_CONTENT_BATCH_SIZE: specifies the number of items that should be sent to the server at once by monitoring jobs. Default is 20

Data Finders

IVAAP_FINDER_AND_UNIQUE_ID_CACHE_DISABLED: indicates whether to disable data finders cache and use finders each time you make a HTTP call to a web service. Default is false

Entitlements

IVAAP_DISABLE_DOCUMENT_DOWNLOAD_CREDENTIALS_CONTROL: indicates whether document download credentials check is disabled. Default is false

IVAAP_DISABLE_DOCUMENT_DOWNLOAD_ENTITLEMENTS_CONTROL: indicates whether document download entitlement check is disabled. Default is false

IVAAP_DISABLE_DOCUMENT_PREVIEW_CREDENTIALS_CONTROL: indicates whether document preview credentials check is disabled. Default is false

IVAAP_DISABLE_DOCUMENT_PREVIEW_ENTITLEMENTS_CONTROL: indicates whether document preview entitlement check is disabled. Default is false

IVAAP_DISABLE_SETUP_TEST_CREDENTIALS_CONTROL: indicates whether a login is required to test data sources

IVAAP_DISABLE_SETUP_TEST_ENTITLEMENTS_CONTROL:

IVAAP_SERVICE_CREDENTIALS_SUPPORT_DISABLED: indicates whether the user of service credentials is disabled. Default is false.

IVAAP_TRUSTED_SCOPES_SUPPORT_DISABLED: indicates whether the service associated with the specific actor doesn't support trusted scopes as elevated credentials. Default is false.

IVAAP_SERVICE_CREDENTIALS_REQUIREMENT_DISABLED: bypasses the requirement for service credentials when service credentials are determines to required. Default is false.

Archive Connector

IVAAP_IS_REFRESH_ARCHIVE_FILE_DISABLED: Disables the automatic refresh of datasets

IVAAP_MAX_NUMBER_OF_POINTS_PER_POLYGON_IN_ARCHIVE_SEARCH: Indicates the maximum number of points in seismic oulines/2D lines.

IVAAP_MIN_PRECISION_IN_ARCHIVE_SEARCH: Indicates the minimum precision when simplifying the number of points in seismic oulines/2D lines. Default is 1000

IVAAP_MAX_PRECISION_IN_ARCHIVE_SEARCH: Indicates the maximum precision when simplifying the number of points in seismic oulines/2D lines. Default is 1000000

Various Configurations

IVAAP_PUBLIC_URLS_DISABLED: Disables the forbidden status code (403) and replaces them with not found (404)

IVAAP_REFRESH_ALL_DATA_SOURCES_DELAY: specifies a delay between consecutive data source refresh requests. Default is 15 minutes

IVAAP_DISABLE_APP_ENGINE_TASKS: indicates whether the app engine background task system is disabled. Default is false

IVAAP_SEISMIC_SURVEY_NAMING_ENABLED: indicates whether seismic naming is enabled. Default is true

IVAAP_DISABLE_INLINE_CONTENT: TBD

STOMP

IVAAP_WS_MQ_POOLED_CONN_ENABLED: Setting true for the mqgatewaynode will enable ActiveMQ connection pooling when this is completed.

IVAAP_MQGATEWAY_DEVFEATURE_STOMP_ENABLED: Enables stomp for the mqgatewaynode. Set with true or false

IVAAP_STOMP_ENABLED: Enables stomp. Dedicated to the proxy and activemq. Set with true or false

IVAAP_MQGATEWAY_DEVFEATURE_STOMP_MQ_ERROR_TERMINATE_REMOTING: Setting for the mqgatewaynode to disable behavior of automatic activemq broker shutdown if connection is not established. Set to true or false.

IVAAP_WS_MQ_CONN_RETRY_COUNT: Aggressive reconnection setting for activemq. Set number of tries to attempt.

IVAAP_WS_MQ_CONN_RETRY_INTERVAL: Set value in milliseconds to between each retry count activemq aggressively tries to connect.

Adminserver

This section explains the configurable environment variables and explains their use cases for IVAAP’s ivaap-adminserver container.

Indicates whether a migration is enabled. This migration environment variable is necessary for migrations higher than only 2.10 to 2.11. The default value is false and migration may only occur if explicitly set to true.

IVAAP_AUTO_MIGRATE_FROM_210_TO_211_ENABLED: Indicates whether database migration is enabled. This migration environment variable is necessary for migrations higher than 2.10. The default value is false and migration may only occur if explicitly set to true.

IVAAP_SERVER_ADMIN_AUTO_MIGRATE: Newly updated migration for 2.13 + IVAAP environments. Set to true to enable database migration.

IVAAP_COMMON_ADMIN_SERVER_HOST: The URL for the IVAAP adminserver, providing administrative interfaces and tools.

Authentication

IVAAP_AUTHENTICATION_RESET_ENABLED: indicates whether current authentication must be reset to the default vanilla PostgreSQL authentication (see IVAAP API for Authentication). Default is false.

IVAAP_AUTH_SECRET_KEY: specifies a private key to encrypt authentication tokens

IVAAP_REDIRECT_ON_CALLBACK_DISABLED: indicates whether a redirect to the referer URL during login callback is disabled. Default is true, planned to be false for the 2.11.2 release

IVAAP_ALLOWED_NUMBER_OF_FAILED_LOGIN_ATTEMPTS: specifies the maximum number of unsuccessful logins before account inactivation. Default is 5

IVAAP_FAILED_LOGIN_ATTEMPTS_TIME_OUT_IN_MINUTES: specifies the time range for counting unsuccessful logins. Default is 5 minutes

IVAAP_REQUIRE_EXTERNAL_AUTH: Will make external authentication a requirement. If used with local authentication, it will prevent login and put java admin in an unworkable state. Set to true or false.

IVAAP_IGNORE_NEWLINE_IN_ENV_VARIABLES: Will recognize spaces used in adminserver authentication configuration values. Set to true or false.

User Activities History

IVAAP_USER_ACTIVITY_HISTORY_INTERVAL: specifies an interval in days after which all user sessions which start date is beyond this interval should be deleted. Default value is 180 days

IVAAP_AUTO_CLEAN_USER_ACTIVITIES: indicates whether user sessions older than ones specified by IVAAP_USER_ACTIVITY_HISTORY_INTERVAL interval should be automatically deleted. Default is true

IVAAP_USER_ACTIVITY_CLEAR_TIMEOUT: specifies a timeout in milliseconds between consecutive sessions removal. Default value is 300 000 milliseconds (5 minutes)

External Users

IVAAP_DISABLE_EXTERNAL_USER_PRIVATE_OBJECTS_AUTO_REMOVAL: indicates whether all private objects such as projects, connectors, templates, etc should be automatically removed when an external user is deleted. Default is false

IVAAP_EXTERNAL_USER_AUTO_GROUP_MEMBERSHIP_DISABLED: indicates whether a new group creation is disabled for a new external user. Default is false

IVAAP_EXTERNAL_USER_DELETIONS_DISABLED: indicates whether external users removal is disabled. Default is false

IVAAP_EXTERNAL_USER_UPDATES_DISABLED: indicates whether external users update is disabled. Default is false

Connector Info

IVAAP_CONNECTOR_TIME_OUT: specifies the timeout in milliseconds for connector accessibility check. Default is 600 milliseconds

IVAAP_CONNECTOR_TYPE_TIME_OUT: specifies the timeout in milliseconds for connector type request. Default is 2000 milliseconds (2 seconds)

IVAAP_CONNECTOR_INFO_MAX_LIFETIME: specifies a lifetime of the connector info in milliseconds. Default is 900 000 milliseconds (15 minutes)

Multithreading

IVAAP_ADMIN_THREAD_POOL_SIZE: specified the maximum number of threads for parallel execution. Default is 50

Licensing

IVAAP_LICENSE_EXPIRATION_CHECKED_ON_USER_LOGIN: indicates whether a user license expiration is checked during login. Default is false

IVAAP_LICENSE_LIMIT_MAX_LIFETIME: specifies the lifetime in milliseconds of the license limit cache. Default is 900 000 milliseconds (15 minutes)

Virtual File System

IVAAP_VIRTUAL_CONFIG_FILES_LOCKED: indicates whether virtual config files are locked. Default is false

IVAAP_DISABLE_FILE_SYSTEM_DATA_CACHE: indicates whether to disable virtual file system data cache and fetch data each time you make a HTTP call to a web service. Default is true

Data Cache: experimental, disabled by default

IVAAP_DISABLE_DATA_CACHE: indicates whether to disable all data cashes and use data finders each time you make a HTTP call to a web service. Default is true

IVAAP_DATA_CACHE_MAX_COLLECTION_SIZE: specifies the maximum number of elements in the collection data cache. The collection data cache is the data cache identified by some key, e.g. domain unique id. of the Default is 100

IVAAP_DATA_CACHE_MAX_NUMBER_OF_ITEMS: specifies the maximum number of data in each collection element. Default is 1000

IVAAP_DATA_CACHE_MAX_MEMORY: specifies the maximum memory size for the data cache. Default is 128Mb

Entitlements

IVAAP_CREDENTIALS_PROTECTION_ENABLED: indicates whether data attributes such as passwords, secret keys, etc. should be hidden in REST service outputs. Default is false, and true starting with IVAAP 2.11.2

IVAAP_TRUST_PUBLIC_KEY: The public key used for verifying signatures or encrypting data in the IVAAP authentication and security processes.

IVAAP_TRUST_PRIVATE_AES_ENCRYPTION_KEY: A private AES encryption key used for encrypting sensitive data securely.

IVAAP_TRUST_PRIVATE_KEY: The private key used for signing data or decrypting messages in the IVAAP system.

IVAAP_COMMON_BACKEND_SERVER_HOST: The URL for the IVAAP backend server, responsible for handling API and business logic.

IVAAP_COMMON_NODEJS_SERVER_HOST: The URL for the Node.js server host in the IVAAP system. Node.JS was replaced by Java Adminserver in 2.10.

IVAAP_COMMON_ADMIN_SERVER_HOST: The URL for the Java Adminserver host in the IVAAP system.

Database Configuration

These are essential and secure variables for establishing configuration connection between IVAAP’s adminserver and postgres database.

IVAAP_SERVER_ADMIN_DATABASE_HOST: This specifies the host service being used.

IVAAP_SERVER_ADMIN_DATABASE_NAME: The name of the database within the database service which is being used.

IVAAP_SERVER_ADMIN_DATABASE_PORT: The port number used to connect the database server.

IVAAP_SERVER_ADMIN_DATABASE_TYPE: Denotes the type of database in use.

IVAAP_SERVER_ADMIN_IS_WRITABLE: A boolean value of either true or false, which determines whether the database is writable.

IVAAP_SERVER_ADMIN_DATABASE_USERNAME: The username used for authentication when connecting to the database.

IVAAP_SERVER_ADMIN_DATABASE_ENCRYPTION_KEY: Key used to encrypt/decrypt the database encrypted password. Used for authentication to the database.

IVAAP_SERVER_ADMIN_DATABASE_ENCRYPTED_PASSWORD: Encrypted password used to connect to the database.

VFS Amazon Cognito

Below is listed the configurable Amazon Cognito authentication environment variables from the virtual file system (VFS) that the adminserver expects during set up. Not all may be necessary during Amazon Cognito authentication set up for IVAAP.

IVAAP_AWS_COGNITO_DISCOVERY_URL: URL for Cognito's OpenID Connect discovery document, used for retrieving endpoints and configuration.

IVAAP_AWS_COGNITO_CLIENT_ID: The client ID of the application registered in AWS Cognito.

IVAAP_AWS_COGNITO_ENCRYPTED_CLIENT_SECRET: Encrypted client secret associated with the Cognito app client for secure communication.

IVAAP_AWS_COGNITO_SCOPE: Scopes defining the access levels (e.g., openid, email) for authentication and authorization.

IVAAP_AWS_COGNITO_CALLBACK_URL: Redirect URL for handling authentication responses after login.

IVAAP_AWS_COGNITO_VIEWER_URL: URL for the IVAAP viewer, used post-authentication for accessing the application.

IVAAP_AWS_COGNITO_END_SESSION_URL: URL for logging out of the AWS Cognito session.

IVAAP_AWS_COGNITO_USER_DOMAIN_NAME: Name of the user domain in Cognito, used to categorize users.

IVAAP_AWS_COGNITO_USER_GROUP_NAME: Name of the user group in Cognito, defining access permissions and roles.

IVAAP_AWS_COGNITO_ADMIN_USERS: List of admin users, typically emails, with elevated privileges in the application.

IVAAP_AWS_COGNITO_USER_LAST_NAME_FIELD: Field in Cognito mapping to the user's last name attribute.

IVAAP_AWS_COGNITO_USER_FIRST_NAME_FIELD: Field in Cognito mapping to the user's first name attribute.

IVAAP_AWS_COGNITO_SUPER_ADMIN_USERS: List of super admin users with the highest level of privileges.

IVAAP_AWS_COGNITO_ADMIN_USERNAMES: Specific usernames granted admin privileges.

IVAAP_AWS_COGNITO_SUPER_ADMIN_USERNAMES": Specific usernames granted super admin privileges.

IVAAP_AWS_COGNITO_USER_NAME_FIELD: Field in Cognito mapping to the user's username attribute.

IVAAP_AWS_COGNITO_USER_EMAIL_FIELD: Field in Cognito mapping to the user's email address attribute.

IVAAP_AWS_COGNITO_PKCE_ENABLED: Boolean flag indicating whether PKCE (Proof Key for Code Exchange) is enabled for enhanced security during authentication.

VFS Azure Entre ID (Azure active directory)

Below is the listed configurable Azure Entre ID (formerly known as Azure Active Directory) authentication environment variables from IVAAP’s virtual file system (VFS). Values for these environment variables work best when placed within quotes(“”). Not all may be necessary during Azure Entre ID authentication set up for IVAAP.

IVAAP_AZURE_AD_DISCOVERY_URL: URL for Azure Entre ID's OpenID Connect discovery document to retrieve authentication endpoints and configuration.

IVAAP_AZURE_AD_CLIENT_ID: The client ID of the registered application in Azure Entre ID.

IVAAP_AZURE_AD_ENCRYPTED_CLIENT_SECRET: Encrypted client secret for the Azure AD application, used for secure communication.

IVAAP_AZURE_AD_SCOPE: Scopes defining access levels (e.g., openid, profile, offline_access) required by the application.

IVAAP_AZURE_AD_CALLBACK_URL: Redirect URL to handle authentication responses after the user logs in through Azure Entre ID.

IVAAP_AZURE_AD_VIEWER_URL: URL for the IVAAP viewer application, used after successful authentication.

IVAAP_AZURE_USER_DOMAIN_NAME: The domain name for the organization or tenant.

IVAAP_AZURE_USER_GROUP_NAME: Name of the user group, used for role-based access control.

IVAAP_AZURE_ADMIN_USERS: List of admin user emails with elevated privileges in the application.

IVAAP_AZURE_AD_TENANT_ID: The unique ID of the tenant for the organization.

IVAAP_AZURE_AD_USE_USER_INFO_ENDPOINT: Boolean flag to indicate if the Azure AD user info endpoint should be used to retrieve user attributes.

IVAAP_AUTH_SECRET_KEY: Secret key used for additional security in authentication flows.

IVAAP_AZURE_AD_USER_EMAIL_FIELD: Field mapping to the user's email address in Azure AD.

IVAAP_AZURE_AD_USER_NAME_FIELD: Field mapping to the user's last name.

IVAAP_AZURE_AD_LAST_NAME_FIELD: Field mapping to the user's last name.

IVAAP_AZURE_AD_FIRST_NAME_FIELD: Field mapping to the user's first name.

IVAAP_AZURE_SUPER_ADMIN_USERS: List of super admin users with the highest level of privileges in the application.

IVAAP_AZURE_ADMIN_USERNAMES: Specific usernames that are granted admin privileges.

IVAAP_AZURE_SUPER_ADMIN_USERNAMES: Specific usernames that are granted super admin privileges.

IVAAP_AZURE_PKCE_ENABLED: Boolean flag to indicate whether PKCE (Proof Key for Code Exchange) is enabled for improved authentication security.