Advanced settings

    These settings can be relevant by fine tunning of the application or by adapting it to a production environment. Customize these settings may be necessary.

    Other settings in application.properties

    Advanced LDAP settings

    Okta integration

    Compound Registration integration

    Merge specific rules into the Knowledge Base

    Installing to Multiple Hosts

    SSL



    Other settings in application properties

    You can configure other settings for Compliance Checker in the application.properties file.

    URL of eureka service

    # The URL of eureka service
eureka.client.serviceUrl.defaultZone=http://localhost:8761/eureka/
    Copy


    Auto-check/auto-update the latest KB version

    # The URL of the latest Conpliance Checker knowledge base file: 
common.autoUpdateUrl=https://dl.chemaxon.com/cchecker/cc-database.jar 
#The URL of the latest cHemTS knowledge abase file
common.htsAutoUpdateUrl:https://dl.chemaxon.com/hts/hts-knowledge-base.jar

# The URL of the text file containing the version of the latest Compliance Checker knowledge base file.
common.autoUpdateVersionUrl=https://dl.chemaxon.com/cchecker/cc-version.txt 
#The URL of the text file containing the version of the latest cHemTS knowledge base file
common.htsAutoUpdateVersionUrl:https://dl.chemaxon.com/hts/hts-version.txt

common.autoUpdateEnabled=true

# Enables to schedule the knowledge base update automatically.
# The value should be a cron-like expression, which extends the usual UN*X definition to include triggers
# on the second as well as minute, hour, day of month, month and day of week.
# Example patterns:
# "0 0 * * * *" = the top of every hour of every day.
# "*/10 * * * * *" = every ten seconds.
# "0 0 8-10 * * *" = 8, 9 and 10 o'clock of every day.
# "0 * 6,19 * * *" = 6:00 AM and 7:00 PM every day.
# "0 0/30 8-10 * * *" = 8:00, 8:30, 9:00, 9:30 and 10 o'clock every day.
# "0 0 9-17 * * MON-FRI" = on the hour nine-to-five weekdays
# "0 0 0 25 12 ?" = every Christmas Day at midnight
common.autoUpdateScheduler=0 0 0 * * MON-FRI
# Enables to schedule the cHemTS knowledge base update automatically.
#common.htsAutoUpdateScheduler=0 0 1 * * MON-FRI
    Copy


    User roles in Compliance Checker and in cHemTS

    Roles - with special privileges - can be assigned to different user groups :

    Compliance Checker

    • USER : Can execute Single and File checks - against all Countries and those User-defined category groups which are not restricted for the USER by the CONTENT_MANAGER or by the ADMIN.
    • EXPERT_USER : Can execute Single and File checks - against all Countries and those User-defined category groups which are not restricted for the EXPERT_USER by the CONTENT_MANAGER or by the ADMIN.
    • CONTENT_MANAGER : Can execute Single and File checks and has limited access to the Administration functions: -- User-defined category group editor: Select categories and make restrictions for the USER and/or EXPERT_USER roles\, -- User-defined category editor -- Database update history -- Report template editor
    • ADMIN : Has access to all administration functions.
    • SYSTEM : A special group to run automatic system checks - with very limited privileges.

    Category group access can be controlled according to ROLES.

    CHemTS

    • HTS_USER : Can execute Single cHemTS and File checks
    • HTS_CONTENT_MANAGER : Can execute Single and File checks and has limited access to the Administration functions: -- Report template editor
    • HTS_ADMIN : Has access to all administration functions.

    User role mapping in Chemaxon Cloud

    In Chemaxon Cloud the users can be assigned to user groups. Each group translates directly to its corresponding Compliance Checker or cHemTS role according to the mapping below:

    • cc-user → USER
    • cc-expert-user → EXPERT_USER
    • cc-content-manager → CONTENT_MANAGER
    • cc-admin → ADMIN
    • hts-user → HTS_USER
    • hts-content-manager → HTS_CONTENT_MANAGER
    • hts-admin → HTS_ADMIN

    Please find the available roles defined in the previous section: User roles in Compliance Checker and in cHemTS.

    Configuring user roles

    Roles can be assigned directly to special users by setting the value of the config key. The value should be a comma separated list of ROLES. (E.g.: roles.username=HTS_USER,HTS_CONTENT_MANAGER)

    # You can map user groups to ROLEs in CC and cHemTS by this setting.
 # CC ROLES - We have 5 CC Roles
 # User groups can be mapped to the following Roles:
 # - USER: Can execute Single and File checks - against all Countries and those User-defined category groups
 # which are not restricted for the USER by the CONTENT_MANAGER or by the ADMIN.
 # - EXPERT_USER: Can execute Single and File checks - against all Countries and those User-defined category groups
 # which are not restricted for the EXPERT_USER by the CONTENT_MANAGER or by the ADMIN.
 # - CONTENT_MANAGER: Has limited access to the Administration functions:
 #   -- User-defined category group editor: Select categories and make restrictions for the USER and/or EXPERT_USER roles,
 #   -- User-defined category editor
 #   -- Database update history
 #   -- Report template editor
 # - ADMIN: Has access to all administration functions
 # cHemTS ROLES - We have 3 cHemTS Roles
 # - HTS_USER: Can execute cHemTS Single and File checks
 # - HTS_CONTENT_MANAGER : Can execute Single and File checks and has limited access to the Administration functions: -- Report template editor
 # - HTS_ADMIN : Has access to all administration functions.
 # COMMON ROLES
 # - SYSTEM: A special group to run automatic system checks
 # CC and cHemTS roles can be combined, so for example a user could have both USER and HTS_USER roles.
 # For automated system communication we need to have a SYSTEM user that can log in to the services.
 # The SYSTEM user - with very limited privileges - will use one of the authentication providers 
 # mentioned below, so you must register it in your LDAP / AD server.
     common.systemUser=system
     common.systemPassword=system

 # Roles - with special privileges - can be assigned to different user groups:
     common.rolesToGroupsMap={"userGroups":[],"userPattern":".*","adminGroups":["cc-admin"],"adminPattern":"","contentManagerGroups":["cc-content-manager"],"contentManagerPattern":"","expertUserGroups":["cc-expert-user"],"expertUserPattern":"","systemGroups":["cc-system"],"htsAdminGroups":["hts-admin"],"htsAdminPattern":"","htsContentManagerGroups":["hts-content-manager"],"htsContentManagerPattern":"","htsUserGroups":["hts-user"],"htsUserPattern":"","systemPattern":""}

 # Configuring ROLES
 # - FOR LDAP
 # If you use LDAP, then you can set it's configuration like this: 
 #   {"servers":[{"serverUrl":"ldap://ldap.server.com:389/dc=test,dc=tld","userDNPatterns":["uid={0},cn=users,cn=accounts"],"groupSearchBase":"","managerDN":"uid=cchecker,cn=sysaccounts","managerPassword":"<password>"}]}
 # This is a standard JSON but it has to be in one line. The "servers" property references an array. In this array you can set as many LDAP servers as you want. 
 # These servers will be checked in this specified order, and the first LDAP server that can authenticate the user will authenticate it.
 # The properties stands for the following:
 # "serverURL" -- The URL of the LDAP server
 # "userDNPatterns" -- The domain name of the users in the LDAP tree
 # "groupSearchBase" -- Domain name of groups in LDAP tree
 # "managerDN' -- The domain name of the manager user to query LDAP tree.
 # "managerPassword" -- The password of manager user.
     common.ldapConfig = {"servers":[{"serverUrl":"ldap://ldap.server.com:389/dc=test,dc=tld","userDNPatterns":["uid={0},cn=users,cn=accounts"],"groupSearchBase":"","managerDN":"uid=cchecker,cn=sysaccounts","managerPassword":"<password>"}]}

 # - FOR ACTIVE_DIRECTORY
 # If you use ACTIVE_DIRECTORY, then you can set you can set it's configuration like this: 
 #   {"servers":[{"domain":"your.domain","url":"ldap://server.domain.com"}]}
 # This is a standard JSON but it has to be in one line. The "servers" property references an array. 
 # In this array you can set as many Active Directory servers as you want. 
 # These servers will be checked in this specified order, and the first AD server that can authenticate the user will authenticate.
     common.activeDirectoryConfig={"servers":[{"domain":"your.domain","url":"ldap://server.domain.com"}]}

 # - FOR IN_MEMORY
 # If you are using IN_MEMORY authentication manager, you can configure it like this:
 #   {"users":[{"name":"<user>","password":"<userpwd>","roles":["USER"]}, {"name":"<admin>","password":"<adminpwd>","roles":["ADMIN"]}, {"name":"contentmanager", "<password>": "<contentmanagerpwd>", "roles":["CONTENT_MANAGER"]}, {"name":"expertuser", "<password>": "<expertuserpwd>", "roles":["EXPERT_USER"]}, {"name":"system","<password>":"system","roles":["SYSTEM"]}]}
 # This is a standard JSON but it has to be in one line. The "servers" property references an array. 
     common.inMemoryConfig = {"users":[{"name":"user","password":"password","roles":["USER"]},{"name":"admin","password":"adminPass","roles":["ADMIN"]},{"name":"contentmanager","password":"password","roles":["CONTENT_MANAGER"]},{"name":"expertuser","password":"password","roles":["EXPERT_USER"]},{"name":"system","password":"system","roles":["SYSTEM"]},{"name":"hts_user","password":"hts_password","roles":["HTS_USER"]},{"name":"hts_admin","password":"hts_adminPass","roles":["HTS_ADMIN"]},{"name":"hts_contentmanager","password":"hts_password","roles":["HTS_CONTENT_MANAGER"]}]}

 # - DIRECT ROLE ASSIGN
 # Roles can be assigned directly to special users by setting the value of the config key.
 # The value should be a comma separated list of ROLES. 
 # Currently available roles are: USER, EXPERT_USER, CONTENT_MANAGER, ADMIN, SYSTEM.
#   roles.<username>=<roles>
    Copy


    Default regulation categories

    Admin can select Available countries or Selected check levels to be displayed in Regulation categories by setting check.default.regulationCategories key to COUNTRIES or CHECK_LEVELS in application.properties.

    By adding/setting the check.hideCountries key value to true (default is false ) Available countries will not be displayed at all.

    (On the System monitor page the Reload settings from config file button should be clicked after editing application.properties.) Default regulation categories

    # The default view for Regulation Categories. Valid values are: COUNTRIES, CHECK_LEVELS
#check.default.regulationCategories=CHECK_LEVELS

# Setting this to true will only display the check levels as selectable categories on the check pages
#check.hideCountries=true
    Copy


    Default report format

    The default Report format can be set by the Admin by adding HTML , PDF , SDF , MRV or XLSX value to the batch.default.reportFormat key in application.properties.

    (User's last selection is saved in the mongo DB and will not be modified.) Default report format

    # The default report format for batch checks. Valid values are: HTML,PDF,SDF,MRV,XLSX
#batch.default.reportFormat=HTML
    Copy


    JSON reports' config

    # Comma separated list of fields to be included in the JSON reports.

# Including only needed fields in JSON reports can greatly increase the speed of report generation

# To include child fields, parent fields also have to be listed

# If none of the listed fields are present in the result or the config key is not set
# then the full result will be added to the report

# Example: 
# [ 
#    [
#       { 
#          "segments":[ 
#             { 
#                "categoryName":"catName", 
#                "categoryCode":1234 
#             } 
#          ], 
#          "inputProperties":{ 
#             "ID":"123", 
#             "Name":"Name" 
#          } 
#       } 
#    ] 
# ] 

#
 To include only the categoryCode and ID in the JSON report from the above example result 
# the following configuration has to be made: 
#json.report.fields=segments,categoryCode,inputProperties,ID
    Copy


    Image number in XSXL report

    The report.xlsx.max-image-count parameter sets the maximum number of images generated in .XSXL reports. The default number is 10000. Setting this parameter may prevent the service going down with out of memory error.

    report.xlsx.max-image-count=10000
    Copy


    # Enables to schedule the removal of all check related data from the database.
# The value should be a cron-like expression, which extends the usual UN*X definition to include triggers
# on the second as well as minute, hour, day of month, month and day of week.

# Example patterns:
# "0 0 * * * *" = the top of every hour of every day.
# "*/10 * * * * *" = every ten seconds.
# "0 0 8-10 * * *" = 8, 9 and 10 o'clock of every day.
# "0 * 6,19 * * *" = 6:00 AM and 7:00 PM every day.
# "0 0/30 8-10 * * *" = 8:00, 8:30, 9:00, 9:30 and 10 o'clock every day.
# "0 0 9-17 * * MON-FRI" = on the hour nine-to-five weekdays
# "0 0 0 25 12 ?" = every Christmas Day at midnight
#batch.cleanup.scheduler=0 0 4 * * *
    Copy


    Salt/solvent dictionary for mixture handling

    cHemTS leverages advanced mixture algorithm in order to be able to decide whether a particular multi-fragment input structure can be classified as a pure form, a salt or a mixture.

    The algorithm can be fine-tuned by amending the list of known ignorable fragments. These fragments are either entirely discarded (in case of solvents or additives) or their salt characters are taken into consideration by the algorithm.

    Ignorable fragments can be excluded or included on demand, the following configuration options need to be changed accordingly:

    hts.search.mixture.ignorablefragments.included=[...]
hts.search.mixture.ignorablefragments.excluded=[...]
    Copy

    Multiple structures can be listed separated by comma. E.g.

    hts.search.mixture.ignorablefragments.excluded=Br,CC(O)=O
    Copy

    Each structure must be represented by SMILES format. In case of including new salts, their characters must be also set. Salt characters can be separated from the structure by semicolon. E.g.

    hts.search.mixture.ignorablefragments.included=SC#N;acidic
    Copy



    Advanced LDAP settings

    Our LDAP configuration object is a list of configurations of LDAP servers.

    Each server configuration can hold several attributes. Each of them can be left empty, left out from configuration string or can be set to null.

    In this case, they will be used by their default values.

    One server holds the following possible settings:

    Attribute name Attribute type Default value Example Explanation
    serverUrl String ldap://localhost:389 "ldaps://ldap.mycompany.com:621" or "ldap://ldap2.cmp.com/dc=cmp,dc=com" The URL where the system can reach the LDAP server.
    userDNPatterns List of Strings [ ] [ "uid={0},dc=mycompany,dc=com", "uid={0},ou=internal,dc=mycompany,dc=com" ] These patterns will be used to find the User by its distinguished name.The part between the curly brackets will be replaced by the username.If this setting is left empty, then user distinguished name won't be used in the user authentication.
    groupSearchBase String "" "ou=InternalGroups,dc=mycompany,dc=com" The base DN from which the search for group membership should be performed.
    groupSearchFilter String "" "(member={0})" The pattern to be used for the user search. {0} is the user's DN
    userSearchBase String "" "ou=Users,dc=mycompany,dc=com" This element of the LDAP tree will be used as the root element during user search. In case it is left empty, the root of the LDAP tree will be used. If you use userSearchFilter, than you must provide userSearchBase as well.
    userSearchFilter String "" "sAMAccountName={0}" In case the users are not found by their distinguished name, user search will happen. The part with the curly brackets will be replaced with the username that used to log in. In case of **Active Directory, ** usually sAMAccountName is required to log in. You can not use userSearchFilter without userSearchBase.
    managerDN String "" "dn=admin,dc=mycompany,dc=com" or "admin@mycompany.com" This is the name of the manager user. This name will be used to bind to the LDAP server. The second format can be used to log in to Active Directory through LDAP.
    managerPassword String "" "s3cr3tp455w0rd" This is the password of the manager user.
    root String "" "dc=mycompany,dc=com" In case the serverURL does not contain the root of the LDAP search, then it can be set here. If it is left empty, then root from URL will be used. Active Directory usually requests root to be set separately for binding.



    Example config for two (LDAP and Active Directory) servers

    This configuration uses two servers (an LDAP and an Active Directory) and has all attributes: LDAP config

    {
    "servers" : [{
            "serverUrl" : "ldap://ldap1.mycompany.com/dc=mycompany,dc=com",
            "userDNPatterns" : ["uid={0},cn=users,dc=mycompany,dc=com", "uid={0},cn=external,dc=mycompany,dc=com"],
            "groupSearchBase" : "",
            "groupSearchFiler" : "",
            "userSearchBase" : "",
            "userSearchFilter" : "",
            "managerDN" : "uid=admin,cn=sysusers,dc=mycompany,dc=com",
            "managerPassword" : "PASSWORD!",
            "root" : ""
        }, {
            "serverUrl" : "ldaps://ad.mycompany.com/dc=cmp,dc=com",
            "userDNPatterns" : [],
            "groupSearchBase" : "",
            "groupSearchFiler" : "",
            "userSearchBase" : "dc=cmp,dc=com",
            "userSearchFilter" : "sAMAccountName={0}",
            "managerDN" : "Administrator@cmp.com",
            "managerPassword" : "other_PASSWORD!",
            "root" : "dc=cmp,dc=com"
        }
    ]
}
    Copy

    This means the same as the following: Shorter Config

    {
    "servers" : [{
            "serverUrl" : "ldap://ldap1.mycompany.com/dc=mycompany,dc=com",
            "userDNPatterns" : ["uid={0},cn=users,dc=mycompany,dc=com", "uid={0},cn=external,dc=mycompany,dc=com"],
            "managerDN" : "uid=admin,cn=sysusers,dc=mycompany,dc=com",
            "managerPassword" : "PASSWORD!"
        }, {
            "serverUrl" : "ldaps://ad.mycompany.com/dc=cmp,dc=com",
            "userSearchBase" : "dc=cmp,dc=com",
            "userSearchFilter" : "sAMAccountName={0}",
            "managerDN" : "Administrator@cmp.com",
            "managerPassword" : "other_PASSWORD!",
            "root" : "dc=cmp,dc=com"
        }
    ]
}
    Copy

    Consider using the shorter config format because in application.properties, the config must be in one single line , like this: Config in one line

    {"servers" : [{"serverUrl" : "ldap://ldap1.mycompany.com/dc=mycompany,dc=com", "userDNPatterns" : ["uid={0},cn=users,dc=mycompany,dc=com", "uid={0},cn=external,dc=mycompany,dc=com"], "managerDN" : "uid=admin,cn=sysusers,dc=mycompany,dc=com", "managerPassword" : "PASSWORD!"}, { "serverUrl" : "ldaps://ad.mycompany.com/dc=cmp,dc=com", "userSearchBase" : "dc=cmp,dc=com","userSearchFilter" : "sAMAccountName={0}", "managerDN" : "Administrator@cmp.com", "managerPassword" : "other_PASSWORD!", "root":"dc=cmp,dc=com"}]}
    Copy


    Example for two Active Directory servers

    Example settings for 2 Active Directory servers

    {
    "servers": [
        {
            "domain" : "first.domain",
            "url" : "ldap://first.com"
        } ,
        {
            "domain" : "second.domain",
            "url" : "ldap://second.com"
        } 
    ]
}

// Don't forget that you have to set it in the <code>application.properties</code> file in one line.
// Like this: { "servers": [    {"domain" : "first.domain", "url" : "ldap://first.com"} , {"domain" : "second.domain", "url" : "ldap://second.com"} ]}
// We only used multi line example for better readability.
    Copy


    Okta integration

    Okta integration is supported for service 'cc-web' from version 23.8.0.

    To integrate Compliance Checker UI (cc-web) with Okta the following configuration steps need to be made:

    • Create App Integration in Okta

      • Log into Okta
      • Select 'Applications'
      • Click 'Create App Integration'
      • Select 'OIDC - OpenID Connect'
      • Select 'Web Application'
      • Set 'App integration name' to a unique name.
      • Set 'Sign-in redirect URIs' to 'https://<cc-web host>/cc-web/authorization-code/callback'
      • Set 'Sign-out redirect URIs' to 'https://<cc-web host>/cc-web/logout'
      • Set 'Assignments' the way you want to control access

    • Add the following lines to cc-web's configuration file (<installdir>/cc-web/application.properties)

      • spring.profiles.active=production,okta
      • okta.oauth2.issuer=<authorization server's issuer URI>
      • okta.oauth2.client-id=<client-id generated by okta>
      • okta.oauth2.client-secret=<client-secret generated by okta>
      • okta.oauth2.redirect-uri=/authorization-code/callback
      • okta.oauth2.post-logout-redirect-uri=https://<cc-web host>/cc-web/logout

    • Custom scopes and groups claim can also be configured if needed by adding the following configs:

      • okta.oauth2.scopes=<comma separated list of scopes>
      • okta.oauth2.groups-claim=<groups claim>

    • If you are running cc-web behind a reverse proxy, be sure to add these configs too:

      • server.use-forward-headers=true
      • server.tomcat.remoteip.remote-ip-header=x-forwarded-for
      • server.tomcat.remoteip.protocol-header=x-forwarded-proto

    • Map Okta groups to desired Compliance Checker roles by editing config 'common.rolesToGroupsMap' in main config file (<installdir>/cc-config/config/application.properties)

    • Restart Compliance Checker services so configurations can take effect

    Note: Okta integration only implemented for Compliance Checker UI (cc-web). To protect the integration endpoints (cc-api) you have to chose from one of the already existing authentication methods.

    Compound Registration integration

    Chemaxon Compound Registration integration has been available since Compliance Checker version 24.3.0. This version supports integration only with on-premise deployments.

    Integrating the Compliance Checker with Chemaxon Compound Registration enables the direct use registration IDs as inputs in Compliance Checker for single and file checks, as well as API calls, without the need to manually or programmatically translate them into other known chemical formats such as SMILES. The supported ID types include: PCN (Parent Compound Number), CN (Compound Number), LN (Lot Number) and LnbRef (Laboratory NoteBook Reference). Please refer to the ID types defined on this Definition of Terms page.

    To integrate, follow these configuration steps:

    1. Register Compliance Checker as a trusted 3rd party client in Compound Registration following the steps describend in Compound Registration - Authentication for trusted 3rd party clients.

    2. Add the following lines to the application.properties file of Compliance Checker:

      compound-registration.uri=https://<Compound Registration host>/RegistryCxn/rest
compound-registration.api-client=<client name set in the previous step>
compound-registration.api-secret=<symmetric authentication key set in the previous step>
compound-registration.id-pattern=<regular expression matching possible IDs>
      Copy

    3. Restart the Compliance Checker

    4. After restarting, single and file checks, as well as API endpoint checks, should be able to resolve compounds that were previously registered in Compound Registration.

    Please note that the URI following the Compound Registration host may vary and depending on your specific deployment. Any change to the config options listed above will require a restart of Compliance Checker.

    The id-pattern must be a valid Java Regular Expression. Since regular expressions might contain the backslash \ character, which is interpreted as a special-purpose character while the application is parsing the application.properties configuration file, escaping backlashes with double backslashes is necesary. This pattern is intended to describe all possible registration IDs to be checked by the Compliance Checker application. If a pattern matches an input, but it is not found in Compound Registration, the check will fail.

    Before proceeding with the integration of your systems, we strongly recommend scheduling a consultation to discuss the security aspects involved.

    Merge specific rules into the Knowledge Base

    Chemical substances can be checked against some special (e.g. company-specific) rules, too.

    MRV files should be created from these rules - with the same data structure as the main Knowledge Base. An MRV file for the specific rules ( rule_structures.mrv ) and another MRV file for the specific exceptions ( exclusion_structures.mrv ).

    These files should be copied to the Chemaxon_home/compliancechecker/user folder. (I.e. to the "user" subfolder of the "database" folder. The cc_backend startup process creates that folder with empty MRV files - but these files will never be overwritten automatically.)

    Compliance Checker should be restarted to merge these specific rules into the main Knowledge Base.

    Installing to Multiple Hosts

    If you distribute the system you should set the following settings to the services:

    Config server

    Config server is the route of the hierarchy. It should register with Eureka service. If Eureka does not run in localhost:8761 (8761 is the default Eureka port) then you have to set the following property in the application.properties file:

    eureka.client.serviceUrl.defaultZone=http\://<eureka-hostname>\:<eureka-port>/eureka/

    If Eureka runs locally for the Config Server , but it is a remote service for the other services, then you should set the above property with an address that is available for all services, because this setting will be populated to all services.

    Eureka server

    Eureka server is used by all the services. It uses the Config Server to init itself. If the Config Server does not run in localhost:8888 (8888 is the default Config Server port), then you can have to set the following property in bootstrap.properties file:

    spring.cloud.config.uri=http\://<config-server-host>\:<config-server-port>/


    Configuring the war files

    The main components of the application come in 4 war files: cc-backend.war, cc-bigdata.war, cc-web.war, cc-api.

    Every war file uses the Config Server to init itself. If the Config Server does not run in localhost:8888, then you have to set for the components where to find the Config Server. One opportunity is to set the CONFIG_SERVER_URI environment variable, or to edit the bootstrap.properties file next to each war file. Or you can set in it in their .vmoptions file. Setting environment variable in unix

    export CONFIG_SERVER_URI = http://<config-server-host>:<config-server-port>/

    Setting environment variable in windows command line

    CONFIG_SERVER_URI = http://<config-server-host>:<config-server-port>/

    Set environment variables in .vmoption file

    -DCONFIG_SERVER_URI=http://<config-server-host>:<config-server-port>/

    Editing bootstrap.properties file

    spring.cloud.config.uri=http\://<config-server-host>\:<config-server-port>/

    This property will be used in startup time to connect to the Config Server and receive all the properties to use in initialization.

    SSL

    While it is possible to configure the cc-web service to enable SSL so that the users can access the UI directly via HTTPS, we would first recommend to consider the option of using an application load balancer or reverse proxy (such as NGINX) with SSL termination.

    In order to enable SSL for cc-web via its configuration, please follow the next steps:

    1. Obtain your certificate file.
    2. Import the certificate using the keytool command of your Java distribution. The exact way of doing this is out of the scope of this documentation as it depends on many factors such as the format of the certificate, which certificate store is supposed to be used, etc.
    3. Add the following lines below to cc-web's configuration file (<installdir>/cc-web/application.properties):
    eureka.instance.non-secure-port-enabled=false
eureka.instance.secure-port-enabled=true
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=<format>
# The path to the keystore containing the certificate
server.ssl.key-store=<path to jks file>
# The password used to generate the certificate
server.ssl.key-store-password=<password>
# The alias mapped to the certificate
server.ssl.key-alias=<alias>
    Copy