diff --git a/content/en/docs/refguide/runtime/custom-settings/_index.md b/content/en/docs/refguide/runtime/custom-settings/_index.md
index 292d41630f4..18c2e71d4a9 100644
--- a/content/en/docs/refguide/runtime/custom-settings/_index.md
+++ b/content/en/docs/refguide/runtime/custom-settings/_index.md
@@ -47,15 +47,15 @@ The following custom settings can be configured:
| Name | Description | Default Value |
| --- | --- | --- |
| ApplicationRootUrl | see [ApplicationRootUrl](#applicationrooturl-section), below | In Mendix Cloud, https://\[domain\].mendixcloud.com |
-| CACertificates | A comma-separated list of paths to CA certificates. Example: `D:\App\CA1.pem, D:\App\CA2.pem, D:\App\CA3.pem, D:\App\CA4.pem` | |
-| ClientCertificatePasswords | Comma-separated list of passwords for Client Certificates (should match the **ClientCertificates** order). Example: `pwd1, pwd2, pwd3, pwd4` | |
-| ClientCertificates | Comma-separated list of paths to Client Certificates. Example: `D:\App\Mx1.pfx, D:\App\Mx2.pfx, D:\App\Mx3.pfx, D:\App\Mx4.pfx` | |
-| ClientCertificateUsages | Only use this when you have multiple client certificates and you want to configure specific certificates for specific servers.
This setting defines which service must use which client certificate. See **NoClientCertificateUsages** if you want to make sure that no client certificate is used for a certain host or web service. The value of **ClientCertificateUsages** must be a comma-separated list of key/value items. A key/value item must be specified as `"identifier": "path to certificate"`.
For web services, use the imported web service name as the identifier.
For REST services, use the host name of the remote server as the identifier.
Please note that any backslash in the path must be doubled. The whole value must be enclosed by braces (`{ }`). For example: {{< figure src="/attachments/refguide/runtime/custom-settings/code_snippet.png" class="no-border" >}} | |
-| NoClientCertificateUsages | Comma-separated list of host names or imported web service names that should never be contacted using a client certificate. | |
+| CACertificates | A comma-separated list of paths to CA certificates. Example: `D:\App\CA1.pem, D:\App\CA2.pem, D:\App\CA3.pem, D:\App\CA4.pem` | |
+| ClientCertificatePasswords | Comma-separated list of passwords for Client Certificates (should match the **ClientCertificates** order). Example: `pwd1, pwd2, pwd3, pwd4` | |
+| ClientCertificates | Comma-separated list of paths to Client Certificates. Example: `D:\App\Mx1.pfx, D:\App\Mx2.pfx, D:\App\Mx3.pfx, D:\App\Mx4.pfx` | |
+| ClientCertificateUsages | Only use this when you have multiple client certificates and you want to configure specific certificates for specific servers.
This setting defines which service must use which client certificate. See **NoClientCertificateUsages** if you want to make sure that no client certificate is used for a certain host or web service. The value of **ClientCertificateUsages** must be a comma-separated list of key/value items. A key/value item must be specified as `"identifier": "path to certificate"`.
For web services, use the imported web service name as the identifier.
For REST services, use the host name of the remote server as the identifier.
Please note that any backslash in the path must be doubled. The whole value must be enclosed by braces (`{ }`). For example: {{< figure src="/attachments/refguide/runtime/custom-settings/code_snippet.png" class="no-border" >}} | |
+| NoClientCertificateUsages | Comma-separated list of host names or imported web service names that should never be contacted using a client certificate. | |
| ClusterManagerActionInterval | The interval (in milliseconds) used for performing all cluster manager actions. These actions include, unblocking users, and removing invalid sessions. If nothing is specified the interval is half the `SessionTimeout`. | 300000 (5 minutes) |
| com.mendix.core.isClusterSlave | Set to `true` in a high-availability scenario when this is *not* the [Cluster Leader](/refguide/clustered-mendix-runtime/#cluster-leader-follower). The buildpack will usually enforce this setting, but it may need to be set for some on-premises deployments. | `false` |
| com.mendix.core.LenientDateTimeParsing | When set to `true`, the `parseDateTime` function will use more lenient parsing, as it did in Mendix 9. For example `parseDateTime("yyyyMMdd", "2021-11-10")` will return `2020-11-01` as a date if this is set to true, which is probably not the intended result.. If set to `false`, which is the default, this example will throw an error as it is expecting `20211110`. It is recommended to not enable this setting to avoid unexpected results. | `false` |
-| com.mendix.core.SameSiteCookies | The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) property can be included in all cookies that are returned by the embedded HTTP server. The possible values are `Strict`, `Lax`, and `None`. The default is `Strict`. Setting it to `None` is typically needed only when an application is embedded in an iframe of another application with a different domain. Newer browsers may require the connection to be secure (HTTPS) when set to `None`. If the connection is plain HTTP, then this setting must be changed to `Strict` (recommended) or `Lax`. | |
+| com.mendix.core.SameSiteCookies | The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) property can be included in all cookies that are returned by the embedded HTTP server. The possible values are `Strict`, `Lax`, and `None`. The default is `Strict`. Setting it to `None` is typically needed only when an application is embedded in an iframe of another application with a different domain. Newer browsers may require the connection to be secure (HTTPS) when set to `None`. If the connection is plain HTTP, then this setting must be changed to `Strict` (recommended) or `Lax`. | |
| com.mendix.core.ScheduledEventsCleanupAge | This setting specifies (in milliseconds) how old objects in the System.ScheduledEventInformation table have to be before they are removed from the database. See [Scheduled Events - Legacy](/refguide9/scheduled-events-legacy/#cleanup) for more details. | 365 days for projects migrated from Mendix 9 and 7 days for new projects or projects with an empty database. |
| com.mendix.core.ScheduledEventsCleanupBatchSize | This setting specifies how many System.ScheduledEventInformation objects will be removed from the database each time the ScheduledEventInformation cleanup task runs. See [Scheduled Events - Legacy](/refguide9/scheduled-events-legacy/#cleanup) for more details. | 10000 |
| com.mendix.core.SessionIdCookieName | Defines the name of the cookie value which represents the session ID. Can be useful to change when running in a container which assumes a certain name for the session cookie. | XASSESSIONID |
@@ -71,7 +71,7 @@ The following custom settings can be configured:
| http.client.MaxConnectionsPerRoute | The [maximum number of connections for a route](https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setMaxConnPerRoute(int)) for call REST service and call web service activities.
{{% alert color="warning" %}}If your app uses these calls, it is strongly recommended that this value is increased. The default could prevent multiple end-users accessing the API simultaneously. A good value is around the number of concurrent users you expect, with a maximum of 250. The value of `http.client. MaxConnectionsTotal` may also need to increase.{{% /alert %}} | 2 |
| http.client.MaxConnectionsTotal | The [maximum number of connections allowed across all routes](https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setMaxConnTotal(int)) for the call REST service and call web service activities.
{{% alert color="warning" %}}If you change the value of `http.client. MaxConnectionsPerRoute`, you will need to increase this value in line with that, up to a maximum of 250.{{% /alert %}} | 20 |
| JavaKeyStorePassword | Password for the default Java keystore. | changeit |
-| MyScheduledEvents | A comma-separated string with the names of the events. Please don't forget the name of the module (a name can be, for example, `CRM.UpdateCustomerStatistics`). {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}}| |
+| MyScheduledEvents | A comma-separated string with the names of the events. Please don't forget the name of the module (a name can be, for example, `CRM.UpdateCustomerStatistics`). {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}} | |
| ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide/scheduled-events/) in Studio Pro.{{% /alert %}} {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}} | NONE |
| SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) |
| SessionTimeout | Defines after how much time a session becomes invalid (in milliseconds). After that timeout, a session becomes eligible for removal. The session will not be destroyed until the next time a scheduled task runs to clean up the active sessions.
{{% alert color="warning" %}} Sessions can be removed immediately by a query to the runtime after the session becomes eligible for removal. Navigating between pages is not enough to trigger a query to the runtime. To force a query to the runtime, use a microflow. For example, create a microflow that shows the Home page, then configure your app's navigation to call this microflow rather than relying on the navigation to directly show the page itself. This will ensure the runtime is queried and the user session is removed. {{% /alert %}} | 600000 (10 minutes) |
@@ -132,17 +132,17 @@ The settings below influence the behavior of the log files. These settings can o
| Name | Description | Default Value |
| --- | --- | --- |
-| ClientQueryTimeout | Defines the timeout in seconds for most of the database queries which are executed to load data into client widgets, like data grids. After the duration as specified here, a query will be canceled and an exception will be thrown. | |
+| ClientQueryTimeout | Defines the timeout in seconds for most of the database queries which are executed to load data into client widgets, like data grids. After the duration as specified here, a query will be canceled and an exception will be thrown. | |
| DatabaseType | Defines the database engine which is used as the Mendix database. Valid values are `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, and `SQLSERVER`. | |
| DatabaseUserName | Name required for authentication to the database. | |
| DatabasePassword | Password for the `DatabaseUserName` supplied above. | |
| DatabaseHost | The host name and optionally the TCP port number of the database. Use a colon (`:`) as separator between the host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, and`10.0.0.5:1433`\. It is possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`).
This will be overridden if you supply [DatabaseJdbcUrl](#DatabaseJdbcUrl). | |
| DatabaseName | The name of the database or schema used by the Mendix app
Some database types require this even if a `DatabaseJdbcUrl` is defined. | |
-| DatabaseJdbcUrl | Defines the JDBC URL to use for the database connection (which overrides the other database connection settings). | |
+| DatabaseJdbcUrl | Defines the JDBC URL to use for the database connection (which overrides the other database connection settings). | |
| DatabaseUseSsl | When `true`, the connection will be made using SSL without certificate validation. If you need certificate validation, use [DatabaseJdbcUrl](#DatabaseJdbcUrl) instead.
When `false`, the connection will be made without SSL (this is only relevant for SQL Server, which uses SSL by default). | |
| DatabaseUseIntegratedSecurity | This setting defines whether integrated security will be used to authenticate to SQL Server. If true, user name and password will not be used.
Ensure that the proper domain user for accessing the SQL Server is authenticated on the runtime server using the `kinit` command. | false |
-| LogMinDurationQuery | Defines whether database queries are logged via the `ConnectionBus_Queries` log node if they finished after the number of milliseconds specified here. By default, only the relevant SQL query will be logged. Set the log level of the `ConnectionBus_Queries` log node to `TRACE` to show more information about the page or the microflow which leads to this query. | |
-| OracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS. | |
+| LogMinDurationQuery | Defines whether database queries are logged via the `ConnectionBus_Queries` log node if they finished after the number of milliseconds specified here. By default, only the relevant SQL query will be logged. Set the log level of the `ConnectionBus_Queries` log node to `TRACE` to show more information about the page or the microflow which leads to this query. | |
+| OracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS. | |
| DataStorage.EnableDiagnostics | This setting can be used to generate a uniqueness constraint violation report. | false |
| UseNetworkTimeout | This setting is applied to PostgreSQL. It affects the timeout mechanism used when reserving new ids for Mendix objects. If set to true, the socket level request timeout is used. In that case, the request timeout is handled within the operating system. If set to false, the timeout is handled by Mendix runtime. For other databases, timeouts are always handled by Mendix runtime. | true |
| JdbcLoginTimeout | This setting defines the database connection establishment time in milliseconds. | 5000 (5 seconds) |
@@ -177,16 +177,16 @@ Before the data copying process starts, the main database structure will be gene
| Name | Value | Default Value |
| --- | --- | --- |
-| SourceBuiltInDatabasePath | Defines the file location of the built-in source database. This setting is only necessary if a non-default location of the built-in database has to be used to copy the data from. | [deployment folder]/data/database |
-| SourceDatabaseHost | The host name and optionally the TCP port number of the source database. Use a colon as separator between host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, or `10.0.0.5:1433`. It's possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`). | |
-| SourceDatabaseJdbcUrl | Defines the JDBC URL to use for the source database connection (which overrides the other source database connection settings). This feature is not supported for PostgreSQL databases. | |
-| SourceDatabaseName | The name of the source database. | |
-| SourceDatabasePassword | The password for the connection to the source database. | |
-| SourceDatabaseType | The type of the source database. Possible values: `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, or `SQLSERVER`. | |
+| SourceBuiltInDatabasePath | Defines the file location of the built-in source database. This setting is only necessary if a non-default location of the built-in database has to be used to copy the data from. | [deployment folder]/data/database |
+| SourceDatabaseHost | The host name and optionally the TCP port number of the source database. Use a colon as separator between host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, or `10.0.0.5:1433`. It's possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`). | |
+| SourceDatabaseJdbcUrl | Defines the JDBC URL to use for the source database connection (which overrides the other source database connection settings). This feature is not supported for PostgreSQL databases. | |
+| SourceDatabaseName | The name of the source database. | |
+| SourceDatabasePassword | The password for the connection to the source database. | |
+| SourceDatabaseType | The type of the source database. Possible values: `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, or `SQLSERVER`. | |
| SourceDatabaseUseIntegratedSecurity | This setting defines whether integrated security will be used to authenticate to SQL Server. If true, user name and password will not be used. See [DatabaseUseIntegratedSecurity](#DatabaseUseIntegratedSecurity) for more information. | false |
-| SourceDatabaseUseSsl | When `true`, the connection to the source database will be made using SSL without certificate validation. If you need certificate validation, use [SourceDatabaseJdbcUrl](#SourceDatabaseJdbcUrl) instead.
When `false`, the connection to the source database will be made without SSL (this is only relevant for SQL Server, which uses SSL by default). | |
-| SourceDatabaseUserName | The user name for the connection to the source database. | |
-| SourceOracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS as source. | |
+| SourceDatabaseUseSsl | When `true`, the connection to the source database will be made using SSL without certificate validation. If you need certificate validation, use [SourceDatabaseJdbcUrl](#SourceDatabaseJdbcUrl) instead.
When `false`, the connection to the source database will be made without SSL (this is only relevant for SQL Server, which uses SSL by default). | |
+| SourceDatabaseUserName | The user name for the connection to the source database. | |
+| SourceOracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS as source. | |
## S3 Storage Service Settings {#amazon-s3-storage-service-settings}
@@ -198,15 +198,15 @@ For deployments to Mendix Cloud, SAP BTP, and Mendix on Kubernetes, these settin
| Name | Description | Default Value |
| --- | --- | --- |
-| com.mendix.storage.s3.AccessKeyId | Acts as the username to authenticate with the S3 service. | |
-| com.mendix.storage.s3.SecretAccessKey | Acts as the password to authenticate with the S3 service. | |
-| com.mendix.storage.s3.BucketName | Name of the bucket where the files are stored on S3. | |
-| com.mendix.storage.s3.ResourceNamePrefix | Prefix for the keys under which objects are stored. Separators are not added automatically to keys. For keys like `prefix/key1`, `com.mendix.storage.s3.ResourceNamePrefix` should have value `prefix/`. | |
-| com.mendix.storage.s3.ResourceNameSuffix | Suffix for the keys under which objects are stored. This can be used when S3 buckets are divided into different segments for different users with different credentials (for example, store objects as `[key].customer1` for customer1 and as `[key].customer2` for customer2). Separators are not added automatically to keys. For keys like `key1.customer1`, `com.mendix.storage.s3.ResourceNameSuffix` should have value `.customer1`. | |
-| com.mendix.storage.s3.Region | Sets the region in which the S3 bucket is located. This will be used to determine the service endpoint, unless overridden in **com.mendix.storage.s3.EndPoint**. This setting will also be used as the signing region for requests.
In Mendix version 11.6.0 and above, this setting is mandatory. The runtime will not start if this setting is not configured. {{% alert color="warning" %}}Using an incorrect region can lead to the following errors:
`Unable to load region from any of the providers in the chain.`
`The bucket you are attempting to access must be addressed using the specified endpoint.`
`The authorization header is malformed; the region 'us-east-1' is wrong.`{{% /alert %}} | |
-| com.mendix.storage.s3.EndPoint | Overrides the default endpoint. This setting is required when the storage is on a non-AWS location (for example, IBM Cloud Object Storage). Both the endpoint (for example, `s3.example.com`) or the full URL (including the protocol) are supported (for example, `https://s3.example.com`). Note that when setting a custom endpoint, path style access will be enabled. For more information, see [Class S3ClientOptions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/S3ClientOptions.html#withPathStyleAccess(boolean)). | |
+| com.mendix.storage.s3.AccessKeyId | Acts as the username to authenticate with the S3 service. | |
+| com.mendix.storage.s3.SecretAccessKey | Acts as the password to authenticate with the S3 service. | |
+| com.mendix.storage.s3.BucketName | Name of the bucket where the files are stored on S3. | |
+| com.mendix.storage.s3.ResourceNamePrefix | Prefix for the keys under which objects are stored. Separators are not added automatically to keys. For keys like `prefix/key1`, `com.mendix.storage.s3.ResourceNamePrefix` should have value `prefix/`. | |
+| com.mendix.storage.s3.ResourceNameSuffix | Suffix for the keys under which objects are stored. This can be used when S3 buckets are divided into different segments for different users with different credentials (for example, store objects as `[key].customer1` for customer1 and as `[key].customer2` for customer2). Separators are not added automatically to keys. For keys like `key1.customer1`, `com.mendix.storage.s3.ResourceNameSuffix` should have value `.customer1`. | |
+| com.mendix.storage.s3.Region | Sets the region in which the S3 bucket is located. This will be used to determine the service endpoint, unless overridden in **com.mendix.storage.s3.EndPoint**. This setting will also be used as the signing region for requests.
In Mendix version 11.6.0 and above, this setting is mandatory. The runtime will not start if this setting is not configured. {{% alert color="warning" %}}Using an incorrect region can lead to the following errors:
`Unable to load region from any of the providers in the chain.`
`The bucket you are attempting to access must be addressed using the specified endpoint.`
`The authorization header is malformed; the region 'us-east-1' is wrong.`{{% /alert %}} | |
+| com.mendix.storage.s3.EndPoint | Overrides the default endpoint. This setting is required when the storage is on a non-AWS location (for example, IBM Cloud Object Storage). Both the endpoint (for example, `s3.example.com`) or the full URL (including the protocol) are supported (for example, `https://s3.example.com`). Note that when setting a custom endpoint, path style access will be enabled. For more information, see [Class S3ClientOptions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/S3ClientOptions.html#withPathStyleAccess(boolean)). | |
| com.mendix.storage.s3.UseV2Auth | Lets the authentication policy use `Signature Version 2` instead of the default `Signature Version 4`. Set this setting to `true` when the endpoint does not support `Signature Version 4`.
This setting is not supported in Mendix version 11.6.0 and above. | false |
-| com.mendix.storage.s3.EncryptionKeys | List of keys which can be used to encrypt and decrypt data at rest in S3. The right key to decrypt the data with is automatically selected depending on with which key it was encrypted. Each encryption key consists of a key id, the encryption algorithm and the actual key (Base64 encoded).
In Mendix version 11.6.0 and above, only AES encryption algorithm is supported. See [S3 Encryption Key Update](/refguide/s3-encryption-key-update/) for migration information and how to configure the setting. | |
+| com.mendix.storage.s3.EncryptionKeys | List of keys which can be used to encrypt and decrypt data at rest in S3. The right key to decrypt the data with is automatically selected depending on with which key it was encrypted. Each encryption key consists of a key id, the encryption algorithm and the actual key (Base64 encoded).
In Mendix version 11.6.0 and above, only AES encryption algorithm is supported. See [S3 Encryption Key Update](/refguide/s3-encryption-key-update/) for migration information and how to configure the setting. | |
| com.mendix.storage.s3.ForceGlobalBucketAccessEnabled | The value `true` allows the server to route requests to a different region than specified in these settings (`false` disallows it). | true |
| com.mendix.storage.s3.MaxConnections | Overrides the default maximum connections limit in the S3 service. The default value is enough for most applications, so we do not recommend explicitly setting this to a custom value unless a larger maximum connections limit is absolutely necessary. | [DEFAULT_MAX_CONNECTIONS](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS) field of the ClientConfiguration interface in the AWS SDK for Java. |
| com.mendix.storage.s3.ClientExecutionTimeout | Sets the amount of time (in milliseconds) to allow a call to the storage service to complete. A value of `0` means no timeout. For more information, see the [AWS Java SDK](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#setClientExecutionTimeout-int-). | 0 (no timeout) |
@@ -227,11 +227,11 @@ First, you need to create an Azure SQL database (for information on how to do th
| Name | Description | Default Value |
| --- | --- | --- |
-| DatabaseType | `SQLSERVER` | |
-| DatabaseHost | `"your-database-host.database.windows.net:1433"` | |
-| DatabaseName | `your-databasename` | |
-| DatabaseUserName | `your-username` | |
-| DatabasePassword | `your-password` | |
+| DatabaseType | `SQLSERVER` | |
+| DatabaseHost | `"your-database-host.database.windows.net:1433"` | |
+| DatabaseName | `your-databasename` | |
+| DatabaseUserName | `your-username` | |
+| DatabasePassword | `your-password` | |
{{% alert color="info" %}}
An alternative to using `DatabaseUserName` and `DatabasePassword` is appending `Authentication=ActiveDirectoryDefault` to the [`DatabaseJdbcUrl`](#DatabaseJdbcUrl) setting.
@@ -248,13 +248,13 @@ For deployments to Mendix Cloud, SAP BTP, and Mendix on Kubernetes, these settin
| Name | Description | Default Value |
| --- | --- | --- |
-| com.mendix.core.StorageService | Has to be set to `com.mendix.storage.azure` to select Azure as the storage service. | |
-| com.mendix.storage.azure.AccountName | Account name to authenticate with the Azure blob storage service. | |
-| com.mendix.storage.azure.AccountKey | Account key to authenticate with the Azure blob storage service. | |
-| com.mendix.storage.azure.SharedAccessSignature | Provides delegated access to resources in your storage account. For more information, see [Shared Access Signature on docs.microsoft.com](https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1). | |
-| com.mendix.storage.azure.UseDefaultAzureCredential | Enables the use of the credential information present in the running environment. For more information, see [DefaultAzureCredential](https://learn.microsoft.com/en-us/java/api/overview/azure/identity-readme?view=azure-java-stable#defaultazurecredential) on Microsoft Learn. | |
-| com.mendix.storage.azure.BlobEndpoint¹ | Set the blob endpoint. This setting is required when authentication by `SharedAccessSignature` or `UseDefaultAzureCredential` is used. | |
-| com.mendix.storage.azure.Container | Name of the container containing the blob. | |
+| com.mendix.core.StorageService | Has to be set to `com.mendix.storage.azure` to select Azure as the storage service. | |
+| com.mendix.storage.azure.AccountName | Account name to authenticate with the Azure blob storage service. | |
+| com.mendix.storage.azure.AccountKey | Account key to authenticate with the Azure blob storage service. | |
+| com.mendix.storage.azure.SharedAccessSignature | Provides delegated access to resources in your storage account. For more information, see [Shared Access Signature on docs.microsoft.com](https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1). | |
+| com.mendix.storage.azure.UseDefaultAzureCredential | Enables the use of the credential information present in the running environment. For more information, see [DefaultAzureCredential](https://learn.microsoft.com/en-us/java/api/overview/azure/identity-readme?view=azure-java-stable#defaultazurecredential) on Microsoft Learn. | |
+| com.mendix.storage.azure.BlobEndpoint¹ | Set the blob endpoint. This setting is required when authentication by `SharedAccessSignature` or `UseDefaultAzureCredential` is used. | |
+| com.mendix.storage.azure.Container | Name of the container containing the blob. | |
| com.mendix.storage.azure.CreateContainerIfNotExists | Indicates whether to check if the container exists, and creates it if it does not exist. | `true` |
| com.mendix.storage.azure.ParallelismFactor | Maximum number of parallel multi-part file uploads/downloads. We advise not changing this setting unless you experience slow file transfers for large files. Choosing larger values will lead to higher memory usage. | 5 |
| com.mendix.storage.azure.UseHttps | For enabling or disabling secure connections using HTTPS. Can be `true` or `false`. | `true` |
@@ -285,7 +285,7 @@ The settings below influence the behavior of the Mendix web client.
| --- | --- | --- |
| EnableKeepAlive | Defines whether the web client sends a keep alive request every `SessionTimeout`/2 milliseconds in order to prevent a session timeout. Each click in the browser also acts as `KeepAlive`. Disabling this property will result in the user being logged out automatically after `SessionTimeout` milliseconds of inactivity (default 10 minutes), even if the browser remains open. See `SessionTimeout` in the next section for more information. | true |
| com.mendix.webui.AuthTokenTimeout | Determines how many minutes your token will remain valid before re-authenticating using your full credentials. If no value is set, the token will expire after One year. | Introduced in Mendix 11.3. Use [com.mendix.webui.HybridAppLoginTimeOut](#commendixwebuiHybridAppLoginTimeOut) in earlier versions. |
-| com.mendix.webui.HybridAppLoginTimeOut | Legacy alias of com.mendix.webui.AuthTokenTimeout | |
+| com.mendix.webui.HybridAppLoginTimeOut | Legacy alias of com.mendix.webui.AuthTokenTimeout | |
| com.mendix.webui.FeedbackSizeWarningThreshold | A warning is logged when the feedback size exceeds the threshold. Feedback is sent from server to client to instruct (for example, to refresh objects or to open a page). They are serialized as "instructions" in the server response. If there are too many instructions, this can have performance implications, as they all have to be serialized to the client. For this reason, a warning is logged when the threshold is exceeded. | 5000 |
| com.mendix.webui.StateSizeWarningThreshold | A warning is logged when the state size exceeds the threshold. The state consists of changes in objects and of objects not committed to the database (yet). If there is too much state, this will have performance implications, as the whole state has to be serialized to the client. For this reason, a warning is logged when the threshold is exceeded. | 100 |
| com.mendix.webui.CommittedObjectsThreshold | The threshold controls how much data is sent back to the client after executing a microflow. By default, we send back full objects when they are changed or committed. When this threshold is reached, only object GUIDs are sent back instead so that the client knows about the changes while the amount of data sent over the network is reduced. The client will then retrieve the objects later on, if needed. | 100 |
@@ -297,26 +297,49 @@ The settings below configure metrics through [micrometer](https://micrometer.io/
| Name | Description | Default Value |
| --- | --- | --- |
| com.mendix.metrics.Type | Enable access to Micrometer metrics through Java APIs | micrometer |
-| Metrics.Registries | Registries to send metrics to | |
-| Metrics.ApplicationTags | Common tags used for every meter | |
+| Metrics.Registries | Registries to send metrics to | |
+| Metrics.ApplicationTags | Common tags used for every meter | |
## Proxy Settings {#proxy-settings}
-The settings below allow you to use a proxy.
+### Http(s) Connections
-{{% alert color="warning" %}}
-These settings have to be set as JVM properties, not as custom Runtime settings.
-{{% /alert %}}
+The settings below configure the app to use a proxy for all connections, whether they are using the HTTP or HTTPS protocol. They are used in the following circumstances:
+
+ 1. In the integration microflow activities [call web service](/refguide/call-web-service-action/), [call REST service](/refguide/call-rest-action/), [send REST request](/refguide/send-rest-request/), and [call external action](/refguide/call-external-action/).
+ 2. In the external object microflow activities [send external object](/refguide/send-external-object/) and [delete external object](/refguide/delete-external-object/).
+ 3. When retrieving an external entity data using a [consumed OData service](/refguide/consumed-odata-service/).
+ 4. When calling the Mendix runtime API [Core.Http().executeHttpRequest](https://apidocs.rnd.mendix.com/11/runtime/com/mendix/http/Http.html) and [HttpConfiguration.getInstance().getProxyConfiguration()](https://apidocs.rnd.mendix.com/11/runtime/com/mendix/http/IHttpConfiguration.html).
+
+These settings can be set either as JVM properties or as custom Runtime settings. When both the JVM property and custom runtime setting are set, the app uses the custom runtime setting.
| Name | Description | Default Value |
| --- | --- | --- |
-| http.proxyHost | Defines the hostname of the HTTP proxy server. | |
-| http.proxyPort | Defines the port number of the HTTP proxy server. | |
+| http.proxyHost | Defines the hostname of the HTTP proxy server. | |
+| http.proxyPort | Defines the port number of the HTTP proxy server. | |
| http.proxyUser | Defines the user of the HTTP proxy server. | |
| http.proxyPassword | Defines the password of the HTTP proxy server. | |
-| https.proxyHost | Defines the hostname of the HTTPS proxy server. | |
-| https.proxyPort | Defines the port number of the HTTPS proxy server. | |
+
+{{% alert color="info" %}}
+The `http.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}
+
+### License Server
+
+The settings below configure the app to use a proxy to reach the Mendix license server.
+
+{{% alert color="info" %}}
+These settings have to be set as JVM properties, not as custom runtime settings.
+{{% /alert %}}
+
+| Name | Description | Default Value |
+| --- | --- | --- |
+| https.proxyHost | Defines the hostname of the HTTPS proxy server. | |
+| https.proxyPort | Defines the port number of the HTTPS proxy server. | |
| https.proxyUser | Defines the user of the HTTPS proxy server. | |
| https.proxyPassword | Defines the password of the HTTPS proxy server. | |
+| https.nonProxyHosts | Defines a list of hosts that should be reached directly, bypassing the proxy. This is a list of patterns separated by '|'. The patterns may start or end with a '*' for wildcards. | |
-{{% alert color="info" %}} `http.nonProxyHosts` only affects the license server. {{% /alert %}}
+{{% alert color="info" %}}
+The `https.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}
diff --git a/content/en/docs/refguide10/runtime/custom-settings/_index.md b/content/en/docs/refguide10/runtime/custom-settings/_index.md
index 68d80e20b7e..8c854ef5c83 100644
--- a/content/en/docs/refguide10/runtime/custom-settings/_index.md
+++ b/content/en/docs/refguide10/runtime/custom-settings/_index.md
@@ -304,11 +304,16 @@ The settings below configure metrics through [micrometer](https://micrometer.io/
## Proxy Settings {#proxy-settings}
-The settings below allow you to use a proxy.
+### Http(s) Connections
-{{% alert color="warning" %}}
-These settings have to be set as JVM properties, not as custom Runtime settings.
-{{% /alert %}}
+The settings below configure the app to use a proxy for all connections, whether they are using the HTTP or HTTPS protocol. They are used in the following circumstances:
+
+ 1. In the integration microflow activities [call web service](/refguide10/call-web-service-action/), [call REST service](/refguide10/call-rest-action/), [send REST request](/refguide10/send-rest-request/), and [call external action](/refguide10/call-external-action/).
+ 2. In the external object microflow activities [send external object](/refguide10/send-external-object/) and [delete external object](/refguide10/delete-external-object/).
+ 3. When retrieving an external entity data using a [consumed OData service](/refguide10/consumed-odata-service/).
+ 4. When calling the Mendix runtime API [Core.Http().executeHttpRequest](https://apidocs.rnd.mendix.com/10/runtime/com/mendix/http/Http.html) and [HttpConfiguration.getInstance().getProxyConfiguration()](https://apidocs.rnd.mendix.com/10/runtime/com/mendix/http/IHttpConfiguration.html).
+
+These settings can be set either as JVM properties or as custom Runtime settings. When both the JVM property and custom runtime setting are set, the app uses the custom runtime setting.
| Name | Description | Default Value |
| --- | --- | --- |
@@ -316,9 +321,27 @@ These settings have to be set as JVM properties, not as custom Runtime settings.
| http.proxyPort | Defines the port number of the HTTP proxy server. | |
| http.proxyUser | Defines the user of the HTTP proxy server. | |
| http.proxyPassword | Defines the password of the HTTP proxy server. | |
+
+{{% alert color="info" %}}
+The `http.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}
+
+### License Server
+
+The settings below configure the app to use a proxy to reach the Mendix license server.
+
+{{% alert color="info" %}}
+These settings have to be set as JVM properties, not as custom runtime settings.
+{{% /alert %}}
+
+| Name | Description | Default Value |
+| --- | --- | --- |
| https.proxyHost | Defines the hostname of the HTTPS proxy server. | |
| https.proxyPort | Defines the port number of the HTTPS proxy server. | |
| https.proxyUser | Defines the user of the HTTPS proxy server. | |
| https.proxyPassword | Defines the password of the HTTPS proxy server. | |
+| https.nonProxyHosts | Defines a list of hosts that should be reached directly, bypassing the proxy. This is a list of patterns separated by '|'. The patterns may start or end with a '*' for wildcards. | |
-{{% alert color="info" %}} `http.nonProxyHosts` only affects the license server. {{% /alert %}}
+{{% alert color="info" %}}
+The `https.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}
diff --git a/content/en/docs/refguide9/runtime/custom-settings/_index.md b/content/en/docs/refguide9/runtime/custom-settings/_index.md
index 3134fac5e5a..424884847c2 100644
--- a/content/en/docs/refguide9/runtime/custom-settings/_index.md
+++ b/content/en/docs/refguide9/runtime/custom-settings/_index.md
@@ -41,15 +41,15 @@ The following custom settings can be configured:
| Name | Description | Default Value |
| --- | --- | --- |
| ApplicationRootUrl | Can be used within Java actions to get the public location of the application. Useful when the HOST header is not available, for example when including a URL to the application when sending emails from a scheduled event. | In Mendix Cloud, https://\[domain\].mendixcloud.com |
-| CACertificates | A comma-separated list of paths to CA certificates. | |
-| ClientCertificatePasswords | Comma-separated list of passwords for Client Certificates (should match the **ClientCertificates** order). Example: `pwd1, pwd2, pwd3, pwd4` | |
-| ClientCertificates | Comma-separated list of paths to Client Certificates. Example: `D:\App\Mx1.pfx, D:\App\Mx2.pfx, D:\App\Mx3.pfx, D:\App\Mx4.pfx` | |
-| ClientCertificateUsages | Only use this when you have multiple client certificates and you want to configure specific certificates for specific servers.
This setting defines which service must use which client certificate. See **NoClientCertificateUsages** if you want to make sure that no client certificate is used for a certain host or web service. The value of **ClientCertificateUsages** must be a comma-separated list of key/value items. A key/value item must be specified as `"identifier": "path to certificate"`.
For web services, use the imported web service name as the identifier.
For REST services, use the host name of the remote server as the identifier.
Please note that any backslash in the path must be doubled. The whole value must be enclosed by braces (`{ }`). For example: {{< figure src="/attachments/refguide9/runtime/custom-settings/code_snippet.png" class="no-border" >}} | |
-| NoClientCertificateUsages | Comma-separated list of host names or imported web service names that should never be contacted using a client certificate. | |
+| CACertificates | A comma-separated list of paths to CA certificates. | |
+| ClientCertificatePasswords | Comma-separated list of passwords for Client Certificates (should match the **ClientCertificates** order). Example: `pwd1, pwd2, pwd3, pwd4` | |
+| ClientCertificates | Comma-separated list of paths to Client Certificates. Example: `D:\App\Mx1.pfx, D:\App\Mx2.pfx, D:\App\Mx3.pfx, D:\App\Mx4.pfx` | |
+| ClientCertificateUsages | Only use this when you have multiple client certificates and you want to configure specific certificates for specific servers.
This setting defines which service must use which client certificate. See **NoClientCertificateUsages** if you want to make sure that no client certificate is used for a certain host or web service. The value of **ClientCertificateUsages** must be a comma-separated list of key/value items. A key/value item must be specified as `"identifier": "path to certificate"`.
For web services, use the imported web service name as the identifier.
For REST services, use the host name of the remote server as the identifier.
Please note that any backslash in the path must be doubled. The whole value must be enclosed by braces (`{ }`). For example: {{< figure src="/attachments/refguide9/runtime/custom-settings/code_snippet.png" class="no-border" >}} | |
+| NoClientCertificateUsages | Comma-separated list of host names or imported web service names that should never be contacted using a client certificate. | |
| ClusterManagerActionInterval | The interval (in milliseconds) used for performing all cluster manager actions. These actions include, unblocking users, and removing invalid sessions. If nothing is specified the interval is half the `SessionTimeout`. | 300000 (5 minutes) |
| com.mendix.core.isClusterSlave | Set to `true` in a high-availability scenario when this is *not* the [Cluster Leader](/refguide9/clustered-mendix-runtime/#cluster-leader-follower). The buildpack will usually enforce this setting, but it may need to be set for some on-premises deployments. | `false` |
-| com.mendix.core.SameSiteCookies | The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) property can be included in all cookies that are returned by the embedded HTTP server. The possible values are `Strict`, `Lax`, and `None`. The default is `Strict`. Setting it to `None` is typically needed only when an application is embedded in an iframe of another application with a different domain. Newer browsers may require the connection to be secure (HTTPS) when set to `None`. If the connection is plain HTTP, then this setting must be changed to `Strict` (recommended) or `Lax`. | |
-| com.mendix.core.ScheduledEventsCleanupAge | This setting specifies (in milliseconds) how old objects in the System.ScheduledEventInformation table have to be before they are removed from the database. See [Scheduled Events](/refguide9/scheduled-events-legacy/#cleanup) for more details.
*This setting was introduced in Mendix 9.9.0* | |
+| com.mendix.core.SameSiteCookies | The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) property can be included in all cookies that are returned by the embedded HTTP server. The possible values are `Strict`, `Lax`, and `None`. The default is `Strict`. Setting it to `None` is typically needed only when an application is embedded in an iframe of another application with a different domain. Newer browsers may require the connection to be secure (HTTPS) when set to `None`. If the connection is plain HTTP, then this setting must be changed to `Strict` (recommended) or `Lax`. | |
+| com.mendix.core.ScheduledEventsCleanupAge | This setting specifies (in milliseconds) how old objects in the System.ScheduledEventInformation table have to be before they are removed from the database. See [Scheduled Events](/refguide9/scheduled-events-legacy/#cleanup) for more details.
*This setting was introduced in Mendix 9.9.0* | |
| com.mendix.core.ScheduledEventsCleanupBatchSize | This setting specifies how many System.ScheduledEventInformation objects will be removed from the database each time the ScheduledEventInformation cleanup task runs. See [Scheduled Events - Legacy](/refguide9/scheduled-events-legacy/#cleanup) for more details.
*This setting was introduced in Mendix 9.24.17* | 10000 |
| com.mendix.core.SessionIdCookieName | Defines the name of the cookie value which represents the session ID. Can be useful to change when running in a container which assumes a certain name for the session cookie. | XASSESSIONID |
| com.mendix.core.StorageService | Defines which storage service module will be used. The storage service module takes care of storing the actual files associated with `System.FileDocument` objects, such as uploaded files. Possible values are `com.mendix.storage. localfilesystem`, `com.mendix.storage.s3`, and `com.mendix.storage.azure`. | com.mendix.storage.localfilesystem |
@@ -65,7 +65,7 @@ The following custom settings can be configured:
| http.client.MaxConnectionsTotal | The [maximum number of connections allowed across all routes](https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html#setMaxConnTotal(int)) for the call REST service and call web service activities.
{{% alert color="warning" %}}If you change the value of `http.client. MaxConnectionsPerRoute`, you will need to increase this value in line with that, up to a maximum of 250.{{% /alert %}} | 20 |
| JavaKeyStorePassword | Password for the default Java keystore. | changeit |
| LongLivedSessionTimeout | This setting is the same as `SessionTimeout`, but specific to offline-first progressive web apps. | 604800000 (7 days) |
-| MyScheduledEvents | A comma-separated string with the names of the events. Please don't forget the name of the module (a name can be, for example, `CRM.UpdateCustomerStatistics`). {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}}| |
+| MyScheduledEvents | A comma-separated string with the names of the events. Please don't forget the name of the module (a name can be, for example, `CRM.UpdateCustomerStatistics`). {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}}| |
| RequestHandling.AllowLegacyCookies | Allows violations of RFC 6265 which is enforced since the following versions of Studio Pro: 9.6.18, 9.12.15, 9.18.8, and 9.24.0. See [RFC6265_LEGACY CookieCompliance mode](https://www.eclipse.org/jetty/javadoc/jetty-10/org/eclipse/jetty/http/CookieCompliance.html#RFC6265_LEGACY) for more information. Be aware of the fact that enabling this custom setting exposes your app to CVE-2023-26049. This setting is available in the following versions and above: 9.6.18, 9.12.15, 9.18.8, and 9.24.3. | false |
| ScheduledEventExecution | Specify which scheduled events should be executed. Choices are `ALL`, `NONE`, or `SPECIFIED`. In the case of `SPECIFIED`, enumerate the scheduled events using the `MyScheduledEvents` configuration option described below. {{% alert color="warning" %}}This setting cannot be configured when running locally. To enable and disable scheduled events when running locally, please use the 'Enabled' setting on the [Scheduled Events execution properties](/refguide9/scheduled-events-task-queue/) in Studio Pro.{{% /alert %}} {{% alert color="warning" %}}When running in multiple nodes, each node should have the same value for all runtime settings. Setting different values for different nodes to force specific scheduled events to be executed by specific nodes is not supported. It will not work and can lead to unexpected runtime errors.{{% /alert %}} | NONE |
| SessionKeepAliveUpdatesInterval | Defines how often a runtime writes session LastActive dates in its memory back to the database. | one sixth of the value configured for the `SessionTimeout` setting; if the `SessionTimeout` is not set, this value defaults to 100000 (100 seconds) |
@@ -76,7 +76,7 @@ The following custom settings can be configured:
| TrackWebServiceUserLastLogin | Defines whether to update the web service user's `LastLogin` field on each login. When this happens a database update query has to be sent and this can have performance consequences on heavy load systems. When this setting is set to false, no database interaction is necessary. | true |
| TrackUserLastLoginForODataAndREST | Defines whether to update the user's `LastLogin` field on each interaction with a published OData and REST services. When this happens, a database update query has to be sent, which can have performance consequences on heavy load systems. When this setting is set to `false`, no database interaction is necessary. Ths setting is not available in Studio Pro 10, because this behavior is included in the [TrackWebServiceUserLastLogin](#TrackUserLastLoginForODataAndREST) setting. When setting this value to `false`, make sure to also set [TrackWebServiceUserLastLogin](#TrackUserLastLoginForODataAndREST) to `false` so a future upgrade to Studio Pro 10 keeps the behavior. *This setting was introduced in Studio Pro 9.24.34.* | true |
| UploadedFilesPath | The location of the uploaded files. A valid path can be: `\\FileServer\CustomerPortalFiles`. | [deployment folder]\data\files |
-| mapping.import.MaxJsonReadingLength | The maximum length of the JSON string received from the remote which can be processed with import mapping. Use this setting when you expect a string which is longer than the default. See [Import Mappings](/refguide/import-mappings/#troubleshooting) for more information.
*This setting was introduced in Mendix version 9.24.17.* | 20000000 *(dependent on library version)* |
+| mapping.import.MaxJsonReadingLength | The maximum length of the JSON string received from the remote which can be processed with import mapping. Use this setting when you expect a string which is longer than the default. See [Import Mappings](/refguide9/import-mappings/#troubleshooting) for more information.
*This setting was introduced in Mendix version 9.24.17.* | 20000000 *(dependent on library version)* |
| LastActionExecutionUpdateBatchSize | This setting specifies how many sessions should be updated per batch when updating the `LastActionExecution` attribute in the periodic system task. | 1000 *Introduced in Mendix 9.24.41.* |
| SessionKeepAliveUpdateBatchSize | This setting specifies how many sessions should be updated per batch when updating the `LastActive` attribute in the periodic system task. | 1000 *Introduced in Mendix 9.24.41.* |
@@ -96,17 +96,17 @@ The settings below influence the behavior of the log files. These settings can o
| Name | Description | Default Value |
| --- | --- | --- |
-| ClientQueryTimeout | Defines the timeout in seconds for most of the database queries which are executed to load data into client widgets, like data grids. After the duration as specified here, a query will be canceled and an exception will be thrown. | |
+| ClientQueryTimeout | Defines the timeout in seconds for most of the database queries which are executed to load data into client widgets, like data grids. After the duration as specified here, a query will be canceled and an exception will be thrown. | |
| DatabaseType | Defines the database engine which is used as the Mendix database. Valid values are `DB2`, `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, and `SQLSERVER`. | |
| DatabaseUserName | Name required for authentication to the database. | |
| DatabasePassword | Password for the `DatabaseUserName` supplied above. | |
| DatabaseHost | The host name and optionally the TCP port number of the database. Use a colon (`:`) as separator between the host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, and`10.0.0.5:1433`\. It is possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`).
This will be overridden if you supply [DatabaseJdbcUrl](#DatabaseJdbcUrl). | |
| DatabaseName | The name of the database or schema used by the Mendix app
Some database types require this even if a `DatabaseJdbcUrl` is defined. | |
-| DatabaseJdbcUrl | Defines the JDBC URL to use for the database connection (which overrides the other database connection settings). | |
+| DatabaseJdbcUrl | Defines the JDBC URL to use for the database connection (which overrides the other database connection settings). | |
| DatabaseUseSsl | For PostgreSQL databases, defines whether the connection will be made using SSL without certificate validation. If you need certificate validation, use **DatabaseJdbcUrl** instead. | false |
| DatabaseUseIntegratedSecurity | This setting defines whether integrated security will be used to authenticate to SQL Server. If true, user name and password will not be used.
If the runtime is not running on Windows, it must be instructed to use JavaKerberos authentication: for versions of Mendix below 9.23.0, add `;integratedSecurity=true;authenticationScheme=JavaKerberos` to **DatabaseJdbcUrl**. In addition, ensure that the proper domain user for accessing the SQL Server is authenticated on the runtime server using the `kinit` command. | false |
-| LogMinDurationQuery | Defines whether database queries are logged via the `ConnectionBus_Queries` log node if they finished after the number of milliseconds specified here. By default, only the relevant SQL query will be logged. Set the log level of the `ConnectionBus_Queries` log node to `TRACE` to show more information about the page or the microflow which leads to this query. | |
-| OracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS. | |
+| LogMinDurationQuery | Defines whether database queries are logged via the `ConnectionBus_Queries` log node if they finished after the number of milliseconds specified here. By default, only the relevant SQL query will be logged. Set the log level of the `ConnectionBus_Queries` log node to `TRACE` to show more information about the page or the microflow which leads to this query. | |
+| OracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS. | |
| DataStorage.EnableDiagnostics | This setting can be used to generate a uniqueness constraint violation report. | false |
| UseNetworkTimeout | This setting is applied to PostgreSQL and DB2. It affects the timeout mechanism used when reserving new ids for Mendix objects. If set to true, the socket level request timeout is used. In that case, the request timeout is handled within the operating system. If set to false, the timeout is handled by Mendix runtime. For other databases, timeouts are always handled by Mendix runtime. | true |
| JdbcLoginTimeout | This setting defines the database connection establishment time in milliseconds. | 5000 (5 seconds) |
@@ -141,15 +141,15 @@ Before the data copying process starts, the main database structure will be gene
| Name | Value | Default Value |
| --- | --- | --- |
| SourceBuiltInDatabasePath | Defines the file location of the built-in source database. This setting is only necessary if a non-default location of the built-in database has to be used to copy the data from. | [deployment folder]/data/database |
-| SourceDatabaseHost | The host name and optionally the TCP port number of the source database. Use a colon as separator between host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, or `10.0.0.5:1433`. It's possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`). | |
-| SourceDatabaseJdbcUrl | Defines the JDBC URL to use for the source database connection (which overrides the other source database connection settings). This feature is not supported for PostgreSQL databases. | |
-| SourceDatabaseName | The name of the source database. | |
-| SourceDatabasePassword | The password for the connection to the source database. | |
-| SourceDatabaseType | The type of the source database. Possible values: `DB2`, `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, or `SQLSERVER`. | |
+| SourceDatabaseHost | The host name and optionally the TCP port number of the source database. Use a colon as separator between host name and port number. Possible values are: `db.url.org`, `db.url.org:1521`, `10.0.0.5`, or `10.0.0.5:1433`. It's possible to use a plain IPv6 address by enclosing it in brackets (for example, `[::1]:5432`). | |
+| SourceDatabaseJdbcUrl | Defines the JDBC URL to use for the source database connection (which overrides the other source database connection settings). This feature is not supported for PostgreSQL databases. | |
+| SourceDatabaseName | The name of the source database. | |
+| SourceDatabasePassword | The password for the connection to the source database. | |
+| SourceDatabaseType | The type of the source database. Possible values: `DB2`, `HSQLDB`, `MYSQL`, `ORACLE`, `POSTGRESQL`, `SAPHANA`, or `SQLSERVER`. | |
| SourceDatabaseUseIntegratedSecurity | This setting defines whether integrated security will be used to authenticate to SQL Server. If true, user name and password will not be used. See [DatabaseUseIntegratedSecurity](#DatabaseUseIntegratedSecurity) for more information. | false |
| SourceDatabaseUseSsl | For PostgreSQL databases, defines whether the connection to the source database will be made using SSL. | false |
-| SourceDatabaseUserName | The user name for the connection to the source database. | |
-| SourceOracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS as source. | |
+| SourceDatabaseUserName | The user name for the connection to the source database. | |
+| SourceOracleServiceName | Defines the `SERVICE_NAME` when you have a connection with an Oracle DBMS as source. | |
## S3 Storage Service Settings {#amazon-s3-storage-service-settings}
@@ -161,15 +161,15 @@ For deployments to Mendix Cloud, SAP BTP, and Mendix on Kubernetes, these settin
| Name | Description | Default Value |
| --- | --- | --- |
-| com.mendix.storage.s3.AccessKeyId | Acts as the username to authenticate with the S3 service. | |
-| com.mendix.storage.s3.SecretAccessKey | Acts as the password to authenticate with the S3 service. | |
-| com.mendix.storage.s3.BucketName | Name of the bucket where the files are stored on S3. | |
-| com.mendix.storage.s3.ResourceNamePrefix | Prefix for the keys under which objects are stored. Separators are not added automatically to keys. For keys like `prefix/key1`, `com.mendix.storage.s3.ResourceNamePrefix` should have value `prefix/`. This setting is available in Mendix version 9.24.16 and above. | |
-| com.mendix.storage.s3.ResourceNameSuffix | Suffix for the keys under which objects are stored. This can be used when S3 buckets are divided into different segments for different users with different credentials (for example, store objects as `[key].customer1` for customer1 and as `[key].customer2` for customer2). Separators are not added automatically to keys. For keys like `key1.customer1`, `com.mendix.storage.s3.ResourceNameSuffix` should have value `.customer1`. | |
-| com.mendix.storage.s3.Region | Sets the region in which the S3 bucket is located. This will be used to determine the service endpoint, unless overridden in **com.mendix.storage.s3.EndPoint**. This setting will also be used as the signing region for requests.
In Mendix version 9.24.41 and above, this setting is mandatory. The runtime will not start if this setting is not configured. {{% alert color="warning" %}}Using an incorrect region can lead to the following errors:
`Unable to load region from any of the providers in the chain.`
`The bucket you are attempting to access must be addressed using the specified endpoint.`
`The authorization header is malformed; the region 'us-east-1' is wrong.`{{% /alert %}} | |
-| com.mendix.storage.s3.EndPoint | Overrides the default endpoint. This setting is required when the storage is on a non-AWS location (for example, IBM Cloud Object Storage). Both the endpoint (for example, `s3.example.com`) or the full URL (including the protocol) are supported (for example, `https://s3.example.com`). Note that when setting a custom endpoint, path style access will be enabled. For more information, see [Class S3ClientOptions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/S3ClientOptions.html#withPathStyleAccess(boolean)). | |
+| com.mendix.storage.s3.AccessKeyId | Acts as the username to authenticate with the S3 service. | |
+| com.mendix.storage.s3.SecretAccessKey | Acts as the password to authenticate with the S3 service. | |
+| com.mendix.storage.s3.BucketName | Name of the bucket where the files are stored on S3. | |
+| com.mendix.storage.s3.ResourceNamePrefix | Prefix for the keys under which objects are stored. Separators are not added automatically to keys. For keys like `prefix/key1`, `com.mendix.storage.s3.ResourceNamePrefix` should have value `prefix/`. This setting is available in Mendix version 9.24.16 and above. | |
+| com.mendix.storage.s3.ResourceNameSuffix | Suffix for the keys under which objects are stored. This can be used when S3 buckets are divided into different segments for different users with different credentials (for example, store objects as `[key].customer1` for customer1 and as `[key].customer2` for customer2). Separators are not added automatically to keys. For keys like `key1.customer1`, `com.mendix.storage.s3.ResourceNameSuffix` should have value `.customer1`. | |
+| com.mendix.storage.s3.Region | Sets the region in which the S3 bucket is located. This will be used to determine the service endpoint, unless overridden in **com.mendix.storage.s3.EndPoint**. This setting will also be used as the signing region for requests.
In Mendix version 9.24.41 and above, this setting is mandatory. The runtime will not start if this setting is not configured. {{% alert color="warning" %}}Using an incorrect region can lead to the following errors:
`Unable to load region from any of the providers in the chain.`
`The bucket you are attempting to access must be addressed using the specified endpoint.`
`The authorization header is malformed; the region 'us-east-1' is wrong.`{{% /alert %}} | |
+| com.mendix.storage.s3.EndPoint | Overrides the default endpoint. This setting is required when the storage is on a non-AWS location (for example, IBM Cloud Object Storage). Both the endpoint (for example, `s3.example.com`) or the full URL (including the protocol) are supported (for example, `https://s3.example.com`). Note that when setting a custom endpoint, path style access will be enabled. For more information, see [Class S3ClientOptions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/S3ClientOptions.html#withPathStyleAccess(boolean)). | |
| com.mendix.storage.s3.UseV2Auth | Lets the authentication policy use `Signature Version 2` instead of the default `Signature Version 4`. Set this setting to `true` when the endpoint does not support `Signature Version 4`.
This setting is not supported in Mendix version 9.24.41 and above. | false |
-| com.mendix.storage.s3.EncryptionKeys | List of keys which can be used to encrypt and decrypt data at rest in S3. The right key to decrypt the data with is automatically selected depending on with which key it was encrypted. Each encryption key consists of a key id, the encryption algorithm and the actual key (Base64 encoded).
In Mendix version 9.24.41 and above, only AES encryption algorithm is supported. See [S3 Encryption Key Update](/refguide9/s3-encryption-key-update/) for migration information and how to configure the setting. | |
+| com.mendix.storage.s3.EncryptionKeys | List of keys which can be used to encrypt and decrypt data at rest in S3. The right key to decrypt the data with is automatically selected depending on with which key it was encrypted. Each encryption key consists of a key id, the encryption algorithm and the actual key (Base64 encoded).
In Mendix version 9.24.41 and above, only AES encryption algorithm is supported. See [S3 Encryption Key Update](/refguide9/s3-encryption-key-update/) for migration information and how to configure the setting. | |
| com.mendix.storage.s3.ForceGlobalBucketAccessEnabled | The value `true` allows the server to route requests to a different region than specified in these settings (`false` disallows it). | true |
| com.mendix.storage.s3.MaxConnections | Overrides the default maximum connections limit in the S3 service. The default value is enough for most applications, so we do not recommend explicitly setting this to a custom value unless a larger maximum connections limit is absolutely necessary. | [DEFAULT_MAX_CONNECTIONS](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS) field of the ClientConfiguration interface in the AWS SDK for Java. |
| com.mendix.storage.s3.ClientExecutionTimeout | Sets the amount of time (in milliseconds) to allow a call to the storage service to complete. A value of `0` means no timeout. For more information, see the [AWS Java SDK](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#setClientExecutionTimeout-int-). | 0 (no timeout) |
@@ -190,11 +190,11 @@ First, you need to create an Azure SQL database (for information on how to do th
| Name | Description | Default Value |
| --- | --- | --- |
-| DatabaseType | `SQLSERVER` | |
-| DatabaseHost | `"your-database-host.database.windows.net:1433"` | |
-| DatabaseName | `your-databasename` | |
-| DatabaseUserName | `your-username` | |
-| DatabasePassword | `your-password` | |
+| DatabaseType | `SQLSERVER` | |
+| DatabaseHost | `"your-database-host.database.windows.net:1433"` | |
+| DatabaseName | `your-databasename` | |
+| DatabaseUserName | `your-username` | |
+| DatabasePassword | `your-password` | |
## Microsoft Azure Blob Storage Settings{#azure-blob}
@@ -206,12 +206,12 @@ For deployments to Mendix Cloud, SAP BTP, and Mendix on Kubernetes these setting
| Name | Description | Default Value |
| --- | --- | --- |
-| com.mendix.core.StorageService | Has to be set to `com.mendix.storage.azure` to select Azure as the storage service. | |
-| com.mendix.storage.azure.AccountName | Account name to authenticate with the Azure blob storage service. | |
-| com.mendix.storage.azure.AccountKey | Account key to authenticate with the Azure blob storage service. | |
-| com.mendix.storage.azure.SharedAccessSignature | Provides delegated access to resources in your storage account. For more information, see [Shared Access Signature on docs.microsoft.com](https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1). | |
-| com.mendix.storage.azure.BlobEndpoint | Set the blob endpoint. This setting is required when authentication by `SharedAccessSignature` is used. | |
-| com.mendix.storage.azure.Container | Name of the container containing the blob. | |
+| com.mendix.core.StorageService | Has to be set to `com.mendix.storage.azure` to select Azure as the storage service. | |
+| com.mendix.storage.azure.AccountName | Account name to authenticate with the Azure blob storage service. | |
+| com.mendix.storage.azure.AccountKey | Account key to authenticate with the Azure blob storage service. | |
+| com.mendix.storage.azure.SharedAccessSignature | Provides delegated access to resources in your storage account. For more information, see [Shared Access Signature on docs.microsoft.com](https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1). | |
+| com.mendix.storage.azure.BlobEndpoint | Set the blob endpoint. This setting is required when authentication by `SharedAccessSignature` is used. | |
+| com.mendix.storage.azure.Container | Name of the container containing the blob. | |
| com.mendix.storage.azure.CreateContainerIfNotExists | Indicates whether to check if the container exists, and creates it if it does not exist. | `true` |
| com.mendix.storage.azure.ParallelismFactor | Maximum number of parallel multi-part file uploads/downloads. We advise not changing this setting unless you experience slow file transfers for large files. Choosing larger values will lead to higher memory usage. | 5 |
| com.mendix.storage.azure.UseHttps | For enabling or disabling secure connections using HTTPS. Can be `true` or `false`. | `true` |
@@ -243,20 +243,49 @@ The settings below configure metrics through [micrometer](https://micrometer.io/
| Name | Description | Default Value |
| --- | --- | --- |
| com.mendix.metrics.Type | Enable access to Micrometer metrics through Java APIs | micrometer |
-| Metrics.Registries | Registries to send metrics to | |
-| Metrics.ApplicationTags | Common tags used for every meter | |
+| Metrics.Registries | Registries to send metrics to | |
+| Metrics.ApplicationTags | Common tags used for every meter | |
## Proxy Settings
-The settings below allow you to use a proxy.
+### Http(s) Connections
-{{% alert color="warning" %}}
-These settings have to be set as JVM properties, not as custom Runtime settings.
+The settings below configure the app to use a proxy for all connections, whether they are using the HTTP or HTTPS protocol. They are used in the following circumstances:
+
+ 1. In the integration microflow activities [call web service](/refguide9/call-web-service-action/), [call REST service](/refguide9/call-rest-action/), and call external action.
+ 2. In the external object microflow activities [send external object](/refguide9/send-external-object/) and [delete external object](/refguide9/delete-external-object/).
+ 3. When retrieving an external entity data using a [consumed OData service](/refguide9/consumed-odata-service/).
+ 4. When calling the Mendix runtime API [Core.Http().executeHttpRequest](https://apidocs.rnd.mendix.com/9/runtime/com/mendix/http/Http.html) and [HttpConfiguration.getInstance().getProxyConfiguration()](https://apidocs.rnd.mendix.com/9/runtime/com/mendix/http/IHttpConfiguration.html).
+
+These settings can be set either as JVM properties or as custom Runtime settings. When both the JVM property and custom runtime setting are set, the app uses the custom runtime setting.
+
+| Name | Description | Default Value |
+| --- | --- | --- |
+| http.proxyHost | Defines the hostname of the HTTP proxy server. | |
+| http.proxyPort | Defines the port number of the HTTP proxy server. | |
+| http.proxyUser | Defines the user of the HTTP proxy server. | |
+| http.proxyPassword | Defines the password of the HTTP proxy server. | |
+
+{{% alert color="info" %}}
+The `http.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}
+
+### License Server
+
+The settings below configure the app to use a proxy to reach the Mendix license server.
+
+{{% alert color="info" %}}
+These settings have to be set as JVM properties, not as custom runtime settings.
{{% /alert %}}
| Name | Description | Default Value |
| --- | --- | --- |
-| http.proxyHost | Defines the hostname of the HTTP proxy server. | |
-| http.proxyPort | Defines the port number of the HTTP proxy server. | |
-| https.proxyHost | Defines the hostname of the HTTPS proxy server. | |
-| https.proxyPort | Defines the port number of the HTTPS proxy server. | |
+| https.proxyHost | Defines the hostname of the HTTPS proxy server. | |
+| https.proxyPort | Defines the port number of the HTTPS proxy server. | |
+| https.proxyUser | Defines the user of the HTTPS proxy server. | |
+| https.proxyPassword | Defines the password of the HTTPS proxy server. | |
+| https.nonProxyHosts | Defines a list of hosts that should be reached directly, bypassing the proxy. This is a list of patterns separated by '|'. The patterns may start or end with a '*' for wildcards. | |
+
+{{% alert color="info" %}}
+The `https.` part of the names of these settings does not imply anything about whether the `HTTP` or `HTTPS` protocol is used - it is just the name of the setting.
+{{% /alert %}}