Docker Configuration Options
dotCMS Docker Image#
Running dotCMS in a container is the recommended practice; below are some key environment variables. See Current Releases to obtain an orchestrator file. See the note for more on the "DOT" notation.
TL;DR Configuration Example#
environment: "JAVA_OPTS_MEMORY": '-Xmx4g' "DB_BASE_URL": "jdbc:postgresql://db.dotcms.site/dotcms" "DB_USERNAME": 'dotcmsdbuser' "DB_PASSWORD": 'password' "DOT_ES_ENDPOINTS": 'https://es.dotcms.site:9200' "DOT_ES_AUTH_BASIC_USER": 'esadmin' "DOT_ES_AUTH_BASIC_PASSWORD": 'espassword' volumes: - /volumes/dotcms-share:/data/shared
Docker Configuration#
Database#
The following options should be set for every dotCMS installation.
| Varible | Default Value | Description |
|---|---|---|
| DB_BASE_URL | jdbc:postgresql://db.dotcms.site/dotcms | JDBC-compliant URL to connect to the database. |
| DB_USERNAME | dotcmsdbuser | Username used to connect to the database server.
|
| DB_PASSWORD | password | Password used to connect to the database server.
|
| DB_DRIVER | org.postgresql.Driver | The type of database used. Possible values are:
|
| DB_MAX_WAIT | 180000 | Maximum lifetime (ms) of a connection in the pool. |
| DB_MAX_TOTAL | 200 | Maximum number of database connections permitted to the DB server. |
| DB_MIN_IDLE | 10 | Maximum amount of time (in seconds) that a connection is allowed to sit idle in the pool. |
| DB_VALIDATION_QUERY | _empty_ | SQL query to be executed to test the validity of connections. |
| DB_LEAK_DETECTION_THRESHOLD | 300000 | Amount of time that a connection can be out of the pool before a message is logged indicating a possible connection leak. |
| DB_DEFAULT_TRANSACTION_ISOLATION | _empty_ | Default transaction isolation level. |
OpenSearch (formerly ElasticSearch)#
| Varible | Default Value | Description |
|---|---|---|
| DOT_ES_ENDPOINTS | https://es.dotcms.site:9200 | A comma separated list of elasticsearch endpoints/servers that dotCMS will connect to. dotCMS will load balance between the endpoints in this list. |
| DOT_ES_AUTH_TYPE | BASIC | Either BASIC or JWT. Setting this to BASIC means you need to provide a username ES_AUTH_BASIC_USER and password ES_AUTH_BASIC_PASSWORD. Setting this to JWT means you need to provide a valid token ES_AUTH_JWT_TOKEN to authenticate. |
| DOT_ES_AUTH_BASIC_USER | admin | The username to use for BASIC auth of your elasticsearch servers |
| DOT_ES_AUTH_BASIC_PASSWORD | admin | The password to use for BASIC auth of your elasticsearch servers |
| DOT_ES_AUTH_JWT_TOKEN | _empty_ | Token to use for JWT auth of your elasticsearch servers |
Here's the documentation reformatted as tables, organized by section.
Mail#
dotCMS expects a global mail provider configured as mail/MailSession.
SMTPS#
| Variable | Example Value | Description |
|---|---|---|
DOT_MAIL_TRANSPORT_PROTOCOL | smtps | Sets the mail transport protocol. Translated internally to mail.transport.protocol. |
DOT_MAIL_SMTPS_HOST | email-smtp.us-east-1.amazonaws.com | The SMTPS server hostname. |
DOT_MAIL_SMTPS_USER | abc123 | The username for SMTPS authentication. |
DOT_MAIL_SMTPS_PASSWORD | 123abc | The password for SMTPS authentication. |
DOT_MAIL_SMTPS_AUTH | true | Enables authentication for the SMTPS connection. |
DOT_MAIL_SMTPS_PORT | 465 | The port used for the SMTPS connection. |
SMTP+TLS#
| Variable | Example Value | Description |
|---|---|---|
DOT_MAIL_TRANSPORT_PROTOCOL | smtp | Sets the mail transport protocol. Translated internally to mail.transport.protocol. |
DOT_MAIL_SMTP_HOST | email-smtp.us-east-1.amazonaws.com | The SMTP server hostname. |
DOT_MAIL_SMTP_USER | abc123 | The username for SMTP authentication. |
DOT_MAIL_SMTP_PASSWORD | 123abc | The password for SMTP authentication. |
DOT_MAIL_SMTP_AUTH | true | Enables authentication for the SMTP connection. |
DOT_MAIL_SMTP_PORT | 587 | The port used for the SMTP connection. |
DOT_MAIL_SMTP_STARTTLS_ENABLE | true | Enables STARTTLS to upgrade the connection to TLS after the initial handshake. |
SMTP Servers With Untrusted SSL Certificates#
| Variable | Example Value | Description |
|---|---|---|
DOT_MAIL_SMTP_SSL_TRUST | smtp.example.com | Trusts the SSL certificate of the specified SMTP host, bypassing certificate validation. Use when the server's certificate is self-signed or otherwise untrusted. |
DOT_MAIL_SMTPS_SSL_TRUST | smtp.example.com | Same as above, for SMTPS connections. |
Java/JVM#
| Varible | Default Value | Description |
|---|---|---|
| JAVA_OPTS_BASE | see file | These are the base java options passed to the jvm when started. The default should suffice for most installations. |
| JAVA_OPTS_AGENT | see file | This is the java agent used attached to the JVM. The default should suffice for most installations. |
| JAVA_OPTS_MEMORY | -Xmx1G | Java heap size used for Tomcat JVM. The default is intended for demonstration purposes only. For production environments, use -Xmx4G or greater. |
| CMS_JAVA_OPTS | empty | Arguements added here are added last in the jvm arguments and will override anything set before it. |
Tomcat#
| Varible | Default Value | Description |
|---|---|---|
| CMS_CONNECTOR_THREADS | 600 | Maximum number of connector threads to be shared across all Tomcat connectors. |
| CMS_COMPRESSION | on | Enables/Disables GZIP compression in tomcat |
| CMS_COMPRESSIBLEMIMETYPE | see file | Enables/Disables GZIP compression for specific content types. The default should suffice for most installations. |
| CMS_ACCESSLOG_PATTERN | see file | The access log pattern used by tomcat. The default should suffice for most installations. |
| CMS_REMOTEIP_REMOTEIPHEADER | x-forwarded-for | The header tomcat should use when resolving a remote server ip address. |
| CMS_REMOTEIP_INTERNALPROXIES | see file | The list of trusted proxies. If the remote ip address does not match these, the CMS_REMOTEIP_REMOTEIPHEADER will not be used. The default should suffice for most installations. |
Simple Debugging#
To debug dotCMS running in a docker container, you will need to remote attach your debugger to the java process running in the container. To do this, you will need to add the following to the CMS_JAVA_OPTS property.
"CMS_JAVA_OPTS": ' -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:8000'
and then make sure that port 8000 is mapped and externally available, e.g.:
ports: - “8000:8000”
You should then be able to attach to the debugger remotely.
Mounting Shared Folder#
The dotCMS docker image only requires a single volume to persist data across restarts and a cluster. This is the /data/shared folder in the dotCMS docker image.
| Path Description | Example | Notes |
|---|---|---|
| Shared folder (includes /assets /felix) | [localpath]/data/shared:/data/shared | this folder should be shared across all nodes in a cluster and in multi-node installation is generally provided by NFS. |
Other Important Paths in dotCMS docker image#
Below are a list of other important paths in the dotCMS docker image.
| Path Description | Example | Notes |
|---|---|---|
| Disk cache | /data/local | generally not mounted |
| Tomcat root directory | /srv/dotserver/tomcat-9.0.41 | |
| dotCMS webapp directory | /srv/dotserver/tomcat-9.0.41/webapps/ROOT | |
| Log files | /srv/dotserver/tomcat-9.0.41/logs | |
starter.zip file | /srv/dotserver/tomcat-9.0.41/webapps/ROOT/starter.zip | To mount a custom starter.zip file to be loaded at initial startup. You can also specify a starter.zip via URL. See below for more information. |
dotCMS expects there to be a global mail provider configured as mail/MailSession. You can configure this by setting environment variables.
Using a Custom starter.zip#
On first time startup, dotCMS will bootstrap the installation using the starter.zip file found here /srv/dotserver/tomcat-9.0.41/webapps/ROOT/starter.zip. By default dotCMS uses our bare bones "empty starter". You can override this starter.zip by either mounting in a custom starter.zip file to /srv/dotserver/tomcat-9.0.41/webapps/ROOT/starter.zip or by specifing a CUSTOM_STARTER_URL environmental variable. If this variable is set, dotCMS will download this starter file and use it to bootstrap the intital install.
"CUSTOM_STARTER_URL": 'https://repo.dotcms.com/artifactory/libs-release-local/com/dotcms/starter/20230712/starter-20230712.zip'
dotCMS Configuration DOT notation#
dotCMS allows you to override any config option by setting environmental variables for your docker container.
To set a dotCMS configuration property using an environment variable, you need to first convert it to use the DOT notation, or the format dotCMS uses for ENV variables. Assume you want to update the dotCMS config property cache.default.chain:
- Start with the configuration property name that you want to override.
- Example:
cache.default.chain
- Example:
- Then convert the name to all uppercase.
- Example:
CACHE.DEFAULT.CHAIN
- Example:
- Then replace any periods (dots) in the property name with underscores.
- Example:
CACHE_DEFAULT_CHAIN
- Example:
- Finally add DOT_ to the beginning of the name.
- Example:
DOT_CACHE_DEFAULT_CHAIN
- Example:
You can then pass this new variable into the dotCMS docker image and it will override what is in the .properties files, e.g.: docker run -e "DOT_CACHE_DEFAULT_CHAIN=com.dotmarketing.business.cache.provider.timedcache.TimedCacheProvider"
See this documentation for more information regarding the proper format for overridding the dotcms config variables.