Configuring External Communications for Citeck

Basic Principles

All communications are configured via Spring configuration, which can be set either through ENV variables or through configuration files.

Configuration files can be in either yaml or properties format. Rules for mapping between ENV variables and properties in configuration files:

  1. Split the key by "." (i.e. aa.customProp.cc => ['aa', 'customProp', 'cc'])

  2. Split each key part by words if camelCase is found (['aa', 'customProp', 'cc'] => ['aa', 'custom', 'Prop', 'cc']) — note: this step is optional and applies only to the Citeck platform. Standard Spring does not have it.

  3. Convert all parts to UPPER CASE and join them with "_" (['aa', 'custom', 'Prop', 'cc'] => AA_CUSTOM_PROP_CC)

ENV variables have the highest priority.

For more details about Spring configuration, refer to the official Spring Boot documentation

JWT Token

All microservices use a JWT token when communicating with each other for signing requests and validating incoming requests. The token is set by the property

ecos.webapp.web.authenticators.jwt.secret

and must contain an arbitrary base64 key that must match across all microservices.

RabbitMQ Connection

Each microservice in the Citeck platform requires a primary connection to RabbitMQ, and all microservices must be connected to the same virtual host in the same RabbitMQ instance.

The standard spring.rabbitmq.* settings are disabled in Citeck; instead, use the ecos.webapp.dataSources.main-rabbitmq.* settings.

Attention

There can be more than one RabbitMQ connection; in that case, the settings remain the same, but a different key is used instead of main-rabbitmq. More details about additional connections can be found in the sections below.

Setting

Default value

Description

ecos.webapp.dataSources.main-rabbitmq.host

rabbitmq

Host for RabbitMQ connection

ecos.webapp.dataSources.main-rabbitmq.username

admin

Username for RabbitMQ connection

ecos.webapp.dataSources.main-rabbitmq.password

admin

Password for RabbitMQ connection

ecos.webapp.dataSources.main-rabbitmq.virtualHost

/

Virtual host for RabbitMQ connection

ecos.webapp.dataSources.main-rabbitmq.executor

rabbitmq
The task executor that serves the RabbitMQ connection.
This setting defines the thread pool that will be used for processing messages.

ecos.webapp.dataSources.main-rabbitmq.port
5671 if TLS is enabled
5672 if TLS is disabled

Port for RabbitMQ connection

ecos.webapp.dataSources.main-rabbitmq.tls.enabled

false

Whether encryption is enabled

ecos.webapp.dataSources.main-rabbitmq.tls.clientKey

null

The secret key that will be used by the microservice for authentication.

ecos.webapp.dataSources.main-rabbitmq.tls.trustedCerts

null

List of trusted CA certificates

ecos.webapp.dataSources.main-rabbitmq.tls.protocol

TLSv1.2

TLS protocol

ecos.webapp.dataSources.main-rabbitmq.tls.verifyHostname

true

Whether to verify the server hostname against the value in the certificate it provides.

ecos-process Microservice Specifics

An additional RabbitMQ connection with the key bpmn-rabbitmq has been added in ecos-process. The settings are the same as for main-rabbitmq, with the following default values:

Setting

Default value

ecos.webapp.dataSources.bpmn-rabbitmq.host

${ecos.webapp.dataSources.main-rabbitmq.host}

ecos.webapp.dataSources.bpmn-rabbitmq.username

${ecos.webapp.dataSources.main-rabbitmq.username}

ecos.webapp.dataSources.bpmn-rabbitmq.password

${ecos.webapp.dataSources.main-rabbitmq.password}

ecos.webapp.dataSources.bpmn-rabbitmq.executor

bpmn-rabbitmq

Zookeeper Connection

Each microservice in the Citeck platform requires a connection to a shared Zookeeper instance.

Setting

Default value

Description

ecos.webapp.zookeeper.host

zookeeper-app

Host for Zookeeper connection

ecos.webapp.zookeeper.port

2181

Port for Zookeeper connection

Database Connection (JDBC)

Note

The standard Spring settings spring.datasource.* are not used in Citeck.

A number of microservices require two primary connections to a PostgreSQL database:

  • ecos-model

  • ecos-apps

  • ecos-uiserv

  • ecos-history

  • ecos-notifications

  • ecos-integrations

Primary connections are configured through the following settings:

ecos.webapp.dataSources.main.*
ecos.webapp.dataSources.main-xa-aware.*

The table describes the settings for the main datasource. For main-xa-aware, the url, username, and password must be the same, while other settings can be arbitrary, but by default it is recommended to make them the same as main.

Setting

Default value

Description

ecos.webapp.dataSources.main.url

JDBC URL for database connection

ecos.webapp.dataSources.main.username

Username for connection

ecos.webapp.dataSources.main.password

Password for connection

ecos.webapp.dataSources.main.maxPoolSize

30

Maximum connection pool size

ecos.webapp.dataSources.main.minIdle

5
Sets the minimum number of idle connections in the pool.
The pool tries to maintain minIdle connections when the idle object eviction mechanism is running.
This property has no effect if timeBetweenEvictionRunsMillis does not have a positive value.

ecos.webapp.dataSources.main.numTestsPerEvictionRun

-5
Sets the maximum number of objects that will be examined
during each run (if any) of the idle object eviction thread.
If the value is positive, the number of objects examined per
run will be the minimum of the specified value and the number of idle
objects in the pool.
If the value is negative, the number of objects examined will be
ceil(idle_connections_count / |{numTestsPerEvictionRun}|),
meaning that if the value is -N, approximately 1/N of
idle objects will be examined per run.

ecos.webapp.dataSources.main.softMinEvictableIdleMillis

30000
Sets the minimum time a connection may remain
idle in the pool before it becomes a candidate for eviction by the cleanup thread
of idle objects, provided that at least “minIdle” connections remain in the pool.

ecos.webapp.dataSources.main.timeBetweenEvictionRunsMillis

60000
The number of milliseconds the idle object eviction thread will wait between runs.
If the value is less than or equal to zero, this thread will not run.

ecos.webapp.dataSources.main.maxWaitMillis

30000

Maximum wait time when obtaining a database connection.

ecos-process Specifics

In ecos-process, the main datasource is absent, but there are two others — eproc and camunda. They are configured the same way as main, but with the prefixes ecos.webapp.dataSources.eproc.* and ecos.webapp.dataSources.camunda.* respectively.

The table below shows the default values that differ from the main ones:

Setting

Default value

ecos.webapp.dataSources.camunda.url

jdbc:postgresql://localhost:14523/ecos_camunda

ecos.webapp.dataSources.camunda.username

camunda

ecos.webapp.dataSources.camunda.password

camundapassword

ecos.webapp.dataSources.eproc.url

jdbc:postgresql://localhost:14523/ecos_process

ecos.webapp.dataSources.eproc.username

process

ecos.webapp.dataSources.eproc.password

processpassword

Database Connection (MongoDB)

The ecos-process microservice requires configuration for connecting to a MongoDB database:

Setting

Default value

Description

spring.data.mongodb.uri

mongodb://localhost:27017/eproc
MongoDB connection string. May contain a username and password. General format:
mongodb://{user}:{password}@{host}:{port}/{dbname}

Cloud Config

Starting from version 2024.8, ecos-registry became optional as the service registry was redesigned to use Zookeeper.

The only functionality remaining in ecos-registry is cloud config, which can be disabled via the SPRING_CONFIG_IMPORT variable and the configuration can be delivered by infrastructure means.

More details on breaking changes in release 2024.8