Configuring ThingWorx Docker
To get up and running quickly with ThingWorx Docker, use the default settings for your content provider. You can also configure the Docker Compose file to customize the settings for your site. This section describes how to configure the Docker Compose files for each content provider.
Configuring HTTP Secure (HTTPS) and HTTP
By default, HTTP is enabled and HTTPS is disabled in the provided ThingWorx images. This is useful for testing and development, but not for use in production. PTC strongly recommends enabling HTTPS if you intend to utilize it in a production scenario to appropriately secure your ThingWorx Platform.
 |
You must provide a keystore to start the container if HTTPS is enabled. Otherwise, the container exits.
|
To configure HTTPS for the Docker images:
1. Copy the keystore file containing your HTTPS certificates to the Docker-mounted ThingworxPlatform folder. The volume mounts are relative to docker-compose files. This is the location where the logs and configuration files are stored to enable persistence in the containers.
By default, the keystore must be named keystore.jks. You can override this with the SSL_KEYSTORE_FILENAME environment variables described later.
For the example Docker Compose files, copy the file here:
./thingworx-storage/shared/ThingworxPlatform
2. Make sure the Docker Compose file has an environment variable SSL_KEYSTORE_PASSWORD set to the encryption password of your keystore and HTTPS_ENABLED is set to true.
3. Make sure port 8443:8443 is in the ports section of your Docker Compose file.
To enable HTTP:
1. In the Docker Compose file, make sure an environment variable HTTP_ENABLED is set to true or false, depending on your requirements.
The default is true.
2. Make sure port 8080:8080 is in the ports section of your Docker Compose file.
|
|
Where PASSWORD appears in the files, you must replace it with the password for ThingWorx or for the database.
|
H2
The following example is a Docker Compose file for H2 with some basic settings:
version: '2.2'
services:
platform:
image: thingworx/platform-h2:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
volumes:
- "./thingworx-h2-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-h2-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-h2-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-h2-storage/tomcat-logs:/opt/apache-tomcat/logs"
services:
platform:
image: thingworx/platform-h2:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
volumes:
- "./thingworx-h2-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-h2-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-h2-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-h2-storage/tomcat-logs:/opt/apache-tomcat/logs"
|
|
The initial memory is set to 2 GB, and the maximum memory is set to 4 GB.
|
You can add the following options to the environment section of the file to control the configuration of this instance:
|
Variable Names
|
Values
|
Defaults
|
Comments
|
|---|---|---|---|
|
INITIAL_HEAP
|
Number
|
2
|
Sets the initial memory size for the instance in GB.
|
|
MAX_HEAP
|
Number
|
4
|
Sets the maximum memory size for the instance in GB
|
|
ENABLE_HTTP
|
true/false
|
true
|
Enables the HTTP connector on Tomcat for unsecured traffic to the container.
|
|
ENABLE_HTTPS
|
true/false
|
false
|
Enables the HTTPS connector on Tomcat for secured traffic to the container. You must also provide a keystore and SSL_KEYSTORE_PASSWORD must be set.
|
|
SSL_KEYSTORE_PASSWORD
|
String
|
PASSWORD
|
Sets the password to the keystore used for SSL communication in Tomcat.
|
|
SSL_KEYSTORE_BASE_PATH
|
String
|
/ThingworxPlatform
|
Sets the path to the Tomcat SSL keystore. If you store the keystore in a location in the container other than the default folder, you must set this variable.
|
|
SSL_KEYSTORE_FILENAME
|
String
|
keystore.jks
|
Sets the file name for the Tomcat SSL keystore. If your keystore has a file name other than the default, you must set this variable.
|
|
TOMCAT_SSL_PROTOCOLS
|
String
|
TLSv1.2
|
Specifies the Tomcat SSL protocol. Set this if you want to override the accepted SSL protocols in Tomcat.
|
|
SERVER_HTTP_PORT
|
String
|
8080
|
Specifies the port that Tomcat monitors for HTTP communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
SERVER_HTTPS_PORT
|
String
|
8443
|
Specifies the port that Tomcat monitors for HTTPS communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
DOCKER_DEBUG
|
true/false
|
false
|
Toggles the option for recording debugging information when the container starts up. Note that this might contain sensitive information.
|
|
LS_USERNAME
|
String
|
""
|
Specifies your PTC login user name to get your ThingWorx License.
|
|
LS_PASSWORD
|
String
|
""
|
Specifies your PTC login password to get your ThingWorx License.
|
|
ENABLE_BACKUP
|
true/false
|
false
|
Toggles the option for backups.
|
|
ENABLE_LOGGING
|
true/false
|
true
|
Toggles the option for logging.
|
|
ENCRYPT_CREDENTIALS
|
true/false
|
false
|
Toggles the option to encrypt passwords for databases and licensing in the platform-settings.json file.
|
|
THINGWORX_INITIAL_PASSWORD
|
String
|
""
|
Sets the initial password for the Administrator user in ThingWorx. This variable must be manually set before starting the ThingWorx Platform. This password may be changed after ThingWorx starts up successfully.
|
|
EXTPKG_IMPORT_POLICY_ENABLED
|
true/false
|
false
|
Controls global enable/disable of Extension Package import through the Extension Package Uploader.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JARRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Jar (Java) resources. If false and the Extension contains jar files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Javascript resources. If false and the Extension contains javascript files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_CSSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain CSS resources. If false and the Extension contains css files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSONRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain JSON resources. If false and the Extension contains json files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_WEBAPPRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain WebApps resources. If false and the Extension contains WebApp resource files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_ENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain non-extensible entity definitions. If false and the Extension contains non-extensible entity definitions, other than the Extension Package entity, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_EXTENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain extensible entity definitions. If false and the Extension contains extensible entity definitions, other than the Extension Package entity, the import will fail.
|
You can also change the volume path to a location specific to your site. The volume path uses the following syntax:
"./path_to_local_mount:/path_to_container_mount"
For example:
"/opt/ThingworxPlatform:/ThingworxPlatform"
|
|
When updating the volume path, change only the local mount as the mount points of the internal container never change.
|
Microsoft SQL Server
The following example is a Docker Compose file for Microsoft SQL Server with some basic settings:
version: '2.2'
services:
mssql:
image: thingworx/mssql-db:latest
ports:
- "1433"
healthcheck:
test: /opt/mssql-tools/bin/sqlcmd -U SA -P "$${SA_PASSWORD}" -h -1
-Q "set nocount on; select serverproperty('ServerName')" | grep -w "$${HOSTNAME}"
interval: 15s
platform:
image: thingworx/platform-mssql:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
depends_on:
mssql:
condition: service_healthy
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=mssql"
- "DATABASE_PORT=1433"
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
# NOTE: TWX_DATABASE_PASSWORD for MSSQL platform must be set to match your
# environment, or the MSSQL_DB_TWX_DATABASE_PASSWORD that you set for the
# Test MSSQL DB.
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
volumes:
- "./thingworx-mssql-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-mssql-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-mssql-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-mssql-storage/tomcat-logs:/opt/apache-tomcat/logs"
services:
mssql:
image: thingworx/mssql-db:latest
ports:
- "1433"
healthcheck:
test: /opt/mssql-tools/bin/sqlcmd -U SA -P "$${SA_PASSWORD}" -h -1
-Q "set nocount on; select serverproperty('ServerName')" | grep -w "$${HOSTNAME}"
interval: 15s
platform:
image: thingworx/platform-mssql:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
depends_on:
mssql:
condition: service_healthy
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=mssql"
- "DATABASE_PORT=1433"
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
# NOTE: TWX_DATABASE_PASSWORD for MSSQL platform must be set to match your
# environment, or the MSSQL_DB_TWX_DATABASE_PASSWORD that you set for the
# Test MSSQL DB.
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
volumes:
- "./thingworx-mssql-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-mssql-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-mssql-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-mssql-storage/tomcat-logs:/opt/apache-tomcat/logs"
|
|
The initial memory is set to 2 GB and the maximum memory is set to 4 GB. The volume mounts are relative to docker-compose files. This is the location where the logs and configuration files are stored to enable persistence in the containers.
|
You can add the following options to the environment section of the file to control the configuration of this instance:
|
Variable Names
|
Values
|
Defaults
|
Comments
|
|---|---|---|---|
|
INITIAL_HEAP
|
Number
|
2
|
Sets the initial memory size for the instance in GB.
|
|
MAX_HEAP
|
Number
|
4
|
Sets the maximum memory size for the instance in GB.
|
|
DATABASE_HOST
|
String
|
mssql
|
Specifies the hostname, service name, or IP address of the SQL Server database host.
|
|
DATABASE_PORT
|
Number
|
1433
|
Specifies the port number for the SQL Server database.
|
|
DATABASE_ADMIN_USERNAME
|
String
|
SA
|
Specifies the administrator user name for the SQL Server database.
|
|
DATABASE_ADMIN_PASSWORD
|
String
|
PASSWORD
|
Specifies the administrator password for the SQL Server database.
|
|
ENABLE_HTTP
|
true/false
|
true
|
Enables the HTTP connector on Tomcat for unsecured traffic to the container
|
|
ENABLE_HTTPS
|
true/false
|
false
|
Enables the HTTPS connector on Tomcat for secured traffic to the container. You must also provide a keystore and set SSL_KEYSTORE_PASSWORD.
|
|
SSL_KEYSTORE_PASSWORD
|
String
|
PASSWORD
|
Specifies the password to keystore used for SSL communication in Tomcat.
|
|
SSL_KEYSTORE_BASE_PATH
|
String
|
/ThingworxPlatform
|
Specifies the path to the Tomcat SSL keystore. If you store the keystore in a location in the container other than the default folder, you must set this variable.
|
|
SSL_KEYSTORE_FILENAME
|
String
|
keystore.jks
|
Specifies the file name for the Tomcat SSL keystore. If your keystore has a file name other than the default, you must set this variable.
|
|
TOMCAT_SSL_PROTOCOLS
|
String
|
TLSv1.2
|
Specifies the Tomcat SSL protocol. Set this if you want to override the accepted SSL protocols in Tomcat.
|
|
SERVER_HTTP_PORT
|
String
|
8080
|
Specifies the port that Tomcat monitors for HTTP communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
SERVER_HTTPS_PORT
|
String
|
8443
|
Specifies the port that Tomcat monitors for HTTPS communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
DOCKER_DEBUG
|
true/false
|
false
|
Toggles the option for recording debugging information when the container starts up. Note that this might contain sensitive information.
|
|
TWX_DATABASE_USERNAME
|
String
|
""
|
Specifies the ThingWorx user that will be created for the database. This variable must be manually set before starting the ThingWorx Platform.
|
|
TWX_DATABASE_PASSWORD
|
String
|
""
|
Specifies the password for the ThingWorx user for the database. This variable must be manually set before starting the ThingWorx Platform.
|
|
TWX_DATABASE_SCHEMA
|
String
|
""
|
Specifies the schema name for the ThingWorx instance. This variable must be manually set before starting the ThingWorx Platform.
|
|
LS_USERNAME
|
String
|
""
|
Specifies the PTC login user name to get your ThingWorx License.
|
|
LS_PASSWORD
|
String
|
""
|
Specifies your PTC login password to get your ThingWorx License.
|
|
ENABLE_BACKUP
|
true/false
|
false
|
Toggles the option for backups.
|
|
ENABLE_LOGGING
|
true/false
|
true
|
Toggles the option for logging.
|
|
ENCRYPT_CREDENTIALS
|
true/false
|
false
|
Toggles the option to encrypt passwords for databases and licensing in the platform-settings.json file.
|
|
THINGWORX_INITIAL_PASSWORD
|
String
|
""
|
Sets the initial password for the Administrator user in ThingWorx. This variable must be manually set before starting the ThingWorx Platform. This password may be changed after ThingWorx starts up successfully.
|
|
EXTPKG_IMPORT_POLICY_ENABLED
|
true/false
|
false
|
Controls global enable/disable of Extension Package import through the Extension Package Uploader.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JARRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Jar (Java) resources. If false and the Extension contains jar files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Javascript resources. If false and the Extension contains javascript files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_CSSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain CSS resources. If false and the Extension contains css files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSONRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain JSON resources. If false and the Extension contains json files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_WEBAPPRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain WebApps resources. If false and the Extension contains WebApp resource files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_ENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain non-extensible entity definitions. If false and the Extension contains non-extensible entity definitions, other than the Extension Package entity, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_EXTENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain extensible entity definitions. If false and the Extension contains extensible entity definitions, other than the Extension Package entity, the import will fail.
|
You can also change the volume path to a location specific to your site. The volume path uses the following syntax:
"./path_to_local_mount:/path_to_container_mount"
For example:
"/opt/ThingworxPlatform:/ThingworxPlatform"
|
|
When updating the volume path, change only the local mount as the mount points of the internal container never change.
|
The MS SQL Server Docker image is provided for ease of testing. Do not use the MS SQL Server Docker image provided for production use. As a best practice, set up your own MS SQL Server environment for production.
To connect to a Microsoft SQL Server database that exists outside of the Docker, remove the mssql service from the Compose file and add the following variables to the platform environment variables:
• DATABASE_ADMIN_USERNAME
• DATABASE_ADMIN_PASSWORD
These are the administrator accounts on your Microsoft SQL Server database authorized to create a user, database, or schema that the ThingWorx container loads on the first startup. See Using an External Microsoft SQL Server Database for ThingWorx
Docker for an example Compose file with the platform setup to use an external Microsoft SQL Server database.
If you are using an external database, you can manually install the ThingWorx schema and not provide administrator credentials for the ThingWorx Docker container. To do this, set the DATABASE_HOST, DATABASE_PORT, TWX_DATABASE_USERNAME, TWX_DATABASE_PASSWORD, and TWX_DATABASE_SCHEMA variables appropriately.
PostgreSQL
The following example is a Docker Compose file for PostgreSQL with some basic settings:
version: '2.2'
services:
postgresql:
image: thingworx/postgres-db:latest
ports:
- "5432"
healthcheck:
test: pg_isready -U postgres
interval: 15s
environment:
- "TWX_DATABASE_USERNAME=thingworx"
- "TWX_DATABASE_SCHEMA=thingworx"
# NOTE: You must set the password for the pre-created ThingWorx Schema in
# this test database manually.
- "TWX_DATABASE_PASSWORD="
volumes:
- "./thingworx-postgres-storage/ThingworxPostgresqlStorage:/ThingworxPostgresqlStorage"
- "./thingworx-postgres-storage/postgres-data:/var/lib/postgresql/data"
platform:
image: thingworx/platform-postgres:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
depends_on:
postgresql:
condition: service_healthy
ports:
- "8080:8080"
- "8443:8443"
environment:
- "ENABLE_CLUSTERED_MODE=false"
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=postgresql"
- "DATABASE_PORT=5432"
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
# NOTE: TWX_DATABASE_PASSWORD must be set for your environment, or to match
# TWX_DATABASE_PASSWORD in the postgresql service above.
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
volumes:
- "./thingworx-postgres-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-postgres-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-postgres-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-postgres-storage/tomcat-logs:/opt/apache-tomcat/logs"
services:
postgresql:
image: thingworx/postgres-db:latest
ports:
- "5432"
healthcheck:
test: pg_isready -U postgres
interval: 15s
environment:
- "TWX_DATABASE_USERNAME=thingworx"
- "TWX_DATABASE_SCHEMA=thingworx"
# NOTE: You must set the password for the pre-created ThingWorx Schema in
# this test database manually.
- "TWX_DATABASE_PASSWORD="
volumes:
- "./thingworx-postgres-storage/ThingworxPostgresqlStorage:/ThingworxPostgresqlStorage"
- "./thingworx-postgres-storage/postgres-data:/var/lib/postgresql/data"
platform:
image: thingworx/platform-postgres:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds'
localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
depends_on:
postgresql:
condition: service_healthy
ports:
- "8080:8080"
- "8443:8443"
environment:
- "ENABLE_CLUSTERED_MODE=false"
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=postgresql"
- "DATABASE_PORT=5432"
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
# NOTE: TWX_DATABASE_PASSWORD must be set for your environment, or to match
# TWX_DATABASE_PASSWORD in the postgresql service above.
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
- "ENABLE_HTTP=true"
- "ENABLE_HTTPS=false"
# NOTE: If supplying a keystore for SSL, you must set your keystore password
#- "SSL_KEYSTORE_PASSWORD="
volumes:
- "./thingworx-postgres-storage/ThingworxPlatform:/ThingworxPlatform"
- "./thingworx-postgres-storage/ThingworxStorage:/ThingworxStorage"
- "./thingworx-postgres-storage/ThingworxBackupStorage:/ThingworxBackupStorage"
- "./thingworx-postgres-storage/tomcat-logs:/opt/apache-tomcat/logs"
|
|
The initial memory is set to 2 GB and the maximum memory is set to 4 GB. The volume mounts are relative to docker-compose files. This is the location where the logs and configuration files are stored to enable persistence in the containers.
|
You can add the following options to the environment section of the file to control the configuration of this instance:
|
Variable Names
|
Values
|
Defaults
|
Comments
|
|---|---|---|---|
|
INITIAL_HEAP
|
Number
|
2
|
Sets the initial memory size for the instance in GB.
|
|
MAX_HEAP
|
Number
|
4
|
Sets the maximum memory size for the instance in GB.
|
|
DATABASE_HOST
|
String
|
postgressql
|
Specifies the hostname, service name, or IP address of the PostgreSQL database host.
|
|
DATABASE_PORT
|
Number
|
5432
|
Specifies the port number for the PostgreSQL database.
|
|
DATABASE_ADMIN_USERNAME
|
String
|
postgres
|
Specifies the administrator user name for the PostgreSQL database.
|
|
DATABASE_ADMIN_PASSWORD
|
String
|
PASSWORD
|
Specifies the administrator password for the PostgreSQL database.
|
|
ENABLE_HTTP
|
true/false
|
true
|
Enables the HTTP connector on Tomcat for unsecured traffic to the container.
|
|
ENABLE_HTTPS
|
true/false
|
false
|
Enables the HTTPS connector on Tomcat for secured traffic to the container. You must also provide a keystore and set SSL_KEYSTORE_PASSWORD
|
|
SSL_KEYSTORE_PASSWORD
|
String
|
PASSWORD
|
Specifies the password to keystore used for SSL communication in Tomcat.
|
|
SSL_KEYSTORE_BASE_PATH
|
String
|
/ThingworxPlatform
|
Specifies the path to the Tomcat SSL keystore. If you store the keystore in a location in the container other than the default folder, you must set this variable.
|
|
SSL_KEYSTORE_FILENAME
|
String
|
keystore.jks
|
Specifies the file name for the Tomcat SSL keystore. If your keystore has a file name other than the default, you must set this variable.
|
|
TOMCAT_SSL_PROTOCOLS
|
String
|
TLSv1.2
|
Specifies the Tomcat SSL protocol. Set this if you want to override the accepted SSL protocols in Tomcat.
|
|
SERVER_HTTP_PORT
|
String
|
8080
|
Specifies the port that Tomcat monitors for HTTP communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
SERVER_HTTPS_PORT
|
String
|
8443
|
Specifies the port that Tomcat monitors for HTTPS communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
DOCKER_DEBUG
|
true/false
|
false
|
Toggles the option for recording debugging information when the container starts up. Note that this might contain sensitive information.
|
|
TWX_DATABASE_USERNAME
|
String
|
""
|
Specifies the ThingWorx user that will be created for the database. This variable must be manually set before starting the ThingWorx Platform. Note that for PostgreSQL, TWX_DATABASE_USERNAME:
• Should match TWX_DATABASE_SCHEMA due to a limitation of the existing implementation
• Should not be postgres
|
|
TWX_DATABASE_PASSWORD
|
String
|
""
|
Specifies the password for the ThingWorx user for the database. This variable must be manually set before starting the ThingWorx Platform.
|
|
TWX_DATABASE_SCHEMA
|
String
|
""
|
Specifies the schema name for the ThingWorx instance. This variable must be manually set before starting the ThingWorx Platform. Note that for PostgreSQL, TWX_DATABASE_USERNAME should match TWX_DATABASE_SCHEMA due to a limitation of the existing implementation.
|
|
TABLESPACE_LOCATION
|
String
|
/ThingworxPostgresqlStorage
|
Specifies the location of the tablespace on the database server.
|
|
IS_RDS
|
yes/no
|
no
|
Toggles the option for connecting to an RDS PostgreSQL database.
|
|
LS_USERNAME
|
String
|
""
|
Specifies the PTC login user name to get your ThingWorx License.
|
|
LS_PASSWORD
|
String
|
""
|
Specifies the PTC login password to get your ThingWorx License.
|
|
ENABLE_BACKUP
|
true/false
|
false
|
Toggles the option for backups.
|
|
ENABLE_LOGGING
|
true/false
|
true
|
Toggles the option for logging.
|
|
ENCRYPT_CREDENTIALS
|
true/false
|
false
|
Toggles the option to encrypt passwords for databases and licensing in the platform-settings.json file.
|
|
THINGWORX_INITIAL_PASSWORD
|
String
|
""
|
Sets the initial password for the Administrator user in ThingWorx. This variable must be manually set before starting the ThingWorx Platform. This password may be changed after ThingWorx starts up successfully.
|
|
EXTPKG_IMPORT_POLICY_ENABLED
|
true/false
|
false
|
Controls global enable/disable of Extension Package import through the Extension Package Uploader.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JARRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Jar (Java) resources. If false and the Extension contains jar files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Javascript resources. If false and the Extension contains javascript files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_CSSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain CSS resources. If false and the Extension contains css files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSONRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain JSON resources. If false and the Extension contains json files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_WEBAPPRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain WebApps resources. If false and the Extension contains WebApp resource files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_ENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain non-extensible entity definitions. If false and the Extension contains non-extensible entity definitions, other than the Extension Package entity, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_EXTENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain extensible entity definitions. If false and the Extension contains extensible entity definitions, other than the Extension Package entity, the import will fail.
|
|
POSTGRES_USER
|
String
|
""
|
Specifies the administrator user name for the PostgreSQL database.
|
|
POSTGRES_PASSWORD
|
String
|
""
|
Specifies the administrator password for the PostgreSQL database.
|
|
POSTGRES_DB
|
String
|
""
|
Specifies the name of the PostgreSQL database.
Additional variables for POSTGRESQL and their details can be found at the Docker Hub.
|
You can also change the volume path to a location specific to your site. The volume path uses the following syntax:
"./path_to_local_mount:/path_to_container_mount"
For example:
"/opt/ThingworxPlatform:/ThingworxPlatform"
|
|
When updating the volume path, change only the local mount as the mount points of the internal container never change.
|
The PostgreSQL Docker image is provided for ease of testing. Do not use the PostgreSQL Docker image provided for production use. As a best practice, set up your own PostgreSQL environment for production.
To connect to a PostgreSQL database contained outside of the Docker, you can remove the postgresql service from the Compose file and add the following variables to the platform environment variables:
• DATABASE_ADMIN_USERNAME
• DATABASE_ADMIN_PASSWORD
These are administrator accounts on your PostgreSQL database authorized to create a user, database, or schema that the ThingWorx container loads on the first startup. See Using an External PostgreSQL Database for ThingWorx Docker for an example Compose file with the platform setup to use an external database.
If you are using an external database, you can manually install the ThingWorx schema as usual and not provide administrator credentials for the ThingWorx Docker container. To do this, set the DATABASE_HOST, DATABASE_PORT, TWX_DATABASE_USERNAME, TWX_DATABASE_PASSWORD, and TWX_DATABASE_SCHEMA variables appropriately.
Azure SQL
|
|
You must have an Azure SQL database configured in Microsoft Azure to use it with ThingWorx Dockerfiles. For information on setting up an AzureSQL database, see Using Azure SQL Server as the Persistence Provider.
|
The following example is a Docker Compose file for Azure SQL with some basic settings:
version: '2.2'
services:
# NOTE: There is no test database for the ThingWorx Azure SQL Persitence Provider
# as you need to create a database resource in Azure to connect to.
platform:
image: thingworx/platform-azuresql:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds' localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=<azuresql url>"
# NOTE: Set DATABASE_ADMIN_USERNAME and DATABASE_ADMIN_PASSWORD if you want
# the docker container to create the user and database tables for ThingWorx
# based on TWX_DATABASE_USERNAME and TWX_DATABASE_PASSWORD.
# Otherwise, comment out and supply the TWX_DATABASE_USERNAME and TWX_DATABASE_PASSWORD
# for manually created user and ThingWorx database structure.
- "DATABASE_ADMIN_USERNAME=<azuresql admin user>"
- "DATABASE_ADMIN_PASSWORD=<azuresql admin password>"
# NOTE: Set TWX_DATABASE_USERNAME, TWX_DATABASE_PASSWORD TWX_DATABASE_SCHEMA for
# the thingworx database setup that will either be created by the docker image,
# or connected to if it already exists.
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
services:
# NOTE: There is no test database for the ThingWorx Azure SQL Persitence Provider
# as you need to create a database resource in Azure to connect to.
platform:
image: thingworx/platform-azuresql:latest
healthcheck:
test: curl -s -w '%{http_code}' -U 'bad:creds' localhost:8080/Thingworx/Subsystems/PlatformSubsystem | grep -w 401
interval: 15s
ports:
- "8080:8080"
- "8443:8443"
environment:
- "INITIAL_HEAP=2"
- "MAX_HEAP=4"
- "DATABASE_HOST=<azuresql url>"
# NOTE: Set DATABASE_ADMIN_USERNAME and DATABASE_ADMIN_PASSWORD if you want
# the docker container to create the user and database tables for ThingWorx
# based on TWX_DATABASE_USERNAME and TWX_DATABASE_PASSWORD.
# Otherwise, comment out and supply the TWX_DATABASE_USERNAME and TWX_DATABASE_PASSWORD
# for manually created user and ThingWorx database structure.
- "DATABASE_ADMIN_USERNAME=<azuresql admin user>"
- "DATABASE_ADMIN_PASSWORD=<azuresql admin password>"
# NOTE: Set TWX_DATABASE_USERNAME, TWX_DATABASE_PASSWORD TWX_DATABASE_SCHEMA for
# the thingworx database setup that will either be created by the docker image,
# or connected to if it already exists.
- "TWX_DATABASE_USERNAME="
- "TWX_DATABASE_SCHEMA="
- "TWX_DATABASE_PASSWORD="
# NOTE: The following must be set for the Platform to start. This will be
# the initial Administrator password.
- "THINGWORX_INITIAL_ADMIN_PASSWORD="
|
|
The initial memory is set to 2 GB and the maximum memory is set to 4 GB.
|
You can add the following options to the environment section of the file to control the configuration of this instance:
|
Variable Names
|
Values
|
Defaults
|
Comments
|
|---|---|---|---|
|
INITIAL_HEAP
|
Number
|
2
|
Sets the initial memory size for the instance in GB.
|
|
MAX_HEAP
|
Number
|
4
|
Sets the maximum memory size for the instance in GB.
|
|
DATABASE_HOST
|
String
|
N/A
|
Specifies the URL for the Azure SQL database.
|
|
DATABASE_ADMIN_USERNAME
|
String
|
N/A
|
Specifies the administrator user name for the Azure SQL database. Set only if you want the docker container to create TWX_DATABASE_USERNAME and initialize ThingWorx database tables.
|
|
DATABASE_ADMIN_PASSWORD
|
String
|
N/A
|
Specifies the administrator password for the Azure SQL database. Set only if you want the docker container to create TWX_DATABASE_USERNAME and initialize ThingWorx database tables.
|
|
ENABLE_HTTP
|
true/false
|
true
|
Enables the HTTP connector on Tomcat for unsecured traffic to the container
|
|
ENABLE_HTTPS
|
true/false
|
false
|
Enables the HTTPS connector on Tomcat for secured traffic to the container. You must also provide a keystore and set SSL_KEYSTORE_PASSWORD
|
|
SSL_KEYSTORE_PASSWORD
|
String
|
PASSWORD
|
Specifies the password to keystore used for SSL communication in Tomcat.
|
|
SSL_KEYSTORE_BASE_PATH
|
String
|
/ThingworxPlatform
|
Specifies the path to the Tomcat SSL keystore. If you store the keystore in a location in the container other than the default folder, you must set this variable.
|
|
SSL_KEYSTORE_FILENAME
|
String
|
keystore.jks
|
Specifies the file name for the Tomcat SSL keystore. If your keystore has a file name other than the default, you must set this variable.
|
|
TOMCAT_SSL_PROTOCOLS
|
String
|
TLSv1.2
|
Specifies the Tomcat SSL protocol. Set this if you want to override the accepted SSL protocols in Tomcat.
|
|
SERVER_HTTP_PORT
|
String
|
8080
|
Specifies the port that Tomcat monitors for HTTP communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
SERVER_HTTPS_PORT
|
String
|
8443
|
Specifies the port that Tomcat monitors for HTTPS communication. Note that if this port is changed, you must change the exposed ports in the Compose file.
|
|
DOCKER_DEBUG
|
true/false
|
false
|
Toggles the option for recording debugging information when the container starts up. Note that this might contain sensitive information.
|
|
TWX_DATABASE_USERNAME
|
String
|
""
|
Specifies the ThingWorx user that will be created for the database. This variable must be manually set before starting the ThingWorx Platform.
|
|
TWX_DATABASE_PASSWORD
|
String
|
""
|
Specifies the password for the ThingWorx user for the database. This variable must be manually set before starting the ThingWorx Platform. The variable must also conform to the password policy for Azure SQL Database. See Password Policy for details.
|
|
TWX_DATABASE_SCHEMA
|
String
|
""
|
Specifies the schema name for the ThingWorx instance. This variable must be manually set before starting the ThingWorx Platform.
|
|
LS_USERNAME
|
String
|
""
|
Specifies the PTC login user name to get your ThingWorx License.
|
|
LS_PASSWORD
|
String
|
""
|
Specifies the PTC login password to get your ThingWorx License.
|
|
ENABLE_BACKUP
|
true/false
|
false
|
Toggles the option for backups.
|
|
ENABLE_LOGGING
|
true/false
|
true
|
Toggles the option for logging.
|
|
ENCRYPT_CREDENTIALS
|
true/false
|
false
|
Toggles the option to encrypt passwords for databases and licensing in the platform-settings.json file.
|
|
THINGWORX_INITIAL_PASSWORD
|
String
|
""
|
Sets the initial password for the Administrator user in ThingWorx. This variable must be manually set before starting the ThingWorx Platform. This password may be changed after ThingWorx starts up successfully.
|
|
EXTPKG_IMPORT_POLICY_ENABLED
|
true/false
|
false
|
Controls global enable/disable of Extension Package import through the Extension Package Uploader.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JARRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Jar (Java) resources. If false and the Extension contains jar files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain Javascript resources. If false and the Extension contains javascript files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_CSSRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain CSS resources. If false and the Extension contains css files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_JSONRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain JSON resources. If false and the Extension contains json files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_WEBAPPRES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain WebApps resources. If false and the Extension contains WebApp resource files, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_ENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain non-extensible entity definitions. If false and the Extension contains non-extensible entity definitions, other than the Extension Package entity, the import will fail.
|
|
EXTPKG_IMPORT_POLICY_ALLOW_EXTENTITIES
|
true/false
|
false
|
Controls import permissions for Extension Packages that contain extensible entity definitions. If false and the Extension contains extensible entity definitions, other than the Extension Package entity, the import will fail.
|
You can also change the volume path to a location specific to your site. The volume path uses the following syntax:
"./path_to_local_mount:/path_to_container_mount"
For example:
"/opt/ThingworxPlatform:/ThingworxPlatform"
|
|
When updating the volume path, change only the local mount as the mount points of the internal container never change.
|