Configuration
TimeBase Web Administrator is a Spring application. You can follow standard best practices to configuring Spring applications properties, such as:
info
- Refer to Externalized Configuration in Spring documentation.
- Refer to Properties & configuration in Spring documentation.
TimeBase Web Administrator starts with the default configuration specified in the following application.yaml file.
Important
It is not recommended changing the default configurations.
#default configuration
server:
port: 8099
compression:
enabled: true
mime-types: text/html,text/css,application/javascript,application/json
spring:
mvc:
async:
request-timeout: 3600000 # 60 * 60 * 1000 = 1 hour
timebase:
url: dxtick://localhost:8011
readonly: false
flushPeriodMs: 500
user:
password:
streams:
include:
exclude: \#$ && \^metrics#
currencies:
tree:
group-size: 1000
grafana:
pluginsPackages:
- epam.rtc.grafana
enabled: true
streams:
include: .*
exclude:
security:
oauth2:
provider:
providerType: BUILT_IN_OAUTH # valid values: EXTERNAL_OAUTH, BUILT_IN_OAUTH, SSO
clientId: web
oauthServer: http://localhost:8099
getTokenEndpoint: /oauth/token
checkTokenEndpoint: /oauth/check
clientId: web
secret: $2a$10$1DWT60qCpc1bTJUNiV/C0u.Zw0L5Yq80OhZbsyA8LAKn7G/18q9za
authorizedGrantTypes:
- password
- refresh_token
users:
- username: admin
password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
- username: reader
password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
authorities: [ TB_ALLOW_READ]
- username: test
password: $2a$10$3PL6X1Gn8VjRy4r0od9NLeZrO2YWpUjzozv3jOxU0/RMjsElzPQdu
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
scopes:
- trust
accessTokenValiditySeconds: 300 # 5 min
refreshTokenValiditySeconds: 86400 # one day
ai-api: # AI assitant properties
enabled: false
endpointUrl: "" # endpoint to send prompts, can be chat gpt https://api.openai.com/v1/chat/completions
deploymentName: gpt-4o-2024-05-13
key: INVALID_API_KEY # key
maxAttempts: 3
You can override specific default configuration parameters (in this case other parameters keep their default values) or the entire default configuration to meet your specific requirements.
Additional Configuration File
You can create an additional application.yaml configuration file to override the selected configuration parameters.
For example, to override the default TimeBase URL, you can create an additional application.yaml configuration file as shown in the example below:
# additional application.yaml
timebase:
url: dxtick://localhost:8045
and run the application with -Dspring.config.additional-location system property, where you provide the path to the additional application.yaml you want to use.
# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dspring.config.additional-location=/path/to/the/additional/config_file/application.yaml
or add the additional configuration file using environment variable:
# docker-compose.yaml
services:
timebase-admin:
environment:
- SPRING_CONFIG_ADDITIONAL-LOCATION=/path/to/the/additional/config_file/application.yaml
System Properties
Default configuration parameters can be mapped on and overridden using Java system properties.
For example, to override the default TimeBase URL, you can add a system property as shown in the below example:
# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dtimebase.url=dxtick://localhost:8045
Environment Variables
Default configuration parameters can be overridden using environment variables.
Refer to Spring Naming Convention for your reference.
# docker-compose.yaml
services:
timebase-admin:
environment:
- TIMEBASE_URL=dxtick://localhost:8045
Replace the Default Configuration
You can ignore the default configuration and entirely replace it by the custom application.yaml. In this case, run the application with -Dspring.config.location system property and provide the path to the new application.yaml you want to use instead of the default one.
Be aware, that in this case, you will have to create the entire config from scratch, which is significantly more resourceful than redefining the selected parameters - described in the above sections.
# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dspring.config.location=/path/to/the/config_file/application.yaml
Examples
Override TimeBase connection parameters in the additional application.yaml file:
# additional application.yaml
timebase:
url: dxtick://localhost:8045
user: admin
password: admin
Configure users by adding an additional application.yaml:
# additional application.yaml
security:
oauth2:
users:
- username: admin
password: admin # or BCrypt encoded password
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
Configure ORY Hydra SSO provider in the additional application.yaml:
# additional application.yaml
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://hydra-url:8011/my-client-id
security:
oauth2:
provider:
providerType: SSO
name: hydra
clientId: my-hydra-client-id
validateIssuer: false
userInfo:
enable: true
Configure users via Java system properties:
# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dsecurity.oauth2.users.0.username=admin
-Dsecurity.oauth2.users.0.password=admin
-Dsecurity.oauth2.users.0.authorities="TB_ALLOW_READ, TB_ALLOW_WRITE"
Configure API Keys via environment variables:
# docker-compose.yaml
services:
timebase-admin:
environment:
- SECURITY_AUTHORIZATION_SOURCE=CONFIG
- SECURITY_API-KEYS_SESSIONS_ENABLED=false
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_NAME=TEST_API_KEY
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_KEY=TEST_API_SECRET
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_USER=admin
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_AUTHORITIES=TB_ALLOW_READ, TB_ALLOW_WRITE
Enabling HTTPS
To enable HTTPS:
- Create a keystore with a valid key pair. Here we generate a self-signed certificate using JDK’s keytool:
keytool -genkey -keyalg RSA -alias webadmin -keystore selfsigned.jks -validity 1000 -keysize 2048
- Add the following settings to application.yaml:
server:
ssl:
key-store: /timebase/webadmin/selfsigned.jks
key-store-password: password
keyStoreType: JKS
keyAlias: timebase
WebAdmin uses the Spring Boot framework. You can use Spring parameters to adjust web settings.
For example, to require TLS 1.2:
server:
ssl:
protocol: TLS
enabled-protocols: TLSv1.2
Configure TimeBase onnection with OAuth2
Add the following settings to application.yaml to be able to connect with TimeBase configured with OAuth2:
timebase:
oauth2-client:
url: https://login.microsoftonline.com/b41b72d0-4e9f-1111-1111-1111111111111/oauth2/v2.0/token # issuer request token url
client-id: 4d69eb9b-e7c3-1111-1111-1111111111111
client-secret: <base64 client secret>
scope: "api%3A%2F%2Ffcf8a41f-bf18-1111-1111-1111111111111%2F.default"
To connect with certificate credentials flow
instead of secret
, add the following settings to application.yaml:
timebase:
oauth2-client:
url: https://login.microsoftonline.com/b41b72d0-4e9f-1111-1111-1111111111111/oauth2/v2.0/token # issuer request token url
client-id: 4d69eb9b-e7c3-1111-1111-1111111111111
scope: "api%3A%2F%2Ffcf8a41f-bf18-1111-1111-1111111111111%2F.default"
keystore:
keystore-type: PKCS12 # PKCS12, JKS
keystore-location: <keystore location>
keystore-alias: <keystore alias>
keystore-password: <base64 encoded keystore password>
Configure Other Services
You can configure selected parameters for various services. Use one of standard approaches for configuration:
In configuration file:
charting:
max-pool-size: 8
...
Via Java OPTS:
-Dcharting.max-pool-size=10
Via ENV Variables:
set CHARTING_MAX-POOL-SIZE=10
Parameter | Description | Default |
---|---|---|
Charting | ||
charting.queryTimeoutSec | Time limit (in seconds) allowed to build a chart. | 60 sec |
charting.max-pool-size | Thread pool size for charts. Number of users that can build chart simultaneously. | 8 |
Websockets | ||
websocket.send-buffer-size-limit | The max amount of data that can be kept in buffer when sending messages to a websocket session. | 512K |
websocket.message-size-limit | Max size of the inbound sub-protocol message, such as STOMP frame, which can be aggregated from multiple websocket messages. | 64K |
websocket.send-time-limit | Time limit (in milliseconds) allowed when sending messages to a websocket session. | 10 sec |
Order Book Service | ||
timebase.order-book.max-tasks | Thread pool size for order book service tasks. Number of connections that can build order book simultaneously. | 50 |
timebase.order-book.flush-period-ms | Flush messages period in milliseconds. The frequency of the order book data updates coming from the server. | 500ms |
Order Book Debugger Service | ||
order-book-debugger.snapshot-lookup-ms | Look-up snapshot period in milliseconds to build order book. | 60000ms |
Views | ||
views.processor.thread-pool-size | Thread pool size for processing of views. Refer to Views to learn more. | 4 |
Instrument Service | ||
instrumentsService.securitiesStream | The name of the stream for securities. | securities |
instrumentsService.deltixSymbolField | Name of the field in the securities stream where the symbol name by DELTIX is stored. | deltixSymbol |
instrumentsService.smiUrl | Central securities service URL. | https://smi.deltixhub.com |
instrumentsService.timeout | Default timeout for securities service requests in milliseconds. | 30000 |
Import Settings | ||
import.directory | The name of the directory on the server for import files. | temp |
import.directorySizeMb | Max directory size for import files, in megabytes. | 1024 |
import.max-uploads | Thread pool size for import tasks. Max number of upload processes that can run simultaneously. | 10 |
import.stale-import-timeout-ms | Stale tasks (for example, when import process was not closed gracefully) sweep time in milliseconds. | 65000ms |
import.log-file-size | Max log size for import process in bytes that is stored on server. | 1048576 |
import.preview.size | When importing form a CSV file, the max lines count for preview. | 50 |
Flow Chart | ||
timebase.flowchart.metrics-stream | Stream key with metrics for the flow chart. | metrics# |
timebase.flowchart.max-interval | Look back time in millis, how far back service starts reading metrics. | 10000 |
timebase.flowchart.max-tasks | Thread pool size for flow chart. Number of users that can view flow chart simultaneously. | 10 |
Global Task Executor | ||
task-executor-service.max-tasks | Thread pool size for common tasks (for example, live charting tasks). Number of tasks allowed in a global pool of tasks. | 50 |
Metrics | ||
metrics.users.active.timeout-ms | Active users timeout in milliseconds. User is considered active if there has been any activity within this time period. | 300000 |