# ############################################
#
# Global parameters
#
# ############################################

# Public domain of the deployment
PUBLIC_PROTOCOL=https
PUBLIC_DOMAIN=platform.rapidminer.com
PUBLIC_PORT=443

# Public URL of the deployment that will be used for external access (Public domain + protocol + port)
PUBLIC_URL=${PUBLIC_PROTOCOL}://${PUBLIC_DOMAIN}
# If you run your deployment on a non-standard port, it should be added as well (HTTP_PORT and HTTPS_PORT shall be set too)
# PUBLIC_URL=${PUBLIC_PROTOCOL}://${PUBLIC_DOMAIN}:${PUBLIC_PORT}

# Public domain of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_DOMAIN
SSO_PUBLIC_PROTOCOL=https
SSO_PUBLIC_DOMAIN=platform.rapidminer.com
SSO_PUBLIC_PORT=443

# Public URL of the SSO endpoint that will be used for external access. In most cases it should be the same as the PUBLIC_URL
SSO_PUBLIC_URL=${SSO_PUBLIC_PROTOCOL}://${SSO_PUBLIC_DOMAIN}
# If you run your deployment on a non-standard port, it should be added as well (HTTP_PORT and HTTPS_PORT shall be set too)
# SSO_PUBLIC_URL=${SSO_PUBLIC_PROTOCOL}://${SSO_PUBLIC_DOMAIN}:${SSO_PUBLIC_PORT}

# SSO default parameters
SSO_IDP_REALM=master
# Valid values are 'all', 'external' and 'none'.
SSO_SSL_REQUIRED=none

WEBMASTER_MAIL=operations@sampleorg.com

# Enable/disable the service build into the RapidMiner cloud images, that updates the PUBLIC_URL and SSO_PUBLIC_URL variables to the new dynamic cloud hostname/IP address
AUTOMATIC_PUBLIC_URL_UPDATE_FOR_CLOUD_IMAGES=false

# Enable/disable the Legacy BASIC authentication support for REST endpoints, like webservices. (lowercase true/false)
LEGACY_REST_BASIC_AUTH_ENABLED=false

# Timezone setting
TZ=UTC

# License mode for the platform
# Supported modes are 'ALTAIR_UNIT' and 'RAPIDMINER'
LICENSE_MODE=ALTAIR_UNIT

# Legacy RapidMiner License
# Please provide the LICENSE variable only if you have a legacy license.
LICENSE=

# Profiles
# A coma separated list of active profiles

# For deployments with legacy licensing please disable altair-license in your profile

# Maximum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon,aihub-webapi-agent-1,aihub-webapi-agent-2,aihub-webapi-gateway

# Minimum set
# COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent

# Default set
COMPOSE_PROFILES=deployment-init,proxy,keycloak,altair-license,landing-page,aihub-frontend,aihub-backend,aihub-activemq,aihub-job-agent,jupyter,grafana,scoring-agent,platform-admin,ces,token-tool,letsencrypt,panopticon,aihub-webapi-agent-1,aihub-webapi-gateway

# Docker-compose timeout setting
COMPOSE_HTTP_TIMEOUT=600

# ############################################
#
# Deployment parameters
#
# ############################################

# Prefix to use for docker registry
REGISTRY=rapidminer/

# Version of the Init container
INIT_VERSION=2026.0.2

# Enable configuring server settings for Python Scripting extension
INIT_SHARED_CONDA_SETTINGS=true

# ############################################
#
# Proxy
#
# ############################################

PROXY_VERSION=2026.0.2

# Deprecated, please use HTTP_PORT and HTTPS_PORT
UNPRIVILEGED_PORTS=false
# Ports nginx service inside the container is listening
# These ports shall match with the public ports mapped on the docker host
HTTP_PORT=80
HTTPS_PORT=443

PROXY_DATA_UPLOAD_LIMIT=25GB

# Backends
AIHUB_FRONTEND=http://aihub-frontend
AIHUB_BACKEND=http://aihub-backend:8080
WEBAPI_GATEWAY_BACKEND=http://webapi-gateway:8099
GRAFANA_BACKEND=http://grafana:3000/
JUPYTERHUB_BACKEND=http://jupyterhub:8000/
KEYCLOAK_BACKEND=http://keycloak:8080
LANDING_BACKEND=http://landing-page:1080/
LETSENCRYPT_BACKEND=http://letsencrypt:1084/
METRICS_BACKEND=http://prometheus:9090/
PLATFORM_ADMIN_BACKEND=http://platform-admin:1082/
SCORING_AGENT_BACKEND=http://scoring-agent:8090/
SCORING_AGENT_WEBUI_BACKEND=http://platform-admin:1082/
TOKEN_BACKEND=http://token-tool:1080/
PANOPTICON_BACKEND=http://panopticon-vizapp:8080
# Backend suffixes
GRAFANA_URL_SUFFIX=/grafana
JUPYTERHUB_URL_SUFFIX=/jupyter/
METRICS_URL_SUFFIX=/metrics
PLATFORM_ADMIN_URL_SUFFIX=/platform-admin
SCORING_AGENT_URL_SUFFIX=/rts
SCORING_AGENT_WEBUI_URL_SUFFIX=/rts-admin
TOKEN_TOOL_URL_SUFFIX=/get-token
# Default Basic Auth Accesses
PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_USER=foobar
PLATFORM_ADMIN_ENVIRONMENT_EXPORT_AUTH_BASIC_PASSWORD=secret
METRICS_AUTH_BASIC_USER=admin
METRICS_AUTH_BASIC_PASS=changeit
LOGS_AUTH_BASIC_USER=admin
LOGS_AUTH_BASIC_PASS=changeit
SCORING_AGENT_BASIC_AUTH=true
# Change these when you want to use non-default pair to login
SCORING_AGENT_ADMIN_USER=admin
SCORING_AGENT_ADMIN_PASSWORD=changeit
# HTTPS settings
ALLOW_LETSENCRYPT=true
#CUSTOM CA file has to be existed in ssl folder as a file and need to be set here
#deployment-init mounts the entire ssl folder and the customCA will be search
#according to its file name. If the file exists and not zero lenght it will be
#added to the CA turst stores.
#CUSTOM_CA_CERTS_FILE=<PLACEHOLDER.CRT>
CUSTOM_CA_CERTS_FILE=
HTTPS_CRT_PATH=/etc/nginx/ssl/certificate.crt
HTTPS_KEY_PATH=/etc/nginx/ssl/private.key
HTTPS_KEY_PASSWORD_FILE_PATH=/etc/nginx/ssl/password.txt
HTTPS_DH_PATH=/etc/nginx/ssl/dhparam.pem
ACCESS_CONTROL_ALLOW_ORIGIN_GENERAL=${PUBLIC_URL}
ACCESS_CONTROL_ALLOW_ORIGIN_WEBAPI=
ACCESS_CONTROL_ALLOW_ORIGIN_RTS=
ACCESS_CONTROL_ALLOW_ORIGIN_KEYCLOAK=
# Improved security value
#CONTENT_SECURITY_POLICY="default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data:;connect-src 'self';frame-src 'self';font-src 'self';media-src 'self';object-src 'none';manifest-src 'self';worker-src blob: 'self';form-action 'self';frame-ancestors 'self';"
# Backward compatible value
CONTENT_SECURITY_POLICY="worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval';"

WAIT_FOR_DHPARAM=true
DEBUG_CONF_INIT=false

# ############################################
#
# KeyCloak (SSO)
#
# ############################################

# Keycloak container version
KEYCLOAK_VERSION=2026.0.2

# Keycloak database parameters
KEYCLOAK_POSTGRES_VERSION=2026.0.2
KEYCLOAK_DBSCHEMA=kcdb
KEYCLOAK_DBUSER=kcdbuser
KEYCLOAK_DBPASS=changeit
KEYCLOAK_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"

# Default platform admin user credentials
KEYCLOAK_USER=admin
KEYCLOAK_PASSWORD=changeit
KC_PROXY_TRUSTED_ADDRESSES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.0/8
KC_FEATURES=token-exchange
KC_HOSTNAME_STRICT="false"
KC_HOSTNAME_STRICT_BACKCHANNEL="false"
KC_HOSTNAME_STRICT_HTTPS="false"
KC_LOG_LEVEL=info
KC_HOSTNAME_BACKCHANNEL_DYNAMIC="false"
KC_PROXY_HEADERS=xforwarded
KC_HTTP_ENABLED="true"
KC_HEALTH_ENABLED="true"

# ############################################
#
# License Proxy
#
# ############################################

SKIP_LICENSE_CHECK=false
LICENSE_PROXY_HOSTNAME=license-proxy
LICENSE_PROXY_PROFILES_ACTIVE=default,prometheus
LICENSE_PROXY_VERSION=2026.0.2
# License Proxy url with protocol and port
LICENSE_PROXY_INTERNAL_URL=http://license-proxy:9898
# Unique machine id of the deployment
# may be generated with the command: echo "$(openssl rand -hex 4)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 2)-$(openssl rand -hex 6)"
LICENSE_AGENT_MACHINE_ID="00000000-0000-0000-0000-000000000000"
# supported modes are 'on_prem' and 'altair_one'
LICENSE_PROXY_MODE=on_prem

# ## settings for 'on_prem' mode ###
# Altair License Manager path for on-prem mode pointing to an Altair Lincense Manager endpoint in format of port@host
# must be set if mode is 'on_prem'
ALTAIR_LICENSE_PATH=
# ##
MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health
# ## settings for 'altair_one' mode ###
# Authentication type while connecting to the license server
# possible values are 'credentials', 'auth_code' and 'static_token'
LICENSE_UNIT_MANAGER_AUTHENTICATION_TYPE=credentials

# ##### settings for 'credentials' authentication type
# Altair One username. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_USER_NAME=
# Altair One password. Must be set if the authentication type is 'credentials' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_PASSWORD=
# When mode is 'altair_one', resets any stored auth code when 'credentials' already persisted a valid auth token
LICENSE_UNIT_MANAGER_RESET_AUTH_TOKEN=false
# #####

# ##### settings for 'static_token' authentication type
# License Server access token. Must be set if the authentication type is 'static_token' and License Proxy mode is 'altair_one'
LICENSE_UNIT_MANAGER_TOKEN=
# #####
LICENSE_UNIT_MANAGER_AUTH_CODE=
# ##
#Proxy config
ALM_HHWU_PROXY_HOST=
ALM_HHWU_PROXY_PORT=
ALM_HHWU_PROXY_USERNAME=
ALM_HHWU_PROXY_PASSWORD=

# #############################################
#
# CPU Constraints
#
# #############################################
#
# By default, AI Hub and Panopticon will use all CPU cores of the host system
# and draw Altair Units accordingly (if using Altair licensing). To limit the
# CPU usage and unit draw, you can constrain AI Hub and Panopticon to a subset
# of CPU cores, e.g., to the first 8 logical cores of the host system.
#
# For more information on this constraint, see:
# https://docs.docker.com/engine/reference/run/#cpuset-constraint
#
# Please note, that by default these settings are commented in the docker-compose.yml
# After you set the values here, please uncomment the relevant properties in the docker-compose.yml as well.
#
# Example: Constrain CPU usage to the first 8 logical cores (0-7):
#AIHUB_BACKEND_CPUSET=0-7
#JOBAGENT_CPUSET=0-7
#WEBAPI_AGENT_CPUSET_1=0-7
#WEBAPI_AGENT_CPUSET_2=0-7
#SCORING_AGENT_CPUSET=0-7
#PANOPTICON_VIZAPP_CPUSET=0-7
#PANOPTICON_PYTHON_CPUSET=0-7
#PANOPTICON_RSERVE_CPUSET=0-7

# ############################################
#
# Rapidminer AiHub
#
# ############################################

AIHUB_BACKEND_PROFILES_ACTIVE=default,prometheus
AIHUB_FRONTEND_VERSION=2026.0.2
AIHUB_BACKEND_VERSION=2026.0.2
AIHUB_POSTGRES_VERSION=2026.0.2
AIHUB_DBHOST=aihub-postgresql
AIHUB_DBPORT=5432
AIHUB_DBSCHEMA=aihub-db
AIHUB_DBUSER=aihub-db-user
AIHUB_DBPASS=changeit
AIHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"
AIHUB_FRONTEND_SSO_CLIENT_ID=aihub-frontend
AIHUB_BACKEND_SSO_CLIENT_ID=aihub-backend
AIHUB_BACKEND_SSO_CLIENT_SECRET=
AIHUB_BACKEND_HOSTNAME=aihub-backend
AIHUB_BACKEND_PORT=8080
AIHUB_BACKEND_INTERNAL_URL=http://aihub-backend:8080
# AiHub and JA authenticates using this shared secret, which shall be a random string in base64 encoded format
# echo $RANDOM | md5sum | head -c 20; echo | base64;
AUTH_SECRET="<AUTH-SECRET-PLACEHOLDER>"
RAPIDMINER_LOAD_USER_CERTIFICATES=true
# SMTP settings
# These settings are commented in docker-compose.yml
#SPRING_MAIL_HOST=
#SPRING_MAIL_PORT=
#SPRING_MAIL_PROPERTIES_MAIL_SMTP_AUTH=false
#SPRING_MAIL_PROPERTIES_MAIL_SMTP_STARTTLS_ENABLE=false
#LOGIN-USER-TO-SMTP-SERVER
#SPRING_MAIL_USERNAME=
#LOGIN-PASSWORD-TO-SMTP-SERVER
#SPRING_MAIL_PASSWORD=
# Optional parameters
# Address,where reports is send to
#REPORTING_ERROR_MAIL_TO=
# Email subject
#REPORTING_ERROR_MAIL_SUBJECT_PREFIX=
# Logical sender address
#REPORTING_ERROR_MAIL_FROM_ADDRESS=
# Logical sender name
#REPORTING_ERROR_MAIL_FROM_NAME=
#
# Automatic Job Cleanup
# https://docs.rapidminer.com/latest/hub/manage/job-execution-infrastructure/job-cleanup.html
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_ENABLED=false
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_JOB_CRON_EXPRESSION="*/10 * * * * *"
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_JOB_CONTEXT_CRON_EXPRESSION="*/10 * * * * *"
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_MAX_AGE="2592000" #30 days
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_JOB_BATCH_SIZE="500"
JOBSERVICE_SCHEDULED_ARCHIVE_JOB_CLEANUP_JOB_CONTEXT_BATCH_SIZE="500"
#Set logging level for job cleanup
LOGGING_LEVEL_COM_RAPIDMINER_EXECUTION_JOBSERVICE_SCHEDULED=INFO
SYNC_EXTENSION_ENABLED=true
SYNC_EXECUTION_CONTEXT_ENABLED=true
SYNC_EXECUTION_CONTEXT_EXCLUSIONS='["extensions/workspace", "AIToolsDevkit"]'
SYNC_LIBS_ENABLED=true
SYNC_PYTHON_SDK_EXTENSION_ENABLED=true
SYNC_PYTHON_SDK_EXTENSION_EXCLUSIONS=
SYNC_TMP_DIR_PYTHON_SDK_EXTENSION_DIR=/aihub/home/tmp_global/sync/python-sdk-extension
RAPIDMINER_PYTHON_SDK_EXTENSION_DIR=/aihub/home/resources/python-sdk-extensions
# ############################################
#
# Job Agent
#
# ############################################

JOBAGENT_VERSION=2026.0.2
JOBAGENT_SPRING_PROFILES_ACTIVE=default,prometheus
JOBAGENT_QUEUE_ACTIVEMQ_URI=failover:(tcp://aihub-activemq:61616)
JOBAGENT_CONTAINER_COUNT=2
JOBAGENT_SSO_CLIENT_ID=aihub-jobagent
JOBAGENT_SSO_CLIENT_SECRET=
JOBAGENT_QUEUE_JOB_REQUEST=DEFAULT
JOBAGENT_CONTAINER_MEMORYLIMIT=2048
AIHUB_BACKEND_PROTOCOL=http
JOBAGENT_NAME=JOBAGENT-1
JOBAGENT_CONTAINER_LOAD_USER_CERTIFICATES=true
JOBAGENT_CONTAINER_JVM_CUSTOM_OPTIONS="-Drapidminer.general.timezone=${TZ}"

JOBAGENT_SYNC_PYTHON_SDK_EXTENSIONS_ENABLED=true
JOBAGENT_SYNC_PYTHON_SDK_EXTENSIONS_CLEAN_BEFORE=true
JOBAGENT_CONTAINER_PYTHON_SDK_EXTENSIONS_DIR=/home/rapidminer/resources/python-sdk-extensions

# ############################################
#
# ActiveMQ
#
# ############################################

ACTIVEMQ_VERSION=2026.0.2
BROKER_ACTIVEMQ_USERNAME=amq-user
BROKER_ACTIVEMQ_PASSWORD="<SERVER-AMQ-PASS-PLACEHOLDER>"
ENABLE_JMX_EXPORTER=true

# ############################################
#
# Jupyterhub
#
# ############################################

JUPYTERHUB_VERSION=2026.0.2
JUPYTERHUB_DBHOST=jupyterhub-db
JUPYTERHUB_DBSCHEMA=jupyterhub
JUPYTERHUB_DBUSER=jupyterhubdbuser
JUPYTERHUB_DBPASS=changeit
JUPYTERHUB_HOSTNAME=jupyterhub
JUPYTERHUB_POSTGRES_INITDB_ARGS="--encoding UTF8 --locale=C /var/lib/postgresql/data"
# Jupyterhub crypt key can be generated with the command: openssl rand -hex 32
JUPYTERHUB_CRYPT_KEY="<JUPYTERHUB-CRYPT-KEY-PLACEHOLDER>"
JUPYTERHUB_DEBUG=False
JUPYTERHUB_TOKEN_DEBUG=False
JUPYTERHUB_PROXY_DEBUG=False
JUPYTERHUB_DB_DEBUG=False
JUPYTERHUB_SPAWNER_DEBUG=False
JUPYTERHUB_STACK_NAME=default
JUPYTERHUB_SSO_CLIENT_ID=jupyterhub
JUPYTERHUB_SSO_CLIENT_SECRET=
JUPYTERHUB_SPAWNER=dockerspawner
JUPYTERHUB_API_PROTOCOL=http
JUPYTERHUB_API_HOSTNAME=jupyterhub
JUPYTERHUB_PROXY_PORT=8000
JUPYTERHUB_API_PORT=8001
JUPYTERHUB_APP_PORT=8081
# JUPYTERHUB_CUSTOM_CA_CERTS=${PWD}/ssl/deb_cacerts/
JUPYTERHUB_DOCKER_DISABLE_NOTEBOOK_IMAGE_PULL_AT_STARTUP=False

# ############################################
#
# Jupyter Notebook
#
# ############################################

JUPYTERHUB_NOTEBOOK_VERSION=2026.0.2

JUPYTERHUB_NOTEBOOK_SSO_NB_UID_KEY=X_NB_UID
JUPYTERHUB_NOTEBOOK_SSO_NB_GID_KEY=X_NB_GID
JUPYTERHUB_NOTEBOOK_SSO_CUSTOM_BIND_MOUNTS_KEY=X_NB_CUSTOM_BIND_MOUNTS
# Content should be in json format, use quotes here instead of apostrophes
# JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS={"/usr/share/doc/apt":"/tmp/apt","/usr/share/doc/mount/":"/tmp/mount"}
JUPYTERHUB_NOTEBOOK_CUSTOM_BIND_MOUNTS=
JUPYTERHUB_NOTEBOOK_CPU_LIMIT=100
# Docker
JUPYTERHUB_NOTEBOOK_MEM_LIMIT=3g
#k8s
# JUPYTERHUB_NOTEBOOK_MEM_LIMIT=3G
JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_DOCKERSPAWNER=coding-shared-vol
# kubespawner
# JUPYTERHUB_NOTEBOOK_KUBERNETES_CMD: '/entrypoint.sh'
# JUPYTERHUB_NOTEBOOK_KUBERNETES_ARGS: ''
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NAMESPACE=rapidminer
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_NAME: 'rapidminer.node'
# JUPYTERHUB_NOTEBOOK_KUBERNETES_NODE_SELECTOR_VALUE: 'notebook'
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_ACCESS_MODE=ReadWriteOnce
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CAPACITY=5Gi
# JUPYTERHUB_NOTEBOOK_HOME_KUBERNETES_STORAGE_CLASS=ms-ebs-us-west-2b
# JUPYTERHUB_NOTEBOOK_IMAGE_PULL_SECRET=rm-docker-login-secret
# JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_NAME_KUBESPAWNER=python-envs-pvc
# JUPYTERHUB_NOTEBOOK_SHARED_ENV_VOLUME_SUBPATH_KUBESPAWNER=coding-shared

# ############################################
#
# Platform admin
#
# ############################################

PLATFORM_ADMIN_VERSION=2026.0.2
PLATFORM_ADMIN_SSO_CLIENT_ID=platform-admin
PLATFORM_ADMIN_SSO_CLIENT_SECRET=
PLATFORM_ADMIN_DISABLE_PYTHON=false
PLATFORM_ADMIN_DISABLE_RTS=false

# ############################################
#
# Coding Environment Storage
#
# ############################################

CES_VERSION=2026.0.2
DISABLE_DEFAULT_CHANNELS=True
CONDA_CHANNEL_PRIORITY=strict
HTTP_PROXY=
HTTPS_PROXY=
NO_PROXY=platform-admin

# ############################################
#
# Real-Time Scoring Agent
#
# ############################################

SCORING_AGENT_SPRING_PROFILES_ACTIVE=default,prometheus
SCORING_AGENT_VERSION=2026.0.2
SCORING_AGENT_CACHE_REPOSITORY_CLEAR_ON_COLLECTION=false
SCORING_AGENT_CACHE_REPOSITORY_MAXIMUM_SIZE=50
# Maximum age in milliseconds of entries held in the cache
SCORING_AGENT_CACHE_REPOSITORY_ACCESS_EXPIRATION=900000
SCORING_AGENT_CACHE_REPOSITORY_COPY_CACHED_IOOBJECTS=true
SCORING_AGENT_CORS_PATH_PATTERN=""
SCORING_AGENT_CORS_ALLOWED_METHODS="*"
SCORING_AGENT_CORS_ALLOWED_HEADERS="*"
SCORING_AGENT_CORS_ALLOWED_ORIGINS="*"
SCORING_AGENT_REST_CONTEXT_PATH=/api
SCORING_AGENT_RAPIDMINER_CHECK_SYNC=5000 #5s
SCORING_AGENT_RAPIDMINER_MAX_CHECK_COUNT=20
SCORING_AGENT_TASK_SCHEDULER_POOL_SIZE=10
SCORING_AGENT_TASK_SCHEDULER_THREAD_PRIORITY=5
SCORING_AGENT_EXECUTION_CLEANUP_ENABLED=false
SCORING_AGENT_EXECUTION_CLEANUP_CRON_EXPRESSION="0 0 0-6 ? * * *"
SCORING_AGENT_EXECUTION_CLEANUP_TIMEOUT=10000
SCORING_AGENT_EXECUTION_CLEANUP_WAIT_BETWEEN=1000
SCORING_AGENT_EXECUTION_TIMEOUT=10000
SCORING_AGENT_AUDIT_ENABLED=false
SCORING_AGENT_SYNC_PYTHON_SDK_EXTENSIONS_ENABLED=true
SCORING_AGENT_SYNC_PYTHON_SDK_EXTENSIONS_CLEAN_BEFORE=true
SCORING_AGENT_RAPIDMINER_PYTHON_SDK_EXTENSION_DIR=/scoring-agent/home/resources/python-sdk-extensions


# ############################################
#
# WebApi Agent
#
# ############################################

WEBAPI_AGENT_CACHE_REPOSITORY_CLEAR_ON_COLLECTION=false
WEBAPI_AGENT_CACHE_REPOSITORY_MAXIMUM_SIZE=50
WEBAPI_AGENT_CACHE_REPOSITORY_ACCESS_EXPIRATION=3600000
WEBAPI_AGENT_CACHE_REPOSITORY_COPY_CACHED_IOOBJECTS=true
WEBAPI_AGENT_CORS_PATH_PATTERN=""
WEBAPI_AGENT_CORS_ALLOWED_METHODS="*"
WEBAPI_AGENT_CORS_ALLOWED_HEADERS="*"
WEBAPI_AGENT_CORS_ALLOWED_ORIGINS="*"
WEBAPI_AGENT_REST_CONTEXT_PATH=/api
WEBAPI_AGENT_TASK_SCHEDULER_POOL_SIZE=10
WEBAPI_AGENT_TASK_SCHEDULER_THREAD_PRIORITY=5
WEBAPI_AGENT_EXECUTION_CLEANUP_ENABLED=false
WEBAPI_AGENT_EXECUTION_CLEANUP_CRON_EXPRESSION="0 0 0-6 ? * * *"
WEBAPI_AGENT_EXECUTION_CLEANUP_TIMEOUT=10000
WEBAPI_AGENT_EXECUTION_CLEANUP_WAIT_BETWEEN=1000
WEBAPI_AGENT_EXECUTION_TIMEOUT=10000
WEBAPI_AGENT_AUDIT_ENABLED=false
WEBAPI_AGENT_SCORING_AGENT_SYNC_PYTHON_SDK_EXTENSIONS_ENABLED=true
WEBAPI_AGENT_SCORING_AGENT_SYNC_PYTHON_SDK_EXTENSIONS_CLEAN_BEFORE=true
WEBAPI_AGENT_SCORING_AGENT_RAPIDMINER_PYTHON_SDK_EXTENSION_DIR=/scoring-agent/home/resources/python-sdk-extensions
REACT_APP_WEBAPI_GATEWAY_URL=http://webapi-gateway:8099
WEBAPIAGENT_OPTS="-Xmx2g"
WEBAPI_AGENT_RAPIDMINER_CHECK_SYNC=5000 #5s
WEBAPI_AGENT_RAPIDMINER_MAX_CHECK_COUNT=20
WEBAPI_REGISTRY_USERNAME=foobar
WEBAPI_REGISTRY_PASSWORD=secret
WEBAPI_AIHUB_CONNECTION_PROTOCOL=http
WEBAPI_AIHUB_CONNECTION_HOST=aihub-backend
WEBAPI_AIHUB_CONNECTION_PORT=8080
WEBAPI_AGENT_VERSION=2026.0.2
WEBAPI_GROUP_NAME=DEFAULT
#WEBAPI_1_GROUP_NAME=
#WEBAPI_2_GROUP_NAME=
WAIT_FOR_LICENSES=1
SCORING_AGENT_ENABLE_SERVER_LICENSE=true
WEBAPI_AGENT_SPRING_PROFILES_ACTIVE=webapi,prometheus
SCORING_AGENT_SSO_CLIENT_ID=aihub-scoringagent
SCORING_AGENT_SSO_CLIENT_SECRET=
WEBAPI_AGENT_SSO_CLIENT_ID=aihub-webapiagent
WEBAPI_AGENT_SSO_CLIENT_SECRET=
# Supported modes are 'ALTAIR_UNIT', 'RAPIDMINER' and 'ALTAIR_STANDALONE'
# Uncomment this to use 'SCORING_AGENT_LICENSE_MODE' in Scoring Agent instead of LICENSE_MODE variable declared above
# SCORING_AGENT_LICENSE_MODE=ALTAIR_STANDALONE
SCORING_AGENT_RAPIDMINER_LOAD_USER_CERTIFICATES=true

# ############################################
#
# WebApi Gateway
#
# ############################################

WEBAPI_GATEWAY_PROFILES_ACTIVE=default,prometheus
WEBAPI_GATEWAY_VERSION=2026.0.2
# The connect timeout in milliseconds
WEBAPI_GATEWAY_SPRING_CLOUD_GATEWAY_HTTPCLIENT_CONNECT_TIMEOUT=15000
WEBAPI_GATEWAY_SPRING_CLOUD_GATEWAY_HTTPCLIENT_RESPONSE_TIMEOUT=5m
WEBAPI_GATEWAY_RETRY_BACKOFF_ENABLED=off
WEBAPI_GATEWAY_RETRY_BACKOFF_INTERVAL=100ms
WEBAPI_GATEWAY_RETRY_EXCEPTIONS="java.io.IOException, org.springframework.cloud.gateway.support.TimeoutException"
WEBAPI_GATEWAY_RETRY_METHODS=post
WEBAPI_GATEWAY_RETRY_STATUS=not_found
WEBAPI_GATEWAY_RETRY_SERIES=server_error
WEBAPI_GATEWAY_RETRY_GROUP_RETRIES=3
WEBAPI_GATEWAY_RETRY_AGENT_RETRIES=3
WEBAPI_GATEWAY_LOADBALANCER_CLEAN_UP_INTERVAL=10s
WEBAPI_GATEWAY_LOADBALANCER_REQUEST_TIMEOUT=10s
WEBAPI_GATEWAY_LOADBALANCER_REQUEST_INTERVAL=10s
WEBAPI_GATEWAY_LOADBALANCER_METRIC_STYLE=CPU_MEMORY

# ############################################
#
# Grafana
#
# ############################################

# Official grafana image from: https://hub.docker.com/r/grafana/grafana/
OFFICIAL_GRAFANA_IMAGE=docker.io/grafana/grafana:12.3.2-ubuntu
GF_SECURITY_ANGULAR_SUPPORT_ENABLED=true
# Image tag used by grafana-proxy and grafana-init
GRAFANA_UTILS_VERSION=2026.0.2
GF_AUTH_GENERIC_OAUTH_SCOPES=email,openid
GRAFANA_PROXY_REQUEST_TIMEOUT=60 # seconds
GF_DATAPROXY_TIMEOUT=60 # seconds

#
# Grafana Proxy
#
GRAFANA_PROXY_THREAD_NUMBERS=16
# Possible values: NOTSET, DEBUG, INFO, WARNING, ERROR, CRITICAL
GRAFANA_PROXY_LOGGING_LEVEL=INFO
# Comma spearated list of Scoring Agent URLs (http://scoring-agent-1:8090,https://scoring-agent-2:8888)
GRAFANA_SCORING_AGENT_BACKENDS=http://scoring-agent:8090/
# Set this to 'True' to log data (eg. result from webservice) returned from GF proxy
GRAFANA_PROXY_LOG_RESPONSE_DATA=False

# ############################################
#
# Grafana Direct (these values injected directly to Grafana)
#
# ############################################

GF_AUTH_GENERIC_OAUTH_AUTH_URL=
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=
GF_AUTH_GENERIC_OAUTH_API_URL=
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=
GF_AUTH_SIGNOUT_REDIRECT_URL=
GF_SERVER_ROOT_URL=

# ############################################
#
# LetsEncrypt Client
#
# ############################################

LETSENCRYPT_VERSION=2026.0.2

# ############################################
#
# Docker Deployment Manager
#
# ############################################

DDM_VERSION=2026.0.2

# ############################################
#
# Landing page
#
# ############################################

LANDING_PAGE_VERSION=2026.0.2
LANDING_PAGE_SSO_CLIENT_ID=landing-page
LANDING_PAGE_SSO_CLIENT_SECRET=
LANDING_PAGE_DEBUG=false

# ############################################
#
# Token Tool
#
# ############################################

TOKEN_TOOL_SSO_CLIENT_ID=token-tool
TOKEN_TOOL_SSO_CLIENT_SECRET=
TOKEN_TOOL_DEBUG=false

# ############################################
#
# Service overrides
#  - true/false - false means automatic detection
#
# ############################################

DEPLOYED_GRAFANA=false
DEPLOYED_JUPYTERHUB=false
DEPLOYED_LANDINGPAGE=false
DEPLOYED_PLATFORMADMIN=false
DEPLOYED_SERVER=false
DEPLOYED_TOKENTOOL=false
DEPLOYED_PANOPTICON=false

# ############################################
#
# Panopticon
#
# ############################################

PANOPTICON_VIZAPP_VERSION=2026.0.2
PANOPTICON_VIZAPP_PYTHON_VERSION=2026.0.2
PANOPTICON_MONETDB_IMAGE_VERSION=2026.0.2
PANOPTICON_RSERVE_IMAGE_VERSION=2026.0.2

PANOPTICON_SSO_CLIENT_ID=panopticon
PANOPTICON_SSO_CLIENT_SECRET=

# If set to false, platform license will be used as pano licensing.
# If set to true, set your panopticon licensing in the 'Panopticon_overide.properties' and 'Panopticon_overide.properties.template' files.
PANOPTICON_DETACHED_LICENSE=false

PANOPTICON_MONETDB_ADMIN_PASS=changeit
PANOPTICON_CATALINA_OPTS='-Xms900m -Xmx1900m --add-opens java.base/java.nio=ALL-UNNAMED'
PANOPTICON_LMX_USE_EPOLL='1'
# A random mac address can be generated using the following command
# This is required for Altair One licensing
# head -n80 /dev/urandom | tr -d -c '[:digit:]A-F' | fold -w 12 | sed -E -n -e '/^.[26AE]/s/(..)/\1-/gp' |sed -e 's/-$//g' -e 's/-/:/g' -e 's/^\S\S/66/g'| head -n10
PANOPTICON_VIZAPP_CONTAINER_MAC_ADDRESS="<PANOPTICON-MAC-ADDRESS-PLACEHOLDER>"
PANOPTICON_FILE_UPLOAD_SIZE_MAX_BYTES=30000000
