HCL Commerce Version 9.1.12.0 or later

Starting the Approval Server Docker container by retrieving parameters from container environment variables

Learn about how to start the Approval Server Docker container by specifying CONFIGURE_MODE=EnvVariables.

Mandatory environment variables

These are the mandatory environment variables that you must specify to configure the Approval Server Docker container.

Environment variable name Description
TENANT The name of the group that contains your set of environments. For example, MyCompany.
ENVIRONMENT The name of the environment. For example, Non-production.
AUTH_TOOLING_ORIGIN The Auth Tooling web URL. For example https://www.${TENANT}${ENVIRONMENT}auth.{{ include "external.domain" $ }}.
LIVE_TOOLING_ORIGIN The Live Tooling web URL. For example https://www.${TENANT}${ENVIRONMENT}live.{{ include "external.domain" $ }}.
AUTH_STORE_ORIGIN The Auth Store server web URL. For example https://www.${TENANT}${ENVIRONMENT}auth.{{ include "external.domain" $ }}.
LIVE_STORE_ORIGIN The Live Store server web URL. For example https://www.${TENANT}${ENVIRONMENT}live.{{ include "external.domain" $ }}.
SPIUSER_PWD The encrypted password for the spiuser.

For more information, see Setting the spiuser password in your Docker images.
SESSION_KEY_ENCRYPT The encrypted session key.
Note: This parameter was optional in all releases prior to HCL Commerce 9.1.12.0.
HCL Commerce Version 9.1.14.0 or laterJWKS The JSON Web Key Set (JWKS) containing the JSON Web Key (JWK) used to validate the JSON Web Token (JWT) that is issued by the Transaction server.

TheApproval server only requires the public key related information from the JWT. In the event that the private key information is also included in the JWKS, the Approval server will remove the private key information and only configure the public key for use with the application.

app-secure.properties

A boot configuration file, app-secure.properties, is also required to be passed in via the persistent volume. This file contains:
  • Required database configurations in order to connect to PostgreSQL. The contents of this configuration file depend on whether or not you want to enable secure SSL connectivity to the database.
    • For an SSL enabled database:
      spring.datasource.url=jdbc:postgresql://postgresql:5432/comdb?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory spring.datasource.username=hclcom  
                                    spring.datasource.password=user-password 
                                    spring.datasource.hikari.schema=hclcom spring.flyway.url=jdbc:postgresql://postgresql:5432/comdb?ssl=true&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory  
                                    spring.flyway.user=hclcom  
                                    spring.flyway.password=user-password 
                                    spring.flyway.default-schema=hclcom
    • For a non-SSL enabled database:
      spring.datasource.url=jdbc:postgresql://postgresql:5432/comdb spring.datasource.username=hclcom
                                    spring.datasource.password=user-password
                                    spring.datasource.hikari.schema=hclcom spring.flyway.url=jdbc:postgresql://postgresql:5432/comdb
                                    spring.flyway.user=hclcom
                                    spring.flyway.password=user-password
                                    spring.flyway.default-schema=hclcom
  • Log level for the Feign API client. This configuration is for the consumption of API logging information for troubleshooting purposes. By default, this is set to BASIC, which logs the request method, URL, the response status code, and the execution time. For more information, see Configuring logging for the Approval server.

Optional environment variables

These are the optional environment variables that you can specify to configure the Approval Server Docker container container.

Environment variable name Description
DOMAIN_NAME The internal service domain name. The default value is default.svc.cluster.local. If the deployed environment is on a special namespace on Kubernetes, the domain name should be .svc.cluster.local.
AUTH_TOOLING_HOST The Auth Tooling web hostname. The default value is ${TENANT}${ENVIRONMENT}authts-web.$DOMAIN_NAME.
AUTH_TOOLING_PORT The Auth Tooling web port. The default value is 8000.
LIVE_TOOLING_HOST The Live Tooling web hostname. The default value is ${TENANT}${ENVIRONMENT}livets-web.$DOMAIN_NAME.
LIVE_TOOLING_PORT The Live Tooling web port. The default value is 8000.
EXTRA_ALLOWED_ORIGINS Extra allowed origins for the Approval service.
SPIUSER_NAME The SPIUSER name. The default value is spiuser.
LOG_FILE_PATH The container log file location. The default value is /SETUP/app/logs.
ADMIN_USER The Spring security user name.
ADMIN_PASSWORD The Spring security user password.
LOGGING_LEVEL_SPECS Logging level.

Code example

docker run -it -e LICENSE=accept  \
                    
                    -e CONFIGURE_MODE=EnvVariables 
                    -e TENANT=<tenant name> \ 
                    
                    -e ENVIRONMENT=<environment name> \ 
                    -e SPIUSER_NAME=<your spiuser-name> \ 
                    -e SPIUSER_PWD=<your spiuser password that you encrypted with wcs_encrypt.sh> \ 
                    -e AUTH_TOOLING_ORIGIN=<authoring environment tooling web origin url> \ 
                    -e Live_TOOLING_ORIGIN=<live environment tooling web origin url> \ 
                    -e AUTH_STORE_ORIGIN=<authoring environment store web origin url> \ 
                    -e Live_STORE_ORIGIN=<live environment store web origin url> \ 
                    -e SESSION_KEY_ENCRYPT=<encrypted session key> \  
                    
                    -v app-secure.properties:/SETUP/boot-config/app-secure.properties \ 
                    <Approval Docker image>