Configurable environment variables
When creating the OPC Router containers, environment variables can be set, which are visible within the containers. These environment variables can be used to configure the OPC Router by reading them during startup.
note
These environment variables apply not only to the OPC Router Docker container but also to Windows installations. However, in Windows installations, the "OPCRouter5-Service" and "OPCRouter5-Management" services must be restarted for the changed environment variables to take effect.
General Environment Variables
| Environment variable | Description | Example value |
|---|---|---|
OR_I_ACCEPT_EULA | Setting this to true accepts the End User License Agreement. Required for application execution. | true |
INITIAL_USERNAME | Sets the name of the initial user account for Web Management. | or5 |
INITIAL_PASSWORD | Sets the password for the initial user account for Web Management. Use either this or INITIAL_PASSWORD_FILE. | Don'tUseThis,ItWouldn'tBeSafe! |
INITIAL_PASSWORD_FILE | Specifies the path to a file inside the container from which the password for the initial user account for Web Management is retrieved. Use either this or INITIAL_PASSWORD. | /inray/defaultpw |
Environment Variables for Web Management
| Environment variable | Description | Example value |
|---|---|---|
OR_WEB_HTTP_PORT | Sets the port for HTTP connections. If HTTPS is available, the port refers to the HTTPS port. (Default: 8080) | 80 |
OR_WEB_HTTPS_PORT | Sets the port for HTTPS connections. HTTPS requires a valid SSL certificate. (Default: 8443) | 443 |
OR_WEB_HTTPS_CERTIFICATE_PEM | Sets PEM-encoded SSL certificate. Use either this or OR_WEB_HTTPS_CERTIFICATE_PEM_FILE. | [PEM Certificate] |
OR_WEB_HTTPS_CERTIFICATE_PEM_FILE | Specifies the path to a PEM-encoded file inside the container from which the SSL certificate is retrieved. Use either this or OR_WEB_HTTPS_CERTIFICATE_PEM. | /inray/https.pem |
OR_WEB_HTTPS_CERTIFICATE_KEY_PEM | Sets the private key of the PEM-encoded SSL certificate. Use either this or OR_WEB_HTTPS_CERTIFICATE_KEY_PEM_FILE. | [PEM Private Key] |
OR_WEB_HTTPS_CERTIFICATE_KEY_PEM_FILE | Specifies the path to the private key of the PEM-encoded SSL certificate inside the container. Use either this or OR_WEB_HTTPS_CERTIFICATE_KEY_PEM. | /inray/https.key |
OR_ENABLE_HTTP_LOGGING | Can be set to true to enable logging of web requests. | true |
OR_WEB_DISABLE_HTTPS | Can be set to false to enable HTTPS. (Default: true) | false |
Environment Variables for Web Management Authentication
| Environment variable | Description | Example value |
|---|---|---|
INITIAL_USERNAME | Sets the name of the initial user account for Web Management. | or5 |
INITIAL_PASSWORD | Sets the password for the initial user account for Web Management. Use either this or INITIAL_PASSWORD_FILE. | Don'tUseThis,ItWouldn'tBeSecure! |
INITIAL_PASSWORD_FILE | Specifies the path to a file inside the container from which the password for the initial user account for Web Management is retrieved. Use either this or INITIAL_PASSWORD. | /inray/defaultpw |
AUTH_DB_CONNECTION_STRING | Sets the connection string for the OPC Router authentication database. Use either this or AUTH_DB_CONNECTION_STRING_FILE. | Data Source=OPCRouterWebConfig.db; |
AUTH_DB_CONNECTION_STRING_FILE | Specifies the path to a file inside the container from which the connection string to the OPC Router authentication database is retrieved. Use either this or AUTH_DB_CONNECTION_STRING. | /inray/authdbconn |
AZURE_AD_INSTANCE | Sets the Azure Active Directory instance. | https://login.microsoftonline.com/ |
AZURE_AD_DOMAIN | Sets the domain of the Azure Active Directory tenant. | contoso.onmicrosoft.com |
AZURE_AD_TENANT_ID | Sets the Azure Active Directory Tenant ID. | 123456ab-1a2b-3c45-67de-1234ab-567cd8 |
AZURE_AD_CLIENT_ID | Sets the Azure Client ID. | 11111111-1111-1111-1111-111111111111 |
AZURE_AD_CALLBACK_PATH | Sets the relative request path to which the User-Agent is redirected. (Default: /signin-oidc) | /signin-oidc |
AZURE_AD_SIGNED_OUT_CALLBACK_PATH | Sets the relative request path to which the User-Agent is redirected after logging out from the Identity Provider. See http://openid.net/specs/openid-connect-session-1_0.html#RedirectionAfterLogout. (Default: /signout-callback-oidc) | /signout-callback-oidc |
OR_DISABLE_AUTH | Disables user authentication in Web Management when set to true. | true |
OR_DISABLE_WIN_AUTH | Disables Windows user authentication in Web Management when set to true. | true |
Environment variables for licensing
| Environment variable | Description |
|---|---|
OR_LICENSE_KEY | The license key for the license |
OR_LICENSE_KEY_FILE (alternative to OR_LICENSE_KEY) | Path to a file with the license key of the license. |
OR_LICENSE_OPCROUTERID | The OPC Router ID of the license |
OR_INSTANCE_NAME | Name for the licensed system |
OR_LICENSE_IGNORE_ACTIVATION_ERROR (optional) | If this parameter is set to true, activation errors are ignored. |
OR_LICENSE_HOLDER (optional) | License holder name |
OR_LICENSE_LOCATION (optional) | System location |
OR_LICENSE_DESCRIPTION (optional) | Additional description |
Environment variables for redundancy
note
The settings are not case sensitive.
| Environment variable | Default | Description |
|---|---|---|
OR_REDUNDANCY_MODE | 0 or disabled: Redundancy is disabled1 or primary:Primary service2 or secondary: Secondary service | |
OR_REDUNDANCY_SHARED_KEY | Character sequence used for authentication of the OPC Router. This key must be the same for the primary and secondary services. An empty key is invalid and prevents the connection from being established. | |
OR_REDUNDANCY_SHARED_KEY_FILE | Alternatively, the key can also be transferred as a text file. | |
OR_REDUNDANCY_ADDRESS | Address of the primary service. This is specified in URL format (https: host name/IP address: port). The port under which the web management (the web interface of the OPC Router) can be reached must be specified as the port. Example: https://example.local:5000 | |
OR_REDUNDANCY_PRIMARY_TIMEOUT | 10 | Time in seconds after which the secondary service is considered disconnected if no heartbeat has been sent. |
OR_REDUNDANCY_SECONDARY_HEARTBEA T_INTERVAL | 5 | The interval in seconds at which the secondary service attempts to reach the primary service. Note: This value must be less than the timeout of the primary service so that the connection is not constantly considered disconnected in the primary service. |
OR_REDUNDANCY_ENABLE_PROJECT_SYNC | true | Activates project synchronisation. |
OR_REDUNDANCY_PROJECT_SYNC_ALLOW_EXPERT | true | Transferring expert settings during project transfer |
OR_REDUNDANCY_PROJECT_SYNC_PING_INTERVAL | 5 | Ping interval (in seconds) for project synchronisation. |
OR_REDUNDANCY_LOCAL_MANAGEMENT_ADDRESS | Address at which the local management can be reached by the other OPC router. |
Database Environment Variables
The OPC Router can either use an integrated MongoDB (only in the Runtime Image) or an external MongoDB (e.g., when using the Service Image or generally if desired).
A) Connection of the OPC Router Application to MongoDB (Internal or External)
| Environment Variable | Description | Example Value |
|---|---|---|
OR_DATABASE_CONNECTION_STRING | Sets the connection string used to establish a connection to an external MongoDB. Overrides the connection to the internal database if present. Use either this or OR_DATABASE_CONNECTION_STRING_FILE. | mongodb://127.0.0.1:27017 |
OR_DATABASE_CONNECTION_STRING_FILE | Specifies the path to a file inside the container from which the connection string to the external MongoDB is read. Overrides the connection to the internal database if present. | /inray/dbconnection |
OR_DATABASE_USERNAME | Sets the MongoDB user to be used for authentication. | root |
OR_DATABASE_PASSWORD | Sets the password of the MongoDB user. Use either this or OR_DATABASE_PASSWORD_FILE. | AlsoDontUseThis! |
OR_DATABASE_PASSWORD_FILE | Specifies the path to a file from which the MongoDB user password is read. | /inray/dbpw |
OR_DATABASE_NAME_PREFIX | Sets a name prefix for the config, runtime, and status databases. | OR5 |
OR_DATABASE_CERTIFICATE_FILE | Path to a file containing an x.509 certificate for authentication against MongoDB. | /inray/db.pem |
B) MongoDB Deployment in the Runtime Image (Integrated MongoDB)
These variables control only the integrated MongoDB in the Runtime Image (opcrouter/runtime).
When using the Service Image (opcrouter/service), these variables have no effect, as it does not include MongoDB.
Default behavior of the integrated MongoDB (without
MONGO_*variables set):
- The WiredTiger cache uses 25% of the available container RAM.
- The cache is limited to a minimum of 250 MB and a maximum of 2 GB.
- Additionally, at least 2 GB RAM is reserved for the OPC Router application, provided the container memory can be determined correctly. The MongoDB cache is reduced accordingly.
- If the available container RAM cannot be determined (
containerMemory=unknown), a cache size of 1 GB is used.A container RAM of at least 4 GB is recommended for the Runtime Image.
| Environment Variable | Description | Example Value | Default |
|---|---|---|---|
MONGO_BIND | Controls which IP addresses the integrated MongoDB listens on. localhost is recommended if only the OPC Router inside the container should access it. | all, localhost | localhost |
MONGO_CACHE_GB | Sets the WiredTiger cache size of the integrated MongoDB explicitly in GB. Overrides all percentage/default rules. | 1.5 | |
MONGO_CACHE_PERCENT | Sets the WiredTiger cache size relative to the container RAM (in percent). Only used if MONGO_CACHE_GB is not set. | 25 | |
MONGO_CACHE_MAX_GB | Maximum allowed cache size for WiredTiger. Prevents unintended scaling in large containers. | 2.0 | 2.0 |
MONGO_APP_RESERVED_GB | Reserves RAM for the OPC Router application. The MongoDB cache is limited so that this memory (if container RAM is known) remains available for the application. | 2.0 | 2.0 |
MONGO_MIN_FREE_GB | Warning threshold for free disk space in the MongoDB data directory. Falling below this value is logged at startup. | 2.0 | 2.0 |
MONGO_LOG_TAIL_LINES | Number of log lines printed for diagnostics in case of a MongoDB crash. | 200 | 200 |
MONGO_QUIET | Enables or disables the --quiet mode of the integrated MongoDB. | false | true |
MONGO_DIAG_DATA | Enables MongoDB Diagnostic Data Collection. | true | false |
MONGO_LOG_COMPONENT_VERBOSITY | Sets the MongoDB log verbosity per component as JSON and passes it to --setParameter logComponentVerbosity. | { "verbosity": 1 } | |
MONGO_SLOWMS | Time in milliseconds after which MongoDB queries are marked as slow (slowMS). | 200 |
Environment Variables for Importing Project Files
| Environment variable | Description | Example value |
|---|---|---|
OR_IMPORT_SOURCE | Specifies the path to an OPC Router project file inside the container that should be loaded directly into the runtime during startup. | /inray/project.rpe |
OR_IMPORT_CLEAR_CONFIG | If set to true, the data in the runtime and config databases will be cleared before importing projects with OR_IMPORT_SOURCE. This will result in the loss of existing connections and plug-in configurations. | true |
OR_IMPORT_DONT_PUBLISH_CONFIG | If set to true, doesn't publish the entire config database after importing with OR_IMPORT_SOURCE. | true |
OR_IMPORT_OVERWRITE_EXISTING | If set to true, allows the import with OR_IMPORT_SOURCE to overwrite existing connections, templates and plugins, otherwise existing values are kept on conflict. | true |
OR_IMPORT_RUNTIME_CONFIGURATION_FILE | Specifies a path to a yaml configuration file describing overrides of values for plugins and settings in the runtime database to be applied after service start. | /inray/runtime_config.yaml |
Relevant ASP.NET Environment Variables
| Environment Variable | Description | Example Value |
|---|---|---|
ASPNETCORE_FORWARDEDHEADERS_ENABLED | If set to true, application header information is forwarded. This is necessary for connecting with reverse proxies. (Default: false) | true |