Configuring Docker Images via Environment Parameters
This page describes the environment variables to configure the Simplifier images from Docker Hub.
There are also docker-compose templates on github, expecting values via provided .env file. The name of the .env variables may be different and are also listed below.
Simplifier Container
Image: simplifierag/simplifier
| Container Var | Version | Default Value | Example | Description |
|---|---|---|---|---|
| General | ||||
| VIRTUAL_HOST (.env variable: SIMPLIFIER_HOSTNAME) |
mysimplifier.mycompany.de | Public DNS hostname of the Simplifier instance. | ||
| PLUGINLIST (.env variable: PLUGINLIST) |
jsonStore,keyValueStorePlugin | Comma-separated list of plugins to activate on startup. Refer to the list of available plugins below. | ||
| JVM_PARAMETER (.env variable: SIMPLIFIER_JVM_HEAP_GB) |
-Xmx16g -Xms2g … | Full JVM flags for the Simplifier process. Heap size is driven by SIMPLIFIER_JVM_HEAP_GB; remaining flags are hardcoded in the compose file. | ||
| SIMPLIFIER_HOST (.env variable: INSTANCE_PREFIX) |
NODE_1-simplifier | Internal container name of this Simplifier server (used for cluster member resolution). | ||
| SECOND_SEED (.env variable: INSTANCE_PREFIX) |
NODE_1-launchpad | The Prefix is applied to internal container name of the Simplifier Launchpad container (second cluster seed node). | ||
| MODULE_HOST (.env variable: INSTANCE_PREFIX) |
NODE_1-simplifier | Container name of this module, used for internal cluster addressing. | ||
| INITIAL_ADMIN_PASSWORD (.env variable: INITIAL_ADMIN_PASSWORD) |
>= LTS-10 | Sets the password for the built-in admin account on first startup. Has no effect once the account is initialised. | ||
| CLUSTER_MEMBER_NAME | NODE_1 | If set, defines the cluster member name of this Simplifier server. Ignored if not set. | ||
| JMX_AGENT | Enables the JMX agent. Accepted values: true or false. | |||
| FIREBASE_SETTINGS_PATH | File path to a custom Firebase account configuration used for push notifications. | |||
| ENV_STATISTICS_EVENT_WRITTEN_BUFFER_HOURS | Number of hours used as a buffer for statistic event aggregation. | |||
| SYSADMIN | false | If set to true, opens the sysadmin IPC channel so that admin tasks can be triggered via CLI. | ||
| Main Database | ||||
| DB | mysql | oracle | RDBMS type for the main Simplifier database and plugin databases. Supported values: mysql, oracle. | |
| MYSQL_HOST | mysql | simplifier-mysql.example.com | Hostname of the database server for the main Simplifier database. | |
| MYSQL_PORT | 3306 | 3306 | Port of the database server for the main Simplifier database. | |
| MYSQL_USER | simplifier | simplifier | Username of the database connection credentials for the main Simplifier database. | |
| MYSQL_PASSWORD (.env variable: DB_PASSWORD) |
MyC0mPle!Pa$$word | Password of the database connection credentials for the main Simplifier database. | ||
| MYSQL_DB (.env variable: DB_NAME) |
simplifier | Database name for the main Simplifier database; also used as prefix for plugin databases. | ||
| Monitoring Database | ||||
| MONITORING_DBMS | mysql | RDBMS type for the monitoring database. Only mysql is supported. | ||
| MONITORING_DB_HOST | Hostname of the MySQL server for the monitoring database. | |||
| MONITORING_DB_PORT | 3306 | Port for the monitoring database server. | ||
| MONITORING_DB_USER | Username for the monitoring database connection. | |||
| MONITORING_DB_PASS (.env variable: DB_PASSWORD) |
Password for the monitoring database connection. | |||
| MONITORING_DB (.env variable: DB_NAME) |
simplifier_monitoring | Database name for the monitoring database. Set to ${DB_NAME}_monitoring in the compose file. | ||
| MONITORING_DB_JDBC_URL | Alternative to the individual monitoring DB fields: a complete JDBC URL to connect to the monitoring database. | |||
| Feature Toggles | ||||
| DYNAMIC_TAB_TITLES_ENABLED (.env variable: DYNAMIC_TAB_TITLES_ENABLED) |
<= LTS-9 | Enables dynamic browser tab titles based on the active application context. | ||
| FEATURE_SSBO_JS_DEBUGGING (.env variable: FEATURE_SSBO_JS_DEBUGGING) |
<= LTS-9 | false | Enables experimental Chrome DevTools-based debugging for server-side business objects. Requires DEBUG_CHROME_DEV_TOOLS_* vars to be set. | |
| PDFPLUGIN_SECURITY_ALLOW_JAVASCRIPT (.env variable: PDFPLUGIN_SECURITY_ALLOW_JAVASCRIPT) |
Allows JavaScript execution inside the PDF plugin renderer. Disabled by default for security. | |||
| TRACKING_BEHAVIOR (.env variable: TRACKING_BEHAVIOR) |
>= LTS-10 | Controls telemetry and usage tracking behavior of the Simplifier platform. | ||
| FEATURE_LEGACY_OPCUA | false | If set to true, the legacy OPC UA connector is available in the Connector overview. Available since Release 8 EHP 2. | ||
| Chrome DevTools Debugging (SSBO) | ||||
| DEBUG_CHROME_DEV_TOOLS_EXPOSED_HOST (.env variable: SIMPLIFIER_HOSTNAME) |
Domain name used for generating Chrome DevTools debug links. Must match the externally reachable hostname; set to ${SIMPLIFIER_HOSTNAME} in the compose file. | |||
| DEBUG_CHROME_DEV_TOOLS_EXPOSED_PORT (.env variable: DEBUG_CHROME_DEV_TOOLS_EXPOSED_PORT) |
2992 | External port exposed by Traefik for Chrome DevTools connections. Mapped to the internal port 2992. | ||
| DEBUG_CHROME_DEV_TOOLS_PORT | 2992 | Internal container port opened for Chrome DevTools to connect to. | ||
| DEBUG_CHROME_DEV_TOOLS_USE_EXTERNAL_TLS | true | Instructs Simplifier to generate DevTools URLs using wss:// (TLS). Required when Traefik terminates TLS in front of the container. | ||
| Maintenance | ||||
| MONITORING_CLEANUP_CRON_EXPRESSION | 0 0 3 * * ? * | Cron expression defining when the monitoring cleanup job runs. Should execute at least once per day. | ||
| AUDIT_LOG_CLEANUP_CRON_EXPRESSION | 0 0 4 * * ? * | Cron expression defining when the audit log cleanup job runs. Should execute at least once per day. | ||
| Security | ||||
| SAML_DEFAULT_RSA_KEYSIZE | 2048 | 4096 | RSA key length in bits for keystores created for new SAML authentication methods. Only affects newly created methods; existing keystores are not changed. | |
Workflow Runtime Container
| Container Var | Version | Default Value | Example | Description |
|---|---|---|---|---|
| General | ||||
| SIMPLIFIER_HOST (.env variable: INSTANCE_PREFIX) |
NODE_1-simplifier | Internal container name of the Simplifier server this runtime connects to. | ||
| SECOND_SEED (.env variable: INSTANCE_PREFIX) |
NODE_1-launchpad | Internal container name of the Simplifier Launchpad container (second cluster seed node). | ||
| MODULE_HOST (.env variable: INSTANCE_PREFIX) |
NODE_1-workflow-runtime | Container name of this module, used for internal cluster addressing. | ||
| JVM_PARAMETER (.env variable: WF_RT_JVM_HEAP_GB) |
-Xmx1g | JVM heap space for the Workflow Runtime. Heap size is driven by WF_RT_JVM_HEAP_GB; defaults to 1 GB. | ||
| TZ (.env variable: TZ) |
Europe/Berlin | Timezone of the container, used to ensure correct server time for scheduling and logging. | ||
| SIMPLIFIER_LAUNCHPAD_BASE_URL (.env variable: SIMPLIFIER_HOSTNAME) |
https://my-simplifier.company.org | Full external URL to the Simplifier Inbox / Launchpad. Set to https://${SIMPLIFIER_HOSTNAME} in the compose file. | ||
| Database | ||||
| DB_USER | simplifier | simplifier | Username to access the Workflow Runtime database. | |
| DB_PASS (.env variable: DB_PASSWORD) |
Password to access the Workflow Runtime database. | |||
| DB_DATABASE (.env variable: DB_NAME) |
simplifier_wf_rt | Name of the Workflow Runtime database. Set to ${DB_NAME}_wf_rt in the compose file. | ||
| DB_HOST | mysql | Hostname of the MySQL database server. | ||
| DB_PORT | 3306 | 3306 | Port number of the MySQL database server. | |
| Archive | ||||
| ARCHIVE_ENABLED (.env variable: WF_ARCHIVE_ENABLED) |
<= LTS-9 | true | Activates the archive jobs for Workflow Runtime logs. | |
| ARCHIVE_INTERVAL (.env variable: WF_ARCHIVE_INTERVAL) |
1 week | 1 week | Period defining how often the archive job runs. Deprecated since LTS-10 but still required during migration. | |
| ARCHIVE_MAX_AGE_COMPLETED (.env variable: WF_ARCHIVE_MAX_AGE_COMPLETED) |
6 months | 6 months | Duration after which completed or terminated workflow instances are archived automatically. Deprecated since LTS-10 but still required during migration. | |
| ARCHIVE_TIME (.env variable: WF_ARCHIVE_TIME) |
2:00 | 2:00 | Time of day when the archive job is executed. | |
| Performance | ||||
| MAX_ACTIVITY_EXECUTION_COUNT | 1000 | 1000 | Maximum number of executions for the same activity per workflow instance. Acts as an infinite loop circuit breaker. | |
| DATABASE_MAX_CONNECTIONS | 100 | 100 | Maximum number of database connections. Increase only if recommended by Simplifier Support. | |
| DATABASE_THREADS | 20 | 20 | Maximum number of database threads. Increase only if recommended by Simplifier Support. | |
| DATABASE_QUEUE_SIZE | 1000 | 1000 | Maximum size of the database queue. | |
Available plugins
The following plugins are contained in the simplifier docker image:
| Plugin Name | Description | Documentation |
keyValueStorePlugin |
No-SQL Database for storing Key Values | KeyValueStore |
pdfPlugin |
PDF Designer and Generator for Forms or Reports | PDFPlugin |
wordGeneratorPlugin |
Word Generator | |
captcha |
Generates Captchas for Login Protection | captcha |
contentRepoPlugin |
Meta Repository for Files | contentRepo |
jsonStore |
NoSQL Database based on MapDB | jsonStore |
Verify Signed Simplifier Container Images
Since Simplifier Makers Choice 2508 official Simplifier Docker images are cryptographically signed using Cosign. This ensures the images you use are authentic and haven’t been modified.
Why Container Signing?
– Authenticity: Confirms the image originates from Simplifier AG
– Integrity: Guarantees the image was not altered after signing
– Transparency: Signatures are stored in a public transparency log
– Non-repudiation: Prevents forged or denied signatures
What Do You Need?
1) The Simplifier Public Key (simplifier.pub) — provided by Simplifier AG
2) The Cosign tool — via Docker (no installation) or locally installed
Important: Always verify the authenticity of the public key with Simplifier AG before first use.
Obtain the Public Key
– Contact Simplifier AG Support for the official simplifier.pub file
– Validate the key authenticity through official channels
Quick Verification (Docker — No Installation)
Use the official Cosign Docker image:
# Save the Simplifier public key to 'simplifier.pub' # Verify the latest makers choice image docker run --rm -v $(pwd):/workspace \ gcr.io/projectsigstore/cosign:latest \ verify --key /workspace/simplifier.pub --insecure-ignore-tlog \ docker.io/simplifierag/simplifier:2508
Local Cosign Installation
If you have Cosign installed on your system:
cosign verify --key simplifier.pub --insecure-ignore-tlog docker.io/simplifierag/simplifier:2508
Detailed Steps
1) Save the Public Key in a file named simplifier.pub with the content provided by Simplifier AG:
-----BEGIN PUBLIC KEY----- [Base64 encoded content] -----END PUBLIC KEY-----
Install Cosign (Local)
Linux:
curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64" sudo mv cosign-linux-amd64 /usr/local/bin/cosign sudo chmod +x /usr/local/bin/cosign
macOS:
brew install cosign
Windows:
Download from: Cosign GitHub Releases
Verification Output
Successful verification:
Verification for docker.io/itizzimo/simplifier:latest -- The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key
Signed Images
Production:
– docker.io/simplifierag/simplifier:2508
Security Recommendations
– Always verify before running an image
– Store the public key securely
– Include verification in CI/CD pipelines
Need Help?
– Check verbose output using -o json for more details
– Ensure internet access (required for signature data)
– Contact Simplifier Support if issues persist
