Skip to main content

Configuration

Beta Offering

Web Modeler Self-Managed is currently offered as an alpha feature with limited availability for enterprise customers only. It is not recommended for production use and there is no maintenance service guaranteed. Special terms & conditions apply. However, we encourage you to provide feedback via your designated support channel or by contacting us.

The different components of Web Modeler Self-Managed can be configured using environment variables. Each component's variables are described below.

  • For a working example configuration showing how the components are correctly wired together, see the Docker Compose file for Web Modeler.
  • If you are using the Camunda 8 Helm chart to set up Web Modeler, read more about the different configuration options in the chart's README file.

Configuration of the restapi component​

Database​

Web Modeler requires a PostgreSQL database as persistent data storage (other database systems are currently not supported.)

Environment variableDescriptionExample value
RESTAPI_DB_HOSTDatabase host namepostgres.example.com
RESTAPI_DB_PORTDatabase port5432
RESTAPI_DB_NAMEDatabase namemodeler-db
RESTAPI_DB_USERDatabase user namemodeler-user
RESTAPI_DB_PASSWORDDatabase user password***

SMTP / email​

Web Modeler requires an SMTP server to send notification emails to users.

Environment variableDescriptionExample valueDefault value
RESTAPI_MAIL_HOSTSMTP server host namesmtp.example.com-
RESTAPI_MAIL_PORTSMTP server port587-
RESTAPI_MAIL_USER[optional]
SMTP user name
modeler-user-
RESTAPI_MAIL_PASSWORD[optional]
SMTP user password
***-
RESTAPI_MAIL_ENABLE_TLSEnforce TLS encryption for SMTP connections (using STARTTLS).truetrue
RESTAPI_MAIL_FROM_ADDRESSEmail address used as the sender of emails sent by Web Modeler.noreply@example.com-
RESTAPI_MAIL_FROM_NAME[optional]
Name displayed as the sender of emails sent by Web Modeler.
CamundaCamunda
RESTAPI_SERVER_URLURL at which users access Web Modeler in the browser (used to construct links in notification emails).https://modeler.example.com-

WebSocket​

The restapi component sends certain events (e.g. "file updated", "comment added") to the WebSocket server.

Environment variableDescriptionExample value
RESTAPI_PUSHER_HOSTInternal host name of the WebSocket server.modeler-websockets
RESTAPI_PUSHER_PORTInternal port number of the WebSocket server.8060
RESTAPI_PUSHER_APP_IDmust be the same as PUSHER_APP_IDweb-modeler
RESTAPI_PUSHER_KEYmust be the same as PUSHER_APP_KEY***
RESTAPI_PUSHER_SECRETmust be the same as PUSHER_APP_SECRET***

Identity / Keycloak​

Web Modeler integrates with Identity and Keycloak for authentication and authorization (using OAuth 2.0 + OpenID Connect) as well as user management.

Environment variableDescriptionExample value
RESTAPI_OAUTH2_TOKEN_ISSUERURL of the token issuer (used for JWT validation).https://keycloak.example.com/auth/realms/camunda-platform
RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL[optional]
Internal URL used to request Keycloak's OpenID Provider Configuration; if not set, RESTAPI_OAUTH2_TOKEN_ISSUER is used.
http://keycloak:8080/auth/realms/camunda-platform
RESTAPI_IDENTITY_BASE_URLInternal base URL of the Identity API (used to fetch user data).http://identity:8080

Configuration of the webapp component​

General​

Environment variableDescriptionExample valueDefault value
SERVER_URLURL at which users access Web Modeler in the browser.
Note: To use a sub path for Web Modeler, just include the path in the URL.
https://modeler.example.com,
https://example.com/modeler
-
SERVER_HTTPS_ONLYEnforce the usage of HTTPS when users access Web Modeler (by redirecting from http:// to https://).truefalse
RESTAPI_HOSTInternal host name of the restapi application.modeler-restapi-
RESTAPI_PORTInternal port number on which the restapi serves the regular API endpoints.80818081
RESTAPI_MANAGEMENT_PORTInternal port number on which the restapi serves the management API endpoints.80918091

Identity / Keycloak​

Environment variableDescriptionExample valueDefault value
OAUTH2_CLIENT_IDClient ID of the Web Modeler application configured in Identity;
must be set to web-modeler.
web-modeler-
OAUTH2_TOKEN_AUDIENCEExpected token audience (used for JWT validation);
must be set to web-modeler.
web-modeler-
OAUTH2_TOKEN_ISSUERURL of the token issuer (used for JWT validation).https://keycloak.example.com/auth/realms/camunda-platform-
KEYCLOAK_BASE_URLBase URL of the Keycloak instance.https://keycloak.example.com-
KEYCLOAK_CONTEXT_PATH[optional]
Context path Keycloak serves resources on.
Note: With Keycloak 17, the default path was changed from /auth to /.
//auth
KEYCLOAK_REALMKeycloak realm used for Camunda.camunda-platform-
KEYCLOAK_JWKS_URLInternal URL used to request Keycloak's JSON Web Key Set (for JWT verification).http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs-
IDENTITY_BASE_URLInternal base URL of the Identity API (used to fetch user data).http://identity:8080-

WebSocket​

The webapp component sends certain events (e.g. "user opened diagram", "user left diagram") to the WebSocket server and can also react to such events (e.g. show a notification in the UI that a user left the diagram).

Environment variableDescriptionExample valueDefault value
PUSHER_HOSTInternal host name of the WebSocket server.modeler-websockets-
PUSHER_PORTInternal port number of the WebSocket server.8060-
PUSHER_APP_IDmust be the same as PUSHER_APP_IDweb-modeler-
PUSHER_KEYmust be the same as PUSHER_APP_KEY***-
PUSHER_SECRETmust be the same as PUSHER_APP_SECRET***-
CLIENT_PUSHER_HOSTExternal host name on which the Web Modeler client accesses the WebSocket server from the browser.ws.example.com-
CLIENT_PUSHER_PORTExternal port number on which the Web Modeler client accesses the WebSocket server from the browser.443-
CLIENT_PUSHER_PATH[optional]
must be the same as PUSHER_APP_PATH
/modeler-ws/
CLIENT_PUSHER_KEYmust be the same as PUSHER_APP_KEY***-
CLIENT_PUSHER_FORCE_TLSEnable TLS encryption for WebSocket connections initiated by the browser.truefalse

Configuration of the websocket component​

The WebSocket server shipped with Web Modeler Self-Managed is based on the laravel-websockets open source package and implements the Pusher Channels Protocol.

Environment variableDescriptionExample valueDefault value
PUSHER_APP_IDID of the single application/tenant configured for Web Modeler.web-modeler-
PUSHER_APP_KEYA unique key used for authentication. Provide a random alphanumeric string of at least 20 characters.***-
PUSHER_APP_SECRETA unique secret used for authentication. Provide a random alphanumeric string of at least 20 characters.***-
PUSHER_APP_PATH[optional]
Base path of the WebSocket endpoint. Can be used to expose the endpoint on a sub path instead of the domain root (e.g. https://example.com/modeler-ws).
/modeler-ws/

Notes on host names and port numbers​

  • Internal refers to host names and port numbers that are only used inside a Docker Compose network or Kubernetes cluster for backend-to-backend communication.
  • External refers to host names and port numbers that are exposed to the outside and can be reached from a web browser.