VirtServer Settings File

Applies to VirtServer 3.20.0, last modified on May 16, 2024

VirtServer stores its settings in the virt-server.yml settings file.

Location

The location where VirtServer searches for the settings file depends on the operating system and on the permissions VirtServer or its installer has:

  • Windows

    <user folder>/.readyapi/virt-server/virt-server.yml

  • Linux and macOS

    If you installed or if you run VirtServer with root access (sudo <path>/virtserver.sh):

    /etc/virt-server.yml

    Without root access:

    <user folder>/.readyapi/virt-server/virt-server.yml

  • VirtServer 2.0.1 and earlier

    <VirtServer>/bin/virt-server.yml

Note: VirtServer loads the settings file from the locations mentioned above by default. You can create your own settings file and specify it in the VirtServer command line. This will not work if you run VirtServer as a service (daemon), though.

Settings

Some settings in this .yml file are for internal use by VirtServer. We recommend that you be careful when changing the file. If something goes wrong after you changed the settings, undo your changes, or re-install VirtServer.

virt-server.yml

Comments


# H2 Database configurations
database:
 # the name of your JDBC driver
...
...

VirtServer stores virtual service data in a database. It uses the settings to work with this database.


Note: Do not change these settings. They are for internal use by VirtServer.


# TimeZone
server:
 requestLog:
  timeZone: Europe/Stockholm

Specifies the time zone for the log.



# Logging settings. logging:
 
 # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
 level: INFO
 
 loggers:
  "com.smartbear": INFO
  "com.hubspot.dropwizard.guice.AutoConfig": WARN
 appenders:
  - type: console
  timeZone: Europe/Stockholm

Various logging settings: default logging level, individual logger classes and their logging level, and so on.


Note: Change these settings only by requests from the SmartBear Support Team


applicationConnectors:

# For security reason we only allow communication over https



VirtServer connection settings.
- type: https The protocol (https only).
 port: 9090 The port number.
Note: If you change the port, ReadyAPI Virtualization will not be able to find your VirtServer automatically. You will have to specify connection settings manually
 keyStorePath: .virtserverkeystore
 Example: apprwisb01.corp.bayadv.jks

The file name of the Java keystore that contains the VirtServer certificate.


Note: This keystore is used only to secure traffic to and from the VirtServer web interface. To specify a keystore for virtual services, use the virtSSL settings described below.
 keyStorePassword: '!serverSecret!'
 Example: 'Veda2014!Pass'

The password for accessing the keystore.

 keyManagerPassword
 Example: 'sQRXPTF7CKBw'

If both keyStorePassword and keyManagerPassword are the same, use keyStorePassword. keyManagerPassword does not need to be added. If both fields are used and have different values, please add both fields and values to the configuration.

 validateCerts: false
 excludedCipherSuits
  - TLS_AES_128_GCM_SHA256

List of cipher suits which won't be used for client-server communication process.

 supportedCipherSuits   - TLS_AES_256_GCM_SHA384

List of cipher suits which will be used for client-server communication process.


Note: All other cipher suits will be excluded and won't be used to establish connection. Older clients not supporting these cipher suits won't be able to connect to the server.


adminConnectors:
 - type: https
 port: 9091
 keyStorePath: .virtserverkeystore
 keyStorePassword: '!serverSecret!'
 validateCerts: false
 excludedCipherSuits
   - TLS_AES_128_GCM_SHA256
 supportedCipherSuits
  - TLS_AES_256_GCM_SHA384


For internal use by VirtServer. Do not change these settings.

Note: In case both the properties #supportedCipherSuits and #excludedCipherSuits are used together, supportedCipherSuites is given priority and will be considered first.

You can review further information in this documentation for dropwizard configuration:
2.0.x: Dropwizard Configuration Reference
4.0.x: Dropwizard Configuration Reference
This configuration option is available in both dropwizard versions.


# Logging settings for virts.
virtLogging:


Logging settings for individual virtual APIs.

# Enables har logging for virts. Logs are saved in user_home/.readyapi/logs/virts dir

Logs are saved as individual files in the specified folder.

enableHarLog: false

Enable logging.


Note: If you have ever changed the setting via the web interface, its value will be stored in the virt-server-override.yml file.
usePrettyPrint: false

Use pretty print for log files.



# VirtServer configuration
virtServer:

VirtServer properties and HTTPS settings.

 # The context path.
 contextPath: /api/${API_VERSION}

We need this instead of applicationContextPath so we can process variables (such as version) in the String


Note: contextPath is used internally. Do not change.
 # Maximum number of activity log to keep
 maxActivityLog: 20

The maximum number of records in the activity log.


This log stores information on deploying and downloading virtual services, starting and stopping them, and so on.

 # Maximum number of transaction logs to keep. Storing many transaction logs may consume a lot of memory. Keep this as low as possible.
maxTransactionLog: 20

The maximum number of records in the transaction log for a virtual API.


This log stores information on individual requests. Storing too many records may consume lots of memory. Set reasonable values.


Note: If you have ever changed the setting via the web interface, its value will be stored in the virt-server-override.yml file.


# SSL configuration for virts
# virtSSL:

SSL certificate settings for virtual services.


Uncomment, if needed.

 # virtKeystorePath: /path/.keystore

The keystore file name.

 # virtKeystorePassword: keystoreSecret

The keystore password.

 # virtKeyPassword: keySecret

A security key password.

# virtTrustStorePath: /path/.keystore

The CA certificate file that is used to establish trust.

# virtTrustStorePassword: trustStoreSecret

The password of the trust certificate.



# Security settings
# securityConfig:

Security settings of VirtServer.


Uncomment, if needed.

Note: In case these settings are absent, add them manually.

 # sessionTimeLimitEnabled: false

Enable a timeout for user sessions in the VirtServer web interface, connections from ReadyAPI Virtualization, and the command line sessions.


The next two parameters specify the time after which a user will be logged out.


Note: If you have ever changed the timeout settings via the web interface, their values will be stored in the virt-server-override.yml file.
 # idleTimeout: 60

Time (in minutes) after which an idle user will be logged out of the VirtServer web interface.

 # sessionTimeoutLimit: 480

Time (in minutes) after which a user will be logged out of the VirtServer web interface regardless of their activity.

 # passwordComplexityMode: false

Enable the password complexity mode.
If this option is enabled, the password must be at least 6 characters long and must contain at least one number and at least one capital letter.


Note: When you log in after the setting has been turned on, your password might fail to satisfy complexity criteria. In this case, you will have to change the password either by logging in to the web interface or by using the command line.
 # lockoutTimeout: 0

Specifies in minutes how long a user will be locked out when the user enters a wrong password for five times.


To disable the option, set it to 0 or comment it out.

 # oldVersionsCompatibility: true

Set the option to false to prohibit connections to VirtServer by using ServiceV 2.8 or older.


Default value: true.



# LDAP settings
# ldapConfiguration:

Settings of connection between VirtServer and LDAP.


To learn more about LDAP, see this topic.

 # ldapProviderUrl: 'ldap://<your host>:389'

Specifies the address of the LDAP server.


Note: If you have ever changed the setting via the web interface, its value will be stored in the virt-server-override.yml file.


# OIDC settings
# oidcConfiguration:

Settings of connection between VirtServer and OIDC.


To learn more about OIDC, see this topic.

 # Client id.
   oidcClientId: '0oad4h2tg5mnJIJ2C5d7'

This should be provided by your OIDC admin from the Virtsever app config.


  # Provider url.

This should be provided by your OIDC admin based on your okta org.


  # oidcProviderUrl: 'https://<your okta org url>/oauth2/default'
   oidcProviderUrl: 'https://dev-06865876.okta.com/oauth2/default'
  # Token revocation url.

This should be the same as in your OIDC provider.

  # oidcTokenRevocationUrl: 'https://<your okta org url>/oauth2/default/v1/revoke'
   oidcTokenRevocationUrl: 'https://dev-06865876.okta.com/oauth2/default/v1/revoke'
  # Authorization Audience URI
   oidcAuthorizationServerAudience: 'api://default'

To be provided by the OIDC admin based on the Audience URI / Entity ID configured for the authorization server.

Override settings

If you have ever changed VirtServer settings via the web interface, there will be an additional settings file, virt-server-override.yml, and the settings will be stored there. They will override the settings configured in virt-server.yml.

To change those settings via settings files, you should:

  • Change them in virt-server-override.yml.

– or –

  • Delete them from virt-server-override.yml and change them in virt-server.yml.

Add a parameter for parsing legacy JDBC connection strings

As of Java 17.0.3 and from adopting 17.0.4 in ReadyAPI 3.41.0, the '_' characters are no longer allowed in JDBC connection strings.

If your existing tests have the '_' in their JDBC connection string, please add and use this JVM option:

-Dcom.sun.jndi.ldapURLParsing="legacy".

SNI and DropWizard

We have upgraded the DropWizard library with our latest release VirtServer 3.20.0, which also includes a Jetty upgrade.

However, Jetty 10.0.x introduces stricter SNI host checking hence, after the update you may encounter issues while making requests over HTTPS. Find more details regarding this issue here.

To solve this issue, the HttpsConnectorFactory has a disableSniHostCheck configuration option which enables or disables stricter security for an application. By default in VirtServer, this is set to true, and the SNI host check is disabled or turned off.

If you wish to change this setting, please follow these instructions:

  1. Create a signed keystore with the certs you wish VirtServer to be accessible through. An example can be found here: SSL with CA signed certificate from Let's Encrypt with a domain registered at GoDaddy.

  2. Change connector (fields “applicationConnector” or “adminConnector”) for connecting to Virtserver. Add the field 'disableSniHostCheck' to the connector, and set it to 'false'. Change 'keyStorePath' to point to your keystore. Change 'keyStorePassword' to the password needed to unlock the Keystore.

  3. Restart VirtServer.

See Also

Configure VirtServer Settings in Web Interface

Highlight search results