Start your application server with the system property"system.properties.load" set to true to load the external file calledsystem.properties. This is given as a convenient way to ensure all propertiesare set for deployment. When the server starts, the portal will loadsystem.properties and then system-ext.properties.
Start your application server with the system property"system.properties.final" set to true if the properties of system.propertiesoverride all similar command line properties. If set to false, the propertiesof system.properties will be set if and only if those properties are notcurrently set.
Some application servers require you to set the "file.encoding" and"user.timezone" on startup regardless of system.properties because theapplication server reads these properties before system.properties is everloaded.
Configure a custom document factory in order to use a thread safe QName cache.
Defaults:org.dom4j.factory=com.liferay.portal.xml.DocumentFactoryExamples:
org.dom4j.factory=org.dom4j.DocumentFactory
The file encoding must be set to UTF-8 in order for the internationalization to work correctly.
Defaults:file.encoding=UTF-8
Java uses the underlying operating system to generate images. If you are using Unix and do not start the portal in a X Windows session, then Java will not know how to generate images and you'll get lots of nasty exceptions. Setting this property to true will fix that. Sometimes this property cannot be set dynamically when the server starts and you'll need to edit your start script to include this as a system property.
Defaults:java.awt.headless=true
Set the default locale used by Liferay. This locale is no longer set at the VM level. See LEP-2584.
Defaults:user.country=US user.language=en
JAI relies upon native acceleration to improve performance. To use native acceleration, you must install the appropriate native libraries and set this property to false. Setting this to false without installing the proper native libraries will result in warnings.
Defaults:com.sun.media.jai.disableMediaLib=true
Set any logger that implements org.apache.commons.logging.Log.
Examples:org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
Set this to true if Log4j complains that it was not properly configured.
Defaults:log4j.configure.on.startup=true
com.liferay.portal.kernel.util.StreamUtil.buffer.size=8192
Set this to true when doing large file transfers on a 32-bit JVM to prevent running out of memory. This worsens performance but increases stability for older environments.
Defaults:com.liferay.portal.kernel.util.StreamUtil.force.tio=false
String Bundler
Set this to true to enable the finalize manager to use a separate thread to do clean up. Otherwise, the finalize manager will only do clean up during registration.
Defaults:com.liferay.portal.kernel.memory.FinalizeManager.thread.enabled=false
Set the security provider class.
Defaults:com.liferay.util.Encryptor.provider.class=com.sun.crypto.provider.SunJCE
See portal.properties for more HTTP settings.
Set the location of the HTTP proxy that the portal will use to fetch external content.
Set http.nonProxyHosts for hosts that will not be proxied. This is useful for proxied environments where you need direct access to internal servers. This should follow the same semantics as the java.net package.
Examples:http.proxyHost=192.168.0.200 http.proxyPort=4480 http.nonProxyHosts=192.168.0.250
See portal.properties for more HTTP Header Response settings.
Set this to true for the portal to send the "X-Content-Type-Options: nosniff" HTTP header to protect against MIME sniffing. Custom URLs can specified in the property "http.header.secure.x.content.type.options.urls.excludes" that allow for unhindered MIME sniffing.
Defaults:http.header.secure.x.content.type.options=true
Set a list of comma delimited URL prefixes that allow for unhindered MIME sniffing. This property is only used when the property "http.header.secure.x.content.type.options" is set to true.
Examples:http.header.secure.x.content.type.options.urls.excludes=
Set this to true for the portal to send the "X-Frame-Options: DENY" HTTP header to protect against clickjacking.
Custom HTTP header values instead of "DENY" can be specified per URL via the properties "http.header.secure.x.frame.options.*".
Defaults:http.header.secure.x.frame.options=true
If the property "http.header.secure.x.frame.options" is set to true, then the portal will iterate through the properties "http.header.secure.x.frame.options.*" where the wildcard "*" is replaced with an int number starting from 0 and ending with 255 to find a pipe (|) delimited URL and HTTP header value pair (e.g. "/|SAMEORIGIN").
Upon finding a matched a URL, the portal will use the custom HTTP header value instead of the "DENY" value.
By default, URLs that start with "/" will use a custom HTTP header value of "SAMEORIGIN". Specify another URL and HTTP header value with a number smaller than 255 to intercept this default behavior.
Defaults:http.header.secure.x.frame.options.255=/|SAMEORIGIN
Set this to nonempty value for the portal to send the "X-XSS-Protection" HTTP header to block cross-site scripting attacks. Possible nonempty values are "0", "1" and "1; mode=block"
Defaults:http.header.secure.x.xss.protection=1
HTTP only cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks. Input a list of comma delimited cookie names that are not HTTP only.
Defaults:cookie.http.only.names.excludes=
Urls that match the specified pattern will use the SimpleHTTPSender. Urls that do not match the specified pattern will use Axis' default HTTPSender.
Defaults:com.liferay.util.axis.SimpleHTTPSender.regexp.pattern=.*mappoint\.net.*
Encrypt session parameters so that browsers cannot remember them.
Defaults:com.liferay.util.servlet.SessionParameters=false
Set this to true to skip the update check.
Defaults:net.sf.ehcache.skipUpdateCheck=true
io.netty.allocator.type=pooledExamples:
io.netty.allocator.cacheTrimInterval= io.netty.allocator.maxCachedBufferCapacity= io.netty.allocator.maxOrder= io.netty.allocator.normalCacheSize= io.netty.allocator.numDirectArenas= io.netty.allocator.numHeapArenas= io.netty.allocator.pageSize= io.netty.allocator.smallCacheSize= io.netty.allocator.tinyCacheSize= io.netty.threadLocalDirectBufferSize=
Set this to true to enable native extensions (like JNA for non-Java APIs).
Defaults:jruby.native.enabled=false
Set this to true to enable the log sanitizer, which is a safe logging mechanism that avoids directly embedding user input in log files. The log sanitizer automatically sanitizes log messages by replacing all unexpected characters from user supplied data with safe replacement characters.
See the "log.sanitizer.escape.html.enabled" property for encoding HTML entities in log messages.
Defaults:log.sanitizer.enabled=true
Set whether to encode HTML data in log messages.
Defaults:log.sanitizer.escape.html.enabled=false
Specify the code point of the character to replace forbidden characters. The underscore character, which has code point 95, is the replacement character by default.
Defaults:log.sanitizer.replacement.character=95
Specify characters to allow in log messages. The sanitizer operates on characters with code points less than 128. Characters with code points greater than 128 are always allowed. Please see ASCII tables to look up character code points.
This default whitelist allows characters with code points 9 (tab), 32 (space), and all characters with code points greater than 32 except 127 (delete).
Defaults:log.sanitizer.whitelist.characters=9,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126
Set a timeout to avoid lock errors.
Examples:org.apache.lucene.writeLockTimeout=30000
Set the location of the Tika configuration.
Defaults:tika.config=tika/tika.xml
Make threads daemon so the JVM exits cleanly.
Defaults:org.quartz.threadPool.makeThreadsDaemons=true
Turn off the update check for performance/security.
Defaults:org.terracotta.quartz.skipUpdateCheck=true
com.liferay.portal.kernel.io.ProtectedObjectInputStream.restricted.class.names=\ com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl,\ org.apache.commons.collections.functors.CloneTransformer,\ org.apache.commons.collections.functors.ForClosure,\ org.apache.commons.collections.functors.InvokerTransformer,\ org.apache.commons.collections.functors.InstantiateFactory,\ org.apache.commons.collections.functors.InstantiateTransformer,\ org.apache.commons.collections.functors.PrototypeFactory$PrototypeCloneFactory,\ org.apache.commons.collections.functors.PrototypeFactory$PrototypeSerializationFactory,\ org.apache.commons.collections.functors.WhileClosure,\ org.apache.commons.collections4.functors.InvokerTransformer,\ org.codehaus.groovy.runtime.ConvertedClosure,\ org.codehaus.groovy.runtime.MethodClosure,\ org.springframework.beans.factory.ObjectFactory,\ org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider,\ sun.reflect.annotation.AnnotationInvocationHandlerDefaults:
com.liferay.portal.kernel.security.SecureRandomUtil.buffer.size=65536
Configure the default parser to avoid looking up an XMLParserConfiguration from the class path each time a SAXParser object is created. Set this property to a blank value to revert to the default behavior.
See https://xerces.apache.org/xerces2-j/faq-xni.html for more information.
Defaults:org.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeAwareParserConfiguration