Start your application server with the system property"system.properties.set" set to true to load the external file calledsystem.properties. This is given as a convenient way to ensure all propertiesare set for deployment. When the server starts, the portal will loadsystem.properties and then system-ext.properties.
Start your application server with the system property"system.properties.set.override" set to true if the properties ofsystem.properties override all similar command line properties. If set tofalse, the properties of system.properties will be set if and only if thoseproperties are not currently set.
Some application servers require you to set the "file.encoding" and"user.timezone" on startup regardless of system.properties because theapplication server reads these properties before system.properties is everloaded.
Set CXF logger class.
Defaults:org.apache.cxf.Logger=com.liferay.portal.remote.jaxrs.whiteboard.internal.log.LiferayCXFLogger
HTTP only cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks. Input a list of comma delimited cookie names that are not HTTP only.
Defaults:cookie.http.only.names.excludes=
Set this to true to skip the update check.
Defaults:net.sf.ehcache.skipUpdateCheck=true
Set the security provider class.
Defaults:com.liferay.util.Encryptor.provider.class=com.sun.crypto.provider.SunJCE
See portal.properties for more HTTP settings.
Set the HTTP proxy location where the portal fetches external content.
Set http.nonProxyHosts for hosts that must not be proxied. This is useful for proxied environments where you need direct access to internal servers. Follow the same semantics as the java.net package.
Examples: http.proxyHost=192.168.0.200
http.proxyPort=4480
http.nonProxyHosts=192.168.0.250
See portal.properties for more HTTP Header Response settings.
Set this to true for the portal to send the "X-Content-Type-Options: nosniff" HTTP header to protect against MIME sniffing. Custom URLs that allow for unhindered MIME sniffing are specified via the "http.header.secure.x.content.type.options.urls.excludes" property.
Defaults:http.header.secure.x.content.type.options=true
Set a list of comma-delimited URL prefixes that allow for unhindered MIME sniffing. This property is used only when the property "http.header.secure.x.content.type.options" is set to true.
Examples:http.header.secure.x.content.type.options.urls.excludes=
Set this to true for the portal to send the "X-Frame-Options: DENY" HTTP header to protect against clickjacking.
Custom HTTP header values instead of "DENY" are specified per URL via "http.header.secure.x.frame.options.*" properties.
Defaults:http.header.secure.x.frame.options=true
If the property "http.header.secure.x.frame.options" is set to true, then the portal searches the "http.header.secure.x.frame.options.*" properties for a matching pipe-delimited URL and HTTP header value pair (e.g., "/|SAMEORIGIN"). The portal iterates through the "http.header.secure.x.frame.options.*" properties where the wildcard "*" is replaced with an integer between 0 and 255 (starting with 0).
Upon finding a matched a URL, the portal uses the custom HTTP header value instead of the "DENY" value.
By default, URLs that start with "/" use the "SAMEORIGIN" custom HTTP header value. Specify another URL and HTTP header value with a number smaller than 255 to intercept this default behavior.
Defaults:http.header.secure.x.frame.options.255=/|SAMEORIGIN
Input a list of comma-delimited HTTPS cipher suites allowed for HTTPS connection to a 3rd party server.
Examples:https.cipherSuites=
Input a list of comma delimited protocols allowed for HTTPS connection to a 3rd party server. For example -Dhttps.protocols=TLSv1.1,TLSv1.2 disables outbound TLS 1.0 connections.
Examples:https.protocols=
io.netty.allocator.type=pooledExamples:
io.netty.allocator.cacheTrimInterval=
io.netty.allocator.maxCachedBufferCapacity=
io.netty.allocator.maxOrder=
io.netty.allocator.normalCacheSize=
io.netty.allocator.numDirectArenas=
io.netty.allocator.numHeapArenas=
io.netty.allocator.pageSize=
io.netty.allocator.smallCacheSize=
io.netty.allocator.tinyCacheSize=
io.netty.threadLocalDirectBufferSize=
The file encoding must be set to UTF-8 for internationalization to work correctly.
Defaults:file.encoding=UTF-8
Java uses the underlying operating system to generate images. If you are using Unix and do not start the portal in an X Windows session, then Java does not generate images and lots of nasty exceptions are thrown. Setting this property to true fixes that. If this property does not set dynamically on server startup, edit your start script to include this setting as a system property.
Defaults:java.awt.headless=true
Set the default locale to use. This locale is no longer set at the VM level. See LEP-2584.
Defaults: user.country=US
user.language=en
JAI relies on native acceleration to improve performance. To use native acceleration, you must install the appropriate native libraries and set this property to false. Warnings are reported if this is set to false without installing the proper native libraries.
Defaults:com.sun.media.jai.disableMediaLib=true
Specify the JAXB context factory to avoid using the one detected by context. This forces Java to use the same implementation instead of different implementations for different Java versions. Set this property to a blank value to use the auto-detected JAXB context factory.
Defaults:javax.xml.bind.JAXBContextFactory=com.sun.xml.bind.v2.ContextFactory
Set this to true to enable native extensions (like JNA for non-Java APIs).
Defaults:jruby.native.enabled=false
Set this to true to enable the log sanitizer, which is a safe logging mechanism that avoids directly embedding user input in log files. The log sanitizer automatically sanitizes log messages by replacing all unexpected characters from user supplied data with safe replacement characters.
See the "log.sanitizer.escape.html.enabled" property to encode HTML entities in log messages.
Defaults:log.sanitizer.enabled=true
Set this to true to encode HTML data in log messages.
Defaults:log.sanitizer.escape.html.enabled=false
Specify the code point of the character to replace forbidden characters. The underscore character, which has code point 95, is the default replacement character.
Defaults:log.sanitizer.replacement.character=95
Specify characters to allow in log messages. The sanitizer operates on characters with code points less than 128. Characters with code points greater than 128 are always allowed. Please see ASCII tables to look up character code points.
This default whitelist allows characters with code points 9 (tab), 32 (space), and all characters with code points greater than 32 except 127 (delete).
Defaults:log.sanitizer.whitelist.characters=9,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126
Set any logger that implements org.apache.commons.logging.Log.
Examples:org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
Set this to true if Log4j complains that it is not properly configured.
Defaults:log4j.configure.on.startup=true
Set this to create a single logger context using a single configuration for sharing across all applications.
Defaults:log4j2.contextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector
Set this to true to disable JMX and to prevent Log4j 2 MBean creation.
Defaults:log4j2.disable.jmx=true
Set a timeout to avoid lock errors.
Examples:org.apache.lucene.writeLockTimeout=30000
Make threads daemons for the JVM to exit cleanly.
Defaults:org.quartz.threadPool.makeThreadsDaemons=true
Turn off the update checking for better performance and security.
Defaults:org.terracotta.quartz.skipUpdateCheck=true
com.liferay.portal.kernel.io.ProtectedObjectInputStream.restricted.class.names=\
com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl,\
org.apache.commons.collections.functors.CloneTransformer,\
org.apache.commons.collections.functors.ForClosure,\
org.apache.commons.collections.functors.InstantiateFactory,\
org.apache.commons.collections.functors.InstantiateTransformer,\
org.apache.commons.collections.functors.InvokerTransformer,\
org.apache.commons.collections.functors.PrototypeFactory$PrototypeCloneFactory,\
org.apache.commons.collections.functors.PrototypeFactory$PrototypeSerializationFactory,\
org.apache.commons.collections.functors.WhileClosure,\
org.apache.commons.collections4.functors.InvokerTransformer,\
org.codehaus.groovy.runtime.ConvertedClosure,\
org.codehaus.groovy.runtime.MethodClosure,\
org.springframework.beans.factory.ObjectFactory,\
org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider,\
sun.reflect.annotation.AnnotationInvocationHandler
Defaults:
com.liferay.portal.kernel.security.SecureRandomUtil.buffer.size=65536
Set the service proxy factory timeout in milliseconds.
Defaults:com.liferay.portal.kernel.util.ServiceProxyFactory.timeout=60000
Encrypt session parameters so that browsers cannot remember them.
Defaults:com.liferay.util.servlet.SessionParameters=false
Set this to true to ignore Spring BeanInfo classes.
Defaults:spring.beaninfo.ignore=true
static.lpkg.bundle.symbolic.names=\
Static - API,\
Static - Impl
com.liferay.portal.kernel.util.StreamUtil.buffer.size=8192
Set this to true when doing large file transfers on a 32-bit JVM to prevent running out of memory. This worsens performance but increases stability for older environments.
Defaults:com.liferay.portal.kernel.util.StreamUtil.force.tio=false
Set this property to tell StringBundler when to use a ThreadLocal buffer to build the output String. SoftReference marks the buffer to be removed forcibly by the GC when memory is nearly exhausted. Set the limit to a high value to balance ThreadLocal access by the garbage collection savings. Setting the limit too low may actually do more harm than good.
Set a value larger than 0 to enable this feature when using StringBundler with an output length longer than the specified value. A reasonable value is 8192 (8 kb) or 16384 (16 kb). The best value depends on how the portal is used.
Defaults:com.liferay.portal.kernel.util.StringBundler.threadlocal.buffer.limit=0
Configure the default parser to avoid looking up an XMLParserConfiguration from the class path each time a SAXParser object is created. Set this property to a blank value to revert to the default behavior.
See https://xerces.apache.org/xerces2-j/faq-xni.html for more information.
Defaults:org.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeAwareParserConfiguration