Versio.io Managed customizing
Environment variables
The following environment variables can be set to accommodate customer specific wishes, when starting Versio.io:
| Environment variable | Purpose of use | Description | Default value |
|---|---|---|---|
| VERSIO_DOMAIN | Web server config | Define the URL domain address under which the Versio.io browser user interface can be accessed on the network. The domain address must match the domain specified in the SSL certificate, otherwise the browser will display an error message. All deep links sent from the Versio.io platform use the domain address! |
Host name |
| VERSIO_ADDITIONAL_DOMAINS | Web server config | Optionally define the additional comma-separated URL domain addresses under which the Versio.io browser user interface can also be accessed in the network. It is important for the identity and access management. For example, for internal access via the IP. Please note that the SSL certificate must support the specified domains accordingly. | |
| VERSIO_PORT_HTTPS | Web server config | Define the port on which Versio.io can be accessed via HTTPS. | 443 |
| VERSIO_PORT_HTTP | Web server config | Define the port on which Versio.io should be accessible via HTTP. Please note that the HTTP has to be enabled in 'docker-compose.yml'. | 80 |
| VERSIO_VALIDITY_CERTIFICATE | Self generated SSL certificates | Validity of self-generated SSL certificates in days. | 365 |
| VERSIO_DATA | Versio.io server and backup.sh |
Define the folder to store all Versio.io logging and database data. | /home/versio.io |
| VERSIO_LOGGING_FOLDER | Versio.io server | Define the folder to store Versio.io logging data. | /home/versio.io/log |
| VERSIO_BACKUP_FOLDER | backup.sh |
Define the folder to store Versio.io backup data. | /home/versio.io/backup |
| VERSIO_STAGE | Versio.io server | Define the stage and logging behavior of the Versio.io instance. If the value is not equal to production or loadtest, the amount of logged information is increased. |
|
| VERSIO_RELEASE | Versio.io server | Specify the release version ( |
latest |
| VERSIO_CONTAINER_REGISTRY | Versio.io server | Define the registry location for update the Versio.io platform container images. | registry.versio.io |
| VERSIO_DEPLOYMENT_PROFILE | Versio.io server | Define the profile to deploy Versio.io as a standalone or a distributed system (separated application and database stack) on different servers. Use application to deploy the application stack and database to deploy the database. |
standalone |
| VERSIO_DB_IP | Versio.io server | If the database is operated on a separate host, then define the IP of the database host in the environment variable. This is usually used in conjunction with the environment variable VERSIO_DEPLOYMENT_PROFILE. |
Internal IP address |
| VERSIO_GRC_REPLICAS | GRC microservice | Define the number of replicas for the GRC microservice (governance risk compliance). A higher number of replicas can parallelize the processing of GRC verifications and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_TOPOLOGY_REPLICAS | Topology microservice | Define the number of replicas for the topology microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_PRODUCT_COMPLIANCE_REPLICAS | Product compliance microservice | Define the number of replicas for the Product compliance microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_EVENT_PROCESSING_REPLICAS | Event processing microservice | Define the number of replicas for the Event processing microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
| VERSIO_GATEWAY_REPLICAS | Gateway microservice | Define the number of replicas for the gateway microservice. A higher number of replicas can parallelize the processing of changes and thus achieve higher processing performance. A value >= 1 should always be defined. | 2 |
Configuration: Environment variables with default values
Configuration files
The directory /opt/versio.io/install/conf/custom contains configuration files in which customer-specific adjustments can be made. These are not changed by an update!
| File | Description | Default |
|---|---|---|
| my.cnf | For separately operated database stacks, the RAM usage can be adjusted here. A RAM usage of approximately 70% of the available RAM is recommended. | # Customize NGINX configuration for SSL/TLS certificates [mysqld] innodb_buffer_pool_size = 12G |
| nginx-ssl-certificate.conf | Adjustment of the location and integration of SSL/TLS certificates into the NGINX configuration. | # Customize NGINX configuration for SSL/TLS certificates ssl_certificate /opt/versio.reverse-proxy/ssl/cert-public-key.pem; ssl_certificate_key /opt/versio.reverse-proxy/ssl/cert-private-key.pem; #ssl_trusted_certificate /opt/versio.reverse-proxy/ssl/chain.pem; ssl_dhparam /opt/versio.reverse-proxy/ssl/dhparams.pem; |
SSL certificate
The Versio.io startup script automatically generates an SSL certificate for HTTPS support if no certificate authority is available in the ./ssl folder (ca-root.pem and ca-private-key.pem).
For productive systems we recommend to store company specific SSL certificates in the ./ssl/versio.reverse-proxy folder of the startup script with following file names:
* cert-private-key.pem for the private key
* cert-public-key.pem for the public key
Please note that for self generated SSL certificates the certification authority 'ssl/ca-root.pem' should or must be made known on the client side:
- Browser: Import of the certification authority into the certificate memory of the browser. If this is not done, you will receive a browser warning where you can again indicate that you accept the risk.
- API usage: Announcement of the certification authority to the operating system or manual specification when starting the corresponding client application.
External identity provider
For a Versio.io Managed instance, external identity providers can be integrated in order to be able to use authentication and other security functions, such as single sign-on or two-factor authentication (2FA).
An identity provider is set up in the file /opt/versio.io/install/conf/auth.json. An example configuration with the name 'auth.example.json' is available in the same directory. After changing the auth.json file, the Versio.io Managed instance must be restarted.
On the following page you will find instructions on how to set up your Versio.io Managed instance with your identity provider.
Info
Please note that certain Identity and Access Management (IAM) integrations require a paid licence for the Versio.io Managed instance: FusionAuth Plans & Pricing