System Properties and Environment Variables

Whether a user can log into an account in Management Center on multiple devices in different locations at the same time. Default: true. See Securing User Sessions.

Whether Management Center logs auditable events. See Audit Logging. Default: false.

Full class name of a variable replacer to use. See Variable Replacers.

Whether the configuration loading process stops when a replacement value is missing. Default: true.

Prefix of all URL paths in Management Center. Default: ' ' (empty).

In this example, the URL for Management Center would be \http:localhost:8080/hazelcast-mc.

A list of origins patterns for which cross-origin requests are allowed.

If none of hazelcast.mc.cors.* properties are set, all origins are allowed to make cross-origin HTTP requests, but WebSocket connection could be established only from the same origin. By default this is not set.

HTTP methods to allow for cross-origin requests.

By default this is not set.

If any other hazelcast.mc.cors.* property is set while hazelcast.mc.cors.allowedMethods is not set, only GET and HEAD HTTP methods will be allowed.

List of headers that a pre-flight request can list as allowed for use during an actual request.

The special value * allows actual requests to send any header.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma.

By default this is not set.

List of response headers that an actual response might have and can be exposed to the client.

The special value * allows all headers to be exposed.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified, or Pragma.

By default this is not set.

Whether user credentials are supported or not. Setting this property to true forbids originPatterns, allowedMethods, allowedHeaders to have a * value. Be aware that this option establishes a high level of trust with the configured domains and also increases the surface attack of the web application by exposing sensitive user-specific information such as cookies and CSRF tokens. By default this is not set (i.e. user credentials are not supported).

Whether private network access is supported for user-agents restricting such access by default.

Private network requests are requests whose target server’s IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (https://router.local), or a request from a private website to localhost.

By default this is not set (i.e. private network access is not supported).

Configure how long, in seconds, the response from a pre-flight request can be cached by clients.

By default this is not set.

Timeout in milliseconds for Management Center operations that wait for a response from members. Default: 60000.

Whether Management Center does not verify the hostname of signed TLS/SSL certificates. Default: false.

Multiplier used for extending the disabled login period in case the failed login attempts continue after the disabled login period expires. Default: 10. See Securing User Sessions.

A comma separated list of cipher suites to be excluded from the list of supported ciphers in Management Center. Wildcards are supported.

Path to an existing keystore. You do not have to set this property if you use a Hardware Security Module (HSM). Default: ' ' (empty).

Password for the keystore. You do not have to set this property if you use a Hardware Security Module (HSM) that provides another means to access the keystore. Default: ' ' (empty).

Type of the keystore. Default: JCEKS.

Provider of the keystore. If you use a Hardware Security Module (HSM), specify the class name of your HSM’s java.security.Provider` implementation. Default: System provider.

Number of failed login attempts that Management Center allows before disabling logins. Default: 3. See Securing User Sessions.

Whether Management Center forces users to log out when other users try to log into the same account. Default: false. See Securing User Sessions.

Whether Management Center reads X-Forwarded-* headers from reverse proxies. Default: true.

Whether the /health endpoint is enabled on port hazelcast.mc.http.port + 1. Default: false. This endpoint is always served over HTTP, regardless of any TLS/SSL settings. This endpoint responds with 200 OK HTTP status code if Management Center is running.

In this example, the health check would be available at http://localhost:8081/health.

The port on which the /health endpoint is exposed. Default: hazelcast.mc.http.port + 1.

Home directory where metrics, executed SQL queries, and configuration settings are saved. See Configuring Management Center.

Network address that Management Center is reachable on. Default: 0.0.0.0 (all network interfaces).

HTTP port for Management Center. Default: 8080.

In this example, the URL for Management Center would be \http:localhost:80.

A comma separated list of cipher suits to be included in the list of supported ciphers in Management Center. Wildcards are supported.

Initial duration for the disabled login period in seconds. Default: 5. See Securing User Sessions.

Whether the clustered JMX service is enabled. Default: false. See Clustered JMX.

Hostname/IP address of the JMX host machine. This is used by the JMX client to connect back into JMX, so the given host must be accessible from the host machine that runs the JMX client. Default: Server’s hostname.

Whether mutual authentication is enabled for the JMX interface. Default: false.

Port on which the clustered JMX service is exposed. Default: 9999.

Port on which the Java process that you want to monitor listens for incoming connections from the client (Remote management applications) such as JConsole . For monitoring a local Java process, there is no need to specify the JMX RMI port number. Default: 9998.

Whether TLS/SSL is enabled for communication between the JMX interface and JMX clients. Default: false.

The standard name of the requested SSL protocol. Default: TLS.

Path to a keystore. Default: ' ' (empty).

Password for the keystore. Default: ' ' (empty).

Path to a truststore. Default: ' ' (empty).

Type of the truststore. Default: JKS.

Password for the truststore. Default: ' ' (empty).

Name of the algorithm based on which the authentication keys are provided. System default is used if none is provided. You can find out the default by calling the javax.net.ssl.TrustManagerFactory#getDefaultAlgorithm method.

Type of the keystore. Default: JKS.

Name of the algorithm based on which the authentication keys are provided. You can find out the default by calling the javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm method. Default: System default.

Timeout in milliseconds for Active Directory and LDAP search queries. Default: 3000.

The standard name of the requested SSL protocol for LDAP connection. Default: TLS.

Path to a keystore for LDAP SSL connection. Default: ' ' (empty).

Type of the keystore. Default: JKS.

Password for the keystore for LDAP SSL connection. Default: ' ' (empty).

Name of the algorithm based on which the authentication keys are provided. Default: System default.

Path to the truststore. Default: ' ' (empty).

Password for the truststore. Default: ' ' (empty).

Type of the truststore. Default: JKS.

Name of the algorithm based on which the authentication keys are provided. Default: System default.

The standard name of the requested SSL protocol for AD connection. Default: TLS.

Path to a keystore for AD SSL connection. Default: ' ' (empty).

Type of the keystore. Default: JKS.

Password for the keystore for AD SSL connection. Default: ' ' (empty).

Name of the algorithm based on which the authentication keys are provided. Default: System default.

Path to the truststore. Default: ' ' (empty).

Password for the truststore. Default: ' ' (empty).

Type of the truststore. Default: JKS.

Name of the algorithm based on which the authentication keys are provided. Default: System default.

Enterprise license. When this property is set, the license takes precedence over one that is set in the user interface, and you cannot update the license in the UI. For more details about licenses, see See Enterprise Licenses.

Whether the hz-mc conf tool does not check for an mc.lock file in the home directory. Default: false. See Skipping the Check for a Lock File

Maximum amount of time for the disable login period. By default, the disabled login period is unlimited.

Whether Management Center persists metrics. Default: true. See Historical Metrics.

Time-to-Live (TTL) in ISO-8601-based durations format for each record in the metrics persistence. Default: P1D (one day). This value must be positive. See Historical Metrics.

Number of threads that are used to consume metrics from cluster members. Default: 2. See Historical Metrics.

Interval in milliseconds that Management Center waits before requesting metrics from cluster members. Default: 1000.

Interval in seconds that Management Center holds Jet metrics in memory. Default: 3600.

Whether Management Center sends usage data to the Hazelcast phone home server. Default: true. See Usage Analytics.

Whether to expose all metrics to the /metrics endpoint to be consumed by Prometheus. All metrics at the endpoint include the hz_ prefix. Default: false.

Whether to send timestamp of the individual members' metrics to Prometheus. Its default value is true (enabled).

Metrics to include in the /metrics endpoint. Default: ' ' (empty).

Metrics to exclude from the /metrics endpoint. Default: ' ' (empty).

Port on which the /metrics endpoint is exposed.

In this example, the /metrics endpoint would be available on port 2222: http://localhost:2222/metrics.

Enable clustered REST endpoints. Default: false.

Minimum length that words in the dictionary must contain. Default: 3.

Path to a text file that contains words that cannot be included in user passwords.

Number of seconds that a session can remain inactive before it is invalid and the user must log in again. Default 1800.

Duration in milliseconds that Management Center waits before requesting metadata from a Hazelcast cluster. Metadata includes a list of all data structures and their configurations. Default: 1000.

A comma separated list of TLS/SSL protocols to be excluded from the list of supported protocols in Management Center.

Allow Management Center to use Google’s Conscrypt SSL that is built on their fork of OpenSSL, BoringSSL. Default: false.

Whether TLS/SSL is enabled. Default: false.

Path to a keystore.

Password of the keystore in hazelcast.mc.tls.keyStore.

Path to a truststore. If the hazelcast.mc.tls.enabled system property is true and this value is empty, Management Center uses the system JVM’s own truststore.

Password of the truststore.

Whether the HTTP port in the hazelcast.mc.http.port system property is redirected to the HTTPS port in the hazelcast.mc.https.port system property.

Whether clients connected to Management Center are authenticated:

Default: OPTIONAL.

Enables use of an existing keystore. Default: false.

Max length of a cell in SQL query result, longer values are truncated. Default: 2048.

Max number of rows returned by SQL batch query. Default: 1000.

The buffer size of the WebSocket connection MC uses for SQL operations. Default: 5MB.

Tables bigger than the threshold are loaded asynchronously. You can’t sort an asynchronous table. Default: 500.

Upper limit of the backoff in milliseconds. Default: 30000. Values must be between 30000 and 600000.

Factor by which to multiply the backoff after each failed retry. Default: 2. Values must be between 1 and 10.

Duration in milliseconds that Management Center waits after the first connection failure before retrying. Default: 1000. Values must be between 1000 and 60000.

Adjusts client filtering modes. Default: ALLOWLIST, DENYLIST. Value must be set of ALLOWLIST and DENYLIST.