{"id":41347138,"url":"https://github.com/mendix/cf-mendix-buildpack","last_synced_at":"2026-01-23T07:04:56.492Z","repository":{"id":16423058,"uuid":"19174281","full_name":"mendix/cf-mendix-buildpack","owner":"mendix","description":"The buildpack to run a Mendix app on any Cloud Foundry based platform","archived":false,"fork":false,"pushed_at":"2025-11-12T16:12:46.000Z","size":32456,"stargazers_count":49,"open_issues_count":18,"forks_count":116,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-11-12T18:07:51.166Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mendix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-04-26T09:53:49.000Z","updated_at":"2025-11-12T16:11:24.000Z","dependencies_parsed_at":"2023-10-12T17:07:02.550Z","dependency_job_id":"83a394bd-fd32-4899-a0c8-392eb79de3b3","html_url":"https://github.com/mendix/cf-mendix-buildpack","commit_stats":null,"previous_names":[],"tags_count":238,"template":false,"template_full_name":null,"purl":"pkg:github/mendix/cf-mendix-buildpack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendix%2Fcf-mendix-buildpack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendix%2Fcf-mendix-buildpack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendix%2Fcf-mendix-buildpack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendix%2Fcf-mendix-buildpack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mendix","download_url":"https://codeload.github.com/mendix/cf-mendix-buildpack/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendix%2Fcf-mendix-buildpack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28682275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T05:48:07.525Z","status":"ssl_error","status_checked_at":"2026-01-23T05:48:07.129Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-23T07:04:12.522Z","updated_at":"2026-01-23T07:04:56.483Z","avatar_url":"https://github.com/mendix.png","language":"Python","readme":"# Run Mendix in Cloud Foundry\n\n![Integration Test Status](https://github.com/mendix/cf-mendix-buildpack/workflows/Run%20Integration%20Tests/badge.svg?branch=develop) [![Known Vulnerabilities](https://snyk.io/test/github/mendix/cf-mendix-buildpack/badge.svg)](https://snyk.io/test/github/mendix/cf-mendix-buildpack)\n\nThis document contains general information on the Mendix Cloud Foundry Buildpack.\n\nThe buildpack is heavily tied to the Mendix Public Cloud, but can be used independently.\nRelease notes are available for the [buildpack](https://github.com/mendix/cf-mendix-buildpack/releases/), [Mendix itself](https://docs.mendix.com/releasenotes/studio-pro/) and the [Mendix Public Cloud](https://docs.mendix.com/releasenotes/developer-portal/deployment).\n\n* [Requirements](#requirements)\n* [Supported Mendix Versions](#supported-mendix-versions)\n* [Buildpack Releases and Version Pinning](#buildpack-releases-and-version-pinning)\n* [Lifecycle](#lifecycle)\n* [How to Deploy](#how-to-deploy)\n * [1. Install Cloud Foundry CLI](#1-install-cloud-foundry-cli)\n * [2. Push your App](#2-push-your-app)\n * [3. Configure an Admin Password](#3-configure-an-admin-password)\n * [4. Connect a Database](#4-connect-a-database)\n* [Infrastructure Configuration](#infrastructure-configuration)\n * [Connect a Database](#connect-a-database)\n * [Connect an External File Store](#connect-an-external-file-store)\n* [Mendix Runtime Configuration](#mendix-runtime-configuration)\n * [Horizontal Scaling](#horizontal-scaling)\n * [Constants](#constants)\n * [Scheduled Events](#scheduled-events)\n * [Custom Runtime Settings](#custom-runtime-settings)\n * [Client Certificates](#client-certificates)\n * [Data Snapshots](#data-snapshots)\n * [License Activation](#license-activation)\n* [Java Configuration](#java-configuration)\n * [Java Version](#java-version)\n * [Java Heap Size](#java-heap-size)\n * [Java Max Metaspace Size](#java-max-metaspace-size)\n * [Java Virtual Machine (JVM) Settings](#java-virtual-machine-jvm-settings)\n * [Certificate Authorities](#certificate-authorities)\n* [Built-In Proxy Configuration](#built-in-proxy-configuration)\n * [HTTP Headers](#http-headers)\n * [Access Restrictions](#access-restrictions)\n * [Custom Locations](#custom-locations)\n* [Telemetry Configuration](#telemetry-configuration)\n * [New Relic](#new-relic)\n * [Splunk](#splunk)\n * [AppDynamics](#appdynamics)\n * [Datadog](#datadog)\n * [Dynatrace](#dynatrace)\n * [Logging](#logging)\n* [Using the Buildpack without an Internet Connection](#using-the-buildpack-without-an-internet-connection)\n* [Troubleshooting](#troubleshooting)\n * [Enabling the Mendix Debugger](#enabling-the-mendix-debugger)\n * [Rescue Mode](#rescue-mode)\n* [Developing and Contributing](#developing-and-contributing)\n* [License](#license)\n\n*This ToC was generated by the [VS Code Markdown All-In-One Extension](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one).*\n\n## Requirements\n\nThe buildpack requires a cluster which supports the `cflinuxfs4` stack.\n\nAdditionally, we recommend a base level knowledge of Cloud Foundry. You should at least be familiar with the Cloud Foundry CLI.\n\n## Supported Mendix Versions\n\nThe latest [buildpack release](https://github.com/mendix/cf-mendix-buildpack/releases/latest) supports all [officially-supported](https://docs.mendix.com/releasenotes/studio-pro/lts-mts) Mendix versions (7, 8 and 9).\n\nThe following table shows which specific buildpack release introduced or removed support for specific Mendix versions.\n\n| Mendix Major Version | Supported | End-of-Support |\n| -------------------- | --------- | -------------- |\n| `10` | `v4.24.0` | - |\n| `9` | `v4.24.0` | - |\n| `8` | `v3.4.0` | - |\n| `7` | `v3.1.0` | - |\n| `6` | `v1.0` | `v4.16.0` |\n\nWe recommend using a [maintained (LTS / MTS)](https://docs.mendix.com/releasenotes/studio-pro/lts-mts) Mendix version. Additionally, we recommend to always [use / \"pin to\" a specific buildpack release](#buildpack-releases-and-version-pinning).\n\n## Supported CFLinuxFS Versions\n\n| Buildpack | Supported | End-of-Support |\n|-----------|--------------|----------------|\n| `4.x` | `cflinuxfs3` | 2023 Q3 |\n| `5.x` | `cflinuxfs4` | - |\n\nWe recommend switching to version 5.x with cflinuxfs4 since cflinuxfs3 is no longer maintained.\n\n## Buildpack Releases and Version Pinning\n\nWe recommend \"pinning to\" - using a specific [release](https://github.com/mendix/cf-mendix-buildpack/releases) of - the buildpack. This will prevent you from being affected by bugs that are inadvertently introduced, but you will need to set up a procedure to regularly move to new versions of the buildpack.\n\nTo push with a specific release of the buildpack, replace `\u003cRELEASE\u003e` in the buildpack URL below in your `cf push` command with the release you want to pin to, e.g. `v4.11.0` :\n\n```shell\ncf push \u003cYOUR_APP\u003e -b https://github.com/mendix/cf-mendix-buildpack/releases/download/\u003cRELEASE\u003e/cf-mendix-buildpack.zip -p \u003cYOUR_MDA\u003e.mda -t 180\n```\n\nYou can find the list of available releases [here](https://github.com/mendix/cf-mendix-buildpack/releases).\n\n**:warning: Do not directly pin to the buildpack source code, but always pin to a specific release. The release is a runnable version of the buildpack and always contains the (binary) dependencies needed to run the buildpack directly; we do not guarantee that the source code by itself runs.**\n\n## Lifecycle\n\nThe buildpack lifecycle has two main phases:\n\n* `stage` : Fetch the JRE, Mendix Runtime, and nginx and bundle these together with the application model into a Cloud Foundry droplet. This is handled by [`stage.py`](buildpack/stage.py) .\n* `run` : Start the various processes and run the application. [`start.py`](buildpack/start.py) is for orchestration, the JVM is for executing the Mendix Model, and nginx is used as reverse proxy including handling access restrictions.\n\nThe staging phase accepts archives in `.mda` format (Mendix Deployment Archive). There is experimental support for `.mpk` archives (Mendix Project Package). If an `.mpk` file is pushed, `mxbuild` is executed using Mono in the compile phase as well, the run phase stays the same.\n\nPushing `.mpk` files is only supported on `cflinuxfs4` for Mendix version 9.24 or higher. To push MPKs for older Mendix versions, you should stay on `cflinuxfs3`.\n\n## How to Deploy\n\nThere are specific guides for deploying Mendix apps to the [Pivotal](https://docs.mendix.com/deployment/cloud-foundry/deploy-a-mendix-app-to-pivotal) and [IBM Bluemix](https://docs.mendix.com/deployment/cloud-foundry/deploy-a-mendix-app-to-ibm-bluemix) Cloud Foundry platforms on our [documentation page](https://docs.mendix.com/deployment/cloud-foundry). This buildpack readme documents the more low-level details and CLI instructions.\n\n### 1. Install Cloud Foundry CLI\n\nInstall the Cloud Foundry command line executable. You can find this on the [releases page](https://github.com/cloudfoundry/cli#stable-release). Set up the connection to your preferred Cloud Foundry environment with `cf login` and `cf target` .\n\n### 2. Push your App\n\nThe following commands push an MDA (Mendix Deployment Archive) that was built by Mendix Studio Pro to Cloud Foundry.\n\n*:warning: Please replace `\u003cLINK-TO-BUILDPACK\u003e` in the commands below with a link to the version of the buildpack you are trying to deploy. Check [this section](#buildpack-releases-and-version-pinning) for details on how to pick a release.*\n\n```shell\ncf push \u003cYOUR_APP\u003e -b \u003cLINK-TO-BUILDPACK\u003e -p \u003cYOUR_MDA\u003e.mda -t 180\n```\n\nPushing a project directory is also possible. This will move the build process (using MxBuild, a component of Mendix Studio Pro) to Cloud Foundry:\n\n```shell\ncd \u003cPROJECT DIR\u003e; cf push -b \u003cLINK-TO-BUILDPACK\u003e -t 180\n```\n\nNote that you might need to increase the startup timeout to prevent the database from being partially synchronized. This can be done either by specifying the `-t 180` parameter like above, or by using the `CF_STARTUP_TIMEOUT` environment variable (in minutes) from the command line.\n\nAlso note that building the project in Cloud Foundry takes more time and requires enough memory in the compile step.\n\n### 3. Configure an Admin Password\n\nThe first push generates a new app. In order to login to your application as admin, you can set the password using the `ADMIN_PASSWORD` environment variable. Keep in mind that the admin password should comply with the policy you have set in Mendix Studio Pro. For security reasons, it is recommended to set this environment variable once to create the admin user, then remove the environment variable and restart the app. Finally, log in to the app and change the password via the web interface. Similarly, the setting can be used to reset the password of an administrator.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e ADMIN_PASSWORD \"\u003cYOURSECRETPASSWORD\u003e\"\n```\n\n### 4. Connect a Database\n\nAfter configuring an admin password, proceed with [connecting a database](#connect-a-database).\n\n## Infrastructure Configuration\n\nMendix applications can use a variety of databases and external file stores. The buildpack can configure the Mendix Runtime to use these databases and file stores.\n\n**:warning: Support for file stores and databases in the buildpack is ultimately dependent on Mendix Runtime support. The buildpack only plays a role in configuring them in the Mendix Runtime.**\n\n### Connect a Database\n\nTo deploy an app, you need to connect a PostgreSQL, MySQL or any other [Mendix Runtime supported database](https://docs.mendix.com/refguide/data-storage/) instance which allows at least 5 connections to the database. Find out which services are available in your Cloud Foundry foundation with the `marketplace` command.\n\n```shell\ncf marketplace\n```\n\nExample: a Cloud Foundry Marketplace offers the `elephantsql` service, which offers the free `turtle` plan. All you need to do is give it a name and bind it to your application.\n\n```shell\ncf create-service elephantsql turtle \u003cSERVICE_NAME\u003e\ncf bind-service \u003cYOUR_APP\u003e \u003cSERVICE_NAME\u003e\n```\n\nNote that not all databases are automatically picked up by the buildpack. If `cf push` returns an error like `Could not parse database credentials` , you need to set the `DATABASE_URL` variable manually or [set](#custom-runtime-settings) database [Mendix custom runtime variables](https://docs.mendix.com/refguide/custom-settings) to configure a database. Note these variables need to be prefixed with `MXRUNTIME_` , as per example:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_DatabaseType PostgreSQL\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_DatabaseJdbcUrl jdbc:postgresql://host/databasename\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_DatabaseName databasename\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_DatabaseUserName user\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_DatabasePassword password\n```\n\nNow, push the application once more.\n\n```shell\ncf push \u003cYOUR_APP\u003e -b \u003cLINK-TO-BUILDPACK\u003e -p \u003cYOUR_MDA\u003e.mda\n```\n\nYou can now log in to your application with the configured admin password.\n\nFor PostgreSQL, the buildpack supports setting additional parameters in the connection URI retrieved from the service binding. To set additional JDBC parameters, set the `DATABASE_CONNECTION_PARAMS` environment variable as JSON key-value string.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e DATABASE_CONNECTION_PARAMS '{\"tcpKeepAlive\": \"true\", \"connectionTimeout\": 30, \"loginTimeout\": 15}'\n```\n\n*:warning: If you set `DATABASE_URL` as JDBC connection string (prefixed with `jdbc:` and including parameters, `DATABASE_CONNECTION_PARAMS` is not required.*\n\nTo allow connection to an AWS RDS database the buildpack selects the regional CA certificate stored in [`rds-certificates`](etc/rds-certificates). If the region's certificate doesn't exist, the buildpack will fail with an error `Could not find database CA certificate in map`.\n\n*:warning: After the root CA rotation of AWS RDS on 22nd August 2024, only buildpacks v5.0.5 or higher will continue to work, all older buildpacks only import no longer valid certificates and no longer can establish a connection to AWS RDS.*\n\n#### Supported VCAP Schemas\n\n Cloud Foundry database services are detected from Cloud Foundry service bindings ([VCAP](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES)) and translated into Mendix Runtime configuration. In case no database service is bound, the fallback is the environment variable `DATABASE_URL`.\n\nAll database configuration code can be found in [`database.py`](buildpack/core/database.py). Service bindings have preference over `DATABASE_URL`. Service bindings are recognized on the identifier and/or tags.\n\n##### PostgreSQL using RDS Service Broker\n\nSelection based on tags `[\"database\", \"RDS\", \"postgresql\"]`.\n\n```json\n \"rds\": [\n {\n \"binding_name\": null,\n \"credentials\": {\n \"db_name\": \"databasename\",\n \"host\": \"hostname.local\",\n \"password\": \"password\",\n \"uri\": \"postgres://username:password@hostname.local:5432/databasename\",\n \"username\": \"username\"\n },\n \"instance_name\": \"03E2080E-BA38-4AD4-B3AC-5F2D7ED2483B-database\",\n \"label\": \"rds\",\n \"name\": \"03E2080E-BA38-4AD4-B3AC-5F2D7ED2483B-database\",\n \"plan\": \"rds-plan\",\n \"provider\": null,\n \"syslog_drain_url\": null,\n \"tags\": [\n \"database\",\n \"RDS\",\n \"postgresql\"\n ],\n \"volume_mounts\": []\n }\n ]\n```\n\n##### SAP Hana using Service Broker\n\nSelection based on name `hana` and tags `[\"hana\", \"database\", \"relational\"]`.\n\n```json\n \"hana\": [\n {\n \"binding_name\": null,\n \"credentials\": {\n \"certificate\": \"-----BEGIN CERTIFICATE-----\\n\u003c\u003ccertficate\u003e\u003e\\n-----END CERTIFICATE-----\\n\",\n \"driver\": \"com.sap.db.jdbc.Driver\",\n \"host\": \"hostname\",\n \"password\": \"password\",\n \"port\": \"21863\",\n \"schema\": \"USR_username\",\n \"url\": \"jdbc:sap://hostname:21863?encrypt=true\\u0026validateCertificate=true\\u0026currentschema=USR_username\",\n \"user\": \"USR_username\"\n },\n \"instance_name\": \"Hana Schema\",\n \"label\": \"hana\",\n \"name\": \"Hana Schema\",\n \"plan\": \"schema\",\n \"provider\": null,\n \"syslog_drain_url\": null,\n \"tags\": [\n \"hana\",\n \"database\",\n \"relational\"\n ],\n \"volume_mounts\": []\n }\n ],\n```\n\n### Connect an External File Store\n\nThe Mendix Runtime supports multiple external file stores: AWS S3, Azure Storage and Swift (Bluemix Object Storage).\n\nAll of these can be configured manually via [Custom Runtime Settings](#custom-runtime-settings), but the buildpack provides ways to more easily configure AWS S3, Azure Storage and Swift (Bluemix Object Storage).\n\n#### Swift (Bluemix Object Storage) Settings\n\nWhen deploying to Bluemix, you can create an [Object Storage service](https://console.ng.bluemix.net/catalog/services/object-storage) and attach it to your app. No further configuration in necessary, you just need to restart your app.\n\nThe buildpack will set up the [custom runtime settings for the Object Storage service](https://docs.mendix.com/refguide/custom-settings/#8-ibm-cloud-bluemix-object-storage-settings) based on the service binding. By default, a storage container will be created for you called `mendix` . If you want to use a different container name (for example if you are sharing the Object Storage service between multiple apps), you can configure the container name with the environment variable `SWIFT_CONTAINER_NAME` .\n\n#### Azure Storage Service Settings\n\nWhen deploying Mendix to Cloud Foundry on Azure with the Azure Service Broker, you can create an Azure Storage Service instance and attach it to your app. No further configuration in necessary, you just need to restart your app.\n\nThe buildpack will set up the [custom runtime settings for the Azure Storage Service](https://docs.mendix.com/refguide/custom-settings/#azure-blob) based on the service binding. By default, a storage container will be created for you called `mendix` . If you want to use a different container name (for example if you are sharing the Azure Storage service between multiple apps), you can configure the container name with the environment variable `AZURE_CONTAINER_NAME` .\n\n#### S3 Settings\n\nThe buildpack can configure AWS S3 file stores in the Mendix Runtime in two ways:\n\n* [Using IAM Credentials](#use-iam-credentials).\n* [Using a Token Vending Machine](#implement-tvm-token-vending-machine)\n\nThe buildpack will set up the [custom runtime settings for AWS S3](https://docs.mendix.com/refguide/custom-settings/#amazon-s3-storage-service-settings) based on environment variables or a service binding.\n\n**:warning: Support for other file stores that offer the S3 API (S3 compatible file stores) is dependent on the Mendix Runtime and the level of compatibility offered by these non-AWS file stores.**\n\n##### Use IAM Credentials\n\nCreate an IAM user and provide IAM user credential using following environment variables.\n\n* `S3_ACCESS_KEY_ID` : credentials access key\n* `S3_SECRET_ACCESS_KEY` : credentials secret\n* `S3_BUCKET_NAME` : bucket name\n\n##### Implement TVM (Token Vending Machine)\n\nCreate a TVM (Token Vending Machine) and provide TVM credential using following environment variable.\n\n* `S3_TVM_ENDPOINT` : tvm_endpoint\n* `S3_TVM_USERNAME` : tvm_username\n* `S3_TVM_PASSWORD` : tvm_password\n\nPlease check [s3-tvm-spec](https://github.com/mendix/s3-tvm-spec) for API documentation help for TVM.\n\nThe following environment variables are optional:\n\n* `S3_PERFORM_DELETES` : set to `false` to never delete items from the file store. This is useful when you use a highly redundant service without a separate backup mechanism, such as AWS S3.\n* `S3_KEY_SUFFIX` : if your bucket is multi-tenant you can append a string after each object name, you can restrict IAM users to objects with this suffix.\n* `S3_ENDPOINT` : for S3 itself this is not needed, for S3 compatible object stores set the domain on which the object store is available.\n* `S3_USE_V2_AUTH` : use Signature Version 2 Signing Process, this is useful for connecting to S3 compatible object stores like Riak-CS, or Ceph.\n* `S3_USE_SSE` : if set to `true` this will enable Server Side Encryption in S3\n\n## Mendix Runtime Configuration\n\nThe buildpack allows setting various Mendix Runtime configuration options.\n\n### Horizontal Scaling\n\nMendix allows scaling out horizontally. The absence of the need for a state store results in the fact that nothing needs to be configured for running Mendix in clustering mode. Based on the `CF_INSTANCE_INDEX` variable, the runtime starts either in leader or worker mode. The leader mode will do the database synchronization activities (when necessary), while the workers will automatically wait until that is finished.\n\nWhen you make changes to your domain model, the Mendix Runtime will need to synchronize data model changes with the database on startup. This will only happen on instance `0` . The other instances will wait until the database is fully synchronized. This is determined via the `CF_INSTANCE_INDEX` environment variable. This is a built-in variable in Cloud Foundry, you do not need to set it yourself. If the environment variable is not present (this is the case in e.g. older Cloud Foundry versions) every instance will attempt to synchronize the database. A warning containing the text `CF_INSTANCE_INDEX environment variable not found` will be printed in the log.\n\nFor Mendix \u003c 9.12, scheduled events will also only be executed on instance `0`. See the section [Configuring Scheduled Events](#scheduled-events).\n\nIn all horizontal scaling scenarios, extra care needs to be taken when programming Java actions. Examples of things to be avoided are:\n\n* Relying on singleton variables to keep global application state\n* Relying on scheduled events to make changes in memory. Scheduled events will only run on the primary instance for Mendix \u003c 9.12.\n\n### Constants\n\nThe default values for constants will be used as defined in your project. However, you can override them with environment variables. You need to replace the dot with an underscore and prefix it with `MX_` . So a constant like `Module.Constant` with value `ABC123` could be set like this:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e MX_Module_Constant \"ABC123\"\n```\n\nAfter changing environment variables, you need to restart your app. A full push is not necessary.\n\n```shell\ncf restart \u003cYOUR_APP\u003e\n```\n\n### Scheduled Events\n\nThe scheduled events can be configured using environment variable `SCHEDULED_EVENTS` .\n\nPossible values are `ALL` , `NONE`, or a comma separated list of the scheduled events that you would like to enable. For example: `ModuleA. ScheduledEvent, ModuleB. OtherScheduledEvent`\n\nFor Mendix versions \u003c 9.12, when scaling to multiple instances, the scheduled events that are enabled via the settings above will only be executed on instance `0` . The other instances will not execute scheduled events at all.\n\n### Custom Runtime Settings\n\nTo configure any of the advanced [Custom Runtime Settings](https://docs.mendix.com/refguide/custom-settings), you can use setting name prefixed with `MXRUNTIME_` as an environment variable.\n\nFor example, to configure the `ConnectionPoolingMinIdle` setting to value `10` , you can set the following environment variable:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_ConnectionPoolingMinIdle 10\n```\n\nIf the setting contains a dot `.` you can use an underscore `_` in the environment variable. So to set `com.mendix.storage.s3.EndPoint` to `foo` you can use:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e MXRUNTIME_com_mendix_storage_s3_EndPoint foo\n```\n\n### Client Certificates\n\nTo add client certificates to the Mendix runtime configuration, use the `CLIENT_CERTIFICATES` environment variable.\n\nExample:\n\n```json\n[\n {\"pfx\": \"AaBbCc==\", \"password\": \"password1\", \"pin_to\": [\"Module.WS1\", \"/bla/bla\"]},\n {\"pfx\": \"DdEeFf==\", \"password\": \"\"}\n]\n```\n\nThe buildpack ensures that the environment variable is converted into custom runtime settings, and client certificate support is dependent on runtime support. Please consult the [runtime documentation](https://docs.mendix.com/howto/integration/use-a-client-certificate) on client certificates for the runtime version of your application for further support.\n\n#### Client Certificate Format\n\nThe environment variable is in JSON format and is a list ( `[]` ) of **client certificate objects**. Each object contains the following fields:\n\n| Field | Type | Required | Example | Description |\n| ---------- | ---------------- | -------- | ---------------------------- | ------------------------------------------------------------------------------------------- |\n| `pfx` | `string(base64)` | Yes | `\"AaBbCc==\"` | Certificate in [PKCS#12 format](https://en.wikipedia.org/wiki/PKCS_12), encoded in `base64` |\n| `password` | `string` | Yes | `\"password1\"` | Certificate password. Can be blank. |\n| `pin_to` | `[string]` | No | `[\"Module.WS1\", \"/bla/bla\"]` | JSON list of Mendix modules or relative paths to pin the client certificate to |\n\n### Data Snapshots\n\nIf you want to enable initializing your database and files from an existing data snapshot included in the MDA, set the environment variable `USE_DATA_SNAPSHOT` to `true` .\n\n*:warning: This only works when the database is completely empty. If there are any Mendix tables defined in the database, the Mendix Runtime will refuse to overwrite it. If you have ever started an app before setting this environment variable (thereby initializing the database), you will not be able to import a data snapshot.*\n\n### License Activation\n\nTo activate a license on your application you need license credentials. These credentials can be obtained by contacting Mendix Support.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e LICENSE_ID \u003cUUID\u003e\ncf set-env \u003cYOUR_APP\u003e LICENSE_KEY \u003cLicenseKey\u003e\n```\n\nAn example `UUID` is `aab8a0a1-1370-467e-918d-3a243b0ae160` and `LicenseKey` is a very long `base64` string. The app needs to be restarted for the license to be effective.\n\n## Java Configuration\n\nThis buildpack provides the [Adoptium](https://adoptium.net/) JDK and JRE.\n\n### Java Version\n\nThe buildpack will automatically determine the Java version from metadata(it will have JavaVersion as json attribute). The default Java version is 8. For Mendix 8 and above, the default Java version is 11.\nMetadata JavaVersion attribute will have these values \"11\", \"17\" or in the future \"21\".\n\nWe do not recommend overriding the Java version for the buildpack. However, for cases where this is required, the `JAVA_VERSION` variable can be used to override the version number.\n\nExample:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e JAVA_VERSION 11\n```\n\nThis will resolve the Java dependency using major version number 11. The JDK or JRE with this version number must be specified in [`dependencies.yml`](dependencies.yml) and either be present on the Mendix CDN or in the `vendor` directory (see [here](DEVELOPING.md#managing-external-dependencies)).\n\nMinor versions are also supported, but only if they are specified in the dependency configuration correctly. Example:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e JAVA_VERSION 11.0.15\n```\n\nThis example will only work correctly if the specific file for version 11.0.15 is present.\n\n### Java Heap Size\n\nThe Java heap size is configured automatically based on best practices. You can tweak this to your needs by using another environment variable, in which case it is used directly.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e HEAP_SIZE 512M\n```\n\n### Java Max Metaspace Size\n\nThe Java Max Metaspace Size is configured automatically based on best practices. You can tweak this to your needs by using another environment variable, in which case it is used directly.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e MAX_METASPACE_SIZE 512M\n```\n\n### Java Garbage Collector\n\nThe Java garbage collector is configured automatically based on best practices. You can tweak this to your needs by using another environment variable, the accepted values are Serial or G1.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e JVM_GARBAGE_COLLECTOR Serial\n```\n\n### Java Virtual Machine (JVM) Settings\n\nYou can configure the Java properties by providing the `JAVA_OPTS` enviroment variable to the application.\n\nConfigure the `JAVA_OPTS` environment variable by using the `cf set-env` command.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e JAVA_OPTS '[\"-Djava.rmi.server.hostname=127.0.0.1\", \"-Dcom.sun.management.jmxremote.authenticate=false\", \"-Dcom.sun.management.jmxremote.ssl=false\", \"-Dcom.sun.management.jmxremote.port=5000\", \"-Dcom.sun.management.jmxremote.rmi.port=5000\"]'\n```\n\n#### Enabling TLSv1.0 and TLSv1.1 for Outgoing Connections\n\nOpenJDK disabled the insecure / End-of-Life TLSv1.0 and TLSv1.1 protocols for outgoing connections by default in April 2021. Since the buildpack uses an OpenJDK distribution, these protocols are also disabled by default for the buildpack.\n\nTo re-enable TLSv1.0 and TLSv1.1 for outgoing connections, set the `ENABLE_OUTGOING_TLS_10_11` environment variable to `true`, and **restage** your application.\n\n**:warning: Enabling TLSv1.0 and TLSv1.1 for outgoing connections is at your own risk, and this functionality may disappear at any time.**\n\n### Certificate Authorities\n\nTo import Certificate Authorities (CAs) into the Java trust store, use the `CERTIFICATE_AUTHORITIES` environment variable.\n\nThe contents of this variable should be a concatenated string containing a the additional CAs in [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) that are trusted.\n\nExample:\n\n```plaintext\n-----BEGIN CERTIFICATE-----\nAaBbCc==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nDdEeFf==\n-----END CERTIFICATE-----\n```\n\nNote that if a certificate is signed by an intermediary, the complete certificate chain has to be added.\n\n## Built-In Proxy Configuration\n\nThe buildpack includes an `nginx` proxy which can add custom HTTP headers. It also allows to set access restrictions.\n\n### HTTP Headers\n\nHTTP headers allow the client and the server to pass additional information with the request or the response which defines the operating parameters of an HTTP transaction. Few of the response headers can be configured via `HTTP_RESPONSE_HEADERS` environment variable and setting a JSON string value to configure multiple supported headers. See [Environment Details - Developer Portal Guide | Mendix Documentation Section 4.2](https://docs.mendix.com/developerportal/deploy/environments-details) for all supported headers and options.\n\nFor example, to configure `X-Frame-Options` , you can set `HTTP_RESPONSE_HEADERS` environment variable like below:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e HTTP_RESPONSE_HEADERS '{\"X-Frame-Options\": \"allow-from https://mendix.com\"}'\n```\n\nto configure multiple supported headers, you can set it like below:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e HTTP_RESPONSE_HEADERS '{\"Referrer-Policy\": \"no-referrer-when-downgrade\", \"X-Content-Type-Options\": \"nosniff\"}'\n```\n\n#### Enabling SameSite / Secure Cookie Header Injection for Mendix Runtime \u003c 8.12\n\nGoogle Chrome will - at a certain moment - [enforce cookie security](https://www.chromium.org/updates/same-site) by requiring the `SameSite` and `Secure` atrributes for all cookies. Mendix runtime versions \u003c 8.12 do not include these properties in cookies.\n\nThe buildpack can inject these two properties into all cookies for affected runtime versions.\n\nThis workaround is disabled by default. If your application supports injecting these cookies, you can choose to enable cookie header injection by setting the `SAMESITE_COOKIE_PRE_MX812` environment variable to `true` .\n\n### Access Restrictions\n\nThe buildpack proxy has the possibility to set access restrictions for certain application paths. To do so, use the `ACCESS_RESTRICTIONS` environment variable.\n\nExample:\n\n```json\n{\n \"/\": {\"ipfilter\": [\"10.0.0.0/8\"], \"client_cert\": true, \"satisfy\": \"any\"},\n \"/ws/MyWebService/\": {\"ipfilter\": [\"10.0.0.0/8\"], \"client_cert\": true, \"satisfy\": \"all\"},\n \"/CustomRequestHandler/\": {\"ipfilter\": [\"10.0.0.0/8\"]},\n \"/CustomRequestHandler2/\": {\"basic_auth\": {\"user1\": \"password\", \"user2\": \"password2\"}},\n}\n```\n\n#### Access Restrictions Format\n\nThe environment variable is in JSON format and is a collection ( `{}` ) of **path restriction objects**. Each object is defined by a `path` (relative to the application root URL). A restriction object applies to that path and all sub-paths. Inheritance can be overridden by adding a restriction object for a sub-path. These settings will then override the parent object.\n\nNote that:\n\n* Access restrictions are not supported for reserved system paths\n* A path restriction object must at least contain one restriction object\n\nA path restriction object is composed of the following fields:\n\n| Field | Type | Example | Description |\n| ------------- | --------------------------------------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |\n| `ipfilter` | `[string]` | `[\"10.0.0.0/8\"]` | List of IPs to allow in [CIDR format](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). An empty list will allow access from all IPs. |\n| `client_cert` | `boolean` | `false` | Enables checking client certificates. The certificate for the exact path the restriction applies to must be correctly provided with the [`CLIENT_CERTIFICATES` environment variable](#client-certificates). |\n| `basic_auth` | `{string: string, string: string, ...}` | `{\"user1\": \"password\", \"user2\": \"password2\"}` | Adds a [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) restriction. Multiple user / password combinations can be supplied in one JSON object. |\n| `satisfy` | `string(any\\|all)` | `\"any\"` | Defines how restrictions are evaluated. `any` is equivalent to logical `OR` , `all` to `AND` . |\n| `issuer_dn` | `string` | `\"CN=example.com,O=example Inc.\"` | Adds certificate pinning through the `\"Ssl-Client-Issuer-Dn\"` header. This header must be supplied through an upstream proxy. |\n\n### Custom Locations\n\nThe buildpack proxy features a more general mechanism than [access restrictions](#access-restrictions) to configure custom `nginx` locations. To use this feature, set the `NGINX_CUSTOM_LOCATIONS` environment variable.\n\nExample:\n\n```json\n{\n \"/custom_location_1\": {\"body\": \"internal;\\nset $some_value_1 $other_value_1;\"},\n \"/custom_location_1/custom_location_2\": {\"body\": \"internal;\\nset $some_value_2 $other_value_2;\"},\n}\n```\n\n#### Custom Locations Format\n\nThe environment variable is in JSON format and is a collection ( `{}` ) of **custom location objects**. Each object is defined by a `path` (relative to the application root URL). A custom location object applies to that path and all sub-paths. Inheritance can be overridden by adding a custom location object for a sub-path. These settings will then override the parent object.\n\nThe only allowed field in a custom location object is `body`. This field contains the escaped `nginx` configuration for that location. If there are more fields present, the custom location will be rejected.\n\nNote that:\n\n* [Access restrictions](#access-restrictions) take precedence over custom locations, i.e. an access restriction with the same path as a custom location overrides that custom location\n* Custom locations are not supported for reserved system paths\n\n## Telemetry Configuration\n\nThe buildpack includes a variety of telemetry agents that can be configured to collect and forward metrics/logs from the Mendix Runtime.\n\n### New Relic\n\n#### Set up New Relic integration\n\n[Fluent Bit](https://docs.fluentbit.io/manual/) is used to collect Mendix Runtime logs to [New Relic](https://newrelic.com/).\n\nThe metrics are collected by the [New Relic Java Agent](https://docs.newrelic.com/docs/apm/agents/java-agent/features/jvms-page-java-view-app-server-metrics-jmx/) and an integration with the [Telegraf agent](https://docs.influxdata.com/telegraf/).\n\nTo enable the integration you must provide the following variables:\n\n| Environment variable | Value example | Default | Description |\n|-------------------------|------------------------------------------------|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------|\n| `NEW_RELIC_LICENSE_KEY` | `api_key` | - | License Key or API Key ([docs](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/)) |\n| `NEW_RELIC_METRICS_URI` | `https://metric-api.eu.newrelic.com/metric/v1` | - | Metrics endpoint API ([docs](https://docs.newrelic.com/docs/data-apis/ingest-apis/metric-api/report-metrics-metric-api/#api-endpoint)) |\n| `NEW_RELIC_LOGS_URI` | `https://log-api.eu.newrelic.com/log/v1` | - | Logs endpoint API ([docs](https://docs.newrelic.com/docs/logs/log-api/introduction-log-api/)) |\n| `NEW_RELIC_APP_NAME` | `MyApp` | application domain name | Optional. Mendix App name shown on New Relic |\n| `LOGS_REDACTION` | `true` | `true` | Optional. Enables email address redaction from logs |\n\n:warning: For the first usage of the New Relic integration, the Mendix app should be redeployed after setting the variables up.\n\n#### Tags/Metadata in metrics and logs\n\nIn addition to the runtime application logs, the following JSON-formatted metadata is automatically sent to New Relic, both for\nthe metrics collected by the agent and the custom ones, pushed by Telegraf:\n\n* `environment_id` - unique identifier of the environment;\n* `instance_index` - number of the application instance;\n* `hostname` - name of the application host;\n* `application_name` - default application name, retrieved from domain name;\n* `model_version` - model version of the Mendix runtime;\n* `runtime_version` - version of the Mendix runtime.\n\n:information_source: `model_version` and `runtime_version` are only available to the custom metrics.\n\n#### Custom tags\n\nYou can also set up custom tags in the following format `key:value`.\nBelow, are listed some suggested tags that you might want to use:\n\n* `app:{app_name}` – this enables you to identify all logs sent from your app (for example, **app:customermanagement**)\n* `env:{environment_name}` – this enables you to identify logs sent from a particular environment so you can separate out production logs from test logs (for example, **env:accp**)\n\n#### Service-binding integration (on-prem only) - DEPRECATED\n\nTo enable New Relic, simply bind a New Relic service to this app and settings will be picked up automatically. Afterwards you have to restage your application to enable the New Relic agent.\n\nThis integration does not support logs or custom metrics.\n\n:warning: The default `NEW_RELIC_APP_NAME` for this integration used to be the environment ID of the application. Now the value is the domain name set to the application.\nIf you want to keep using the environment id, you will have to set this variable yourself to that value.\n\n### Splunk\n\n#### Set up Splunk integration\n\nTo collect Mendix Runtime logs to [Splunk Cloud Platform](https://www.splunk.com/en_us/products/splunk-cloud-platform.html),\n[Fluent Bit](https://docs.fluentbit.io/manual/) is used.\n\nTo enable Splunk integration for a Mendix application, following environment variables should be configured.\n\n:warning: For the first usage of Splunk integration the Mendix app should be **redeployed** after setting the variables up.\n\n| Environment variable | Value example | Default | Description |\n|-------------------------|------------------------|---------|--------------------------------------------------------------------------------------------|\n| `SPLUNK_HOST` | `test.splunkcloud.com` | - | Host of Splunk Cloud without 'http://' |\n| `SPLUNK_PORT` | `8088` | `8088` | Port of Splunk Cloud |\n| `SPLUNK_TOKEN`¹ | `uuid token` | - | Token from Splunk Cloud dashboard |\n| `SPLUNK_LOGS_REDACTION` | `true` | `true` | **DEPRECATED** - If `true` emails in log message are redacted - Use LOGS_REDACTION instead |\n| `LOGS_REDACTION` | `true` | `true` | Enables email address redaction from logs |\n\n1) To create new token on Splunk Cloud dashboard go to `Settings -\u003e Data Input -\u003e HTTP Event Collector` and push\nbutton `New Token` in the top-right corner of the page.\n\nOnce the Mendix application is redeployed/restarted, the runtime application logs should appear on the Splunk Cloud under `Search \u0026 Reporting`.\nIn the search line specify: `source=\"http:your_token_name\"`, click search button.\n\n#### Metadata\n\nIn addition to the runtime application logs, the following JSON-formatted metadata is automatically sent to the Splunk Cloud Platform:\n\n* `environment_id` - unique identifier of the environment;\n* `instance_index` - number of the application instance;\n* `hostname` - name of the application host;\n* `application_name` - default application name, retrieved from domain name;\n* `model_version` - model version of the Mendix runtime;\n* `runtime_version` - version of the Mendix runtime.\n\nYou can filter the data by these fields on Splunk Cloud Platform web interface.\n\n#### Custom tags\n\nYou can also set up custom tags in the following format `key:value`. We recommend that you add the following custom tags:\n\n* `app:{app_name}` – this enables you to identify all logs sent from your app (for example, **app:customermanagement**)\n* `env:{environment_name}` – this enables you to identify logs sent from a particular environment so you can separate out production logs from test logs (for example, **env:accp**)\n\n### AppDynamics\n\nAll the information collected with AppDynamics Java Agent and Machine Agent is pushed to Controller and displayed on the [Controller UI](https://docs.appdynamics.com/21.1/en/appdynamics-essentials/getting-started/controller-ui-overview).\n\n#### Basic functionality\n\nTo enable AppDynamics, configure the following environment variables.\nThese settings enable basic (Java Agent related) AppDynamics features.\nMore information here: [Environment variables](https://docs.appdynamics.com/22.2/en/application-monitoring/install-app-server-agents/java-agent/install-the-java-agent/use-environment-variables-for-java-agent-settings#UseEnvironmentVariablesforJavaAgentSettings-EnvironmentVariables).\n\nPlease note that AppDynamics requires Mendix 7.15 or higher.\n\n| Environment Variable | Value example | Default | Description |\n| ----------------------------------- | ----------------------------------------------------------------------- | -------------------------- | ------------------------------------------------ |\n| `APPDYNAMICS_CONTROLLER_PORT` | `443` | `443` | Port of AppDynamics controller |\n| `APPDYNAMICS_CONTROLLER_SSL_ENABLED` | `true` | `true` | Set if SSL is required |\n| `APPDYNAMICS_CONTROLLER_HOST_NAME` | `\u003cacc_name\u003e.test.com` | - | Name of AppDynamics host without 'http://' |\n| `APPDYNAMICS_AGENT_APPLICATION_NAME` | `\u003ctest-accp\u003e` | App name as on Dev. Portal | Name of the app to be displayed on Controller UI |\n| `APPDYNAMICS_AGENT_ACCOUNT_NAME` | `\u003cacc_name\u003e` | - | See 'License/Account' on the Controller UI |\n| `APPDYNAMICS_AGENT_ACCOUNT_ACCESS_KEY` | `\u003csecret\u003e` | - | See 'License/Account' on the Controller UI |\n| `APPDYNAMICS_AGENT_NODE_NAME`¹ | `\u003cnode\u003e` (finally `\u003cnode\u003e_\u003cnum\u003e`, `\u003cnum\u003e` is being added automatically) | node | How a node is displayed on the Controller UI |\n| `APPDYNAMICS_AGENT_TIER_NAME` | `\u003cenv_id\u003e` | App Environment UUID | How a tier is displayed on the Controller UI |\n\n1) The `APPDYNAMICS_AGENT_NODE_NAME` environment variable will be appended with the value of the `CF_INSTANCE_ID` variable. If you use `node` for `APPDYNAMICS_AGENT_NODE_NAME` , the AppDynamics agent will be configured as `node-0` for instance `0` and `node-1` for instance `1` , etc.\n\nFor more details about nodes and tiers: [Tiers and Nodes](https://docs.appdynamics.com/22.1/en/application-monitoring/tiers-and-nodes).\n\nRequired variables: `APPDYNAMICS_AGENT_ACCOUNT_NAME`, `APPDYNAMICS_AGENT_ACCOUNT_ACCESS_KEY` and `APPDYNAMICS_CONTROLLER_HOST_NAME`.\n\nIf you have all the required environment variables specified above, the AppDynamics Java Agent will be configured for your application.\n\nThe other environment variables are optional and will be set to the default values.\nAfter configuring these environment variables, restart your app for the agent to be enabled.\nIf the agent has not been installed it is necessary to redeploy the app.\n\n#### Extended functionality\n\n**:warning: This functionality is fully supported in Mendix version 9.7 and later.\nFor older versions, a limited amount of metrics are available:**\n\n* `postgres.` metrics,\n* `mx.client.` metrics.\n\nThe Mendix App metrics collected by the Telegraf Agent also can be pushed to AppDynamics Controller.\nThese metrics are pushed to [Machine Agent HTTP Listener](https://docs.appdynamics.com/22.1/en/infrastructure-visibility/machine-agent/extensions-and-custom-metrics/machine-agent-http-listener).\n\nTo activate the Machine Agent provide following environment variable:\n\n`APPDYNAMICS_MACHINE_AGENT_ENABLED: true`\n\nAfter the variable is set up the application should be restarted.\nIf the Machine Agent has not been installed it is necessary to redeploy the app.\n\nPlease note, that this variable is custom feature flag for the buildpack. It cannot be found in AppDynamics documentation.\nFrom the perspective of AppDynamics the Mendix App metrics are considered as a 'Custom Metrics'. So to observe these metrics you should open `Metric Browser` and navigate to:\n\n`Application Infrastructure Performance -\u003e \u003ctier_name\u003e -\u003e Custom Metrics -\u003e Mx Runtime Statistics`.\n\n### Datadog\n\nThe Datadog integration features a limited Datadog Agent installation included in the [official Datadog Cloud Foundry Buildpack](https://github.com/DataDog/datadog-cloudfoundry-buildpack). The following information is collected:\n\n* [Application metrics](https://docs.mendix.com/developerportal/operate/datadog-metrics) are collected by the Datadog IoT agent.\n* [JMX metrics](https://docs.datadoghq.com/integrations/java/) and [APM traces](https://docs.datadoghq.com/tracing/setup_overview/setup/java/) are retrieved using the Datadog Java trace agent and collected by the Datadog agent.\n* [PostgreSQL metrics](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/postgresql) are collected by an included [Telegraf agent](https://docs.influxdata.com/telegraf/) and sent directly to Datadog via the Datadog API.\n\nTo enable Datadog, configure the following environment variables:\n\n| Environment Variable | Description |\n| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `DD_API_KEY` | The Datadog API key. Can can be configured in the `Integrations -\u003e API` screen of the user interface for your Datadog organization. |\n| `DD_LOG_LEVEL` | Ensures that log messages are sent to Datadog. A safe level would be `INFO` , but it can be later adjusted to different levels: `CRITICAL` , `ERROR` , `WARNING` , or `DEBUG` . |\n\nIf you're using a Datadog EU organization, you should also set the `DD_SITE` environment variable accordingly.\n\nAdditionally, the following integration-specific variables are available:\n| Environment Variable | Default Value | Description |\n| ------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `DATADOG_DATABASE_DISKSTORAGE_METRIC` | `true` | Enables a metric denoting the disk storage size available to the database. This metric is set in the `DATABASE_DISKSTORAGE` environment variable. |\n| `DATADOG_DATABASE_RATE_COUNT_METRICS` | `false` | Enables additional rate / count database metrics currently not compatible with the Datadog PostgreSQL integration |\n| `DATADOG_LOGS_REDACTION` | `true` | **DEPRECATED** - Enables email address redaction from logs - Use LOGS_REDACTION instead |\n| `LOGS_REDACTION` | `true` | Enables email address redaction from logs |\n\nTo receive metrics from the runtime, the Mendix Java Agent is added to the runtime as Java agent. This agent can be configured by passing a JSON in the environment variable `METRICS_AGENT_CONFIG` as described in [Datadog for v4 Mendix Cloud](https://docs.mendix.com/developerportal/operate/datadog-metrics).\n\nPlease note that application metric collection **requires Mendix 7.14 or higher**.\n\n#### Presets\n\nFor correlation purposes, we set the Datadog `service` for you to match your **application name**. This name is derived in the following order:\n\n1. Your Mendix `service:` tag if you have set this in the runtime settings or `TAGS` environment variable.\n *Format:* `[\"service:myfirstapp\", \"tag2:value2\", ...]`.\n2. Your Mendix `app:` tag if you have set this in the runtime settings or `TAGS` environment variable.\n *Example:* for `app:myfirstapp` , `service` will be set to `myfirstapp`.\n3. The first part of the Cloud Foundry route URI configured for your application, without numeric characters.\n *Example:* for a route URI `myfirstapp1000-test.example.com` , `service` will be set to `myfirstapp` .\n\nAdditionally, we configure the following Datadog environment variables for you:\n\n| Environment Variable | Value | Can Be Overridden? | Description |\n| ---------------------- | ---------------------------------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |\n| `DD_HOSTNAME` | `\u003capp\u003e-\u003cenv\u003e.mendixcloud.com\u003c-instance\u003e` | No | Human-readable host name for your application |\n| `DD_ENV` | `\u003cenv\u003e` | Yes | Reserved tag. Set to the value of the `env` tag. Defaults to `none` . |\n| `DD_SERVICE` | `\u003capp\u003e` | Yes | Reserved tag. Set as as described before. Is only set when `DD_TRACE_ENABLED` is set to `true` . |\n| `DD_VERSION` | `\u003cmodel_version\u003e` | Yes | Reserved tag. Set to the value of the `version` tag. Defaults to the Mendix model version of the application. |\n| `DD_TAGS` | `tag1:value1,...:...` | Yes | Global tags for Datadog Agent(s). Derived from the runtime settings in Mendix Public Cloud or the `TAGS` environment variable. |\n| `DD_TRACE_ENABLED` | `false` | Yes | Enables Datadog APM and the Trace Agent(s). **Enabling Datadog APM is experimental and enables tracing via the [Datadog Java Trace Agent](https://docs.datadoghq.com/tracing/setup/java/) tracing functionality.** |\n| `DD_PROFILING_ENABLED` | `false` | Yes | Enables Datadog APM and the Trace Agent(s). **Enabling Datadog Profiling is experimental and can only be enabled for Mendix 7.23.1 and up, and requires tracing to be enabled.** |\n| `DD_JMXFETCH_ENABLED` | `true` | No | Enables Datadog Java Trace Agent JMX metrics fetching |\n| `DD_SERVICE_MAPPING` | `\u003cdatabase\u003e:\u003capp\u003e.db` | No | Links your database to your app in Datadog APM |\n| `DD_LOGS_ENABLED` | `true` | No | Enables sending your application logs directly to Datadog |\n| `DD_ENABLE_CHECKS` | `false` | Yes | Enables system metrics. These are disabled by default, as the metrics might be host metrics instead of container metrics. |\n\nOther environment variables can be set as per the [Datadog Agent documentation](https://docs.datadoghq.com/agent/).\n\n#### Known Limitations\n\nTelegraf [does not support (Datadog) metric types correctly yet](https://github.com/influxdata/telegraf/issues/6822) (e.g. rate, counter, gauge). This means that all database metrics are currently pushed to Datadog as a gauge.\n\nThe most important metrics ( `before_xid_wraparound` , `connections` , `database_size` , `db.count` , `locks` , `max_connections` , `percent_usage_connections` , `table.count` , `deadlocks` ) are gauges and are compatible with the Datadog PostgreSQL integration and associated dashboards.\n\n*If you do require the additional rate and counter metrics, there is a workaround available.* First, set the `DATADOG_DATABASE_RATE_COUNT_METRICS` environment variable to `true` . After that variable is enabled, the rate and counter metrics are suffixed by either `_count` or `_rate` to prevent collisions with the official Datadog metrics. In the Datadog UI, the [metric type and unit can be changed](https://docs.datadoghq.com/developers/metrics/type_modifiers/?tab=count#modify-a-metrics-type-within-datadog) to reflect this. We also set a helpful `interval` tag ( `10s` ) which can be used here. Additionally, gauge metrics can be [rolled up in Datadog dashboards](https://docs.datadoghq.com/dashboards/functions/rollup/). The correct type and unit for other submitted metrics can be found [here](https://github.com/DataDog/integrations-core/blob/master/postgres/metadata.csv).\n\n### Dynatrace\n\nThe Dynatrace integration features Dynatrace OneAgent installation and telegraf output configuration.\n\n* Dynatrace OneAgent collects various system metrics\n* Custom metrics are provided via telegraf (only applicable for Mendix version 9.7 and above)\n\nTo enable Dynatrace ingestion, configure the following environment variables:\n\n| Environment Variable | Description |\n| -------------------- | ----------------------------------------------------------------------------------------------|\n| `DT_PAAS_TOKEN` | The token for integrating your Dynatrace environment with your Mendix app |\n| `DT_SAAS_URL` | Monitoring endpoint url of the Dynatrace service |\n| `DT_TENANT` | Environment id of your Dynatrace environment. (see: \u003chttps://www.dynatrace.com/support/help/get-started/monitoring-environment/environment-id\u003e) |\n| `DT_IS_MANAGED` | [Optional] Should be set to `true` for Dynatrace Managed |\n| `DT_CLUSTER_ID` | [Optional] Can be used to tag process groups |\n| `DT_CUSTOM_PROP` | [Optional] Can be used to provide metadata for process groups |\n\nThese scopes must be included while creating the access token (`DT_PAAS_TOKEN`):\n\n* PaaS integration - Installer download\n* Ingest metrics\n\nFor the custom metrics (via telegraf), buildpack attaches these default tags to metrics that are pushed to Dynatrace:\n\n* `app` - Environment Id of the Mendix application\n* `instance_index` - Instance index that metrics belong to\n\nExtra tags can be attached via `TAGS` environment variable (example value: `[env:accp]`)\n\n### Logging\n\nThe buildpack provides several options to configure logging.\n\n#### Buildpack Log Levels\n\nTo set the log level for the buildpack itself to `DEBUG`, set the `BUILDPACK_XTRACE` environment variable to `true` .\n\n#### Mendix Runtime Log Levels\n\nIt is possible to configure Mendix Runtime log levels using environment variables. This allows getting a better insight in the behavior of your Mendix app. This happens by adding one or more environment variables starting with the name `LOGGING_CONFIG`. The part of the name after that is not relevant and only used to distinguish between multiple entries if necessary. Its value should be valid JSON, in the format:\n\n```json\n{\n \"LOGNODE\": \"LEVEL\"\n}\n```\n\nYou can see the available Log Nodes in your application in Mendix Studio Pro. The level should be one of:\n\n* `CRITICAL`\n* `ERROR`\n* `WARNING`\n* `INFO`\n* `DEBUG`\n* `TRACE`\n\nExample:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e LOGGING_CONFIG '{\"\u003cLOG NODE VALUE\u003e\": \"DEBUG\"}'\n```\n\n#### Rate-limiting of Log Output\n\nThe buildpack has the ability to rate-limit the amount of log lines from the Mendix Runtime. This can be useful for apps that misbehave and cause problems for other users in a multi-tenant environment. Rate-limiting is done in log lines per second. Extra lines are dropped and the number of dropped messages is printed on `stderr` .\n\nExample (1000 loglines/second):\n\n```shell\ncf set-env \u003cYOUR_APP\u003e LOG_RATELIMIT '1000'\n```\n\n### Custom Runtime Metrics filtering\n\nFor the third-party integrations explained above, in addition to the metrics collected by the agents, custom runtime metrics are provided via telegraf.\nThis configuration also has a filtering mechanism that allows users to specify metrics they allow or deny for the vendor they are using.\nTo filter the ingestion of custom runtime metrics to third party APMs, users should provide a list of prefixes of the metrics they want to allow/deny using the environment variables listed below.\n\nNote: Custom database metrics cannot be filtered by name, to turn them off, the `APPMETRICS_INCLUDE_DB` environment variable should be set to false.\n\n#### APM_METRICS_FILTER_ALLOW\n\nComma-separated list of prefixes for the metrics to be allowed. By default, all metrics are allowed, even if they are not specified via this env var.\n\nFor example, to allow only the session metrics, `APM_METRICS_FILTER_ALLOW` should be set to `mx.runtime.stats.sessions`:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e APM_METRICS_FILTER_ALLOW 'mx.runtime.stats.sessions'\n```\n\n#### APM_METRICS_FILTER_DENY\n\nComma-separated list of prefixes for the metrics to be denied.\n\nFor example, to deny all metrics starting with jetty or mx.runtime, the environment variable should be set to `jetty,mx.runtime`:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e APM_METRICS_FILTER_DENY 'jetty,mx.runtime'\n```\n\n#### APM_METRICS_FILTER_DENY_ALL\n\nIf this environment variable is set to `true`, all metrics will be denied regardless of values of `APM_METRICS_FILTER_ALLOW`, `APM_METRICS_FILTER_DENY`, and `APPMETRICS_INCLUDE_DB`.\n\n```shell\ncf set-env \u003cYOUR_APP\u003e APM_METRICS_FILTER_DENY_ALL true\n```\n\n## Using the Buildpack without an Internet Connection\n\nIf you are running Cloud Foundry without a connection to the Internet, you should specify an on-premises web server that hosts Mendix Runtime files and other buildpack dependencies. You can set the endpoint with the following environment variable:\n\n `BLOBSTORE: https://my-intranet-webserver.my-company.com/mendix/`\n\nThe preferred way to set up this on-premises web server is as a transparent proxy to `https://cdn.mendix.com/` . This prevents manual work by system administrators every time a new Mendix version is released.\nAlternatively you can [vendorize the required dependencies](DEVELOPING.md#vendoring-external-dependencies).\n\nA list of buildpack dependencies can be downloaded from [here](https://cdn.mendix.com/listing.txt).\n\nFor more information about external dependency management, please check [here](DEVELOPING.md#managing-external-dependencies).\n\n## Troubleshooting\n\nThe buildpack provides several facilities for troubleshooting.\n\n### Enabling the Mendix Debugger\n\nYou can enable the Mendix Debugger by setting a `DEBUGGER_PASSWORD` environment variable. This will enable and open up the debugger for the lifetime of this process and is to be used with caution. The debugger is reachable on `https://DOMAIN/debugger/`. You can follow the second half of this [How To](https://docs.mendix.com/howto/monitoring-troubleshooting/debug-microflows) to connect with Mendix Studio Pro. To stop the debugger, unset the environment variable and restart the application.\n\n### Rescue Mode\n\nSometimes the app won't run because it exits with status code 143. Or, for any reason, the app is unable to start, leaving you unable to debug the issue from within the container. For these cases we have introduced a `DEBUG_CONTAINER` mode. To enable it:\n\n```shell\ncf set-env \u003cYOUR_APP\u003e DEBUG_CONTAINER true\ncf restart \u003cYOUR_APP\u003e\n```\n\nNow your app will start in CloudFoundry (i.e. the Mendix Runtime will not start yet) and you can troubleshoot the problem with:\n\n```shell\ncf ssh \u003cYOUR_APP\u003e\nexport HOME=$HOME/app # this should not be needed but for now it is\nexport DEBUG_CONTAINER=false # while we are in the container turn it off, we could try to make this optional by detecting other environment variables that are present over ssh but not regular start\nexport PORT=1234 # so that nginx can start correctly\ncd app\nPYTHONPATH=:buildpack:lib python3 buildpack/start.py\n```\n\nAfter you are done, you can disable debug mode with:\n\n```shell\ncf unset-env \u003cYOUR_APP\u003e DEBUG_CONTAINER\ncf restart \u003cYOUR_APP\u003e\n```\n\nSimilarly, if you need to use `m2ee-tools` inside the container for debugging\npurposes, you can do the following:\n\n```shell\ncf ssh \u003cYOUR_APP\u003e\nexport PYTHONPATH=/home/vcap/app/.local/lib/python3.10/site-packages/:/home/vcap/app/lib/\npython3\n```\n\nand in the interactive Python console:\n\n```python\nimport os\nfrom m2ee.client import M2EEClient\nclient = M2EEClient('http://localhost:8082', os.environ['M2EE_PASSWORD'])\n```\n\n## Developing and Contributing\n\nPlease see [`DEVELOPING.md`](DEVELOPING.md) and [`CONTRIBUTING.md`](CONTRIBUTING.md).\n\n## License\n\nThis project is licensed under the Apache License v2 (for details, see the [`LICENSE`](LICENSE) file).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendix%2Fcf-mendix-buildpack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmendix%2Fcf-mendix-buildpack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendix%2Fcf-mendix-buildpack/lists"}