Axure Cloud for Business On-Premises customsettings.json
The customsettings.json file contains many configuration options for your Axure Cloud for Business On-Premises server. If you installed the server in the default location, you can find the file at:
C:\Program Files\Axure\Share9\site\customsettings.json
If you installed and set up your server with the automated installer, all of the most important information in this file has been filled in for you.
If you're installing your server manually, you'll provide the necessary information by editing customsettings.json directly.
If you're unfamiliar with JavaScript Object Notation (JSON), check out the Mozilla Developer Network's JSON guide.
Example customsettings.json File with all possible fields
{
"SessionEncryptionKey": "?H2!h=cmK7%BQ_WejM!YyzvTe3R%#Tfs",
"RootStoragePath": "C:\\ProgramData\\AxureShare\\data",
"DbDialect": "MySql",
"ConnectionStrings": {
"ApplicationServices": "Data Source=123.456.789.10;Database=axshare;User Id=axshare_user;password=123456"
},
"MaxFileSize": 1000000000,
"GenerationTimeoutSeconds": 2700,
"urls": "http://*:80;https://*:443",
"MatchProtocolMode": "false",
"Kestrel": {
"Certificates": {
"Default": {
"Path": "C:\\Program Files\\Axure\\Share9\\site\\my-pfx-file.pfx",
"Password": "123456"
}
},
"Endpoints": {
"Https": {
"Url": "https://*:443"
}
}
},
"AxShareHost": "ux.sunsetsolar.com",
"AxSitesPrototypeDomain": ".ux.sunsetsolar.com",
"ShowExceptionDetails": "true",
"EnablePlugins": "true",
"EnableBetaFeatures": "true",
"CustomHeaders": {
"Strict-Transport-Security": "max-age=31536000",
"Content-Security-Policy": "default-src *; img-src * data:; script-src 'self' 'unsafe-inline'",
"Referrer-Policy": "strict-origin-when-cross-origin"
}
}
Required fields
SessionEncryptionKey
Value: A string of at least 32 random characters
Default: A randomly generated value
"SessionEncryptionKey": "?H2!h=cmK7%BQ_WejM!YyzvTe3R%#Tfs"
This value should be set to some secret value (we recommend a string of at least 32 random characters). This value is used to encrypt session information that the clients use to identify themselves.
Changing the session encryption key will log all users out of the system.
RootStoragePath
Value: Path to a valid directory on the system where large object data will be stored
Default: "C:\\ProgramData\\AxureShare\\data"
"RootStoragePath": "C:\\ProgramData\\AxureShare\\data"
This directory will store Axure RP files uploaded to the server by end users. It will also store HTML files the server generates from those uploaded files.
Backslashes in the folder path must be escaped, as in the example above.
The account that is running the web service will need Read and Write permissions to this directory.
DbDialect
Value: "MySql" or "SqlServer", depending on your database
Default: "MySql"
"DbDialect": "MySql"
ApplicationServices
Value: The connection string for your database
Default: An automatically generated string
"ConnectionStrings": {
"ApplicationServices": "Data Source=123.456.789.10;Database=axshare;User Id=axshare_user;password=123456"
}
Store the connection string to your database in the ApplicationServices key of the ConnectionStrings object. For help constructing a connection string for your database we recommend the following resource:
https://www.connectionstrings.com/
We recommend connecting to the database with a user that has the following permissions for each dialect:
- MySql: SELECT, INSERT, UPDATE, DELETE
- SqlServer: db_datareader, db_datawriter
Optional Fields
The optional fields of the customsettings.json file allow you to modify the Axure Cloud for Business On-Premises web server's behaviors and settings. Add these fields to overwrite the server's defaults.
MaxFileSize
Value: A number representing the maximum file size (in bytes) that can be uploaded to the server
Default: 419430400
"MaxFileSize": 1000000000
The maximum file size does not apply to team projects.
GenerationTimeoutSeconds
Value: A number representing the maximum time (in seconds) that the Axure RP generator is allowed to run
Default: 1800 (30 minutes)
"GenerationTimeoutSeconds": 2700
Increase this value if your organization is dealing with very large files that take a long time to generate. Make sure you have adequate compute capacity (or multiple cores) if you expect multiple simultaneous large file generations.
urls
Value: A semicolon-separated list of addresses and ports that the server should listen on
Default: "http://*:80;https://*:443"
"urls": "http://*:80;https://*:443"
MatchProtocolMode
Value: "true" or "false"
Default: "true"
"MatchProtocolMode": "true"
Used to enable the web server to dynamically run with HTTP or HTTPS, and with the port that is used to connect to the server. For instance, http://myserver.com:85 will serve with unsecured HTTP over port 85, while https://myserver.com will serve HTTPS over port 443 (if HTTPS is configured).
"MatchProtocolMode" MUST be set to "true" if you do not have an SSL certificate configured in the Kestrel object below, or via a reverse proxy. Otherwise, the server will always attempt to redirect to HTTPS.
If "MatchProtocolMode" is "true" and "HttpPort" is defined in the customsettings.json, then the server will always attempt to use HTTP over the given port number. This is configured to maintain backward compatibility with behavior that allowed for proxying functionality (proxying is required for using Axure Cloud for Business On-Premises with IIS).
If an AxSitesPrototypeDomain is set and "MatchProtocolMode" is "true", the scheme and port of the displayed prototype URLs will match the scheme and port used to connect to the server.
Kestrel
The Kestrel object is used to configure hosting options for your application. To learn more about configuring Kestrel, refer to the Microsoft documentation for Kestrel here:
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-2.2
Configuring HTTPS (SSL) Connections
You can force HTTPS (SSL) connections to your Axure Cloud for Business On-Premises server by providing access to a pfx file and adding an https endpoint in the Kestrel object.
First, you'll need to create a pfx file that contains the information for your server's SSL certificate. Once you have that ready, add the following to your customsettings.json file:
"MatchProtocolMode": "false",
"Kestrel": {
"Certificates": {
"Default": {
"Path": "C:\\Program Files\\Axure\\Share9\\site\\your-pfx-file.pfx",
"Password": "password for your pfx file"
}
},
"Endpoints": {
"Https": {
"Url": "https://*:443"
}
}
}
Backslashes in the file path must be escaped, as in the example above.
We strongly recommend storing the pfx file in the site directory. If you store it in a different location, ensure that the LocalSystem account has Read permission to the file.
AxShareHost
Value: The domain name for your Axure Cloud for Business On-Premises server, if you have assigned it one
Default: None
"AxShareHost": "ux.sunsetsolar.com"
If you set a domain, end users can only connect to the server using that domain.
AxSitesPrototypeDomain
Value: The AxShareHost domain with a period . before it
Default: None
"AxSitesPrototypeDomain": ".ux.sunsetsolar.com"
If this domain is not provided, prototypes stored on your Axure Cloud for Business On-Premises server will be hosted on the incoming domain, either the AxShareHost domain or the server's IP address. For example, https://ux.sunsetsolar.com/ABC123 where ABC123 is the prototype's 6-digit ID.
If this domain is provided, prototypes will be hosted at their own sub domains. For example, https://ABC123.ux.sunsetsolar.com
You must provide an AxShareHost domain in order to use the AxSitesPrototypeDomain.
You must provide an AxSitesPrototypeDomain in order to enable plugins.
ShowExceptionDetails
Value: "true" or "false"
Default: "false"
"ShowExceptionDetails": "true"
By default, the system will send friendly error messages to clients. This is generally recommended for security, but it can be helpful to set this to "true" in order to send more verbose error messages for troubleshooting.
EnablePlugins
Value: "true" or "false"
Default: "false"
"EnablePlugins": "true"
When set to "true", this field enables the plugins feature for Axure RP prototypes hosted on the Axure Cloud for Business On-Premises server.
You must also provide an AxSitesPrototypeDomain in order to enable plugins.
CustomHeaders
Value: An object containing key-value pairs for HTTP response headers
Default: None
"CustomHeaders": {
"Strict-Transport-Security": "max-age=31536000",
"Content-Security-Policy": "default-src *; img-src * data:; script-src 'self' 'unsafe-inline'",
"Referrer-Policy": "strict-origin-when-cross-origin"
}
The CustomHeaders field allows administrators to define additional HTTP response headers for security and permissions policies. These headers enhance security by controlling how browsers handle requests and enforce security protocols.
Any valid HTTP response header can be added to CustomHeaders. These examples demonstrate commonly used security headers, but administrators are free to include other headers as needed.
Examples of supported headers
-
Strict-Transport-Security (HSTS): Forces browsers to use HTTPS for all future requests to the site.
-
Content Security Policy (CSP): Helps mitigate XSS and data injection attacks by restricting resource loading.
-
Referrer-Policy: Controls how much referrer information is included with requests.
EnableBetaFeatures
Value: "true" or "false"
Default: "false"
"EnableBetaFeatures": "true"
Beta features are disabled by default in Axure Cloud for Business On-Premises servers. To enable these features, set EnableBetaFeatures to "true".