Configuration File
The Configuration File is the central setup point for UDMG. While Endpoints, Pipelines, and other Configuration Items are managed through the UDMG Admin UI or UDMG REST API, most global and system-level settings are defined here.
On the host where UDMG Server is installed, the default location of the file is:
# Linux
/opt/udmg/etc/udmg-server.hcl
# Windows
C:\Program Files\Stonebranch\UDMG Server\udmg-server.hcl
This file uses HCL (HashiCorp Configuration Language) to express structured configuration in a clear, declarative format.
UDMG also supports a set of custom functions (not part of standard HCL) for dynamic values—see Custom Functions below.
What is HCL?
The UDMG Server configuration file is written in HCL (HashiCorp Configuration Language), a human-friendly syntax for structured configuration.
Key points about HCL:
- Blocks group related settings inside curly braces (
{}). For example, theapiblock contains all API-related options. - Arguments are key-value pairs defined within blocks. Each argument has a name (the key) and a value.
- Argument names are unique within their block and describe the purpose of the setting.
Dot Notation
Throughout this documentation we use dot notation to reference nested arguments.
This notation is used only in the documentation for clarity. In the actual HCL file, arguments are defined within their respective blocks, not as dot-separated keys.
api {
port = # Referenced as: api.port
secure {
enable = # Referenced as: api.secure.enable
}
}
HCL vs Environment Variables
Environment Variables override any value specified in the HCL configuration when both are present.
Use HCL arguments for persistent, auditable configuration; use environment variables deliberately for temporary overrides or for sensitive values such as passwords or keys.
Directory Paths
When specifying directory paths in the Configuration File, follow these guidelines for clarity and predictable behavior.
Absolute Over Relative Paths
All path arguments in the Configuration File support both absolute and relative paths:
- Absolute paths start at the filesystem root and are independent of the
work_directory_pathvalue. - Relative paths are resolved against the
work_directory_pathvalue.
For predictability and separation of concerns, we recommend using absolute paths for credential files and store those in a directory isolated from transfer data.
Platform-Specific Separators
Use the appropriate path separator for your operating system:
- Linux: use forward slashes (
/).- Example:
/var/udmg/data/
- Example:
- Windows: use backslashes (
\\). Because HCL strings interpret\\as an escape, write Windows paths with doubled backslashes in the HCL file.- Example:
C:\\Program Files\\Stonebranch\\UDMG Server\\data\\.
- Example:
Time Duration Format and Allowed Units
Several configuration arguments accept time durations, which are specified as a string with:
- A decimal number (optionally with a fraction), followed by
- a time unit.
The allowed time units are:
nsfor nanosecondsusfor microsecondsmsfor millisecondssfor secondsmfor minuteshfor hours
You can also combine multiple number+unit segments in a single value to express more precise durations.
Examples:
"250ms"= 250 milliseconds"0.5s"= half a second"30s"= 30 seconds"2h45m"= 2 hours and 45 minutes
Arguments by Block
This section lists all configurable arguments available in udmg-server.hcl. Arguments are grouped by configuration block (including the root level). For every argument, the table shows its name, description, type, and default value—helping you quickly understand what it controls and how to set it.
All HCL arguments described on this page use dot notation to reference their full path from the root of the configuration file.
Root Level
Top-level arguments define global behavior for the UDMG Server. These settings apply across all domains and act as defaults for path resolution and runtime behavior.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
instance_name | Name of the UDMG Server instance used in observability metrics and logs. In High-Availability deployments, set a unique value per Cluster Node so telemetry can be attributed correctly. | string | "udmg-server" |
auto_migrate | When enabled, UDMG automatically applies any required database schema migrations during startup. This is typically needed when upgrading to a more recent UDMG version. | bool | true |
work_directory_path | Root directory for relative paths used in configuration and MFT services, including Endpoints and Pipelines. warning This is a major configuration argument. Before setting it, see Folder Management. | string | "" |
admin_app
The admin_app block enables or disables the embedded web server that hosts the UDMG Admin UI.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
admin_app.enable | Enables or disables the embedded web server for the UDMG Admin UI. | bool | true |
jwt
The jwt block configures token-based authentication for the UDMG Admin UI, UDMG REST API, and WTC UI.
Use strong, unique keys and tune durations to balance security and usability.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
jwt.signing_key | Secret key for signing both access and refresh tokens. Must be at least 30 \[a-zA-Z0-9_] characters. | string | "" |
jwt.access_token.duration | The validity duration of the access token. For allowed time units, see Time Duration Format and Allowed Units. | string | "15m" |
jwt.refresh_token.duration | The validity duration of the refresh token. For allowed time units, see Time Duration Format and Allowed Units. | string | "24h" |
database
The database block configures the database connection used by UDMG Server for persistent storage of configuration, Users, and Transfer Records.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
database.engine | The type of database engine to use. Options:
| string | "" |
database.dsn | Connection string override. If provided, overrides database.name, database.hostname, and database.port. | string | No default |
database.name | The database name. | string | "" |
database.hostname | The hostname or IP address of the database server. | string | "" |
database.port | The port number for the database server. | number | 0 |
database.user | The username for connecting to the database. | string | "" |
database.password | The password for connecting to the database. | string | "" |
database.log_level | Log level for database operations. Options:
| string | "" |
database.options.max_connections | The maximum number of open connections to the database. | number | 30 |
database.options.idle_connections | The maximum number of connections in the idle connection pool. | number | 5 |
database.options.max_retries | The maximum number of times to retry an operation if the database is locked. | number | 5 |
database.options.initial_interval | The initial time duration to wait before retrying a locked operation. For allowed time units, see Time Duration Format and Allowed Units. | string | "50ms" |
database.options.max_interval | The maximum time duration to wait between retries for a locked operation. For allowed time units, see Time Duration Format and Allowed Units. | string | "1s" |
database.secure.enable | Enables or disables secure (TLS/SSL) connection to the database. | bool | false |
database.secure.mode | The SSL mode to use. Availability depends on database engine. Allowed values:
info Refer to PostgreSQL docs for details. | string | "require" |
database.secure.pub_key | Path to certificate in PEM format for client authentication (required if enabled). info The path is relative to the | string | "" |
database.secure.priv_key | Path to the client private key file (used for client certificate authentication, if info The path is relative to the | string | "" |
database.secure.wallet_location | Path to Oracle wallet directory. Required if database.engine is "oracle" and database.secure.mode is "verify-ca" or "verify-full". | string | "" |
database.secure.tls_server_cert_dn | Optional server certificate distinguished name used for verify-full mode (Oracle only). | string | "" |
security
The security block configures system-wide security settings, including secret encryption, path resolution behavior, file permissions, and recovery options.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
security.passphrase_key | Root encryption key (K0) used to encrypt secret values, such as passwords and Private Key Credentials. Must be a valid 32-byte hexadecimal string. Store securely and back up for disaster recovery. | string | "" |
security.domain_chroot | Defines the path resolution behavior for Local Filesystem Endpoints. Allowed values:
warning This is a major configuration argument. Before setting this up, we recommend reading Folder Management. | string | "WORKDIR+DOMAIN" |
security.work_directory_key_display | If enabled, the work_directory_path is exposed under the UDMG REST API. | bool | false |
security.file_permissions | Permissions for created files, specified as a standard Linux file mode. | string | "600" |
security.directory_permissions | Permissions for created folders, specified as a standard Linux file mode. | string | "700" |
security.ignore_system_user_ip_filter | Bypasses the IP Filtering - Admin UI restriction. Use this option only to recover from an accidental lockout. | bool | false |
security.password.min_length | info Deprecated since UDMG 3.3.0. These configuration arguments remain in the default HCL file for backward compatibility. For the current Password Policy configuration, see Password Policy. | ||
security.password.min_upper_case | info Deprecated since UDMG 3.3.0. These configuration arguments remain in the default HCL file for backward compatibility. For the current Password Policy configuration, see Password Policy. | ||
security.password.min_lower_case | info Deprecated since UDMG 3.3.0. These configuration arguments remain in the default HCL file for backward compatibility. For the current Password Policy configuration, see Password Policy. | ||
security.password.min_numbers | info Deprecated since UDMG 3.3.0. These configuration arguments remain in the default HCL file for backward compatibility. For the current Password Policy configuration, see Password Policy. | ||
security.password.min_symbols | info Deprecated since UDMG 3.3.0. These configuration arguments remain in the default HCL file for backward compatibility. For the current Password Policy configuration, see Password Policy. | ||
log
The log block controls logging behavior for the UDMG Server instance, including log level, format, output destination, and rotation settings. For more information, refer to Logging.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
log.level | Log verbosity level. Messages at the specified severity level and higher are written to the log. Options:
| string | "INFO" |
log.format | Format of the log output. Options:
| string | "plain" |
log.file | Log file path. Supports environment variable expansion. | string | "" (stdout) |
log.rotate.enable | When enabled, log files are rotated based on the configured log.rotate.frequency. If log.rotate.size is greater than 0, log files are also rotated when the configured size is reached. | bool | false |
log.rotate.frequency | Time interval used for time-based log rotation. Options:
| string | "daily" |
log.rotate.size | Maximum log file size (in megabytes) before rotation is triggered. Checked every hour. | number | 0 (disabled) |
log.rotate.file_format | Format for rotated log filenames. It can include directory structure and the following placeholders:
info The path is relative to the | string | "{YYYY}{MM}{DD}/udmg-server{HH}{mm}{ss}{ns}.log" |
api
The api block configures the main UDMG Server API, including network binding, security features, CORS settings, logging, and rate limiting.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
api.inet | IP address to bind for UDMG REST API connection requests. 0.0.0.0 listens on all available network interfaces. | string | "0.0.0.0" |
api.port | The port number the API server listens on. | string | "8080" |
api.spec | Enables or disables serving the OpenAPI specification (at /spec and /swagger/index.html). | bool | false |
api.csrf | Enables or disables Cross-Site Request Forgery protection middleware. Required by the UDMG Admin UI. | bool | true |
api.trusted_domains | List of UDMG Admin UI origin hostnames accepted as trusted sources. Only required when using an external web server for the Admin UI. Values must match the HTTP Examples:
| list(string) | [] |
api.cors | Enables or disables Cross-Origin Resource Sharing headers. info Required if accessing the API from a web frontend hosted on a different domain/port. | bool | true |
api.cors_domain | Specifies the allowed origin domain(s) for CORS requests when api.cors is enabled. Use "*" for any domain (less secure). | string | "*" |
api.verbose | Enables verbose logging of API requests and responses. This can generate a high volume of log output. | bool | false |
api.rate_limit | Global rate limiting for all UDMG REST API requests per minute. | number | 5000 |
api.log_level | Log level for UDMG REST API operations. Options:
| string | "" |
api.secure.enable | Enables or disables HTTPS for the API server. info If enabled, | bool | false |
api.secure.pub_key | Path to the SSL/TLS certificate file (PEM format). This certificate must match the private key configured in Example: info The path is relative to the | string | "" |
api.secure.priv_key | Path to the private SSL/TLS key file (PEM format). This key must match the certificate configured in Example: info The path is relative to the | string | "" |
wtc
The wtc block configures the Web Transfer Client (WTC) service, which provides HTTPS-based browser file transfer capabilities.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
wtc.enable | Enables or disables the WTC service. When disabled, the WTC listener does not start. | bool | false |
wtc.inet | The IP address that the WTC listener binds to. Use "0.0.0.0" to listen on all network interfaces, or specify a local IP address to restrict the listener to that interface. | string | "0.0.0.0" |
wtc.port | The TCP port number on which the WTC service listens for HTTPS connections. Must be between 1 and 65535. | string | "8443" |
wtc.spec | Enables or disables serving the OpenAPI specification at /spec and /swagger/index.html. | bool | false |
wtc.default_domain | Specifies the default UDMG Domain that the root WTC URL (for example, https://example.com:4433) redirects to when no domain path is provided. | string | "primary" |
wtc.max_public_connections | Defines the maximum number of concurrent connections allowed for Shared Public Links (Web Transfer Client). The counter is maintained per UDMG Server node and is not shared across a Cluster. info For more information, refer to Maximum Public Connections (WTC) | number | 1000 |
wtc.log_level | Log level for WTC operations. Options:
| string | "" |
wtc.secure.enable | Enables HTTPS for the Web Transfer Client (WTC). When set to | bool | false |
wtc.secure.pub_key | Path to the SSL/TLS certificate file (PEM format) presented to clients for HTTPS connections. Required if info The path is relative to the | string | "" |
wtc.secure.priv_key | Path to the private key file (PEM format) associated with info The path is relative to the | string | "" |
transfer
The transfer block configures file transfer retry behavior and status checking intervals. These settings apply only when UDMG acts as a Client.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
transfer.retry_delay | The base wait time before retrying a transfer after a connection or transfer error. Each retry restarts the transfer from the beginning. For allowed time units, see Time Duration Format and Allowed Units. | string | "5m" |
transfer.max_retry_delay | The maximum wait time allowed between retries after a connection or transfer error. Each retry restarts the transfer from the beginning. This value acts as an upper limit when exponential backoff is applied. For allowed time units, see Time Duration Format and Allowed Units. | string | "1h" |
transfer.retry_backoff | The exponential backoff factor applied to the retry delay. After each failed attempt, the wait time is multiplied by this factor, up to the limit set by Delay for retry attempt Example with
| number | 2.0 |
transfer.max_retries | The maximum number of times a transfer will be retried after a connection or transfer error. Each retry restarts the transfer from the beginning. Once this limit is reached, the transfer is marked as failed. | number | 3 |
transfer.check_interval | Interval at which UDMG polls for pending transfers that were scheduled through the Transfers Schedules Endpoint. For allowed time units, see Time Duration Format and Allowed Units. | string | "1m" |
observability
The observability block configures experimental features for metrics, tracing, debugging, and the observability API. Use it to integrate UDMG Server with monitoring stacks and to expose a separate, minimal API for status and metrics collection.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
observability.api.inet | Address for the observability API. | string | "0.0.0.0" |
observability.api.port | Port for the observability API. | string | "7070" |
observability.api.spec | Enables or disables serving the observability OpenAPI specification (at /spec and /swagger/index.html, at the port defined in observability.api.port). | bool | false |
observability.api.enable | Enables or disables the observability API. | bool | false |
observability.api.rate_limit | Global rate limiting for observability API requests per minute. | number | 5000 |
observability.api.log_level | Log level for observability API operations. Options:
| string | "" |
observability.api.debug.enable | Enables or disables debug mode for the observability API. | bool | false |
observability.api.debug.user | Debug username for observability API. | string | "" |
observability.api.debug.password | Debug password for observability API. | string | "" |
observability.api.secure.enable | Enables or disables HTTPS for the observability API. Requires observability.api.secure.pub_key and observability.api.secure.priv_key. | bool | false |
observability.api.secure.pub_key | Path to public SSL/TLS certificate file in PEM format. Required if info The path is relative to the | string | "" |
observability.api.secure.priv_key | Path to private SSL/TLS key file in PEM format. Required if info The path is relative to the | string | "" |
observability.prometheus.enable | Enables or disables Prometheus metrics. | bool | false |
observability.opentelemetry.enable | Enables or disables OpenTelemetry. | bool | false |
observability.opentelemetry.host | Host for OpenTelemetry collector. | string | "" |
observability.opentelemetry.port | Port for OpenTelemetry collector. | string | "" |
ldap
The ldap block defines LDAP synchronization intervals for Users and Accounts. For more information, refer to LDAP for Users and LDAP for Accounts.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
ldap.ldap_account_sync_interval | Defines how often UDMG synchronizes LDAP-provisioned Accounts. Leave empty ( For allowed time units, see Time Duration Format and Allowed Units. | string | "24h" |
ldap.ldap_user_sync_interval | Defines how often UDMG synchronizes LDAP-provisioned Users. Leave empty ( For allowed time units, see Time Duration Format and Allowed Units. | string | "24h" |
icap
The icap block configures general content scanning through an ICAP server. For more information, refer to ICAP Scanner.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
icap.timeout | The maximum time duration to wait for a response from the ICAP server. For allowed time units, see Time Duration Format and Allowed Units. | string | "10s" |
icap.retry | Number of retry attempts when connecting to or communicating with the ICAP server fails. | number | 0 |
uac
The uac block configures publishing Universal Events from UDMG to Universal Controller. For more information, refer to Universal Event Integration.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
uac.enable | Enables or disables globally the feature to publish Universal Event. | bool | false |
uac.urls | A list of URIs for the Publish Universal Event API on the target Universal Controllers. UDMG will attempt to connect to these in order if one fails.
| list(string) | [] |
uac.username | The default username used by Publish Event Tasks to authenticate with the Universal Controller REST API when no task-level Credentials override is configured. The user must have the required permissions to call the Universal Event Web Services. | string | "" |
uac.password | The default password used by Publish Event Tasks to authenticate with the Universal Controller REST API when no task-level Credentials override is configured. | string | "" |
uac.event_name | The default Universal Event Template name used by Publish Event Tasks when no task-level event name override is configured. | string | "" |
uac.event_ttl | An optional Time-To-Live for the Universal Event (in minutes). | string | "" |
uac.override_publish_event | Enables Publish Event Tasks to override the default Universal Event configuration defined in the uac block. | bool | false |
protocol
The protocol block defines default settings for supported transfer protocol services, including authentication timeout, session idle timeout, and connection limits.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
protocol.auth_timeout | Authentication timeout before dropping the connection. For allowed time units, see Time Duration Format and Allowed Units. | string | "30s" |
protocol.session_idle_timeout | Defines how long an authenticated protocol session may remain open with no activity before UDMG automatically terminates it. For more information, refer to Timeout for Idle Sessions. For the timeout that governs unauthenticated connection attempts, see For allowed time units, see Time Duration Format and Allowed Units. | string | "3600s" |
protocol.max_connections | Maximum number of concurrent connections. | number | 120 |
cloud_stream_buffer_size | An optional Remote Cloud Storage streaming buffer size (in bytes). | number | 16777216 |
cluster
The cluster block configures high-availability clustering for multiple UDMG Server nodes, including operating mode, node health timing, peer discovery, and cluster communication ports.
For more information, refer to High Availability.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
cluster.mode | The operational mode of the cluster. Allowed values:
| string | "AA" |
cluster.heartbeat | The time interval between heartbeat signals sent between nodes. For allowed time units, see Time Duration Format and Allowed Units. | string | "10s" |
cluster.deadline | The time duration after which a node is considered down if no heartbeat is received. For allowed time units, see Time Duration Format and Allowed Units. | string | "30s" |
cluster.seeds | Comma-separated list of seed node addresses in the format host:client_port, used for cluster bootstrapping. Not required for standard setup. | string | "" |
cluster.client_port | Port used by UDMG Server for client communication in a cluster. | number | 4222 |
cluster.cluster_port | Port used for inter-node communication within the UDMG Server cluster. | number | 6222 |
as2
The as2 block configures AS2 protocol support. AS2 is used for secure and reliable file transfer over HTTP or HTTPS.
For more information, refer to AS2.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
as2.enable | Enables or disables the AS2 service. | bool | true |
as2.message_id_expiry | Number of days to retain AS2 message IDs for replay protection. | number | 0 (unlimited) |
as2.replay_protect | Enables or disables replay protection for AS2 messages. | bool | true |
hook_server
The hook_server block configures the HTTP server that handles callbacks such as AS2 Message Disposition Notifications (MDNs), enabling asynchronous receipt confirmations for file transfers.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
hook_server.enable | Enables or disables the hook server. | bool | false |
hook_server.inet | Interface address for hook server to listen on. | string | "0.0.0.0" |
hook_server.port | Port for the hook server. | string | "9090" |
hook_server.spec | Enables or disables serving the API specification. | bool | false |
hook_server.enable_mdn | Enables or disables the hook server for AS2 MDN callbacks. | bool | false |
hook_server.log_level | Log level for hook server operations. Options:
| string | "" |
hook_server.secure.enable | Enables or disables HTTPS. Requires hook_server.secure.pub_key and hook_server.secure.priv_key. | bool | false |
hook_server.secure.pub_key | Path to public SSL/TLS certificate file in PEM format. Required if info The path is relative to the | string | "" |
hook_server.secure.priv_key | Path to private SSL/TLS key file in PEM format. Required if info The path is relative to the | string | "" |
tls
The tls block applies to all services (API, Observability, WTC, HookServer, etc.) unless protocol-specific overrides are enabled and configured.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
tls.min_version | Minimum TLS version to support. Options:
| string | "1.2" |
tls.max_version | Maximum TLS version to support. Options:
| string | "1.3" |
tls.cipher_suites | Optional list of cipher suites to use. Leave empty for secure defaults. If not specified, uses secure cipher suites recommended by Go crypto/tls providing forward secrecy and modern cryptographic standards. | list(string) | [] |
tls.curve_preferences | Optional list of curve preferences. Leave empty for secure defaults. Options:
| list(string) | ["X25519", "CurveP256", "CurveP384"]) |
tls.allow_protocol_override.api | Allows the UDMG Server API service to override the global TLS settings. | bool | false |
tls.allow_protocol_override.obs | Allows the observability API service to override the global TLS settings. | bool | false |
tls.allow_protocol_override.wtc | Allows the WTC service to override the global TLS settings. | bool | false |
tls.allow_protocol_override.ftp | Allows FTP to override TLS settings. | bool | false |
tls.allow_protocol_override.as2 | Allows AS2 to override TLS settings. | bool | false |
tls.allow_protocol_override.hook_server | Allows the hook server to override TLS settings. | bool | false |
Custom Functions
The configuration loader in UDMG provides a set of custom functions (these are not part of standard HCL syntax). You can use them to dynamically generate values inside the Configuration File.
| Function | Description | Usage | Result |
|---|---|---|---|
upper | Converts a string to upper case. | ${upper("string")} | "STRING" |
lower | Converts a string to lower case. | ${lower("STRING")} | "string" |
env | Retrieves an environment variable, with a mandatory fallback default. | ${env("HOSTNAME", "default")} | "my-hostname" or "default" if unset |
For the env function, a default value is mandatory. If the referenced environment variable does not exist, UDMG uses the provided default instead of throwing an error.
database {
engine = "postgres"
hostname = "localhost"
user = "udmg"
password = "${env("DB_PASSWORD", "default-password")}"
}