Advanced Configuration Guide for Innoslate Enterprise

This guide covers post-installation configuration and optimization for Innoslate Enterprise. It is intended for Super administrators who have already completed the standard Installation Guide and initial Setup Wizard.

These advanced settings enable custom domains, SSL/TLS, enterprise authentication, reverse proxies, performance tuning, security hardening, and production readiness.

 

Important Notes

• Test all changes in a staging environment before applying them to production.

  • Settings.properties location: C:\Innoslate4\apachetomcat\webapps\innoslate4\WEB-INF
    • 📖 Settings.Properties Documentation

      Always create a full backup of your database, settings.properties, server.xml, and web.xml before making modifications.

    • Due to varying cloud platforms (AWS, Azure, Docker, etc.) and security policies, adapt these instructions to your environment. Consult your cloud provider’s documentation first and provide detailed information to SPEC Innovations support.

• • • Restart the Innoslate service after most configuration changes using C:\Innoslate4\utilities\restart_innoslate_service.cmd or via Windows Services.

• Be sure to have created your organization(s) for your end users to they may get started in their projects.

Pre-Change Best Practices

• Backup your database and key configuration files.
• Document current settings.
• Apply changes one section at a time when possible.
• Verify system functionality after each major change.
  
  

 

1. Domain & URL Configuration

Domain Changes

Custom domains (e.g., innoslate.yourcompany.com) replace the default localhost or IP address.

Steps:

• Update your DNS records to point the custom domain to your server’s IP address.

• Edit the `settings.properties` file:

  • `C:\Innoslate4\apache-tomcat-8.5.30\webapps\innoslate4\WEB-INF\settings.properties`

• Add or update the following property:

SERVER_ADDRESS = https://innoslate.yourcompany.com

• Restart the Innoslate service: 

  • `C:\Innoslate4\utilities\restart_innoslate_service.cmd

• Verify access via the new domain. 

  Notes:

• DNS propagation may take up to 48 hours. 

• Update socket settings for WebSocket functionality when using a custom domain.

 

Socket Server Configuration

Required for real-time features (chat, notifications, live collaboration).

• Edit the `settings.properties` file:  

     `C:\Innoslate4\apache-tomcat-8.5.30\webapps\innoslate4\WEB-INF\settings.properties

   

• Add or update the following property:

FULL_SOCKET_SERVER_PATH = wss://innoslate.yourcompany.com/socket
CLOUD_SOCKET_SERVER =

• Save settings.properties and restart Innoslate Service
  • (C:\Innoslate4\utilities\restart_innoslate_service.cmd).
• Use wss:// for SSL-enabled environments.

• Example: wss://myorganizationurl.innoslate.com/socket

Reference:

• 📖 Settings Properties documentation

 

2. Network & Security Basics

Changing Ports

Modify Tomcat listening ports (e.g., 80, 443, 8080, 8443).

Steps:

• Edit the server configuration file:  `C:\Innoslate4\apache-tomcat\conf\server.xml`

• Modify the `port` attributes in the `<Connector>` elements. Example:  

 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443"
               maxSwallowSize="-1" />

• Open the new ports in Windows Firewall and any cloud security groups.
• Restart the Innoslate service.

Reference:

• 📖 Apache Tomcat Configuration documentation

 

Reverse Proxies

A reverse proxy (such as Nginx or Apache HTTP Server) improves security, enables load balancing, and simplifies handling of non-standard ports (e.g., 8443).

Steps:

• Install and configure Nginx or Apache HTTP Server

   

• Update `settings.properties`:  

     server.url=https://innoslate.yourcompany.com

   

• Restart the reverse proxy and Innoslate service.

   

• Verify connectivity and test load balancing if applicable.

Notes:

• Consider adding a Web Application Firewall (WAF) for enhanced security.
• When using external port 443 with internal port 8443, configure the proxy accordingly.

Reference:

• 📖 Apache Tomcat Configuration documentation

• 📖 Settings Properties documentation

 

SSL Setup

SSL/TLS enables HTTPS encryption for data in transit.

Steps:

• Obtain a valid SSL certificate (e.g., from Let’s Encrypt, DigiCert, or a self-signed certificate for testing

   

• Generate a Java keystore (example command):  

  Bash
     
  keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore

   

• Edit `C:\Innoslate4\apache-tomcat-8.5.30\conf\server.xml` to include an HTTPS connector.

 xml

   <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

              SSLEnabled="true" scheme="https" secure="true"

              keystoreFile="/path/to/keystore" keystorePass="yourpassword"

              sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.3" />

• Open port 443 in your firewall and update DNS records as needed.

   

• Restart the Innoslate service (C:\Innoslate4\utilities\restart_innoslate_service.cmd). and test access via `https://yourdomain.com`.

   

Notes:

• Use strong protocols and ciphers (TLS 1.2 or 1.3 recommended).

• Automate certificate renewal where possible (e.g., using Certbot).

   

Reference:

• 📖Enabling SSL

 

3. Authentication Configuration

Non-Native Authentication

Innoslate supports Native, OAuth, SAML, LDAP/LDAPS, CAC, and PKI.

• Start with Native authentication during initial setup for validation and to ensure other connections, such as database, domain change, email, etc..
• Switch to other Authentication types afterward. 

Available Options:

• 📖 OAuth

   

• 📖 SAML

   

• 📖 LDAP

   

• 📖 LDAPS

   

• CAC & PKI (contact Support for documentation)

   

• 📖 Authentication Overview

Notes:

• Validate core functionality with Native auth before enabling external IdPs.

 

4. Email (SMTP) Configuration

Required for notifications and password resets.

• Navigate to settings.properties file:
  • C:\Innoslate4\apache-tomcat\webapps\innoslate4\WEB-INF

• Add:

IMPORTANT_MAIL_FROM = noreply@yourcompany.com
IMPORTANT_MAIL_FROMNAME = Innoslate
MAIL_HOST = smtp.yourcompany.com
MAIL_PORT = 587
MAIL_SMTP_USERNAME = yourusername
MAIL_SMTP_PASSWORD = yourpassword
MAIL_FROM = noreply@yourcompany.com
MAIL_FROMNAME = Innoslate

• Save settings.properties and restart Innoslate Service.

• • (C:\Innoslate4\utilities\restart_innoslate_service.cmd).
• Use TLS/STARTTLS when possible.
• Test by triggering a notification or password reset.

Reference:

• 📖 Settings Properties documentation

 

5. Storage Configuration

Too store blobs, setup s3 storage type, increase or decrease file upload size.

• Navigate to settings.properties file (C:\Innoslate4\apache-tomcat\webapps\innoslate4\WEB-INF)

Add:

#Filesystem configured in Setup Wizard at start to a local directory. Secure if needed.
STORAGE_FILESTOREPATH
STORAGE_TYPE = FILESYSTEM

#Filesystem configuration for AWS S3 Bucket:
STORAGE_TYPE = AWS_S3
STORAGE_BUCKETNAME = bucket_name

#Maximum file or image size Innoslate will allow to be uploaded in megabytes
MAXUPLOADSIZE_MEGABYTES = 100
#100MB DEFAULT SETTING

• Save settings.properties and restart Innoslate Service (C:\Innoslate4\utilities\restart_innoslate_service.cmd).

Reference:

• 📖 Settings Properties documentation

 

6. Performance & Scalability

JVM & Tomcat Tuning

Set JAVA_OPTS (e.g., -Xms512m -Xmx2048m or higher) in startup.bat (C:\Innoslate4\apache-tomcat\bin) or Windows environment variables.

• Increase threads in server.xml:
  • maxThreads="200"
• Database pool in settings.properties file: 

• DATABASE_MAXIMUM_POOL_SIZE = 15 (or higher)

 

Cache Configuration

Switch to Redis for better performance at scale (configured in Setup Wizard or manually).
General Steps:

• Navigate to settings.properties file

  • C:\Innoslate4\apache-tomcat\webapps\innoslate4\WEB-INF

• Add: 

#REDIS CACHE
CACHE_TYPE = REDIS
REDIS_PASSWORD = password
REDIS_PORT = 6379
REDIS_URL = master.innoslatete.amazonaws.com 

• Save settings.properties file.

• Restart Innoslate service (C:\Innoslate4\utilities\restart_innoslate_service.cmd).

References:

• 📖 Increasing JVM Memory

• 📖 Apache Tomcat Configurations

• 📖 Settings Properties

 

7. User & Organization Defaults

Default Organization & Role

Upon signing up, new users can be automatically assigned and added to an organization, team and/or role.

• In settings.properties

  • (C:\Innoslate4\apache-tomcat\webapps\innoslate4\WEB-INF)

• Add:

DEFAULT_ORGANIZATION_SLUG = myorganization   (lowercase, no spaces)
DEFAULT_ROLE = Owner                         (Owner, Collaborator, Reviewer, Viewer)
DEMO_ORGANIZATION_SLUG = (available organization for all users when they first sign up)
DEFAULT_TEAM = Team_name

• Save settings.properties file.
• Restart Innoslate service (C:\Innoslate4\utilities\restart_innoslate_service.cmd).

Reference

• 📖 Settings Properties documentation

 

Session Timeout

• Edit web.xml

  • C:\Innoslate4\apache-tomcat\conf\web.xml:

    XML
    
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>

• Restart Tomcat (C:\Innoslate4\apache-tomcat\bin).

Reference

• 📖 Apache Tomcat Configuration documentation

 

AI Integrations

Setup the default AI LLM Models to make them accessible to all organizations in your Enterprise.

• In settings.properties

  • (C:\Innoslate4\apache-tomcat\webapps\innoslate4\WEB-INF) 

     

• Add:

  #AI Integration-Default AI Setup
  OPEN_AI_API_KEY = sk-password
  OPEN_AI_ORGANIZATION = <ORG KEY> 
  
  #If using an organization with your OPEN AI account, your organization name will be entered here.
  DEFAULT_CHAT_AI_API_KEY=sk-code
  DEFAULT_CHAT_AI_SECONDARY=org-code
  DEFAULT_CHAT_AI_MODEL= gpt-4o-mini
  DEFAULT_CHAT_AI_PROVIDER= OPENAI
  DEFAULT_CHAT_AI_URL= https://api.openai.com/v1/
  DEFAULT_CHAT_AI_URL_EMBEDDING = https://something.openai.azure.com/openai/deployments/text-embedding-3-small/embeddings?api-version=2023-05-15
  
  #Only need for Azure
  DEFAULT_IMAGE_AI_API_KEY=sk-code
  DEFAULT_IMAGE_AI_SECONDARY=org-code
  DEFAULT_IMAGE_AI_MODEL= dall-e-3
  DEFAULT_IMAGE_AI_PROVIDER= OPENAI
  DEFAULT_IMAGE_AI_URL= https://api.openai.com/v1/

• Save settings.properties file.

   

• Restart Innoslate service (C:\Innoslate4\utilities\restart_innoslate_service.cmd).

Reference

•  📖 Settings Properties documentation

 

8. Security Hardening

• To enable 2 Factor Authentication for all users, add in settings.properties file: FORCE_TWO_FACTOR = true (available in v4.14)
• Restrict ADMINS and SUPPORT accounts in settings.properties.
  • Support users help with Account Management with access to the Support Dashboard.
• Use strong TLS protocols and ciphers only.
• Implement WAF and strict firewall rules after all other configurations are validated.
• Enable Tomcat access logging.
• Keep Tomcat, Java, and the OS regularly updated.
• Encrypt backups.

 

9. License & Platform Management

• Update the GLOBAL_LICENSE_KEY in settings.properties

   

• Review your Platform Type (Local, AWS, Azure, Docker, Legacy) — it affects license binding.

   

References

• 📖 Innoslate Enterprise License Platform Types

• 📖 Update License Key

 

10. Backup & Recovery 

• Database: Use pg_dump (PostgreSQL) or SQL Server backup commands.

   

• Configuration: Copy settings.properties and Tomcat config files.

   

• Schedule automated backups and test restores regularly.

   

• Store backups offsite and encrypted

 

11. Monitoring, Logging & Maintenance

• Key Log Locations:
  C:\Innoslate4\apache-tomcat\logs\
• Upgrade Process:
  Always back up before upgrading. Preserve your custom settings.properties, server.xml, web.xml. Logins and passwords and certificates.
• AI Configuration Updates
  Update API keys, models, or default providers in settings.properties as needed.

General Notes & References

• Full parameter list: 📖 Innoslate Enterprise Setup Glossary

• Apache Tomcat reference: 📖 Apache Tomcat Configurations

• Do not use the reserved slug “socket” in organization names