Skip to main content
Version: 8.9 (unreleased)

Database

This page describes advanced database connection configuration for Web Modeler.
For a general setup guide, visit the configuration overview.

Web Modeler supports multiple database vendors such as PostgreSQL, MySQL, MariaDB, and Microsoft SQL Server. You can choose the one that best fits your environment.

DatabaseDefault driver includedNotes
PostgreSQL✅ Yes
H2✅ YesFor development, testing, or evaluation only.
MariaDB✅ YesMust use a case-sensitive collation.
MySQL❌ NoDriver must be provided manually; must use a case-sensitive collation.
MSSQL✅ YesMust use a case-sensitive collation.
Oracle❌ NoDriver must be provided manually.

Configuring SSL for the database connection

To configure SSL between Web Modeler and the database:

  • Modify the JDBC URL using SPRING_DATASOURCE_URL and add connection parameters.
  • Provide SSL certificates and keys to the restapi component, if required.

Consult the PostgreSQL documentation for details on SSL modes and their security guarantees.
For a full list of available connection parameters, see the PostgreSQL connection parameters reference.

Below are examples for common SSL configurations, ordered by increasing security.

SSL mode require

An SSL connection is established, but this mode remains vulnerable to person-in-the-middle attacks.

Modify the JDBC URL as follows:

jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?sslmode=require

No certificates are required for this mode.

SSL mode verify-full

Web Modeler verifies the server’s identity by checking its certificate.
This mode prevents person-in-the-middle attacks.

  1. Provide the root certificate that signed the server certificate:
    myCA.crt -> ~/.postgresql/root.crt
  2. Modify the JDBC URL:
   jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?sslmode=verify-full

SSL mode verify-full with client certificates

In this mode, both the server and Web Modeler authenticate each other using certificates.

  1. Mount client certificates:
    • myClientCertificate.pk8 -> ~/.postgresql/postgresql.pk8
    • myClientCertificate.crt -> ~/.postgresql/postgresql.crt
  2. Provide the root certificate:
    myCA.crt -> ~/.postgresql/root.crt
  3. Modify the JDBC URL: 
    jdbc:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?sslmode=verify-full
  4. Configure the database server to verify client certificates. See the PostgreSQL SSL documentation.

Running Web Modeler on Amazon Aurora PostgreSQL

Web Modeler supports connecting to Amazon Aurora PostgreSQL.
To connect, update the following environment variables:

  1. Set the JDBC URL: 
    SPRING_DATASOURCE_URL="jdbc:aws-wrapper:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]"
  2. Set the driver class: 
    SPRING_DATASOURCE_DRIVER_CLASS_NAME="software.amazon.jdbc.Driver"

For all available driver parameters, see the AWS Advanced JDBC Driver documentation.

AWS IAM authentication

To enable IAM database authentication for Aurora PostgreSQL:

  1. Modify the JDBC URL: 
    SPRING_DATASOURCE_URL="jdbc:aws-wrapper:postgresql://[DB_HOST]:[DB_PORT]/[DB_NAME]?wrapperPlugins=iam"
  2. Set the username: 
    SPRING_DATASOURCE_USERNAME="[IAM_DB_USER]"
    The username must match a database user configured for IAM authentication as described in the Amazon Aurora documentation.
  3. Remove the password variable: 
    unset SPRING_DATASOURCE_PASSWORD

When using IAM authentication, ensure Web Modeler has permission to generate IAM authentication tokens (for example, through an attached IAM role or access key).

Using alternative database vendors

H2

The H2 driver is included by default.
To use a different driver, set SPRING_DATASOURCE_DRIVER_CLASS_NAME to the fully qualified class name of your driver.
Otherwise, omit this variable.

SPRING_DATASOURCE_URL="jdbc:h2:mem:[DB_NAME]" # See https://www.h2database.com/html/features.html
SPRING_DATASOURCE_USERNAME="[DB_USER]"
SPRING_DATASOURCE_PASSWORD="[DB_PASSWORD]"
SPRING_DATASOURCE_DRIVER_CLASS_NAME="[YOUR_CUSTOM_DRIVER]" # Optional

H2 is intended for local development or testing only, not for production environments.

Custom schema

By default, H2 uses the PUBLIC schema.
To use a custom schema, add an initialization command to the JDBC URL:

jdbc:h2:mem:[DB_NAME];INIT=CREATE SCHEMA IF NOT EXISTS [CUSTOM_SCHEMA]\;SET SCHEMA [CUSTOM_SCHEMA]

MariaDB

The MariaDB driver is provided by default, so no additional steps are necessary to provide the driver.

To use a custom database driver, set SPRING_DATASOURCE_DRIVER_CLASS_NAME to the fully qualified class name of your driver. Otherwise, omit this variable.

SPRING_DATASOURCE_URL="jdbc:mariadb://[DB_HOST]:[DB_PORT]/[DB_NAME]"
SPRING_DATASOURCE_USERNAME="[DB_USER]"
SPRING_DATASOURCE_PASSWORD="[DB_PASSWORD]"
SPRING_DATASOURCE_DRIVER_CLASS_NAME="[YOUR_CUSTOM_DRIVER]" # Optional; omit to use default MariaDB driver

Case sensitivity

MariaDB uses case-insensitive collations by default.
To enable case sensitivity, set the database collation to a case-sensitive one such as utf8mb4_bin.

note

If a case-insensitive collation is used, you may encounter unexpected behavior.
For example, in IDP extraction,
a field named amount and another named Amount would be treated as identical because the database does not distinguish between them.

MSSQL

The MSSQL driver is provided by default, so no additional steps are required.
To use a custom database driver, set SPRING_DATASOURCE_DRIVER_CLASS_NAME to the fully qualified class name of your driver.
Otherwise, omit this variable.

SPRING_DATASOURCE_URL="jdbc:sqlserver://[DB_HOST]:[DB_PORT];databaseName=[DB_NAME]"
SPRING_DATASOURCE_USERNAME="[DB_USER]"
SPRING_DATASOURCE_PASSWORD="[DB_PASSWORD]"
SPRING_DATASOURCE_DRIVER_CLASS_NAME="[YOUR_CUSTOM_DRIVER]" # Optional; omit to use default MSSQL driver

Case sensitivity

MSSQL is case-insensitive by default.
To enable case sensitivity, set the database collation to a case-sensitive one such as Latin1_General_CS_AS.

Otherwise, you may encounter unexpected behavior.
The only current restriction is that extraction fields in IDP extraction will not be case-sensitive.
This means that if you have a field named amount, you cannot create another field named Amount, because the database treats them as the same identifier.

Custom schema

MSSQL supports custom schemas, but this is not configurable within Web Modeler.
To use a custom schema, set the database user’s default schema.

MySQL

The MySQL driver is not provided by default in Camunda 8 distributions.
You must download and provide it manually for the application to load.

  1. Download the appropriate (platform-independent) MySQL driver:
    https://dev.mysql.com/downloads/connector/j/
  2. If you are using Docker or Kubernetes, ensure that the folder with the library is properly mounted as a volume at this location:
    /driver-lib. It will be automatically loaded by the application.

To use a custom database driver, set SPRING_DATASOURCE_DRIVER_CLASS_NAME to the fully qualified class name of your driver.
Otherwise, omit this variable.

SPRING_DATASOURCE_URL="jdbc:mysql://[DB_HOST]:[DB_PORT]/[DB_NAME]"
SPRING_DATASOURCE_USERNAME="[DB_USER]"
SPRING_DATASOURCE_PASSWORD="[DB_PASSWORD]"
SPRING_DATASOURCE_DRIVER_CLASS_NAME="[YOUR_CUSTOM_DRIVER]" # Optional; omit to use default MySQL driver

Case sensitivity

MySQL usually uses case-insensitive collations by default.
To enable case sensitivity, set the database collation to a case-sensitive one such as utf8mb4_0900_as_cs.

Otherwise, you may encounter unexpected behavior.
The only current restriction is that extraction fields in IDP extraction will not be case-sensitive.
This means that if you have a field named amount, you cannot create another field named Amount, because the database treats them as the same identifier.

Oracle

The Oracle driver is not provided by default in Camunda 8 distributions.
You must download and provide it manually for the application to load.

  1. Download the appropriate Oracle driver:
    https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html
  2. If you are using Docker or Kubernetes, ensure that the folder with the library is properly mounted as a volume at this location:
    /driver-lib. It will be automatically loaded by the application.

To use a custom database driver, set SPRING_DATASOURCE_DRIVER_CLASS_NAME to the fully qualified class name of your driver.
Otherwise, omit this variable.

SPRING_DATASOURCE_URL="jdbc:oracle:thin:@//[DB_HOST]:[DB_PORT]/[DB_NAME]"
SPRING_DATASOURCE_USERNAME="[DB_USER]"
SPRING_DATASOURCE_PASSWORD="[DB_PASSWORD]"
SPRING_DATASOURCE_DRIVER_CLASS_NAME="[YOUR_CUSTOM_DRIVER]" # Optional; omit to use default Oracle driver