Last updated June 17, 2026

Service-role (List)#

Path: /environments/environment/services/service-role

Keys: id

Parameters#

Name	Type	Required	Default	Description
id	string	required	-	A given name of the service role
location	string	optional	-	Where the service is located, physically
enabled	boolean	optional	`true`	Enable or disable the entire daemon instance
zone	leafref → `../../zones/zone/id`	optional	-	The zone that the service is in (which, if not set, will be the default zone)
listening-host	union (string \| string)	optional	`0.0.0.0`	IP used for listening host
listening-port	uint16	optional	`8443`	The port the service listens on
protocol	enumeration (http, https)	optional	`https`	Which protocol to use, almost always, https should be used
ssl-server-keystore	leafref → `/facilities/crypto/ssl/server-keystore/id`	optional	-	A pointer to the key used for the SSL server
enable-http-v2	boolean	optional	`false`	Enable HTTP 2 (H2)
jvm-options	string	optional	`-XX:+UseG1GC -XX:+UseStringDeduplication`	The options that should be passed to the Java Virtual Machine (JVM) when the service is started
disable-android-assetlinks-generation	empty	optional	-	Disable generation of assetlinks (’…/.well-known/assetlinks.json’) from configured Android App associations
endpoints	`multi-value` leafref → `/profiles/profile/endpoints/endpoint/id`	optional	-	A list of endpoints deployed on this service instance, no order implied

Subsections#

Name	Type	Description
dos-protection	Section
hsts	Section	Enable HSTS support for this role
content-security-policy	Section
connections	Section	Settings related to how the Server accepts client connections
server-tls	Section
mutual-tls	Section
thread-count	Section
ciphers	Section	White- and black-listing of ciphers used for incoming secure connections. Enabling this feature will disable any white- and black-lists automatically enforced by the server.
webfinger	Section	Enable webfinger support for this service

Was this helpful?