irius-web.19.0-rc33.source-code.component-web.conf Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sirius-web Show documentation
Show all versions of sirius-web Show documentation
Provides a modern and scalable web server as SIRIUS module
#
# Made with all the love in the world
# by scireum in Remshalden, Germany
#
# Copyright by scireum GmbH
# http://www.scireum.de - [email protected]
#
sirius.frameworks {
# Enables the built-in web server based on netty
web.http = true
# Enables the crunchlog to write various statistics for later processing
web.crunchlog = true
}
# Adding the web module to the list of known modules...
product {
modules {
sirius-web {
version = "${project.version}"
build = "${build.number}"
date = "${timestamp}"
vcs = "${build.vcs.number}"
}
}
# Contains the tag line show in the footer and login screen
tagLine = "This Product is based on Sirius Lib"
# Determines if base URI of wondergem. Used for links to "home"...
wondergemRoot = "/"
}
# Contains the configuration for the web / http module
http {
# Contains the port used for HTTP communication. The default value specified by HTTP is 80. We use 9000 since a
# non root user cannot open a port below 1024
port = 9000
# May contain a list of additional ports which are also used for HTTP.
# Provide ports as strings like "8080", "8081".
additionalPorts = []
# Can be used to force netty to bind only on the given address. This permits to run multiple servers on the same
# port. If the value is empty, we bind all addresses.
bindAddress = ""
# Specifies the size until which an upload is kept entirely in memory
uploadDiskThreshold = 1M
# Specifies the min free size on disk. If the free space drops below this limit, the corresponding upload will
# be canceled.
minUploadFreespace = 100M
# Maximal size of an upload which can be sent to the server
maxUploadSize = 5G
# Maximal tolerated time it takes to generate a response in millis. Everything that takes longer, will be logged.
# Use 0 to disable.
maxTimeToFirstByte = 2500
# Maximal size of structured data (XML / JSON) which is accepted by the server. As this data is completely held
# in memory, this value should not be too large.
maxStructuredInputSize = 10M
# Determines how long a channel can be idle before it is forcefully closed
idleTimeout = 60 seconds
# Determines the maximal number of requests to handle within a connection.
# Note that proxies (listed in firewall.proxyIPs are unlimited).
maxKeepalive = 25
# Determines if a P3P fake header disabling all p3p checks in Internet Explorer (which is one of the last user
# agents caring about that). A detailed description of P3P can be found here: http://en.wikipedia.org/wiki/P3P
addP3PHeader = true
# Determines the content security policy, i.e. which internet resources to load from which locations. By default,
# an insecure "allow everything" policy is set. A more secure value could be "script-src 'self' 'unsafe-inline'", or
# even "script-src 'self'". Inline code can be verified via hashing. When loading script files from external
# servers, also add the base URLs into the list. A description of the general concept and guidelines are here:
# - https://en.wikipedia.org/wiki/Content_Security_Policy
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
contentSecurityPolicy = ""
# Determines if all cors requests (preflight requests especially) should be accepted by the server
# automatically. If you need a more advanced behaviour, you probably want to implement a custom
# dispatcher.
corsAllowAll = true
# Specifies the name of the cookie which contains the client session
sessionCookieName = "SIRIUS_SESSION"
# Determines the livetime of the client session cookie. If this is zero a "session" cookie is
# created which will be deleted once the browser is closed.
sessionCookieTTL = 90 days
# Specifies the secret used to validate the consistency of client sessions. If no value is present (default)
# a random secret is created on startup. However this implies that sessions do not work across clusters
# or across server restart. Therefore its a good idea to provide a fixed secret here. The value should be
# reasonable long and cryptographically computed - rather than your dogs name ;-)
sessionSecret = ""
# Specifies the lifetime of CSRF security tokens in a user session before being recomputed.
csrfTokenLifetime = 24 hours
# Should a default crossdomain.xml be served?
crossdomain.xml.enabled = true
# Should a default robots.txt be served?
robots.txt.enabled = true
# Accept search engines? (By default we don't allow any indexing, therefore disallow is true).
robots.txt.disallow = true
# Contains the name of the directory used to cache generated content like CSS files computed from SCSS files.
# Will be created if it does not exist.
generated-directory = "web-cache"
# Configures the built-in firewall for the HTTP interface
firewall {
# A list of ip addresses or sub nets in CIDR notation can be named here, to limit the set of accepted IPs
# If an address or a list of addresses is given, no IPs outside of this list will be accepted.
# CIDR notation contains the IP, followed by the number of relevant bits, e.g.: 192.168.0.0/16
# Separate multiple entries with a ",", e.g.: 192.168.192.1/32,192.168.168.0/24
#
# Note that these IPs are checked on a connection level. Therefore no X-Forwarded-For or the like will
# be taken into consideration.
filterIPs = ""
# Contains one or more ip addresses of proxy servers. If a request from a proxy server is received, the
# X-Forwarded-For header is used to determine the originating ip for the request. The notation used is the same
# as for filterIPs.
proxyIPs = ""
}
# Configures the OTPVerifier used to check two factor authentication tokens (as generated by apps like Google
# Authenticator)
otp {
# Determines the number of intervals before and after the current one to still accept. This is used to
# compensate clock drift
graceNumberOfIntervals = 4
# Determines the duration of one time interval. Google Authenticator and other popular apps use 30s
timeInterval = 30s
}
# Configure SSL with SNI (Server Name Indication)...
ssl {
enabled = false
port = 9443
keystore = "Path to .jks file"
password = "Password for keystore"
alias = "Alias for the default domain"
# Set to true to enable a Strict Transport Security will will force browsers to
# use HTTPS when talking to the system...
forceHSTS = false
# Specifies the max-age value sent in teh HSTS header if enabled.
# The value is given in seconds.
hstsMaxAge = 31536000
# Set strong DH parameters (1024 is the default used by JSSE)
ephemeralDHKeySize = 2048
# Only enable TLS protocols as SSLv3 is insecure (POODLE)
protocols = [ "TLSv1", "TLSv1.1", "TLSv1.2" ]
# The cipher selection of Java 8 seems quite reasonable
# so we don't need to overwrite this
ciphers = [ ]
}
}
# Configures the help system
help {
# Determines which index page will be used
indexTemplate = index
# Contains the languages supported by the help-system
languages = ["de", "en"]
}
# Configures the system health monitoring
# Most of these values are "best guesses" and might have to be fine tuned for particular applications
health {
limits {
# Number of HTTP requests per minute
http-requests.gray = 100
http-requests.warning = 0
http-requests.error = 0
# Number of blocked requests (by the firewall) per minute
http-blocks.gray = 1
http-blocks.warning = 15
http-blocks.error = 0
# Number of killed requests due to idle state (per minute)
http-timeouts.gray = 1
http-timeouts.warning = 15
http-timeouts.error = 0
# Number of HTTP 4xx status codes replied per minute
http-client-errors.gray = 10
http-client-errors.warning = 250
http-client-errors.error = 0
# Number of HTTP 5xx status codes replied per minute
http-server-errors.gray = 1
http-server-errors.warning = 15
http-server-errors.error = 0
# Number of currently open connections
http-open-connections.gray = 2
http-open-connections.warning = 0
http-open-connections.error = 0
# Average response time in milliseconds
http-response-time.gray = 250
http-response-time.warning = 1000
http-response-time.error = 0
# Average queue time for requests in milliseconds
http-response-queue.gray = 1
http-response-queue.warning = 10
http-response-queue.error = 250
# Average time to first byte in milliseconds
http-response-ttfb.gray = 250
http-response-ttfb.warning = 500
http-response-ttfb.error = 1000
# Incoming HTTP bandwidth
http-bytes-in.gray = 500
http-bytes-in.warning = 0
http-bytes-in.error = 0
# Outgoing HTTP bandwidth
http-bytes-out.gray = 500
http-bytes-out.warning = 0
http-bytes-out.error = 0
# HTTP Connections opened
http-connects.gray = 100
http-connects.warning = 0
http-connects.error = 0
# Open HTTP Websockets
http-websockets.gray = 1
http-websockets.warning = 0
http-websockets.error = 0
# Number of eMails being sent per minute
mails-out.gray = 0
mails-out.warning = 50
mails-out.error = 0
# Duration it takes to send a mail in millis
mails-duration.gray = 500
mails-duration.warning = 1000
mails-duration.error = 15000
# Number of records being processed by the Crunchlog
crunchlog-records.gray = 1
crunchlog-records.warning = 2048
crunchlog-records.error = 0
# If the crunchlog is unable to write records to this,
# this metric is flipped to one, to turn the system state to red
crunchlog-error.gray = 0
crunchlog-error.warning = 0
crunchlog-error.error = 1
}
# Contains a list of monitored cluster nodes. The same list can (should) be supplied on all nodes so that
# each node monitors all others. Based on the priority (lowest wins) at least one node will try to
# alert an administrator if the cluster starts to fail.
cluster {
# Determines the node priority. The node which has the lowest priority (and is not failing) has to
# notify the administrator.
priority = 100
# Contains a list of endpoints (http://url:port) which should be monitored
nodes = [ ]
# Types of alerts triggered, once the system is unhappy
alerts {
# Enter a server here in the form of: http://server:port - This will be used to
# relay the alert to another system
gateway = ""
# Enter a shared secret here. This is used to send and receive alerts via a gateway. (Secret needs to
# be the same and not empty for two nodes to work together).
gatewaySecret = ""
}
}
}
# Contains settings used by the content generator (sirius.web.templates.Content).
content {
# Sets the javax.scripting engine used to execute JavaScript
script-engine = "js"
localResourcePath = "data/resources"
# Used by Content.getExtensions to build templates which can be enhanced by other components
extensions {
}
}
tagliatelle {
taglib {
w = "Wondergem",
h = "Help"
}
}
cache {
# Cache used to store resolved URLs by the Content class
resolver-cache {
maxSize = 8192
ttl = 1 minute
}
# Caches compiled templates for tagliatelle
tagliatelle-templates {
maxSize = 1024
ttl = 1 hour
}
# Caches user messages accross redirects or JSON calls to display them later
user-messages {
maxSize = 2048
ttl = 2 minute
}
}
# Make velocity not too chatty (the log4j name is 'velocity')
logging.velocity=WARN
# Contains the mail configuration used to send and receive mails
mail {
# Used as X-MAILER header...
mailer = "SIRIUS Java Library"
# Configuration used to send mails. You should at least change host, sender and senderName!
# As long as host is empty, no mail will be sent (not even tried)...
smtp {
# Host of the SMTP server
host = ""
# Port used by the SMTP server
port = "25"
# Username used to authenticate at the SMTP server
user = ""
# Password used to authenticate at the SMTP server
password = ""
# Default address used as "From:" if no other address is given
sender = ""
# Default name of the "From:" if no name is given
senderName = ""
# Determines if sender: / from: and envelope-from: headers are used.
useEnvelopeFrom = true
# Contains the settings required to enable DKIM
dkim {
# Contains the path to the DER encoded file containing the private key.
# A key can be created using:
# openssl genrsa -out dkim.pem 1024 (Generate keypair as PEM)
# openssl pkcs8 -topk8 -nocrypt -in dkim.pem -outform der -out dkim.der (Save private key as DER)
# openssl rsa -in dkim.pem -pubout (Save public key)
keyFile = ""
# Contains a list of domains to sign
domains = []
# Contains the DKIM selector used to sign (which is also used for the DNS lookup)
selector = ""
}
}
}
async.executor {
# Determines the size of the email sender pool. We only send one mail at a time
# but with an unlimited queue length
email {
poolSize = 1
queueLength = 0
}
# Determines the pool used by the web-server to handle incoming requests.
webserver {
poolSize = 64
queueLength = 256
}
}
# Defines the user management used by the application
security {
# Declares which scope types are known to the system and which user manager they use. Multiple scopes can be
# defined i.e. to differentiate between a user logged into an administration area vs. a user logged into the
# frontend of the application. To control which scope is active, the interface ScopeDetector has to be
# implemented and registered using @Register. By default the scope "default" is used for all requests.
# Implement ScopeDetector to change this.
scopes {
# Defines the manager used by the default scope.
default {
# Determines which user manager to use. By default the "public" user manager is used, which grants
# all permissions (well, those given in defaultRoles) without requiring a login. Use "config" to switch
# to users defined in the system configuration or create your own by implementing UserManagerFactory and
# UserManager.
# manager = "public"
# Defines roles granted to anonymous.
publicRoles = [ "permission-system-state", "permission-system-tags", "permission-system-tags-state" ]
# Defines roles granted to all "users".
defaultRoles = [ "permission-system-state", "permission-system-tags", "permission-system-tags-state" ]
}
}
# Defines a list of all known permissions for reporting reasons
permissions {
flag-logged-in : "Determines if an authorized user is present"
permission-system-console : "Required to use the console"
permission-system-timing : "Required to use the Microtiming UI"
permission-system-state : "Required to view the system state"
permission-system-tags : "Required to view all known Tagliatelle Tags"
permission-system-tags-state : "Required to view the state of Tagliatelle"
permission-system-scripting : "Required to execute ANY JavaScripts on the server(!)"
permission-system-notify-state : "Required to receive a warning in wondergem, if the system state is not GREEN"
permission-babelfish : "Required to view and export loaded translations"
permission-view-scope-default-config : "Required to view the default config of scopes"
}
# Declares profiles. Profiles are meta permissions which represent a set of permissions. Once a user is
# authorized, its permissions which reference profiles will be expanded automatically. This can be used to declare
# permissions like "admin" which represent a multitude of permissions (which also might change over time).
profiles {
# template {
# "permission1" : true,
# "permission2" : false
# }
}
}
crunchlog {
basedir = "data/crunchlog"
}
# Determines the hour of the day, when old files are deleted from the crunchlog
timer.daily.crunchlog-cleanup = 17