Orbit 3DM Publisher Service

This page is a glossary and bundles technical information about the Orbit 3DM Publisher Service including Orbit Enterprise Orbit Service (EOS) and Internet Orbit Service (IOS) used for HTTP Web Service.

Legacy EOS

The “Enterprise Orbit Service” or shortened “EOS” is Orbit's core server technologies for central storage, management, and sharing of Reference GIS and 3DM Mapping, Reality Resources.
EOS enables corporate management of users, permissions, workspaces, and licenses. It is the backbone of Orbit 3DM Publisher.

Server Config updates require Restart

Orbit Server configurations are loaded at Service Start. Changing server configurations requires the Orbit Service to be restarted.
Service installation changes (procrun and proxy settings) require the Orbit Service to be re-installed.

Cloud Storage Configuration

Orbit EOS configuration to connect and load resources from a support cloud blob storage.

Amazon S3 Bucket

  • File: <Install Dir>/program/config/amazon.store.<config.name>.ini
    config.name: Orbit configuration name for the cloud storage. Free of choice, lower case, no special characters.
  • Use the prefix am:/<config.name>/ in the resource file path to access the root folder of the AWS Bucket.
type amazon
access.key xxx
secret.key xxx
region.name xxx
bucket.name xxx
readonly true
cache true
cache.expire.time 172800.0
file.content.read.thread.count 12

Azure Container

  • File: <Install Dir>/program/config/azure.store.<config.name>.ini
    config.name: Orbit configuration name for the cloud storage. Free of choice, lowercase, no special characters.
  • Use the prefix az:/<config.name>/ in the resource file path to access the root folder of the Azure Container.
account.name xxx
account.key xxx
container.name xxx
readonly true

MinIO Object Store

  • File: <Install Dir>/program/config/minio.store.<config.name>.ini
    config.name: Orbit configuration name for the cloud storage. Free of choice, lowercase, no special characters.
  • Jars: Additional jar files are needed to connect to the MinIO Storage.
    Download, unzip, and copy into <Install Dir>/program/software/lib.
  • Java Options: Additional module --add-modules=kotlin.stdlib in the right place be loaded at starting the Publisher service.
    • Windows: <Install Dir>/program/bin/ServiceInstall.bat
      JAVA9_OPTIONS : ... ;'%INSTALL_DIR%/software/lib;--add-modules=kotlin.stdlib;--add-modules=core.toolx ...
    • Linux: <Install Dir>/program/bin/wrapper.conf
      # Java Additional Parameters : wrapper.java.additional.6=--add-modules=kotlin.stdlib
  • Use the prefix mio:/<config.name>/ in the resource file path to access the root folder of the MinIO Container.
type minio
endpoint.url xxx
access.key xxx
secret.key xxx
bucket.name xxx
readonly false
cache true
cache.expire.time 172800.0
file.content.read.thread.count 12

Cross-origin resource sharing

Configuration to set Cross-origin for Publisher service.
More information about CORS concepts

When embedding and accessing the Publisher from a different domain (for example from an SDK integration), all browsers apply cross-origin resource sharing restrictions.

Server Configurations

  • File : <Install Dir>/program/config/server.ini
  • Parameters:
    • http.cors.enabled: Enable CORS headers
    • http.cors.alloworigin: Value for the Cross-Domain-Allow-Origin header
    • http.cors.allowmethods: Value for the Cross-Domain-Allow-Methods header
    • http.cors.allowheaders: Value for the Cross-Domain-Allow-Headers header (Authorization, Content-Type, …)
    • http.cors.maxage: Value in seconds for the Cross-Domain-Max-Age header
    • http.cors.allowcredentials: Boolean value for the Cross-Domain-Allow-Credentials header

SDK Configuration

To enable cross-domain cookies, the SDK needs to get a specific startup option.
This may be needed for example when using Publisher with a load balancer that needs cookies to maintain session stickiness.

Example: Enable Cross-Domain with Cookies

Download Time-Out

Configuration to set URL to connect and download time-out.

Server Configurations

  • File : <Install Dir>/program/config/server.ini
  • Parameters :
    • urldownloader.timeout.connect
    • urldownloader.timeout.read
  • Value : Milliseconds as integer value
  • Default Value : 60000
urldownloader.timeout.connect      120000
urldownloader.timeout.read         120000

DOX

Desktop Client-Server Communication

The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened “DOX” protocol is Orbit's proprietary communication protocol between the Orbit tiers.

DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity).
DOX is a compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple, and fast way. It has no relation with HTTP or the alikes, but of course, runs over Tcp/Ip.
DOX does not influence any other protocol and cannot be hacked.

All Orbit Products are able to access remote EOS resources and instantly become client/server applications, providing access to corporate resources. Most Orbit products are available both in Standalone as in Client-Server.

EOS Install

EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Read access is required for all resources used by EOS.

A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory :

  • <Install Dir>/program/bin/

Stop & Start

When updating the Orbit Server software or applying hardware maintenance it will be required to stop and restart the Orbit Service. The service needs to be installed before starting and stopped before removing.
Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console.

Multiple instances

The name of an operating system service supposed to be unique.
To install multiple Orbit Services on a single server the Orbit Service Name of the second instance will need to be renamed before installing :

  • Windows : <Install Dir>/program/bin/ServiceInstall.bat
..
set SERVICE_DISPLAY_NAME=Orbit 3DM Publisher Service 2
set SERVICE_DESCRIPTION=Orbit 3DM Publisher Service 2
...
.. //IS//publisher_3dm_2 ..

File Access and Permission

The Orbit EOS service reads all resource requested by Orbit Clients and read & writes configurations as set by the EOS Console.
Consequently, Orbit EOS Service requires read access on all used resource files and read & write access to all Orbit setup and configuration files.

Access to network resources

Special attention is required regarding file access permissions for the Operating System User running the EOS service.
Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of Uniform Naming Convention (UNC) is required.

When adding resources to EOS, using the Publisher Console ensure the EOS service has access to the added resources at all time.

Access to system configuration files

Disk space or file access issues on EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all times.

User Account in Server Configurations

Orbit EOS Service account settings are applied at Service Install.
One can use the Operating System services management console to update the User Account or add User credentials into the Orbit service installation files.
Configuration update on the Service installation files requires the Orbit Service to be be stopped, removed, updated, re-installed, and restarted. Verify the update using the OS Services Management Console.

  • <Install Dir>/program/bin64/ServiceInstall.bat
set SERVICE_USER=--ServiceUser=<Domain>\<UserName> --ServicePassword=<UserPassword>

HTTP Proxy

The default configurations for all outgoing HTTP and HTTPS requests can be updated. However, we do advise using the default operating system proxy settings.

Proxy configurations are set at Service Install. Changing these configurations requires the Orbit Service to be stopped & removed, installed & restarted.

Add the following Java VM arguments into :

  • Linux : <Install Dir>/program/bin/wrapper.conf > Java Additional Parameters
  • Windows : <Install Dir>/program/bin/ServiceInstall.bat > JAVA_OPTIONS

Set system proxy settings

-Djava.net.useSystemProxies=true

Set other proxy settings
Below for https, for http replace “-Dhttps” by “-DHttp” :

-Dhttps.proxyHost=0.0.0.0
-Dhttps.proxyPort=0000
-Dhttps.proxyUser=xxx
-Dhttps.proxyPassword=xxx

Https example for Linux :

# Java Additional Parameters
wrapper.java.additional.1=-Xrs
wrapper.java.additional.2=-Djava.awt.headless=true
wrapper.java.additional.3=-Dhttps.proxyHost=0.0.0.0
wrapper.java.additional.4=-Dhttps.proxyPort=0000
wrapper.java.additional.5=-Dhttps.proxyUser=xxx
wrapper.java.additional.6=-Dhttps.proxyPassword=xxx

When using a proxy that doesn't require user validation, parameters “proxyUser” and “proxyPassword” should not be added.

HTTP Workthreads

The default number of concurrent Threads is 32 and a backlog of 64 Tasks.
Related to the available Cores the number of concurrent threads and backlog tasks can be increased.

Server Configurations

  • <Install Dir>/program/config/server.ini
portserver.HTTP.workthread.count 32 
portserver.HTTP.maximum.pending.requests 64

HTTPS

WebClient - Server communication

The Orbit Publisher includes an HTTP or HTTPS Web Server. One or the other, not both together. Incoming HTTP requests can be redirected to HTTPS services
By default, an HTTP Web Service is configured. Below the documentation on how to configure an HTTPS Web Service.

The Http(s) Web Service is used for Publisher WebClient (“Publication”) - Server and EOS WebClient (“EOS Console”) - Server communication.

KeyStore File

Orbit supports both PKCS 12 and Java KeyStore files.
The password-protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate.

Certificate submitting and KeyStore file creation must be completed prior to configuring the Orbit Web Server from HTTP to HTTPS.
More information, see Wikipedia Authorization Certifcate, Wikipedia Public Key, Wikipedia Java Keystore, Wikipedia PKCS 12.

Server configurations

KeyStore file

Copy the KeyStore file keystore.xxx to <Install Dir>/../Orbit 3DM Publisher Service Data/http/.
Supported KeyStore files : .jks, .jceks, .p12, .pks, .pfx

KeyStore file Password

Add a keystore.pwd single line text file next to the KeyStore file.
The password can be saved as plain text or scrambled.
To get a scrambled keystore.pwd, create a Service Request to be contacted by a Support Engineer.

HTTPS Service

Configure the HTTP service to operate in HTTPS mode and port 443 :

  • <Install Dir>/../Orbit 3DM Publisher Service Data/http/configuration.ini
secure			true
port			443

Redirecting from HTTP to HTTPS

To redirect incoming HTTP traffic to the HTTPS web service

  1. Create a new folder http80 into <Install Dir>/program/services
  2. Create a new file service.ini into the newly created folder <Install Dir>/program/services/http80
    Copy, paste and save the snippet below into the service.ini file.
Services=
 Service=
  Name=HttpService80
  ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService
  Parameters=
   Parameter=secure:false
   Parameter=host:all
   Parameter=port:80
   Parameter=http.get.enable:false
   Parameter=http.get.wwwroot:<SYSTEMPATH>/wwwroot
   Parameter=run.service.enable:false
   Parameter=redirect.to.secure:true

Additional configuration consequences

For Orbit Publisher EOS-Console users only:

  • Enable secure cross-domain communication, see above HTTP Cross-Domain Communication.
  • Configure geocoding plugins to communicate via secure HTTPS connection to avoid HTTP-HTTPS netwerk security conflicts.
    See Publisher Customized Publications.
  • Ensure the Publication Server Url is available via HTTPS , see 3DM Publisher Console > Main > Publish.

Logging EOS

The activity and tasks completed by the EOS service are logged into the following directory :

  • <Install Dir>/../Orbit 3DM Publisher Service Data/log/eos/

These log files contain the most recent activity of the EOS service.
For reasons of disk space, only 10 files of 8MB each are stored. The most recent log file has no index suffix.

Server Configurations

  • <Install Dir>/program/config/server.ini
system.logfile					<SYSTEMPATH>/log/eos/server.log
system.logfile.pagecount			8 
system.logfile.pagesize				16 
system.logall					true

Logging Portserver

The activity on Dox and HTTP ports can be logged (default “false”) into the following directory :

  • <Install Dir>/../Orbit 3DM Publisher Service Data/log/portserver/

Server Configurations

  • <Install Dir>/program/config/server.ini
portserver.logging.enabled			false
portserver.logging.interval			10
portserver.logging.location			<SYSTEMPATH>/log/portserver/<TIMESTAMP>.log

Port Allocation

By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service requires port 1111 (HTTP)

Communication between Client and Server must be available at all times. A client, server, or network blocking firewall on these ports will result in run time errors.
The default server and port configuration can be changed if required. However, we do advise to use a reverse proxy instead.

Server Configurations

Server-side Service configuration files :

  • <Install Dir>/program/services/dox/service.ini
  • <Install Dir>/program/services/http/service.ini

Client Configurations

Desktop Client side configuration file :

  • ../client/program/login.ini

Procrun Service

On Windows Orbit uses the Procrun Service to start and run the EOS Service.
The Procrun Service creates by default 2 log files :

  • C:/Windows/System32/LogFiles/Apache/name-stderr.date > e.g. “orbit-stderr.2015-04-14” : Log of service install
  • C:/Windows/System32/LogFiles/Apache/nname-stdout.data > e.g. “orbit-stdout.2015-04-14” : Log of Procrun Service used by Orbit

The sum of all these files can become very big and may result in the C:/ partition running out of space. Disable this service logging to avoid a relatively small C partition to run out of space.
To disable Procrun logging following server-side configuration file must be updated.

Server Configurations

Procrun configurations are set at Service Install. Changing these configurations requires the Orbit Service to be stopped & removed, installed & restarted.

  • Windows : <Install Dir>/program/bin64/ServiceInstall.bat

Logging enabled :

--StdOutput=auto
--StdError=auto

Logging disabled :

--StdOutput=
--StdError=

Test Service (Status Monitoring)

The availability of the HTTP Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page :

  • http://<server>:<port>/publications/<publication>/index.html
  • http://<server>:<port>/crossdomain.xml

A TestService is available to request detailed runtime information about all EOS Services. Optionally a TestMask can be applied.

  • All available tests
    http://<server>:<port>/?service=TestService&request=RunTestOperation
  • Service StartTime
    http://<server>:<port>/?service=TestService&request=RunTestOperation&TestMask=ServiceContainer.System.StartTime
  • 3DM Publisher Online Check
    http://<server>:<port>/?service=TestService&request=RunTestOperation&TestMask=ServiceContainer.MappingService3DM.ServicesOnline

WMS and WFS Hosting

The 3DM Publisher server includes the capability to provide OGC compliant WFS (version 1.1.1 and 1.2.0) and WMS (version 1.1.0 and 1.3.0) services for Generic Resources.

More information about the OGC WFS and WMS specifications :

Resources are published on a Publication level. On the Share page of a Publication, you can enable or disable a dedicated WMS, WFS endpoint for the publication. Basic support for WFS Transactions (WFST) can be enabled separately.

The WFS service supports the following output formats :

  • GML 2.1.2
  • GML 3.1.1
  • GeoJSON

Legacy EOS: WMS and WFS Hosting

This documentation is only here for legacy reasons and no longer applicable to recent versions.
Publisher supports WMS/WFS hosting as a part of publication sharing.

The Orbit EOS server includes the capability to provide OGC compliant WFS (version 1.1.1) and WMS (version 1.1.0) services for EOS Resources.

More information about the OGC WFS and WMS specifications :

Customization of the Orbit WMS and WFS services can be achieved via the configuration.xml file. Next to some service settings and specifications, the list of available layers can be restricted.

When removing this configuration.xml file :

  • a default set of service settings and specifications will be used
  • user authentication will be required at all time
  • the list of available layers will be set to all dataset for which the user has EOS view permissions

Server Configurations

  • <Install Dir>/program/services/wfs/configuration.xml
  • <Install Dir>/program/services/wms/configuration.xml

Example for WFS
This example includes all available tags to configure the Orbit WFS service.

<Configuration>
	<URLPrefix>wfs</URLPrefix>
	<ServiceTitle>Orbit WFS</ServiceTitle>
	<ServiceAbstract>Web Feature Service powered by Orbit GT Technology</ServiceAbstract>
	<ServiceKeyword>Orbit GT</ServiceKeyword>
	<ServiceKeyword>EOS Resources</ServiceKeyword>
	<ServiceProviderName>Orbit GT</ServiceProviderName>
	<ServiceProviderSite>https://orbitgt.com</ServiceProviderSite>
	<DataSet>
		<DataSetName>Flanders_Buildings</DataSetName>
	</DataSet>
	<DataSet>
		<DataSetName>Flanders_Parcels</DataSetName>
	</DataSet>
	<CRS>31370</CRS>
	<CRS>3395</CRS>
	<CRS>4258</CRS>
	<CRS>4326</CRS>
	<FixedUsername>guest</FixedUsername>
	<FixedPassword>guest</FixedPassword>
	<IsMaxFeaturesEnabled>true</IsMaxFeaturesEnabled>
	<DefaultMaxFeatures>10000</DefaultMaxFeatures>
</Configuration>

Example for WMS
This example includes all available tags to configure the Orbit WMS service.

<Configuration>
	<URLPrefix>wms</URLPrefix>
	<ServiceTitle>Orbit WMS</ServiceTitle>
	<ServiceAbstract>Web Map Service powered by Orbit GT Technology</ServiceAbstract>
	<ServiceKeyword>Orbit GT</ServiceKeyword>
	<ServiceKeyword>EOS Resources</ServiceKeyword>
	<ServiceRootLayerTitle>Cadastral maps of Flanders</ServiceRootLayerTitle>
	<DataSet>
		<DataSetName>Flanders_Buildings</DataSetName>
		<Abstract>Buildings of Flanders</Abstract>
	</DataSet>
	<DataSet>
		<DataSetName>Flanders_Parcels</DataSetName>
		<Abstract>Parcel of Flanders</Abstract>
	</DataSet>
	<CRS>31370</CRS>
	<CRS>3395</CRS>
	<CRS>4258</CRS>
	<CRS>4326</CRS>
	<FixedUsername>guest</FixedUsername>
	<FixedPassword>guest</FixedPassword>
</Configuration>

Tags

For some reason the tags available for WFS and WMS differ, for any explanation see OGC documentation.
Some notes about special tags or values used by Orbit :

  • URLPrefix : <server url>:<port>/<URLPrefix>?service=<“wms”/“wfs”>&request=getcapabilities
  • DataSetName : EOS Dataset Registry Name
  • FixedUsername, FixedPassword : EOS Username and Password to access Service. If not set, the username and password will be requested upon accessing the service. The fix or entered user must have EOS permissions to view the configured resources to get access to this resource.
  • IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of features that can be replied to on a single feature request.

Legacy EOS: Workspace configurations

This documentation is only here for legacy reasons and no longer applicable to recent versions.

As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending on the used Orbit desktop client workspace.

All server-side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated “properties_<workspace>” service configuration file for any known Orbit workspace. This duplicated service configuration file makes it possible to set private service configurations for a given workspace.

 
Last modified:: 2024/07/24 20:40