Recent Changes

Differences

This shows you the differences between two versions of the page.

--- dev:server:eos:service [2017/08/30 05:26]
jve@orbitgt.com [Https]
+++ dev:server:eos:service [2023/01/31 19:13]
jeroen removed
@@ Line 1: / Line 1: @@
 ====== Orbit Enterprise Service ======
-This page is a glossary bundling all technical information about the Orbit EOS Service and its including Http Web Service.
+This page is a glossary and bundles technical information about the Orbit EOS Service and its HTTP Web Service.
 <note tip>
-The "Enterprise Orbit Service" or shortened "EOS" is Orbit's core server technologies for central storage, management and sharing of GIS, Mobile Mapping and Oblique resources. \\
+The "Enterprise Orbit Service" or shortened "EOS" is Orbit's core server technologies for central storage, management, and sharing of Reference GIS and 3DM Mapping, Reality Resources. \\
-EOS enables corporate management of users, permissions, workspaces and licenses. It is the backbone for Orbit Client-Server setups and Orbit Publishers.
+EOS enables corporate management of users, permissions, workspaces, and licenses. It is the backbone for Orbit 3DM Feature Extraction Client-Server setups and Orbit 3DM Publisher.
 </note>
+===== Amazon S3 Bucket Cloud Storage Configuration =====
+Orbit EOS configuration to connect and load resources from Amazon S3 Bucket cloud blob storage.
+  * File: ''../server/program/config/amazon.store.<config.name>.ini''
+  * Parameters
+    * Most parameters are self-explaining.
+    * config.name: Orbit configuration name for the cloud storage. Free of choice, lower case, no special characters. \\ Use the prefix ''am:/<config.name>/'' in the resource file path to access the root folder of the AWS Bucket.
+    * region.name: Amazon regional endpoint code, see https://docs.aws.amazon.com/general/latest/gr/rande.html
+<code>
+type amazon
+access.key xxx
+secret.key xxx
+region.name xxx
+bucket.name xxx
+readonly true
+cache true
+cache.expire.time 172800.0
+file.content.read.thread.count 12
+</code>
+===== Azure Container Cloud Storage Configuration ====
+Orbit EOS configuration to connect and load resources from a Microsoft Azure Container cloud blob storage.
+  * File: ''../server/program/config/azure.store.<config.name>.ini''
+  * Parameters
+    * Most parameters are self-explaining.
+    * config.name: Orbit configuration name for the cloud storage. Free of choice, lower case, no special characters. \\ Use the prefix ''az:/<config.name>/'' in the resource file path to access the root folder of the Azure Container.
+    * region.name: Regional endpoint code
+<code>
+account.name xxx
+account.key xxx
+container.name xxx
+readonly true
+region.name xxx
+</code>
+===== Cross Domain Communication =====
+When embedding and accessing an Orbit Flash WebClient via another server in another domain, cross-domain communication needs to be authorized by the Orbit Publisher HTTP Web Service. \\
+This is authorization is required by use of Adobe Flash, more information :
+  * http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
+  * http://helpx.adobe.com/flash-player/kb/authorization-header-request-flash-player.html
+=== Server configurations ===
+Cross-Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn't need to be restarted.
+  * ''../server/program/wwwroot/crossdomain.xml''
+The example below will authorize all cross domain communication :
+<code html>
+<cross-domain-policy>
+	<site-control permitted-cross-domain-policies="all" />
+	<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
+	<allow-access-from domain="*" secure="false"/>
+</cross-domain-policy>
+</code>
+===== Download Time-Out =====
+Configuration to set URL to connect and download time-out.
+  * File : ''../server/program/config/server.ini''
+  * Parameters :
+    * ''urldownloader.timeout.connect''
+    * ''urldownloader.timeout.read''
+  * Value : Milliseconds as integer value
+  * Default Value : 60000
+<code>
+urldownloader.timeout.connect      120000
+urldownloader.timeout.read         120000
+</code>
 ===== DOX =====
-** Desktop Client - Server Communication **
+** Desktop Client-Server Communication **
 The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened "DOX" protocol is Orbit's proprietary communication protocol between the Orbit tiers.
 DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity). \\
-DOX is compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple and fast way. It has no relation with Http or the alikes, but of course runs over Tcp/Ip. \\
+DOX is a compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple, and fast way. It has no relation with HTTP or the alikes, but of course, runs over Tcp/Ip. \\
 DOX does not influence any other protocol and cannot be hacked.
@@ Line 22: / Line 101: @@
 ===== EOS Install =====
-EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Obviously, read access is required for all resources used by EOS.
+EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Read access is required for all resources used by EOS.
 A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory :
@@ Line 28: / Line 107: @@
 ** Stop & Start ** \\
-When updating the Orbit Server software or to apply hardware maintenance it will be required to stop and restart the Orbit Service. It is obvious that the service needs to be installed before starting and stopped before removing. \\
+When updating the Orbit Server software or applying hardware maintenance it will be required to stop and restart the Orbit Service. The service needs to be installed before starting and stopped before removing. \\
 Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console.
@@ Line 48: / Line 127: @@
   * ''../server/log/eos/''
-These log files contain only the most recent activity of the EOS service. For reasons of disk space only 10  files of 8MB each are stored. The most recent log file has no index suffix.
+These log files contain only the most recent activity of the EOS service. For reasons of disk space, only 10  files of 8MB each are stored. The most recent log file has no index suffix.
 === Server Configurations ===
-Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
+Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped and restarted after changing the configurations.
   * ''../server/program/config/server.ini''
@@ Line 65: / Line 144: @@
 ===== File Access and Permission =====
-** Read and Write Access for EOS Service **
+The Orbit EOS service reads all resource requested by Orbit Clients and read & writes configurations as set by the EOS Console. \\
+Consequently, Orbit EOS Service requires read access on all used resource files and read & write access to all Orbit setup and configuration files.\\
-When running Orbit in Client/Server the EOS Service requires file access to all applicable resources.\\
+=== Access to network resources ===
-The EOS service will read and write all resources and configuration files as requested by Orbit Clients.
-Hereby special attention is required regarding file access permissions for the Operating System User running the EOS service. \\
+Special attention is required regarding file access permissions for the Operating System User running the EOS service. \\
-Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of [[http://en.wikipedia.org/wiki/Uniform_Naming_Convention#Uniform_Naming_Convention|Uniform Naming Convention]] is required.
+Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of [[http://en.wikipedia.org/wiki/Uniform_Naming_Convention#Uniform_Naming_Convention|Uniform Naming Convention]] (UNC) is required.
-When adding resources to EOS, using the [[171:server:console:resources:datasets_setup|EOS console]] or via the desktop client administration procedures for Mobile Mapping or Oblique, ensure the EOS service has access to the added resources at all time. \\
+When adding resources to EOS, using the [[dev:server:publisher_console:index|Publisher Console]] or [[dev:server:console:resources:datasets_setup|legacy EOS console]] ensure the EOS service has access to the added resources at all time. \\
-Disk space or file access issues while saving EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all time.
+=== Access to system configuration files ===
-===== Http Cross Domain Communication =====
+Disk space or file access issues on EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all times.
-When embedding and accessing an Orbit Flash WebClient via another server in another domain, cross domain communication needs to be authorized by the Orbit Publisher Http Web Service. \\
+=== User Account in Server Configurations ===
-This is authorization is required by use of Adobe Flash, more information :
-  * http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
-  * http://helpx.adobe.com/flash-player/kb/authorization-header-request-flash-player.html
-=== Server configurations ===
+Orbit EOS Service account settings are applied at Service Install. \\
+One can use the Operating System services management console to update the User Account or add User credentials into the Orbit service installation files. \\
+Configuration update on the Service installation files requires the Orbit Service to be be stopped, removed, updated, re-installed, and restarted. Verify the update using the OS Services Management Console.
-Cross Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn't need to be restarted.
+  * ''../server/program/bin64/ServiceInstall.bat''
-  * ''../server/program/wwwroot/crossdomain.xml''
+<code>
+set SERVICE_USER=--ServiceUser=<Domain>\<UserName> --ServicePassword=<UserPassword>
+</code>
-The example below will authorize all cross domain communication :
-<code html>
-<cross-domain-policy>
-	<site-control permitted-cross-domain-policies="all" />
-	<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
-	<allow-access-from domain="*" secure="false"/>
-</cross-domain-policy>
-</code>
-===== Http Proxy =====
+===== HTTP Proxy =====
-The default configurations for all outgoing http and https  request can be updated. However we do advise to use the default operating system proxy settings.
+The default configurations for all outgoing HTTP and HTTPS requests can be updated. However, we do advise to use the default operating system proxy settings.
 === Server Configurations ===
-Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.
+Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed, and restarted.
 Add the following Java VM arguments into :
@@ Line 155: / Line 226: @@
-===== Http Workthreads =====
+===== HTTP Workthreads =====
-The default number of concurrent Threads is 32 and a backlog of 64 tTasks. \\
+The default number of concurrent Threads is 32 and a backlog of 64 Tasks. \\
 Related to the available Cores the number of concurrent threads and backlog tasks can be increased.
 === Server Configurations ===
-Workthread configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
+Work thread configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
   * ''../server/program/config/server.ini''
@@ Line 171: / Line 242: @@
 </code>
-===== Https =====
+===== HTTPS =====
 ** WebClient - Server communication **
-The Orbit Publisher includes a Http or Https Web Server. One or the other, not both together. \\
+The Orbit Publisher includes an HTTP or HTTPS Web Server. One or the other, not both together. Incoming HTTP requests can be redirected to HTTPS services \\
-By default a Http Web Service is configured. Below the documentation on how to configure a Https Web Service.
+By default, an HTTP Web Service is configured. Below the documentation on how to configure an HTTPS Web Service.
 The Http(s) Web Service is used for Publisher WebClient ("Publication") - Server and EOS WebClient ("EOS Console") - Server communication.
@@ Line 183: / Line 254: @@
 Orbit supports both PKCS 12 and Java KeyStore files. \\
-The password protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate.
+The password-protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate.
-Certificate submitting and KeyStore file creation must be completed prior to configure the Orbit Web Server from Http to Https. \\
+Certificate submitting and KeyStore file creation must be completed prior to configuring the Orbit Web Server from HTTP to HTTPS. \\
 More information, see [[https://en.wikipedia.org/wiki/Authorization_certificate|Wikipedia Authorization Certifcate]], [[https://en.wikipedia.org/wiki/Public_key_infrastructure|Wikipedia Public Key]], [[https://en.wikipedia.org/wiki/Keystore|Wikipedia Java Keystore]], [[https://en.wikipedia.org/wiki/PKCS_12|Wikipedia PKCS 12]].
 === Server configurations ===
-Web Server configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.
+These Web Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
 ** KeyStore file ** \\
 Copy the KeyStore file ''keystore.xxx'' to ''../server/program/services/http/''. \\
-Supported KeyStore files :
+Supported KeyStore files : .jks, .jceks, .p12, .pks, .pfx
-  * keystore.jks
-  * keystore.jceks
-  * keystore.p12
-  * keystore.pfx
 ** KeyStore file Password ** \\
-Two options to set the keystore file password :
+Add a ''keystore.pwd'' single line text file next to the KeyStore file. \\
+The password can be saved as plain text or scrambled, contact Orbit Support.
-A) Add ''keystore.pwd'' text file next to he ''keystore.xxx'' KeyStore file. \\
+** HTTPS Service ** \\
-If required the password can be scrambled, contact Orbit Support to do so.
+Configure the HTTP service to operate in HTTPS mode :
+  * ''../server/program/services/http/service.ini''
-B) Add the following Java VM arguments :
+<code>
-  * Linux : ''../server/program/bin/wrapper.conf'' > ''Java Additional Parameters''
+Parameter=secure:true
-  * Windows : ''../server/program/bin/ServiceInstall.bat'' > ''JAVA_OPTIONS''
+</code>
+** Port ** \\
+In the same ''service.ini''  file, modify the port to 443:
 <code>
--Djavax.net.ssl.keyStorePassword=<jks-keystore-password>
+Parameter=port:443
 </code>
-** Https Service ** \\
+===Redirecting from HTTP to HTTPS ===
-Configure the Http service to operate in Https mode :
-  * ''../server/program/services/http/service.ini''
+To redirect an existent from HTTP to HTTPS , the procedure described below must be followed:
+A new folder ''http80'' must be created and placed in:
+* ''../server/program/services''
+The folder must containing a ''service.ini'' file prepared as the example:
 <code>
-Parameter=secure:true
+Services=
+ Service=
+  Name=HttpService80
+  ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService
+  Parameters=
+   Parameter=secure:false
+   Parameter=host:all
+   Parameter=port:80
+   Parameter=http.get.enable:false
+   Parameter=http.get.wwwroot:<SYSTEMPATH>/wwwroot
+   Parameter=run.service.enable:false
+   Parameter=redirect.to.secure:true
 </code>
 === Additional configuration consequences ===
-For Orbit Publishers only
+For Orbit Publisher EOS-Console users only:
-  * Enable secure cross domain communication, see above Http Cross Domain Communication.
+  * Enable secure cross-domain communication, see above HTTP Cross-Domain Communication.
-  * Configure geocoding plugins to communicate via secure Https connection to avoid http-https netwerk security conflicts.
+  * Configure geocoding plugins to communicate via secure HTTPS connection to avoid HTTP-HTTPS netwerk security conflicts. \\ See [[180:server:publishers:publication_template|]].
+  * Ensure the Publication Server Url is available via HTTPS , see [[dev:server:console:publishers|]] > Main > Publish.
 ===== Port Allocation =====
-By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service require port 1111 (Http)
+By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service requires port 1111 (HTTP)
-Communication between Client and Server must be available at all times.  A client, server or network blocking firewall on these ports will result in run time errors. \\
+Communication between Client and Server must be available at all times.  A client, server, or network blocking firewall on these ports will result in run time errors. \\
-The default server and port configuration can be changed if required. However we do advise to use a reverse proxy instead.
+The default server and port configuration can be changed if required. However, we do advise to use a reverse proxy instead.
 === Server Configurations ===
-Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated and restarted. \\
+Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated, and restarted. \\
 Server side Service configuration files :
   * ''../server/program/services/dox/service.ini''
@@ Line 250: / Line 340: @@
 ===== Port Logging =====
-The activity on Dox and Http ports can be logged (default "false") into following directory :
+The activity on Dox and HTTP ports can be logged (default "false") into following directory :
   * ''../server/log/portserver/''
 === Server Configurations ===
-Portserver logging configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
+Portserver logging configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated, and restarted.
   * ''../server/program/config/server.ini''
@@ Line 272: / Line 362: @@
   * ''C:/Windows/System32/LogFiles/Apache/nname-stdout.data'' > e.g. "orbit-stdout.2015-04-14" : Log of Procrun Service used by Orbit
-The sum of all these files can become very big and may result the C:/ partition to run out of space. Disable this service logging to avoid relative small C partition to run out of space. \\
+The sum of all these files can become very big and may result in the C:/ partition running out of space. Disable this service logging to avoid a relatively small C partition to run out of space. \\
-To disable Procrun logging following server side configuration file must be updated.
+To disable Procrun logging following server-side configuration file must be updated.
 === Server Configurations ===
-Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.
+Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.\\ \\ Verify the User Account “Orbit Enterprise Service” before removing the service. Check the service credentials at the “Log On” panel of the Operating System Service “Properties” window. Before restarting the Orbit Service, it is required to change the credentials back to the actual configuration.
   * Windows : ''../server/program/bin64/ServiceInstall.bat''
@@ Line 292: / Line 382: @@
 --StdError=
 </code>
 ===== Test Services =====
-The availability of the Http Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page :
+The availability of the HTTP Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page :
   * ''<nowiki>http://<server>:<port>/publications/<publication>/index.html</nowiki>''
   * ''<nowiki>http://<server>:<port>/crossdomain.xml</nowiki>''
@@ Line 302: / Line 393: @@
   * ''<nowiki>http://<server>:<port>/?service=TestService&request=RunTestOperation&TestMask=ServiceContainer.System.StartTime</nowiki>''
-===== WMS and WFS Services =====
+===== WMS and WFS Hosting =====
 The Orbit EOS server includes the capability to provide OGC compliant WFS (version 1.1.1) and WMS (version 1.1.0) services for EOS Resources.
@@ Line 310: / Line 401: @@
   * http://www.opengeospatial.org/standards/wms
-Customization of the Orbit WMS and WFS services can be achieved via the the according configuration.xml file. Next to some service settings and specifications, the list of available layers can be restricted.
+Customization of the Orbit WMS and WFS services can be achieved via the configuration.xml file. Next to some service settings and specifications, the list of available layers can be restricted.
 When removing this configuration.xml file :
   * a default set of service settings and specifications will be used
-  * user user authentication will be required at all time
+  * user authentication will be required at all time
   * the list of available layers will be set to all dataset for which the user has EOS view permissions
 === Server Configurations ===
-WMS and WFS configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted.
+WMS and WFS configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated, and restarted.
   * ''../server/program/services/wfs/configuration.xml''
@@ Line 387: / Line 478: @@
   * URLPrefix : <server url>:<port>/<URLPrefix>?service=<"wms"/"wfs">&request=getcapabilities
   * DataSetName : EOS Dataset Registry Name
-  * FixedUsername, FixedPassword : EOS Username and Password to access Service. If not set, the username and password will be requested upon accessing the service. The fix or entered user must have EOS permissions to view the configured resources to get access to these resource.
+  * FixedUsername, FixedPassword : EOS Username and Password to access Service. If not set, the username and password will be requested upon accessing the service. The fix or entered user must have EOS permissions to view the configured resources to get access to this resource.
-  * IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of feature that can be replied on a single feature request.
+  * IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of features that can be replied to on a single feature request.
 ===== Workspace configurations =====
-As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending the used Orbit desktop client workspace.
+As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending on the used Orbit desktop client workspace.
-All server side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated "properties_<workspace>" service configuration file for any known Orbit workspace. This duplicated service configuration file makes it possible to set private service configurations for a given workspace.
+All server-side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated "properties_<workspace>" service configuration file for any known Orbit workspace. This duplicated service configuration file makes it possible to set private service configurations for a given workspace.