Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dev:server:eos:service [2017/08/30 05:26] jve@orbitgt.com [Https] |
dev:server:eos:service [2023/01/31 19:13] jeroen removed |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Orbit Enterprise Service ====== | ====== Orbit Enterprise Service ====== | ||
- | This page is a glossary | + | |
+ | This page is a glossary | ||
<note tip> | <note tip> | ||
- | The " | + | The " |
- | EOS enables corporate management of users, permissions, | + | EOS enables corporate management of users, permissions, |
</ | </ | ||
+ | ===== Amazon S3 Bucket Cloud Storage Configuration ===== | ||
+ | |||
+ | Orbit EOS configuration to connect and load resources from Amazon S3 Bucket cloud blob storage. | ||
+ | |||
+ | * File: '' | ||
+ | * Parameters | ||
+ | * Most parameters are self-explaining. | ||
+ | * config.name: | ||
+ | * region.name: | ||
+ | |||
+ | < | ||
+ | type amazon | ||
+ | access.key xxx | ||
+ | secret.key xxx | ||
+ | region.name xxx | ||
+ | bucket.name xxx | ||
+ | readonly true | ||
+ | cache true | ||
+ | cache.expire.time 172800.0 | ||
+ | file.content.read.thread.count 12 | ||
+ | </ | ||
+ | |||
+ | ===== Azure Container Cloud Storage Configuration ==== | ||
+ | |||
+ | Orbit EOS configuration to connect and load resources from a Microsoft Azure Container cloud blob storage. | ||
+ | |||
+ | * File: '' | ||
+ | * Parameters | ||
+ | * Most parameters are self-explaining. | ||
+ | * config.name: | ||
+ | * region.name: | ||
+ | |||
+ | < | ||
+ | account.name xxx | ||
+ | account.key xxx | ||
+ | container.name xxx | ||
+ | readonly true | ||
+ | region.name xxx | ||
+ | </ | ||
+ | |||
+ | ===== Cross Domain Communication ===== | ||
+ | |||
+ | When embedding and accessing an Orbit Flash WebClient via another server in another domain, cross-domain communication needs to be authorized by the Orbit Publisher HTTP Web Service. \\ | ||
+ | This is authorization is required by use of Adobe Flash, more information : | ||
+ | * http:// | ||
+ | * http:// | ||
+ | |||
+ | === Server configurations === | ||
+ | |||
+ | Cross-Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn' | ||
+ | |||
+ | * '' | ||
+ | |||
+ | The example below will authorize all cross domain communication : | ||
+ | |||
+ | <code html> | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Download Time-Out ===== | ||
+ | |||
+ | Configuration to set URL to connect and download time-out. | ||
+ | |||
+ | * File : '' | ||
+ | * Parameters : | ||
+ | * '' | ||
+ | * '' | ||
+ | * Value : Milliseconds as integer value | ||
+ | * Default Value : 60000 | ||
+ | |||
+ | < | ||
+ | urldownloader.timeout.connect | ||
+ | urldownloader.timeout.read | ||
+ | </ | ||
===== DOX ===== | ===== DOX ===== | ||
- | ** Desktop Client - Server Communication ** | + | ** Desktop Client-Server Communication ** |
The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened " | The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened " | ||
DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity). \\ | DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity). \\ | ||
- | DOX is compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple and fast way. It has no relation with Http or the alikes, but of course runs over Tcp/Ip. \\ | + | DOX is a compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple, and fast way. It has no relation with HTTP or the alikes, but of course, runs over Tcp/Ip. \\ |
DOX does not influence any other protocol and cannot be hacked. | DOX does not influence any other protocol and cannot be hacked. | ||
Line 22: | Line 101: | ||
===== EOS Install ===== | ===== EOS Install ===== | ||
- | EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. | + | EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. |
A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory : | A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory : | ||
Line 28: | Line 107: | ||
** Stop & Start ** \\ | ** Stop & Start ** \\ | ||
- | When updating the Orbit Server software or to apply hardware maintenance it will be required to stop and restart the Orbit Service. | + | When updating the Orbit Server software or applying |
Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console. | Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console. | ||
Line 48: | Line 127: | ||
* '' | * '' | ||
- | These log files contain only the most recent activity of the EOS service. For reasons of disk space only 10 files of 8MB each are stored. The most recent log file has no index suffix. | + | These log files contain only the most recent activity of the EOS service. For reasons of disk space, only 10 files of 8MB each are stored. The most recent log file has no index suffix. |
=== Server Configurations === | === Server Configurations === | ||
- | Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated | + | Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped and restarted |
* '' | * '' | ||
Line 65: | Line 144: | ||
===== File Access and Permission ===== | ===== File Access and Permission ===== | ||
- | ** Read and Write Access for EOS Service | + | The Orbit EOS service reads all resource requested by Orbit Clients |
+ | Consequently, | ||
- | When running Orbit in Client/ | + | === Access |
- | The EOS service will read and write all resources and configuration files as requested by Orbit Clients. | + | |
- | Hereby special | + | Special |
- | Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of [[http:// | + | Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of [[http:// |
- | When adding resources to EOS, using the [[171: | + | When adding resources to EOS, using the [[dev: |
- | Disk space or file access issues while saving EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all time. | + | === Access to system |
- | ===== Http Cross Domain Communication ===== | + | Disk space or file access issues on EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all times. |
- | When embedding and accessing an Orbit Flash WebClient via another server | + | === User Account |
- | This is authorization is required by use of Adobe Flash, more information : | + | |
- | * http:// | + | |
- | * http:// | + | |
- | === Server configurations === | + | Orbit EOS Service account settings are applied at Service Install. \\ |
+ | One can use the Operating System services management console to update the User Account or add User credentials into the Orbit service installation files. \\ | ||
+ | Configuration update on the Service installation files requires the Orbit Service to be be stopped, removed, updated, re-installed, | ||
- | Cross Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn't need to be restarted. | + | * ''../ |
- | * '' | + | < |
+ | set SERVICE_USER=--ServiceUser=< | ||
+ | </code> | ||
- | The example below will authorize all cross domain communication : | ||
- | |||
- | <code html> | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | </ | ||
- | ===== Http Proxy ===== | + | ===== HTTP Proxy ===== |
- | The default configurations for all outgoing | + | The default configurations for all outgoing |
=== Server Configurations === | === Server Configurations === | ||
- | Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted. | + | Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed, and restarted. |
Add the following Java VM arguments into : | Add the following Java VM arguments into : | ||
Line 155: | Line 226: | ||
- | ===== Http Workthreads ===== | + | ===== HTTP Workthreads ===== |
- | The default number of concurrent Threads is 32 and a backlog of 64 tTasks. \\ | + | The default number of concurrent Threads is 32 and a backlog of 64 Tasks. \\ |
Related to the available Cores the number of concurrent threads and backlog tasks can be increased. | Related to the available Cores the number of concurrent threads and backlog tasks can be increased. | ||
=== Server Configurations === | === Server Configurations === | ||
- | Workthread | + | Work thread |
* '' | * '' | ||
Line 171: | Line 242: | ||
</ | </ | ||
- | ===== Https ===== | + | ===== HTTPS ===== |
** WebClient - Server communication ** | ** WebClient - Server communication ** | ||
- | The Orbit Publisher includes | + | The Orbit Publisher includes |
- | By default | + | By default, an HTTP Web Service is configured. Below the documentation on how to configure |
The Http(s) Web Service is used for Publisher WebClient (" | The Http(s) Web Service is used for Publisher WebClient (" | ||
Line 183: | Line 254: | ||
Orbit supports both PKCS 12 and Java KeyStore files. \\ | Orbit supports both PKCS 12 and Java KeyStore files. \\ | ||
- | The password protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate. | + | The password-protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate. |
- | Certificate submitting and KeyStore file creation must be completed prior to configure | + | Certificate submitting and KeyStore file creation must be completed prior to configuring |
More information, | More information, | ||
=== Server configurations === | === Server configurations === | ||
- | Web Server configurations are applied at Service | + | These Web Server configurations are applied at Service |
** KeyStore file ** \\ | ** KeyStore file ** \\ | ||
Copy the KeyStore file '' | Copy the KeyStore file '' | ||
- | Supported KeyStore files : | + | Supported KeyStore files : .jks, .jceks, .p12, .pks, .pfx |
- | * keystore.jks | + | |
- | * keystore.jceks | + | |
- | * keystore.p12 | + | |
- | * keystore.pfx | + | |
** KeyStore file Password ** \\ | ** KeyStore file Password ** \\ | ||
- | Two options | + | Add a '' |
+ | The password | ||
- | A) Add '' | + | ** HTTPS Service ** \\ |
- | If required the password can be scrambled, contact Orbit Support to do so. | + | Configure the HTTP service |
+ | * '' | ||
- | B) Add the following Java VM arguments : | + | < |
- | * Linux : '' | + | Parameter=secure:true |
- | * Windows : '' | + | </code> |
+ | ** Port ** \\ | ||
+ | In the same '' | ||
+ | | ||
< | < | ||
- | -Djavax.net.ssl.keyStorePassword=< | + | Parameter=port:443 |
</ | </ | ||
- | ** Https Service ** \\ | + | ===Redirecting from HTTP to HTTPS === |
- | Configure the Http service | + | |
- | * '' | + | To redirect an existent from HTTP to HTTPS , the procedure described below must be followed: |
+ | |||
+ | A new folder '' | ||
+ | |||
+ | * '' | ||
+ | |||
+ | The folder must containing a '' | ||
< | < | ||
- | Parameter=secure: | + | Services= |
+ | | ||
+ | Name=HttpService80 | ||
+ | ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService | ||
+ | Parameters= | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | Parameter=redirect.to.secure:true | ||
</ | </ | ||
=== Additional configuration consequences === | === Additional configuration consequences === | ||
- | For Orbit Publishers | + | For Orbit Publisher EOS-Console users only: |
- | * Enable secure cross domain communication, | + | * Enable secure cross-domain communication, |
- | * Configure geocoding plugins to communicate via secure | + | * Configure geocoding plugins to communicate via secure |
+ | * Ensure the Publication Server Url is available via HTTPS , see [[dev: | ||
===== Port Allocation ===== | ===== Port Allocation ===== | ||
- | By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service | + | By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service |
- | Communication between Client and Server must be available at all times. | + | Communication between Client and Server must be available at all times. |
- | The default server and port configuration can be changed if required. However we do advise to use a reverse proxy instead. | + | The default server and port configuration can be changed if required. However, we do advise to use a reverse proxy instead. |
=== Server Configurations === | === Server Configurations === | ||
- | Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated and restarted. \\ | + | Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated, and restarted. \\ |
Server side Service configuration files : | Server side Service configuration files : | ||
* '' | * '' | ||
Line 250: | Line 340: | ||
===== Port Logging ===== | ===== Port Logging ===== | ||
- | The activity on Dox and Http ports can be logged (default " | + | The activity on Dox and HTTP ports can be logged (default " |
* '' | * '' | ||
=== Server Configurations === | === Server Configurations === | ||
- | Portserver logging configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | + | Portserver logging configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated, and restarted. |
* '' | * '' | ||
Line 272: | Line 362: | ||
* '' | * '' | ||
- | The sum of all these files can become very big and may result the C:/ partition | + | The sum of all these files can become very big and may result |
- | To disable Procrun logging following server side configuration file must be updated. | + | To disable Procrun logging following server-side configuration file must be updated. |
=== Server Configurations === | === Server Configurations === | ||
- | Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted. | + | Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted.\\ \\ Verify the User Account “Orbit Enterprise Service” before removing the service. Check the service credentials at the “Log On” panel of the Operating System Service “Properties” window. Before restarting the Orbit Service, it is required to change the credentials back to the actual configuration. |
* Windows : '' | * Windows : '' | ||
Line 292: | Line 382: | ||
--StdError= | --StdError= | ||
</ | </ | ||
+ | |||
===== Test Services ===== | ===== Test Services ===== | ||
- | The availability of the Http Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page : | + | The availability of the HTTP Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page : |
* ''< | * ''< | ||
* ''< | * ''< | ||
Line 302: | Line 393: | ||
* ''< | * ''< | ||
- | ===== WMS and WFS Services | + | ===== WMS and WFS Hosting |
The Orbit EOS server includes the capability to provide OGC compliant WFS (version 1.1.1) and WMS (version 1.1.0) services for EOS Resources. | The Orbit EOS server includes the capability to provide OGC compliant WFS (version 1.1.1) and WMS (version 1.1.0) services for EOS Resources. | ||
Line 310: | Line 401: | ||
* http:// | * http:// | ||
- | Customization of the Orbit WMS and WFS services can be achieved via the the according | + | Customization of the Orbit WMS and WFS services can be achieved via the configuration.xml file. Next to some service settings and specifications, |
When removing this configuration.xml file : | When removing this configuration.xml file : | ||
* a default set of service settings and specifications will be used | * a default set of service settings and specifications will be used | ||
- | * user user authentication will be required at all time | + | * user authentication will be required at all time |
* the list of available layers will be set to all dataset for which the user has EOS view permissions | * the list of available layers will be set to all dataset for which the user has EOS view permissions | ||
=== Server Configurations === | === Server Configurations === | ||
- | WMS and WFS configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | + | WMS and WFS configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated, and restarted. |
* '' | * '' | ||
Line 387: | Line 478: | ||
* URLPrefix : <server url>:< | * URLPrefix : <server url>:< | ||
* DataSetName : EOS Dataset Registry Name | * DataSetName : EOS Dataset Registry Name | ||
- | * FixedUsername, | + | * FixedUsername, |
- | * IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of feature | + | * IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of features |
===== Workspace configurations ===== | ===== Workspace configurations ===== | ||
- | As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending the used Orbit desktop client workspace. | + | As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending |
- | All server side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated " | + | All server-side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated " |