Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dev:server:eos:service [2018/10/24 15:32] jve@orbitgt.com |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Orbit Enterprise Service ====== | ||
- | |||
- | This glossary page bundels all technical information about the Orbit EOS Service and its including Http Web Service. | ||
- | |||
- | <note tip> | ||
- | The " | ||
- | EOS enables corporate management of users, permissions, | ||
- | </ | ||
- | |||
- | ===== Download Time-Out ===== | ||
- | |||
- | Configuration to set Url connect and download time-out. | ||
- | |||
- | * File : '' | ||
- | * Parameters : | ||
- | * '' | ||
- | * '' | ||
- | * Value : Milliseconds as integer value | ||
- | * Default Value : 60000 | ||
- | * Example \\ < | ||
- | urldownloader.timeout.read | ||
- | ===== DOX ===== | ||
- | |||
- | ** Desktop Client - Server Communication ** | ||
- | |||
- | The Orbit toolkit is network-neutral. Connectivity requires an IP-resolve system (such as a DNS). The Data Orbit eXchange protocol or shortened " | ||
- | |||
- | DOX requires only 1 port to be accessible from the outside. Firewalls thus need only to open 1 port to allow remote access to an Orbit server system (in contradiction to standard Java RMI connectivity). \\ | ||
- | DOX is compressed and binary way to do the communication between Orbit Client and Orbit Server in the most secure, simple and fast way. It has no relation with Http or the alikes, but of course runs over Tcp/Ip. \\ | ||
- | DOX does not influence any other protocol and cannot be hacked. | ||
- | |||
- | All Orbit Products are able to access remote EOS resources and instantly become client/ | ||
- | |||
- | ===== EOS Install ===== | ||
- | |||
- | EOS is a running operating system service and is preferably installed and started using an OS administrator account. The used account must have full permission to read and write into the entire Orbit server installation directory. Obviously, read access is required for all resources used by EOS. | ||
- | |||
- | A proper EOS service start, stop and remove are possible as OS administrator using the Orbit shortcuts within the Orbit installation directory : | ||
- | * '' | ||
- | |||
- | ** Stop & Start ** \\ | ||
- | When updating the Orbit Server software or to apply hardware maintenance it will be required to stop and restart the Orbit Service. It is obvious that the service needs to be installed before starting and stopped before removing. \\ | ||
- | Use of the Orbit Service shortcuts is recommended at all time, verify successful Service Install, Start, Stop and Remove using the OS Services Management Console. | ||
- | |||
- | ** Multiple instances ** \\ | ||
- | The name of an operating system service supposed to be unique. \\ | ||
- | To install multiple Orbit Services on a single server the Orbit Service Name of the second instance will need to be renamed before installing : | ||
- | * Windows : '' | ||
- | < | ||
- | .. | ||
- | set SERVICE_DISPLAY_NAME=Orbit Enterprise Service 2 | ||
- | set SERVICE_DESCRIPTION=The Orbit application service 2 | ||
- | ... | ||
- | .. // | ||
- | </ | ||
- | |||
- | ===== EOS Logging ===== | ||
- | |||
- | The activity and tasks completed by the EOS service are logged by default into following directory : | ||
- | * '' | ||
- | |||
- | These log files contain only the most recent activity of the EOS service. For reasons of disk space only 10 files of 8MB each are stored. The most recent log file has no index suffix. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Orbit Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | ||
- | |||
- | * '' | ||
- | |||
- | < | ||
- | system.logfile < | ||
- | system.logfile.pagecount 8 | ||
- | system.logfile.pagesize 16 | ||
- | system.logall true | ||
- | </ | ||
- | |||
- | ===== File Access and Permission ===== | ||
- | |||
- | The Orbit EOS service reads all resource requested by Orbit Clients and read & writes configurations as set by the EOS Console. \\ | ||
- | Consequently Orbit EOS Service requires read access on all used resource files and read & write access to all Orbit setup and configuration files.\\ | ||
- | |||
- | ** Access to network resources ** \\ | ||
- | Special attention is required regarding file access permissions for the Operating System User running the EOS service. \\ | ||
- | Additional note on Windows, Mapped Network Drives are not available to Operating System Services, use of [[http:// | ||
- | |||
- | When adding resources to EOS, using the [[dev: | ||
- | |||
- | ** Access to system configuration files ** \\ | ||
- | Disk space or file access issues while saving EOS configuration files will result in corrupted configurations and software malfunction. Ensure there is enough disk space and all EOS configuration files are accessible at all time. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Orbit EOS Service account settings are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted. Verify the update using the OS Services Management Console. | ||
- | |||
- | * '' | ||
- | |||
- | < | ||
- | set SERVICE_USER=--ServiceUser=< | ||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | ===== Http Cross Domain Communication ===== | ||
- | |||
- | When embedding and accessing an Orbit Flash WebClient via another server in another domain, cross domain communication needs to be authorized by the Orbit Publisher Http Web Service. \\ | ||
- | This is authorization is required by use of Adobe Flash, more information : | ||
- | * http:// | ||
- | * http:// | ||
- | |||
- | === Server configurations === | ||
- | |||
- | Cross Domain configurations are applied at loading the Flash WebClient. To update this configuration the Orbit Service doesn' | ||
- | |||
- | * '' | ||
- | |||
- | The example below will authorize all cross domain communication : | ||
- | |||
- | <code html> | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | </ | ||
- | |||
- | ===== Http Proxy ===== | ||
- | |||
- | The default configurations for all outgoing http and https request can be updated. However we do advise to use the default operating system proxy settings. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Proxy configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted. | ||
- | |||
- | Add the following Java VM arguments into : | ||
- | |||
- | * Linux : '' | ||
- | * Windows : '' | ||
- | |||
- | **Set system proxy settings** | ||
- | < | ||
- | -Djava.net.useSystemProxies=true | ||
- | </ | ||
- | |||
- | **Set other proxy settings** \\ | ||
- | Below for https, for http replace " | ||
- | < | ||
- | -Dhttps.proxyHost=0.0.0.0 | ||
- | -Dhttps.proxyPort=0000 | ||
- | -Dhttps.proxyUser=xxx | ||
- | -Dhttps.proxyPassword=xxx | ||
- | </ | ||
- | |||
- | Https example for Linux : \\ | ||
- | < | ||
- | # Java Additional Parameters | ||
- | wrapper.java.additional.1=-Xrs | ||
- | wrapper.java.additional.2=-Djava.awt.headless=true | ||
- | wrapper.java.additional.3=-Dhttps.proxyHost=0.0.0.0 | ||
- | wrapper.java.additional.4=-Dhttps.proxyPort=0000 | ||
- | wrapper.java.additional.5=-Dhttps.proxyUser=xxx | ||
- | wrapper.java.additional.6=-Dhttps.proxyPassword=xxx | ||
- | </ | ||
- | |||
- | When using a proxy that doesn' | ||
- | |||
- | === Client Configurations === | ||
- | |||
- | Orbit desktop client proxy settings are applied on starting the Desktop Client application. | ||
- | |||
- | Add the following Java VM arguments into : | ||
- | * Windows : '' | ||
- | |||
- | < | ||
- | -Dhttp.proxyHost=0.0.0.0 | ||
- | -Dhttp.proxyPort=0000 | ||
- | -Dhttps.proxyHost=0.0.0.0 | ||
- | -Dhttps.proxyPort=0000 | ||
- | </ | ||
- | |||
- | |||
- | ===== Http Workthreads ===== | ||
- | |||
- | The default number of concurrent Threads is 32 and a backlog of 64 tTasks. \\ | ||
- | Related to the available Cores the number of concurrent threads and backlog tasks can be increased. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Workthread configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | ||
- | |||
- | * '' | ||
- | |||
- | < | ||
- | portserver.HTTP.workthread.count 32 | ||
- | portserver.HTTP.maximum.pending.requests 64 | ||
- | </ | ||
- | |||
- | ===== Https ===== | ||
- | |||
- | ** WebClient - Server communication ** | ||
- | |||
- | The Orbit Publisher includes a Http or Https Web Server. One or the other, not both together. Incoming http requests can be redirected to https services \\ | ||
- | By default a Http Web Service is configured. Below the documentation on how to configure a Https Web Service. | ||
- | |||
- | The Http(s) Web Service is used for Publisher WebClient (" | ||
- | |||
- | === KeyStore File === | ||
- | |||
- | Orbit supports both PKCS 12 and Java KeyStore files. \\ | ||
- | The password protected KeyStore file must contain your Private Key and full Certificate Chain from Root to Public Domain Certificate. | ||
- | |||
- | Certificate submitting and KeyStore file creation must be completed prior to configure the Orbit Web Server from Http to Https. \\ | ||
- | More information, | ||
- | |||
- | === Server configurations === | ||
- | |||
- | These Web Server configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | ||
- | |||
- | ** KeyStore file ** \\ | ||
- | Copy the KeyStore file '' | ||
- | Supported KeyStore files : .jks, .jceks, .p12, .pks, .pfx | ||
- | |||
- | ** KeyStore file Password ** \\ | ||
- | Add a '' | ||
- | The password can be saved as plain text or scrambled, contact Orbit Support. | ||
- | |||
- | ** Https Service ** \\ | ||
- | Configure the Http service to operate in Https mode : | ||
- | * '' | ||
- | |||
- | < | ||
- | Parameter=secure: | ||
- | </ | ||
- | |||
- | ** Port ** \\ | ||
- | In the same '' | ||
- | | ||
- | < | ||
- | Parameter=port: | ||
- | </ | ||
- | |||
- | ===Redirecting from Http to Https=== | ||
- | |||
- | To redirect an existent from Http to Https, the procedure described below must be followed: | ||
- | |||
- | A new folder '' | ||
- | |||
- | * '' | ||
- | |||
- | The folder must containing a '' | ||
- | |||
- | < | ||
- | Services= | ||
- | | ||
- | Name=HttpService80 | ||
- | ClassName=com.orbitgis.toolx.network.interfaces.http.server.HTTPService | ||
- | Parameters= | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | </ | ||
- | |||
- | === Additional configuration consequences === | ||
- | |||
- | For Orbit Publishers only | ||
- | * Enable secure cross domain communication, | ||
- | * Configure geocoding plugins to communicate via secure Https connection to avoid http-https netwerk security conflicts. \\ See [[180: | ||
- | |||
- | |||
- | ===== Port Allocation ===== | ||
- | |||
- | By default the EOS service uses TCP port 1100 (DOX), the Orbit Web Service require port 1111 (Http) | ||
- | |||
- | Communication between Client and Server must be available at all times. | ||
- | The default server and port configuration can be changed if required. However we do advise to use a reverse proxy instead. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Port configurations are applied at Service start. To update this configuration the Orbit Service must be stopped, updated and restarted. \\ | ||
- | Server side Service configuration files : | ||
- | * '' | ||
- | * '' | ||
- | |||
- | === Client Configurations === | ||
- | |||
- | Desktop Client side configuration file : | ||
- | * '' | ||
- | |||
- | ===== Port Logging ===== | ||
- | |||
- | The activity on Dox and Http ports can be logged (default " | ||
- | * '' | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Portserver logging configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | ||
- | |||
- | * '' | ||
- | |||
- | < | ||
- | portserver.logging.enabled false | ||
- | portserver.logging.interval 10 | ||
- | portserver.logging.location < | ||
- | </ | ||
- | |||
- | ===== Procrun Service ===== | ||
- | |||
- | On Windows Orbit uses the Procrun Service to start and run the EOS Service. \\ | ||
- | The Procrun Service creates by default 2 log files : | ||
- | * '' | ||
- | * '' | ||
- | |||
- | The sum of all these files can become very big and may result the C:/ partition to run out of space. Disable this service logging to avoid relative small C partition to run out of space. \\ | ||
- | To disable Procrun logging following server side configuration file must be updated. | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | Procrun Service configurations are applied at Service Install. To update this configuration the Orbit Service must be stopped, removed, updated, re-installed and restarted. | ||
- | |||
- | * Windows : '' | ||
- | |||
- | Logging enabled : | ||
- | < | ||
- | --StdOutput=auto | ||
- | --StdError=auto | ||
- | </ | ||
- | |||
- | Logging disabled : | ||
- | < | ||
- | --StdOutput= | ||
- | --StdError= | ||
- | </ | ||
- | |||
- | ===== SSL Handshake ===== | ||
- | ===== Test Services ===== | ||
- | |||
- | The availability of the Http Web Service or a specific Publication can be verified by requesting respectively the Web Service cross domain configuration or the publication html web page : | ||
- | * ''< | ||
- | * ''< | ||
- | |||
- | A TestService is available to request detailed runtime information about all EOS Services. Optionally a TestMask can be applied. Below the example for " | ||
- | * ''< | ||
- | * ''< | ||
- | |||
- | ===== WMS and WFS Services ===== | ||
- | |||
- | The Orbit EOS server includes the capability to provide OGC compliant WFS (version 1.1.1) and WMS (version 1.1.0) services for EOS Resources. | ||
- | |||
- | More information about the OGC WFS and WMS specifications : | ||
- | * http:// | ||
- | * http:// | ||
- | |||
- | Customization of the Orbit WMS and WFS services can be achieved via the the according configuration.xml file. Next to some service settings and specifications, | ||
- | |||
- | When removing this configuration.xml file : | ||
- | * a default set of service settings and specifications will be used | ||
- | * user authentication will be required at all time | ||
- | * the list of available layers will be set to all dataset for which the user has EOS view permissions | ||
- | |||
- | === Server Configurations === | ||
- | |||
- | WMS and WFS configurations are applied at Service Start. To update this configuration the Orbit Service must be stopped, updated and restarted. | ||
- | |||
- | * '' | ||
- | * '' | ||
- | |||
- | ** Example for WFS ** \\ | ||
- | This example includes all available tags to configure the Orbit WFS service. | ||
- | |||
- | <code html> | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | < | ||
- | < | ||
- | </ | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | </ | ||
- | |||
- | ** Example for WMS ** \\ | ||
- | This example includes all available tags to configure the Orbit WMS service. | ||
- | |||
- | <code html> | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | < | ||
- | </ | ||
- | </ | ||
- | |||
- | === Tags === | ||
- | |||
- | For some reason the tags available for WFS and WMS differ, for any explanation see OGC documentation. | ||
- | Some notes about special tags or values used by Orbit : | ||
- | * URLPrefix : <server url>:< | ||
- | * DataSetName : EOS Dataset Registry Name | ||
- | * FixedUsername, | ||
- | * IsMaxFeaturesEnabled : Highly recommended setting to restrict the maximum number of feature that can be replied on a single feature request. | ||
- | ===== Workspace configurations ===== | ||
- | |||
- | As optional server side configuration it is possible to use a dedicated set of configurations for a given service depending the used Orbit desktop client workspace. | ||
- | |||
- | All server side service configurations are grouped in the according properties.ini or properties.xml configuration file. It is possible to create a separated " | ||
- | |||
Last modified:: 2018/10/24 15:32