Page History
...
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
# Security configuration js7 { configuration { # Locations of certificates and public keys used for signature verification trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Allow http connections without authentication js7.job.execution.signed-script-injection-allowed = yes |
Secure Configuration
File: private.conf
...
It is essential to secure the connections between Controller and Agents. This includes
- to use HTTPS connections that are secured by private/public key and certificates
- to apply mutual authentication between Controller and Agent.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# Security configuration js7 { auth { # User accounts for https connections users { # Controller account for connections by primary/secondary Controller instance Controller { distinguished-names=[ "DNQ=SOS CA, CN=controller-2-0-primary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE", "DNQ=SOS CA, CN=controller-2-0-secondary, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE" ] } } } configuration { # Locations of certificates and public keys used for signature verification trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } job { # Enable script execution from signed workflows execution { signed-script-injection-allowed = yes } } web { # Locations of keystore and truststore files for HTTPS connections https { keystore { # Default: ${js7.config-directory}"/private/https-keystore.p12" file=${js7.config-directory}"/private/https-keystore.p12" key-password=jobscheduler store-password=jobscheduler } truststores=[ { # Default: ${js7.config-directory}"/private/https-truststore.p12" file=${js7.config-directory}"/private/https-truststore.p12" store-password=jobscheduler } ] } } } |
Configuration Items
General Configuration File: agent.conf
js7.web.server: Authentication Settings
js7 | web | server | |||
---|---|---|---|---|---|
auth | public | <true>|<false> |
- This setting specifies public access to an Agent should insecure incoming HTTP connections be used. If used with a value
true
then no authentication applies. - Default:
false
...
js7.job.execution: Script Execution Permissions
js7 | job | execution | ||
---|---|---|---|---|
signed-script-injection-allowed | <yes>|<no> |
- By default the Agent prevents any commands and scripts to be executed except for scripts located in specific directories. This setting allows to execute any commands and scripts provided that the workflow is signed and the signature is verified for.
...
Overview
Content Tools