Page History
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Allow HTTP connections without authentication js7.web.server.auth.public = true |
js7 | web | server | |||
---|---|---|---|---|---|
auth | public | <true>|<false> |
- This setting specifies public access to a Controller if incoming HTTP connections are to be used. If used with a value
true
then no authentication is applied. - Default:
false
Anchor | ||||
---|---|---|---|---|
|
...
Configuration
If a JS7 Controller cluster is used then the following configuration has to be applied:
...
- A Secondary Controller instance specifies this setting to indicate that this instance starts as a standby node (Backup). Without this setting being in place both instances of a Controller Cluster will start as standalone instances.
- This setting is relevant for initial operation only. It is independent of which Controller instance later on will be the active one and which instance will be the standby instance.
- This setting has to be added by the user before start of a Secondary Controller.
Configuration Settings
Cluster Settings
js7 | journal | cluster | |||
---|---|---|---|---|---|
nodes | |||||
Primary | <url> | ||||
Backup | <url> | ||||
is-backup | <yes>|<no> | ||||
watches | |||||
<url> [,<url>] |
- This setting is used for Controller instances in cluster mode only, it is not used for standalone Controller instances.
- The registration of Primary and Secondary Controller instances is performed by JOC Cockpit during initial operation.
- Therefore the only setting required for cluster operation is
js7.journal.cluster.nodes.is-backup=yes
: For a Secondary Controller instance this setting specifies that during initial operation the given instance will be the inactive standby node.
- Additional settings can be applied, however, we recommend to use JOC Cockpit instead.
nodes
Primary, Backup
: For a Primary Controller instance this setting specifies the URLs of thePrimary
andBackup
(Secondary) instance. The URL includes specification of the protocol http/https, the hostname and port.
watches
- Watches are Agents in a JS7 environment that are involved in the decision about a fail-over situation. If Controller instances in a cluster are not connected to each other any longer, e.g. due to network errors, then the majority of Agents decides if a fail-over should take place.
- At least one Agent has to be specified by its URL.
- Therefore the only setting required for cluster operation is
Security Configuration File: private.conf
Anchor | ||||
---|---|---|---|---|
|
The Controller requires X.509 certificates and/or PGP public keys to be in place. These are used to verify the signatures of signed workflows. Unsigned workflows are not accepted by a Controller and are not forwarded to Agents, therefore a minimum of one X.509 certificate file or PGP public key file has to be present in the directories that are specified with the following configuration item:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Security configuration
js7 {
configuration {
# Locations of certificates and public keys used for signature verification
trusted-signature-keys {
PGP=${js7.config-directory}"/private/trusted-pgp-keys"
X509=${js7.config-directory}"/private/trusted-x509-keys"
}
}
|
Explanation:
- The Controller verifies the signature of deployable objects such as workflows. This can be performed for PGP signatures and for X.509 signatures.
- The
trusted-signature-keys
setting specifies the location of PGP public keys and X.509 certificates. - If no PGP public keys are used or if no X.509 certificates are used then the respective setting should not be used as it expects the indicated directory to be populated with public keys or certificates respectively.
Configuration Settings
HTTP Connections
js7 | web | server | |||
---|---|---|---|---|---|
auth | public | <true>|<false> |
...
- This setting specifies public access to a Controller if insecure HTTP connections are to be used. If used with the value
true
then no HTTP Server Authentication is applied. - Default:
false
Security Configuration File: private.conf
js7.auth.users: HTTPS Authentication and Authorization
...
Overview
Content Tools