Page History
...
- JOC Cockpit makes use of the
joc.properties
configuration file that is populated by installation options. This file can be found by default in the following locations:- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.properties
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
- The location of this file is indicated below as
JETTY_BASE/resources/joc/joc.properties
.
- Linux:
- The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.propertiesstart.ini
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\start.ini
- The location of this file is indicated below as
JETTY_BASE/start.ini
- Linux:
- Restart the JOC Cockpit instance to apply changes to its configuration file.the JOC Cockpit or Jetty configuration files.
JOC Cockpit
Installation Options
The following example of a JETTY_BASE/resources/joc/joc.properties
file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
################################################################################ ### If JOC Cockpit is used in a cluster then type a title to identify which node ### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for ### the display order in JOC's dashboard title = PRIMARY JOC COCKPIT ordering = 0 ################################################################################ ### Path to log4j configuration file. Path can be absolute or relative ### to this file. log4j.configuration = log4j2.xml ################################################################################ ### Path to hibernate configuration file of JOC's database. ### Path can be absolute or relative to this file. hibernate_configuration_file = hibernate.cfg.xml ################################################################################ ### The time (in seconds) to establish the connection with the ### remote host. Default = 2 jobscheduler_connection_timeout = 2 ################################################################################ ### The time (in seconds) waiting for data after the connection ### was established; maximum time of inactivity between two data packets. ### Default = 5 jobscheduler_socket_timeout = 5 ################################################################################ ### Should hostname verification be carried out for https certificate. ### Default false https_with_hostname_verification = true ################################################################################ ### Location, type and password of the Java truststore which contains the ### certificates of each JobScheduler Controller for HTTPS connections. Path can be ### The absolutepath oris relative to this fileJETTY_BASE/resources/joc. # keystore_path = ../../resources/https-keystore.p12 # keystore_type = PKCS12 # keystore_password = jobscheduler # key_password = jobscheduler # truststore_path = ../../resources/https-truststore.p12 # truststore_type = PKCS12 # truststore_password = jobscheduler ################################################################################ ### JOC Cockpit requires to configure a security level for the ### signing mechanism, options "high", "medium" and "low". ### high: ### public PGP/X.509 keys are stored for verification only ### all signing will be done externally outside of JOC Cockpit ### medium: ### a private PGP/X.509 key will be stored for signing ### signing will be done automatically with the provided key ### low: ### no keys will be stored ### signing will be done internally with default keys ### ### This flag controls the security level used. Default low security_level = low ################################################################################ ### Settings for a custom logo file on the login page ### The logo file has to be located in ./jetty_base/webapps/root/ext/images ### Possible units for height are according to ### https://www.w3schools.com/cssref/css_units.asp (default px) ### Possible values for the position are "top" or "bottom" (default=bottom). custom_logo_name = custom_logo_height = custom_logo_position = ################################################################################ ### Normally, the user permissions control if a view such as dashboard, ### workflows, etc. are shown or hidden. Here you can force to show (=true) or ### hide (=false) a view independent of the permissions. If the value is unequal ### true or false then the permissions win. show_view_dashboard = show_view_dailyplan = show_view_workflows = show_view_filetransfers = show_view_resources = show_view_history = show_view_auditlog = show_view_configuration = |
...
Setting | Sample Value | Explanation |
---|---|---|
hibernate_configuration_file | hibernate.cfg.xml | Specifies the path to a hibernate configuration file that holds the connection URL, account and authentication additional settings for the connection to the database. |
...
Setting | Sample Value | Explanation |
---|---|---|
https_with_hostname_verification | true | Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended to enable this setting. |
keystore_path | ../../resources/https-keystore.p12 | The keystore includes the private key and server certificate created for incoming HTTPS connections (Server Authentication) and optionally forfor outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider to store the Client Authentication certificate in the client keystore, see below. |
| PKCS12 | The keystore types PKCS12 and JKS are supported. | keystore_password | The keystore is protected by a password. |
The path is specified relative to the | ||
| key_password | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
client_keystore_path | ../../resources/https-client-keystore.p12 | The client keystore includes the private key and certificate for outgoing connections that request mutual authentication (Client Authentication) from a separate certificate. If a certificate is created for both Server Authentication and Client Authentication purposes then the keystore has to be used, see above. |
| PKCS12 | The client keystore types PKCS12 and JKS are supported. |
client_keystore_password | jobscheduler | The client keystore is protected by a password. |
client_key_password | jobscheduler | The private keys in the client keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
truststore_path | ../../resources/https-truststore.p12 | The truststore includes the public key and/or certificates for outgoing HTTPS connections (Server Authentication) to Controllers. The path is specified relative to the |
truststore_type | PKCS12 | The truststore types PKCS12 and JKS are supported. |
truststore_password | jobscheduler | The truststore is protected by a password. |
Custom Logo Settings
Setting | Default Sample Value | Explanation |
---|---|---|
custom_logo_name | company.png | The logo file indicated by this name has to be located in ./jetty_base/webapps/root/ext/images |
custom_logo_height | 120px | The logo height in pixel. Possible units are specified according to: https://www.w3schools.com/cssref/css_units.asp (default px). |
custom_logo_position | bottom | Possible values for the position are top and bottom . |
...
title:
The title of a JOC Cockpit instance as visible from the Cluster Status widget of the JS7 Dashboard view.ordering
: The order of appearance of a JOC Cockpit instance with the Cluster Status widget of the JS7 Dashboard view. An ordering 0 indicates the leftmost occurrence.
...
Security Options
Setting | Sample Value | Explanation |
---|---|---|
security_level | low | JOC Cockpit is installed for a security level used for signing of deployment deployable objects such as workflows, see JS7 - Deployment:
|
- Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
- To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
Jetty Servlet Container
Installation Options
Technically any options for the Jetty Servlet Container can be used as available from the product. The below section is focused on settings that are added by the JOC Cockpit installer or that preferably are modified by users after installation.
The following example of a JETTY_BASE/start.ini
configuration file is created from the installer and can be modified by the user:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# ---------------------------------------
# Module: http
# Enables an HTTP connector on the server.
# ---------------------------------------
--module=http
## Connector host/address to bind to
# jetty.http.host=0.0.0.0
## Connector host/address to bind to
jetty.http.port=4446
# ---------------------------------------
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# ---------------------------------------
# --module=https
# ---------------------------------------
# Module: ssl
# Adds SSL Context settings to the TLS(SSL) Connector
# ---------------------------------------
# --module=ssl
## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0
## Connector port to listen on
# jetty.ssl.port=4443
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=resources/joc/https-keystore.p12
## Keystore type (PKCS12, JKS)
# jetty.sslContext.keyStoreType=PKCS12
## Keystore password
# jetty.sslContext.keyStorePassword=jobscheduler
## KeyManager password (same as keystore password for pkcs12 keystore type)
# jetty.sslContext.keyManagerPassword=jobscheduler
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12
## Truststore type (PKCS12, JKS)
# jetty.sslContext.trustStoreType=PKCS12
## Truststore password
# jetty.sslContext.trustStorePassword=jobscheduler
## Client certificate authentication is required
# jetty.sslContext.needClientAuth=false
## Client certificate authentication is desired
# jetty.sslContext.wantClientAuth=true
## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
# jetty.sslContext.endpointIdentificationAlgorithm= |
HTTP Connection Settings
Options are enabled by use of the --module=http
setting.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.http.host | no | myhost, 192.168.2.23 | Specifies the network interface by which JOC Cockpit is accessible. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.http.port | yes | 4446 | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
HTTPS Connection Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Such options are not added by the installer but can be enabled and modified by the user.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.ssl.host | no | myhost | Specifies the network interface by which JOC Cockpit is accessible. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.ssl.port | yes | 4443 | Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser. |
jetty.sslContext.keyStorePath | yes | resources/joc/https-keystore.p12 | The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers. The path is specified relative to the |
jetty.sslContext.keyStoreType | no | PKCS12 | The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.keyStorePassword | no | jobscheduler | The keystore is protected by a password. |
jetty.sslContext.keyManagerPassword | no | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
jetty.sslContext.trustStorePath | yes | resources/joc/https-truststore.p12 | The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition the truststore holds the public key or certificate of clients connecting to JOC Cockpit with mutual authentication being in place, see JS7 - Certificate based Authentication. The path is specified relative to the |
jetty.sslContext.trustStoreType | no | PKCS12 | The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.trustStorePassword | no | jobscheduler | The truststore is protected by a password. |
Certificate Based Authentication Settings
Options are enabled by use of the --module=https
and --module=ssl
settings.
Consider explanations from the JS7 - Certificate based Authentication article.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.sslContext.needClientAuth | yes | false | If set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication. |
jetty.sslContext.wantClientAuth | yes | true | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
jetty.sslContext.endpointIdentificationAlgorithm | yes | An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required. |