Page History
Table of Contents |
---|
Introduction
- The following configuration items are determined by the JOC Cockpit installer or can be modified by a user later on.
- JOC Cockpit makes use of the
joc.properties
configuration file that is populated by installation options. This file can be found by default in the following locations:- Linux:
/var/sos-berlin.com/js7/joc/resources/joc/joc.properties
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
- The location of this file is indicated below as
JETTY_BASE/resources/joc/joc.properties
.
- Linux:
- The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
- Linux:
/var/sos-berlin.com/js7/joc/start.ini
- Windows:
C:\ProgramData\sos-berlin.com\js7\joc\start.ini
- The location of this file is indicated below as
JETTY_BASE/start.ini
- Linux:
- Restart the JOC Cockpit instance to apply changes to the JOC Cockpit or Jetty configuration files.
- For run-time settings that do not require restart of JOC Cockpit see JS7 - Settings.
JOC Cockpit
Installation Options
...
Options are enabled by use of the --module=http
setting.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.http.host | no | myhost, 192.168.2.23 | Specifies the network interface by which JOC Cockpit is accessible. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.http.port | yes | 4446 | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
HTTPS Connection Settings
...
Such options are not added by the installer but can be enabled and modified by the user.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.ssl.host | no | myhost | Specifies the network interface by which JOC Cockpit is accessible. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces. |
jetty.ssl.port | yes | 4443 | Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser. |
jetty.sslContext.keyStorePath | yes | resources/joc/https-keystore.p12 | The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers. The path is specified relative to the |
jetty.sslContext.keyStoreType | no | PKCS12 | The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.keyStorePassword | no | jobscheduler | The keystore is protected by a password. |
jetty.sslContext.keyManagerPassword | no | jobscheduler | The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys. |
jetty.sslContext.trustStorePath | yes | resources/joc/https-truststore.p12 | The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition the truststore holds the public key or certificate of clients connecting to JOC Cockpit with mutual authentication being in place, see JS7 - Certificate based Authentication. The path is specified relative to the |
jetty.sslContext.trustStoreType | no | PKCS12 | The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later. |
jetty.sslContext.trustStorePassword | no | jobscheduler | The truststore is protected by a password. |
Certificate Based Authentication Settings
...
Consider explanations from the JS7 - Certificate based Authentication article.
Setting | Required | Sample Value | Explanation |
---|---|---|---|
jetty.sslContext.needClientAuth | yes | false | If set to true then a Client Certificate is required. If this setting is false and the wantCientAuth setting is true then users have the option for user account/password based authentication or certificate based authentication. |
jetty.sslContext.wantClientAuth | yes | true | Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser. |
jetty.sslContext.endpointIdentificationAlgorithm | yes | An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required. |