Difference between revisions of "OS4X Core configuration"
| Line 82: | Line 82: | ||
==== local certificate file & local certificate password ==== | ==== local certificate file & local certificate password ==== | ||
| − | ''DB configuration name: tls_local_certificate & | + | ''DB configuration name: tls_local_certificate & tls_server_cert_password'' |
Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field. | Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field. | ||
==== local client certificate file & client certificate password ==== | ==== local client certificate file & client certificate password ==== | ||
| − | ''DB configuration name: | + | ''DB configuration name: tls_default_client_certificate & tls_client_cert_password'' |
Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field. | Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field. | ||
==== root certificate file & root certificate path ==== | ==== root certificate file & root certificate path ==== | ||
| + | ''DB configuration name: tls_root_certificate & tls_root_certpath'' | ||
| + | |||
The root certificates are used to authentificate partners which have certificates of unknown signers. At least one of these fields must be filled (even if the root certificate path doesn't contain any root certificates). The certificates must be in PEM format. | The root certificates are used to authentificate partners which have certificates of unknown signers. At least one of these fields must be filled (even if the root certificate path doesn't contain any root certificates). The certificates must be in PEM format. | ||
==== Diffie-Hellman parameter files ==== | ==== Diffie-Hellman parameter files ==== | ||
| + | ''DB configuration name: dh128_file, dh256_file, dh512_file & dh1024_file'' | ||
| + | |||
These files (128bit, 256bit, 512bit and 1024bit) contain prime numbers, which are the basis for TLS encrypted connections. If the file is writable, or the file doesn't exist and the directory is writable, you can generate a new file from the web interface by using the link "Recalculate" or "Generate" in the web interface, which opens a new window which executes the command. Don't close this window until you can read the message "''You can | These files (128bit, 256bit, 512bit and 1024bit) contain prime numbers, which are the basis for TLS encrypted connections. If the file is writable, or the file doesn't exist and the directory is writable, you can generate a new file from the web interface by using the link "Recalculate" or "Generate" in the web interface, which opens a new window which executes the command. Don't close this window until you can read the message "''You can | ||
close this window now''"! | close this window now''"! | ||
Revision as of 15:38, 9 April 2007
Accessing configuration
OS4X stores its core configuration in one simple database table. The configuration can therefor be changed in two ways:
- using the comfortable web interface
- using a database client program to change the values manually.
Because of the quite non-understandable names of the configuration values, all configuration value names are listed in each block of configuration for manual editing.
web interface method
The OS4X web interface includes an entry in the left menu for the core configuration. Its name is "Configuration". The configuration web interface is segmentated into the following blocks:
- TCP/IP
- SSL/TLS
- ISDN
- Odette
- Directories
- Event scripts
- Daemon
- Partner table
- GUI niceup
Each block is accessible with a link in the head of the configuration panel. Also, each block is entitled with its name and a link to access the top of the form.
database method
The table "[tableprefix]configuration" (default: "os4x_configuration") contains two columns:
- name
- value
The column "name" is the name of the configuration which is affected.
The column "value" reflects the configuration value, limited to 255 characters.
All boolean values react that the a value of zero ("0") if false and all other values are true.
Configurable values
The following configuration parameters show the position in the web GUI, beginning in the top. Each configuration name as used in all binaries, web interface, scripts etc. are listed in each block and explained as needed.
TCP/IP
This block contains all basic TCP/IP parameters, such as port numbers, timeout values etc.
TCP/IP port of OFTP server
DB configuration name: tcp_port
This numeric value between 1 and 65535 describes the TCP/IP port the OFTP server is watching for incoming connections. The maximum of parallel incoming connections is limited by the operating system kernel and can be influenced by the kernel parameter "SOMAXCONN".
TCP/IP port of OFTP server (TLS)
DB configuration name: tcp_port_tls
This numeric value between 1 and 65535 describes the TCP/IP port the OFTP server is watching for incoming OFTP2 connections which are secured by TLS. The maximum of parallel incoming connections is limited by the operating system kernel and can be influenced by the kernel parameter "SOMAXCONN". This port must not be the same as the OFTP server port from above.
TCP/IP port of OS4X debug daemon
DB configuration name: debugd_port
This numeric value between 1 and 65535 describes the TCP/IP port the OFTP server is watching for debug output. Every OS4X program generates this output. The daemon collects this data and is able to dump this data in an encrypted file. This must not be the same as OFTP or OFTP 2 server ports.
TCP/IP timeout
DB configuration name: tcp_timeout
This numeric value defines the maxmimum number of seconds between two TCP/IP packages to arrive. If this value is too low you might get network disconnects, setting this value very high means that a network disconnect will be discovered very late.
TCP/IP OFTP maximum buffersize
DB configuration name: oftp_default_buffersize_tcpip
During the OFTP handshake, the maximum size of a data buffer will be commited. This value reflects the maximum size of such data buffers. The minimum value is 128, the maximum can be should not be over 65535 (because of TCP/IP packaging). The higher the value, the faster the data transfer rate will be (but it depends on the partner side). On unreliable connections, use the default value of 2048 bytes.
TCP/IP OFTP maximum credit count
DB configuration name: oftp_default_creditcount_tcpip
As the OFTP maximum buffersize, this value will be commited with the partner during a OFTP handshake. The number defines the amount of uncommited data buffers send to the receiver during file transfers. Increasing this value also increases the throughput. On unreliable connections you should use the default of 20. This is a different value than used for ISDN connections.
use receiving acceleration?
DB configuration name: oftp_tcpip_rec_acceleration
This technique is used to accelerate incoming TCP/IP connection by pre-sending the so-called "OFTP credits" (which are used for handshaking OFTP data buffers) during file transfers. If your partner doesn't like this type of acceleration (i.e. partners who use Seeburger products), you have to disable it. You also have the chance to define a row in the partner table to define partner based acceleration.
use send acceleration?
DB configuration name: oftp_tcpip_send_acceleration
Enabling this feature turns on code to ignore the first OFTP credit messages during file transfer. This tunes up transfer speed up to factor 100. The number of "ignored" OFTP credits is calculated dynamically via the agreed value of the buffersize during protocol handshake, based on a maximum TCP/IP package size of 60000 bytes (where 65536 bytes are possible). If you experience transfer aborts, disable this feature.
SSL/TLS parameters
For securing TLS sessions over TCP/IP networks (such as internet), you need to give some information about your local certificates. These information don't have to be the same as for file based security.
local certificate file & local certificate password
DB configuration name: tls_local_certificate & tls_server_cert_password
Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field.
local client certificate file & client certificate password
DB configuration name: tls_default_client_certificate & tls_client_cert_password
Absolute path to the OFTP server certificate (in PEM format) for OFTP over TCP/IP (TLS secured). If the certificate is password-protected, you may enter it in the password field.
root certificate file & root certificate path
DB configuration name: tls_root_certificate & tls_root_certpath
The root certificates are used to authentificate partners which have certificates of unknown signers. At least one of these fields must be filled (even if the root certificate path doesn't contain any root certificates). The certificates must be in PEM format.
Diffie-Hellman parameter files
DB configuration name: dh128_file, dh256_file, dh512_file & dh1024_file
These files (128bit, 256bit, 512bit and 1024bit) contain prime numbers, which are the basis for TLS encrypted connections. If the file is writable, or the file doesn't exist and the directory is writable, you can generate a new file from the web interface by using the link "Recalculate" or "Generate" in the web interface, which opens a new window which executes the command. Don't close this window until you can read the message "You can close this window now"!