Skip to main content
Skip table of contents

Webserver Configuration

Configurations within the Satellite Configuration Group.

Configurations within the Satellite Configuration Group.

Element: config

TEXT
  Configure the `jetty` webserver and basic connection parameters. 
  Best practice is to have two configurations per Satellite Configuration Group - one with a connector insecure *http* connections and one with the connector for secure *https*
  connections. Combining both connectors in one configuration is also possible.

Truncate last segment from remote IP for logging ( <- DSGVO).show stack traces on error pagesshow servlet name on error pages

Attributes:

@version [ required | fixed: 1 ]
@name [ default: default ] ↦ string
Domain to be matched by request.
@truncate-remote-ip [ default: true ] ↦ boolean
@error-show-stacktrace [ default: false ] ↦ boolean
@error-show-servlet [ default: false ] ↦ boolean

Children:

  • all of these elements:
    • [1, 1] '→connectors'
      » Configure network connectors.
    • [1, 1] '→hostids'
      » Define available hosts
    • [0, 1] '→logs'
      » Define
    • [0, 1] '→rewriterules'
      » redirect rules
    • [0, 1] '→virtualhosts'
      » Define domain names to be distinguished
    • [0, 1] '→limits'
      » Define limits (affecting security).
    • [0, 1] '→compatibility'
      » Configure backward compatibility
    • [0, 1] '→headers'
      » static headers for default host

Element: headers

Configure static headers.

Children:

  • sequence of these elements:
    • [1, n] '→header'

Element: header

Configure a header.

Attributes:

@namestring
header name
@valuestring
header value

Element: connectors

Configure network connectors.

Children:

  • sequence of these elements:
    • [1, n] '→connector'

Element: connector

Configure a network connector.

Attributes:

@port [ required ] ↦ integer
Local port to listen
@hoststring
IP to listen to (interface)
@secureboolean
provides ssl/tls
@forwardedboolean
Is behind proxy, uses x-forwarded- headers to set internally uses source addresses and & scheme
@forwarded-levelspositiveInteger
Defines how many levels in the fowarded-for headers should be taken into account (usually 1)
@idle-timeoutlong
idle timeout for connection in seconds
@http2 [ default: false ] ↦ boolean
@http10-hostnamestring
host name to use, if no Host header is transmitted
@http10-portpositiveInteger
port o use, if no Host header is transmitted
@use-forwarded-header [ default: true ] ↦ boolean
use "Forwarded:" header
@use-x-forwarded-headers [ default: true ] ↦ boolean
use "X-Forwarded-*:" header
@use-x-forwarded-host [ default: false ] ↦ boolean
use "X-Forwarded-Host:" header
@use-x-forwarded-server [ default: false ] ↦ boolean
use "X-Forwarded-Server:" header
@use-x-forwarded-proto [ default: true ] ↦ boolean
use "X-Forwarded-Proto:" header
@use-x-forwarded-port [ default: false ] ↦ boolean
use "X-Forwarded-Port:" header
@sni-host-check [ default: false ] ↦ boolean
sni host check if true returns 400 if host not
@sni-required [ default: false ] ↦ boolean
returns 400 if sni required

Children:

  • [1, n] choice of these elements:
    • [0, n] '→pem'
      » Provide certificates.
    • [0, 1] '→ciphers'
      »
    • [0, 1] '→protocols'
      »
    • [0, 1] '→client-auth-by-cert'
      » Configure client-certificate support

Element: client-auth-by-cert

TEXT
Needed to support login provider certificate, see CommunitySessionManagerConfiguration.xsd (certificate element).

Attributes:

@optional [ default: false ] ↦ boolean
Can or must user provide a certificate?
@ocsp [ default: false ] ↦ boolean
Configure underlying jetty connector
@crldp [ default: false ] ↦ boolean
Configure underlying jetty connector

Children:

  • [1, n] choice of these elements:
    • [0, n] '→client-pem'
      » Provide certificate data to validate client certificates.

Element: client-pem

content: string

Provide certificates/keys content to validate client certificates.

Element: pem

content: string

Provide certificates/keys content.

Attributes:

@passwordstring
password for key decryption

Element: ciphers

Define cipher usage for SSL

Attributes:

@respect-order [ default: true ] ↦ boolean

Children:

  • sequence of these elements:
    • [0, n] '→cipher'

Element: cipher

content: string

Define the cipher to ex-/include. '<cipher exclude="true">TLS_ECDHE_RSA_WITH_RC4_128_SHA</cipher>'Content contains reg-ex pattern selecting ciphers.

Attributes:

@exclude [ default: false ] ↦ boolean
Exclude selected ciphers?

Element: protocols

Configure protocols.

Children:

  • sequence of these elements:
    • [1, n] '→protocol'

Element: protocol

content: string

Which protocls are allowed? e.g TLSv1, TLSv1.1, TLSv1.2

Element: hostids

Configure hostids.

Children:

  • sequence of these elements:
    • [1, n] '→hostid'

Element: hostid

Configure hostid provided by default.

Attributes:

@name [ required ] ↦ string
Unique name for host.

Element: logs

Configure log settings

Attributes:

@use-service [ default: false ] ↦ boolean

Children:

  • sequence of these elements:
    • [0, n] '→log'

Element: log

Configure a logfile

Attributes:

@filename [ required ] ↦ string

Element: rewriterules

Define rewriterules for requests

Children:

  • [0, n] choice of these elements:
    • [1, 1] '→patternrule'
      » Define rewriterule using the jetty syntax pattern (disencouraged)
    • [1, 1] '→regexrule'
      » Define rewriterule using regular expression

Element: patternrule

Define rewriterule using jetty syntax pattern (disencouraged)Define actions on match

Attributes:

@pattern [ required ] ↦ string
@{group '→rewriterule'}

Element: regexrule

Define rewriterule using regular expressionDefine actions on match

Attributes:

@regex [ required ] ↦ string
@{group '→rewriterule'}

Element: virtualhosts

Define special hosts for requested domains

Children:

  • sequence of these elements:
    • [0, n] '→virtualhost'

Element: virtualhost

Define special host for requested domains

Attributes:

@name [ required ] ↦ string
The domain to be matched by request.

Children:

  • all of these elements:
    • [0, 1] '→aliases'
      » Define alias domains using this host
    • [1, 1] '→hostids'
      » Define available hosts for hr requested domain
    • [0, 1] '→logs'
      » Configure log settings for this v-host
    • [0, 1] '→rewriterules'
      » Define rewriterules for requests matched domain
    • [0, 1] '→headers'
      » static headers for virtual host

Element: aliases

Define aliases

Children:

  • sequence of these elements:
    • [0, n] '→alias'

Element: alias

Attributes:

@namestring

Element: limits

Attributes:

@threadspositiveInteger
Size of the threadpool used for handling the http requests
@form-content-sizepositiveInteger
Restrict form content upload size (security) in byte.
@form-keyspositiveInteger
Maximum number of transmitted form keys
@connection-limit [ default: 1000 ] ↦ positiveInteger
Number of concurrent connections allowed
@connection-limit-idle-timeout-in-ms [ default: 1000 ] ↦ positiveInteger
Connection timeout for existing connections, if the connection limit is reached
@accept-rate-limit [ default: 1000 ] ↦ positiveInteger
Number of connections until new connections are allowed
@accept-rate-limit-period-in-ms [ default: 1000 ] ↦ positiveInteger
Period for accept-rate-limit
@request-header-max-size [ default: 8192 ] ↦ positiveInteger
maximum request header size in bytes
@response-header-max-size [ default: 8192 ] ↦ positiveInteger
maximum response header size in bytes

Element: compatibility

Configure backward compatibility

Attributes:

@cookie-compliance [ default: RFC2965 ] ↦ { RFC2965 | RFC6265 }
Define cookies to be compliant with
@http-compliance [ default: RFC7230 ] ↦ { LEGACY | RFC2616_LEGACY | RFC2616 | RFC7230 | RFC7230_LEGACY | RFC7230_NO_AMBIGUOUS_URIS }
http parsing compliance see alse {link https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-http/src/main/java/org/eclipse/jetty/http/HttpCompliance.java}

(link)

AttributeGroup: rewriterule

@replacement [ required ] ↦ string
@redirectboolean
@statuscodepositiveInteger
@terminateboolean
@scheme{ HTTP | HTTPS }
Define which scheme this rule should match, leave empty for any

The Webserver Configuration configures the underlying webserver and defines hosts for OnlineChannel instances.

Multiple Webserver Configurations may be present to define multiple connectors.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.