LEdoian
/
recodex-wiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fixes
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9534f76b8f'
${ noResults }
recodex-wiki/System-configuration.md

6.8 KiB
Raw Blame History

System configuration

This section describes configuration of ReCodEx components. Bold items in lists describing the values are mandatory, italic ones are optional.

Monitor

Configuration file is located in directory /etc/recodex/monitor/ by default. It is in YAML format as all of the other configurations.

Configuration items

Description of configurable items, bold ones are required, italics ones are optional.

  • websocket_uri -- URI where is the endpoint of WebSocket connection. Must be visible to the clients (directly or through public proxy)
    • string representation of IP address or a hostname
    • port number
  • zeromq_uri -- URI where is the endpoint of ZeroMQ connection from broker. Could be hidden from public internet.
    • string representation of IP address or a hostname
    • port number
  • logger -- settings of logging
    • file -- path with name of log file. Defaults to /var/log/recodex/monitor.log
    • level -- logging level, one of "debug", "info", "warning", "error" and "critical"
    • max-size -- maximum size of log file before rotation in bytes
    • rotations -- number of rotations kept

Example configuration file

---
websocket_uri:
    - "127.0.0.1"
    - 4567
zeromq_uri:
    - "127.0.0.1"
    - 7894
logger:
    file: "/var/log/recodex/monitor.log"
    level: "debug"
    max-size: 1048576  # 1 MB
    rotations: 3
...

REST API

The API can be configured in config.neon and config.local.neon files in app/config directory of the API project source tree. The first file is predefined by authors and should not be modified. The second one is not present and could be created by copying config.local.neon.example template in the config directory. Local configuration have higher precedence, so it will override default values from config.neon.

Configurable items

Description of configurable items. All timeouts are in milliseconds if not stated otherwise.

  • accessManager -- configuration of access token in JWT standard. Do not modify unless you really know what are you doing.
  • fileServer -- connection to fileserver
    • address -- URI of fileserver
    • auth -- username and password for HTTP basic authentication
    • timeouts -- connection timeout for establishing new connection and request timeout for completing one request
  • broker -- connection to broker
    • address -- URI of broker
    • auth -- username and password for broker callback authentication back to API
    • timeouts -- ack timeout for first response that broker receives the message, send timeout how long try to send new job to the broker and result timeout how long to wait for confirmation if job can be processed or not
  • monitor -- connection to monitor
    • address -- URI of monitor
  • CAS -- CAS external authentication
    • serviceId -- visible identifier of this service
    • ldapConnection -- parameters for connecting to LDAP, hostname, base_dn, port, security and bindName
    • fields -- names of LDAP keys for informations as email, firstName and lastName
  • emails -- common configuration for sending email (addresses and template variables)
    • apiUrl -- base URL of API server including port (for referencing pictures in messages)
    • footerUrl -- link in the message footer
    • siteName -- name of frontend (ReCodEx, or KSP for unique instance for KSP course)
    • githubUrl -- URL to GitHub repository of this project
    • from -- sending email address
  • failures -- admin messages on errors
    • emails -- additional info for sending mails, to is admin mail address, from is source address, subjectPrefix is prefix of mail subject
  • forgottenPassword -- user messages for changing passwords
    • redirectUrl -- URL of web application where the password can be changed
    • tokenExpiration -- expiration timeout of temporary token (in seconds)
    • emails -- additional info for sending mails, from is source address and subjectPrefix is prefix of mail subject
  • mail -- configuration of sending mails
    • smtp -- using SMTP server, have to be "true"
    • host -- address of the server
    • port -- sending port (common values are 25, 465, 587)
    • username -- login to the server
    • password -- password to the server
    • secure -- security, values are empty for no security, "ssl" or "tls"
    • context -- additional parameters, depending on used mail engine. For examle self-signed certificates can be allowed as verify_peer and verify_peer_name to false and allow_self_signed to true under ssl key (see example).

Outside the parameters section of configuration is configuration for Doctrine. It is ORM framework which maps PHP objects (entities) into database tables and rows. The configuration is simple, required items are only user, password and host with dbname, i.e. address of database computer (mostly localhost) with name of ReCodEx database.

Example local configuration file

parameters:
  accessManager:
    leeway: 60
    issuer: https://recodex.projekty.ms.mff.cuni.cz
    audience: https://recodex.projekty.ms.mff.cuni.cz
    expiration: 86400  # 24 hours in seconds
    usedAlgorithm: HS256
    allowedAlgorithms:
      - HS256
    verificationKey: "recodex-123"
  fileServer:
    address: http://127.0.0.1:9999
    auth:
      username: "user"
      password: "pass"
    timeouts:
      connection: 500
  broker:
    address: tcp://127.0.0.1:9658
    auth:
      username: "user"
      password: "pass"
    timeouts:
      ack: 100
      send: 5000
      result: 1000
  monitor:
    address: wss://recodex.projekty.ms.mff.cuni.cz:4443/ws
  CAS:
    serviceId: "cas-uk"
    ldapConnection:
      hostname: "ldap.cuni.cz"
      base_dn: "ou=people,dc=cuni,dc=cz"
      port: 389
      security: SSL
      bindName: "cunipersonalid"
    fields:
      email: "mail"
      firstName: "givenName"
      lastName: "sn"
  emails:
    apiUrl: https://recodex.projekty.ms.mff.cuni.cz:4000
    footerUrl: https://recodex.projekty.ms.mff.cuni.cz
    siteName: "ReCodEx"
    githubUrl: https://github.com/ReCodEx
    from: "ReCodEx <noreply@example.com>"
  failures:
    emails:
      to: "Admin Name <admin@example.com>"
      from: %emails.from%
      subjectPrefix: "ReCodEx Failure Report - "
  forgottenPassword:
    redirectUrl: "https://recodex.projekty.ms.mff.cuni.cz/
                  forgotten-password/change"
    tokenExpiration: 600 # 10 minues
    emails:
      from: %emails.from%
      subjectPrefix: "ReCodEx Forgotten Password Request - "
  mail:
    smtp: true
    host: "smtp.ps.stdin.cz"
    port: 587
    username: "user"
    password: "pass"
    secure: "tls"
    context:
      ssl:
        verify_peer: false
        verify_peer_name: false
        allow_self_signed: true
doctrine:
  user: "user"
  password: "pass"
  host: localhost
  dbname: "recodex-api"