Backend configuration
securiCAD Enterprise has a configuration file that affects various factors of how the backend works. It's found under /home/es/bin/enterprise_suite/backend/apps/es/configs/config.json.
After installing securiCAD Enterprise with local database your configuration file might look something like this, below we'll go through the sections you might want to change.
[email protected]:~$ cat bin/enterprise_suite/backend/apps/es/configs/config.json
{
"version": 8,
"api": {
"prefix": "/api/<version>",
"version": 1,
"allowed_origin": "*"
},
"rabbit": {
"worker": {
"username": "esWorker",
"password": "<redacted>"
},
"api": {
"username": "esAPI",
"password": "<redacted>"
}
},
"ssl": {
"cert": "/home/es/ssl/client/cert.pem",
"key": "/home/es/ssl/client/key.pem",
"cacert": "/home/es/ssl/localCA/cacert.pem"
},
"flask": {
"password": "<redacted>",
"security": {
"algorithm": "pbkdf2_sha512",
"salt": "<redacted>",
"trackable": true,
"require_password_reset": false
},
"jwt": {
"minutes_valid": 120,
"header": "JWT",
"blacklist": true,
"blacklist_checks": [
"access"
]
},
"sqlalchemy": {
"database": "sqlite:////home/es/data/data.db",
"upgrade_fail_lock": "db_upgrade_failed.lock",
"track_modifications": false
},
"max_content_length": 134217728
},
"sso": {
"oidc": {
"enabled": false,
"client_secrets_path": "...path.../enterprise_suite/backend/apps/es/configs/client_secrets.json"
},
"saml": {
"enabled": false,
"idp_name": "idp_name",
"entity_id": "entity_id",
"metadata_path": "...path.../enterprise_suite/backend/apps/es/configs/metadata"
},
"organization": "default_sso_org",
"redirect_url": "http://localhost:8080/auth"
},
"server": {
"ip": "127.0.0.1",
"port": 8070
},
"coordinator": {
"ip": "127.0.0.1",
"port": 8060
},
"parser": {
"store_input": false,
"path": "...path.../enterprise_suite/parser_input",
"custom_parsers_path": "/home/es/custom_parsers"
},
"slow_mode": {
"enabled": false,
"seconds": 2
},
"proxy": {
"num_trusted_proxies": 1
},
"debug": false,
"language": "SECURILANG",
"xserver": "Enterprise Suite"
}
Here we'll go through these section by section.
Some fields are not mentioned below, if you change them securiCAD Enterprise might break right then, or when you attempt to upgrade to a new version. If you contact [email protected] we might instruct you to change some of the non-listed values to help with troubleshooting.
ssl
Change these paths, or replace these files, if you want to set a particular HTTP certificate.
flask
Settings related to the main backend service.
passwordThis is used to change JWT tokens, if you change it all current tokens will no longer be valid.
security
require_password_resetSpecifies whether new users has to set a password the first time they log in.
jwt
minutes_validHow long the JWT tokens are valid forblacklistwhether to check for token revocation on backend access.
sqlalchemy
databasepath to database file, or complete URI to remote database.
max_content_length Maximum size of content for received requests.
sso
Please see Single Sign-On for details on how to set up Single Sign-On.
server & coordinator
This specifies interface ip and port backend services listen on. If you change these remember to change the nginx configs too.
parser
custom_parsers_pathpath to folder containing securiCAD Enterprise Language Pack files.
proxy
num_trrusted_proxiesSet the number of trusted proxies, this number is including the nginx server set up on the enterprise machine.
If you want to set up a load balancer in front of the enterprise instance you will need to increase the number by one more.
Note if you set this number too high securiCAD Enterprise will trust content from the end user browser, which might lead to security issues.
Updated over 1 year ago