Content
General
The configuration of the Connect Server is usually done with the help of JSON files, which are located in the installation directory of the application. In special cases, overriding via environment variables or via command line parameters is possible.
Standard configuration
The default configuration is located in the file "appsettings.Default.json". This file should not be changed directly, as these changes may be overwritten by a later upgrade.
Installation-specific configuration
If an installation-specific configuration is to be created, it is recommended to copy the file "appsettings.Default.json" into a file with the name "appsettings.json". This file will not be overwritten in the event of an upgrade, so the configuration settings stored here will remain.
The default configuration is still taken into account here. The installation-specific configuration must therefore only contain the desired deltas.
Environment-specific configuration
If an installation directory is used in different environments (e.g. in a template for containers), environment-specific configurations can be created. For this purpose, the file "appsettings.Default.json" is converted into a file with the name "appsettings.{environment}.json" ({environment} must be replaced by the name of the corresponding environment).
In this scenario, the environment can be specified at runtime using the environment variable "ASPNETCORE_ENVIRONMENT". Usually the values "Development", "Staging" and "Production" are used here, the default value is "Production".
The default configuration and any existing installation-specific configuration are still taken into account. The environment-specific configurations must therefore only contain the desired deltas.
The use of the "Development" environment should be avoided in production environments, as this activates additional debugging functionalities.
Explicit configuration
If required, additional configuration files can be specified in the command line via the argument "settings=...", "-settings=...", "-settings=..." or "/settings=...". The system checks whether the specified configuration file exists and displays an error message if it does. This check can be deactivated by appending a question mark to the file name. This also allows optional configuration files to be specified on the command line.
The default configuration as well as the installation-specific configuration and the environment-specific configuration(s) are still taken into account. In this case, the explicit configurations only need to contain the desired deltas.
Structure of the configuration file
The configuration file for the Connect Server is a JSON file with a JSON object as root element. The corresponding child elements are described in the following chapters.
The Logging section (JSON object)
This section contains another JSON object named "LogLevel", which defines the level of detail of the log output. The property "Default" contains the standard setting, other existing properties define different settings for certain .NET namespaces. The following values are supported for the level of detail: "Trace", "Debug", "Information", "Warning" and "Error".
Example:
...
}, "logging": {
"LogLevel": {
"default": "information",
"IdentityServer4": "Warning",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "information"
}
},
...
If required, the level of detail can be specified depending on the logging target (console, event log, etc.). Further information can be found under the following link:
https://docs.microsoft.com/en-us/dotnet/core/extensions/loggingThe IdentityServer section (JSON object)
This section provides configurations for the Connect Server's built-in Identity Server. This is responsible for authenticating users. The default configuration is useful for development environments or for closed networks, as it does not require any further settings. However, if the Connect Server is to be accessible via the Internet, these settings should definitely be adjusted. You can find more information about this under the following link:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-5.0#deploy-to-productionExample:
...
"IdentityServer": {
}, "key": {
"type": "development"
},
"clients": {.
"GalileoGroup.Connect.Server.Frontend": {
"Profile": "IdentityServerSPA"
}
}
},
...
The AllowedHosts section (JSON value of type String)
This section allows you to restrict the host names to which the web server can be bound. Thus, access via unwanted host names or via IP addresses can be prevented. Multiple values can be separated by a semicolon. For more information, see the following link:
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1#host-filteringExample:
...
"AllowedHosts": "connect.mycompany.com;localhost",
...
The Connect section (JSON object)
This section summarizes all Connect Framework specific configurations.
The Connect/Server section (JSON object)
This section contains all settings related to the integrated server functionalities.
The "BaseUri" section (JSON value of type String)
This value specifies the base URI under which the Connect server can be reached externally. The URI specified here does not necessarily have to correspond to an endpoint of the web server; it can also be an externally accessible URI that is forwarded by a router to one of the endpoints of the web server.
If this value is set to "auto", the server tries to determine the base URI automatically from the data of the first web server endpoint.
The "Debug" section (JSON object)
This section contains settings for error analysis. The following settings are currently supported:
Property | Type | Function |
EnableHttpRequestLogging | Boolean | Enables logging of all incoming http requests. |
The Passwords section (JSON object)
This section has no functionality in the current version of Connect Server. In future versions, the parameters for reversible encryption of the passwords for SSL certificates and connection strings can be defined here, so that they no longer have to be stored in plain text.
The Paths section (JSON object)
In this section, variables can be defined for use in file paths. Subsequent variables can use previously defined variables. Regardless of the operating system, the character "/" must always be used as a separator between directories.
The following variables are predefined by the Connect Framework, but can be redefined:
Variable | Default value |
ApplicationPath | The installation directory of the Connect Server. |
CertificatePath | {ApplicationPath}/Certificates |
RepositoryPath | {ApplicationPath}/Repositories |
These defaults are always used if no other variable value is defined or if the variable has been assigned the value "auto".
For use within a file path, the path variables must be enclosed in curly brackets.
The Database section (JSON object)
This section contains configuration data for the connection to the databases used by the application. For each database, a child JSON object must be created whose name corresponds to the internal ID of the associated database. The Connect Server currently uses the following databases:
Database ID | Function |
Identity | Identity Server Users and Permissions |
Monitoring | Database for the collection of monitoring data |
Operations | Database for storing expiration data |
The following information can be stored for each database:
Property | Type | Function |
Type | String | Type of database. Normally "Sqlite" is used here, "SqlServer" is currently supported experimentally. Support for "MySql" is planned, but currently the final implementation of the EF Core Adapter for .NET 5.0 is not yet available. |
ConnectionString | String | The connection string for the database to use. |
LogLevel | String | The desired level of detail for database-specific log output. The values "Trace", "Debug", "Information", "Warning" and "Error" are supported. |
EnableSensitiveDataLogging | Boolean | If this value is set to "true", field contents are also output during logging, otherwise they are always suppressed. |
EnableDetailedErrors | Boolean | If this value is set to "true", detailed error messages from the database are output during logging. |
The section "SupportedLanguages" (JSON array with values of type String)
This section defines the languages that can be selected in the dialog for maintaining language-dependent texts. Both generic language keys (such as "en" or "de") and area-specific language keys (such as "en-US", "en-UK", "de-DE" or "de-AT") are supported.
The "Web Server" section (JSON object)
This section is used to configure the integrated web server. The following values can be stored here:
Property | Type | Function |
Type | String | To use the integrated web server, the value "Kestrel" should be set here. Since this is the state setting, the value "Kestrel" is assumed even if this property is missing. On Windows, the value "IIS" can also be used. In this case, the mode for hosting within an IIS is activated. The endpoints configured here have no functionality in IIS mode, as these are defined via the bindings in IIS. You can find more information about hosting in IIS under the following link: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-5.0 |
RootPath | String | Specifies the root directory of the web server. It is recommended not to change this value, as this may cause page effects when hosting the WebAssembly based frontend. |
Endpoints | Array | This array of JSON objects specifies the endpoints of the integrated web server. The property "Uri" contains the URI of the desired endpoint. Schema and host are mandatory, the specification of a port is optional. If no port is specified, the respective default ports (80 for HTTP and 443 for HTTPS) are used. If no IP address is specified as the host, the specified name is converted into an IP address using DNS lockup. The IP addresses 0.0.0.0 or * represent all available IP addresses of the server. When using HTTPS, the property "CertificateSource" must also be specified, which can have different values. Which value must be specified is defined by where the certificate is located. If the certificate is located in the store, the value must correspond to the requestor. For example, if the requestor of the certificate is "CN = localhost", the value for "CertificateSource" must be "localhost". The direct path to a certificate or its file name can also be specified. If only a file name is specified, this is searched for in the path defined by the "CertificatePath" path variable. For this the value can be e.g. like "test.cer|" or "test.cer|NochEinPassword". Here "test.cer" is the filename of the certificate and "NochEinPassword" is the password to access the private key of the certificate. The separator "|" is mandatory, no matter if a password is entered or not. If there is no password, the value ends with a "|". The use of multiple certificates on the same endpoint is currently not supported. If an endpoint can be reached via different hostnames, these must be listed in a certificate. Wildcard certificates are supported without restrictions. |
Special features of the Identity Server configuration
In the default configuration, the Connect Server uses the Identity Server to authenticate and authorize users. There is one configuration variant that differs from the default:
If a value with the name "AutoCreate" and the value "true" is created within the "Key" section, a self-signed certificate is generated on startup if the referenced certificate file does not exist. This behavior essentially serves to enable the server to be started without manual intervention in the configuration.
Example:
...
"IdentityServer": {
}, "key": {
{ "type": "file",
"FilePath": "connect.pfx",
"Password": "Connect!",
"AutoCreate": true
},
...
If there is no file with the name "connect.pfx" in the directory specified under "CertificatePath", a self-signed certificate is created at startup and saved under this name. The password "Connect!" stored here is used for the encryption of the private key.
Example configuration
The following example shows the possible Connect-specific configuration settings:
...
}, "connect": {
}, "server": {
"BaserUri": "connect.mycompany.com",
}, "debug": {
"EnableHttpRequestLogging": false
},
}, "passwords": {
"EnableEncryption": false,
"EncryptionAlgorithm": "None",
"EncryptionKey": ""
},
}, "paths": {
}, "applicationpath": "auto",
"CertificatePath": "{ApplicationPath}/Certificates",
"RepositoryPath": "{ApplicationPath}/Repositories"
},
}, "database": {
}, "identity": {
{ "type": "sqlite",
"ConnectionString": "Data Source={RepositoryPath}/identity.db",
"LogLevel": "Error",
"EnableSensitiveDataLogging": false,
"EnableDetailedErrors": false
},
{ "monitoring".
{ "type": "sqlite",
"ConnectionString": "Data Source={RepositoryPath}/monitoring.db",
"LogLevel": "Error",
"EnableSensitiveDataLogging": false,
"EnableDetailedErrors": false
},
{ "operations".
{ "type": "sqlite",
"ConnectionString": "Data Source={RepositoryPath}/operations.db",
"LogLevel": "Error",
"EnableSensitiveDataLogging": false,
"EnableDetailedErrors": false
}
},
}, "supportedlanguages": [ "en", "en", "it", "es", "fr", "nl" ]
}, "web server": {
{ "type": "kestrel",
"RootPath": "{ApplicationPath}/wwwroot",
}, "endpoints": [
{
"Uri": "http://*:8080"
},
{
"Uri": "https://*:8443",
"CertificateSource": "certificate.pfx|"
}
]
}
}
}
...
Overriding configuration settings
The configuration settings stored in the JSON files can be overridden if necessary. This approach makes sense especially when automating Docker-based environments.
Override with the help of environment variables
To override the value of a configuration setting, an environment variable can be defined with the prefix "DOTNET_" or "ASPNETCORE_" followed by the path of the setting in the JSON file. A double underscore (__) should be used here as the path separator.
You can find more information on this topic under the following link:
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0Example:
SET DOTNET_Connect__Server__Webserver__Type=IIS
Override via the command line
If required, configurations can also be overridden using key-value pairs as command line parameters. The name here corresponds to the path of the setting, using the ":" character as the path separator. Key-value pairs can be specified in various ways:
<name1>=<value1> <name2>=<value2> ...
/<name1> <value1> /<name2> <value2> ...
--<name1> <value1> --<name2> <value2> ...
You can find more information on this topic under the following link:
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0Example:
GalileoGroup.Connect.Server.Backend.exe Connect:Server:Webserver:Type=IIS