|
The eloqld.cfg configuration file defines eloqld configuration,
The section names are not case sensitive. String values can be
enclosed in double quotes to protect leading or trailing spaces.
An unquoted hash character (#) starts a comment.
The following configuration sections are supported:
- Server configuration [server]
-
This section configures various server settings.
- Acces Filter configuration [server]
-
This may be used to allow or deny license or status requests based on
the client network address.
- Server limits [limits]
-
This section configures the server scaling and timeouts.
- License pool [pool]
-
This section configures the license pools.
Server configuration [server]
This section configures various server settings.
- Service
-
The service name (as defined in /etc/services)
or the port number where the server should listen
for requests. The default value is eloqld.
A suffix /4, /6, or /46 may be used for establishing IPv4
only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
listening sockets. By default, separate IPv4 and IPv6
sockets are used.
For example: eloqld/46
- ServiceHttp
-
The service name (as defined in /etc/services)
or the port number where the server should listen
for HTTP requests.
If neither ServiceHttp nor ServiceHttps
are specified, the HTTP/HTTPS status is disabled.
A suffix may specify support of the IPv4 and IPv6 protocol.
By default, separate IPv4 and IPv6 sockets are used.
- ServiceHttps
-
The service name (as defined in /etc/services)
or the port number where the server should listen
for HTTPS (secure HTTP) requests.
If neither ServiceHttp nor ServiceHttps
are specified, the HTTP/HTTPS status is disabled.
A suffix may specify support of the IPv4 and IPv6 protocol.
By default, separate IPv4 and IPv6 sockets are used.
Both ServiceHTTP and ServiceHTTPS may be set identically,
the server then automatically detects whether to use HTTP
or HTTPS.
Enabling the secure HTTP protcol requires that TLS is configured
(see TLSCertChainFile
and TLSCertKeyFile).
- TLSCertChainFile
-
The absolute path to a file in PEM format containing
the server certificate and optionally any additional
intermediate certificates which represent the chain
up to the root certificate.
The certificates in this file must be sorted in the
verification order, starting with the server certificate.
The file may in addition contain the private key
associated with the server certificate, in which case
the TLSCertKeyFile
configuration may be omitted.
Note: TLS (Transport Layer Security) configuration is required
to enable the HTTPS (secure HTTP) status (see
ServiceHttps above).
To enable HTTPS, a server certificate is needed for the eloqld
host name. Web browsers require a certificate which is issued
by a known authority. Using a self-signed certificate typically
requires to configure the browsers which are used to access the
HTTPS status.
- TLSCertKeyFile
-
The absolute path to a file in PEM format containing
the private key associated with the server certificate.
If this key is contained in the
TLSCertChainFile
configuring TLSCertKeyFile is not necessary.
- UID (HP-UX and Linux)
-
The name (or numeric id) of the account to run client processes
as when started as root. Please note, that the server will refuse to start
as root unless UID and GID are valid.
- GID (HP-UX, Linux)
-
The name (or numeric id) of the system group to run
client processes as when started as root.
Please note, that the server will refuse to start
as root unless UID and GID are valid.
- LogFile
-
This defines where log messages are written to.
This configuration value either specifies a path/file
or one of the keywords below:
- console - log messages are written to the console
- syslog - log messages will be sent to the
syslog daemon (HP-UX, Linux) or the Windows Event Log.
The default value is "syslog".
- SysIdent (HP-UX, Linux)
SysFacility (HP-UX, Linux)
-
This may be used to specify the syslog identifier and facility.
Supported facility values are: USER/DAEMON/LOCAL0..LOCAL7.
The default syslog identifier is "eloqld".
The default syslog facility is "USER".
Please refer to syslogd(1M) for more information.
For example:
SysIdent = eloqld
SysFacility = USER
- LogFlags
-
Each log message has an associated origin and severity.
The log flags define which messages are be logged.
The "*" origin matches all message origins, so it can
be used to setup a default which can be overridden
for a specific message origin (e.g. "*1N0").
The default LogFlags are "*0".
The following origin are in use:
-
* = All origins
-
A = Address filter
-
C = Configuration subsystem
-
H = HTTP status
-
N = Network transport
-
S = Server framework
-
T = Thread kernel
-
L = License parsing
-
P = Protocol
The following severities are in use:
-
ERROR = 0 - error messages
-
INFO = 1 - information
-
DEBUG = 2 - debug
-
VDEBUG = 3 - verbose debug
When using syslog, the following priorities are mapped:
-
ERROR = LOG_ERR
-
INFO = LOG_NOTICE
-
DEBUG = LOG_DEBUG
-
VDEBUG = LOG_DEBUG
Enabling log messages with DEBUG or VDEBUG severity
may result in a huge number of log messages.
To suppress anything but fatal messages, you can set
LogFlags to "*0". To enable informational log messages
LogFlags should be set to "*1".
- Statusfile
-
StatusFile specifies the name of a file that is used to
restore the eloqld server process status after a restart.
It is updated continuously while the eloqld proces is active
and read on server startup.
StatusFile may either specify a file name
(relative to /var/tmp) or an absolute file name.
The default is: /var/tmp/eloqld.status
For example:
Statusfile = /var/tmp/eloqld.status
Statusfile = C:/temp/eloqld.status
- HTTPUser
-
If set, the eloqld HTTP status display will require a
matching user name (HTTP basic authentication) before
allowing access to the eloqld HTTP status.
The default value is empty.
- HTTPPswd
-
If set, the eloqld HTTP status display will require a
matching password (HTTP basic authentication) before allowing
access to the eloqld HTTP status. The default value is empty.
Access filters
The allow Allow or Deny config items may be used to limit
license requests based on the client network address.
The AllowHTTP(S) or DenyHTTP(S) config items are used to limit
access to the eloqld status page based on the client (browser)
network address.
The following syntax is supported:
{allow|deny} = {All | hostname | ip-address [/{addrbits|netmask]}}
-
Multiple Allow/Deny entries are recognized and combined.
-
hostname is the name of a host or network that is resolved
into one or more ip addresses.
-
ip-address is either an IPv4 or IPv6 address.
-
An IPv6 address, enclosed in square brackets, such
as [::1]. The addrbits option may be used to specify
the number of relevant bits in the IP address.
-
An IPv4 address, such as 127.0.0.1. The addrbits option
may be used to specify the number of relevant bits in the
IP address. The netmask option allows to specify an IPv4
network mask, such as 255.255.255.0.
-
If neither Allow nor Deny are configured,
connections are allowed from all network addresses
(implied Allow=All).
-
If Allow and/or Deny are configured,
connections are denied unless specifically allowed
(implied Deny=All).
For example:
Allow = localhost
Allow = 10.64.71.0/24
AllowHTTP = 10.64.71.0/24
AllowHTTPS = 10.64.71.23
Server Limits [limits]
This section is used to configure the server limits.
Changing any of these configureation items from the default
should rarely be necessary.
- WorkerThreads
-
WorkerThreads specifies the number of worker threads.
A higher setting allows for more concurrent activity.
The default is 2.
- MessageTimeout
-
MessageTimeout specifies the time in seconds a connection waits
for additional requests before closing a connection.
The default is 30 (seconds)
MessageTimeout = 30
- HTTPKeepAlive
-
If nonzero, the HTTP persistent connection mode is enabled
so that the web browser may use a single connection for
multiple requests. This typically speeds up page loading
because it minimizes the overhead required to establish new
connections and, in case of HTTPS, process the TLS handshake.
The default is: 15 (seconds)
HTTPKeepAlive = 15
- RateBlock
RateResume
-
Connection rate limiting is a defense against DoS (Denial
of Service) attacks. The number of new connection attempts
per second is monitored. If it reaches or exceeds the
configured RateBlock limit, new connections are refused
until the rate drops to RateResume at most.
The defaults are: RateBlock=500 and RateResume=50
RateBlock = 500
RateResume = 50
License Pool configuration [pool]
This section is used to configure the license pools.
- LicenseFile
-
LicenseFile specifies the relative (to the Eloquence config
directory) or absolute path of a file. This file is is read on eloqld
startup and provides a list of licenses organized by sections.
The default is eloqld.pool if LicenseDir is not set.
LicenseFile = eloqld.pool
- LicenseDir
-
LicenseDir specifies the relative (to the Eloquence config
directory) or absolute path of a directory. Any files in this directory
are read on eloqld startup and provides files to hold licenses organized
by sections.
LicenseDir = eloqld.d
If LicenseDir is specified but LicenseFile
is not set explicitly the default license pool file
eloqld.pool is not read.
- Secret
-
Secret specifies a password that is shared by the server and
any client. A connection can only succeed if the secret is matching.
Secret = aeQu1iev
- Renew
-
Renew specifies the default time (in seconds) to renew a license
until it is considered unused. The default is 4 hours (14400 seconds).
eloqld.cfg template file
A default configuration file eloqld.cfg is installed and may be customized.
A template eloqld config file is installed as
newconfig/config/eloqld.cfg.
# @(#) eloqld.cfg - B.08.40 ($Revision: 29.3 $)
#
# This file specifies the eloqld (Eloquence license server) configuration.
# It is installed in the location:
# /etc/opt/eloquence/8.4/eloqld.cfg
#
# This file is read once at eloqld startup.
#
# Format:
#
# The section names are not case sensitive. String values can be
# enclosed in double quotes to protect leading or trailing spaces.
# Everything after a hash (#) character is considered a comment.
# Default values are provided commented out.
### Server configuration
[Server]
# Service The service name (as defined in /etc/services) or the port
# number where the server should listen for license requests.
# The default is: eloqld
#
# A suffix /4, /6, or /46 may be used for establishing IPv4
# only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
# listening sockets. By default, separate IPv4 and IPv6
# sockets are used.
#
# For example: Service = 8891 (equivalent to: 8891/46)
#Service = eloqld
# ServiceHTTP The service name (as defined in /etc/services) or the port
# number where the server should listen for HTTP requests.
# If not configured, HTTP requests are not accepted.
#
# A suffix /4, /6, or /46 may be used for establishing IPv4
# only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
# listening sockets. By default, separate IPv4 and IPv6
# sockets are used.
#
# For example: ServiceHTTP = 80 (equivalent to: 80/46)
#
# ServiceHTTPS The service name (as defined in /etc/services) or the port
# number where the server should listen for HTTPS (secure
# HTTP) requests.
#
# This requires that TLS is configured (see below).
#
# A suffix /4, /6, or /46 may be used (see ServiceHTTP above).
#
# For example: ServiceHTTPS = 443 (equivalent to: 443/46)
#
# Both ServiceHTTP and ServiceHTTPS may be set identically,
# the server then automatically detects whether to use HTTP
# or HTTPS.
#ServiceHTTP =
#ServiceHTTPS =
# TLSCertChainFile Absolute path to a file in PEM format containing
# the server certificate and optionally any additional
# intermediate certificates which represent the
# verification chain up to the root certificate.
#
# This is required if HTTPS (secure HTTP) requests should
# be accepted (see ServiceHTTPS above).
#
# The certificates in this file must be sorted in the
# verification order, starting with the server certificate.
# The file may in addition contain the private key
# associated with the server certificate, in which case
# the TLSCertKeyFile configuration below can be omitted.
#TLSCertChainFile =
# TLSCertKeyFile Absolute path to a file in PEM format containing
# the private key associated with the server certificate.
# If this key is contained in the TLSCertChainFile above,
# configuring TLSCertKeyFile is not necessary.
#TLSCertKeyFile =
# UID The name (or numeric id) of the system account to run
# the server when started as root.
# GID The name (or numeric id) of the system group to run
# the server when started as root.
#
# Please note that the server will refuse to start
# as root unless UID and GID are valid.
#UID =
#GID =
# LogFile This defines where log messages are written to.
# This configuration value either specifies a path/file
# or one of the keywords below:
#
# console - log messages are written to the console
# syslog - log messages will be sent to the
# syslog daemon
#
# The default is: syslog
#LogFile = syslog
# SysIdent When logging to the syslog daemon, you can define
# a syslog identifier. The default is: eloqld
# See syslogd(1M) for more information
#
# SysFacility When logging to the syslog daemon, you can define
# a syslog facility (USER/DAEMON/LOCAL0..LOCAL7)
# The default is: USER
# See syslogd(1M) for more information
#SysIdent = eloqld
#SysFacility = USER
# LogFlags Each log message has an associated origin and
# severity. The log flags define which messages will
# be logged. The "*" origin matches all message origins,
# so it can be used to setup a default which can be
# overriden for a specific message origin, for example
# LogFlags = *1S2 to log more detailed connection info.
# The default is: *0
#
# The following origin are in use:
# * = All origins
# A = Address filter
# C = Configuration subsystem
# H = HTTP requests
# N = Network transport
# S = Server framework
# T = Thread kernel
# L = License parsing
# P = Protocol
#
# The following severities are in use:
# 0 = error messages
# 1 = information
# 2 = debug
# 3 = verbose debug
#
# When using syslog, the following priorities
# are mapped:
# 0 = LOG_ERR
# 1 = LOG_NOTICE
# 2 = LOG_DEBUG
# 3 = LOG_DEBUG
#
# Please note that enabling log messages with verbose debug
# severity may result in a large number of log messages.
#
# Set LogFlags = *0 to enable fatal messages only.
# Set LogFlags = *1 to enable regular log messages,
# or *1H0 to suppress HTTP protocol status messages.
# Set LogFlags = *1S2 to enable more detailed connection
# and disconnection messages.
#LogFlags = *0
# StatusFile Specifies the name of a file that is used to restore the eloqld
# server process status after a restart.
# If is updated continuously while the eloqld proces is active
# and read on server startup.
#
# StatusFile may either specify a file name (relative to /var/tmp)
# or an absolute file name. The default is: /var/tmp/eloqld.status
#StatusFile=
# Allow|Deny Used to allow/deny license requests based on the client
# network address.
#
# Allow/Deny argument syntax:
# { All | hostname | ip-address [/{addrbits|netmask]} }
#
# Multiple Allow/Deny entries are recognized and combined.
#
# hostname is the name of a host or network that is resolved
# into one or more ip addresses.
#
# ip-address is either an IPv4 or IPv6 address.
#
# * An IPv6 address, enclosed in square brackets, such
# as [::1]. The addrbits option may be used to specify
# the number of relevant bits in the IP address.
#
# * An IPv4 address, such as 127.0.0.1. The addrbits option
# may be used to specify the number of relevant bits in the
# IP address. The netmask option allows to specify an IPv4
# network mask, such as 255.255.255.0.
#
# If neither Allow nor Deny are configured,
# connections are allowed from all network addresses
# (implied Allow=All).
#
# If Allow and/or Deny are configured,
# connections are denied unless specifically allowed
# (implied Deny=All).
#Allow =
#Deny =
# AllowHTTP(S)
# DenyHTTP(S) Used to allow/deny HTTP and/or HTTPS connections based
# on the client network address.
#
# Allow/Deny argument syntax:
# { All | hostname | ip-address [/{addrbits|netmask]} }
#
# Multiple Allow/Deny entries are recognized and combined.
#
# hostname is the name of a host or network that is resolved
# into one or more ip addresses.
#
# ip-address is either an IPv4 or IPv6 address.
#
# * An IPv6 address, enclosed in square brackets, such
# as [::1]. The addrbits option may be used to specify
# the number of relevant bits in the IP address.
#
# * An IPv4 address, such as 127.0.0.1. The addrbits option
# may be used to specify the number of relevant bits in the
# IP address. The netmask option allows to specify an IPv4
# network mask, such as 255.255.255.0.
#
# If neither AllowHTTP(S) nor DenyHTTP(S) are configured,
# connections are allowed from all network addresses
# (implied AllowHTTP(S)=All).
#
# If AllowHTTP(S) and/or DenyHTTP(S) are configured,
# connections are denied unless specifically allowed
# (implied DenyHTTP(S)=All).
#
# If configured, these server-global access rules are
# applied on any client connection. In addition, specific
# Allow/Deny rules may be configured in the application
# and URI configuration files.
#AllowHTTP =
#DenyHTTP =
#AllowHTTPS =
#DenyHTTPS =
# HTTPUser If set, the eloqld HTTP status display will require a
# matching user name (HTTP basic authentication) before
# allowing access to the eloqld HTTP status. The default value
# is empty.
#
# HTTPPswd If set, the eloqld HTTP status display will require a
# matching password (HTTP basic authentication) before allowing
# access to the eloqlb HTTP status. The default value is empty.
#HttpUser =
#HttpPswd =
### Server limits
[Limits]
# WorkerThreads Sets the number of worker threads. A higher setting
# allows for more parallel activity.
#
# The default is: 2
# WorkerThreads = 2
# MessageTimeout
# MessageTimeout specifies the time in seconds a connection waits
# before closing a connection.
# The default is: 30 (seconds)
# MessageTimeout = 30
# HTTPKeepAlive If nonzero, the HTTP persistent connection mode is enabled
# so that the web browser may use a single connection for
# multiple requests. This typically speeds up page loading
# because it minimizes the overhead required to establish new
# connections and, in case of HTTPS, process the TLS handshake.
#
# The default is: 15 (seconds)
# HTTPKeepAlive = 15
# RateBlock
# RateResume Connection rate limiting is a defense against DoS (Denial
# of Service) attacks. The number of new connection attempts
# per second is monitored. If it reaches or exceeds the
# configured RateBlock limit, new connections are refused
# until the rate drops to RateResume at most.
#
# The defaults are: RateBlock=500 and RateResume=50
# RateBlock = 500
# RateResume = 50
### License Pool
[pool]
# LicenseFile Specifies the relative (to the Eloquence config directory)
# or absolute path of a file. This is read on eloqld startup
# and provides a list of licenses organized by sections.
# The default is eloqld.pool
#
# LicenseDir Specifies the relative (to the Eloquence config directory)
# or absolute path of a directory. This is read on eloqld startup
# and provides files to hold licenses organized by sections.
#
# Secret Specifies a password that is shared by the server and any
# client. If specified a connection can only succeed if the
# secret is matching.
#
# Renew Specifies a default time (in seconds) to renew a license
# until it is considered unused.
# The default is 4 hours (14400 seconds).
#LicenseFile = eloqld.pool
#LicenseDir =
#Secret =
#Renew = 14400
eloqld
|
|