Skip to content

Configurations

Jump to bottom Edit New page
Joonghoon Kim edited this page Dec 7, 2015 · 18 revisions

Configuration files

There are 2 configuration files that should be managed.

  • ${server source}/src/server/conf/conf.js : Service Configuration File
  • ${server source}/src/server/conf/log.js : Logging Configuration File

Webida Log Configuration

Webida server logs all service logs with syslog, using local6 and local7 facility. ${server source}/src/server/conf/default-log.js shows default configuration. Changing the default-log.js file does not affect to service but is not recommended for easy update from git repository. If you want to change logging configuration, copy the file to log.js in same directory, especially want to change log level to debug.

var loggerConfigs = {
    server: {
        level:'info',   // should be one of syslog level - debug, info, notice, warning, error, ... fatal
        facility:'local7',
        protocol:'unix',
        path:'/dev/log',
        humanReadableUnhandledException : true,
        handleExceptions : true
    },
    access : {
        level:'debug',   // every access log will be logged as 'info' level. do not set higher level than info
        facility:'local6',
        protocol:'unix',
        path:'/dev/log',
        json:true
    },

    // there can be many 'server/_request/$reqid'
    // without this config, all of them has parent of 'server' and will be named as 'request/$reqId'
    // to controll the log levels of all request logger can be handled here
    'server/_request' : {
        tags : { reqId : 'unknown' }, // tags will be overrided by children
        level : 'debug'
    }
};
module.exports = loggerConfigs;
  • 'server' logger provides default loggers to all server modules. Changing level of 'server' logger to 'warning', most of server loggs will be silienced. Do not set 'debug' level to real service, for performance
  • Do not chnage 'access' logger log level other than info. 'access' is not a child of 'server' logger
  • Do not touch protocol & path if you didn't changed syslog configuration not to use log device, /dev/log
  • Do not remove 'server' and 'access' logger

Log levels

Syslog has 7 levels. Webida server uses only 4 levels

  • debug
  • info
  • notice (unsed)
  • warning
  • error
  • crit (unused)
  • alert (unused)
  • emerg (unused)

If you want to change log levels, set 'level' value of a logger to one of above levels. Since level names are case sensitive, use lower-case always.

Webida Service configuration

${server source}/src/server/conf/default-conf.js provides default configuration. You should copy the file to conf.js in same directory and edit all necessary configurations to update Weida server easily, without resolving conflicts. it's script but can be edited for it's ignored in .gitignore already. Unlike logging configuration, when 'conf.js' is missing, server will use default-conf.js directly. So, changing default-conf.js will affect to the service if you didn't copy the file to conf.js

Reverse Proxy

Before editing configuration file, you should decide to use reverse proxy or not.

  1. If you want to open standard ports (80/443) only, you should use reverse proxy. To use reverse proxy, you should have some DNS and add hosts (auth, fs, app, ... ) in the configuration file.

  2. If you don't have DNS service or want to use IP, then you should not use reverse proxy.

Change useReverseProxy variable in conf.js (not conf.useReverseProxy property) to enable/disable.

Using WEBIDA_* environment variables

Many values in configuration can be overrided by environment varialbles, but not recommended except development purpose. Just edit conf.js and set 'real' paths and values to the file. Use WEBIDA_HOME not to spread your data. Default value of WEBIDA_HOME is '/home/webida' (is hard-coded) and should be set always when running server in producntion mode using NODE_ENV='production'.

Discarding some 'developers-only' options, in most case, you should set/change following env. variables

  • WEBIDA_APP_QUOTA_COUNT (conf.: maximum number of apps allowed to be deployed by one user
  • WEBIDA_APP_QUOTA_SIZE : maximum size of deployable app.
  • WEBIDA_HTTP_HOST, WEBIDA_HTTP_SERVERS : binding address of the servers. We don't recommend you to change binding addresses other than default (0.0.0.0). Use firewall and other shiny network security tools to protect server from illegal access.

Important configuration object values

You should change or set these values before running services.

  • conf.workerInfo : Although not enabled by default, it's recommended to enable this option usually. set proper number of worker count, but no more than the number of CPU cores.

  • conf.dataMapperConf.connectors : set access credential to your DB. DO NOT USE DEFAULT. for security.

  • conf.signup : you should configure this object to send emails to activate account. DO NOT USE DEFAULT, for it would not work.

  • conf.servies.fs.linuxfs : If your host have XFS/BTRFS than change this value. Quota system will not work if you don't set file system type to XFS or BTRFS

  • conf.services.fs.container.lxc.net : If you are running your sever in 10.x.y.z IP (usually VM) check this object carefully. You should check your LXC configuration first and set proper base, gw & ip range to containers. Every terminal and most of git/build tasks will be executed in container.

  • conf.services.fs.exec.timeoutSecs : 300 sec. default If you allow users run very long (maybe very heavy, too) building & git jobs, increase timeout value.

  • conf.units : see below section

Configuring units

Unit is a 'server module' of Webida server, that runs its own http(s) services and provides API to client or other units. If you want to use reverse proxy, You should enable proxy unit (disabled by default). If you want to spread unit services to multiple hosts, you should change unit array's values. convention for unit name for services is adding 0,1,2,3,... to service type of the unit.

Checking configuration file

Run conf.js with node. conf.js will check conf object values refering invalid paths. And best feature is node wil check syntax and throw error when the script is broken. Run node conf.js always if you changed something in the file before (re)starting server process.

Serving Webida with HTTPS

  • to use https, we recommend you enable useReverseProxy option.
  • First of all, buy or receive 3 files : SSL key, certification & CA certification.
  • As many other servies, you have to set the path of the files in configuratino file. grep WEBIDA_SSL in conf.js & change the paths to your own. Or, put the files in $WEBIDA_HOME/keys.
  • After changing config.js, then you should fix oauth_client table in DB, as follwing section.

Changing IP/domain/protocol of your service

When you have changed IP or domain of your webida service (editing conf.js), you have to fix installed system apps' oauth client information for your system. If you want to access your system with IP xxx.yyy.zzz.www, then change redirect URL's domain from your old IP (172.21.100.153 as example, our VM image) to xxx.yyy.zzz.www

$ mysql -uwebida -pwebida webida

mysql> select name, redirect_url from oauth_client;
+---------------+--------------------------------------------+
| name          | redirect_url                               |
+---------------+--------------------------------------------+
| app-dashboard | http://172.21.100.153:5001/pages/auth.html |
| webida-client | http://172.21.100.153:5001/-/ide/auth.html |
+---------------+--------------------------------------------+

mysql> update oauth_client redirect_url = replace(redirect_url, '172.21.100.153', 'xxx.yyy.zzz.www');

If you want to re-install all system apps, you have to uninstall app-server and auth-server, and have to install them again.

System configuration

Edit sudoers

Before running Webida server, you should give webdia user some previleges to run some sudo actions.

    $ cd /home/weibida/webida-server/src/system-configs
    $ sudo cp ./system-configs/sudoers /etc/sudoers.d/webida
    $ sudo visudo -f /etc/sudoers.d/webida

webida user should be able to run lxc-execute without password

Change syslog configurations

By default, all webida logs will be logged via syslog, with facilietes local6 and local7. To separate logs from default syslog, you need to configure the syslog daemon on your server. In unbutu server, using rsyslog, copy sample configurations to /etc/rsyslog.d and /etc/logrotate.d

$ cd /home/webida/webida-server/src/system-configs
$ sudo cp -f ./rsyslog-configs/60_webida.conf /etc/rsyslog.d
$ sudo cp -f ./logrotate-configs/webida /etc/logroatate.d 
$ sudo restart rsyslog

If you changed log facilities from defaults to others, you have to change the syslog configuration and related logrotate configuration, respecting your conf/log.js

XFS

If you've set conf.servies.fs.linuxfs to XFS or BTRFS, you may have to change fstab & configuration file. See XFS Guide for details.

BTRFS

You should enalbe quota before run 'fs-install.js' (fs-install.js will fail for the errors from btrfs command)

sudo btrfs enable quota /home/webida

If you could not run fs-install.js successfully, you should run fs-uninstall.js first, before running fs-install.js again.

Add a custom footer

Installation & Run

Clone this wiki locally