• Recent
    • Tags
    • Popular
    • Register
    • Login

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website Mango 5 Documentation Website

    Cloud Connect Help

    User help
    3
    17
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmason @MattFox
      last edited by

      @mattfox thanks man

      Here's the overrides env.properties files

      #    Copyright (C) 2014 Infinite Automation Systems Inc. All rights reserved.
      #    @author Matthew Lohbihler
      
      ###############################################################################
      # TO OVERRIDE VALUES IN THIS FILE...
      #
      # Do not change the values in this file, because when you upgrade your core 
      # your changes will be overwritten. Instead, create a new file called 
      # <MA_HOME>/overrides/properties/env.properties and override properties 
      # there. The overrides directory will never be overwritten by an upgrade, so 
      # your customizations will be safe.
      # 
      ###############################################################################
      
      # The port at which Mango Automation will listen for browser connections
      web.port=80
      # The host interface to which Mango Automation will bind and listen for new connections
      #  0.0.0.0 is the special interface that will force a bind to all available interfaces
      web.host=0.0.0.0
      
      # Should Mango Automation open (if possible) a browser window when it starts up?
      web.openBrowserOnStartup=true
      
      # Set this to true if you are running Mango behind a reverse proxy that sends "Forwarded" or "X-Forwarded-*" headers.
      # This includes accessing Mango via Cloud Connect module. By default only requests from localhost are trusted.
      web.forwardedHeaders.enabled=true
      # Set a comma separated list of IP ranges from which to trust Forwarded headers
      web.forwardedHeaders.trustedIpRanges=127.0.0.0/8,::1,10.1.1.0/24
      
      # HTTP session (authentication) cookie name and domain name settings.
      #
      # Use the Mango GUID as the session cookie name
      sessionCookie.useGuid=true
      # Set the domain name that the cookie is valid for, can be used to make the session login valid for subdomains too.
      # If left blank the session cookie can only be used for the domain that you login at.
      sessionCookie.domain=.mango.abc.wyxz.nz
      
      # Default database settings, NOTE that on windows this must be an absolute path
      db.type=h2
      db.url=jdbc:h2:${ma.home}/databases/mah2
      db.location=${ma.home}/databases/mah2
      db.username=
      db.password=
      #For web console
      db.web.start=false
      db.web.port=8091
      
      #General Database Settings
      db.pool.maxActive=100
      db.pool.maxIdle=10
      db.update.log.dir=${ma.home}/logs/
      # setting to show query times in the logs as INFO
      db.useMetrics=false
      
      #--The following database properties are for RQL REST queries and can be changed during runtime and will be picked up at most in 5s--
      #Force the use of indexes (Experimental and only on MySQL so far)
      db.forceUseIndex=true
      #Tell the jdbc driver to fetch this many rows at a time, useful over network connected dbs (Not MySQL)
      # negative values will force use jdbc driver default
      db.fetchSize=-1
      #Tell the database to not return the entire result set (or fetch blocks) but to return row by row
      # can slow down performance on network systems but reduce memory footprint for large queries
      db.stream=false
      #-- End auto-reloading Database Properties --
      
      # MySQL database settings. Your MySQL instance must already be running and configured before this can be used.
      #db.type=mysql
      #db.url=jdbc:mysql://localhost/<your mysql schema name>
      #db.username=<your mysql username>
      #db.password=<your mysql password>
      #db.mysqldump=<location/command for mysqldump executable for backups>
      #db.mysql=<location/command for mysql executable for restore>
      
      # Database settings for conversion. If the db.* settings point to a new database instance, and the convert type setting
      # is set, Mango Automation will attempt to convert from the convert.db.* settings to the db.* settings
      # Note that database conversions should not be performed in the same step as an upgrade. First upgrade, then convert.
      convert.db.type=
      convert.db.url=${convert.db.url}
      convert.db.username=${convert.db.username}
      convert.db.password=${convert.db.password}
      
      #Set the base path for where the NoSQL data will be stored
      db.nosql.location=${ma.home}/databases/
      #Set the folder name of the point value store
      db.nosql.pointValueStoreName=mangoTSDB
      #Set the number of files the database can have open at one time
      db.nosql.maxOpenFiles=500
      #Time after which a shard will be closed
      db.nosql.shardStalePeriod=36000000
      #Period to check for stale shards
      db.nosql.flushInterval=300000
      #Query Performance Tuning, File Access Type: Available[INPUT_STREAM,FILE_CHANNEL,RANDOM_ACCESS_FILE,MAPPED_BYTE_BUFFER]
      db.nosql.shardStreamType=INPUT_STREAM
      #Setting to speed up NoSQL queries at the expense of a small increase in disk usage
      db.nosql.reversible=false
      #Setting this will convert your existing point value store [NONE, REVERSIBLE, UNREVERSIBLE]
      db.nosql.convert=NONE
      #Number of concurrent threads to use to convert the database
      db.nosql.convertThreads=4
      #Run the corruption scan if the db is marked dirty
      db.nosql.runCorruptionOnStartupIfDirty=false
      
      #Password encryption scheme [BCRYPT, SHA-1, NONE]
      #Legacy is SHA-1, 2.8+ BCRYPT
      #security.hashAlgorithm=BCRYPT
      
      # The location of the Mango Automation store from which to get license files.
      store.url=https://store.infiniteautomation.com
      
      # SSL control
      ssl.on=false
      ssl.port=8443
      ssl.keystore.location=/location/to/keystore/file.jks
      ssl.keystore.password=freetextpassword
      
      # System time zone. Leave blank to use default VM time zone.
      timezone=
      
      #Rest API Configuration
      rest.enabled=true
      #For using other than timestamp
      rest.customDateOutputFormat=YYYY-MM-dd HH:mm:ss.SSS Z
      rest.customDateInputFormat=YYYY-MM-dd HH:mm:ss.SSS Z
      #Enable to make JSON More readable
      rest.indentJSON=false
      #Cross Origin Request Handling
      rest.cors.enabled=false
      rest.cors.allowedOrigins=*,localhost
      rest.cors.allowedMethods=PUT,POST,GET,OPTIONS,DELETE
      rest.cors.allowedHeaders=LOGOUT,PASSWORD
      rest.cors.exposedHeaders=
      rest.cors.allowCredentials=true
      rest.cors.maxAge=3600
      
      #For rest API Documentation at /swagger/index.html
      swagger.enabled=true
      #Regex Patter to scan for REST API endpoints for Swagger to document/display
      swagger.mangoApiVersion=v[12]
      
      
      #Distributor Settings
      distributor=IA
      
      #Jetty Thread Pool Tuning
      # Time a thread must be idle before killing to keep pool size at minimum
      web.threads.msIdleTimeout=10000
      # Number of threads to keep around to handle incoming connections
      web.threads.minimum=10
      # Number of threads allowed to be created to handle incoming requests as needed
      web.threads.maximum=200
      # Number of Requests To Queue if all threads are busy
      web.requests.queueSize=200
      # Ping timeout for response from browser
      web.websocket.pingTimeoutMs=10000
      
      #Jetty JSP Configuration
      # See here for options: http://www.eclipse.org/jetty/documentation/9.2.10.v20150310/configuring-jsp.html
      web.jsp.development=true
      web.jsp.genStringsAsCharArray=true
      web.jsp.trimSpaces=false
      web.jsp.classdebuginfo=false
      web.jsp.supressSmap=true
      web.jsp.compilerClassName=org.apache.jasper.compiler.JDTCompiler
      web.jsp.compiler=modern
      web.jsp.fork=false
      web.jsp.keepgenerated=true
      
      #iFrame Header Control iFrame Header Control 'X-Frame-Options' (case sensitive options)
      # SAMEORIGIN - Only allow Mango to embed i-frames when the requesting page was loaded from the Mango domain
      # DENY - Do not allow at all
      # ANY - Do not even use the header at all 
      # One specific domain name can be supplied so that the header becomes: ALLOW-FROM http://foo.bar.com 
      web.security.iFrameAccess=SAMEORIGIN
      
      #Regex used to match serial ports so they show up in the menu
      serial.port.linux.regex=((cu|ttyS|ttyUSB|ttyACM|ttyAMA|rfcomm|ttyO|COM)[0-9]{1,3}|rs(232|485)-[0-9])
      serial.port.linux.path=/dev/
      serial.port.windows.regex=
      serial.port.windows.path=
      serial.port.osx.path=/dev/
      serial.port.osx.regex=(cu|tty)..*
      
      #Start data sources in parallel threads
      runtime.datasource.startupThreads=4
      #Log startup times for runtime manager
      runtime.datasource.logStartupMetrics=true
      #Log number of aborted polls for a polling data source this often at a minimum (only logged after next aborted poll past this time)
      runtime.datasource.pollAbortedLogFrequency=3600000
      
      #Report Javascript Execution Times at INFO Level logging
      # add this to log4j.xml   <category name="org.perf4j.TimingLogger"><level value="info"/></category>
      runtime.javascript.metrics=false
      
      #Default task queue size for the Real Time Timer, should multiple tasks of the same type be queued up?
      # Tasks are rejected from a full queue, a size of 0 means reject multiple instances of the same task
      runtime.realTimeTimer.defaultTaskQueueSize=0
      #When a task queue is full should the waiting tasks be discarded and replaced with the most recent
      runtime.realTimeTimer.flushTaskQueueOnReject=false
      
      #Maximum counts to wait to terminate the thread pool's tasks that are running or queued to run
      # each count is 1 second.  So the default of 60 = 1 minute.  Note that the medium and low
      # timeout happens first and then the remaining time is spent waiting of the high priority tasks.
      # So by setting both to the same value will result in waiting only as long as that value.
      runtime.shutdown.medLowTimeout=60
      runtime.shutdown.highTimeout=60
      
      

      And here's the core env.properties file

      #    Copyright (C) 2014 Infinite Automation Systems Inc. All rights reserved.
      #    @author Matthew Lohbihler
      
      ###############################################################################
      # TO OVERRIDE VALUES IN THIS FILE...
      #
      # Do not change the values in this file, because when you upgrade your core 
      # your changes will be overwritten. Instead, create a new file called 
      # <MA_HOME>/overrides/properties/env.properties and override properties 
      # there. The overrides directory will never be overwritten by an upgrade, so 
      # your customizations will be safe.
      # 
      ###############################################################################
      
      # The port at which Mango Automation will listen for browser connections
      web.port=8080
      # The host interface to which Mango Automation will bind and listen for new connections
      #  0.0.0.0 is the special interface that will force a bind to all available interfaces
      web.host=0.0.0.0
      
      # Should Mango Automation open (if possible) a browser window when it starts up?
      web.openBrowserOnStartup=true
      
      # Web caching settings
      
      # disable caching
      web.cache.noStore=false
      web.cache.noStore.rest=true
      web.cache.noStore.resources=false
      
      # set max age of cached files in seconds, only if noStore=false
      # versioned resources are those with ?v=xxx on the query string
      web.cache.maxAge=0
      web.cache.maxAge.rest=0
      web.cache.maxAge.resources=86400
      web.cache.maxAge.versionedResources=31536000
      
      #Upload file size limit (bytes) -1 means no limit
      web.fileUpload.maxSize=250000000
      
      # Set this to true if you are running Mango behind a reverse proxy that sends "Forwarded" or "X-Forwarded-*" headers.
      # This includes accessing Mango via Cloud Connect module. By default only requests from localhost are trusted.
      web.forwardedHeaders.enabled=true
      # Set a comma separated list of IP ranges from which to trust Forwarded headers
      web.forwardedHeaders.trustedIpRanges=127.0.0.0/8,::1
      
      # Default database settings, NOTE that on windows this must be an absolute path
      db.type=h2
      db.url=jdbc:h2:${ma.home}/databases/mah2
      db.username=
      db.password=
      #For web console
      db.web.start=false
      db.web.port=8091
      #to compact the database size at shutdown (may take longer but will free up disk space)
      db.h2.shutdownCompact=false
      
      #General Database Settings
      db.pool.maxActive=100
      db.pool.maxIdle=10
      db.update.log.dir=${ma.home}/logs/
      
      # setting to show query times in the logs as INFO
      db.useMetrics=false
      # if set, will only log slow queries, above this threshold in ms. Will be logged at WARN level instead of INFO
      db.metricsThreshold=100
      
      #--The following database properties are for RQL REST queries and can be changed during runtime and will be picked up at most in 5s--
      #Force the use of indexes (Experimental and only on MySQL so far)
      db.forceUseIndex=true
      #Tell the jdbc driver to fetch this many rows at a time, useful over network connected dbs (Not MySQL)
      # negative values will force use jdbc driver default
      db.fetchSize=-1
      #Tell the database to not return the entire result set (or fetch blocks) but to return row by row
      # can slow down performance on network systems but reduce memory footprint for large queries
      db.stream=false
      #-- End auto-reloading Database Properties --
      
      # MySQL database settings. Your MySQL instance must already be running and configured before this can be used.
      #db.type=mysql
      #db.url=jdbc:mysql://localhost/<your mysql schema name>
      #db.username=<your mysql username>
      #db.password=<your mysql password>
      #db.mysqldump=<location/command for mysqldump executable for backups>
      #db.mysql=<location/command for mysql executable for restore>
      
      # Database settings for conversion. If the db.* settings point to a new database instance, and the convert type setting
      # is set, Mango Automation will attempt to convert from the convert.db.* settings to the db.* settings
      # Note that database conversions should not be performed in the same step as an upgrade. First upgrade, then convert.
      convert.db.type=
      convert.db.url=${convert.db.url}
      convert.db.username=${convert.db.username}
      convert.db.password=${convert.db.password}
      
      #Set the base path for where the NoSQL data will be stored
      db.nosql.location=${ma.home}/databases/
      #Set the folder name of the point value store
      db.nosql.pointValueStoreName=mangoTSDB
      #Set the number of files the database can have open at one time
      db.nosql.maxOpenFiles=500
      #Time after which a shard will be closed
      db.nosql.shardStalePeriod=36000000
      #Period to check for stale shards
      db.nosql.flushInterval=300000
      #Query Performance Tuning, File Access Type: Available[INPUT_STREAM,FILE_CHANNEL,RANDOM_ACCESS_FILE,MAPPED_BYTE_BUFFER]
      db.nosql.shardStreamType=MAPPED_BYTE_BUFFER
      #Setting to speed up NoSQL queries at the expense of a small increase in disk usage
      db.nosql.reversible=true
      #Setting this will convert your existing point value store [NONE, REVERSIBLE, UNREVERSIBLE]
      db.nosql.convert=NONE
      #Number of concurrent threads to use to convert the database
      db.nosql.convertThreads=4
      #Run the corruption scan if the db is marked dirty
      db.nosql.runCorruptionOnStartupIfDirty=false
      
      #Password encryption scheme [BCRYPT, SHA-1, NONE]
      #Legacy is SHA-1, 2.8+ BCRYPT
      #security.hashAlgorithm=BCRYPT
      
      # The location of the Mango Automation store from which to get license files.
      store.url=https://store.infiniteautomation.com
      
      # SSL control
      
      # *** NOTE ***
      # You can generate a self-signed certificate for testing using the following command
      # keytool -genkey -keyalg RSA -alias mango -keystore /location/to/keystore/file.jks -validity 365 -keysize 2048
      
      # Enter keystore password: {type your keystore password <ENTER>}
      # Re-enter new password: {type your keystore password <ENTER>}
      # What is your first and last name?
      #   [Unknown]: {the hostname mango is running on e.g. mymangotest.com OR localhost <ENTER>}
      # What is the name of your organizational unit?
      #   [Unknown]: {e.g. Mango testing <ENTER>}
      # What is the name of your organization?
      #   [Unknown]: {e.g. Infinite Automation Systems Inc. <ENTER>}
      # What is the name of your City or Locality?
      #   [Unknown]: {e.g. Erie <ENTER>}
      # What is the name of your State or Province?
      #   [Unknown]: {e.g. Colorado <ENTER>}
      # What is the two-letter country code for this unit?
      #   [Unknown]: {e.g. US <ENTER>}
      # Is CN=localhost, OU=Development, O=Infinite Automation Systems Inc., L=Erie, ST=Colorado, C=US correct?
      #   [no]:  {type yes <ENTER>}
      # 
      # Enter key password for <mango>
      #         (RETURN if same as keystore password): {type your key password or just press <ENTER>}
      
      # Note: Enabling SSL also turns on HSTS which may not be desirable, see below
      ssl.on=false
      ssl.port=8443
      ssl.keystore.watchFile=true
      ssl.keystore.location=overrides/keystore.p12
      ssl.keystore.password=freetextpassword
      # If they key password is commented out, it is assumed to be the same as the keystore password
      #ssl.key.password=
      #Time socket can be idle before being closed (ms)
      ssl.socketIdleTimeout=70000
      
      #Enable ALPN (Application-Layer Protocol Negotiation) for HTTP/2
      # on current browsers HTTP/2 is only available for TLS/SSL connections.
      # Note that with this setting you must also have the ALPN script extension enabled for Mango to start on pre Java 10.
      # (Adds -javaagent:${MA_HOME}/boot/jetty-alpn-agent.jar to the java options)
      # If you are running on Java 10+ this library is not required and will actually cause problems, so make sure you don't use that extension.
      ssl.alpn.on=true
      #Show debug output for alpn connections in log
      ssl.alpn.debug=false
      
      # Configure HSTS (HTTP Strict Transport Security)
      # Enabled by default when ssl.on=true
      # Sets the Strict-Transport-Security header, web browsers will always connect using HTTPS when they
      # see this header and they will cache the result for max-age seconds
      ssl.hsts.enabled=true
      ssl.hsts.maxAge=31536000
      ssl.hsts.includeSubDomains=false
      
      # System time zone. Leave blank to use default VM time zone.
      timezone=
      
      #Rest API Configuration
      rest.enabled=true
      
      #Enable to make JSON More readable
      rest.indentJSON=false
      #Cross Origin Request Handling
      rest.cors.enabled=false
      rest.cors.allowedOrigins=
      rest.cors.allowedMethods=PUT,POST,GET,OPTIONS,DELETE,HEAD
      rest.cors.allowedHeaders=content-type,x-requested-with,authorization
      rest.cors.exposedHeaders=
      rest.cors.allowCredentials=false
      rest.cors.maxAge=3600
      # disable browser redirects
      rest.disableErrorRedirects=false
      # enable test endpoints
      rest.testMode=false
      
      # Limits the rate at which an unauthenticated IP address can access the REST API
      # Defaults to an initial 10 request burst then 2 requests per 1 second thereafter
      rateLimit.rest.anonymous.enabled=true
      rateLimit.rest.anonymous.burstQuantity=40
      rateLimit.rest.anonymous.quanitity=5
      rateLimit.rest.anonymous.period=1
      rateLimit.rest.anonymous.periodUnit=SECONDS
      
      # Limits the rate at which an authenticated user can access the REST API
      # Disabled by default
      rateLimit.rest.user.enabled=false
      rateLimit.rest.user.burstQuantity=20
      rateLimit.rest.user.quanitity=10
      rateLimit.rest.user.period=1
      rateLimit.rest.user.periodUnit=SECONDS
      
      # Limits the rate at which authentication attempts can occur by an IP address
      # Defaults to an initial 5 attempt burst then 1 attempt per 1 minute thereafter
      rateLimit.authentication.ip.enabled=true
      rateLimit.authentication.ip.burstQuantity=5
      rateLimit.authentication.ip.quanitity=1
      rateLimit.authentication.ip.period=1
      rateLimit.authentication.ip.periodUnit=MINUTES
      
      # Limits the rate at which authentication attempts can occur against a username
      # Defaults to an initial 5 attempt burst then 1 attempt per 1 minute thereafter
      rateLimit.authentication.user.enabled=true
      rateLimit.authentication.user.burstQuantity=5
      rateLimit.authentication.user.quanitity=1
      rateLimit.authentication.user.period=1
      rateLimit.authentication.user.periodUnit=MINUTES
      
      #For rest API Documentation at /swagger-ui.html
      swagger.enabled=false
      #path to api-docs for swagger tools, will be appended to base REST api version URL i.e. /rest/v1/
      springfox.documentation.swagger.v2.path=/swagger/v2/api-docs
      # Require authentication to access Swagger API documentation.
      # If you set this to false then you can use an authentication token (generated on the Mango Users page) from the swagger UI instead.
      # To use, enter: Bearer <space> <token value> into the Authorize value input in the swagger ui
      swagger.apidocs.protected=true
      
      #Distributor Settings
      distributor=IA
      
      #Jetty Thread Pool Tuning
      # Time a thread must be idle before killing to keep pool size at minimum
      web.threads.msIdleTimeout=30000
      # Number of threads allowed to be created to handle incoming requests as needed (defaults to 10x number of processors, or 200, whichever is greater)
      web.threads.maximum=
      # Number of threads to keep around to handle incoming connections (defaults to max threads, or 8, whichever is lesser)
      web.threads.minimum=
      # Number of Requests To queue if all threads are busy (defaults 1280)
      web.requests.queueSize=
      # Ping timeout for response from browser
      web.websocket.pingTimeoutMs=10000
      #Time socket can be idle before being closed (ms)
      web.socketIdleTimeout=70000
      
      #Jetty QoS filter settings 
      # https://www.eclipse.org/jetty/documentation/current/qos-filter.html
      # Filter enabled setting
      web.qos.enabled=false
      #The maximum number of requests to be serviced at a time. The default is 10.
      web.qos.maxRequests=10
      #The length of time, in milliseconds, to wait while trying to accept a new request. Used when the maxRequests limit is reached. Default is 50 ms
      web.qos.waitMs=50
      #Length of time, in milliseconds, that the request will be suspended if it is not accepted immediately. If set to -1, the container default timeout applies. Default is 30000 ms.
      web.qos.suspendMs=30000
      
      #Jetty DoS filter settings 
      # https://www.eclipse.org/jetty/documentation/current/dos-filter.html
      # Filter enabled setting
      web.dos.enabled=false
      #Maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled. Default is 25.
      web.dos.maxRequestsPerSec=75
      #Delay imposed on all requests over the rate limit, before they are considered at all
      #  100ms default, -1 = Reject request, 0 = no delay, any other value is delay in ms
      web.dos.delayMs=100
      #Length of time, in ms, to blocking wait for the throttle semaphore. Default is 50 ms.
      web.dos.maxWaitMs=50
      #Number of requests over the rate limit able to be considered at once. Default is 5.
      web.dos.throttledRequests=5
      #Length of time, in ms, to async wait for semaphore. Default is 30000.
      web.dos.throttleMs=30000
      #Length of time to let the request run, default is 30000 (Keep above 60s for DWR Long Poll to work in legacy UI) 
      web.dos.maxRequestMs=120000
      #Length of time, in ms, to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it. Default is 30000.
      web.dos.maxIdleTrackerMs=30000
      #If true, insert the DoSFilter headers into the response. Defaults to true.
      web.dos.insertHeaders=true
      #If true, usage rate is tracked by session if a session exists. Defaults to true.
      web.dos.trackSessions=true
      #If true and session tracking is not used, then rate is tracked by IP and port (effectively connection). Defaults to false.
      web.dos.remotePort=false
      #A comma-separated list of IP addresses that will not be rate limited.
      # Note: These are actual client IPs when behind a proxy server if you configure web.forwardedHeaders.trustedIpRanges to trust your proxy's IP
      web.dos.ipWhitelist=
      
      #Jetty Low Resource Management (Used to attempt to free resources when under heavy load)
      # https://www.eclipse.org/jetty/documentation/current/limit-load.html
      web.lowResource.enabled=false
      # Period in ms to check for a low resource condition, default 10000
      web.lowResource.checkPeriod=10000
      # In low resource condition all existing connection idle timeouts are set to this value, default 1000
      web.lowResource.lowResourcesIdleTimeout=1000
      # check connectors executors to see if their ThreadPool instances that are low on threads, default true
      web.lowResource.monitorThreads=true
      # The maximum memory in bytes that Java is allowed to use before the low resource condition is triggered.
      # If left empty, the default is 90% of the maximum memory the JVM is configured to use.
      # Set to 0 to disable the memory usage checks.
      web.lowResource.maxMemory=
      # The time in milliseconds that a low resource state can persist before the low resource idle timeout is reapplied to all connections, default 5000
      web.lowResource.maxLowResourceTime=5000
      # If false, new connections are not accepted while in low resources
      web.lowResource.acceptingInLowResources=true
      
      # Maximum number of allowed connections, defaults to 0 (disabled)
      web.connectionLimit=0
      
      # Jetty JSP servlet configuration (init parameters)
      # See for descriptions
      # https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-webapp/src/main/config/etc/webdefault.xml
      web.jsp.development=true
      web.jsp.genStringsAsCharArray=true
      web.jsp.trimSpaces=false
      web.jsp.classdebuginfo=false
      web.jsp.supressSmap=true
      web.jsp.compilerClassName=org.apache.jasper.compiler.JDTCompiler
      web.jsp.compiler=modern
      web.jsp.fork=false
      web.jsp.keepgenerated=true
      web.jsp.modificationTestInterval=4
      
      # Jetty default servlet configuration (init parameters)
      # See for descriptions
      # https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-webapp/src/main/config/etc/webdefault.xml
      web.defaultServlet.dirAllowed=false
      web.defaultServlet.maxCacheSize=256000000
      web.defaultServlet.maxCachedFileSize=200000000
      web.defaultServlet.maxCachedFiles=2048
      web.defaultServlet.etags=false
      # defaults to false for Windows, defaults to true for all other OS
      # see https://www.eclipse.org/jetty/documentation/current/troubleshooting-locked-files-on-windows.html
      #web.defaultServlet.useFileMappedBuffer=true
      
      #iFrame Header Control iFrame Header Control 'X-Frame-Options' (case sensitive options)
      # SAMEORIGIN - Only allow Mango to embed i-frames when the requesting page was loaded from the Mango domain
      # DENY - Do not allow at all
      # ANY - Do not even use the header at all 
      # One specific domain name can be supplied so that the header becomes: ALLOW-FROM http://foo.bar.com 
      web.security.iFrameAccess=SAMEORIGIN
      
      #Follow symbolic links when serving files from Jetty
      web.security.followSymlinks=true
      
      # Content Security Policy settings, please see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
      # The reasons for the default policy are outlined below
      # style-src 'unsafe-inline' - inline styles are used by AngularJS Material for the dynamic theming
      # script-src 'unsafe-eval' - needed by Fabric.js used in amCharts for drawing on charts, also gives AngularJS a 30% performance boost
      # connect-src ws: wss: - necessary as 'self' does not permit connections to websockets on the same origin, this should be configured to restrict it to your server's actual hostname
      # img-src data: - allows for small base64 encoded images to be embedded inline into the html
      # img-src/script-src https://www.google-analytics.com - allows for enabling Google analytics (not enabled by default, must be manually enabled by admin via UI Settings page)
      # img-src/script-src https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com - allows for using the Google maps component
      # style-src/font-src https://fonts.googleapis.com https://fonts.gstatic.com - allows for using Google fonts in dashboards
      web.security.contentSecurityPolicy.enabled=false
      web.security.contentSecurityPolicy.reportOnly=false
      web.security.contentSecurityPolicy.defaultSrc='self'
      web.security.contentSecurityPolicy.scriptSrc='self' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com
      web.security.contentSecurityPolicy.styleSrc='self' 'unsafe-inline' https://fonts.googleapis.com
      web.security.contentSecurityPolicy.connectSrc='self' ws: wss:
      web.security.contentSecurityPolicy.imgSrc='self' data: https://maps.google.com https://maps.gstatic.com https://www.google-analytics.com
      web.security.contentSecurityPolicy.fontSrc='self' https://fonts.gstatic.com
      web.security.contentSecurityPolicy.mediaSrc=
      web.security.contentSecurityPolicy.objectSrc=
      web.security.contentSecurityPolicy.frameSrc=
      web.security.contentSecurityPolicy.workerSrc=
      web.security.contentSecurityPolicy.manifestSrc=
      web.security.contentSecurityPolicy.other=
      
      # script-src 'unsafe-inline' - inline scripts are used extensively throughout the Mango legacy UI
      # script-src 'unsafe-eval' - The Dojo JS library uses eval()
      # style-src 'unsafe-inline' - inline styles are used throughout the Mango legacy UI
      # connect-src ws: wss: - necessary as 'self' does not permit connections to websockets on the same origin, this should be configured to restrict it to your server's actual hostname
      # img-src data: - allows for small base64 encoded images to be embedded inline into the html
      # img-src/script-src https://www.google-analytics.com - allows for enabling Google analytics
      web.security.contentSecurityPolicy.legacyUi.enabled=false
      web.security.contentSecurityPolicy.legacyUi.reportOnly=false
      web.security.contentSecurityPolicy.legacyUi.defaultSrc='self'
      web.security.contentSecurityPolicy.legacyUi.scriptSrc='self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com
      web.security.contentSecurityPolicy.legacyUi.styleSrc='self' 'unsafe-inline'
      web.security.contentSecurityPolicy.legacyUi.connectSrc='self' ws: wss:
      web.security.contentSecurityPolicy.legacyUi.imgSrc='self' data: https://www.google-analytics.com
      web.security.contentSecurityPolicy.legacyUi.fontSrc=
      web.security.contentSecurityPolicy.legacyUi.mediaSrc=
      web.security.contentSecurityPolicy.legacyUi.objectSrc=
      web.security.contentSecurityPolicy.legacyUi.frameSrc=
      web.security.contentSecurityPolicy.legacyUi.workerSrc=
      web.security.contentSecurityPolicy.legacyUi.manifestSrc=
      web.security.contentSecurityPolicy.legacyUi.other=
      
      #Regex used to match serial ports so they show up in the menu
      serial.port.linux.regex=((cu|ttyS|ttyUSB|ttyACM|ttyAMA|rfcomm|ttyO|COM)[0-9]{1,3}|rs(232|485)-[0-9])
      serial.port.linux.path=/dev/
      serial.port.windows.regex=
      serial.port.windows.path=
      serial.port.osx.path=/dev/
      serial.port.osx.regex=(cu|tty)..*
      #Number of bytes read events to queue up before discarding
      serial.port.eventQueueSize=10000
      #Rate at which to poll the serial port for new data in Linux (Windows uses interrupts)
      serial.port.linux.readPeriods=100
      serial.port.linux.readPeriodType=NANOSECONDS
      
      #Start data sources in parallel threads
      runtime.datasource.startupThreads=8
      #Log startup times for runtime manager
      runtime.datasource.logStartupMetrics=true
      #Log number of aborted polls for a polling data source this often at a minimum (only logged after next aborted poll past this time)
      runtime.datasource.pollAbortedLogFrequency=3600000
      
      #Report Javascript Execution Times at INFO Level logging
      # add this to log4j.xml   <category name="org.perf4j.TimingLogger"><level value="info"/></category>
      runtime.javascript.metrics=false
      
      #Default task queue size for the Real Time Timer, should multiple tasks of the same type be queued up?
      # Tasks are rejected from a full queue, a size of 0 means reject multiple instances of the same task
      runtime.realTimeTimer.defaultTaskQueueSize=0
      #When a task queue is full should the waiting tasks be discarded and replaced with the most recent
      runtime.realTimeTimer.flushTaskQueueOnReject=false
      #Delay (in ms) to wait to rate limit task rejection log messages so they don't fill up logs and use too much cpu doing it
      runtime.taskRejectionLogPeriod=10000
      #Maximum counts to wait to terminate the thread pool's tasks that are running or queued to run
      # each count is 1 second.  So the default of 60 = 1 minute.  Note that the medium and low
      # timeout happens first and then the remaining time is spent waiting of the high priority tasks.
      # So by setting both to the same value will result in waiting only as long as that value.
      runtime.shutdown.medLowTimeout=60
      runtime.shutdown.highTimeout=60
      
      # Set the location of the file stores, (relative to $MA_HOME if not absolute)
      # If not set, the location is $MA_HOME/filestore
      filestore.location=filestore
      
      # Set the location of the modules data directory, (relative to $MA_HOME if not absolute)
      # If not set, the location is $MA_HOME/data
      moduleData.location=data
      
      # HTTP session (authentication) cookie name and domain name settings.
      #
      # Use the Mango GUID as the session cookie name
      sessionCookie.useGuid=true
      # name takes precedence over useGuid if set
      sessionCookie.name=
      # Set the domain name that the cookie is valid for, can be used to make the session login valid for subdomains too.
      # If left blank the session cookie can only be used for the domain that you login at.
      sessionCookie.domain=
      
      # Controls the poll period for collecting internal metrics
      internal.monitor.pollPeriod=10000
      # Controls the poll period for collecting disk usage
      internal.monitor.diskUsage.pollPeriod=1200000
      # Should MA_HOME and each file store directory be monitored individually in addition to the partitions?
      internal.monitor.diskUsage.monitorDirectories=false
      
      1 Reply Last reply Reply Quote 0
      • MattFoxM
        MattFox
        last edited by MattFox

        Is your client running on port 80?
        Looking at that, the server will connect on the same port it's set up on. Also note your ssh settings as well. since ES units run on port 2222, you'd have to configure port forwarding if you're coming in from port 22.

        Do not follow where the path may lead; go instead where there is no path.
        And leave a trail - Muriel Strode

        C 1 Reply Last reply Reply Quote 0
        • CraigWebC
          CraigWeb
          last edited by

          Hi @cmason

          Have you set up a wildcard DNS record for *.subdomain.hostname?
          Is your Certificate a wildcard certificate?

          The proxy basically routes guid.subdomain.domain -> localhost:"client web port" . I have never seen this before where you get a guid.mangoHTS### URL. Probably cause it's not common to set up an HTS as the CC server.
          Please go to administration --> system settings -> ES configuration and change the hostname to your public hostname. I believe that will fix the URL issue.

          C 1 Reply Last reply Reply Quote 0
          • C
            cmason @MattFox
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • CraigWebC
              CraigWeb
              last edited by

              @mattfox said in Cloud Connect Help:

              settings as well. since ES units run on port 2222, you'd have to configure port forwarding if yo

              The reverse proxy will setup port forwarding for both web and ssh ports so that you will be able to access both from your CC server. You will not need to setup port forwarding on the mangoHTS side.

              If you want to ssh into your mangoHTS you will ssh into the CC server and then run the following cmd:
              ssh -p 37001 mango@localhost the CC server will route that to the mangoHTS on the reverse proxy connection.

              1 Reply Last reply Reply Quote 0
              • MattFoxM
                MattFox
                last edited by

                0_1598424208231_1f8d31a7-83ce-43cb-ab87-aaf6993e9c17-image.png
                Was what i was referring to

                Do not follow where the path may lead; go instead where there is no path.
                And leave a trail - Muriel Strode

                1 Reply Last reply Reply Quote 0
                • C
                  cmason @CraigWeb
                  last edited by

                  The proxy basically routes guid.subdomain.domain -> localhost:"client web port" . I have never seen this before where you get a guid.mangoHTS### URL. Probably cause it's not common to set up an HTS as the CC server.
                  Please go to administration --> system settings -> ES configuration and change the hostname to your public hostname. I believe that will fix the URL issue.

                  Yes this did fix the issue of the url that was given to the new window.

                  The new windows now opens up with 'GUID.subdomain.domain'

                  However I've got a new problem. The window just opens and directs straight into the servers UI from where I just came from. Basically just loops it around on itself.

                  Have you set up a wildcard DNS record for *.subdomain.hostname?

                  Not technically but the subdomain.domain is resolving to the domain. the subdomain part is really so the reverse proxy can identify it.

                  Is your Certificate a wildcard certificate?

                  Yes

                  1 Reply Last reply Reply Quote 0
                  • CraigWebC
                    CraigWeb
                    last edited by

                    I suggest trying to get it working without the complexity of your reverse proxy first.

                    You will need a wildcard DNS record that resolves to your MangoHTS server.

                    Basically, when you open the link the traffic will go as below
                    GUID.subdomain.domain --> "CC server"-->.localhost:37000-->MangoHTS:8080

                    C 1 Reply Last reply Reply Quote 0
                    • C
                      cmason @CraigWeb
                      last edited by

                      @craigweb said in Cloud Connect Help:

                      I suggest trying to get it working without the complexity of your reverse proxy first.

                      Ok I'll try that out. What's the recommended way to secure the connections then between the mango and the internet? The main reason I was using the reverse proxy was for security.

                      @MattFox Are you using cloud connect with the reverse proxy? If so is that using apache on the same machine as your mango like I've seen you describe in some of the other threads?

                      CraigWebC 1 Reply Last reply Reply Quote 0
                      • MattFoxM
                        MattFox
                        last edited by

                        Ive just dropped apache in favour of Nginx because it has better support for proxy headers.
                        Happy to help you with that.
                        In the meantime we can focus on plain http with the mango running on port 8080 then using the proxy engine to handle all requests and merely serve them to mango.
                        Im going to bed now so Ill assist with that tomorrow. In fact I think Ill write a tutorial...

                        Fox

                        Do not follow where the path may lead; go instead where there is no path.
                        And leave a trail - Muriel Strode

                        C 1 Reply Last reply Reply Quote 0
                        • CraigWebC
                          CraigWeb @cmason
                          last edited by

                          @cmason
                          Mount your certificate on the mango web server so all HTTP traffic is encrypted.
                          Mango webserver has a rate limiter on unauthorized API requests.
                          CC server uses ssh so those sockets are all encrypted.
                          The persistent data source/publisher uses encryption as well. you can choose the size of the shared key.
                          Use a firewall to block all unused ports.

                          I may be wrong but how I don't see how the reverse proxy will make it more secure.

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmason @MattFox
                            last edited by

                            @MattFox @CraigWeb

                            Thanks Guys. I followed what you guys said and stripped it all back to the basics and got it working without the proxy. Funnily enough though It worked with HTTPS 'ssl.on=true' (self signed on the mango) but HTTP was having issues.
                            Anyway I enabled set 'ssl.on=true' on the server and got it all working.

                            Then I moved it all back behind the reverse proxy, and so far it all seems to be working fine.
                            The only difference this time is the ssl.on = true.

                            I may be wrong but how I don't see how the reverse proxy will make it more secure

                            Yeah I mainly did this because I'm using a Synology NAS as the reverse proxy, it has nginx built in. Having this take care of the certificates and the auto renewals etc seemed a lot more straight forward then getting it to work on the mango with the java keystore etc. Perhaps a feature to add for Mango 4? haha.

                            I'll see how this goes and keep you posted.

                            Bearing in mind that the ports 9005 for cloud connect and the ports I've opened for the PTCP publishers get forwarded straight to the mango itself. I haven't got them going through the reverse proxy. Are the HTTP/S payloads?

                            1 Reply Last reply Reply Quote 0
                            • CraigWebC
                              CraigWeb
                              last edited by

                              Awesome!
                              They are not HTTP payloads.
                              I use let's encrypt and certbot to handle certificate renewals. There is a script in mango that can be run after the cert is renewed that will move the certificate into the keystore and replace the old cert. /mango/bin/certbot-deploy.sh
                              You may want to look at that.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post