The following configuration items are determined initially populated by the JOC Cockpit installer or and can be modified by a user later on.
JOC Cockpit makes use of the joc.properties configuration file that is populated by installation options. This file can be found by default in the following locations:
- Linux: /var/sos-berlin.com/js7/joc/resources/joc/joc.properties
- Windows: C:\ProgramData\sos-berlin.com\js7\joc\resources\joc\joc.properties
- The location of this file is indicated below as JETTY_BASE/resources/joc/joc.properties.
The Jetty Servlet Container that ships with JOC Cockpit makes use of the following configuration file:
- Linux: /var/sos-berlin.com/js7/joc/start.ini
- Windows: C:\ProgramData\sos-berlin.com\js7\joc\start.ini
- The location of this file is indicated below as JETTY_BASE/start.ini
Restart the JOC Cockpit instance to apply changes to the JOC Cockpit or Jetty configuration files.
For See the JS7 - Settings article for run-time settings that do not require a restart of the JOC Cockpit see JS7 - Settings.

JOC Cockpit

Installation Options

...

Code Block

language	text
title	Example for JOC Cockpit installation options: joc.properties
linenumbers	true
collapse	true

################################################################################
### If JOC Cockpit is used in a cluster then type a title to identify which node
### is currently used. Further type an ordering (Primary <= 0, Backup > 0) for
### the display order in JOC's dashboard

title = PRIMARY JOC COCKPIT
ordering = 0


################################################################################
### Path to log4j configuration file. Path can be absolute or relative
### to this file.

log4j.configuration = log4j2.xml


################################################################################
### Path to hibernate configuration file of JOC's database.
### Path can be absolute or relative to this file.

hibernate_configuration_file = hibernate.cfg.xml


################################################################################
### The time (in seconds) to establish the connection with the
### remote host. Default = 2

jobscheduler_connection_timeout = 2


################################################################################
### The time (in seconds) waiting for data after the connection
### washas been established; maximum time of inactivity between two data packets.
### Default = 5

jobscheduler_socket_timeout = 5


################################################################################
### Should hostname verification be carried out for https certificatecertificates.
### Default false

https_with_hostname_verification = true


################################################################################
### Location, type and password of the Java truststore which contains the
### HTTPS connection certificates offor each JobScheduler Controller for HTTPS connections.
### The path is relative to JETTY_BASE/resources/joc.

# keystore_path = https-keystore.p12
# keystore_type = PKCS12
# keystore_password = jobscheduler
# key_password = jobscheduler

# truststore_path = https-truststore.p12
# truststore_type = PKCS12
# truststore_password = jobscheduler


################################################################################
### JOC Cockpit requires toconfiguration configureof a security level for the
### signing mechanism,: options "high", "medium" and "low".
### high:
###      public PGP/X.509 keys are stored for verification only
###      all signing will be done externally outside of JOC Cockpit
### medium:
###      a private PGP/X.509 key will be stored for signing
###      signing will be done automatically with the provided key
### low:
###      no keys will be stored
###      signing will be done internally with default keys
###
### This flag controls the security level used. Default low

security_level = low


################################################################################
### Settings for a custom logo file on the login page
### The logo file has to be located in ./jetty_base/webapps/root/ext/images
### Possible units for height are according to
### https://www.w3schools.com/cssref/css_units.asp (default px)
### Possible values for the position are "top" or "bottom" (default=bottom).

custom_logo_name =
custom_logo_height =
custom_logo_position =


################################################################################
### Normally, the user permissions control ifwhether a view such as dashboard,
### workflows, etc. are shown or hidden. Here you can force to show (=true) or
### hide (=false) a view independentindependently of the permissions. If the value is unequal
### true or false then the permissions win.

show_view_dashboard =
show_view_monitor =
show_view_dailyplan =
show_view_workflows =
show_view_filetransfers =
show_view_resources =
show_view_history =
show_view_auditlog =
show_view_configuration =

...

Setting	Sample Value	Explanation
`log4j.configuration`	`log4j2.xml`	Specifies the file name of the log4j2 configuration file to be used. This file is expected with in the configuration folder `./resources/joc`

...

Setting	Sample Value	Explanation
`https_with_hostname_verification`	`true`	Specifies if hostname verification should be performed for HTTPS connections. It is strictly recommended to enable that this setting is enabled.
`keystore_path`	`https-keystore.p12`	The keystore includes the private key and server certificate created for outgoing connections to Controllers that request mutual authentication (Client Authentication). If separate certificates should be used for both purposes then consider to store storing the Client Authentication certificate in the client keystore, see below. The path is specified relative to the `JETTY_BASE/resources/joc` directory.
`keystore_type`	`PKCS12`	The keystore types PKCS12 and JKS are supported.
`keystore_password`	`jobscheduler`	The keystore is protected by a password.
`key_password`	`jobscheduler`	The private keys in the keystore are protected by a password. Note that for PKCS12 keystores the same password applies to all keys.
`truststore_path`	`https-truststore.p12`	The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to Controllers. The path is specified relative to the `JETTY_BASE/resources/joc` directory.
`truststore_type`	`PKCS12`	The truststore types PKCS12 and JKS are supported.
`truststore_password`	`jobscheduler`	The truststore is protected by a password.

...

Setting Sample Value Explanation

security_level

low

JOC Cockpit is installed for a security level used for signing of deployable objects such as workflows, see JS7 - Deployment of Scheduling Objects:

high
- certificates / public keys are stored for verification purposes
- signing is performed externally, outside of JOC Cockpit
medium
- an individual private key per account is stored for signing purposes
- signing is performed automatically with the provided key
low
- a single private keys is stored for signing purposes with any accounts
- signing is performed automatically with keys of the default profile account being applied

Note: Changes to the above setting are ignored. Instead, the above setting is applied by the installer for informational purposes only.
To modify the security level of JOC Cockpit re-run the installer and select the respective installation option.
For details see see the JS7 - Security Architecture article.

Jetty Servlet Container

Installation Options

Technically any options for the Jetty Servlet Container can be used as available from the product. The below section is belowis focused on settings that are added by the JOC Cockpit installer or that preferably are modified by users after installation.

...

Setting	Required	Sample Value	Explanation
`jetty.http.host`	no	`myhost, 192.168.2.23`	Specifies the network interface by which for accessing the JOC Cockpit is accessible. A hostname or IP address can be specified. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces.
`jetty.http.port`	yes	`4446`	Specifies the port by which JOC Cockpit is accessible for HTTP connections, for example from a user browser.

...

Setting	Required	Sample Value	Explanation
`jetty.ssl.host`	no	`myhost`	Specifies the network interface by which interface for accessing the JOC Cockpit is accessible. A hostname can be specified that has to match the Common Name for which the JOC Cockpit Server Certificate has been created. If this setting is omitted then the default value 0.0.0.0 is applied that makes JOC Cockpit accessible by any available network interfaces.
`jetty.ssl.port`	yes	`4443`	Specifies the port by which JOC Cockpit is accessible for HTTPS connections, for example from a user browser.
`jetty.sslContext.keyStorePath`	yes	`resources/joc/https-keystore.p12`	The keystore includes the private key and server certificate created for incoming HTTPS connections to JOC Cockpit (Server Authentication), for example from user browsers. The path is specified relative to the `JETTY_BASE` directory.
`jetty.sslContext.keyStoreType`	no	`PKCS12`	The keystore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later.
`jetty.sslContext.keyStorePassword`	no	`jobscheduler`	The keystore is protected by a password.
`jetty.sslContext.keyManagerPassword`	no	`jobscheduler`	The private keys in the keystore are protected by a password. Note Note that for PKCS12 keystores the same password applies to all keys.
`jetty.sslContext.trustStorePath`	yes	`resources/joc/https-truststore.p12`	The truststore includes the public key or certificates for outgoing HTTPS connections (Server Authentication) to LDAP Servers. In addition, the truststore holds the public key or client certificate of clients for connecting to the JOC Cockpit with when mutual authentication being is in place, see JS7 - Certificate based Authentication. The path is specified relative to the `JETTY_BASE` directory.
`jetty.sslContext.trustStoreType`	no	`PKCS12`	The truststore types PKCS12 and JKS are supported. If this setting is omitted then the default value of Java is used which is JKS for Java 1.8 and PKCS12 for Java 9 and later.
`jetty.sslContext.trustStorePassword`	no	`jobscheduler`	The truststore is protected by a password.

...

Setting	Required	Sample Value	Explanation
`jetty.sslContext.needClientAuth`	yes	`false`	If set to `true` then a Client Certificate is required. If this setting is `false` and the `wantCientAuth` setting is `true` then users have the option for user account/password based authentication or certificate based authentication.
`jetty.sslContext.wantClientAuth`	yes	`true`	Specifies the port by at which the JOC Cockpit is accessible for can be accessed by HTTP connections, for example from a user browser.
`jetty.sslContext.endpointIdentificationAlgorithm`	yes		An empty setting is required due to a bug in Jetty 9.4, see https://github.com/eclipse/jetty.project/issues/3466. With later releases of Jetty that fix this bug this setting is not required.

Consider Note explanations from in the JS7 - Certificate based Authentication article.
For details see see the JS7 - JOC Cockpit HTTPS Connections article.

Space shortcuts

Page tree

Versions Compared

Old Version 16

New Version 17

Key

JOC Cockpit

Installation Options

Jetty Servlet Container

Installation Options

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 16

New Version 17

Key

JOC Cockpit

Installation Options

Jetty Servlet Container

Installation Options