Introduction
- HTTP Basic Authentication with passwords is a basic means to identify client and server in HTTP connections. However, as HTTP connections are not secure and forward passwords without transport encryption the passwords are visible in the network. It is therefore recommended to switch to HTTPS Server Authentication that implements transport encryption.
- Consider the communication scheme between JS7 components as explained from the JS7 - System Architecture:
- User browsers acting as http clients establish connections to JOC Cockpit as an http server.
- JOC Cockpit acting as an http client establishes connections to Controllers acting as http servers.
- Controllers acting as http clients establish connections to Agents acting as http servers.
Controller Configuration
Configuration File: controller.conf
Download: controller.conf
Explanation:
- The configuration file is located with the
sos-berlin.com/js7/controller/config
folder. - This configuration item is required to enable HTTP connections to a Controller.
Configuration File: private.conf
Download: private.conf
Explanation:
- The configuration file is located with the
sos-berlin.com/js7/controller/config/private
folder. - Consider that the above configuration has to be deployed to both Controller instances should a Controller Cluster be used.
- Find below explanations about configuration items from the above example relevant to Server Authentication with passwords.
Agent Configuration
Configuration File: agent.conf
Download: agent.conf
Explanation:
- The configuration file is located with the
sos-berlin.com/js7/agent/config_<port>
folder. - This configuration item is required to enable HTTP connections to a Controller.
Configuration File: private.conf
Download: private.conf
Explanation:
- The configuration file is located with the
sos-berlin.com/js7/agent/config_<port>/private
folder. - Consider that the above configuration has to be deployed to any Agent instances.
- The
js7.configuration.trusted-signature-keys
setting specifies directories that hold PGP public keys and X.509 certificates required by an Agent to verify the signatures of deployed objects such as workflows. - The
js7.job.execution
setting specifies that job scripts can be used that include shell code. If this setting is assigned thefalse
value or is omitted then jobs are limited to execute existing shell scripts from thesos-berlin.com/js7/agent/config_<port>/executables
folder. Some users of JS7 might consider it more secure to disallow job scripts to include shell commands and instead to limit jobs to execute existing scripts located in this folder.
Overview
Content Tools