PortAssignment

PortAssignment configuration of communication service-related settings of the server allows to view and modify the settings of DirX Access Port assignment entries.

Description

Description of the configuration object

Port number

The definition of the port number.

External port number

The definition of external port number.

Use SSL/TLS

Whether or not the communication that is performed using this port is protected by SSL/TLS.

Use SSL/TLS on external port

Whether or not the communication that is performed using the external port is protected by SSL/TLS. If not specified, generic Use SSL/TLS value will be used.

Keystore Crypto Container identifier

The identifier of the crypto container to be used to establish SSL context (for 'KeyManagerFactory') on this port in case there is usage of SSL/TLS protocol.

Truststore Crypto Container identifier

The identifier of the crypto container to be used to establish SSL context (for 'TrustManagerFactory') on this port in case there is usage of SSL/TLS protocol. The keystore identifier is tried to be used instead in case truststore identifier is not set.

Require SSL client authentication

Level of SSL client authentication. The client authentication requirement for the SSL/TLS communication. Currently recognized values are:

  • None: the server does not ask the client for any certificate.

  • Optional: the server asks the client for the certificate, but if not provided, the connection is established anyway.

  • Mandatory: the server requests from the client a certificate that must be acceptable to the server for the connection to be established. For the ports with the 'For DirX Access Client' option enabled, the Mandatory value is highly recommended as requests received via these ports are granted the administrator-level permissions.

  • Allowed Values:

    • None

    • Optional

    • Mandatory

For DirX Access Client

Decision whether port assignment is used for DXA client purposes. Any request at the port with this field enabled is granted the administrator-level permissions.

Do verify proxy request resolution

Decision whether the resolution of the proxy requests should be done after verification of the client certificate as result from SSL handshake between proxy and Services container.

Proxy truststore identifier

The identifier of the proxy truststore to verify client certificate as result from SSL handshake between proxy and DirX Access Services container. It can be selected from items already configured.

Proxy truststore password

The password of the proxy truststore object.

Do client certificate from proxy request header resolution

Decision whether client certificate should be taken from proxy request header for X509 authentication purposes.

Enable SNI host check

If enabled, the host of the request must match a host in the list of DNS Names of the server’s Certificate Subject Alternative Name during SSL handshake. Requires restart to take effect.

Request cluster hostname resolution

Request resolution for the cluster hostname usage which defines how the incoming HTTP request hostname is resolved. Requires restart to take effect. Currently recognized values are:

  • None: the requests contain the protocol, hostname, and port originating from the Host header.

  • X-Forwarded headers based: the requests contain always the protocol, hostname, and port as sent, typically by the proxy, in the X-Forwarded headers (X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port, respectively).

  • Defined cluster hostname based: the requests contain the hostname as defined in the Cluster configuration object, and protocol and port from Port Assignment configuration as follows:

    • External port number is always used if provided, otherwise Port number is used.

    • Use SSL/TLS on external port is used if it’s set (checkbox is not in mixed state) AND External port number is provided. Otherwise, Use SSL/TLS is used.

  • Allowed Values:

    • None

    • X-Forwarded headers based

    • Defined cluster hostname based