Configuration

Webserver parameters

dirxhttp uses civetweb as a webserver. This server supports several advanced features. In dirxhttp, only the IPv6 and the server statistics features are enabled. All other advanced features, like Lua scripting, server side JavaScript execution and CGI are disabled.

Compile configuration

civetweb is compiled with the following compile flags:

  • NO_CGI

  • USE_SERVER_STATS

  • USE_IPV6

For the detailed description of compile parameters please visit https://github.com/civetweb/civetweb/blob/v1.15/docs/Building.md#setting-compile-flags

Configuration options

This section contains http related configuration parameters of the DirX-Directory embedded CivetWeb server dirxhttp. For example, listening ports, etc. The detailed description of those parameters can be found at https://github.com/civetweb/civetweb/blob/v1.15/docs/UserManual.md. From the complete list of civetweb parameters, only the following parameters were tested and supported:

  • listening_ports

  • request_timeout_ms

  • error_log_file

  • ssl_certificate

  • ssl_protocol_version

  • ssl_cipher_list

  • enable_auth_domain_check

  • num_threads

  • http_log_level

Custom HTTP parameters

http_log_level

Specifies whether detailed HTTP log should be written.

Set it to 1 to enable HTTP debug log and to 0 to disable it.

example: http_log_level 0

Parameters for REST API

This section contains the RESTful API related configuration parameters of the DirX-Directory embedded CivetWeb server dirxhttp. The parameters are parsed at startup only, so any change of these parameters in the configuration file will only be effective after restarting the dirxhttp server.
Some parameters (where it is stated at the parameter’s description) can be changed temporarily also during runtime via the GET /admin/config operation. This temporary change will only be valid until the next restart of the server.

ldap_host

Specifies the IP address of the LDAP server to be contacted.

example: ldap_host 127.0.0.1

ldap_port

Specifies the TCP port of the LDAP server to be contacted.

example: ldap_port 389

ldap_use_tls

Specifies if TLS should be used for LDAP connections.

Valid values are:
0 - do not use TLS (default)
1 - use TLS

example: ldap_use_tls 0

ldap_sec_level

Specifies how the server certificate is evaluated. It takes one of the following:

0 - LDAPSSL_AUTH_WEAK (default): indicates that you accept the server’s certificate without checking the CA who issued the certificate.
1 - LDAPSSL_AUTH_CERT: indicates that you accept the server’s certificate only if you trust the CA who issued the certificate.
2 - LDAPSSL_AUTH_CNCHECK: indicates that you accept the server’s certificate only if you trust the CA who issued the certificate and if the value of the cn attribute is the DNS hostname of the server.

example: ldap_sec_level 0

ldap_cert_file

Specifies the path to the database containing certificates for your client.

example: ldap_cert_file /home/dirx/http/conf/trusted_ca.pem

http_pki_pwdfile

Specifies the path to the PKI private key password file used for HTTPS traffic. This file will be encrypted on first use automatically.

example: http_pki_pwdfile /home/dirx/http/conf/http_pkcs12.pwd

restapi_log_level

Specifies the verbosity of logging. Possible values are in the range of 0-3. This parameter can be modified temporarily during runtime.

0 - Errors only
3 - Most verbose

example: restapi_log_level 2

restapi_log_state

Specifies the state of logging. This parameter can be modified temporarily during runtime.

Valid values are:
0 - Logging is switched off (default). Severe errors are still logged in this case.
1 - Logging is switched on according to the preset restapi_log_level.

example: restapi_log_state 0

restapi_log_dir

Specifies the path for the restapi log files. If this parameter is not given, the following default path will be used: <DIRX_INST_PATH>/http/log

example: restapi_log_dir /home/dirx/http/log

restapi_log_max_file_no

Specifies the maximum number of restapi log files. After this limit is reached, the previous log files will be overwritten in order of creation. The default value is 10.

example: restapi_log_max_file_size 20

restapi_log_max_file_size

Specifies the maximum size of a restapi log file in megabytes. The default value is 10.

example: restapi_log_max_file_size 20

restapi_adm_secret

Specifies the secret parameter which must be used in the GET /admin/config operations to check or temporarily modify the configuration parameter values.

example: restapi_adm_secret albeifiesoikdgdterwbsfcdpoil

restapi_adm_ip

Specifies the single IP address from where a GET /admin/config operation is accepted. If this parameter is not given, the mentioned admin operation is accepted from any source IP address.

example: restapi_adm_ip 127.0.0.1

restapi_aud_rec_max

Specifies the maximum number of audit records to be written in one single dirxhttp audit file. If the current file is full, a new one will be created.

example: restapi_aud_rec_max 100000

restapi_time_limit

Specifies the maximum time in seconds to wait for the results of the LDAP search. This parameter can be modified temporarily during runtime.

example: restapi_time_limit 60

restapi_size_limit

Specifies the maximum number of result entries to return in the search. This parameter can be modified temporarily during runtime.

example: restapi_size_limit 2048

ldap_con_max_idle_time

Specifies the maximum inactivity time of an LDAP connection after which it is no longer allowed to be used and will be closed by the cleanup thread. Value 0 means infinite idle time. The cleanup thread will check all active LDAP connections in the ldap_con_cleanup_cycle period and will close those connections (and remove their associated token) when unused for more than ldap_con_max_idle_time seconds.

example: ldap_con_max_idle_time 300

ldap_con_cleanup_cycle

Specifies the repetition interval (in seconds) of the LDAP connection cleanup thread. Value 0 means the LDAP connection cleanup thread is disabled.

example: ldap_con_cleanup_cycle 60