> > | 3) Configuration will occur via modification to three files ( four I guess, but mostly three ). The three files are appx-client-settings.js (found in webhost.zip bundle), appxConnector.js, and appxMongoConnector.js (both found in serverConnector.zip bundle). A forth one is index.html/client.html if you modify those - I don't recommend it. And now that I think about it, you could go crazy and include a fifth --> the css file(s).
Encryption configuration occurs in all three of those .js files. There is coordination required among the parameters, flipping one parameter requires modification of another parameter at times.
Here are a few of the parameters from those three files that users may sometimes encounter a configuration error.
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "aes"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "3014"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "3015"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = true; // Are we using SSL for our connections?
-
const cryptoEnabled = false; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
Here are a few common scenarios and their values.
I want no reverse proxy, no encryption at all. ( Just a very simple configuration )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "none"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- // metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "3014"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "3015"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = false; // Are we using SSL for our connections?
-
const cryptoEnabled = false; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
I want no reverse proxy, AES encryption ( Don't want hassle of reverse proxy configuration. I want encryption, but don't want the hassle of SSL certificates )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "aes"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- // metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "3014"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "3015"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = false; // Are we using SSL for our connections?
-
const cryptoEnabled = true; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
I want no reverse proxy, SSL encryption ( Don't want hassle of reverse proxy configuration, but want the best encryption )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "ssl"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- // metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "3014"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "3015"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = true; // Are we using SSL for our connections?
-
const cryptoEnabled = false; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
I want a reverse proxy, no encryption al all. ( I want a Reverse Proxy because a reverse proxy often allows for a simpler firewall ruleset. Unfortunately, a reverse proxy requires configuration in your web server - Apache, Nginx, IIS. Keepin it simple regarding encryption. )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "none"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "80"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "80"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = false; // Are we using SSL for our connections?
-
const cryptoEnabled = false; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
I want reverse proxy, AES encryption( I want a Reverse Proxy because a reverse proxy often allows for a simpler firewall ruleset. Unfortunately, a reverse proxy requires configuration in your web server - Apache, Nginx, IIS. I want encryption, but don't want SSL certificate hassle )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "aes"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- metas["appx-proxy-path"]["value"] = "/appxws/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "80"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "80"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = false; // Are we using SSL for our connections?
-
const cryptoEnabled = true; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
I want reverse proxy, SSL encryption ( I want a Reverse Proxy because a reverse proxy often allows for a simpler firewall ruleset. Unfortunately, a reverse proxy requires configuration in your web server - Apache, Nginx, IIS. I also want the bese encryption possible )
- appx-client-settings.js
- metas["appx-encryption"]["value"] = "ssl"; //** Encryption type to use, valid values are "aes", "ssl", or "none". SSL is most secure, none is least secure.
- metas["appx-proxy-path"]["value"] = "/appxwss/"; //** If you have configured a reverse proxy, enter the value that triggers the reverse proxy. Typical values are /appxws/ for Non SSL proxies, and /appxwss/ for SSL**/
- metas["appx-proxy-port"]["value"] = "443"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying **/
- metas["appx-mongo-port"]["value"] = "443"; //** The port number that the proxy is accessible to the user on, typically 80 in SSL configuration or 443 for SSL configurations. If you are not reverse proxying your **/
- appxConnector.js
-
const sslEnabled = true; // Are we using SSL for our connections?
-
const cryptoEnabled = false; // Are we using Crypto to encrypt traffic? Must be off if SSL is on
-
const useoldsocket = true; // If set to true, the non SSL capable APPX engine socket and logic are used
-
const appxLocalConnectorCert= null; // If local connector needs certificate authority point to it here
- appxMongConnector.js
Parameters I didn't really dive into, but are worth mentioning. appxLocalConnectorCert is used if you have your own organizational certificate authority. useoldsocket is used if you enabled mandatory SSL logins with your appxLoginMgr and your appxLoginMgr is <5.5.0. If you are in a 5.5.0 environment, useoldsocket should probably be set to false.
|