Servoy 2020 Documentation
Child pages
  • Network Related Settings

Versions Compared

Old Version 2

changes.mady.by.user Paul Bakker

Saved on

compared with

New Version 3

changes.mady.by.user Paul Bakker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This chapter discusses the various configuration options in the area of network connectivity, including the ports over which the services are exposed and enabling HTTPS & SSL. The network configuration options for Smart Client connectivity comprises the majority of this chapter, as it is the most extensive

Table of Contents

Table of Contents

High level overview

The Servoy Application Server exposes the majority of it's services over the so-called HTTP Port (default port 8080). Through this port the Servoy Admin page, the Web Clients and plugin services are exposed to the outside world.

...

All network communication with the Servoy Application Server can be optionally secured, by enabling HTTPS for all traffic over the HTTPS port and by enabled SSL encryption for the communication between the Smart Client and the Application Server.

Setting the HTTP port

The HTTP port, used to expose many of the services of the Servoy Application Server can be configured by editing the server.xml file located in ../application_server/server/conf. This file contains the following entry by default:

Code Block
<Connector port="8080" protocol="HTTP/1.1" maxThreads="500" connectionTimeout="60000" redirectPort="8443" useBodyEncodingForURI="true" />

By altering the value of the "port" attribute to, for example 9090 or 80, the port on which the services of the Servoy Application Server are exposed can be changed. In order for the changes to gointo effect a restart of the Application Server is required.

Note that on some operating systems, like Linux of FreeBSD, bind a process to a port number lower than 1024 (for example the default HTTP port 80) required the process to run as root or under administrator privileges.

Enabling HTTPS

HTPPS can be enabled by added an additional connector, configured for secure access to the server.xml file located in ../application_server/server/conf.

In order to create a secure HTTPS connector a keystore with a signed SSL Certificate is required. While it's possible to enable SSL withough a keystore, this is insecure and browsers will generate security warnings when accessing webpages through HTTPS. For more information on how to create a keystore, see Creating a keystore

Code Block
<Connector port="8443"
           maxThreads="500" connectionTimeout="60000"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="conf/keystore" keystorePass="changeit"/>

The following attributes in the connector above most likely require modification:

  • keystoreFile: The value of this attribute needs to refer to the location plus name of the keystore (either absolute or relative to the server home directory (../application_server))
  • keystorePass: The passPhrase of the keystore. The passPhrase is specified when creating the keystore

Additionally, the value of the port attribute needs to be brought in sync with the value of the redirectPort attribute of the standard HTTP connector (or vise versa), as the redirectPort attribute on the HTTP connector is used to redirect HTTP traffic to HTTPS when required, see #Enforcing HTTPS for all traffic.

Note that on some operating systems, like Linux of FreeBSD, bind a process to a port number lower than 1024 (for example the default HTTPS port 443) requires the process to run as root or under administrator privileges.

Enforcing HTTPS for all traffic

If HTTPS is enabled, it's possible to redirect all incoming HTTP traffic to HTTPS by editing the web.xml file located in ../application_server/server/webapps/ROOT/web_inf. Athe the bottom of the file, just before '</web-app>', add the following security-contraints to redirect all HTTP Requests to HTTPS:

Code Block
<security-constraint>
    <web-resource-collection>
      <web-resource-name>Automatic SLL Forwarding</web-resource-name>
      <url-pattern>/</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

When forcing all HTTP requests to HTTPS, the "servoy.jnlpCodebaseOverride" setting needs to be the HTTPS URL (including the HTTPS Connector port number).

Smart Client network configuration

The Servoy Application Server has several modes in which Smart Clients can communicate with the Application Server:

Direct Connections:

Two-Way socket:

HTTP Tunnel:

Socket Tunnel:

HTTP & Socket tunnel

Profiles

----The Network Settings node on the Servoy Admin page exposes the Servoy Application Server settings that relate to network connectivity. The Network Settings node can be accessed through <serverUrl>/servoy-admin/network-settings

...