/
custom.system.properties
259 lines (208 loc) · 9.25 KB
/
custom.system.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
#
# The properties defined in this file will be made available through system
# properties at the very beginning of the Karaf's boot process.
#
# DDF Environment Settings
ddf.etc=${karaf.etc}
ddf.data=${karaf.data}
derby.system.home=${karaf.home}/data/derby
#
# Keystore and Truststore Java Properties
#
javax.net.ssl.keyStore=etc/keystores/serverKeystore.jks
javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.trustStore=etc/keystores/serverTruststore.jks
javax.net.ssl.trustStorePassword=changeit
javax.net.ssl.keyStoreType=jks
javax.net.ssl.trustStoreType=jks
#
# Keyset Properties
#
keyset.dir=${ddf.etc}/keysets
associated.data.path=${ddf.etc}/associatedData.properties
#
# Headless Configuration
#
# Forces java to run in headless mode for when the server doesn't have a display device
#java.awt.headless=true
#
# Global URL Properties
#
# The httpsPort and httpPort are the ports that the system will run on
org.codice.ddf.system.protocol=https://
org.codice.ddf.system.hostname=localhost
org.codice.ddf.system.httpsPort=8993
org.codice.ddf.system.httpPort=8181
org.codice.ddf.system.port=_DO_NOT_EXPAND_${org.codice.ddf.system.httpsPort}
org.codice.ddf.system.rootContext=/services
# external properties are useful when DDF is behind a proxy and
# the URL a user sees is different than the local url DDF uses
org.codice.ddf.external.protocol=_DO_NOT_EXPAND_${org.codice.ddf.system.protocol}
org.codice.ddf.external.hostname=_DO_NOT_EXPAND_${org.codice.ddf.system.hostname}
org.codice.ddf.external.httpsPort=_DO_NOT_EXPAND_${org.codice.ddf.system.httpsPort}
org.codice.ddf.external.httpPort=_DO_NOT_EXPAND_${org.codice.ddf.system.httpPort}
org.codice.ddf.external.port=_DO_NOT_EXPAND_${org.codice.ddf.external.httpsPort}
org.codice.ddf.external.context=
# Whether or not CSRF filtering should be enabled. This should only be disabled for testing and
# debugging purposes, otherwise the system will be left insecure.
csrf.enabled=true
# Comma separated list of host/port combinations that can be trusted to make requests to DDF.
csrf.trustedAuthorities=
#
# System Information Properties
#
org.codice.ddf.system.branding=${branding-lowercase}
org.codice.ddf.system.siteName=${sitename.default}
org.codice.ddf.system.siteContact=
org.codice.ddf.system.version=${project.version}
org.codice.ddf.system.organization=${organization.name}
org.codice.ddf.system.registry-id=
#
# Solr Provider Configuration
#
solr.data.dir=_DO_NOT_EXPAND_${karaf.home}/data/solr
# Solr Cloud Provider
solr.client=CloudSolrClient
solr.cloud.zookeeper=localhost:2181
solr.useBasicAuth=false
solr.username=admin
solr.password=admin
# Comma-separated list of fields to expand to when a query use the anytext field
solr.query.anytext.fields=metadata,title,description,ext.extracted.text
# Comma-separated list of metacard types that do not support optimistic updates.
solr.commit.nrt.metacardTypes=workspace,metacard.query,metacard.list,query-template,attribute-group,resource-note
# Comma-separated list of metacard fields that should never show up as search result highlights
solr.highlight.blacklist=metacard-tags
solr.highlight.enabled=false
# solr.highlight.anytext.expand=false
# solr.highlight.config.file=etc/solr-highlighter.properties
# Whether or not case-insensitive sorting is enabled
solr.query.sort.caseInsensitive=true
#
# Thread Pool Settings
#
# Size of thread pool used for handling UI queries, federating requests, and downloading resources
# See "Configuring Thread Pools" under "Managing" documentation.
org.codice.ddf.system.threadPoolSize=128
#
# Security Manager Settings
#
#
# Admins can uncomment the following 6 lines and comment out the other definitions of
# the security manager properties in order to determine any missing security permissions
# should they install third-party bundles requiring additional access.
#
# Please note that turning on the PolicyFileGeneratorJSM has the side-effect of turning off
# security on your system. It should be used with caution, only to ascertain missing
# permissions to be added to the default.policy file.
#
# N.B. The use of the double equals on the 'java.security.policy' property is intentional.
# See http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs
# for more information.
#
# prograde.generated.policy=${karaf.home}/generated.policy
# prograde.use.own.policy=true
# policy.provider=net.sourceforge.prograde.policy.ProGradePolicy
# java.security.manager=net.sourceforge.prograde.sm.PolicyFileGeneratorJSM
# proGrade.getPermissions.override=sun.rmi.server.LoaderHandler:loadClass,org.apache.jasper.compiler.JspRuntimeContext:initSecurity
# policy.provider=net.sourceforge.prograde.policy.ProGradePolicy
# java.security.manager=net.sourceforge.prograde.sm.ProGradeJSM
# java.security.policy==${karaf.etc}/all.policy
# proGrade.getPermissions.override=sun.rmi.server.LoaderHandler:loadClass,org.apache.jasper.compiler.JspRuntimeContext:initSecurity
#
# HTTPS Specific Settings
#
# If making a Secure Connection not leveraging the HTTPS Java libraries and classes (e.g. if you
# are using secure sockets directly) then you will have to set this directly
https.cipherSuites=TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# If using the JCE unlimited strength policy, uncomment this and use it instead.
#https.cipherSuites=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
https.protocols=TLSv1.2,TLSv1.3
jdk.tls.client.protocols=TLSv1.2,TLSv1.3
jdk.tls.ephemeralDHKeySize=matched
#
# File Upload Settings
#
# Files uploaded with these bad file extensions or names will have their file names sanitized
# before being saved
bad.file.extensions=.exe,.jsp,.html,.js,.php,.phtml,.php3,.php4,.php5,.phps,.shtml,.jhtml,.pl,.py,.cgi,.msi,.com,.scr,.gadget,.application,.pif,.hta,.cpl,.msc,.jar,.kar,.bat,.cmd,.vb,.vbs,.vbe,.jse,.ws,.wsf,.wsc,.wsh,.ps1,.ps1xml,.ps2,.ps2xml,.psc1,.psc2,.msh,.msh1,.msh2,.mshxml,.msh1xml,.msh2xml,.scf,.lnk,.inf,.reg,.dll,.vxd,.cpl,.cfg,.config,.crt,.cert,.pem,.jks,.p12,.p7b,.key,.der,.csr,.jsb,.mhtml,.mht,.xhtml,.xht,.tmp
bad.files=crossdomain.xml,clientaccesspolicy.xml,.htaccess,.htpasswd,hosts,passwd,group,resolv.conf,nfs.conf,ftpd.conf,ntp.conf,web.config,robots.txt
# Files uploaded matching these mime types will be excluded from being stored
bad.mime.types=text/html,text/javascript,text/x-javascript,application/x-shellscript,text/scriptlet,application/x-msdownload,application/x-msmetafile
# Files uploaded matching these file names will be excluded from being stored
ignore.files=.DS_Store,Thumbs.db
#
# Basic Authentication
#
# Set to true to allow Basic Auth credentials to be sent over HTTP unsecurely. This should only be
# done in a test environment. These events will be audited.
org.codice.allowBasicAuthOverHttp=false
#
# Auditing Settings
#
# Set to true to require that all audit logs be HTML encoded before being written.
# This helps avoid any log injection flaws that may be present. Turning this feature on may slow down the system.
org.codice.ddf.platform.requireAuditEncoding=false
#
# Maximum Endpoint Contact Interval
#
# Max seconds between attempts to contact the endpoint of a source
org.codice.ddf.platform.util.http.maxRetryInterval=300
#
# Initial Endpoint Contact Interval
#
# Initial seconds between attempts to contact the endpoint of a source
org.codice.ddf.platform.util.http.initialRetryInterval=10
#
# XML Document Builder Factory
#
javax.xml.parsers.DocumentBuilderFactory=org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
javax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl
#
# Access Logs
#
# Enables/Disables HTTP access logs for Jetty
org.codice.ddf.http.access.log.enabled=false
#
# Security
#
org.codice.ddf.security.ecp.enabled=true
#
# Security Logging
#
security.logger.extra_attributes=
#
# IDP (Identity Provider) Settings
#
# How long IDP clients should cache the IDP's metadata, ISO 8601 duration format. Default is 7 days.
org.codice.ddf.security.saml.Metadata.cacheDuration=P7D
#
#
# User name for the Karaf local console
#
karaf.local.user=admin
#
# Security properties
#
#java.security.policy=_DO_NOT_EXPAND_${karaf.etc}/all.policy
#org.osgi.framework.security=osgi
#org.osgi.framework.trust.repositories=_DO_NOT_EXPAND_${karaf.etc}/trustStore.ks
# pipe (|) separated list of regex patterns for DNs that are allowed to connect to the Security Token Service
ws-security.subject.cert.constraints=.*CN=_DO_NOT_EXPAND_${org.codice.ddf.system.hostname}.*
user.language="en"
user.country="US"
#
# This is the default home location which will work in development and test
# and, by virtue of being beneath the _DO_NOT_EXPAND_${user.home} directory, will not cause
# an access exception for being inaccessible.
#
org.ops4j.pax.url.mvn.settings=file:_DO_NOT_EXPAND_${user.home}/.m2/settings.xml
#
# Disable Hazelcast version check
#
hazelcast.version.check.enabled=false
#
# DDF's custom implementation of a Felix Config Admin PersistenceManager
#
felix.cm.pm=CodicePM
#DO NOT REMOVE THIS LINE