source: MILK/trunk/milk_server/milk.config @ 4992

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/MILK/trunk/milk_server/milk.config@4992
Revision 4992, 11.0 KB checked in by cbyrom, 10 years ago (diff)

Adjust code to fit with changes to ndgCommon codebase + tidy up
structure of ndgInterface to make easier to follow + add documentation
+ add universal debug mode + various other small code tidy ups.

Line 
1#
2# MILK Configuration File
3# At deployment time the only pieces that a user ought to need to customise
4# will be
5#    - the server address
6#    - it might be necessary to customise the location of the layout directory
7#    - the localLink, localImage and localAlt in the [layout] section
8#
9[DEFAULT]
10#
11# the following is the server on which this browse/discovery instance runs!
12server:         http://localhost
13#server:       http://superglue.badc.rl.ac.uk:8083
14## This is the proxied server root
15#server: http://superglue.badc.rl.ac.uk/ndg-test
16
17#
18# the following is the server on which the NDG discovery service is running! (Not to be confused with
19# the server on which the NDG discovery web service is running). This can and probably should be the local
20# server (i.e. don't change it!)
21#
22ndgServer:      %(server)s
23#
24##!NOTE: These are changed to  reflect the proxy prefix
25#layout:         /ndg-test/layout/
26#icondir:        /ndg-test/layout/icons/
27layout:          /layout/
28icondir:         /layout/icons/
29
30#
31mailserver:       xxxoutbox.rl.ac.uk
32metadataMaintainer: b.n.lawrence@rl.ac.uk
33repository:        %(server)s
34tbrecipient:      b.n.lawrence@rl.ac.uk
35
36# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
37proxyServer:      http://wwwcache3.rl.ac.uk:8080/
38disclaimer:       
39
40# if set to True, errors output will generally be more verbose - e.g. with stacktrace to templates
41debug: True             
42
43[SEARCH]
44advancedURL:        %(ndgServer)s/discovery
45discoveryURL:       %(ndgServer)s/discovery
46helpURL:            %(ndgServer)s/discovery?help=1
47
48[logging]
49debuglog:        discovery.log
50
51[layout]
52###### user customisable:
53localLink:      %(ndgServer)s/layout/
54localImage:     %(icondir)sndg_logo_circle.gif
55localAlt:       visit badc
56###### ought to be the end of the customisations
57ndgLink:        http://ndg.nerc.ac.uk/
58ndgImage:       %(icondir)sndg_logo_circle.gif
59ndgAlt:         visit ndg
60stfcLink:       http://ceda.stfc.ac.uk/
61stfcImage:      %(icondir)sstfc-circle-sm.gif
62key:            %(icondir)spadlock.png
63Xicon:          %(icondir)sxml.png
64plot:           %(icondir)splot.png
65printer:        %(icondir)sprinter.png
66helpIcon:       %(icondir)shelp.png
67HdrLeftAlt:     %(icondir)s Natural Environment Research Council
68HdrLeftLogo:    %(icondir)sNERC_Logo.gif
69navMinus:       %(icondir)snavigate_minus.png
70navPlus:                %(icondir)snavigate_plus.png
71loadingIcon:    %(icondir)sloading.gif
72
73pageLogo:       %(layout)s20050502_albert-park_silhouetted-trees-and-clouds_02_cropped.jpg
74
75[HELP]
76helpFile:       %(layout)shelp.html
77
78[ATOM_EDITOR]
79# if set to True, the editor will be available
80enabled: True
81
82[WMC_CLIENT]
83# specify url for the client; if not specified it will not be possible to view WMS data for
84# discovered records
85url=
86
87[NDG_A_SERVICE]
88badc.nerc.ac.uk: http://glue.badc.rl.ac.uk/cgi-bin/dxui
89icon: %(icondir)splot.png
90#%(icondir)sdata_aservice.png
91icon_alt: A Service
92service_name: A
93icon_title: LINKS to a DATA BROWSE view of this dataset
94instance: datasetURI_%s
95
96[NDG_B_SERVICE]
97#
98#These are the hosts which are publicly available on which the browse
99#service is running. The list should be of the form 'repository: hostname'
100#where repository is the NDG identifier ....
101#
102neodc.nerc.ac.uk: %(server)s
103badc.nerc.ac.uk: %(server)s
104www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
105grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
106ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
107icon: %(icondir)sbrowse_bservice.png
108icon_alt: B Service
109icon_title: Links to a METADATA BROWSE view of this dataset
110service_name: B
111instance: SERVICEHOST/view/URI
112
113[NDG_EXIST]
114#
115# following is a list of repository servers, actually only one is needed,
116# at any one location running browse, and that is the local one. The
117# entire purpose of the rest of the list is to simplify updates. These
118# hosts do not need to be visible outside of corporate firewalls.
119# The list should be of the form 'repository: hostname' where repository
120# is the NDG identifier.
121#
122local: chinook.badc.rl.ac.uk
123badc.nerc.ac.uk: chinook.badc.rl.ac.uk
124neodc.nerc.ac.uk: chinook.badc.rl.ac.uk
125grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
126ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
127www.npm.ac.uk: pgsql.npm.ac.uk
128passwordFile: ./passwords.txt
129
130#
131# NDG Security
132#
133
134# Security settings for configuration as a client to a Single Sign On Service
135# i.e. Where Are You From, login and logout operations are handled by a
136# separate standalone paster instance
137#[NDG_SECURITY.ssoClient]
138## THIS service's address for secure connections - the Single Sign On service
139## returns security parameters to this service along this channel
140#sslServer: https://localhost
141##sslServer: https://ndgbeta.badc.rl.ac.uk
142#
143## THIS service's address for unencrypted connections - when login is complete,
144## the BaseController redirects to an equivalent address under this host name.
145## sslServer and server settings must match for the sharing of cookies.
146#server: http://localhost
147#
148## WAYF running on Single Sign On Service - omit to default to WAYF running on
149## THIS paster instance
150#wayfURI:               https://localhost/sso/wayf
151#
152## Logout URI running on Single Sign On Service - omit to default to logout
153## running on THIS paster instance
154#logoutURI:             https://localhost/sso/logout
155
156# Security settings for running a Single Sign On Service from this paster
157# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
158# should be set but NOT both
159
160# Single Sign On Service Settings
161[NDG_SECURITY.ssoService]
162
163# THIS service's address for secure connections - the Single Sign On service
164# returns security parameters to this service along this channel
165sslServer: https://localhost
166#sslServer: https://ndgbeta.badc.rl.ac.uk
167
168# THIS service's address for unencrypted connections - when login is complete,
169# the BaseController redirects to an equivalent address under this host name.
170# sslServer and server settings must match for the sharing of cookies.
171server: http://localhost
172
173enableOpenID: True
174
175# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
176tracefile: None
177#tracefile: sys.stderr
178
179# Service addresses
180sessionMgrURI: https://localhost/SessionManager
181#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
182attAuthorityURI: http://localhost:5000/AttributeAuthority
183#attAuthorityURI: http://aa.ceda.rl.ac.uk
184
185# SSL Connections
186#
187# Space separated list of CA cert. files.  The peer cert.
188# must verify against at least one of these otherwise the connection is
189# dropped.  Include CA certs for all the sites trusted
190sslCACertFilePathList: certs/ndg-test-ca.crt
191
192# Web Services HTTP Proxy fine tuning
193#
194# For most situations, these settings can be ignored and instead make use of
195# the http_proxy environment variable.  They allow for the case where specific
196# settings are needed just for the security web services calls
197
198# Overrides the http_proxy environment variable setting - may be omitted
199#httpProxyHost: wwwcache.rl.ac.uk:8080
200
201# Web service clients pick up the no_proxy environment variable setting by
202# default.  Set this parameter to override no_proxy for web service
203# connections. 
204#noHttpProxyList: localhost, 127.0.0.1
205
206# WS-Security signature handler - set a config file with 'wssCfgFilePath'
207# or omit and put the relevant content directly in here under
208# 'NDG_SECURITY.wssecurity' section
209#wssCfgFilePath: wssecurity.cfg
210
211[NDG_SECURITY.wssecurity]
212
213# Settings for signature of an outbound message ...
214
215# Certificate associated with private key used to sign a message.  The sign
216# method will add this to the BinarySecurityToken element of the WSSE header. 
217# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
218# As an alternative, use 'signingCertChain' parameter
219
220# file path PEM encoded cert
221signingCertFilePath=certs/clnt.crt
222
223# file path to PEM encoded private key file
224signingPriKeyFilePath=certs/clnt.key
225
226# Password protecting private key.  Leave blank if there is no password.
227signingPriKeyPwd=
228
229# Provide a space separated list of file paths.  CA Certs should be included
230# for all the sites this installation trusts
231caCertFilePathList=certs/ndg-test-ca.crt
232
233# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
234# signed message. 
235reqBinSecTokValType=X509v3
236
237# Add a timestamp element to an outbound message
238addTimestamp=True
239
240# For WSSE 1.1 - service returns signature confirmation containing signature
241# value sent by client
242applySignatureConfirmation=False
243
244#
245# Gatekeeper settings
246#
247[NDG_SECURITY.gatekeeper]
248#
249# Policy Enforcement Point calls a Policy Decision Point interface:
250
251# File path to Python module containing the PDP class - leave blank if the
252# module is in PYTHONPATH env var
253pdpModFilePath:
254
255# Name of PDP Python module
256pdpModName: ndg.security.common.authz.pdp.browse
257
258# Name of PDP class used
259pdpClassName: BrowsePDP
260
261# File Path to configuration file used by PDP class (environment variables
262# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
263# to make the PEP read the PDP settings from THIS config file
264#pdpCfgFilePath:
265
266# Read PDP params from THIS section
267pdpCfgSection: NDG_SECURITY.gatekeeper
268
269#
270# Settings for Policy Decision Point called by the PEP
271
272# Address of Attribute Authority for Data Provider
273#aaURI: http://aa.ceda.rl.ac.uk
274aaURI: http://localhost:5000/AttributeAuthority
275
276# Verify peer cert for SSL connections to Session Manager
277sslCACertFilePathList: certs/ndg-test-ca.crt
278
279# Set to file object to dump SOAP message output for debugging
280tracefile:
281
282# CA certificates used to verify the signature of user Attribute Certificates
283# - space delimited list but note that currently only the CA of this site
284# is needed because only mapped Attribute Certificates may be accepted.
285acCACertFilePathList: certs/ndg-test-ca.crt
286
287# X.509 Distinguished Name for Attribute Certificate issuer - should match with
288# the issuer element of the users Attribute Certificate submitted in order to
289# gain access
290acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
291#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
292
293# WS-Security signature handler - set a config file with 'wssCfgFilePath'
294# or omit and put the relevant content directly in here under the section name
295# specified by 'wssCfgSection' below
296#wssCfgFilePath: wssecurity.cfg
297
298# Config file section for WS-Security settings - Nb. the gatekeeper shares the
299# same settings as the Single Sign On Service.
300wssCfgSection: NDG_SECURITY.wssecurity
301
302[RELATED]
303icon: %(icondir)srelated_link.png
304icon_alt: Related
305service_name: Related
306icon_title: Links to a RELATED URL
307instance: uri
308
309[DISCOVERY]
310icon: %(icondir)scatalogue_dservice.png
311icon_alt: Catalogue
312service_name: Catalogue
313default: %(server)s
314formatDefault=DIF
315icon_title: Links to the DISCOVERY RECORD for this dataset
316#standalone: True
317standalone: False
318#NB, if unset, this will default to the discovery service at ndg.badc.rl.ac.uk
319#discoveryServiceURL:http://localhost:8080/axis2/services/DiscoveryService
320
321[MILK_SERVER]
322#
323# Configure the MILK_SERVER framework here
324#
325
326# exception_type: whether OGC servers should send a valid ExceptionReport on errors
327#     or use pylon's debugger.  Very useful for debugging OWS controllers.  Default is ogc
328#exception_type: ogc
329#exception_type: pylons
330
Note: See TracBrowser for help on using the repository browser.