source: MILK/trunk/milk_server/milk.config @ 5198

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/MILK/trunk/milk_server/milk.config@5198
Revision 5198, 9.9 KB checked in by cbyrom, 11 years ago (diff)

Write README.txt for MILK with basic install and config info +
tidy up config files, removing obsolete data + remove unused help
page + fix proper use of global discovery url to simplify use.

Line 
1#
2# MILK Configuration File
3# - see toplevel README.txt file for config instructions
4#
5[DEFAULT]
6#
7# the following is the server on which this browse/discovery instance runs!
8server:         http://localhost:5000
9
10#
11# the following is the server on which the NDG discovery service is running! (Not to be confused with
12# the server on which the NDG discovery web service is running). This can and probably should be the local
13# server (i.e. don't change it!)
14#
15ndgServer:      %(server)s
16#
17##!NOTE: These are changed to  reflect the proxy prefix
18layout:          /layout/
19icondir:         /layout/icons/
20
21#
22mailserver:       xxxoutbox.rl.ac.uk
23metadataMaintainer: b.n.lawrence@rl.ac.uk
24repository:        %(server)s
25tbrecipient:      b.n.lawrence@rl.ac.uk
26
27# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
28proxyServer:      http://wwwcache.rl.ac.uk:8080/
29disclaimer:       
30
31# if set to True, errors output will generally be more verbose - e.g. with stacktrace to templates
32debug: True             
33
34[SEARCH]
35discoveryURL:       %(ndgServer)s/discovery
36
37[layout]
38localLink:      %(ndgServer)s/layout/
39localImage:     %(icondir)sndg_logo_circle.gif
40localAlt:       visit badc
41ndgLink:        http://ndg.nerc.ac.uk/
42ndgImage:       %(icondir)sndg_logo_circle.gif
43ndgAlt:         visit ndg
44stfcLink:       http://ceda.stfc.ac.uk/
45stfcImage:      %(icondir)sstfc-circle-sm.gif
46key:            %(icondir)spadlock.png
47Xicon:          %(icondir)sxml.png
48plot:           %(icondir)splot.png
49printer:        %(icondir)sprinter.png
50helpIcon:       %(icondir)shelp.png
51HdrLeftAlt:     %(icondir)s British Atmospheric Data Centre
52HdrLeftLogo:    %(icondir)sbadc_logo.gif
53navMinus:       %(icondir)snavigate_minus.png
54navPlus:                %(icondir)snavigate_plus.png
55loadingIcon:    %(icondir)sloading.gif
56
57[WMC_CLIENT]
58# specify url for the client; if not specified it will not be possible to view WMS data for
59# discovered records
60url=
61
62[NDG_A_SERVICE]
63icon: %(icondir)splot.png
64icon_alt: A Service
65icon_title: LINKS to a DATA BROWSE view of this dataset
66
67[NDG_B_SERVICE]
68#
69#These are the hosts which are publicly available on which the browse
70#service is running. The list should be of the form 'repository: hostname'
71#where repository is the NDG identifier ....
72#
73neodc.nerc.ac.uk: %(server)s
74badc.nerc.ac.uk: %(server)s
75www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
76grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
77ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
78icon: %(icondir)sbrowse_bservice.png
79icon_alt: B Service
80icon_title: Links to a METADATA BROWSE view of this dataset
81instance: SERVICEHOST/view/URI
82
83[NDG_EXIST]
84#
85# following is a list of repository servers, actually only one is needed,
86# at any one location running browse, and that is the local one. The
87# entire purpose of the rest of the list is to simplify updates. These
88# hosts do not need to be visible outside of corporate firewalls.
89# The list should be of the form 'repository: hostname' where repository
90# is the NDG identifier.
91#
92local: bora.badc.rl.ac.uk
93badc.nerc.ac.uk: bora.badc.rl.ac.uk
94neodc.nerc.ac.uk: bora.badc.rl.ac.uk
95grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
96ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
97www.npm.ac.uk: pgsql.npm.ac.uk
98passwordFile: ./passwords.txt
99
100#
101# NDG Security
102# TODO: this security stuff is obsolete and when Phil's new security layer is added
103# it should be completely stripped out of the MILK codebase
104#
105
106# Security settings for configuration as a client to a Single Sign On Service
107# i.e. Where Are You From, login and logout operations are handled by a
108# separate standalone paster instance
109#[NDG_SECURITY.ssoClient]
110## THIS service's address for secure connections - the Single Sign On service
111## returns security parameters to this service along this channel
112#sslServer: https://localhost
113##sslServer: https://ndgbeta.badc.rl.ac.uk
114#
115## THIS service's address for unencrypted connections - when login is complete,
116## the BaseController redirects to an equivalent address under this host name.
117## sslServer and server settings must match for the sharing of cookies.
118#server: http://localhost
119#
120## WAYF running on Single Sign On Service - omit to default to WAYF running on
121## THIS paster instance
122#wayfURI:               https://localhost/sso/wayf
123#
124## Logout URI running on Single Sign On Service - omit to default to logout
125## running on THIS paster instance
126#logoutURI:             https://localhost/sso/logout
127
128# Security settings for running a Single Sign On Service from this paster
129# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
130# should be set but NOT both
131
132# Single Sign On Service Settings
133[NDG_SECURITY.ssoService]
134
135# THIS service's address for secure connections - the Single Sign On service
136# returns security parameters to this service along this channel
137sslServer: https://localhost
138#sslServer: https://ndgbeta.badc.rl.ac.uk
139
140# THIS service's address for unencrypted connections - when login is complete,
141# the BaseController redirects to an equivalent address under this host name.
142# sslServer and server settings must match for the sharing of cookies.
143server: http://localhost
144
145enableOpenID: True
146
147# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
148tracefile: None
149#tracefile: sys.stderr
150
151# Service addresses
152sessionMgrURI: https://localhost/SessionManager
153#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
154attAuthorityURI: http://localhost:5000/AttributeAuthority
155#attAuthorityURI: http://aa.ceda.rl.ac.uk
156
157# SSL Connections
158#
159# Space separated list of CA cert. files.  The peer cert.
160# must verify against at least one of these otherwise the connection is
161# dropped.  Include CA certs for all the sites trusted
162sslCACertFilePathList: certs/ndg-test-ca.crt
163
164# Web Services HTTP Proxy fine tuning
165#
166# For most situations, these settings can be ignored and instead make use of
167# the http_proxy environment variable.  They allow for the case where specific
168# settings are needed just for the security web services calls
169
170# Overrides the http_proxy environment variable setting - may be omitted
171#httpProxyHost: wwwcache.rl.ac.uk:8080
172
173# Web service clients pick up the no_proxy environment variable setting by
174# default.  Set this parameter to override no_proxy for web service
175# connections. 
176#noHttpProxyList: localhost, 127.0.0.1
177
178# WS-Security signature handler - set a config file with 'wssCfgFilePath'
179# or omit and put the relevant content directly in here under
180# 'NDG_SECURITY.wssecurity' section
181#wssCfgFilePath: wssecurity.cfg
182
183[NDG_SECURITY.wssecurity]
184
185# Settings for signature of an outbound message ...
186
187# Certificate associated with private key used to sign a message.  The sign
188# method will add this to the BinarySecurityToken element of the WSSE header. 
189# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
190# As an alternative, use 'signingCertChain' parameter
191
192# file path PEM encoded cert
193signingCertFilePath=certs/clnt.crt
194
195# file path to PEM encoded private key file
196signingPriKeyFilePath=certs/clnt.key
197
198# Password protecting private key.  Leave blank if there is no password.
199signingPriKeyPwd=
200
201# Provide a space separated list of file paths.  CA Certs should be included
202# for all the sites this installation trusts
203caCertFilePathList=certs/ndg-test-ca.crt
204
205# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
206# signed message. 
207reqBinSecTokValType=X509v3
208
209# Add a timestamp element to an outbound message
210addTimestamp=True
211
212# For WSSE 1.1 - service returns signature confirmation containing signature
213# value sent by client
214applySignatureConfirmation=False
215
216#
217# Gatekeeper settings
218#
219[NDG_SECURITY.gatekeeper]
220#
221# Policy Enforcement Point calls a Policy Decision Point interface:
222
223# File path to Python module containing the PDP class - leave blank if the
224# module is in PYTHONPATH env var
225pdpModFilePath:
226
227# Name of PDP Python module
228pdpModName: ndg.security.common.authz.pdp.browse
229
230# Name of PDP class used
231pdpClassName: BrowsePDP
232
233# File Path to configuration file used by PDP class (environment variables
234# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
235# to make the PEP read the PDP settings from THIS config file
236#pdpCfgFilePath:
237
238# Read PDP params from THIS section
239pdpCfgSection: NDG_SECURITY.gatekeeper
240
241#
242# Settings for Policy Decision Point called by the PEP
243
244# Address of Attribute Authority for Data Provider
245#aaURI: http://aa.ceda.rl.ac.uk
246aaURI: http://localhost:5000/AttributeAuthority
247
248# Verify peer cert for SSL connections to Session Manager
249sslCACertFilePathList: certs/ndg-test-ca.crt
250
251# Set to file object to dump SOAP message output for debugging
252tracefile:
253
254# CA certificates used to verify the signature of user Attribute Certificates
255# - space delimited list but note that currently only the CA of this site
256# is needed because only mapped Attribute Certificates may be accepted.
257acCACertFilePathList: certs/ndg-test-ca.crt
258
259# X.509 Distinguished Name for Attribute Certificate issuer - should match with
260# the issuer element of the users Attribute Certificate submitted in order to
261# gain access
262acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
263#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
264
265# WS-Security signature handler - set a config file with 'wssCfgFilePath'
266# or omit and put the relevant content directly in here under the section name
267# specified by 'wssCfgSection' below
268#wssCfgFilePath: wssecurity.cfg
269
270# Config file section for WS-Security settings - Nb. the gatekeeper shares the
271# same settings as the Single Sign On Service.
272wssCfgSection: NDG_SECURITY.wssecurity
273
274[RELATED]
275icon: %(icondir)srelated_link.png
276icon_alt: Related
277icon_title: Links to a RELATED URL
278
279[DISCOVERY]
280icon: %(icondir)scatalogue_dservice.png
281icon_alt: Catalogue
282default: %(server)s
283formatDefault=DIF
284icon_title: Links to the DISCOVERY RECORD for this dataset
285standalone: False
286#NB, if unset, this will default to the discovery service at ndg.badc.rl.ac.uk
287#discoveryServiceURL:http://localhost:8080/axis2/services/DiscoveryService
288
289[MILK_SERVER]
290#
291# Configure the MILK_SERVER framework here
292#
293editorOn=True
294browseOn=False
295discoveryOn=True
296
Note: See TracBrowser for help on using the repository browser.