source: MILK/trunk/milk_server/milk.config @ 5299

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/MILK/trunk/milk_server/milk.config@5798
Revision 5299, 10.0 KB checked in by cbyrom, 11 years ago (diff)

Add new controller, feeds, to centralise all feed creation code. Add
new template, feed_creator, to allow input form to directly create
atom feed entry. Add general feed to discovery search page - tieing
this to the feed created by feed_creator. Add icons for feed and
include these in the config set up.

Line 
1#
2# MILK Configuration File
3# - see toplevel README.txt file for config instructions
4#
5[DEFAULT]
6#
7# the following is the server on which this browse/discovery instance runs!
8server:         http://localhost:5000
9
10#
11# the following is the server on which the NDG discovery service is running! (Not to be confused with
12# the server on which the NDG discovery web service is running). This can and probably should be the local
13# server (i.e. don't change it!)
14#
15ndgServer:      %(server)s
16#
17##!NOTE: These are changed to  reflect the proxy prefix
18layout:          /layout/
19icondir:         /layout/icons/
20
21#
22mailServer:       xxxoutbox.rl.ac.uk
23metadataMaintainer: b.n.lawrence@rl.ac.uk
24repository:        %(server)s
25tbrecipient:      b.n.lawrence@rl.ac.uk
26
27# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
28proxyServer:      http://wwwcache.rl.ac.uk:8080/
29disclaimer:       
30
31# if set to True, errors output will generally be more verbose - e.g. with stacktrace to templates
32debug: True             
33
34[SEARCH]
35discoveryURL:       %(ndgServer)s/discovery
36
37[layout]
38localLink:      %(ndgServer)s/layout/
39localImage:     %(icondir)sndg_logo_circle.gif
40localAlt:       visit badc
41ndgLink:        http://ndg.nerc.ac.uk/
42ndgImage:       %(icondir)sndg_logo_circle.gif
43ndgAlt:         visit ndg
44stfcLink:       http://ceda.stfc.ac.uk/
45stfcImage:      %(icondir)sstfc-circle-sm.gif
46key:            %(icondir)spadlock.png
47Xicon:          %(icondir)sxml.png
48plot:           %(icondir)splot.png
49printer:        %(icondir)sprinter.png
50helpIcon:       %(icondir)shelp.png
51HdrLeftAlt:     %(icondir)s British Atmospheric Data Centre
52HdrLeftLogo:    %(icondir)sbadc_logo.gif
53navMinus:       %(icondir)snavigate_minus.png
54navPlus:                %(icondir)snavigate_plus.png
55loadingIcon:    %(icondir)sloading.gif
56feedIcon:       %(icondir)sfeed-icon-28x28.png
57
58[WMC_CLIENT]
59# specify url for the client; if not specified it will not be possible to view WMS data for
60# discovered records
61url=
62
63[NDG_A_SERVICE]
64icon: %(icondir)splot.png
65icon_alt: A Service
66icon_title: LINKS to a DATA BROWSE view of this dataset
67
68[NDG_B_SERVICE]
69#
70#These are the hosts which are publicly available on which the browse
71#service is running. The list should be of the form 'repository: hostname'
72#where repository is the NDG identifier ....
73#
74neodc.nerc.ac.uk: %(server)s
75badc.nerc.ac.uk: %(server)s
76www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
77grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
78ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
79icon: %(icondir)sbrowse_bservice.png
80icon_alt: B Service
81icon_title: Links to a METADATA BROWSE view of this dataset
82instance: SERVICEHOST/view/URI
83
84[NDG_EXIST]
85#
86# following is a list of repository servers, actually only one is needed,
87# at any one location running browse, and that is the local one. The
88# entire purpose of the rest of the list is to simplify updates. These
89# hosts do not need to be visible outside of corporate firewalls.
90# The list should be of the form 'repository: hostname' where repository
91# is the NDG identifier.
92#
93local: bora.badc.rl.ac.uk
94badc.nerc.ac.uk: bora.badc.rl.ac.uk
95neodc.nerc.ac.uk: bora.badc.rl.ac.uk
96grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
97ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
98www.npm.ac.uk: pgsql.npm.ac.uk
99passwordFile: ./passwords.txt
100
101#
102# NDG Security
103# TODO: this security stuff is obsolete and when Phil's new security layer is added
104# it should be completely stripped out of the MILK codebase
105#
106
107# Security settings for configuration as a client to a Single Sign On Service
108# i.e. Where Are You From, login and logout operations are handled by a
109# separate standalone paster instance
110#[NDG_SECURITY.ssoClient]
111## THIS service's address for secure connections - the Single Sign On service
112## returns security parameters to this service along this channel
113#sslServer: https://localhost
114##sslServer: https://ndgbeta.badc.rl.ac.uk
115#
116## THIS service's address for unencrypted connections - when login is complete,
117## the BaseController redirects to an equivalent address under this host name.
118## sslServer and server settings must match for the sharing of cookies.
119#server: http://localhost
120#
121## WAYF running on Single Sign On Service - omit to default to WAYF running on
122## THIS paster instance
123#wayfURI:               https://localhost/sso/wayf
124#
125## Logout URI running on Single Sign On Service - omit to default to logout
126## running on THIS paster instance
127#logoutURI:             https://localhost/sso/logout
128
129# Security settings for running a Single Sign On Service from this paster
130# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
131# should be set but NOT both
132
133# Single Sign On Service Settings
134[NDG_SECURITY.ssoService]
135
136# THIS service's address for secure connections - the Single Sign On service
137# returns security parameters to this service along this channel
138sslServer: https://localhost
139#sslServer: https://ndgbeta.badc.rl.ac.uk
140
141# THIS service's address for unencrypted connections - when login is complete,
142# the BaseController redirects to an equivalent address under this host name.
143# sslServer and server settings must match for the sharing of cookies.
144server: http://localhost
145
146enableOpenID: True
147
148# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
149tracefile: None
150#tracefile: sys.stderr
151
152# Service addresses
153sessionMgrURI: https://localhost/SessionManager
154#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
155attAuthorityURI: http://localhost:5000/AttributeAuthority
156#attAuthorityURI: http://aa.ceda.rl.ac.uk
157
158# SSL Connections
159#
160# Space separated list of CA cert. files.  The peer cert.
161# must verify against at least one of these otherwise the connection is
162# dropped.  Include CA certs for all the sites trusted
163sslCACertFilePathList: certs/ndg-test-ca.crt
164
165# Web Services HTTP Proxy fine tuning
166#
167# For most situations, these settings can be ignored and instead make use of
168# the http_proxy environment variable.  They allow for the case where specific
169# settings are needed just for the security web services calls
170
171# Overrides the http_proxy environment variable setting - may be omitted
172#httpProxyHost: wwwcache.rl.ac.uk:8080
173
174# Web service clients pick up the no_proxy environment variable setting by
175# default.  Set this parameter to override no_proxy for web service
176# connections. 
177#noHttpProxyList: localhost, 127.0.0.1
178
179# WS-Security signature handler - set a config file with 'wssCfgFilePath'
180# or omit and put the relevant content directly in here under
181# 'NDG_SECURITY.wssecurity' section
182#wssCfgFilePath: wssecurity.cfg
183
184[NDG_SECURITY.wssecurity]
185
186# Settings for signature of an outbound message ...
187
188# Certificate associated with private key used to sign a message.  The sign
189# method will add this to the BinarySecurityToken element of the WSSE header. 
190# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
191# As an alternative, use 'signingCertChain' parameter
192
193# file path PEM encoded cert
194signingCertFilePath=certs/clnt.crt
195
196# file path to PEM encoded private key file
197signingPriKeyFilePath=certs/clnt.key
198
199# Password protecting private key.  Leave blank if there is no password.
200signingPriKeyPwd=
201
202# Provide a space separated list of file paths.  CA Certs should be included
203# for all the sites this installation trusts
204caCertFilePathList=certs/ndg-test-ca.crt
205
206# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
207# signed message. 
208reqBinSecTokValType=X509v3
209
210# Add a timestamp element to an outbound message
211addTimestamp=True
212
213# For WSSE 1.1 - service returns signature confirmation containing signature
214# value sent by client
215applySignatureConfirmation=False
216
217#
218# Gatekeeper settings
219#
220[NDG_SECURITY.gatekeeper]
221#
222# Policy Enforcement Point calls a Policy Decision Point interface:
223
224# File path to Python module containing the PDP class - leave blank if the
225# module is in PYTHONPATH env var
226pdpModFilePath:
227
228# Name of PDP Python module
229pdpModName: ndg.security.common.authz.pdp.browse
230
231# Name of PDP class used
232pdpClassName: BrowsePDP
233
234# File Path to configuration file used by PDP class (environment variables
235# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
236# to make the PEP read the PDP settings from THIS config file
237#pdpCfgFilePath:
238
239# Read PDP params from THIS section
240pdpCfgSection: NDG_SECURITY.gatekeeper
241
242#
243# Settings for Policy Decision Point called by the PEP
244
245# Address of Attribute Authority for Data Provider
246#aaURI: http://aa.ceda.rl.ac.uk
247aaURI: http://localhost:5000/AttributeAuthority
248
249# Verify peer cert for SSL connections to Session Manager
250sslCACertFilePathList: certs/ndg-test-ca.crt
251
252# Set to file object to dump SOAP message output for debugging
253tracefile:
254
255# CA certificates used to verify the signature of user Attribute Certificates
256# - space delimited list but note that currently only the CA of this site
257# is needed because only mapped Attribute Certificates may be accepted.
258acCACertFilePathList: certs/ndg-test-ca.crt
259
260# X.509 Distinguished Name for Attribute Certificate issuer - should match with
261# the issuer element of the users Attribute Certificate submitted in order to
262# gain access
263acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
264#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
265
266# WS-Security signature handler - set a config file with 'wssCfgFilePath'
267# or omit and put the relevant content directly in here under the section name
268# specified by 'wssCfgSection' below
269#wssCfgFilePath: wssecurity.cfg
270
271# Config file section for WS-Security settings - Nb. the gatekeeper shares the
272# same settings as the Single Sign On Service.
273wssCfgSection: NDG_SECURITY.wssecurity
274
275[RELATED]
276icon: %(icondir)srelated_link.png
277icon_alt: Related
278icon_title: Links to a RELATED URL
279
280[DISCOVERY]
281icon: %(icondir)scatalogue_dservice.png
282icon_alt: Catalogue
283default: %(server)s
284formatDefault=DIF
285icon_title: Links to the DISCOVERY RECORD for this dataset
286standalone: False
287#NB, if unset, this will default to the discovery service at ndg.badc.rl.ac.uk
288#discoveryServiceURL:http://localhost:8080/axis2/services/DiscoveryService
289
290[MILK_SERVER]
291#
292# Configure the MILK_SERVER framework here
293#
294editorOn=True
295browseOn=False
296discoveryOn=True
297
Note: See TracBrowser for help on using the repository browser.