source: MILK/trunk/milk_server/milk.config @ 5914

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/MILK/trunk/milk_server/milk.config@5931
Revision 5914, 10.2 KB checked in by sdonegan, 10 years ago (diff)

Updated with paths for new service dummy icons

Line 
1#
2# MILK Configuration File
3# - see toplevel README.txt file for config instructions
4#
5[DEFAULT]
6#
7# the following is the server on which this browse/discovery instance runs!
8server:         http://localhost:8081
9
10#
11# the following is the server on which the NDG discovery service is running! (Not to be confused with
12# the server on which the NDG discovery web service is running). This can and probably should be the local
13# server (i.e. don't change it!)
14#
15ndgServer:      %(server)s
16#
17##!NOTE: These are changed to  reflect the proxy prefix
18layout:          /layout/
19icondir:         /layout/icons/
20
21#
22mailServer:       xxxoutbox.rl.ac.uk
23metadataMaintainer: b.n.lawrence@rl.ac.uk
24repository:        %(server)s
25tbrecipient:      b.n.lawrence@rl.ac.uk
26
27# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
28proxyServer:      http://wwwcache.rl.ac.uk:8080/
29disclaimer:       
30
31# if set to True, errors output will generally be more verbose - e.g. with stacktrace to templates
32debug: True             
33
34[SEARCH]
35discoveryURL:       %(ndgServer)s/discovery
36
37[layout]
38localLink:      %(ndgServer)s/layout/
39localImage:     %(icondir)sndg_logo_circle.gif
40localAlt:       visit badc
41ndgLink:        http://ndg.nerc.ac.uk/
42ndgImage:       %(icondir)sndg_logo_circle.gif
43ndgAlt:         visit ndg
44stfcLink:       http://ceda.stfc.ac.uk/
45stfcImage:      %(icondir)sstfc-circle-sm.gif
46key:            %(icondir)spadlock.png
47Xicon:          %(icondir)sxml.png
48plot:           %(icondir)splot.png
49printer:        %(icondir)sprinter.png
50helpIcon:       %(icondir)shelp.png
51HdrLeftAlt:     %(icondir)s British Atmospheric Data Centre
52HdrLeftLogo:    %(icondir)sbadc_logo.gif
53navMinus:       %(icondir)snavigate_minus.png
54navPlus:                %(icondir)snavigate_plus.png
55loadingIcon:    %(icondir)sloading.gif
56feedIcon:       %(icondir)sfeed-icon-28x28.png
57vocabSrchIcon:  %(icondir)sVocabTermSearch_button.png
58textSrchIcon:   %(icondir)sFreetTextSearch_button.png
59ndgBrowseIcon:  %(icondir)sndg_logo_circle_SMALL.png
60wmsIcon:        %(icondir)sWMS.png
61wcsIcon:        %(icondir)sWCS.png
62wfsIcon:        %(icondir)sWFS.png
63visIcon:        %(icondir)sVIS.png
64
65[WMC_CLIENT]
66# specify url for the client; if not specified it will not be possible to view WMS data for
67# discovered records
68url=
69
70[NDG_A_SERVICE]
71icon: %(icondir)splot.png
72icon_alt: A Service
73icon_title: LINKS to a DATA BROWSE view of this dataset
74
75[NDG_B_SERVICE]
76#
77#These are the hosts which are publicly available on which the browse
78#service is running. The list should be of the form 'repository: hostname'
79#where repository is the NDG identifier ....
80#
81neodc.nerc.ac.uk: %(server)s
82badc.nerc.ac.uk: %(server)s
83www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
84grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
85ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
86icon: %(icondir)sbrowse_bservice.png
87icon_alt: B Service
88icon_title: Links to a METADATA BROWSE view of this dataset
89instance: SERVICEHOST/view/URI
90
91[NDG_EXIST]
92#
93# following is a list of repository servers, actually only one is needed,
94# at any one location running browse, and that is the local one. The
95# entire purpose of the rest of the list is to simplify updates. These
96# hosts do not need to be visible outside of corporate firewalls.
97# The list should be of the form 'repository: hostname' where repository
98# is the NDG identifier.
99#
100local: bora.badc.rl.ac.uk
101badc.nerc.ac.uk: bora.badc.rl.ac.uk
102neodc.nerc.ac.uk: bora.badc.rl.ac.uk
103grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
104ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
105www.npm.ac.uk: pgsql.npm.ac.uk
106passwordFile: ./passwords.txt
107
108#
109# NDG Security
110# TODO: this security stuff is obsolete and when Phil's new security layer is added
111# it should be completely stripped out of the MILK codebase
112#
113
114# Security settings for configuration as a client to a Single Sign On Service
115# i.e. Where Are You From, login and logout operations are handled by a
116# separate standalone paster instance
117#[NDG_SECURITY.ssoClient]
118## THIS service's address for secure connections - the Single Sign On service
119## returns security parameters to this service along this channel
120#sslServer: https://localhost
121##sslServer: https://ndgbeta.badc.rl.ac.uk
122#
123## THIS service's address for unencrypted connections - when login is complete,
124## the BaseController redirects to an equivalent address under this host name.
125## sslServer and server settings must match for the sharing of cookies.
126#server: http://localhost
127#
128## WAYF running on Single Sign On Service - omit to default to WAYF running on
129## THIS paster instance
130#wayfURI:               https://localhost/sso/wayf
131#
132## Logout URI running on Single Sign On Service - omit to default to logout
133## running on THIS paster instance
134#logoutURI:             https://localhost/sso/logout
135
136# Security settings for running a Single Sign On Service from this paster
137# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
138# should be set but NOT both
139
140# Single Sign On Service Settings
141[NDG_SECURITY.ssoService]
142
143# THIS service's address for secure connections - the Single Sign On service
144# returns security parameters to this service along this channel
145sslServer: https://localhost
146#sslServer: https://ndgbeta.badc.rl.ac.uk
147
148# THIS service's address for unencrypted connections - when login is complete,
149# the BaseController redirects to an equivalent address under this host name.
150# sslServer and server settings must match for the sharing of cookies.
151server: http://localhost
152
153enableOpenID: True
154
155# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
156tracefile: None
157#tracefile: sys.stderr
158
159# Service addresses
160sessionMgrURI: https://localhost/SessionManager
161#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
162attAuthorityURI: http://localhost:5000/AttributeAuthority
163#attAuthorityURI: http://aa.ceda.rl.ac.uk
164
165# SSL Connections
166#
167# Space separated list of CA cert. files.  The peer cert.
168# must verify against at least one of these otherwise the connection is
169# dropped.  Include CA certs for all the sites trusted
170sslCACertFilePathList: certs/ndg-test-ca.crt
171
172# Web Services HTTP Proxy fine tuning
173#
174# For most situations, these settings can be ignored and instead make use of
175# the http_proxy environment variable.  They allow for the case where specific
176# settings are needed just for the security web services calls
177
178# Overrides the http_proxy environment variable setting - may be omitted
179#httpProxyHost: wwwcache.rl.ac.uk:8080
180
181# Web service clients pick up the no_proxy environment variable setting by
182# default.  Set this parameter to override no_proxy for web service
183# connections. 
184#noHttpProxyList: localhost, 127.0.0.1
185
186# WS-Security signature handler - set a config file with 'wssCfgFilePath'
187# or omit and put the relevant content directly in here under
188# 'NDG_SECURITY.wssecurity' section
189#wssCfgFilePath: wssecurity.cfg
190
191[NDG_SECURITY.wssecurity]
192
193# Settings for signature of an outbound message ...
194
195# Certificate associated with private key used to sign a message.  The sign
196# method will add this to the BinarySecurityToken element of the WSSE header. 
197# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
198# As an alternative, use 'signingCertChain' parameter
199
200# file path PEM encoded cert
201signingCertFilePath=certs/clnt.crt
202
203# file path to PEM encoded private key file
204signingPriKeyFilePath=certs/clnt.key
205
206# Password protecting private key.  Leave blank if there is no password.
207signingPriKeyPwd=
208
209# Provide a space separated list of file paths.  CA Certs should be included
210# for all the sites this installation trusts
211caCertFilePathList=certs/ndg-test-ca.crt
212
213# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
214# signed message. 
215reqBinSecTokValType=X509v3
216
217# Add a timestamp element to an outbound message
218addTimestamp=True
219
220# For WSSE 1.1 - service returns signature confirmation containing signature
221# value sent by client
222applySignatureConfirmation=False
223
224#
225# Gatekeeper settings
226#
227[NDG_SECURITY.gatekeeper]
228#
229# Policy Enforcement Point calls a Policy Decision Point interface:
230
231# File path to Python module containing the PDP class - leave blank if the
232# module is in PYTHONPATH env var
233pdpModFilePath:
234
235# Name of PDP Python module
236pdpModName: ndg.security.common.authz.pdp.browse
237
238# Name of PDP class used
239pdpClassName: BrowsePDP
240
241# File Path to configuration file used by PDP class (environment variables
242# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
243# to make the PEP read the PDP settings from THIS config file
244#pdpCfgFilePath:
245
246# Read PDP params from THIS section
247pdpCfgSection: NDG_SECURITY.gatekeeper
248
249#
250# Settings for Policy Decision Point called by the PEP
251
252# Address of Attribute Authority for Data Provider
253#aaURI: http://aa.ceda.rl.ac.uk
254aaURI: http://localhost:5000/AttributeAuthority
255
256# Verify peer cert for SSL connections to Session Manager
257sslCACertFilePathList: certs/ndg-test-ca.crt
258
259# Set to file object to dump SOAP message output for debugging
260tracefile:
261
262# CA certificates used to verify the signature of user Attribute Certificates
263# - space delimited list but note that currently only the CA of this site
264# is needed because only mapped Attribute Certificates may be accepted.
265acCACertFilePathList: certs/ndg-test-ca.crt
266
267# X.509 Distinguished Name for Attribute Certificate issuer - should match with
268# the issuer element of the users Attribute Certificate submitted in order to
269# gain access
270acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
271#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
272
273# WS-Security signature handler - set a config file with 'wssCfgFilePath'
274# or omit and put the relevant content directly in here under the section name
275# specified by 'wssCfgSection' below
276#wssCfgFilePath: wssecurity.cfg
277
278# Config file section for WS-Security settings - Nb. the gatekeeper shares the
279# same settings as the Single Sign On Service.
280wssCfgSection: NDG_SECURITY.wssecurity
281
282[RELATED]
283icon: %(icondir)srelated_link.png
284icon_alt: Related
285icon_title: Links to a RELATED URL
286
287[DISCOVERY]
288icon: %(icondir)scatalogue_dservice.png
289icon_alt: Catalogue
290default: %(server)s
291formatDefault=DIF
292icon_title: Links to the DISCOVERY RECORD for this dataset
293standalone: True
294#NB, if unset, this will default to the discovery service at ndg.badc.rl.ac.uk
295#discoveryServiceURL:http://localhost:8080/axis2/services/DiscoveryService
296
297[MILK_SERVER]
298#
299# Configure the MILK_SERVER framework here
300#
301editorOn=True
302browseOn=False
303discoveryOn=True
304
Note: See TracBrowser for help on using the repository browser.