Provides basic connection settings for the internal web server, like HTTP and HTTPS connections.
It is possible to configure the HTTP and/or HTTPS connection to the internal webserver. For testing purposes of HTTPS connections, a self signed certificate can be generated before purchasing one from a provider.
The connections to be created at server startup can be HTTP and/or HTTPS. HTTP is the default connection, covering most scenarios. HTTPS transfers the data via an encrypted connection. Both connections can be used in parallel.
With the default configuration the server is available from all ip adresses of the system. If the server should only listen on a defined ip address or hostname, it can be specified in this property. After a restart the server will only be available at the stored ip address or hostname.
The internal web server is listening on the specified port.
Note: the server port can also be set using the environment variable inet_http_port
. This way the server can be started in a dynamic way where the platform provides a specific port, e.g. Heroku.
The internal web server is listening on the specified port for encrypted requests.
Note: the server port can also be set using the environment variable inet_https_port
. This way the server can be started in a dynamic way where the platform provides a specific port, e.g. Heroku.
All unencrypted requests on the standard HTTP port are forwarded to HTTPS. This option is available only if the default ports (80 for HTTP, 443 for HTTPS) are used.
In order to use HTTPS connections, a certificate must be provided. Normally you can purchase one from a provider like Thawte or VeriSign. For testing purposes, a self signed HTTPS certificate can be created.
Some browsers and applications needs all intercertificates of the certificate chain. For this must this certificates also saved in the certificate file. With the PEM Format (Base64) you can do this with a text editor.
In addition to the certificate, the corresponding private key is required to read the encrypted requests. Your SSL certificate provider will also send you this key. Often it's a file with the extension ".key" or is part of the ".pem" file.
Private keys can be stored in PKCS8, X509 or PEM format.
Note: the private key must not have a password set.
The URL given here will be used throughout the system to make absolute links in, e.g. emails work. The URL is determined using the hostname by default. This property does not change the URL at which the server listens.
The external visible URL must be used if the INETAPP server is behind a reverse proxy.
Note: The proxy URL should be provided here in a cloud based environment.
Note: The URL may be relevant for the licensing process and should be provided correctly - so that the start page of the server can be reached using the address. The protocol, FQDN, port and an application server context can be used for the URL
Settings limiting the amount of concurrent requests to speed up the internal web server.
The maximum queue length for incoming socket connection indications (i.e. connection requests). If the maximum value has been reached, further connection requests will be refused.
The number of concurrent HTTP requests accepted and handled by the server. Further requests are queued.
Maximum heap memory for the server process. The default value is 1/4 of the RAM (for 32-bit operating systems the default value is 256 MB). The specified value should not be greater than the free RAM as the swap file usage greatly reduces the performance.
The server language will be used to display error messages in the correct language. This property corresponds to the Java VM property: -Duser.language.
The server country will be used to format currency values in the used language. This property corresponds to the Java VM property: -Duser.country.
This will be passed directly to the VM as an argument.
-javaagent:c:\path\to\your\javaagent.jar
If necessary then it is possible to restart the server in this section. Please note that all unsaved changes will be lost. It could occur that the configuration manager can not reconnect to the server because of changed web server port or modified restrictions for the current user.
Some security settings
Modifies the SameSite
attribute of the Set-Cookie
HTTP response header. More information about the SameSite Cookie can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Note: Using the value None
requires that the browsers accesses the INETAPP server using an HTTPS connection. The login via HTTP is no longer available. If, due to a miss-configuration of the HTTPS access, a login is no longer possible, you have to start the Recovery Manager to correct the issue.
Note: If you're using the OAuth authentication provider you either use Lax
or add the providers OAuth URL to the Allowed Cross Origins
Enabled the Cross-Origin Resource Sharing (CORS). The field contains possible values for the HTTP header Access-Control-Allow-Origin. For example:
*
or
http://foo.example.com, http://bar.example.com
or
*.example.com
The content of the crossdomain.xml in the root.
The content of the robots.txt in the root.
There are two advanced sections, one for additional HTTP and one for HTTPS headers, that can be sent along every response data. This allows to send, e.g. HSTS responses. It is advisable to prefix custom headers with X-
to differentiate them from headers of the standard protocol.
Note: This feature has to be handled with care to not make server responses unusable by the web client.