Web Server

Provides basic connection settings for the internal web server, like HTTP and HTTPS connections.

Connections

It is possible to configure the HTTP and/or HTTPS connection to the internal webserver. For testing purposes of HTTPS connections, a self signed certificate can be generated before purchasing one from a provider.

Type

The connections to be created at server startup can be HTTP and/or HTTPS. HTTP is the default connection, covering most scenarios. HTTPS transfers the data via an encrypted connection. Both connections can be used in parallel.

  • Default value: HTTP

Bind IP-Address

With the default configuration the server is available from all ip adresses of the system. If the server should only listen on a defined ip address or hostname, it can be specified in this property. After a restart the server will only be available at the stored ip address or hostname.

Context

Using the Context option the INETAPP server is being run below the given path. It allows to run the server alongside other applications on the same server URL - similar to application servers.

Note: The context given has to start with a / and must not end with a /.

Note: Setting a different context will disable Let's Encrypt certificate retrieval. This is due to Let's Encrypts nature to check for the /.well-known/acme-challenge response at the servers root.

HTTP Port

The internal web server is listening on the specified port.

Note: the server port can also be set using the environment variable inet_http_port. This way the server can be started in a dynamic way where the platform provides a specific port, e.g. Heroku.

HTTPS Port

The internal web server is listening on the specified port for encrypted requests.

Note: the server port can also be set using the environment variable inet_https_port. This way the server can be started in a dynamic way where the platform provides a specific port, e.g. Heroku.

Redirect all HTTP requests to HTTPS

All unencrypted requests on the standard HTTP port are forwarded to HTTPS. This option is available only if the default ports (80 for HTTP, 443 for HTTPS) are used.

Certificate

In order to use HTTPS connections, a certificate must be provided. Normally you can purchase one from a provider like Thawte or VeriSign. For testing purposes, a self signed HTTPS certificate can be created.

Some browsers and applications needs all intercertificates of the certificate chain. For this must this certificates also saved in the certificate file. With the PEM Format (Base64) you can do this with a text editor.

Private key

In addition to the certificate, the corresponding private key is required to read the encrypted requests. Your SSL certificate provider will also send you this key. Often it's a file with the extension ".key" or is part of the ".pem" file.

Private keys can be stored in PKCS8, X509 or PEM format.

Note: the private key must not have a password set.

External visible URL

The URL given here will be used throughout the system to make absolute links in, e.g. emails work. The URL is determined using the hostname by default. This property does not change the URL at which the server listens.

The external visible URL must be used if the INETAPP server is behind a reverse proxy.

Note: The proxy URL should be provided here in a cloud based environment.

Note: The URL may be relevant for the licensing process and should be provided correctly - so that the start page of the server can be reached using the address. The protocol, FQDN, port and an application server context can be used for the URL

Performance

Settings limiting the amount of concurrent requests to speed up the internal web server.

Max Concurrent Requests

The maximum queue length for incoming socket connection indications (i.e. connection requests). If the maximum value has been reached, further connection requests will be refused.

  • Default value: 500

Max HTTP Requests

The number of concurrent HTTP requests accepted and handled by the server. Further requests are queued.

  • Default value: 250

Max Heap Memory

Maximum heap memory for the server process. The default value is 1/4 of the RAM (for 32-bit operating systems the default value is 256 MB). The specified value should not be greater than the free RAM as the swap file usage greatly reduces the performance.

Server Language

The server language will be used to display error messages in the correct language. This property corresponds to the Java VM property: -Duser.language.

  • Default value: System setting of the operating system

Server Country

The server country will be used to format currency values in the used language. This property corresponds to the Java VM property: -Duser.country.

  • Default value: System setting of the operating system

Other VM Arguments

This will be passed directly to the VM as an argument.

  • Default value: Empty
  • Example: -javaagent:c:\path\to\your\javaagent.jar

Server Restart

If necessary then it is possible to restart the server in this section. Please note that all unsaved changes will be lost. It could occur that the configuration manager can not reconnect to the server because of changed web server port or modified restrictions for the current user.

Security

Some security settings

Modifies the SameSite attribute of the Set-Cookie HTTP response header. More information about the SameSite Cookie can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Note: Using the value None requires that the browsers accesses the INETAPP server using an HTTPS connection. The login via HTTP is no longer available. If, due to a miss-configuration of the HTTPS access, a login is no longer possible, you have to start the Recovery Manager to correct the issue.

Note: If you're using the OAuth authentication provider you either use Lax or add the providers OAuth URL to the Allowed Cross Origins

Allowed Origins

Enables the Cross-Origin Resource Sharing (CORS) checks. If a value is entered in this fields (see below) it will sent the Access-Control-Allow-Origin to browsers containing:

  1. the values from this field and
  2. the public visible URL

The header entry will make sure the browser adheres to the CORS rules. Additionally the server will also check for that it is addressed with any of the given values. That means that you can not can the servers interface with any other addresses as configured by the public visible URL or any of the values in the Allowed Origins field.

Examples

*

or

http://foo.example.com, http://bar.example.com:9000

or

*.example.com

crossdomain.xml

The content of the crossdomain.xml in the root.

robots.txt

The content of the robots.txt in the root.

Additional HTTP Header

There are two advanced sections, one for additional HTTP and one for HTTPS headers, that can be sent along every response data. This allows to send, e.g. HSTS responses. It is advisable to prefix custom headers with X- to differentiate them from headers of the standard protocol.

Note: Headers that may be interesting for setting up HSTS are documented in the Revewrse Proxy configuration. If your are not using a reverse proxy, you can set these headers here as well.

Note: This feature has to be handled with care to not make server responses unusable by the web client.