[httpServer]

Defines options for the httpServer running inside a CTRL manager

[httpServer] accessLog

Type
bool
Default
0
Range
0|1
Defines if the HTTP Server shall write the IP address of each incoming connection into the log/httpAccess.log file

[httpServer] allowPanelParam

Type
bool
Default
0
Range
0|1
Defines if the HTTP Server shall allow the "panel" parameter in the URL to start the ULC User Interface Manager.

[httpServer] autoEncryption

Type
bool
Default
1
Range
0|1
Defines if the HTTP Server shall automatically encrypt all files below the "panels" and "scripts" folder, before sending them to the client. Note: This negatively influences the transferred file size, since encrypted files will not shrink when compressed via gzip.

[httpServer] compatIgnoreForwardedFor

Type
bool
Default
0
Range
0|1
NV compatibility mode. Defines which IP address is used for ULC UX clients connected through a reverse proxy:
  • 0: the original IP address of the browser in which the ULC UX client is running will be read from the HTTP header X-Forwarded-For and used for myDisplayName() and UI settings.
  • 1: the IP address of the reverse proxy is used for myDisplayName() and UI settings (compatible to versions below 3.19 P009).

[httpServer] compressionCacheEnabled

Type
bool
Default
1
Range
0|1
Defines if the HTTP server shall send a gzip compressed file to a capable client, where the HTTP server creates the gzipped version automatically and stores it below the <proj_path>/cache directory. The HTTP server makes sure that a change in the timestamp of the original file leads to an update of the compressed file in the cache the next time the file is requested.

[httpServer] externalAuthHeader

Type
string
Defines the name of a special HTTP header which, when present, is used to specifiy the user for this request, which was already authenticated by an external application. The HTTP Server will therefore not do any authentication on this request and relies on the external application to be trustable. NOTE: If used incorrectly, this is a security leak.

[httpServer] externalAuthParam

Type
string
Defines the name of a special URL query parameter which, when present, is used to specifiy the user for this request, which was already authenticated by an external application. The HTTP Server will therefore not do any authentication on this request and relies on the external application to be trustable. NOTE: If used incorrectly, this is a security leak.

[httpServer] favIcon

Type
string
Default
/pictures/StandardIcons/Console_20.png
Defines the relative path for the icon which is delivered when the server is asked for "/favicon.ico".

[httpServer] httpHeader

Type
string
Default
See Description
The entry allows to set the content of the HTTP header entries. HTTP header specific settings can be configured for the HTTP(S) communication. The httpHeader entry can be set multiple times to apply addional settings. Each entry creates a new HTTP header for the HTTP(S) Requests. Default:

  httpHeader = "X-XSS-Protection: 1; mode=block"
  httpHeader = "X-Content-Type-Options: nosniff"
  httpHeader = "Cache-Control: private"
  httpHeader = "Cache-Control: must-revalidate"

To remove all entrys of the HTTP header (including the default values) following entry can be used:


  httpHeader = "-empty list-"

Note: Mandatory header entries will not be removed.

[httpServer] indexPage

Type
string
Default
/data/index.html
Defines the start page which the HTTP server delivers when the root URL "/" was requested. This is only used if the root URL "/" was not already registered with httpConnect().

[httpServer] loadBalance

Type
string
Range
hostname [max=5]
Is used for load balancing of started ULC 2.0 User Interface Managers. This entry can be used multiple times. Each entry defines an additional host, on which an HTTP server is running, which is allowed to start a ULC 2.0 Users Interface Manager. The maximum number of UI managers on this host can be defined with the max=x option. If the max option is not given, 5 is the default.

Example: loadBalance = "win10-140 max=10 exts=extern.etm.at:445 ext=extern.etm.at:82" loadBalance = "win10-141 max=10 exts=extern.etm.at:446 ext=extern.etm.at:83"

exts= is used when the connection is encrypted, i.e. when working via https://.

ext= is sent to the client (the ULC JavaScript part) if the connection is not encrypted, i.e. if http:// is used.

Note: In a redundant system, when this config entry is not given, the HTTP server uses both redu-servers as load balancer hosts (when the HTTP server is running on either of the servers). In this case it is required to run the HTTP Server CTRL Manager with -connectToRedundantHosts, otherwise the other host does not know that a CTRL manager is running as the Event manager only writes onto its local connections dp

[httpServer] pngCompression

Type
int
Default
100
Range
0..100
Sets the compression of the transferred png data. 0 = no compression (fast, but uses more bandwidth), 100 = max compression (slower, uses less bandwidth)

[httpServer] strictTransportSecurityMaxAge

Type
uint
Default
31536000 (= ~1 year)
Defines the value for the "max-age" parameter that should be used for the Strict-Transport-Security of the HTTP server. If a value of 0 or no value is set the Strict-Transport-Security is not used. Note: If there are problems with untrusted certificates, this value can be set to 0. However, this will open a security leak.

[httpServer] uiArguments

Type
string
Default
-p vision/login.pnl -centered -iconBar -menuBar
Startparameter for the Ultralight Client 2.0. A UI Manager is being started, therefore all commandline arguments, as when started from the console, can be used. The HTTP Server always automatically passes the following commandline arguments in addition:
  • -lang XXXX ... active language, uses the preferred language received from the Web-Browser
  • -server XXXXX ... When the HTTP server does not run on the same host as the Event Manager, we assume that the UI manager can not read the project files (panels, CTRL-lib, etc.) from the local disc. Therefore with this option the UI will request the files via HTTP requests from the main server. This feature requires a running HTTP server on the machine on which the Event Manager runs (in case of a redundant project, there must be an HTTP server running on each of the redu hosts) You can disable this behavior with the config entry 'uiUsesMainServerAsFileServer = 0'

[httpServer] uiStartPermissionBit

Type
int
Default
-1
Defines the permission bit a user needs to have set to be allowed to start the ULC 2.0 client. To know the user of an HTTP request, the HTTP Server must be used with authentication (e.g. "Basic", "Negotiate")

[httpServer] uiUsesMainServerAsFileServer

Type
bool
Default
1
Range
0|1
Defines if the HTTP Server, when run on a different machine than the Event Manager, shall pass the -server XXX option to the ULC 2.0 User Interface started to be able to request project files from the main server via HTTP requests instead of reading project files from the local disc. However, it is recommended to keep project files locally on the HTTP Server and to set this option to 0, as described in the ULC UX Architecture documentation

[httpServer] ulcAliveTimeout

Type
uint
Default
60
The timeout in seconds after the UI manager for an unresponsive ULC UX client (e.g. if there is a network interruption) is terminated by the server.
  • If 0, no timeout is checked
  • If the value is part of the interval [1..10], 10 seconds is used as the timeout value
  • The default value if not specified is 60 seconds

[httpServer] ulcUseClientTimeZone

Type
bool
Default
0 on Windows, 1 on all other platforms
Range
0|1
Defines the timezone used to display time values in ULC UX clients. If set to 1(true) the time zone from the ULC UX client is used, with 0(false) the server's time zone is used. Due to the limited support for a different time zone for a single process in Windows the default is set to 0 for those systems. Should ulcUseClientTimeZone be set to 1 in Windows the following problems may occur:
  • incomplete historical information about time zones
  • inaccurate or missing dates for transitions between standard and daylight saving time (DST)
  • no DST support for the Southern hemisphere

[httpServer] XFrameOptions

Type
string
Default
SAMEORIGIN
Range
none

A security measurement prevents to load content from a different website. This is called "clickjacking" protection.

To nevertheless load the content of the foreign server inside your own website the HTML Header parameter X-Frame-Options can be used to configure the expected behavior.

This parameter must be set on the remote server and contain the URL of your server to display the foreign content on your server.

There are 4 different options available for the XFrameOptions config entry:

  • "none": is used to completely deactivate this option
  • "DENY":  Foreign content is not loaded.
  • "SAMEORIGIN": Only content from your own server is loaded.
  •  "ALLOW-FROM": Only the content is loaded for which the X-Frame-Options HTML Header parameter is set correctly. Must be configured on the foreign server!

Example:

First server: www.myFirstServer.com

Second server: www.mySecondServer.com

To display the content from the second server within the first server (e.g. using an iframe) the second server must state the parameter "XFrameOptions: ALLOW-FROM http://www.myFirstServer.com" within the HTML header. This can be configured by setting following config entry within the config of the second webserver.

[httpServer]
XFrameOptions = "ALLOW-FROM http://www.myFirstServer.com"