Default config files¶
Yaml config¶
Dropwizard configuration with both orient and security configs declared as yaml:
orient-server:
files-path: $TMP/db/
config:
users:
- name: root
password: root
resources: '*'
- name: guest
password: guest
resources: 'connect,server.listDatabases,server.dblist'
handlers:
# enable below lines if graph version used and gremlin support required
# - clazz: com.orientechnologies.orient.graph.handler.OGraphServerHandler
# parameters:
# - enabled: true
# - graph.pool.max: 50
# enable for distributed mode support (requires extra orientdb-distributed dependency)
# - clazz: com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin
# parameters:
# - enabled: true
# - configuration.db.default: '${ORIENTDB_HOME}/config/default-distributed-db-config.json'
# - configuration.hazelcast: '${ORIENTDB_HOME}/config/hazelcast.xml'
# enable for defining sql functions in json file
# - clazz: com.orientechnologies.orient.server.handler.OCustomSQLFunctionPlugin
# parameters:
# - config: ${ORIENTDB_HOME}/config/custom-sql-functions.json
- clazz: com.orientechnologies.orient.server.handler.OJMXPlugin
parameters:
- enabled: true
- profilerManaged: true
- clazz: com.orientechnologies.orient.server.handler.OAutomaticBackup
parameters:
# may be configured with separate json file (see distribution)
# - config: '${ORIENTDB_HOME}/config/automatic-backup.json'
- enabled: false
- mode: FULL_BACKUP
- exportOptions:
- firstTime: 23:00:00
- delay: 4h
- target.directory: backup
- target.fileName: '${DBNAME}-${DATE:yyyyMMddHHmmss}.zip'
- compressionLevel: 9
- bufferSize: 1048576
- db.include:
- db.exclude:
- clazz: com.orientechnologies.orient.server.handler.OServerSideScriptInterpreter
parameters:
- enabled: true
- allowedLanguages: SQL
network:
# example of custom sockets configuration
# sockets:
# - name: ssl
# implementation: com.orientechnologies.orient.server.network.OServerTLSSocketFactory
# parameters:
# - network.ssl.clientAuth: false
# - network.ssl.keyStore: 'config/cert/orientdb.ks'
# - network.ssl.keyStorePassword: password
# - network.ssl.trustStore: 'config/cert/orientdb.ks'
# - network.ssl.trustStorePassword: password
# - name: https
# implementation: com.orientechnologies.orient.server.network.OServerTLSSocketFactory
# parameters:
# - network.ssl.clientAuth: false
# - network.ssl.keyStore: 'config/cert/orientdb.ks'
# - network.ssl.keyStorePassword: password
# - network.ssl.trustStore: 'config/cert/orientdb.ks'
# - network.ssl.trustStorePassword: password
protocols:
- binary: com.orientechnologies.orient.server.network.protocol.binary.ONetworkProtocolBinary
- http: com.orientechnologies.orient.server.network.protocol.http.ONetworkProtocolHttpDb
listeners:
- protocol: binary
ipAddress: 0.0.0.0
portRange: 2424-2430
socket: default
- protocol: http
ipAddress: 0.0.0.0
portRange: 2480-2490
socket: default
parameters:
- network.http.charset: utf-8
- network.http.jsonResponseError: true
commands:
- pattern: 'GET|www GET|studio/ GET| GET|*.htm GET|*.html GET|*.xml GET|*.jpeg GET|*.jpg GET|*.png GET|*.gif GET|*.js GET|*.css GET|*.swf GET|*.ico GET|*.txt GET|*.otf GET|*.pjs GET|*.svg GET|*.json GET|*.woff GET|*.woff2 GET|*.ttf GET|*.svgz'
implementation: com.orientechnologies.orient.server.network.protocol.http.command.get.OServerCommandGetStaticContent
stateful: false
parameters:
- http.cache:*.htm *.html: 'Cache-Control: no-cache, no-store, max-age=0, must-revalidate\r\nPragma: no-cache'
- http.cache:default: 'Cache-Control: max-age=120'
# enable below lines if graph version used and gephi support required
# - pattern: 'GET|gephi/*'
# stateful: false
# implementation: com.orientechnologies.orient.server.network.protocol.http.command.get.OServerCommandGetGephi
properties:
# see com.orientechnologies.orient.core.config.OGlobalConfiguration for all supported properties
- profiler.enabled: true
#configures the profiler as <seconds-for-snapshot>,<archive-snapshot-size>,<summary-size>
- profiler.config: '30,10,10'
security:
enabled: true
debug: false
server:
createDefaultUsers: true
authentication:
enabled: true
allowDefault: true
authenticators:
- name: Password
class: com.orientechnologies.orient.server.security.authenticator.ODefaultPasswordAuthenticator
enabled: true
users:
- username: "guest"
resources: "server.listDatabases,server.dblist"
- name: ServerConfig
class: com.orientechnologies.orient.server.security.authenticator.OServerConfigAuthenticator
enabled: true
- name: SystemAuthenticator
class: com.orientechnologies.orient.server.security.authenticator.OSystemUserAuthenticator
enabled: true
auditing:
class: com.orientechnologies.security.auditing.ODefaultAuditing
enabled: false
Xml config¶
The same as previous, but orient configuration declared in external xml file:
orient-server:
files-path: $TMP/db/
config-file: 'conf/sample.xml'
# security section omitted
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<orient-server>
<handlers>
<!-- enable below lines if graph version used and gremlin support required -->
<!--<handler class="com.orientechnologies.orient.graph.handler.OGraphServerHandler">-->
<!--<parameters>-->
<!--<parameter value="true" name="enabled"/>-->
<!--<parameter value="50" name="graph.pool.max"/>-->
<!--</parameters>-->
<!--</handler>-->
<!-- enable for distributed usage (requires orientdb-distributed dependency) -->
<!--<handler class="com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin">-->
<!--<parameters>-->
<!--<parameter value="${distributed}" name="enabled"/>-->
<!--<parameter value="${ORIENTDB_HOME}/config/default-distributed-db-config.json" name="configuration.db.default"/>-->
<!--<parameter value="${ORIENTDB_HOME}/config/hazelcast.xml" name="configuration.hazelcast"/>-->
<!--</parameters>-->
<!--</handler>-->
<!-- JMX SERVER, TO TURN ON SET THE 'ENABLED' PARAMETER TO 'true' -->
<handler class="com.orientechnologies.orient.server.handler.OJMXPlugin">
<parameters>
<parameter value="false" name="enabled"/>
<parameter value="true" name="profilerManaged"/>
</parameters>
</handler>
<!-- AUTOMATIC BACKUP, TO TURN ON SET THE 'ENABLED' PARAMETER TO 'true' -->
<handler class="com.orientechnologies.orient.server.handler.OAutomaticBackup">
<parameters>
<parameter value="false" name="enabled"/>
<!-- separate config file may be used with (see original orient distribution config) -->
<!--<parameter value="${ORIENTDB_HOME}/config/automatic-backup.json" name="config"/>-->
<parameter name="enabled" value="false"/>
<parameter name="mode" value="FULL_BACKUP"/>
<parameter name="exportOptions" value=""/>
<parameter name="delay" value="4h"/>
<parameter name="firstTime" value="23:00:00"/>
<parameter name="target.directory" value="backup"/>
<parameter name="target.fileName" value="${DBNAME}-${DATE:yyyyMMddHHmmss}.zip"/>
<parameter name="compressionLevel" value="9"/>
<parameter name="bufferSize" value="1048576"/>
<!-- if empty, backups all databases -->
<parameter name="db.include" value=""/>
<parameter name="db.exclude" value=""/>
<!-- USE COMMA TO SEPARATE MULTIPLE DATABASE NAMES -->
</parameters>
</handler>
<!-- SERVER SIDE SCRIPT INTERPRETER. WARNING! THIS CAN BE A SECURITY HOLE:
ENABLE IT ONLY IF CLIENTS ARE TRUST, TO TURN ON SET THE 'ENABLED' PARAMETER
TO 'true' -->
<handler class="com.orientechnologies.orient.server.handler.OServerSideScriptInterpreter">
<parameters>
<parameter value="true" name="enabled"/>
<parameter value="SQL" name="allowedLanguages"/>
</parameters>
</handler>
</handlers>
<network>
<sockets>
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="ssl">
<parameters>
<parameter value="false" name="network.ssl.clientAuth"/>
<parameter value="config/cert/orientdb.ks" name="network.ssl.keyStore"/>
<parameter value="password" name="network.ssl.keyStorePassword"/>
<parameter value="config/cert/orientdb.ks" name="network.ssl.trustStore"/>
<parameter value="password" name="network.ssl.trustStorePassword"/>
</parameters>
</socket>
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
<parameters>
<parameter value="false" name="network.ssl.clientAuth"/>
<parameter value="config/cert/orientdb.ks" name="network.ssl.keyStore"/>
<parameter value="password" name="network.ssl.keyStorePassword"/>
<parameter value="config/cert/orientdb.ks" name="network.ssl.trustStore"/>
<parameter value="password" name="network.ssl.trustStorePassword"/>
</parameters>
</socket>
</sockets>
<protocols>
<protocol implementation="com.orientechnologies.orient.server.network.protocol.binary.ONetworkProtocolBinary" name="binary"/>
<protocol implementation="com.orientechnologies.orient.server.network.protocol.http.ONetworkProtocolHttpDb" name="http"/>
</protocols>
<listeners>
<listener protocol="binary" socket="default" port-range="2424-2430" ip-address="0.0.0.0"/>
<listener protocol="http" socket="default" port-range="2480-2490" ip-address="0.0.0.0">
<commands>
<command implementation="com.orientechnologies.orient.server.network.protocol.http.command.get.OServerCommandGetStaticContent" pattern="GET|www GET|studio/ GET| GET|*.htm GET|*.html GET|*.xml GET|*.jpeg GET|*.jpg GET|*.png GET|*.gif GET|*.js GET|*.css GET|*.swf GET|*.ico GET|*.txt GET|*.otf GET|*.pjs GET|*.svg GET|*.json GET|*.woff GET|*.woff2 GET|*.ttf GET|*.svgz" stateful="false">
<parameters>
<entry value="Cache-Control: no-cache, no-store, max-age=0, must-revalidate\r\nPragma: no-cache" name="http.cache:*.htm *.html"/>
<entry value="Cache-Control: max-age=120" name="http.cache:default"/>
</parameters>
</command>
<command implementation="com.orientechnologies.orient.server.network.protocol.http.command.get.OServerCommandGetGephi" pattern="GET|gephi/*" stateful="false"/>
</commands>
<parameters>
<parameter value="utf-8" name="network.http.charset"/>
<parameter value="true" name="network.http.jsonResponseError"/>
</parameters>
</listener>
</listeners>
</network>
<storages/>
<users>
<user resources="*" password="root" name="root"/>
<user resources="connect,server.listDatabases,server.dblist" password="guest" name="guest"/>
</users>
<properties>
<entry value="1" name="db.pool.min"/>
<entry value="50" name="db.pool.max"/>
<entry value="false" name="profiler.enabled"/>
</properties>
</orient-server>
Json security config¶
Security config defined in external json file:
orient-server:
files-path: $TMP/db/
# may be declared as yaml
config-file: 'conf/sample.xml'
security-file: 'conf/security.json'
{
"enabled": true,
"debug": false,
"server": {
"createDefaultUsers": true
},
"authentication": {
"enabled": true,
"allowDefault": true,
"authenticators": [
{
"name": "Password",
"class": "com.orientechnologies.orient.server.security.authenticator.ODefaultPasswordAuthenticator",
"enabled": true,
"users": [
{
"username": "guest",
"resources": "server.listDatabases,server.dblist"
}
]
},
{
"name": "ServerConfig",
"class": "com.orientechnologies.orient.server.security.authenticator.OServerConfigAuthenticator",
"enabled": true
},
{
"name": "SystemAuthenticator",
"class": "com.orientechnologies.orient.server.security.authenticator.OSystemUserAuthenticator",
"enabled": true
} ]
},
"auditing": {
"class": "com.orientechnologies.security.auditing.ODefaultAuditing",
"enabled": false
}
}