Configuration of the Bloonix-WebGUI
The configuration of the Bloonix WebGUI is in the file /etc/bloonix/webgui/main.conf.
Parameter: app_name
Default: not set
This parameter is required by the MVC framework bloonix.heaven to find the path to the application. This parameter should not be changed unless you know what you are doing.
Parameter: user, group
Default: bloonix
By default, the Bloonix WebGUI runs under the user and group bloonix.
Section: app
In this section the parameters for interaction with the browser and the WebGUI are set.
Parameter session_expire_time
Default: 3h
After what time should the session of a logged in user automatically expire.
Parameter: session_refresh_time
Default: 10m
The duration of a session is not renewed with every HTTP request. Here you can specify after what time the duration should be renewed.
Parameter: cookie_secure
Default: True
Should the attribute Secure be set for session cookies.
Parameter: cookie_http_only
Should the attribute HttpOnly be set for session cookies.
Parameter: add_header
Default: not set
HTTP headers can be set here, e.g.:
add_header X-Content-Type-Options nosniff
add_header Strict-Transport-Security max-age=63072000
add_header X-Frame-Options SAMEORIGIN
add_header Content-Security-Policy default-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self' data:;login_logger
Default: not set
Incorrect logins are logged. If you would like to be informed by email that an incorrect login has occurred, you can set the sender and recipient here.
2fa_mail_from + 2fa_command
Important Notice: Only one of the two parameters can be set in the configuration. If both parameters are set, the WebGUI can no longer be started and an error is produced.
2fa_mail_from
Default: not set
The WebGUI supports two-factor authentication via email (/usr/sbin/sendmail). It may be necessary to enter a valid sender address here so that the sending works correctly. The recipient address is entered in the user management in the WebGUI. Please do not forget to set up the MTA correctly.
2fa_command
Default: not set
In addition to the parameter 2fa_mail_from, it is possible to use your own script for two-factor authentication. This would give you the option of connecting any 2FA service. Let’s take the following configuration as an example:
2fa_command /usr/local/bin/my-2fa-scriptAfter restarting the WebGUI, the parameter is active. The recipient address is entered in the user management in the WebGUI. The next time you log in, the script is called with the following parameters:
/usr/local/bin/my-2fa-script <<EOT
{
"2fa_code": $code,
"2fa_addr": $address,
"username": $username,
"name": $name,
"language": $language
}
EOTThe data of the user who wants to log in is passed to the STDIN of the script together with the auth code in JSON format. You can now manage the sending of the auth code to the user in the script itself.
Section: logger
Logging is defined in the logger section.
The following levels are available:
- emergency
- alert
- critical
- error,
- warning
- notice
- info
- debug
The following patterns are available:
%L Log level
%T Timestamp
%P PID
%H Hostname
%U User name
%G Group name
%N Newline
%S Program name
%C Caller - filename and line number
%r Runtime in seconds since program start
%t Time measurement - the time since the last call of log()
%m MessageSection: model
Access to the database and datastore is configured in these sections. Only the metrics are located in the datastore.
Section: db, ds
Parameter: host
Parameter: port
Parameter: database
Parameter: user, password
It is recommended to save the configuration in the files provided for it, since other tools besides the Bloonix server also access the configuration files, such as the backup script for the datastore or the importer for plugins.
- /etc/bloonix/database/main.conf
- /etc/bloonix/datastore/main.conf
Both files are then included in the configuration of the Bloonix server.