Realm Server Executable Reference

Most command line parameters and options have both a short and a long form. The command line parser accepts either form. In addition, you can supply a Java-style properties form for most options in a configuration file (see --config).

Help

Parameter	Arguments	Description
--help -h		Display a help message describing the command line parameters and options.

Input and Output

Note: The connect port (--http) and client port (--ftl) must both use the same network interface.

Parameter	Arguments	Description
--data -d	`path`	Optional. When present, the realm server stores its working data files in this `path` location. The directory at `path` must exist, as the realm server does not create it automatically. If you run a family of affiliated realm servers, you must supply a unique `path` location for each affiliated server. When absent, the default `path` is the current directory.
--http -ht	`host`:`port`	Connect Port Optional. Clients send initial contact requests to this web service. The server responds with information that clients can use to make requests. Browsers send graphic user interface requests to this service, using the HTTP protocol. The realm server responds to web API requests over this service. For arguments, you may supply any combination, `host`:`port`, `host`:, or :`port`. However, when either --backupto or --backupfor is also present, you must explicitly supply both, that is, `host`:`port`. `host` indicates one of the host computer’s network interfaces. When `host` is absent, the realm server listens for HTTP requests on the localhost interface. The asterisk character (*) indicates all available interfaces. When `port` is absent, the default value is port 8080.
--ftl -f	`host`:`port`	Client Port Optional. Connected clients communicate with the realm server over this service. For arguments, you may supply any combination, `host`:`port`, `host`:, or :`port`. `host` indicates one of the host computer’s network interfaces. When `host` is absent, this service uses the same `host` interface as the --http connect port. The asterisk character (*) indicates all available interfaces. When `port` is absent, this service uses a port number that is 3 greater than the --http connect port.

Parameter

Arguments

Description

--data

-d

path

Optional.

When present, the realm server stores its working data files in this path location. The directory at path must exist, as the realm server does not create it automatically.

If you run a family of affiliated realm servers, you must supply a unique path location for each affiliated server.

When absent, the default path is the current directory.

--http

-ht

host:port

Connect Port

Optional.

Clients send initial contact requests to this web service. The server responds with information that clients can use to make requests.

Browsers send graphic user interface requests to this service, using the HTTP protocol. The realm server responds to web API requests over this service.

For arguments, you may supply any combination, host:port, host:, or :port. However, when either --backupto or --backupfor is also present, you must explicitly supply both, that is, host:port.

host indicates one of the host computer’s network interfaces. When host is absent, the realm server listens for HTTP requests on the localhost interface. The asterisk character (*) indicates all available interfaces.

When port is absent, the default value is port 8080.

--ftl

-f

host:port

Client Port

Optional.

Connected clients communicate with the realm server over this service.

For arguments, you may supply any combination, host:port, host:, or :port.

host indicates one of the host computer’s network interfaces. When host is absent, this service uses the same host interface as the --http connect port. The asterisk character (*) indicates all available interfaces.

When port is absent, this service uses a port number that is 3 greater than the --http connect port.

Affiliated Servers

For rules about permissible relationships among servers, see the table Affiliated Realm Servers: Role Summary.

For information about disaster recovery servers, see Disaster Recovery.

Parameter	Arguments	Description
--backupfor	`host`:`port`	When present, start this realm server process as a potential backup server for a primary or satellite. (The `host`:`port` arguments must match the arguments to the `--http` parameter of the primary or satellite server.) The primary or satellite server initiates the backup connection. (You must also configure that server using the `--config` parameter.) When present, you must also explicitly supply `--http` `host`:`port` (with both arguments).
--backupto	`host`:`port`	When present, the server designates a backup server and attempts to connect to it at `host`:`port`. (The `host`:`port` arguments must match the arguments to the `--http` parameter of the backup server.) (You must also configure the backup server using the `--backupfor` parameter.) While disconnected, this server repeatedly attempts to connect to its backup. When present, you must also explicitly supply `--http` `host`:`port` (with both arguments).
--satelliteof	`host`:`port`	When present, the server designates itself as a satellite of a primary server. This satellite server connects to its primary server at `host`:`port`. A satellite server does not accept client connection requests until it first receives a realm definition from its primary server. A satellite server accepts realm updates only from its primary. While disconnected, a satellite server repeatedly attempts to connect to its primary server.
--drfor	`host`:`port`	When present, start this realm server process as a disaster recovery server for a primary server. (The `host`:`port` arguments must match the arguments to the `--http` parameter of the primary server.) The primary server initiates the connection. (You must also configure that primary server using the `--config` parameter.) When present, you must also explicitly supply `--http` `host`:`port` (with both arguments).
--drto	`host`:`port`	When present, the server designates a disaster recovery server and attempts to connect to it at `host`:`port`. (The `host`:`port` arguments must match the arguments to the `--http` parameter of the backup server.) (You must also configure the disaster recovery server using the `--drfor` parameter.) While disconnected, this primary server repeatedly attempts to connect to its disaster recovery counterpart. When present, you must also explicitly supply `--http` `host`:`port` (with both arguments).
--server.timeout -to	`timeout`	Optional. Servers use this `timeout`, in seconds, for two purposes: Heartbeat Timeout The server determines that an affiliated server is unavailable when its heartbeat signal is silent for this timeout interval. Connection Timeout The server waits for this timeout interval before repeating its connection request to an affiliated server. Supply a positive number. When absent, the default value is 3 seconds.
--server.heartbeat -hb	`hb_interval`	Optional. The server sends its heartbeat signal at `hb_interval`, in seconds. Supply a positive number. When absent, the default value is 1 second.
--server.user -u	`username`	Required for affiliated servers when enabling user authorization. The server authenticates itself to affiliated servers with this `username`. When `--server.authtobackup.user` is present, the server authenticates itself to its backup server using that value. However, it still uses the value of `--server.user` to authenticate to satellites.
--server.password -pw	`password`	Required for affiliated servers when enabling user authorization. The server authenticates itself to affiliated servers with this `password`. To hide the password from casual observers, you may first obfuscate the password using tibrealmadmin `--mangle`.
--server.authtobackup.user	`username`	Optional. When present, the server authenticates itself to its backup server with this `username`. When absent, it uses the value of `--server.user` instead.
--server.authtobackup.password	`password`	Optional. When present, the server authenticates itself to its backup server with this `password`. To hide the password from casual observers, you may first obfuscate the password using tibrealmadmin `--mangle`. When absent, it uses the value of `--server.password` instead.
--server.label	`label`	Optional. You may supply a string to easily identify the realm server process within the monitoring interface. For example, when a primary server has several satellites, it could be useful to label them according to their geographic locations. If the string value contains space characters, enclose it in double quote (") characters. When absent, the default is the host and HTTP port of the server (see `--http`).

Authentication and Authorization Service

If you use a single authentication service for both FTL and eFTL clients, then use the parameters --auth.* to configure realm server communication with it.

If you use separate authentication services for FTL clients and eFTL clients, then use the parameters --auth.* to configure realm server communication with the authentication service for FTL clients, and use the parameters --auth.eftl.* to configure realm server communication with the authentication service for eFTL clients.

Parameter	Arguments	Description
--auth.url --auth.eftl.url	`URL`	Optional. Authentication resource. When present, authentication is enabled, so that the realm server requires and verifies user name and password credentials from client processes, affiliated servers, transport bridges, browsers, and tibrealmadmin. If the URL protocol is `file://`, the realm server reads authentication data from a flat file at this location. Otherwise, the realm server contacts an external authentication server at this URL. When absent, authentication is disabled, so that the realm server neither requires nor verifies credentials.
--auth.user --auth.eftl.user	`user_name`	Optional. The realm server identifies itself to an external authentication service using this user name credential.
--auth.password --auth.eftl.password	`password`	Optional. The realm server identifies itself to an external authentication service using this password credential.
--auth.trust --auth.eftl.trust	`path`	Optional. When the authentication service URL uses the `https://` protocol, use this parameter to specify the location of the authentication service's public certificate file (in PEM format). The realm server uses the certificate to verify the identify of the external authentication service.

TLS Security

Parameter	Arguments	Description
--secure	`password`	When present, the realm server uses TLS to secure its communications with clients, utilities, and affiliates. For more information about the keystore password argument, see Keystore File Password Security.
--tls.trust.file	`path`	Optional. (Required for secure backup and satellite servers that communicate with a secure primary realm server.) Secure backup and satellite servers use this parameter to supply the file path to a local copy of the primary server's trust file. When both are present, this parameter overrides --tls.trust.everyone. For more information, see Running a Secure Backup or Satellite Realm Server.
--tls.trust.everyone		Optional. The server trusts any realm server without verifying trust in the server's certificate. Warning: Do not use this parameter except for convenience in development and testing. It is not secure.

Parameter

Arguments

Description

--secure

password

When present, the realm server uses TLS to secure its communications with clients, utilities, and affiliates.

For more information about the keystore password argument, see Keystore File Password Security.

--tls.trust.file

path

Optional. (Required for secure backup and satellite servers that communicate with a secure primary realm server.)

Secure backup and satellite servers use this parameter to supply the file path to a local copy of the primary server's trust file.

When both are present, this parameter overrides --tls.trust.everyone.

For more information, see Running a Secure Backup or Satellite Realm Server.

--tls.trust.everyone

Optional.

The server trusts any realm server without verifying trust in the server's certificate.

Warning: Do not use this parameter except for convenience in development and testing. It is not secure.

Docker

Parameter	Arguments	Description
--client.url	`URL`	Required when the realm server runs in a Docker container. Supply `discover://` as the value. This value guides internal clients, such as the group service, to locate the agent, discover the realm server, and connect to it. (This parameter plays a role analogous to the -rs parameter of service clients such as transport bridges and persistence servers.)

Parameter

Arguments

Description

--client.url

URL

Required when the realm server runs in a Docker container.

Supply discover:// as the value.

This value guides internal clients, such as the group service, to locate the agent, discover the realm server, and connect to it.

(This parameter plays a role analogous to the -rs parameter of service clients such as transport bridges and persistence servers.)

Logging

Parameter	Arguments	Description
--loglevel -l	`level`	When present, the realm server logs protocol communication at this level of detail. You may specify any of the standard log level strings (see “Tuning the Log Level” and its sub-topics in TIBCO FTL Development). When this option is absent, the default value is info.
--logfile	`logfile_prefix`	When present, the realm server logs to a rolling set of log files instead of the console. The `logfile_prefix` argument may denote a path. All of the directories in the path must already exist. For more information about rotating log files, see “Log Output Targets” in TIBCO FTL Development. When absent, the realm server sends log output to the console, ignoring the parameters `--max.log.size` and `--max.logs`.
--max.log.size	`size`	Limits the maximum size, in bytes, of log files--logfile. The value must be greater than 100 kilobytes (102400). The default value is 2 megabytes (210241024).
--max.logs	`logs`	Limits the maximum number of rolling log files. The default is 50.

Configuration File

Parameter	Arguments	Description
--config -c	`path`	When present, the realm server reads its configuration from the file at `path`. See Option and Property Names. If you specify both a configuration properties file and command line options, the command line options override those in the file (where they conflict).

Parameter

Arguments

Description

--config

-c

path

When present, the realm server reads its configuration from the file at path.

See Option and Property Names.

If you specify both a configuration properties file and command line options, the command line options override those in the file (where they conflict).

Contents

Index

Search Results

Realm Server Executable Reference

Help

Input and Output

Affiliated Servers

Authentication and Authorization Service

TLS Security

Docker

Logging

Configuration File