FTL Server Configuration Parameters
This topic presents the FTL server configuration parameters in the globals section or the ftl service section that apply to the FTL server as whole. (Subsequent topics present parameters that configure the behavior of the individual services that the FTL server provides.)
Servers and Locations
| Parameter | Arguments | Description |
|---|---|---|
| core.servers | servers | Required.
Supply a map from server names to their locations. Use the following form for each server:
server_name: host:port Include in this map only core servers. Omit any auxiliary servers. |
| data | path | Optional.
When present, the FTL server stores its working data files in this path location. The directory at path must exist, as the FTL server does not create it automatically. Servers within a local network can share a data directory, or they can use unique locations. When absent, the default path is the current directory. |
| ftl | Optional.
Include an ftl configuration map with a server parameter to specify the host and port for a specific auxiliary server. For an example, see "Auxiliary Servers." |
|
| internal.address | valid IP address or hostname | Optional, globals section only.
Force the FTL server to be reachable at only this address, regardless of core.servers settings. |
| spin.limit | Optional.
Set the limit for the amount of spin time , in microseconds, for an FTL server receiving data from a connection. The default is 0. This is an ftl (not globals) setting. Use caution with this parameter and adjust it only when necessary and with full understanding of its effect on CPU and thread performance. The default value should provide optimal performance in most cases. |
Authentication and Authorization Service
| Parameter | Arguments | Description |
|---|---|---|
| auth.url | URL | Optional. Authentication resource.
When present, authentication is enabled, so that the realm service requires and verifies user name and password credentials from client processes, affiliates, browsers, and tibftladmin. If the URL protocol is file://, the FTL server reads authentication data from a flat file at this location. Otherwise, the FTL server contacts an external authentication service at this URL. When absent, authentication is disabled, so that the FTL server neither requires nor verifies credentials. |
| auth.user | user_name |
Optional. The FTL server identifies itself to an external authentication service using this user name credential. |
| auth.password | password |
Optional. The FTL server identifies itself to an external authentication service using this password credential. To hide the password from casual observers, see Password Security. |
| auth.trust | path |
Optional. When the authentication service URL uses the https:// protocol, use this parameter to specify the location of the authentication service's public certificate file (in PEM format). The FTL server uses the certificate to verify the identify of the external authentication service. |
Affiliated FTL Servers
For information about disaster recovery servers, see Disaster Recovery.
| Parameter | Arguments | Description |
|---|---|---|
| satelliteof | URL_list | When present, designate this FTL server as a satellite of a set of primary FTL servers.
Supply a pipe-separated URL list of primary FTL servers. For example:
https://host1:port1|https://host2:port2|https://host3:port3 A satellite receives its realm definition and accepts realm updates from any primary realm service. The realm service in a satellite does not accept client connection requests until it first receives a realm definition from a primary. |
| drfor | URL_list | When present, this FTL server starts as a disaster recovery server for a set of primary FTL servers.
Supply a pipe-separated URL list of primary FTL servers. The primaries initiate the connection to disaster recovery servers. |
| drto | URL_list | When present, this FTL server designates a set of disaster recovery servers and attempts to connect to them.
Supply a pipe-separated URL list of primary disaster recovery FTL servers. (You must also configure the disaster recovery servers using the drfor parameter.) |
| timeout | timeout | Optional.
FTL servers use this timeout, in seconds, for two purposes:
Supply a positive number. When absent, the default value is 3 seconds. |
| heartbeat | hb_interval | Optional.
An FTL server sends its heartbeat signal at hb_interval, in seconds. Supply a positive number. When absent, the default value is 1 second. |
| user | username | Required for affiliated FTL servers when enabling user authorization.
An FTL server authenticates itself to affiliates with this username. |
| password | password | Required for affiliated FTL servers when enabling user authorization.
An FTL server authenticates itself to affiliates with this password. To hide the password from casual observers, see Password Security. |
Logging
| Parameter | Arguments | Description |
|---|---|---|
| loglevel | level | When present, the realm service logs protocol communication at this level of detail.
You may specify any of the standard log level strings (see “Tuning the Log Level” and its sub-topics in TIBCO FTL Development). You can set a general log level, or custom log levels for different elements. When this parameter is absent, the default level is info. |
| logfile | logfile_prefix | When present, the realm service logs to a rolling set of log files instead of the console. The
logfile_prefix argument may denote a path. All of the directories in the path must already exist.
For more information about rotating log files, see “Log Output Targets” in TIBCO FTL Development. When absent, the realm service sends log output to the console, ignoring the parameters max.log.size and max.logs. |
| max.log.size | size | Limits the maximum size, in bytes, of log files. The value must be greater than 100 kilobytes (102400). The default value is 2 megabytes (2*1024*1024). |
| max.logs | logs | Limits the maximum number of rolling log files. The default is 50. |
REST Requests
| Parameter | Arguments | Description |
|---|---|---|
| origins.allowed | URLs |
When absent, the default behavior rejects all cross-origin requests. When present, allow REST requests that originate from URLs in an array of strings. The realm service rejects cross-origin requests from any other origin. The special value * allows all origins. |
TLS Security
| Parameter | Arguments | Description |
|---|---|---|
| tls.secure | password | When present, the FTL server uses TLS to encrypt its communications with clients, utilities, and affiliates.
The password argument encrypts the TLS key file. To hide the password from observers, see Password Security. |
| tls.trust.file | path | Optional. (Required for secure servers.)
Secure FTL servers use this parameter to supply the file path to a local copy of the trust file. When both are present, this parameter overrides tls.trust.everyone. |
| tls.trust.everyone | Optional.
The FTL server trusts any other FTL server without verifying trust in the other service's certificate. |
Security: Clients
| Parameter | Arguments | Description |
|---|---|---|
| custom.cert | path | Required for HTTPS or WSS clients that require FTL server to authenticate itself using a non-default certificate. FTL clients are not affected.
The FTL server reads a public TLS certificate from this file. It uses the certificate to authenticate itself to clients. The certificate file must be in PEM format. |
| custom.cert.private.key | path | Required for HTTPS or WSS clients that require FTL server to authenticate itself using a non-default certificate. FTL clients are not affected.
The FTL server reads an encrypted TLS private key from this file. It uses the key to authenticate itself to clients, and to encrypt TLS communication with clients. The key file must be in PEM format. |
| custom.cert.private.key.password | password | Required if you specify
custom.cert.private.key.
The FTL server decrypts the private key using this password. |