rvsd

Command

Syntax

Copy

rvsd    -store filename
    [-http [ip_address:]http_port]
    [-https [ip_address:]https_port]
    [-http-only]
    [-https-only]
    [-no-http]
    [-license url]
    [-no-permanent]
    [-listen [socket_protocol:|ip_address:]tcp_port]
    [-no-lead-wc | -lead-wc]
    [-no-multicast]
    [-reliability time]
    [-max-consumer-buffer size]
    [-rxc-max-loss loss]
    [-rxc-recv-threshold bps]
    [-rxc-send-threshold bps]
    [-reuse-port inbox_port]
    [-logfile log_filename]
    [-log-max-size size]
    [-log-max-rotations n]
    [-log-config config_log_filename]
    [-foreground]
    [-udp-ttl hops]
    [-tls-min-proto-version version]
    [-tls-max-proto-version version]
    [-tls-ciphers string1:string2:stringN]
    [-tls-ciphersuites name1:name2:nameN]
    [-no-wc]

Purpose

The command rvsd starts the Rendezvous secure communications daemon process—the secure counterpart to rvd.

Remarks

This section describes only those aspects where rvsd differs from rvd. For details that both daemons share, see rvd.

Although rvd usually starts automatically, administrators must start rvsd by explicit command.

Command Line Parameters

`rvsd`
Parameter	Description
`-store` `filename`	This file contains the security parameters that configure `rvsd`. `rvsd` reads this file when the process starts, and writes this file each time you change the configuration using the browser administration interface. The secure daemon store file contains very sensitive information. Store it on the local file system of the secure daemon’s host computer, with tight file access, in a physically secure environment. Ensure timely backup to secure media. See also Store Files.
`-http` `ip_address:http_port` `-http` `http_port` `-https` `ip_address:https_port` `-https` `https_port`	The browser administration interface accepts connections on this HTTP or HTTPS port. Permit administration access only through the network interface specified by this IP address. To limit access to a browser on the `rvsd` host computer, specify `127.0.0.1` (the local host address). When the IP address is absent, the daemon accepts connections through any network interface on the specified HTTP or HTTPS port. If the explicitly specified HTTP port is already occupied, the program exits. If the explicitly specified HTTPS port is already occupied, the program selects an ephemeral port. When the `-http` parameter is entirely absent, the default behavior is to accept connections from any computer on HTTP port `7580`; If this default port is unavailable, the operating system assigns an ephemeral port number. When the `-https` parameter is entirely absent, the default behavior is to accept secure connections from any computer on an ephemeral HTTPS port. In all cases, the program prints (in its start banner and log file) the actual HTTP and HTTPS ports where it accepts browser administration interface connections.
`-http-only`	Disable HTTPS (secure) connections, leaving only an HTTP (non-secure) connection.
`-https-only`	Disable HTTP (non-secure) connections, leaving only an HTTPS (secure) connection.
`-no-http`	Disable all HTTP and HTTPS connections, overriding `-http` and `-https`.
`-license url`	The URL to a TIBCO Activation Service in the form of `https://url[?fp=activation service fingerprint]`. A fingerprint of the Activation Service can be included in the URL for peer verification. The URL can also be supplied using the environment variable `TIBRV_LICENSE`. If the URL is not explicitly configured using `-license` or `TIBRV_LICENSE`, the Rendezvous daemon will search its environment PATH for a license file named `tibrvlic.bin` and, failing that, will attempt to contact an Activation Service at `https://tib-activate:7070`. Note: Production environments must use a TIBCO Activation Service for TIBCO product activation. Using a license file to configure the Rendezvous daemon is only supported for development environments. The URL format for a license file is `file://pathname`.
`-listen` `tcp_port` `-listen` `ip_address:tcp_port` `-listen` `socket_protocol:tcp_port`	`rvsd` (and by extension, `rvsrd` operating within the local network) opens an TLS client socket to establish communication between itself and its client programs. The `-listen` parameter specifies the TLS port where the Rendezvous daemon listens for connection requests from client programs. This `-listen` parameter of the secure daemon corresponds to the `daemon` parameter of the transport creation call (they must specify the same TLS port number). The IP address specifies the network interface through which this daemon accepts TLS connections. To bar connections from remote programs, specify IP address `127.0.0.1` (the loopback interface). When the IP address is absent, the daemon accepts connections from any computer on the specified TLS port. When this parameter is entirely absent, the default behavior is to accept connections from any computer on TLS port 7500. For more detail about the choreography that establishes conduits, see Daemon Client Socket—Establishing Connections. Warning This parameter does not correspond to the `service` parameter of the transport creation call—but rather to the `daemon` parameter.
`-no-permanent`	If present (or when `rvd` starts automatically), `rvd` exits after 1 minute during which no transports are connected to it. If not present, `rvd` runs indefinitely until terminated. This parameter is not available with IPM.
`-no-lead-wc` `-lead-wc`	Sending to subjects with lead wildcards (for example, `>` or `.foo`) can cause unexpected behavior in some applications, and cause network instability in some configurations. This option lets you selectively screen wildcard sending. When `-no-lead-wc` is present, the daemon quietly rejects client requests to send outbound messages to subjects that contain wildcards in the lead element. The daemon does not* report excluded messages as errors. When `-lead-wc` is present (or when neither flag is present), the daemon allows sending messages to subjects with lead wildcards. This parameter is not available with IPM.
`-log-config` `config_log_filename`	Send duplicate log output to this file for log items that record configuration changes. The daemon never rotates nor removes this special log file. Instead, this file remains as a record of all configuration changes. When absent, the default is `stderr`.
`-reliability` `time`	These parameters are the same as for rvd. For details, see Command Line Parameters.
`-max-consumer-buffer` `size`
`-rxc-max-loss` `loss` `-rxc-recv-threshold` `bps` `-rxc-send-threshold` `bps`
`-reuse-port` `inbox_port`
`-logfile` `log_filename`
`-log-max-size` `size`
`-foreground`
`-udp-ttl` `hops`
`-tls-min-proto-version` `version` `-tls-max-proto-version` `version`	Set the minimum or maximum supported protocol versions for the ctx using OpenSSL calls `SSL_CTX_set_min_proto_version and SSL_CTX_set_max_proto_version`.
`-tls-ciphers` `string1:string2:stringN`	Set the list of available ciphers (TLSv1.2 and earlier) using OpenSSL call `SSL_CTX_set_cipher_list`.
`-tls-ciphersuites` `name1:name2:nameN`	Configure the available TLSv1.3 ciphersuites using OpenSSL call `SSL_CTX_set_ciphersuites`.
`-no-wc`	Silently drop any messages published by clients that contain any wild card tokens.
`-pwd-hash password-string`	Takes the password-string, prints a base64 encoded PBKDF2 hash, and then exits. Rendezvous daemons do not store passwords, they convert the user-supplied plain text passwords into a secure hash first. By supplying a secure hash instead of a plain-text Administrator password in XML/JSON configuration, users remove Rendezvous daemons from the chain of custody of the password. Secure hashes are one-way, and passwords cannot be recovered from the secure hash. You are responsible for securely storing the original password.

Did you find this helpful?

Yes No