The server configuration is defined in the Server
section. The server specifies the set of sockets a client can
connect to. It defines rules for how and from where a client
can connect and the properties of the connection.
It also defines some global settings listed in the following table:
Table 3.3. Global server settings
| Name | Description |
|---|---|
| MaxConnections | The maximum number of total simultaneous connections (clients). If not specified the default is used. The default is the operating system limit. |
| Threads | Number of threads for serving client connections. |
Here is an example configuration of the server global settings:
Server
{
MaxConnections 12
Threads 7
}
The server has two types of sockets to configure in the
sections Listen and ListenSSL.
ListenSSL is describing a secure connection
with a transport layer encryption based on SSL/TLS.
Listen on the other hand is describing a plain
TCP/IP connection.
In the following two sections they are introduced:
In the subsections named Listen of the server
configuration we define sockets providing plain connections based
on TCP/IP. The following table describes the attributes you can set
for plain TCP/IP connections:
Table 3.4. Listen settings
| Name | Description |
|---|---|
| Address | Listening address (IPv4 or IPv6) of the server. '127.0.0.1' and '::1' stand for the loopback address (IPv4 an IPv6 respectively). The listener wildcards '*' or '0.0.0.0' (IPv4) or '::' (IPv6) are also accepted. |
| Port | Connection port. Ports 7649-7671 and 7934-7966 are unassigned according to IANA (last updated 2010-03-11). The default ports are 7661 for unencrypted connections and 7961 for SSL connections. Note that 7654 seems to be used by Winamp. |
| Identifier | Identifier that can be referenced in authorization functions to classify connections and to define authorization based on it. |
| MaxConnections | (optional) The maximum number of simultaneus connections for this socket. |
| Restrictions | (optional) Defines the subsection containing IP restrictions on the connection. If not defined, the connection is allowed from everywhere. The configuration of IP restrictions will be defined in the section IP restrictions. |
The following Listen configuration shows an example plain TCP/IP
connection definition:
Server
{
Listen
{
Address localhost
Port 7661
Identifier "Interface 1"
Restrictions {
allow 192.168.201.0/24
}
}
}
In the subsections named ListenSSL of the
server configuration we define sockets providing secured connections
with full transport layer encryption based on SSL/TLS.
The following table describes the attributes you can set for secured
connections. The first five attributes are the same as for
sockets configured as plain TCP/IP (Listen)
as shown before:
Table 3.5. ListenSSL settings
| Name | Description |
|---|---|
| Address | Listening address (IPv4 or IPv6) of the server. '127.0.0.1' and '::1' stand for the loopback address (IPv4 an IPv6 respectively). The listener wildcards '*' or '0.0.0.0' (IPv4) or '::' (IPv6) are also accepted. |
| Port | Connection port. Ports 7649-7671 and 7934-7966 are unassigned according to IANA (last updated 2010-03-11). The default ports are 7661 for unencrypted connections and 7961 for SSL connections. Note that 7654 seems to be used by Winamp. |
| Identifier | Identifier that can be referenced in authorization functions to classify connections and to define authorization based on it. |
| MaxConnections | The maximum number of simultaneus connections for this port. |
| Restrictions | Defines the subsection containing IP restrictions on the connection. If not defined, the connection is allowed from everywhere. The configuration of IP restrictions will be defined in the section IP restrictions. |
| Certificate | File with the SSL certificate |
| Key | File with the SSL key |
| CAdirectory | Directory holding the CA certificate files. |
| CAchainFile | SSL CA chain file |
| Verify | ON/OFF switch to enabe/disable client certificate verification. |
The following configuration shows an example ListenSSL
definition:
Server
{
ListenSSL
{
Address localhost
Port 7961
Identifier "Interface 1"
MaxConnections 2
Certificate SSL/wolframed.crt
key SSL/wolframed.key
CAchainFile SSL/CAchain.pem
Verify Off
}
}
IP restrictions are defined as sub section restrictions
of the socket configurations (Listener and ListenerSSL)
in the server configuration.
Table 3.6. Restrictions settings
| Name | Argument | Description |
|---|---|---|
| Allow | IP address with optional network mask | Define an IP or network address
as allowed to connect from, if not explicitely
defined by a Deny directive.
If no allow is specified then
all IPs are allowed to connect from, if not
explicitely excluded by a deny
directive. So no allow is equivalent
to allow all
|
| Deny | IP address with optional network mask | Define an IP or network address
as forbidden to connect from. If a
deny directive refers to
an IP explictely defined or part of an
allow then the deny
is stronger and overrides the allow
declaration.
|
Copyright © 2014 - Project Wolframe - All Rights Reserved