DOC: resolved TODOs in server.conf

5908b65b · Timm Fitschen · e92ac5e6 · 5908b65b
Verified Commit 5908b65b authored 5 years ago by Timm Fitschen
--- a/conf/core/server.conf
+++ b/conf/core/server.conf
 # Set the timezone of the server
-# TODO: add example
+# e.g. TIMEZONE=Europe/Berlin or TIMEZONE=UTC.
+# Leaving this empty means that the server assumes the timezone of the host.
 TIMEZONE=
 # Set the name of the server owner
-# TODO: add example
+# e.g: SERVER_OWNER=XY Department
 SERVER_OWNER=
 # Name of this CaosDB Server
 SERVER_NAME=CaosDB Server
@@ -40,7 +41,6 @@ TMP_FILES=./CaosDBFileSystem/TMP/
 # Shared folder
 # Additional folder for longer term storage of scripting API output.
 # In contrast to the script's working directory, these subdirectories are publicly accessible.
-# TODO: add more details
 SHARED_FOLDER=./CaosDBFileSystem/Shared/

 # Path to the chown script which is needed by the drop off box in order to change permissions of files.
@@ -48,8 +48,7 @@ CHOWN_SCRIPT=./misc/chown_script/caosdb_chown_dropoffbox

 # This file is responsible for setting individual user and group permissions.
 USER_SOURCES_INI_FILE=./conf/ext/usersources.ini
-# The default state of users that are not configured in the usersources file
-# TODO: add more details
+# The default state of users which are added to the internal user source.
 NEW_USER_DEFAULT_ACTIVITY=INACTIVE
 # If set to true, unauthenticated access to the database is possible with an anonymous user.
 AUTH_OPTIONAL=FALSE
@@ -82,22 +81,24 @@ SERVER_PORT_HTTPS=443
 # HTTP port of this server instance.
 SERVER_PORT_HTTP=80

-# TODO: description missing
+# Initial number of HTTPConnection objects in the pool.
 INITIAL_CONNECTIONS=1
-# TODO: description missing
+# Maximum number of parallel HTTPConnections of the server
 MAX_CONNECTIONS=10


 # --------------------------------------------------
 # HTTPS options
 # --------------------------------------------------
-# TODO: Descriptions missing
+# Allowed TLS versions
 HTTPS_ENABLED_PROTOCOLS=TLSv1.3 TLSv1.2
+# Forbidden TLS versions
 HTTPS_DISABLED_PROTOCOLS=SSLv3 SSLv2Hello TLSv1.1 TLSv1.0
+# Allowed cipher suites which are used for the encryption of the HTTP payload.
 HTTPS_ENABLED_CIPHER_SUITES=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+# Forbidden cipher suites which are used for the encryption of the HTTP payload.
 HTTPS_DISABLED_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHASSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

-# TODO: Please check
 # Password for the private key for the HTTPS server.
 CERTIFICATES_KEY_PASSWORD=
 # Path to the keystore which typically ends in jks.
@@ -113,11 +114,12 @@ CERTIFICATES_KEY_STORE_PASSWORD=
 # 10 min
 SESSION_TIMEOUT_MS=600000

-# TODO: Description missing
+# Time after which activation tokens for the activation of new users (internal
+# user sources) expire.
 # 7days
 ACTIVATION_TIMEOUT_MS=604800000

-# TODO: description missing
+# The value for the HTTP cache directive "max-age"
 WEBUI_HTTP_HEADER_CACHE_MAX_AGE=28800

 # --------------------------------------------------
@@ -149,19 +151,22 @@ CACHE_DISABLE=false
 # The server is allowed to create symlinks to files and folders within this whitelist of directories.
 INSERT_FILES_IN_DIR_ALLOWED_DIRS=

-# TODO: please check
 # Sudo password of the system.
 # Needed by the drop off box to set file permissions.
 SUDO_PASSWORD=

-# If set to true ACL checks are circumvented during querying.
-# TODO: add more details
+# If set to false ACL checks are circumvented during querying. This may leak information but is a lot faster.
 QUERY_FILTER_ENTITIES_WITHOUT_RETRIEVE_PERMISSIONS=TRUE

-# TODO: add description and possible options
+# When checking the ACL of an entity roles which are unknown to the server
+# raise an error (when set to MUST) or a warning (when set to SHOULD).
+# Unknown roles occur when a user or group is removed or when entities are
+# loaded from other instances of the CaosDB Server where different users are
+# present.
+# CHECK_ENTITY_ACL_ROLES_MODE=[MUST,SHOULD]
 CHECK_ENTITY_ACL_ROLES_MODE=MUST

-# Location of the initial ACL file for entities.
-# TODO: add more details
+# Location of the global ACL file for entities. The global ACL is implicitly
+# part of any Entity ACL.
 GLOBAL_ENTITY_PERMISSIONS_FILE=./conf/core/global_entity_permissions.xml