You can manage the Roxy-WI settings both on the Servers-Settings page and in the Admin area-Settings.
The settings on the Servers-Settings page are applied for members of the group which the current/active user is in. While the settings in
the Admin area-Settings are valid for the All group in which all users are included by default.
Note: superAdmin permissions are required to edit the settings on the Admin area-Settings page.
On the Settings page you can specify the following parameters:
- basic settings for RabbitMQ;
- basic settings for NGINX;
- settings for the system monitoring;
- general settings such as time zone, the address of the proxy server, TTL for tokens and sessions, etc.;
- settings for storing and managing the logs;
- settings for managing the LDAP access;
- basic settings for HAProxy.
In this section you can manage the following settings for RabbitMQx:
- rabbitmq_host - the IP address of FQDN of the RabbitMQ server host;
- rabbitmq_port - the port RabbitMQ listens on;
- rabbitmq_vhost - the virtual host in RabbitMQ;
- rabbitmq_queue - the name of the queue for interaction with Roxy-WI;
- rabbitmq_user - the name of the RabbitMQ server user;
- rabbitmq_password - the password for the RabbitMQ server user.
In this section you can manage the following settings for NGINX:
- nginx_path_logs - the path for NGINX logs;
- nginx_stats_user - the name of the user who is allowed to view the NGINX stats page;
- nginx_stats_password - the password for accessing the NGINX stats page;
- nginx_stats_port - the port for the NGINX stats page;
- nginx_stats_page - the URI for the NGINX stats page;
- nginx_dir - the path to NGINX directory with config files;
- nginx_config_path - the path to the NGINX configuration file;
- nginx_container_name - the name of the Docker container for NGINX (if NGINX is running in a container)
This section contains the settings for system monitoring. It is available just in the Admin area! Only users
who have respective permissions (i.e. those of superAdmin) can access it. If you edit the settings there,
the changes will affect the All group.
You can specify the following parameters:
- smon_check_interval - the frequency of SMON checks (in minutes);
- checker_check_interval - the frequency of Checker checks (in minutes);
- port_scan_interval - port scanning frequency (in minutes);
- smon_keep_history_range - the retention period for the SMON history (in days);
- checker_keep_history_range - the retention period for the Checker history (in days);
- portscanner_keep_history_range - the retention period for the Port Scanner history (in days);
- checker_maxconn_threshold - the threshold maxconn value at which the alerting is started.
This section contains the settings for SMON tool. It is available just in the Admin area! Only users
who have respective permissions (i.e. those of superAdmin) can access it. If you edit the settings there,
the changes will affect the All group.
You can specify the following parameters:
- master_ip - IP or name to connect to the SMON master;
- master_port - Port for connecting to the SMON master;
- agent_port - Agent SMON port;
- smon_keep_history_range - Retention period for SMON history;
- smon_ssl_expire_warning_alert - Warning alert about a SSL certificate expiration (in days);
- smon_ssl_expire_critical_alert - Critical alert about a SSL certificate expiration (in days).
In this section you can specify the following parameters:
- time_zone - the time zone;
- proxy - the IP address and the port of the proxy server;
- session_ttl - TTL for a user session in days (the time period after which the session is expired);
- token_ttl - TTL for a token in days (the time period after which the token is expired);
- tmp_config_path - the path to the temporary directory (the directory must be owned by the user specified in the SSH settings);
- cert_path - the path to the directory where the SSL certificates are stored (the directory must be owned by the user specified in the SSH settings);
- ssl_local_path - the path to the directory where the SSL certificates are stored locally (the value of this parameter should be specified as a relative path beginning with $HOME_ROXY_WI/app/)
- lists_path - the path to the black and white lists (the value of this parameter should be specified as a relative path beginning with $HOME_ROXY-WI);
- maxmind_key - the license key for downloading GeoLite 2 DB (create it on MaxMind website);
In this section you can specified the following parameters:
- syslog_server_enable - enable or disable the syslog server for storing HAProxy logs (1 - enable, 0 - disable);
- syslog_server - the IP address of the syslog server;
- log_time_storage - the retention period for activity logs (in days);
- apache_log_path - the path to the Apache logs.
In this section you can specify the following parameters:
- ldap_enable - enable or disable LDAP (enable - 1, disable - 0);
- ldap_server - the IP address of the LDAP server;
- ldap_port - the LDAP port (389 or 636 by default);
- ldap_user - LDAP user name (format: [email protected]);
- ldap_password - the password for the user specified in the previous parameter;
- ldap_base - LDAP base domain (example: dc=domain, dc=com);
- ldap_domain - LDAP domain;
- ldap_class_search - the class the user belongs (it will be used for user search);
- ldap_user_attribute - the attribute that will be used for searching the user;
- ldap_search_field - the user's e-mail address;
- ldap_type - enable LDAPS (1 - enable, 0 - disable).
In this section you can specify the following settings:
- haproxy_path_logs - the path for HAProxy logs;
- stats_user - the user who is permitted to access the HAProxy stats page;
- stats_password - the password for accessing the HAProxy stats page;
- stats_port - the port for the HAProxy stats page;
- stats_page - the URI for the HAProxy stats page;
- haproxy_dir - the path to the HAProxy directory;
- haproxy_config_path - the path to the HAProxy configuration file;
- server_state_file - the path to the HAProxy state file;
- haproxy_sock - the address of the HAProxy state socket;
- haproxy_sock_port - the HAProxy socket port;
- haproxy_container_name - the name of the Docker container for HAProxy (if HAProxy is running in a container).
In this section you can manage the following settings for Apache:
- apache_path_error_logs - the path to the Apache error log;
- apache_stats_user - the name of the user who is allowed to view the Apache stats page;
- apache_stats_password - the password for accessing the Apache stats page;
- apache_stats_port - the port for the Apache stats page;
- apcache_stats_page - the URI for the Apache stats page;
- apache_dir - the path to Apache directory where config files are stored;
- apache_config_path - the path to the NGINX configuration file;
- apache_container_name - the name of the Docker container for Apache (if Apache is running in a container).
Since version 6.1.1 the Roxy-WI config file (roxy-wi.cfg) has been moved to the /etc/roxy-wi folder.
Keep in mind, that you can edit it to change Roxy-WI behavior as well.