Roxy-WI Settings

NGINX settings

In this section you can manage the following settings for NGINX:

• nginx_path_logs - the path for NGINX logs;
• nginx_stats_user - the name of the user who is allowed to view the NGINX stats page;
• nginx_stats_password - the password for accessing the NGINX stats page;
• nginx_stats_port - the port for the NGINX stats page;
• nginx_stats_page - the URI for the NGINX stats page;
• nginx_dir - the path to NGINX directory with config files;
• nginx_config_path - the path to the NGINX configuration file;
• nginx_container_name - the name of the Docker container for NGINX (if NGINX is running in a container)

Monitoring settings

This section contains the settings for system monitoring. It is available just in the Admin area! Only users who have respective permissions (i.e. those of superAdmin) can access it. If you edit the settings there, the changes will affect the All group.

You can specify the following parameters:

• smon_check_interval - the frequency of SMON checks (in minutes);
• checker_check_interval - the frequency of Checker checks (in minutes);
• port_scan_interval - port scanning frequency (in minutes);
• smon_keep_history_range - the retention period for the SMON history (in days);
• checker_keep_history_range - the retention period for the Checker history (in days);
• portscanner_keep_history_range - the retention period for the Port Scanner history (in days);
• checker_maxconn_threshold - the threshold maxconn value at which the alerting is started.

SMON settings

This section contains the settings for SMON tool. It is available just in the Admin area! Only users who have respective permissions (i.e. those of superAdmin) can access it. If you edit the settings there, the changes will affect the All group.

You can specify the following parameters:

• master_ip - IP or name to connect to the SMON master;
• master_port - Port for connecting to the SMON master;
• agent_port - Agent SMON port;
• smon_keep_history_range - Retention period for SMON history;
• smon_ssl_expire_warning_alert - Warning alert about a SSL certificate expiration (in days);
• smon_ssl_expire_critical_alert - Critical alert about a SSL certificate expiration (in days).

Main settings

In this section you can specify the following parameters:

• time_zone - the time zone;
• proxy - the IP address and the port of the proxy server;
• session_ttl - TTL for a user session in days (the time period after which the session is expired);
• token_ttl - TTL for a token in days (the time period after which the token is expired);
• tmp_config_path - the path to the temporary directory (the directory must be owned by the user specified in the SSH settings);
• cert_path - the path to the directory where the SSL certificates are stored (the directory must be owned by the user specified in the SSH settings);
• ssl_local_path - the path to the directory where the SSL certificates are stored locally (the value of this parameter should be specified as a relative path beginning with $HOME_ROXY_WI/app/)
• lists_path - the path to the black and white lists (the value of this parameter should be specified as a relative path beginning with $HOME_ROXY-WI);
• maxmind_key - the license key for downloading GeoLite 2 DB (create it on MaxMind website);

Settings for storing and managing logs

In this section you can specified the following parameters:

• syslog_server_enable - enable or disable the syslog server for storing HAProxy logs (1 - enable, 0 - disable);
• syslog_server - the IP address of the syslog server;
• log_time_storage - the retention period for activity logs (in days);
• apache_log_path - the path to the Apache logs.

LDAP settings

In this section you can specify the following parameters:

• ldap_enable - enable or disable LDAP (enable - 1, disable - 0);
• ldap_server - the IP address of the LDAP server;
• ldap_port - the LDAP port (389 or 636 by default);
• ldap_user - LDAP user name (format: [email protected]);
• ldap_password - the password for the user specified in the previous parameter;
• ldap_base - LDAP base domain (example: dc=domain, dc=com);
• ldap_domain - LDAP domain;
• ldap_class_search - the class the user belongs (it will be used for user search);
• ldap_user_attribute - the attribute that will be used for searching the user;
• ldap_search_field - the user's e-mail address;
• ldap_type - enable LDAPS (1 - enable, 0 - disable).

HAProxy settings

In this section you can specify the following settings:

• haproxy_path_logs - the path for HAProxy logs;
• stats_user - the user who is permitted to access the HAProxy stats page;
• stats_password - the password for accessing the HAProxy stats page;
• stats_port - the port for the HAProxy stats page;
• stats_page - the URI for the HAProxy stats page;
• haproxy_dir - the path to the HAProxy directory;
• haproxy_config_path - the path to the HAProxy configuration file;
• server_state_file - the path to the HAProxy state file;
• haproxy_sock - the address of the HAProxy state socket;
• haproxy_sock_port - the HAProxy socket port;
• haproxy_container_name - the name of the Docker container for HAProxy (if HAProxy is running in a container).

Apache settings

In this section you can manage the following settings for Apache:

• apache_path_error_logs - the path to the Apache error log;
• apache_stats_user - the name of the user who is allowed to view the Apache stats page;
• apache_stats_password - the password for accessing the Apache stats page;
• apache_stats_port - the port for the Apache stats page;
• apcache_stats_page - the URI for the Apache stats page;
• apache_dir - the path to Apache directory where config files are stored;
• apache_config_path - the path to the NGINX configuration file;
• apache_container_name - the name of the Docker container for Apache (if Apache is running in a container).

Roxy-WI configuration file

Since version 6.1.1 the Roxy-WI config file (roxy-wi.cfg) has been moved to the /etc/roxy-wi folder. Keep in mind, that you can edit it to change Roxy-WI behavior as well.