Configuration¶

General Settings¶

base_path = BASE PATH¶

Set the base directory for relative file/path names in configuration file. If you use a relative path name (like eg. .) for base_path, then we use the location of the LiveConfig executable as start point.

license_file = LICENSEFILE¶

Specify the name of the license file. This file should only be readable by the user under which liveconfig runs. For more informations see liveconfig.key(5).

Default: /etc/liveconfig/liveconfig.key

log_file = LOGFILE¶

Specify the name of the logfile. That file (or the directory where the file has to be created) must be writeable by the user under which liveconfig runs. If a log file already exists, it must not be a special file (eg. symbolic link, pipe, …). When setting log_file to the value syslog, all log output is sent to the system logger syslog(3).

log_level = emerg | alert | crit | err | warning | notice | info | debug¶

Set the level when messages will be logged.

Default: info

pid_file = PIDFILE¶

Specify the name of the PID file. That file (or the directory where the file has to be created) must be writeable by the user under which liveconfig runs. The PID file is used to store the process ID of the actual running liveconfig process.

Default: /var/run/liveconfig.pid

resource_path = RESOURCE_PATH¶

Set the path name where the resource files are stored in.

library_path = LIBRARY_PATH¶

Set the path name where LiveConfig’s additional libraries (eg. database drivers) are located.

libexec_path = LIBEXEC_PATH¶

Set the path name where LiveConfig’s scripts & utilities (eg. Lua scripts, logsplit utility) are located.

user = USER¶

Set the system user to switch to for all unprivileged operations (like the frontend webserver, querying system statistics, etc.). If not defined, the user id -1 will be used. LiveConfig must be started as root user in order to switch to a lesser privileged user. If started as non-root user, LiveConfig will continue to run as that user.

group = GROUP¶

Set the system group to switch to for all unprivileged operations (see user). If not set, the default group of the user defined by the user option will be used.

proxy_http = URL¶

If this option is set, LiveConfig uses the defined proxy server for outbound HTTP(S) connections. The URL must have the format http://<server_name>.

Database Settings¶

The following options are for configuring the database access for LiveConfig:

db_driver = DRIVER¶

Specify the database driver to use. Supported values are:

• mysql to connect to a MySQL or MariaDB database

• sqlite to use a local SQLite database (file-based)

db_host = HOST¶

[MySQL] Set the database server name to connect to.

db_name = NAME¶

[MySQL, SQLite] Set the database name to be used. For SQLite, this specifies the filename of the database.

db_user = USER¶

[MySQL] Specify the user name for database login.

db_password = PASSWORD¶

[MySQL] Specify the password for database login.

db_options = OPTIONS¶

Options for the database connection. Supported values:

• charset=CHARSET [MySQL] set different character set (default: utf8mb4)

• collation=COLLATION [MySQL] set different collation (default: utf8mb4_unicode_ci)

• port=PORT [MySQL] allow port configuration for TCP connections (default: 3306)

• socket=SOCKET [MySQL] allow selection of socket file for local connections (default is depending on [client] setting in my.cnf, usually /tmp/mysql.sock - but in most cases /var/lib/mysqld/mysqld.sock is correct).

• no-secure-auth [MySQL] allow the old (deprecated and insecure) connection method from MySQL before 4.1.1.

• synchronous=0|1|2 [SQLite] corresponds calling “PRAGMA synchronous=0|1|2;” (default: 1)

• journal_mode=DELETE|TRUNCATE|PERSIST|MEMORY|WAL|OFF [SQLite] corresponds calling PRAGMA journal=...; (default: TRUNCATE)

HTTP Protocol Settings¶

HTTP specific options are:

http_socket = ADDRESS[:PORT]¶

Set the network address to listen for incoming HTTP connections. Optionally, a port may be specified. Both IPv4 and IPv6 addresses are allowed. If the address * is specified, LiveConfig will listen on any IPv4 and any IPv6 address (:: will only listen on IPv6 interfaces, 0.0.0.0 only on IPv4 interfaces!). Examples for valid addresses are:

*:8888	listen on any IPv4 address and any IPv6 address at port 8888
[::]:8888	listen on any IPv6 address at port 8888
0.0.0.0	listen on any IPv4 address at default port 8080
::	listen on any IPv6 address at default port 8080
12.34.56.78	listen only at IPv4 address 12.34.56.78 (port 8080)

The http_socket command may be used multiple times to open multiple ports.

http_ssl_socket = ADDRESS[:PORT]¶

Same as http_socket, except that a port for incoming HTTPS connections (SSL) is opened. The SSL certificate is loaded from the file specified with http_ssl_certificate. The default port for SSL connections is 8443.

If neither a http_socket nor a http_ssl_socket option is specified, LiveConfig opens a default HTTPS socket at *:8443.

http_access_log = LOG FILE¶

Set the log file for HTTP requests. The log file format is the same as the combined log format from Apache httpd webserver.

http_htdocs_path = HTDOCS_PATH¶

Directory for static files (eg. customer logos, APS icons, …). Must be writable by the LiveConfig user.

http_read_timeout = TIMEOUT¶

Set the read timeout for HTTP requests to TIMEOUT seconds.

http_keepalive_timeout = TIMEOUT¶

Set the HTTP keep-alive timeout to TIMEOUT seconds.

http_keepalive_requests = MAX_REQUESTS¶

Set the maximum number of HTTP keep-alive requests to MAX_REQUESTS.

http_max_connections = MAX_CONNECTIONS¶

Limit the maximum number of concurrent HTTP connections to MAX_CONNECTIONS.

http_ssl_certificate = CERTFILE¶

Specify the file containing both the SSL certificate and SSL private key (PEM encoded) - see SSL Configuration.

http_redirect = STATUS URI DESTINATION¶

Redirect requests for URI to DESTINATION using HTTP status STATUS. Valid values for STATUS are 301 (moved permanently) and 302 (moved temporarily). All URIs must contain a leading slash. Redirections and rewrites (see below) have the highest priority when parsing a request, so any URI may be redirected. The URI must be matched exactly, it is not possible to redirect all requests with a certain prefix.

Usually you want to define a default redirection to the login page like this:

http_redirect = 301  /  /liveconfig/login

You can also redirect requests to any other website:

http_redirect = 301  /  http://www.example.test/customer-login/

http_rewrite = URI DESTINATION¶

Rewrite requests for URI to DESTINATION without HTTP redirects. All URIs must contain a leading slash; rewriting URIs to external destinations is not possible. Redirections and rewrites have the highest priority when parsing a request, so any URI may be rewritten. The URI must be matched exactly, it is not possible to rewrite all requests with a certain prefix.

Often you may want a “robots.txt” file directly accessible:

http_rewrite = /robots.txt  /res/m/liveconfig/robots.txt

http_canonical_host = HOSTNAME¶

Use HOSTNAME as canonical host name for the LiveConfig web interface.

http_canonical_redirect = URL¶

If http_canonical_host is defined and a user connects to LiveConfig using a differing host name, he can be redirected to the URL configured here.

http_nonssl_redirect = STATUS URL¶

If a plain HTTP request (via a http_socket) arrives, redirect to the defined URL.

http_hsts_time = TIME¶

Enable HTTP Strict Transport Security (HSTS) for SSL connections. The value defined with TIME defines how long a client is forced to use secure connections only (recommended: 31536000 seconds = 12 months). The default setting is 0 (off).

If the option http_canonical_host is set, then HSTS is only enabled for that name - redirects using http_canonical_redirect are still possible this way.

http_proxy_ip_from = IP[, IP...]¶

When LiveConfig is run behind a reverse proxy, you can configure the IP addresses where proxy requests come from. This is required for http_proxy_ip_header to get the “real” client IP address.

http_proxy_ip_header = HEADER¶

Defines the name of the HTTP header containing the IP address of the “real” client when a reverse proxy is used. Depending on your proxy web server, this header is either X-Forwarded-For (Apache httpd) or X-Real-IP (NGINX). To avoid spoofing, the IP address from this field will only be used if the connection originates from an IP address listed in http_proxy_ip_from.

http_proxy_url = URL¶

When LiveConfig is running behind a reverse proxy, you can configure the “public” URL (of the proxy server) with this option. Sometimes LiveConfig needs to create a full URL (eg. for the link to reset a password, which is sent by e-mail). Because LiveConfig doesn’t know the external URL, it must be explicitly configured in these cases. Please type the URL without a trailing slash.

Example:

http_proxy_url = https://controlpanel.example.org

LCCP Protocol Settings¶

The LiveConfig Client Protocol (LCCP) is used for communication between a LiveConfig server and a LiveConfig client (requires a Business License on the LiveConfig server).

The LCCP specific options are:

lccp_socket = ADDRESS[:PORT]¶

Set the network address to listen for incoming LCCP connections. Optionally, a port may be specified. Both IPv4 and IPv6 addresses are allowed. Examples for valid addresses are:

[::]:7888	listen on any IPv4 and IPv6 address at port 7888
0.0.0.0	listen on any IPv4 address at default port 788
::	listen on any IPv4 and IPv6 address at default port 788
12.34.56.78	listen only at IPv4 address 12.34.56.78 (port 788)

The lccp_socket command may be used multiple times to open multiple ports. You only need to define a LCCP socket if you have at least one LiveConfig client which should connect to this server instance.