Home Screen Server Configuration
Introduction
This manual describes the configuration of the server-side components of the application GBS Home Screen.
The configuration procedure must be performed only after the installation step. For more information, consult the GBS Apps Installation Manual.
Configuration
The steps for configuration are:
All steps are described below. An example of the file config.properties can be found in the section Configuration File Example.
All lines must be present in the configuration file. Commenting out or deleting lines may cause unexpected behavior. For additional information, contact the Griaule Support Team.
Tomcat Configuration
Edit Tomcat's configuration file to configure the certificates and the port the application will use.
To change the port, search for Connector port=. This is the port for backend operations.
The default port for GBS Home Screen is 8128.
Certificates Configuration
To enable SSL authentication, search for Connector port= in the file /conf/server.xml.
There are several entries. Look for the one that defines a SSL HTTP/1.1 Connector. If necessary, remove the comment delimiters <!-- and -->. Then, adjust the following settings:
The parameter port must be the desired network port for the application.
Change the path of keystoreFile and truststoreFile to the correct values. Do the same for keystorePass and truststorePass.
The parameter clientAuth="true" will require server authentication to the client and client authentication to the server. This means the client will need to import the certificate into the browser to be able to access the application.
When clientAuth is set to true, the system administrator must provide the file certificate.pfx to end users.
Database Password Encryption
In the file config.properties, the parameter jdbc.password is an encrypted password. To generate the encrypted password, follow the steps below:
If the directory /var/lib/tomcats/home-screen/webapps/gbs-home-screen-server/WEB-INF/lib does not exist, start the application (systemctl start [email protected]) once so that the directory is created. Then, stop the application (systemctl stop [email protected]) and continue the configuration procedure.
Access the following directory:
Run the command:
The encrypted password will appear after the message: "Encrypted password is:"
Save the encrypted password. It will be used in the next step.
Application Configuration File
Open the configuration file:
Some important changes in this file are the parameters jdbc.url, jdbc.username, jdbc.password and gbds.url. Configure them according to your environment.
An example of the complete configuration file is shown in the section Configuration File Example.
Remember to replace the encrypted password generated in the section Database Password Encryption in this file.
Home Screen Settings
Next, configure the IP, port and access protocol for the application. The IP and port must be the same configured in the section Tomcat Configuration.
Make sure the configuration parameters home-screen.ip, home-screen.port and home-screen.protocol are correctly specified in the file config.properties. In many cases, the IP will be the same for several applications. However, each application will have a different and unique port.
Nginx
Install and configure Nginx so that GBS Home Screen works with single sign-on (SSO) along with the other applications.
Nginx Installation
If Nginx is already installed, skip to the section Nginx Configuration.
Install Nginx:
Start Nginx:
Nginx Configuration
Enable Nginx to start with the system:
If Nginx was already installed, check if a configuration file already exists in the directory /etc/nginx/conf.d/. If it exists, check the file to see if the server block is configured for port 80 (listen 80) and for the same server_name of the GBS Home Screen host. If so, skip the instructions to create a new configuration file and add the settings below to the existing file.
Next, create a configuration file for Nginx:
Add the following information to the file. In server, replace <ip_hostname_or_domain> with the server's IP, hostname or domain:
Next, still in server, add a configuration block for each application, mapping it to its IP and port. Replace <app_name>, <protocol>, <app_name_ip> and <app_name_port> with the correct values:
The <app_name> it can be: bcc, cardscan, etr, mir, best, intelligence, smart-sense, print, control-panel or home-screen.
Example of a complete Nginx configuration file, containing routes for all applications, using their default ports. Replace <ip_hostname_or_domain>, <protocol> and <app_name_ip> with the correct values:
Save and close the configuration file.
Finally, reload Nginx configurations:
Permissions
For the application icons to appear on the Home Screen, the user must have the necessary permissions. Each permission granted to the user (via LDAP integration) corresponds to an application, as shown in the table below:
If BCC Services is not running, open the start menu by clicking the Windows icon on the left side of the taskbar (or by pressing the Windows key on the keyboard). Then look for the GBS BCC folder in the list of programs (or type "bcc" to search). Click the
bccdesktop_user
CardScan
cardscan_user
ETR
exception_treatment_user
MIR
quality_control_user
BEST
forensic_user
Intelligence
intelligence_user
SmartSense
smartsense_user
printservice_user
Control Panel
controlpanel_user
Client Logo
In the top right corner of the web apps, it is possible to add the client's logo.
This is an environment configuration. Thus, all users who access the application will see the same logo.
To do this, in the table sphinx.settings in the database, create or change the configuration organization.logo (type APPS) to the path of the desired logo. It is necessary that the application (user tomcat) has read access to the file in order to load it.
The dimensions of the logo should be 320x132 pixels so that the entire area is filled. If the image is larger, smaller or in another ratio, it will be resized and the remaining area will be filled with white color.
The preferred image format should be PNG or JPG.
Accessing the application
GBS Home Screen, like the other applications, must be accessed without using the port, since Nginx will automatically redirect the request to the correct port. Thus, when performing a single login (SSO), the user will have access to all applications they have permission to use.
The access URL format is:
The <app_name> it can be: bcc, cardscan, etr, mir, best, intelligence, smart-sense, print, control-panel or home-screen.
Examples:
GBS Home Screen: http://172.16.0.185/gbs-home-screen-server/react/
GBS Home Screen: https://my.server.com/gbs-home-screen-server/react/
GBS CardScan: https://my.server.com/gbs-cardscan-server/react/
If the applications are not accessed by the URL in the format described above (without port), that is, if they are accessed using their ports directly, the single sign-on (SSO) will not work and login will have to be performed in each application separately.
Finishing the Configurations
After finishing all configuration steps, return to the GBS Apps Installation Manual - Configuration Section.
Configuration File Example
This section shows an example of the file config.properties.
The parameters <rdb_ip>, <rdb_username>, <rdb_encrypted_password>, <gbds_ip>, <gbds_username>, <gbds_password>, <home_screen_ip>, <protocol>, <keystore_path>, <keystore_password>, <truststore_path>, <truststore_password>, <ldap_ip>, <ldap_username>, <ldap_password>, <email_password> and <email_address> must be replaced with appropriate values.
Last updated
Was this helpful?