|
Always configure a secure HTTP server. Otherwise, the EMS and LSR will log warning messages when any one or more of the following conditions is true:
• SSL is disabled. That is, the ssl property is set to false
• Authentication is disabled.
• Certificate validation is disabled.
• Self-signed certificates are allowed.
For examples of secure configurations for communications between the EMS and the LSR, refer to Setting Up Secure Communications for EMS and LSR. These examples are presented in order of least secure (testing purposes ONLY) to most secure (strongly recommended for production environments).
|
|
The use of double quotation marks in config.lua is required only for Strings. For numbers and Boolean values, you do not need to use them. The LSR will work if you do use them for Booleans or numbers.
|
Property
|
Description
|
||
---|---|---|---|
scripts.script_resource_host
|
The host name or IP address of the machine where the LSR is running. The default value is "localhost"
|
||
scripts.script_resource_port
|
The number of the port used on the host for communicating with the EMS. The default value is "8001". Choose whichever port is available on the device for the HTTP Server of the LSR.
|
||
scripts.script_resource_ssl
|
Whether to use SSL/TLS for communication (Boolean). The default value is "true"
|
||
scripts.script_resource_certificate_chain
|
The path to the PEM-encoded certificate file. Use forward slashes when specifying the path, regardless of the operating system of the device.
|
||
scripts.script_resource_private_key
|
The path to the private key for the certificate. Use forward slashes when specifying the path, regardless of the operating system of the device..
|
||
scripts.script_resource_passphrase
|
The passphrase for the private key and certificate. Enclose the string in double quotation marks. For best security, encrypt the passphrase, as explained in Encrypting Application Keys, Passwords, and Passphrases.
|
||
scripts.script_resource_authenticate
|
Whether to authenticate the sender of an incoming request (Boolean). The default value is "true".
|
||
scripts.script_resource_userid
|
The user name that will be presented for authentication when attempting to access the LSR..
|
||
scripts.script_resource_password
|
The AES encrypted password that the user should present when attempting to access the LSR. For information about encryption, refer to Encrypting Application Keys, Passwords, and Passphrases.
|
||
scripts.script_resource_enable_csrf_tokens = true
|
Flag that enables (true) or disables (false) the use of CSRF tokens for REST APIs with the LSR. By default, use of CSRF tokens is enabled. Refer to CSRF Token Support.
|
||
scripts.script_resource_csrf_token_rotation_period = 10
|
The number of minutes between changes to the CSRF token for a given session. The default value is 10 minutes.
|
||
scripts.script_resource_enable_rest_services = false
|
Flag that enables (true) or disables (false) the use of REST services with the LSR. By default, use of REST services is disabled.
|