NOAA/seiscomp-training
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
59ff39ef0d0caa9a2b817f5f3a02bc9c770d0013
seiscomp-training/share/doc/caps/html/base/configuration.html

1329 lines
84 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Execution and Automatic Startup &#8212; CAPS: Common Acquisition Protocol Server documentation</title>
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/gempa.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/gempa.css?v=c960eebf" />
<link rel="stylesheet" type="text/css" href="../_static/graphviz.css?v=eafc0fe6" />
<script type="text/javascript" src="../_static/gempa.js"></script>
<script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js?v=b3ba4146"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=4825356b"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Server Interfaces" href="interfaces.html" />
<link rel="prev" title="Data Management" href="archive.html" />
</head>
<body>
<div class="header">
<div class="container">
<img class="background" src="../_static/icon.png"/>
<div class="content">
<span class="title">CAPS: Common Acquisition Protocol Server </span>
<span class="version">2025.254#f0c77b29e</span></h1>
</div>
</div>
</div>
<div class="nav">
<div class="container">
<div class="content"><a class="pull-right" id="sidebar-toggle">TOC</a>
<div class="related" role="navigation" aria-label="related navigation">
<ul>
<li class="right">
<a href="../genindex.html" title="General Index"
accesskey="I">
index
</a>
</li>
<li class="right">
<a href="interfaces.html" title="Server Interfaces"
accesskey="N">
next
</a>
</li>
<li class="right">
<a href="archive.html" title="Data Management"
accesskey="P">
previous
</a>
</li>
<li class="nav-item nav-item-0">
<a href="../index.html">Home</a>
</li>
<li class="nav-item nav-item-1">
<a href="server.html" accesskey="U">CAPS Server Application</a>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="container">
<div class="fitted content" id="anchors-container">
<div class="body" role="main">
<section id="execution-and-automatic-startup">
<span id="sec-caps-config"></span><h1>Execution and Automatic Startup<a class="headerlink" href="#execution-and-automatic-startup" title="Permalink to this heading"></a></h1>
<p><cite>CAPS</cite> uses the
<cite>SeisComP</cite> infrastructure for startup, configuration and logging. Please refer to
the <cite>SeisComP</cite> <a class="reference external" href="http://docs.gempa.de/seiscomp/current">documentation</a> for a
comprehensive description of <cite>SeisComP</cite>.</p>
<p>Figure <a href="#fig-scconfig">9</a> shows a screen shot of <code class="docutils literal notranslate"><span class="pre">scconfig</span></code>, which
is the central <cite>SeisComP</cite> GUI allowing to configure, start and monitor the
<cite>CAPS</cite> server.</p>
<figure class="align-center" id="id5">
<span id="fig-scconfig"></span><a class="reference internal image-reference" href="../_images/scconfig.png"><img alt="../_images/scconfig.png" src="../_images/scconfig.png" style="width: 18cm;" /></a>
<figcaption>
<p><span class="caption-text">scconfig: <cite>SeisComP</cite> utility allowing to configure, start and monitor <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a>.</span><a class="headerlink" href="#id5" title="Permalink to this image"></a></p>
</figcaption>
</figure>
<p>On the command line the following sequence may be used to enable, start and
monitor the <cite>CAPS</cite>:</p>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>seiscomp<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>caps
seoscomp<span class="w"> </span>start<span class="w"> </span>caps
seiscomp<span class="w"> </span>check<span class="w"> </span>caps
</pre></div>
</div>
<p>Dependent on the configured log level <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> will log to
<code class="file docutils literal notranslate"><span class="pre">~/.seiscomp/log/caps</span></code>. For debugging purposes it is a good practice to
stop the <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> background process and run it in the foreground using
the <a class="reference internal" href="../apps/caps.html#cmdoption-debug"><code class="xref std std-option docutils literal notranslate"><span class="pre">--debug</span></code></a> switch:</p>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>seiscomp<span class="w"> </span>stop<span class="w"> </span>caps
seiscomp<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>caps<span class="w"> </span>--debug
</pre></div>
</div>
</section>
<section id="file-system-tuning">
<h1>File System Tuning<a class="headerlink" href="#file-system-tuning" title="Permalink to this heading"></a></h1>
<p>Depending on the number of streams a <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> server handles a number of
settings can improve the I/O throughput and overall performance. Since
channel data are organized in an archive structure where each stream is written
into a dedicated file, CAPS needs to open and close a lot of files if thousands
of streams are fed into it. In the default configuration CAPS caches up to
250 open files for later reuse. An open file here is not only the data file
for the CAPS stream but might also include the index file if records have
been received out-of-order. So in the default configuration CAPS need to open
500 file at the same time.</p>
<p>Operating systems control the maximum number of open file descriptors a process
might hold. Often a default value is 1024. If the maximum open files in CAPS
should be increased to 2000 (assuming CAPS manages 2000 streams) then the
limit for the user who runs CAPS should be increased to at least 4000. In
many Linux distributions <strong class="program">ulimit</strong> can be used for that.</p>
<p>Furthermore CAPS requires file descriptors for incoming connections. Each
active connection holds a socket descriptor for network communication and
a file descriptor (or two if index files are present) for reading data.</p>
<p>Depending on the number of concurrent connections one is expecting, it would
be safe to add this number times three to the user limit in the operating
system.</p>
<p>Example for 2000 streams:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="c1"># The maximum number of open files managed by CAPS.</span>
<span class="c1"># 2000 + margin</span>
<span class="na">AS.filebase.cache.openFileLimit</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">2100</span>
</pre></div>
</div>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span><span class="c1"># Set ulimit to 7500 files: 2100 * 2 + 1000 * 3 (network)</span>
$<span class="w"> </span><span class="nb">ulimit</span><span class="w"> </span>-n<span class="w"> </span><span class="m">7200</span>
</pre></div>
</div>
</section>
<section id="security-and-access-control">
<span id="sec-caps-security"></span><h1>Security and Access Control<a class="headerlink" href="#security-and-access-control" title="Permalink to this heading"></a></h1>
<section id="access-control">
<span id="sec-conf-access"></span><h2>Access control<a class="headerlink" href="#access-control" title="Permalink to this heading"></a></h2>
<p><a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> provides access control on the
<a class="reference internal" href="#sec-conf-access-serv"><span class="std std-ref">service</span></a> and <a class="reference internal" href="#sec-conf-access-stream"><span class="std std-ref">stream</span></a>
level. On the service level access can be granted by client IP, on the stream
level by client IP or user/group name obtained during
<a class="reference internal" href="#sec-conf-access-auth"><span class="std std-ref">authentication</span></a>. In
addition <a class="reference internal" href="#sec-conf-access-passwd"><span class="std std-ref">read and write permission</span></a> may be
granted for individual users and groups. The configuration is described in the
following sections.</p>
<section id="service-level-access">
<span id="sec-conf-access-serv"></span><h3>Service level access<a class="headerlink" href="#service-level-access" title="Permalink to this heading"></a></h3>
<p>Service level access is defined in the main caps configuration file, e.g.
<code class="docutils literal notranslate"><span class="pre">&#64;SYSTEMCONFIGDIR&#64;/caps.cfg</span></code></p>
<p>The following services are availble:</p>
<ul class="simple">
<li><p>Plugin - Incoming data send by <a class="reference internal" href="plugins.html#sec-caps-plugins"><span class="std std-ref">CAPS plugins</span></a>,
configuration prefix: <code class="docutils literal notranslate"><span class="pre">AS.plugin</span></code></p></li>
<li><p>Client - Default CAPS client protocol, e.g. used by the
<a class="reference internal" href="data-retrieval.html#sec-caps-recstream"><span class="std std-ref">CAPS recordstream</span></a> or by the <a class="reference internal" href="../apps/capstool.html#capstool"><span class="std std-ref">capstool</span></a>,
configuration prefix: <code class="docutils literal notranslate"><span class="pre">AS</span></code></p></li>
<li><p>HTTP - <a class="reference internal" href="interfaces.html#sec-caps-web-interface"><span class="std std-ref">Administrative web interface</span></a> and
<a class="reference internal" href="data-retrieval.html#sec-caps-fdsnws"><span class="std std-ref">FDSNWS dataselect service</span></a>, configuration prefix:
<code class="docutils literal notranslate"><span class="pre">AS.http</span></code></p></li>
<li><p>WWS - <a class="reference internal" href="data-retrieval.html#sec-caps-wws"><span class="std std-ref">Built-in Winston waveform server</span></a>, configuration prefix: <code class="docutils literal notranslate"><span class="pre">AS.WWS</span></code></p></li>
</ul>
<p>For each sevice access can be granted on IP level through allow and deny rule
sets. By default no restrictions are in place. If an allow rule is present
access is only granted to matching IPs. Deny rules may be used to override a
subset of the IP range defined in the allow set.</p>
<p>The formal definition of a rule is:</p>
<p><code class="docutils literal notranslate"><span class="pre">IP_MASK[,</span> <span class="pre">IP_MASK[,</span> <span class="pre">...]]</span></code></p>
<p>where <code class="docutils literal notranslate"><span class="pre">IP_MASK</span></code> may be a single address or a subnet described by a network
mask.</p>
<p>Using the HTTP service as an example the configuration options
are <code class="docutils literal notranslate"><span class="pre">AS.http.allow</span></code> and <code class="docutils literal notranslate"><span class="pre">AS.http.deny</span></code>.</p>
<p>Example:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">AS.http.allow</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">192.168.1.0/24</span>
<span class="na">AS.http.deny</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">192.168.1.42</span>
</pre></div>
</div>
<p>These rules provide access to the HTTP service for all clients of the
192.168.1.0/24 subnet except for the IP 192.168.1.42.</p>
</section>
<section id="stream-level-access">
<span id="sec-conf-access-stream"></span><h3>Stream level access<a class="headerlink" href="#stream-level-access" title="Permalink to this heading"></a></h3>
<p>Stream level access is controlled by an access file defined by
<code class="docutils literal notranslate"><span class="pre">AS.auth.basic.access-list</span></code>.</p>
<p>Each line of the file consists of a ALLOW or DENY rule. The formal definition of
one rule is:</p>
<p><code class="docutils literal notranslate"><span class="pre">STREAMID.ALLOW|DENY=</span> <span class="pre">IP_MASK|USER|%GROUP[,</span> <span class="pre">IP_MASK|USER|%GROUP[,</span> <span class="pre">...]]</span></code></p>
<p>where</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">STREAMID</span></code> is defined as: <code class="docutils literal notranslate"><span class="pre">[NET[.STA[.LOC[.CHA]]]]</span></code>. Regular expressions
are not supported.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">USER</span></code> is a user account defined in the <a class="reference internal" href="#sec-conf-access-auth"><span class="std std-ref">shadow</span></a>
file or the special id <code class="docutils literal notranslate"><span class="pre">all</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GROUP</span></code> is a user group definition from the <a class="reference internal" href="#sec-conf-access-group"><span class="std std-ref">group</span></a>
file. A <code class="docutils literal notranslate"><span class="pre">%</span></code> must be placed before the group name to distinguish it from
a user.</p></li>
</ul>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>For access control, two cases must be distinguished:</p>
<ol class="arabic">
<li><p>Client access without username and password</p>
<p>All client sessions have guest permissions when no login credentials are provided. By default
data can be read and written. The guest account can be restricted by IP rules only. Please have in
mind that for instance the rule DENY=all does not have any effect here.</p>
</li>
<li><p>Client access with username and password</p>
<p>In this case user rules will be evaluated only and IP restrictions have no effect. In addition
user rules does not apply to the guest user. This leads to that DENY=all prohibits access for
all users except the guest user. If the access should be denied for all users the following rule
must be used: DENY=all, 0.0.0.0/0.</p>
</li>
</ol>
</div>
<p>This leads to that the rule DENY = all prohibits data access for all users but anonymous logins can still access data. If guest access should also be prohibited the rule must be extended by an IP address.</p>
<p>By default access is unrestricted. If a stream ID is not matched by any access
rule then access will be granted. This behavior is different from the service
level access where an allow rule will implicitly revoke access to any non
matching IP.</p>
<p>To restrict access by default you may add a global DENY rule which references no
stream id and which matches all IP addresses and all users using the special
user id <code class="docutils literal notranslate"><span class="pre">all</span></code>:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">0.0.0.0/0, all</span>
</pre></div>
</div>
<p>The rules in the access file are evaluated independent of the order in which
they are defined. A rule with more stream id components overrules a more generic
line. E.g., considering a request from the local machine the following rule set
would</p>
<ul class="simple">
<li><p>grant access to all networks except for AM</p></li>
<li><p>grant access to station AM.R0000 except for the stream 00.ENN stream</p></li>
</ul>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">AM.DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1</span>
<span class="na">AM.R0000.ALLOW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1</span>
<span class="na">AM.R0000.00.ENN.DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1</span>
</pre></div>
</div>
<p>The client IP is <strong>only</strong> evaluated in the absence of user authentication. E.g., the
following rule would block access to any anonymous user but still grant access
to any authenticated user:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">0.0.0.0/0</span>
</pre></div>
</div>
<p>Please refer to <a class="reference internal" href="#sec-conf-access-user-serv"><span class="std std-ref">Service-specific users</span></a> for a definition of service
specific users.</p>
<p>The following example shows how anonymous access by IP and access by user name
may be combined:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">AM.DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">0.0.0.0/0, all</span>
<span class="na">AM.ALLOW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">127.0.0.1, %group1, user1</span>
<span class="na">AM.R0000.ALLOW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">user2</span>
<span class="na">AM.R0000.DENY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">user1</span>
</pre></div>
</div>
<p>The example above</p>
<ul class="simple">
<li><p>grants access to anybody except for the AM network</p></li>
<li><p>grants access to the AM network for</p>
<ul>
<li><p>anonymous users on the same machine</p></li>
<li><p>users belonging to the <code class="docutils literal notranslate"><span class="pre">group1</span></code> group</p></li>
<li><p>the user <code class="docutils literal notranslate"><span class="pre">user1</span></code></p></li>
</ul>
</li>
<li><p>in addition grants access to the station AM.R0000 to the user <code class="docutils literal notranslate"><span class="pre">user2</span></code> while
local anonymous users and authenticated users of the <code class="docutils literal notranslate"><span class="pre">group1</span></code> would still
have access</p></li>
<li><p>explicitly denies access to station AM.R0000 for <code class="docutils literal notranslate"><span class="pre">user1</span></code></p></li>
</ul>
<p>The stream level access can be tested and debugged on the command line by
specifying a stream and (optionally) an IP to test for:</p>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>$<span class="w"> </span>caps<span class="w"> </span>-v<span class="w"> </span>--print-access<span class="w"> </span>AM.R0000.00.ENN<span class="w"> </span><span class="m">1</span>.2.3.4
</pre></div>
</div>
</section>
<section id="authentication-by-user-name-and-password-shadow-file">
<span id="sec-conf-access-auth"></span><h3>Authentication by user name and password (shadow file)<a class="headerlink" href="#authentication-by-user-name-and-password-shadow-file" title="Permalink to this heading"></a></h3>
<p>Authentication can be used, e.g. together with the <a class="reference internal" href="data-retrieval.html#sec-caps-recstream"><span class="std std-ref">capss RecordStream</span></a>
or <a class="reference internal" href="../apps/capstool.html#capstool"><span class="std std-ref">capstool</span></a>.
It is performed against a shadow file defined by
<code class="docutils literal notranslate"><span class="pre">AS.auth.basic.users.shadow</span></code>. It contains the user name and password information
for the user accounts. Each line consist of a user name and password hash
separated by a colon (<code class="docutils literal notranslate"><span class="pre">:</span></code>). The formal definition of one line is:</p>
<p><code class="docutils literal notranslate"><span class="pre">USER:PWD_HASH</span></code>.</p>
<p>To encrypt a password <code class="docutils literal notranslate"><span class="pre">mkpasswd</span></code> can be used. It is recommended to apply a
strong algorithm such as sha-256 or sha-512. The command</p>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>$<span class="w"> </span><span class="nv">user</span><span class="o">=</span>sysop<span class="w"> </span><span class="nv">pw</span><span class="o">=</span><span class="sb">`</span>mkpasswd<span class="w"> </span>-m<span class="w"> </span>sha-512<span class="sb">`</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="nv">$user</span>:<span class="nv">$pw</span>
</pre></div>
</div>
<p>generates a password hash for user sysop.
An empty password is represented by an asterisk (<code class="docutils literal notranslate"><span class="pre">*</span></code>).</p>
<p>Example:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="c1"># The user name is equal to the password</span>
<span class="na">user1</span><span class="o">:</span><span class="s">$6$mZM8gpmKdF9D$wqJo1HgGInLr1Tmk6kDrCCt1dY06Xr/luyQrlH0sXbXzSIVd63wglJqzX4nxHRTt/I6y9BjM5X4JJ.Tb7XY.d0</span>
<span class="na">user2</span><span class="o">:</span><span class="s">$6$zE77VXo7CRLev9ly$F8kg.MC8eLz.DHR2IWREGrSwPyLaxObyfUgwpeJdQfasD8L/pBTgJhyGYtMjUR6IONL6E6lQN.2QLqZ5O5atO/</span>
<span class="na">FDSNWS</span><span class="o">:</span><span class="s">*</span>
</pre></div>
</div>
</section>
<section id="guest-user">
<span id="sec-conf-access-guest"></span><h3>Guest user<a class="headerlink" href="#guest-user" title="Permalink to this heading"></a></h3>
<p>The CAPS server ships with a pre-configured anonymous user identified by
<code class="docutils literal notranslate"><span class="pre">guest</span></code>. It may be used during login at the
<a class="reference internal" href="interfaces.html#sec-caps-web-interface"><span class="std std-ref">web interface</span></a> in which case access is authorized
against the client IP.</p>
<p>The guest user may be assigned to a <a class="reference internal" href="#sec-conf-access-group"><span class="std std-ref">user group</span></a>
and its <a class="reference internal" href="#sec-conf-access-passwd"><span class="std std-ref">access properties</span></a> may be defined.</p>
<p>Anonymous access may be disabled through IP-based DENY rules in the
<a class="reference internal" href="#sec-conf-access-stream"><span class="std std-ref">access control</span></a> list file.</p>
</section>
<section id="service-specific-users">
<span id="sec-conf-access-user-serv"></span><h3>Service-specific users<a class="headerlink" href="#service-specific-users" title="Permalink to this heading"></a></h3>
<p>For some services it might be desirable to disable the authentication entirely.
This can be archived by adding one of the special service specific users to the
<a class="reference internal" href="#sec-conf-access-auth"><span class="std std-ref">shadow file</span></a> followed by an asterisk indicating
an empty password. Optionally <a class="reference internal" href="#sec-conf-access"><span class="std std-ref">stream specific access</span></a>
can be granted or revoked to this user as well. The flowing users are available
for the individual services:</p>
<ul class="simple">
<li><p>HTTP - Access to the <a class="reference internal" href="interfaces.html#sec-caps-web-interface"><span class="std std-ref">web interface</span></a></p></li>
<li><p>FDSNWS - Access to <a class="reference internal" href="data-retrieval.html#sec-caps-fdsnws"><span class="std std-ref">Built-in FDSNWS</span></a> dataselect service served through
the HTTP protocol (<code class="docutils literal notranslate"><span class="pre">/fdsnws/dataselect/1/query</span></code>)</p></li>
<li><p>WWS - Access to the <a class="reference internal" href="data-retrieval.html#sec-caps-wws"><span class="std std-ref">Built-in Winston waveform server</span></a> Protocol</p></li>
</ul>
</section>
<section id="groups">
<span id="sec-conf-access-group"></span><h3>Groups<a class="headerlink" href="#groups" title="Permalink to this heading"></a></h3>
<p>A group file, defined by <code class="docutils literal notranslate"><span class="pre">AS.auth.basic.users.group</span></code>, allows to assign users
to groups. Each line of the file consists of a group name followed by a user
list. The formal definition of one rule is:</p>
<p><code class="docutils literal notranslate"><span class="pre">GROUP:</span> <span class="pre">USER[,</span> <span class="pre">USER[,</span> <span class="pre">...]]</span></code></p>
<p>where</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">GROUP</span></code> is the name of the new group definition</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">USER</span></code> is a user account defined in the <a class="reference internal" href="#sec-conf-access-auth"><span class="std std-ref">shadow</span></a>
file or the special id <code class="docutils literal notranslate"><span class="pre">guest</span></code></p></li>
</ul>
<p>Example:</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">group1</span><span class="o">:</span><span class="w"> </span><span class="s">user1, user2</span>
</pre></div>
</div>
<p>A group may by referenced by the
<a class="reference internal" href="#sec-conf-access-stream"><span class="std std-ref">access control</span></a> or
<a class="reference internal" href="#sec-conf-access-passwd"><span class="std std-ref">Passwd: user access properties</span></a> file. In both cases a <code class="docutils literal notranslate"><span class="pre">%</span></code> prefix is required to
distinguish it from a user name.</p>
</section>
<section id="passwd-user-access-properties">
<span id="sec-conf-access-passwd"></span><h3>Passwd: user access properties<a class="headerlink" href="#passwd-user-access-properties" title="Permalink to this heading"></a></h3>
<p>In addition to <a class="reference internal" href="#sec-conf-access-stream"><span class="std std-ref">authentication by user name and password</span></a>,
user access control properties can be set in a
passwd file defined by <code class="docutils literal notranslate"><span class="pre">AS.auth.basic.users.passwd</span></code>. The formal definition of
a line is</p>
<p><code class="docutils literal notranslate"><span class="pre">USER|%GROUP:PROP[,</span> <span class="pre">PROP[,</span> <span class="pre">...]]</span></code></p>
<p>where</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">USER</span></code> is a user account defined in the <a class="reference internal" href="#sec-conf-access-auth"><span class="std std-ref">shadow</span></a>
file or one of the special ids <code class="docutils literal notranslate"><span class="pre">all</span></code> or <code class="docutils literal notranslate"><span class="pre">guest</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GROUP</span></code> is a user group definition from the <a class="reference internal" href="#sec-conf-access-group"><span class="std std-ref">group</span></a>
file. A <code class="docutils literal notranslate"><span class="pre">%</span></code> must be placed before the group name to distinguish it from
a user.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PROP</span></code> is a property granted to the user or group. The following properties
are currently supported:</p>
<ul>
<li><p>read - Grants permission to request data from the server</p></li>
<li><p>write - Grants permission to store data into the server</p></li>
<li><p>admin - Grants permission to request server statistics and the view server
statistics on the <a class="reference internal" href="interfaces.html#sec-caps-web-interface"><span class="std std-ref">server website</span></a>.</p></li>
</ul>
</li>
</ul>
<p>By default read and write permissions are granted to the
<a class="reference internal" href="#sec-conf-access-guest"><span class="std std-ref">guest user</span></a> and all authenticated users not
listed in this file.</p>
<p>The following example changes this and revokes read and write permissions per
default. Read access is provided to anonymous and users belonging to the
<code class="docutils literal notranslate"><span class="pre">group1</span></code> while write access is only granted to <code class="docutils literal notranslate"><span class="pre">user1</span></code>.</p>
<div class="highlight-properties notranslate"><div class="highlight"><pre><span></span><span class="na">all</span><span class="o">:</span>
<span class="na">guest</span><span class="o">:</span><span class="w"> </span><span class="s">read</span>
<span class="na">%group1</span><span class="o">:</span><span class="w"> </span><span class="s">read</span>
<span class="na">user1</span><span class="o">:</span><span class="w"> </span><span class="s">read,write</span>
</pre></div>
</div>
</section>
</section>
<section id="secure-sockets-layer-ssl">
<span id="sec-conf-ssl"></span><h2>Secure sockets layer (SSL)<a class="headerlink" href="#secure-sockets-layer-ssl" title="Permalink to this heading"></a></h2>
<p>The Secure Sockets Layer (SSL) is a standard for establishing a secured
communication between applications using insecure networks. Neither client
requests nor server responses are readable by communication hubs in between. SSL
is based on a public-key infrastructure (PKI) to establish trust about the
identity of the communication counterpart. The concept of a PKI is based on
public certificates and private keys.</p>
<p>The following example illustrates how to generate a self-signed certificate
using the OpenSSL library:</p>
<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>$<span class="w"> </span>openssl<span class="w"> </span>req<span class="w"> </span>-new<span class="w"> </span>-x509<span class="w"> </span>-sha512<span class="w"> </span>-newkey<span class="w"> </span>rsa:4096<span class="w"> </span>-out<span class="w"> </span>caps.crt<span class="w"> </span>-keyout<span class="w"> </span>caps.key<span class="w"> </span>-nodes
</pre></div>
</div>
<p>The last parameter <code class="docutils literal notranslate"><span class="pre">-nodes</span></code> disables the password protection of the private
key. If omitted, a password must be defined which will be requested when
accessing the private key. <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> will request the password on the command
line during startup.</p>
<p>To enable SSL in <a class="reference internal" href="glossary.html#term-CAPS"><span class="xref std std-term">CAPS</span></a> the <code class="docutils literal notranslate"><span class="pre">AS.SSL.port</span></code> as well as the location of the
<code class="docutils literal notranslate"><span class="pre">AS.SSL.certificate</span></code> and <code class="docutils literal notranslate"><span class="pre">AS.SSL.key</span></code> file must be specified.
Optionally the unencrypted <code class="docutils literal notranslate"><span class="pre">AS.port</span></code> may be deactivated by setting a value
of <code class="docutils literal notranslate"><span class="pre">-1</span></code>.</p>
</section>
</section>
<section id="module-configuration">
<h1>Module Configuration<a class="headerlink" href="#module-configuration" title="Permalink to this heading"></a></h1>
<div class="line-block">
<div class="line"><code class="file docutils literal notranslate"><span class="pre">etc/defaults/global.cfg</span></code></div>
<div class="line"><code class="file docutils literal notranslate"><span class="pre">etc/defaults/caps.cfg</span></code></div>
<div class="line"><code class="file docutils literal notranslate"><span class="pre">etc/global.cfg</span></code></div>
<div class="line"><code class="file docutils literal notranslate"><span class="pre">etc/caps.cfg</span></code></div>
<div class="line"><code class="file docutils literal notranslate"><span class="pre">~/.seiscomp/global.cfg</span></code></div>
<div class="line"><code class="file docutils literal notranslate"><span class="pre">~/.seiscomp/caps.cfg</span></code></div>
</div>
<p>caps inherits <a class="reference internal" href="../apps/global.html#global-configuration"><span class="std std-ref">global options</span></a>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Modules/plugins may require a license file. The default path to license
files is <code class="file docutils literal notranslate"><span class="pre">&#64;DATADIR&#64;/licenses/</span></code> which can be overridden by global
configuration of the parameter <code class="xref std std-confval docutils literal notranslate"><span class="pre">gempa.licensePath</span></code>. Example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">gempa</span><span class="o">.</span><span class="n">licensePath</span> <span class="o">=</span> <span class="nd">@CONFIGDIR</span><span class="o">@/</span><span class="n">licenses</span>
</pre></div>
</div>
</div>
<div class="admonition note" id="as">
<p class="admonition-title">Note</p>
<p><strong>AS.*</strong>
<em>CAPS server control parameters</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase">
<span class="sig-name descname"><span class="pre">AS.filebase</span></span><a class="headerlink" href="#confval-AS.filebase" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">&#64;ROOTDIR&#64;/var/lib/caps/archive</span></code></p>
<p>Type: <em>string</em></p>
<p>Defines the path to the archive directory.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.port">
<span class="sig-name descname"><span class="pre">AS.port</span></span><a class="headerlink" href="#confval-AS.port" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">18002</span></code></p>
<p>Type: <em>int</em></p>
<p>Defines the server port for client requests.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.clientBufferSize">
<span class="sig-name descname"><span class="pre">AS.clientBufferSize</span></span><a class="headerlink" href="#confval-AS.clientBufferSize" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">16384</span></code></p>
<p>Unit: <em>B</em></p>
<p>Type: <em>int</em></p>
<p>Size of the client buffer in bytes. In case the client fails to read the buffered data
in time (buffer overflow) the connection falls back to archive requests.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.minDelay">
<span class="sig-name descname"><span class="pre">AS.minDelay</span></span><a class="headerlink" href="#confval-AS.minDelay" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">-1</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>int</em></p>
<p>Limits the retrieval of real-time data. The value
specifies the maximum relative end time of the time range
to be requested. The maximum absolute end time is
now - minDelay. This is only valid for FDSNWS and WWS.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.inventory">
<span class="sig-name descname"><span class="pre">AS.inventory</span></span><a class="headerlink" href="#confval-AS.inventory" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>path</em></p>
<p>The path to an optional inventory XML file with SeisComP3
schema. This inventory information is used by WWS to populate
the channel coordinates. In future possibly more endpoints
will make use of it.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.logRequests">
<span class="sig-name descname"><span class="pre">AS.logRequests</span></span><a class="headerlink" href="#confval-AS.logRequests" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>Whether to maintain a request log file or not. Each request
will be logged and partly traced.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.logAnonymousIP">
<span class="sig-name descname"><span class="pre">AS.logAnonymousIP</span></span><a class="headerlink" href="#confval-AS.logAnonymousIP" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>Log only parts of the IP to respect users privacy.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.logPurge">
<span class="sig-name descname"><span class="pre">AS.logPurge</span></span><a class="headerlink" href="#confval-AS.logPurge" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>Whether to maintain a purge log file or not. Each purge
operation will be logged.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.allow">
<span class="sig-name descname"><span class="pre">AS.allow</span></span><a class="headerlink" href="#confval-AS.allow" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are allowed to access the caps(s) port.
By default access is unrestricted.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.deny">
<span class="sig-name descname"><span class="pre">AS.deny</span></span><a class="headerlink" href="#confval-AS.deny" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are not allowed to access the caps(s) port.
By default access is unrestricted.</p>
</dd></dl>
<div class="admonition note" id="as-filebase">
<p class="admonition-title">Note</p>
<p><strong>AS.filebase.*</strong>
<em>File buffer control parameters</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.logFile">
<span class="sig-name descname"><span class="pre">AS.filebase.logFile</span></span><a class="headerlink" href="#confval-AS.filebase.logFile" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>path</em></p>
<p>The path to the archive log file which contains the
stream start and end times. By default it is written
to $filebase/archive.log.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.keep">
<span class="sig-name descname"><span class="pre">AS.filebase.keep</span></span><a class="headerlink" href="#confval-AS.filebase.keep" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">*.*.*.*:-1</span></code></p>
<p>Type: <em>list:string</em></p>
<p>Number of days to keep data per stream ID before
&quot;AS.filebase.purge.referenceTime&quot;. For
stream-specific configuration create a list of pairs
consisting of stream ID : days. Separate pairs by
comma. The first occurrence in the list takes priority.</p>
<p>Example keeping all streams but AM.* and GR.* for 14 days:</p>
<p>GR.*:-1, AM.*.*.*:365, *.*.*.*:14</p>
<p>Default (empty parameter) or -1: keep all data forever.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.preallocationSize">
<span class="sig-name descname"><span class="pre">AS.filebase.preallocationSize</span></span><a class="headerlink" href="#confval-AS.filebase.preallocationSize" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">65535</span></code></p>
<p>Unit: <em>B</em></p>
<p>Type: <em>int</em></p>
<p>Preallocation size of data files in bytes. Some file system allow to reserve
disk space for files in advance. Especially on spinning disks the read
performance will be improved if data can be read sequentially. The speed is
traded for disk space consumed by the file since its size will be a multiple
of the specified value. Set the value to 0 to disable this feature.</p>
</dd></dl>
<div class="admonition note" id="as-filebase-cache">
<p class="admonition-title">Note</p>
<p><strong>AS.filebase.cache.*</strong>
<em>CAPS does not keep all files of all streams open. It</em>
<em>tries to keep open the most frequently used files and closes</em>
<em>all others. The more files CAPS can keep open the faster</em>
<em>the population of the archive. The limit of open</em>
<em>files depends on the security settings of the user under</em>
<em>which CAPS is running.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.cache.openFileLimit">
<span class="sig-name descname"><span class="pre">AS.filebase.cache.openFileLimit</span></span><a class="headerlink" href="#confval-AS.filebase.cache.openFileLimit" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">250</span></code></p>
<p>Type: <em>int</em></p>
<p>The maximum number of open files. Because a stream
file can have an associated index file this value
is half of the physically opened files in worst case.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.cache.unusedFileLimit">
<span class="sig-name descname"><span class="pre">AS.filebase.cache.unusedFileLimit</span></span><a class="headerlink" href="#confval-AS.filebase.cache.unusedFileLimit" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">1000</span></code></p>
<p>Type: <em>int</em></p>
<p>Limit of cached files in total. This value affects also
files that are actually explicitly closed by the
application. CAPS will keep them open (respecting
the openFileLimit parameter) as long as possible and
preserve a file handle to speed up reopening the
file later.</p>
</dd></dl>
<span class="target" id="as-filebase-params"></span><dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.params.writeMetaOnClose">
<span class="sig-name descname"><span class="pre">AS.filebase.params.writeMetaOnClose</span></span><a class="headerlink" href="#confval-AS.filebase.params.writeMetaOnClose" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>This is an optimization to write the datafile meta record only
on file close and not every time a new record has been added
to a file. To save IO bandwidth when handling many channels,
this could be helpful.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.params.alignIndexPages">
<span class="sig-name descname"><span class="pre">AS.filebase.params.alignIndexPages</span></span><a class="headerlink" href="#confval-AS.filebase.params.alignIndexPages" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>This forces to align index pages in the file at 4k boundaries.
In order to achieve that, NULL chunks must be inserted to
allow padding. This will lead to less device page updates
but slightly larger data files.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.params.priority">
<span class="sig-name descname"><span class="pre">AS.filebase.params.priority</span></span><a class="headerlink" href="#confval-AS.filebase.params.priority" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">0</span></code></p>
<p>Type: <em>int</em></p>
<p>A value greater than 0 will raise the write thread
priority to the given value. This value is in
accordance to the pthread_setschedparam function.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.params.q">
<span class="sig-name descname"><span class="pre">AS.filebase.params.q</span></span><a class="headerlink" href="#confval-AS.filebase.params.q" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">1000</span></code></p>
<p>Type: <em>int</em></p>
<p>The real-time notification queue size.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.params.concurrency">
<span class="sig-name descname"><span class="pre">AS.filebase.params.concurrency</span></span><a class="headerlink" href="#confval-AS.filebase.params.concurrency" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">1</span></code></p>
<p>Type: <em>int</em></p>
<p>The number of concurrent writes to the database. The
higher the value the more concurrent write operations
are issued distributed across the files. A single file
can only be updated sequentially. This value is most
effective if many records of different channels are
pushed, like the output of scmssort.</p>
</dd></dl>
<div class="admonition note" id="as-filebase-purge">
<p class="admonition-title">Note</p>
<p><strong>AS.filebase.purge.*</strong>
<em>Parameters controlling IO resources occupied by the purge operation.</em>
<em>The deletion of many data files at once may have a significant impact</em>
<em>on the server performance. E.g. if the server did not run for a while</em>
<em>or the keep parameter was reduced significantly, the purge operation</em>
<em>may slow down the processing of real-time data.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.purge.referenceTime">
<span class="sig-name descname"><span class="pre">AS.filebase.purge.referenceTime</span></span><a class="headerlink" href="#confval-AS.filebase.purge.referenceTime" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">EndTime</span></code></p>
<p>Type: <em>string</em></p>
<p>Values: <code class="docutils literal notranslate"><span class="pre">EndTime,Now</span></code></p>
<p>The reference time defining the end of the time window
to keep the data. The window length is set by
&quot;AS.filebase.keep&quot;.
Data outside the window will be purged. Available values:</p>
<p>EndTime: The reference time is the end time per stream.
This keeps older data if no more recent data arrive.</p>
<p>Now: The reference time is current time. This
deletes old data even if no recent data arrive.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.purge.idleTime">
<span class="sig-name descname"><span class="pre">AS.filebase.purge.idleTime</span></span><a class="headerlink" href="#confval-AS.filebase.purge.idleTime" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">5</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>double</em></p>
<p>Idle time between two purge runs.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.purge.initIdleTime">
<span class="sig-name descname"><span class="pre">AS.filebase.purge.initIdleTime</span></span><a class="headerlink" href="#confval-AS.filebase.purge.initIdleTime" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">0</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>double</em></p>
<p>Idle time before the first purge run starts. Normally
after a start the server tries to catch up all data which
might be an IO intensive operation. In case of a huge archive the purge
operation slow downs the read/write performace of the system too. To
reduce the load at start it is a good idea to postpone this operation.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.purge.maxProcessTime">
<span class="sig-name descname"><span class="pre">AS.filebase.purge.maxProcessTime</span></span><a class="headerlink" href="#confval-AS.filebase.purge.maxProcessTime" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">1</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>double</em></p>
<p>Maximum processing time for one purge run. If exceeded the
purge task will pause for AS.filebase.purge.idleTime
seconds freeing IO resources.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.filebase.purge.startTime">
<span class="sig-name descname"><span class="pre">AS.filebase.purge.startTime</span></span><a class="headerlink" href="#confval-AS.filebase.purge.startTime" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">00:30</span></code></p>
<p>Type: <em>string</em></p>
<p>Time of the day when to run the daily purge run. Time is in UTC.</p>
</dd></dl>
<div class="admonition note" id="as-ssl">
<p class="admonition-title">Note</p>
<p><strong>AS.SSL.*</strong>
<em>Parameters for SSL-based data requests</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.SSL.port">
<span class="sig-name descname"><span class="pre">AS.SSL.port</span></span><a class="headerlink" href="#confval-AS.SSL.port" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>int</em></p>
<p>Defines the SSL server port for client requests. By default
SSL requests are disabled.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.SSL.certificate">
<span class="sig-name descname"><span class="pre">AS.SSL.certificate</span></span><a class="headerlink" href="#confval-AS.SSL.certificate" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the SSL certificate to use.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.SSL.key">
<span class="sig-name descname"><span class="pre">AS.SSL.key</span></span><a class="headerlink" href="#confval-AS.SSL.key" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the private SSL key to use. This key
is not shared with clients.</p>
</dd></dl>
<div class="admonition note" id="as-auth">
<p class="admonition-title">Note</p>
<p><strong>AS.auth.*</strong>
<em>Parameters controlling the authentication system for data requests</em>
<em>based on user ID, IP addresses, access roles and access control lists.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.auth.backend">
<span class="sig-name descname"><span class="pre">AS.auth.backend</span></span><a class="headerlink" href="#confval-AS.auth.backend" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">basic</span></code></p>
<p>Type: <em>string</em></p>
<p>The server provides an authentication plug-in interface. An authentication plugin
implements access control checks. It is free where it gets the access information from e.g
from a local database/file or a remote server. The option sets which authentication plugin
should be used for authentication. Dont forget to load the plugin in the plugin section.
The basic plugin is built-in.</p>
</dd></dl>
<div class="admonition note" id="as-auth-basic">
<p class="admonition-title">Note</p>
<p><strong>AS.auth.basic.*</strong>
<em>Basic authentication parameters. The configuration can</em>
<em>be reloaded without restarting the server. Use</em>
<em>“seiscomp reload caps`” to reload the</em>
<em>authentication parameters without a restart.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.auth.basic.access-list">
<span class="sig-name descname"><span class="pre">AS.auth.basic.access-list</span></span><a class="headerlink" href="#confval-AS.auth.basic.access-list" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">&#64;SYSTEMCONFIGDIR&#64;/caps/access.cfg</span></code></p>
<p>Type: <em>file</em></p>
<p>Path to the access control list controlling access based on rules.
By default access is unrestricted. Allow rules are evaluated first.</p>
<p>AM.DENY = 127.0.0.1</p>
<p>AM.ALLOW = 127.0.0.1</p>
<p>This example rule set prohibits all AM network stations for localhost because
the DENY rule is evaluated after the ALLOW rule.</p>
<p>IP restrictions apply to the guest user only. In addition to IPs the access can
be also restricted by user or group. In the latter case
the &quot;%&quot; must be placed in front of the group name. Here an example:</p>
<p>AM.ALLOW = %users</p>
<p>AM.R44F5.ALLOW = sysop</p>
<p>Rules are evaluated on the basis of one another. This can lead to misunderstandings. Here an
example:</p>
<p>AM.ALLOW = sysop</p>
<p>This rule will allow the AM network for sysop only. But</p>
<p>DENY = %users
AM.ALLOW = sysop</p>
<p>will allow the access to the AM network for all users except those are member of the group users.</p>
</dd></dl>
<span class="target" id="as-auth-basic-users"></span><dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.auth.basic.users.shadow">
<span class="sig-name descname"><span class="pre">AS.auth.basic.users.shadow</span></span><a class="headerlink" href="#confval-AS.auth.basic.users.shadow" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">&#64;SYSTEMCONFIGDIR&#64;/caps/shadow.cfg</span></code></p>
<p>Type: <em>file</em></p>
<p>Location of the users authentication file. For each user one line
of the following format must exist:</p>
<p>username:encrypted_pwd</p>
<p>To encrypt the password mkpasswd can be used. It is recommended to
apply a strong algorithm such as sha-256 or sha-512. The command</p>
<p>u=sysop pw=`mkpasswd -m sha-512` &amp;&amp; echo $u:$pw</p>
<p>generates one line for user &quot;sysop&quot;.
Add the line to the authentication file.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.auth.basic.users.passwd">
<span class="sig-name descname"><span class="pre">AS.auth.basic.users.passwd</span></span><a class="headerlink" href="#confval-AS.auth.basic.users.passwd" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">&#64;SYSTEMCONFIGDIR&#64;/caps/passwd.cfg</span></code></p>
<p>Type: <em>file</em></p>
<p>Location of the users access control file. Each
line starts with a user ID (uid) or a group ID (gid)
and a list of access properties in the form:</p>
<p>uid:prop1,prop2</p>
<p>or</p>
<p>%gid:prop1,prop2</p>
<p>&quot;%&quot; indicates a gid instead of a uid.
The properties grant access to certain CAPS
features. Supported access property values are:
read, write, admin.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.auth.basic.users.group">
<span class="sig-name descname"><span class="pre">AS.auth.basic.users.group</span></span><a class="headerlink" href="#confval-AS.auth.basic.users.group" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">&#64;SYSTEMCONFIGDIR&#64;/caps/group.cfg</span></code></p>
<p>Type: <em>file</em></p>
<p>Location of the optional group file. Each line maps a group id
to a list of users in format</p>
<p>gid:user1,user2,user3</p>
</dd></dl>
<span class="target" id="as-plugins"></span><dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.port">
<span class="sig-name descname"><span class="pre">AS.plugins.port</span></span><a class="headerlink" href="#confval-AS.plugins.port" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">18003</span></code></p>
<p>Type: <em>int</em></p>
<p>Defines the server port to use for plugin connections.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.allow">
<span class="sig-name descname"><span class="pre">AS.plugins.allow</span></span><a class="headerlink" href="#confval-AS.plugins.allow" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are allowed to access the plugin port.
By default access is unrestricted.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.deny">
<span class="sig-name descname"><span class="pre">AS.plugins.deny</span></span><a class="headerlink" href="#confval-AS.plugins.deny" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are not allowed to access the plugin port.
By default access is unrestricted.</p>
</dd></dl>
<span class="target" id="as-plugins-ssl"></span><dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.SSL.port">
<span class="sig-name descname"><span class="pre">AS.plugins.SSL.port</span></span><a class="headerlink" href="#confval-AS.plugins.SSL.port" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>int</em></p>
<p>Defines the SSL server port to use for plugin SSL connections.
The SSL port is disabled by default.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.SSL.certificate">
<span class="sig-name descname"><span class="pre">AS.plugins.SSL.certificate</span></span><a class="headerlink" href="#confval-AS.plugins.SSL.certificate" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the SSL certificate to use.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.plugins.SSL.key">
<span class="sig-name descname"><span class="pre">AS.plugins.SSL.key</span></span><a class="headerlink" href="#confval-AS.plugins.SSL.key" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the private SSL key to use. This key
is not shared with clients.</p>
</dd></dl>
<div class="admonition note" id="as-http">
<p class="admonition-title">Note</p>
<p><strong>AS.http.*</strong>
<em>Web interface control parameters</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.port">
<span class="sig-name descname"><span class="pre">AS.http.port</span></span><a class="headerlink" href="#confval-AS.http.port" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>int</em></p>
<p>Defines the server port for HTTP connections. By default the Web interface is disabled.</p>
<p>Typical value: 18081</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.allow">
<span class="sig-name descname"><span class="pre">AS.http.allow</span></span><a class="headerlink" href="#confval-AS.http.allow" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are allowed to access the http(s) port.
By default access is unrestricted.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.deny">
<span class="sig-name descname"><span class="pre">AS.http.deny</span></span><a class="headerlink" href="#confval-AS.http.deny" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are not allowed to access the http(s) port.
By default access is unrestricted.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.resolveProxyClient">
<span class="sig-name descname"><span class="pre">AS.http.resolveProxyClient</span></span><a class="headerlink" href="#confval-AS.http.resolveProxyClient" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>Sets if the X-Forwarded-For HTTP header is evaluated to
retrieve the real client IP address from a proxy server.
This is important if the web frontend is behind a proxy,
e.g. Apache. Since data access is configured per IP, the
real IP is required to grant access to requested channels.
Enabling this opens a possible security hole as clients
can then easily spoof their IP if the proxy does not
correctly maintain this header or if CAPS does not run
behind a proxy.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.disableBasicAuthorization">
<span class="sig-name descname"><span class="pre">AS.http.disableBasicAuthorization</span></span><a class="headerlink" href="#confval-AS.http.disableBasicAuthorization" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">false</span></code></p>
<p>Type: <em>boolean</em></p>
<p>Controls whether basic authorization is enabled or not.
In case you are running CAPS behind a proxy which already
configures basic authorization then enable this flag.
If basic authorization is disabled then the default
HTTP user should have access without a password.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.fdsnws">
<span class="sig-name descname"><span class="pre">AS.http.fdsnws</span></span><a class="headerlink" href="#confval-AS.http.fdsnws" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Sets the optional relative FDSNWS path which is being
used by the CAPS frontend client. Do not append
&quot;fdsnws/dataselect/1/query&quot; as this is done
automatically. Set it to &quot;/&quot; if the CAPS
frontend is running with a relative path behind e.g.
Nginx.</p>
</dd></dl>
<div class="admonition note" id="as-http-ssl">
<p class="admonition-title">Note</p>
<p><strong>AS.http.SSL.*</strong>
<em>Use https instead of http when setting the following parameters</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.SSL.port">
<span class="sig-name descname"><span class="pre">AS.http.SSL.port</span></span><a class="headerlink" href="#confval-AS.http.SSL.port" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>int</em></p>
<p>Defines the server port for HTTPS connections.
By default the SSL Web interface is disabled.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.SSL.certificate">
<span class="sig-name descname"><span class="pre">AS.http.SSL.certificate</span></span><a class="headerlink" href="#confval-AS.http.SSL.certificate" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the SSL certificate to use.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.http.SSL.key">
<span class="sig-name descname"><span class="pre">AS.http.SSL.key</span></span><a class="headerlink" href="#confval-AS.http.SSL.key" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>string</em></p>
<p>Defines the path to the private SSL key to use. This
key is not shared with clients.</p>
</dd></dl>
<div class="admonition note" id="as-fdsnws">
<p class="admonition-title">Note</p>
<p><strong>AS.FDSNWS.*</strong>
<em>FDSNWS control parameters for dataselect. The FDSNWS service</em>
<em>is provided through the “AS.http.port”.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.FDSNWS.maxTimeWindow">
<span class="sig-name descname"><span class="pre">AS.FDSNWS.maxTimeWindow</span></span><a class="headerlink" href="#confval-AS.FDSNWS.maxTimeWindow" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">0</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>int</em></p>
<p>Maximum length of time window per request. A value
greater than zero limits the maximum request time window
including all data. 0 disables the limit.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.FDSNWS.maxRequests">
<span class="sig-name descname"><span class="pre">AS.FDSNWS.maxRequests</span></span><a class="headerlink" href="#confval-AS.FDSNWS.maxRequests" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">1000</span></code></p>
<p>Type: <em>int</em></p>
<p>Maximum number of requests per post. A value greater than
or equal to zero limits the number
of request lines per POST request.</p>
</dd></dl>
<div class="admonition note" id="as-wws">
<p class="admonition-title">Note</p>
<p><strong>AS.WWS.*</strong>
<em>Winston waveform server (WWS) control parameters. When set,</em>
<em>CAPS will also serve WWS.</em></p>
</div>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.WWS.port">
<span class="sig-name descname"><span class="pre">AS.WWS.port</span></span><a class="headerlink" href="#confval-AS.WWS.port" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>int</em></p>
<p>Server port for WWS connections. Please note that
inventory information (see AS.inventory) is required to
fully support WWS requests otherwise empty values for
the channel location and unit will be returned.</p>
<p>Default (no value): The WWS interface is disabled.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.WWS.maxTimeWindow">
<span class="sig-name descname"><span class="pre">AS.WWS.maxTimeWindow</span></span><a class="headerlink" href="#confval-AS.WWS.maxTimeWindow" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">90000</span></code></p>
<p>Unit: <em>s</em></p>
<p>Type: <em>int</em></p>
<p>Maximum length of time window in seconds per request.
A value greater than zero limits the maximum request time window
including all data. 0 disables the limit.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.WWS.maxRequests">
<span class="sig-name descname"><span class="pre">AS.WWS.maxRequests</span></span><a class="headerlink" href="#confval-AS.WWS.maxRequests" title="Permalink to this definition"></a></dt>
<dd><p>Default: <code class="docutils literal notranslate"><span class="pre">100</span></code></p>
<p>Type: <em>int</em></p>
<p>A value greater than or equal to zero limits the number
of request lines per POST request.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.WWS.allow">
<span class="sig-name descname"><span class="pre">AS.WWS.allow</span></span><a class="headerlink" href="#confval-AS.WWS.allow" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are allowed to access the WWS port.
By default access is unrestricted.</p>
</dd></dl>
<dl class="std confval">
<dt class="sig sig-object std" id="confval-AS.WWS.deny">
<span class="sig-name descname"><span class="pre">AS.WWS.deny</span></span><a class="headerlink" href="#confval-AS.WWS.deny" title="Permalink to this definition"></a></dt>
<dd><p>Type: <em>list:string</em></p>
<p>List of IPs which are not allowed to access the WWS port.
By default access is unrestricted.</p>
</dd></dl>
</section>
<section id="command-line-options">
<h1>Command-Line Options<a class="headerlink" href="#command-line-options" title="Permalink to this heading"></a></h1>
<p><strong class="program">caps [options]</strong></p>
<section id="generic">
<span id="id1"></span><h2>Generic<a class="headerlink" href="#generic" title="Permalink to this heading"></a></h2>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-h">
<span id="cmdoption-help"></span><span class="sig-name descname"><span class="pre">-h</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--help</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-h" title="Permalink to this definition"></a></dt>
<dd><p>Show help message.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-V">
<span id="cmdoption-version"></span><span class="sig-name descname"><span class="pre">-V</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--version</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-V" title="Permalink to this definition"></a></dt>
<dd><p>Show version information.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-config-file">
<span class="sig-name descname"><span class="pre">--config-file</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-config-file" title="Permalink to this definition"></a></dt>
<dd><p>Use alternative configuration file. When this option is
used the loading of all stages is disabled. Only the
given configuration file is parsed and used. To use
another name for the configuration create a symbolic
link of the application or copy it. Example:
scautopick -&gt; scautopick2.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-plugins">
<span class="sig-name descname"><span class="pre">--plugins</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-plugins" title="Permalink to this definition"></a></dt>
<dd><p>Load given plugins.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-D">
<span id="cmdoption-daemon"></span><span class="sig-name descname"><span class="pre">-D</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--daemon</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-D" title="Permalink to this definition"></a></dt>
<dd><p>Run as daemon. This means the application will fork itself
and doesnt need to be started with &amp;.</p>
</dd></dl>
</section>
<section id="verbosity">
<span id="id2"></span><h2>Verbosity<a class="headerlink" href="#verbosity" title="Permalink to this heading"></a></h2>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-verbosity">
<span class="sig-name descname"><span class="pre">--verbosity</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-verbosity" title="Permalink to this definition"></a></dt>
<dd><p>Verbosity level [0..4]. 0:quiet, 1:error, 2:warning, 3:info,
4:debug.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-v">
<span id="cmdoption-v"></span><span class="sig-name descname"><span class="pre">-v</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--v</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-v" title="Permalink to this definition"></a></dt>
<dd><p>Increase verbosity level (may be repeated, eg. -vv).</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-q">
<span id="cmdoption-quiet"></span><span class="sig-name descname"><span class="pre">-q</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--quiet</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-q" title="Permalink to this definition"></a></dt>
<dd><p>Quiet mode: no logging output.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-print-component">
<span class="sig-name descname"><span class="pre">--print-component</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-print-component" title="Permalink to this definition"></a></dt>
<dd><p>For each log entry print the component right after the
log level. By default the component output is enabled
for file output but disabled for console output.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-component">
<span class="sig-name descname"><span class="pre">--component</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-component" title="Permalink to this definition"></a></dt>
<dd><p>Limit the logging to a certain component. This option can
be given more than once.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-s">
<span id="cmdoption-syslog"></span><span class="sig-name descname"><span class="pre">-s</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--syslog</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-s" title="Permalink to this definition"></a></dt>
<dd><p>Use syslog logging backend. The output usually goes to
/var/lib/messages.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-l">
<span id="cmdoption-lockfile"></span><span class="sig-name descname"><span class="pre">-l</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--lockfile</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-l" title="Permalink to this definition"></a></dt>
<dd><p>Path to lock file.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-console">
<span class="sig-name descname"><span class="pre">--console</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-console" title="Permalink to this definition"></a></dt>
<dd><p>Send log output to stdout.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-debug">
<span class="sig-name descname"><span class="pre">--debug</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-debug" title="Permalink to this definition"></a></dt>
<dd><p>Execute in debug mode.
Equivalent to --verbosity=4 --console=1 .</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-trace">
<span class="sig-name descname"><span class="pre">--trace</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-trace" title="Permalink to this definition"></a></dt>
<dd><p>Execute in trace mode.
Equivalent to --verbosity=4 --console=1 --print-component=1
--print-context=1 .</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-log-file">
<span class="sig-name descname"><span class="pre">--log-file</span></span><span class="sig-prename descclassname"> <span class="pre">arg</span></span><a class="headerlink" href="#cmdoption-log-file" title="Permalink to this definition"></a></dt>
<dd><p>Use alternative log file.</p>
</dd></dl>
</section>
<section id="server">
<span id="id3"></span><h2>Server<a class="headerlink" href="#server" title="Permalink to this heading"></a></h2>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-p">
<span id="cmdoption-server-port"></span><span class="sig-name descname"><span class="pre">-p</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--server-port</span></span><span class="sig-prename descclassname"> <span class="pre">int</span></span><a class="headerlink" href="#cmdoption-p" title="Permalink to this definition"></a></dt>
<dd><p>Overrides configuration parameter <a class="reference internal" href="#confval-AS.port"><code class="xref std std-confval docutils literal notranslate"><span class="pre">AS.port</span></code></a>.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-server-ssl-port">
<span class="sig-name descname"><span class="pre">--server-ssl-port</span></span><span class="sig-prename descclassname"> <span class="pre">int</span></span><a class="headerlink" href="#cmdoption-server-ssl-port" title="Permalink to this definition"></a></dt>
<dd><p>Overrides configuration parameter <a class="reference internal" href="#confval-AS.SSL.port"><code class="xref std std-confval docutils literal notranslate"><span class="pre">AS.SSL.port</span></code></a>.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-P">
<span id="cmdoption-plugin-port"></span><span class="sig-name descname"><span class="pre">-P</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--plugin-port</span></span><span class="sig-prename descclassname"> <span class="pre">int</span></span><a class="headerlink" href="#cmdoption-P" title="Permalink to this definition"></a></dt>
<dd><p>Overrides configuration parameter <a class="reference internal" href="#confval-AS.plugins.port"><code class="xref std std-confval docutils literal notranslate"><span class="pre">AS.plugins.port</span></code></a>.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-http-port">
<span class="sig-name descname"><span class="pre">--http-port</span></span><span class="sig-prename descclassname"> <span class="pre">int</span></span><a class="headerlink" href="#cmdoption-http-port" title="Permalink to this definition"></a></dt>
<dd><p>Overrides configuration parameter <a class="reference internal" href="#confval-AS.http.port"><code class="xref std std-confval docutils literal notranslate"><span class="pre">AS.http.port</span></code></a>.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-read-only">
<span class="sig-name descname"><span class="pre">--read-only</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-read-only" title="Permalink to this definition"></a></dt>
<dd><p>Do not store any packets.</p>
</dd></dl>
</section>
<section id="test">
<span id="id4"></span><h2>Test<a class="headerlink" href="#test" title="Permalink to this heading"></a></h2>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-configtest">
<span class="sig-name descname"><span class="pre">--configtest</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-configtest" title="Permalink to this definition"></a></dt>
<dd><p>Run a configuration file syntax test. It parses the
configuration files and either reports Syntax Ok or detailed
information about the particular syntax error.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-print-access">
<span class="sig-name descname"><span class="pre">--print-access</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-print-access" title="Permalink to this definition"></a></dt>
<dd><p>Print access information for one or more channels from a
given IP and a user with password, format: NET.STA.LOC.CHA,
e.g.,</p>
<p>IP check</p>
<p>caps --print-access GE.*.*.* 127.0.0.1</p>
<p>IP and user:password check</p>
<p>caps --print-access GE.APE.*.* --user gempa:gempa 127.0.0.1</p>
<p>The stream ID filter supports wildcards. Use option -v to
enable the trace mode to get detailed information about the
rule evaluation.</p>
</dd></dl>
<dl class="std option">
<dt class="sig sig-object std" id="cmdoption-u">
<span id="cmdoption-user"></span><span class="sig-name descname"><span class="pre">-u</span></span><span class="sig-prename descclassname"></span><span class="sig-prename descclassname"><span class="pre">,</span> </span><span class="sig-name descname"><span class="pre">--user</span></span><span class="sig-prename descclassname"></span><a class="headerlink" href="#cmdoption-u" title="Permalink to this definition"></a></dt>
<dd><p>Server user and password. Format: user:password .</p>
</dd></dl>
</section>
</section>
<div id="anchors-bottom"></div>
</div>
<div class="sidebar" role="navigation" aria-label="main navigation">
<div id="anchors-top"></div>
<div id="anchors" class="content">
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="../search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>document.getElementById('searchbox').style.display = "block"</script>
<div>
<h3><a href="../index.html">Table of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Execution and Automatic Startup</a></li>
<li><a class="reference internal" href="#file-system-tuning">File System Tuning</a></li>
<li><a class="reference internal" href="#security-and-access-control">Security and Access Control</a><ul>
<li><a class="reference internal" href="#access-control">Access control</a><ul>
<li><a class="reference internal" href="#service-level-access">Service level access</a></li>
<li><a class="reference internal" href="#stream-level-access">Stream level access</a></li>
<li><a class="reference internal" href="#authentication-by-user-name-and-password-shadow-file">Authentication by user name and password (shadow file)</a></li>
<li><a class="reference internal" href="#guest-user">Guest user</a></li>
<li><a class="reference internal" href="#service-specific-users">Service-specific users</a></li>
<li><a class="reference internal" href="#groups">Groups</a></li>
<li><a class="reference internal" href="#passwd-user-access-properties">Passwd: user access properties</a></li>
</ul>
</li>
<li><a class="reference internal" href="#secure-sockets-layer-ssl">Secure sockets layer (SSL)</a></li>
</ul>
</li>
<li><a class="reference internal" href="#module-configuration">Module Configuration</a></li>
<li><a class="reference internal" href="#command-line-options">Command-Line Options</a><ul>
<li><a class="reference internal" href="#generic">Generic</a></li>
<li><a class="reference internal" href="#verbosity">Verbosity</a></li>
<li><a class="reference internal" href="#server">Server</a></li>
<li><a class="reference internal" href="#test">Test</a></li>
</ul>
</li>
</ul>
</div>
<div>
<h4>Previous topic</h4>
<p class="topless"><a href="archive.html"
title="previous chapter">Data Management</a></p>
</div>
<div>
<h4>Next topic</h4>
<p class="topless"><a href="interfaces.html"
title="next chapter">Server Interfaces</a></p>
</div>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/base/configuration.rst.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="footer">
<div class="container">
<div class="content">
Release <b></b> version <b>2025.254#f0c77b29e</b>
<div class="copyright">
&copy; Copyright <a href="https://www.gempa.de">2013, gempa GmbH.</a>
</div>
</div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink