Home Settings

Owned by Ricky Villa
Last updated: Feb 27, 2024

This is where the home Settings are found. It contains Email, Http, Host, Log, API, and User settings.

These settings are only available for the Super User (su)

Email

This is where the superuser can configure the SMTP settings to be able to send out emails from the system.

  • Server URI: SMTP server host and port formatted as smtp://host

  • SMTP Port: SMTP port number

  • USE TLS: Use TKS/SSL when connecting to SMTP server (enable if the SMTP server is using TLS)

  • Username: Username for authentication with SMTP server

  • From: From email address to use for emails

  • Password: Password of username account being used

The Super User is able to test the email configuration to make sure it's working properly by selecting on the Test button located on the top right.

HTTP

This is where the superuser can configure the HTTP settings and enable https if wanted. 

  • Site URI: Public HTTP or HTTPS URI to use when sharing links to the server. This field should be configured if running behind a proxy server where the local IP host or port isn't what is used for public access. Restart required.

  • Address: IP address to bind locally for HTTP ports. Restart required. 

  • HTTPS Enabled: If false all traffic is handled in plaintext on 'httpPort'. If set to true, then all traffic is forced to use HTTPS on 'httpsPort' and requests to 'httpPort' are redirected. Restart required.

    • Once enabled, the user will be prompted with the below popup to upload their certificate and key files (unencrypted and PKCS12/PFX format) if not already uploaded via the Certificate Files button. Then enter any password for the keystore. This password would be needed to access the files.

    • Once done, the user will need to restart their FIN service.

    • Then the FIN instance will be reachable via HTTPS.

      • Note: If using a self-signed certificate, seeing a “Not Secure” warning is expected.

HTTPS is enabled by default and using a self-signed certificate. When the user first logs in, they will be presented with the below left screen warning them that the connection is not private. The user can upload their own if they would like to switch it or disable HTTPS afterwards. To continue, select the Advanced button and then on the “Proceed to <host> (unsafe)”.

 

 

  • Certificate Files: Upload the certificate and key files needed for HTTPS. This is needed if HTTPS is to be enabled and used.

  • HTTP Port: Port for HTTP traffic. Restart required.

  • HTTPS Port: Port for HTTPS (only applicable if 'httpsEnabled'). Restart required.

  • Disable Error Trace: Disable showing exception stack trace for 500 internal server errors.

Host

This is where the superuser can configure few host settings.

  • Host Dis: Display name for this host.

  • Timezone: Default system timezone. Values are from Olson TZ database. – Restart Required. This will automatically detect the system timezone. However, if the user would like to change it to something else, they can do so by selecting the preferred timezone.

  • Week Start Day: Change the start day of the week to Sunday or Monday. Warning this will overwrite for all locales. - Restart required.

  • Auto Logoff: Auto Logoff user after inactivity.

  • Auto Logoff Timeout: Auto Logoff timeout in minutes (default 5min, >1min).

  • Enable Password Protected Snapshots: Forces password protection for all snapshots.

  • Password: Passwords must be a minimum of ten characters and must contain all of the following requirements: mixture of uppercase letters, lowercase letters, numbers, and special characters. This is only available if "Enable Password Protected Snapshots" is enabled.

Log

This is where the superuser can configure the log settings.

  • Buff. Max: Max number of log records to buffer in RAM - Restart Required

  • Max. Age: Max number of days to maintain log files before deleting to free disk space

API

This is where the superuser can enable/disable API properties.

  • Allow Get with Side Effects: Allow GET HTTPS calls to be used for operations with side effects

    • Enabling this flag will allow GET to be used with any HTTP API operation. The most secure setting is No

  • Allow Text Plain: Allow "text/plain" to be used as an alias for "text/zinc". The most secure setting is No

  • Attest Cookies: Require cookie attestation

    • When enabled all non-GET requests which use a cookie as their authorization token must also include a separate HTTP header called SkyArc-Attest-Key bound to the session. The most secure setting is "Yes"

  • Disable Error Trace: Disable including stack trace when requests raise an exception

User

This is where the superuser can configure user settings.

  • Enable Password Reset: If enabled, users can reset their password via email. It's recommended to enable password reset to reduce the frequency of users accidentally locking their accounts due to forgetting their password. (Use with "Max Resets" to specify amount of resets. Only works with non-superusers)

  • Password Policy: Set the password complexity policy for all users.

  • Password Expiration (Days): Password expiration in days. Passwords are forced to change after this duration expires. A Zero value disables this feature.

  • Max Failed Login Attempts: A user's account will be automatically disabled if their failed login attempts exceed this value. A Zero value disables this feature.

  • Max Activity: The maximum number of activity entries to log per user. When the maximum is reached, the oldest entries are truncated. Setting to zero disables activity logging.

  • Max Resets: The maximum number of password resets that each user can request per day.