Navigation Menu Global Config
CrafterCMS allows the user to edit the system settings for Studio without access to the physical server through Global Config under the Navigation Menu in Studio.
This global configuration file overrides the core configuration of Crafter Studio, studio-config.yaml, found in your Authoring installation, under CRAFTER_HOME/bin/apache-tomcat/webapps/studio/WEB-INF/classes/crafter/studio, and the Studio configuration override file studio-config-override.yaml under CRAFTER_HOME/bin/apache-tomcat/shared/classes/crafter/studio/extension in your Authoring installation (for more information on this file, see Studio’s Configuration Overrides.
Changes made to this file will spread to all nodes in a Studio cluster automatically. Please note that not all changes to this file can/will take effect without a restart, so expect to have to restart Studio for most changes to take effect. If in a cluster, you’ll need a rolling restart for all nodes to pick up the changes.
To access the Global Config, click on the Navigation Menu icon at the top right corner, then click on Global Config in the Global panel
Let’s take a look at what we can configure from the Global Config.
SMTP Configuration (Email)
This section allows the user to setup a mail client by configuring the SMTP server to be used for sending emails from Crafter Studio, such as when authors request to publish content, or when a request to publish has been approved.
1##################################################
2## SMTP Configuration (Email) ##
3##################################################
4# Default value for from header when sending emails.
5# studio.mail.from.default: admin@example.com
6# SMTP server name to send emails.
7# studio.mail.host: ${env:MAIL_HOST}
8# SMTP port number to send emails.
9# studio.mail.port: ${env:MAIL_PORT}
10# SMTP username for authenticated access when sending emails.
11# studio.mail.username:
12# SMTP password for authenticated access when sending emails.
13# studio.mail.password:
14# Turn on/off (value true/false) SMTP authenaticated access protocol.
15# studio.mail.smtp.auth: false
16# Enable/disable (value true/false) SMTP TLS protocol when sending emails.
17# studio.mail.smtp.starttls.enable: false
18# Enable/disable (value true/false) SMTP EHLO protocol when sending emails.
19# studio.mail.smtp.ehlo: true
20# Enable/disable (value true/false) debug mode for email service. Enabling debug mode allows tracking/debugging communication between email service and SMTP server.
21# studio.mail.debug: false
Security
Session Timeout
This section allows the user to set the Studio session timeout, the amount of time of user inactivity in Studio before requiring the user to re-authenticate.
1# HTTP Session timeout for studio (value is in minutes).
2# studio.security.sessionTimeout: 60
Remember to keep the Studio session timeout less than the Tomcat session-timeout. The default Tomcat session-timeout is 75 minutes. See Changing the Session Timeout for more information.
Security Provider for Accessing Repository
The following section of Studio’s global config allows you to define security provider for accessing repository.
1# Defines security provider for accessing repository. Possible values
2# - db (users are stored in database)
3# - ldap (users are imported from LDAP into the database)
4# - headers (use when authenticating via headers)
5# studio.security.type: ldap
Password Requirements Validation
Password requirements validation allows the admin to setup rules that ensures users create passwords based on an organizations password security policy.
The following section of Studio’s global config allows you to setup password requirements minimum complexity
through the property studio.security.passwordRequirements.minimumComplexity:
1# Password requirements minimum complexity
2# This is based on https://github.com/dropbox/zxcvbn
3# The minimum complexity corresponds to the password score
4# You can try this out here https://lowe.github.io/tryzxcvbn/
5# score # Integer from 0-4 (useful for implementing a strength bar)
6# 0 # too guessable: risky password. (guesses < 10^3)
7# 1 # very guessable: protection from throttled online attacks. (guesses < 10^6)
8# 2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
9# 3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
10# 4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
11# The default value is 3
12# studio.security.passwordRequirements.minimumComplexity: 3
For more information, see Configure Studio Password Requirements
Configure Authentication Chain
CrafterCMS allows configuration of multiple authentication providers in a chain that are then iterated through until either the user is authenticated and granted access or authentication fails and an HTTP 401 Unauthorized is returned to the user.
The following section of Studio’s global config allows you to configure an authentication chain.
1# Studio authentication chain configuration
2# studio.authentication.chain:
3 # Authentication provider type
4 # - provider: HEADERS
5 # Authentication via headers enabled
6 # enabled: false
7 # Authentication header for secure key
8 # secureKeyHeader: secure_key
9 # Authentication headers secure key that is expected to match secure key value from headers
10 # Typically this is placed in the header by the authentication agent
11 # secureKeyHeaderValue: secure
12 # Authentication header for username
13 # usernameHeader: username
14 # Authentication header for first name
15 # firstNameHeader: firstname
16 # Authentication header for last name
17 # lastNameHeader: lastname
18 # Authentication header for email
19 # emailHeader: email
20 # Authentication header for groups: comma separated list of sites and groups
21 # Example:
22 # site_author,site_xyz_developer
23 # groupsHeader: groups
24 # Enable/disable logout for headers authenticated users (SSO)
25 # logoutEnabled: false
26 # If logout is enabled for headers authenticated users (SSO), set the endpoint of the SP or IdP logout, which should
27 # be called after local logout. The {baseUrl} macro is provided so that the browser is redirected back to Studio
28 # after logout (https://STUDIO_SERVER:STUDIO_PORT/studio)
29 # logoutUrl: /YOUR_DOMAIN/logout?ReturnTo={baseUrl}
30 # Authentication provider type
31 # - provider: LDAP
32 # Authentication via LDAP enabled
33 # enabled: false
34 # LDAP Server url
35 # ldapUrl: ldap://localhost:389
36 # LDAP bind DN (user)
37 # ldapUsername: cn=Manager,dc=my-domain,dc=com
38 # LDAP bind password
39 # ldapPassword: secret
40 # LDAP base context (directory root)
41 # ldapBaseContext: dc=my-domain,dc=com
42 # LDAP username attribute
43 # usernameLdapAttribute: uid
44 # LDAP first name attribute
45 # firstNameLdapAttribute: cn
46 # LDAP last name attribute
47 # lastNameLdapAttribute: sn
48 # Authentication header for email
49 # emailLdapAttribute: mail
50 # LDAP groups attribute
51 # groupNameLdapAttribute: crafterGroup
52 # LDAP groups attribute name regex
53 # groupNameLdapAttributeRegex: .*
54 # LDAP groups attribute match index
55 # groupNameLdapAttributeMatchIndex: 0
56 # Authentication provider type
57 # - provider: DB
58 # Authentication via DB enabled
59 # enabled: true
For more information, see Configure Authentication Chain
CORS
The following section of Studio’s global config allows you to setup Cross-Origin Resource Sharing (CORS)
1################################################################
2## CORS ##
3################################################################
4# This is configured as permissive by default for ease of deployment
5# Remember to tighten this up for production
6
7# Disable CORS headers completely
8# studio.cors.disable: false
9# Value for the Access-Control-Allow-Origin header
10# studio.cors.origins: '*'
11# Value for the Access-Control-Allow-Headers header
12# studio.cors.headers: '*'
13# Value for the Access-Control-Allow-Methods header
14# studio.cors.methods: '*'
15# Value for the Access-Control-Allow-Credentials header
16# studio.cors.credentials: true
17# Value for the Access-Control-Max-Age header
18# studio.cors.maxage: -1
19# The active environment for multi environment configuration, e.g. qa, prod, dev
20# studio.configuration.environment.active: ENV
For the CORS origins, values are split using ,. Remember that commas inside patterns need to be escaped with a \
like: studio.cors.origins: 'http://localhost:[8000\,3000],http://*.other.domain'
Clustering
The following section of Studio’s global config allows you to setup Studio clustering.
1##################################################
2## Clustering ##
3##################################################
4#-----------------------------------------------------------------------------
5# IMPORTANT: To enable clustering, please specify the environment variable
6# SPRING_PROFILES_ACTIVE=crafter.studio.dbCluster in your crafter-setenv.sh
7# (or Docker/Kubernetes env variables).
8# Also configure the appropiate MARIADB env variables
9# -----------------------------------------------------------------------------
10
11# Cluster Git URL format for synching members.
12# - Typical SSH URL format: ssh://{username}@{localAddress}{absolutePath}
13# - Typical HTTPS URL format: https://{localAddress}/repos/sites
14# studio.clustering.sync.urlFormat: ssh://{username}@{localAddress}{absolutePath}
15
16# Cluster Syncers
17# Sandbox Sync Job interval in milliseconds which is how often to sync the work-area
18# studio.clustering.sandboxSyncJob.interval: 2000
19# Published Sync Job interval in milliseconds which is how often to sync the published repos
20# studio.clustering.publishedSyncJob.interval: 60000
21# Global Repo Sync Job interval in milliseconds which is how often to sync the global repo
22# studio.clustering.globalRepoSyncJob.interval: 45000
23# Cluster member after heartbeat stale for amount of minutes will be declared inactive
24# studio.clustering.heartbeatStale.timeLimit: 5
25# Cluster member after being inactive for amount of minutes will be removed from cluster
26# studio.clustering.inactivity.timeLimit: 5
27
28# Cluster member registration, this registers *this* server into the pool
29# Cluster node registration data, remember to uncomment the next line
30# studio.clustering.node.registration:
31# This server's local address (reachable to other cluster members). You can also specify a different port by
32# attaching :PORT to the address (e.g. 192.168.1.200:2222)
33# localAddress: ${env:CLUSTER_NODE_ADDRESS}
34# Authentication type to access this server's local repository
35# possible values
36# - none (no authentication needed)
37# - basic (username/password authentication)
38# - key (ssh authentication)
39# authenticationType: none
40# Username to access this server's local repository
41# username: user
42# Password to access this server's local repository
43# password: SuperSecurePassword
44# Private key to access this server's local repository (multiline string)
45# privateKey: |
46# -----BEGIN PRIVATE KEY-----
47# privateKey
48# -----END PRIVATE KEY-----
For more information, see Studio Clustering
Content Repository
The following section of Studio’s global config allows you to setup a prologues and postscript message when committing.
1##################################################
2## Content Repository ##
3##################################################
4# Repository commit prologue message
5# studio.repo.commitMessagePrologue:
6# Repository commit postscript message
7# studio.repo.commitMessagePostscript:
Serverless Delivery
The following section of Studio’s global config allows you to setup serverless delivery.
1##########################################################
2## Serverless Delivery ##
3##########################################################
4# Indicates if serverless delivery is enabled
5# studio.serverless.delivery.enabled: true
6# The URL for the serverless delivery deployer create URL
7# studio.serverless.delivery.deployer.target.createUrl: ${studio.preview.createTargetUrl}
8# The URL for the serverless delivery deployer delete URL
9# studio.serverless.delivery.deployer.target.deleteUrl: ${studio.preview.deleteTargetUrl}
10# The template name for serverless deployer targets
11# studio.serverless.delivery.deployer.target.template: aws-cloudformed-s3
12# Replace existing target configuration if one exists?
13# studio.serverless.delivery.deployer.target.replace: false
14# The URL the deployer will use to clone/pull the site's published repo. When the deployer is in a separate node
15# (because of clustering), this URL should be an SSH/HTTP URL to the load balancer in front of the Studios
16# studio.serverless.delivery.deployer.target.remoteRepoUrl: ${env:CRAFTER_DATA_DIR}/repos/sites/{siteName}/published
17# The deployer's local path where it will store the clone of the published site. This property is not needed if
18# the deployer is not the preview deployer, so you can leave an empty string ('') instead
19# studio.serverless.delivery.deployer.target.localRepoPath: ${env:CRAFTER_DATA_DIR}/repos/aws/{siteName}
20# Parameters for the target template. Please check the deployer template documentation for the possible parameters.
21# The following parameters will be sent automatically, and you don't need to specify them: env, site_name, replace,
22# disable_deploy_cron, local_repo_path, repo_url, use_crafter_search
23# studio.serverless.delivery.deployer.target.template.params:
24# aws:
25# cloudformation:
26# namespace: myorganization