Server Settings Definitions

WebUI Server settings

The WebUI Server settings are listed below. Any default settings are noted. If a setting has no default the parameter might not appear in the BigFix Console unless you create it.

Note: You must start the WebUI service for these settings to take effect.

_WebUIAppEnv_MSSQL_CXN_ENCRYPT A string value of 1 indicates that the user's MSSQL Server is configured to encrypt all traffic, either via Forced Encryption or a connection to an Azure Cloud virtual machine. Default is 1. The value 0 should be used when DB is running on operating systems (as, for example, Windows 2012) that are not able to select a suitable cipher compatible with TLSv1 as minimum causing a connection error.

_WebUIAppEnv_WEB_CIPHERS The set of web ciphers we start the WebUI with are detailed here: https://wiki.mozilla.org/Security/Server_Side_TLS. The cipher list must be colon-delimited. For example: 
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:
DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA:
!kRSA:!DSS:!DSA

_WebUIAppEnv_APP_PORT Configures the port to be used by the WebUI. If you are going to use SAML, remember to set the _WebUI_Monitor_Port key of the BigFix server computer to the very same port.

_WebUIAppEnv_APP_PORT_MIN Sets the min port range to use for express apps (set by bfappmonitor).

_WebUIAppEnv_APP_PORT_MAX Sets the max port range to use for express apps (set by bfappmonitor).

_WebUIAppEnv_CACHE_TTL Value is in seconds. Datasync will invalidate things in WebUI.COMPUTED_FIXLET_COUNTS, WebUI.COMPUTED_DEVICE_COUNTS, Webui.SWD_COMPUTED_FIXLET_COUNTS, and Webui.CUSTOM_COMPUTED_FIXLET_COUNTS after the delta between when we cached and the current time exceeds AppEnv_CacheTTL in seconds. The value defaults to 600 if _WebUIAppEnv_CACHE_TTL is not set or the setting is malformed. The polling interval at which Datasync checks to see if CACHE_TTL has elapsed is 60 seconds, so the minimum CACHE_TTL time is 60 seconds. Actual invalidation can occur anywhere from CACHE_TTL seconds up to CACHE_TTL+60 seconds. The minimum value is 180. Anything lower will default to 180.

_WebUIAppEnv_LOGIN_CACHE_TTL_HOURS Value is in hours. At login, it uses this value to determine whether it should repopulate caches or not. Default is 24 hours, minimum is 1 hour. There is no maximum value.

_WebUIAppEnv_NOTIFICATION_EXPIRATION_DAYS Enter the number of days after which the message sent through WebUI to target devices is expired; and hence, the message will be automatically deleted from the SSA Messages tab of the target device. The default value is 3 days.

_WebUIAppEnv_SAML_ONLY When set to 1, sets WebUI to run only in SAML only mode. Disables all other apps except for common and login to allow WebUI to configure SAML but not have anything else run.

_WebUIAppEnv_SAML_SSO_ENABLE When set to 1, will enable Web-based Single Sign-On (SSO) authentication method with SAML. Without the flag set, the default value is Disabled.

_WebUIAppEnv_SAML_AUTHNCONTEXT Defines the authentication context specified on the SAML exchange. In general, the allowable values are listed in section 3.4 of the SAML 2.0 specification (https://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf), but the value must be allowed/understood by the SAML Identify Provider (IdP) being used. Most IdPs accept a subset of the values listed in the spec but might also have their own additional values. See your IdP documentation to confirm the required value for your environment. (For example, for ADFS, see https://msdn.microsoft.com/en-us/library/hh599318.aspx). If not set, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport is used, which results in FORMS-based authentication requiring a user name and password to be entered. For two-factor authentication using smart cards, most IdPs require the use of urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, or urn:federation:authentication:windows.

_WebUIAppEnv_QueryOnly When set to 1, sets WebUI to run in Query only mode. Disables all other apps except for common and login to allow WebUI to configure Query but not have anything else run.

_WebUIAppEnv_ENABLE_WEBUI_METRICS A value of 1 turns on logging for all of the webUI route requests. Default location in runapps: <app>/app/dev.out production/site: <app>/dev.out

_WebUIAppEnv_METRICS_PATH Specify path for when ENABLE_WEBUI_METRICS flag is enabled within which sql files and metrics details are generated. Default: <app>/app/dev.out in runapps or <app>/dev.out in production/site

_WebUIAppEnv_APP_UPDATE_ENABLE_AUTO If set to 1, WebUI Apps will auto update to the earliest versions in the pending sites cache. If set to 0, auto update is disabled. By default, auto updates are enabled.

_WebUIAppEnv_APP_UPDATE_DELAY_DAYS When a new site version is released, WebUI will wait this many days before it will replace the currently running version. Only applies when auto updates is enabled. Defaults to 0.

_WebUIAppEnv_LOGIN_SESSION_TIMEOUT_SECONDS Specifies the amount of time before a user is logged out of WebUI due to inactivity. The default timeout is 900 seconds (15 min).

_WebUIAppEnv_PLATFORM_HOST The value is set at install time using the host name specified in the masthead. Change this setting when deploying the WebUI against a non-primary server to configure the client setting on the WebUI host machine to connect to the secondary server.

_WebUI_Logging_Filter The value of this parameter is a regular expression that filters events to be logged. The default is bf*error,bf:bfetl:debug,bf:bfapp:debug,bf:appmonitor:debug,bf:datasync:initialize:debug. To enable verbose logging for all BigFix events, use bf*. To log all debug events, including third party applications, use simply *.

_WebUI_Logging_LogPath This value defines the full file path of the service app log. It also defines the directory in which all other logs will be written. The default value is <server_dir>/WebUI/logs/service-app.log. If the value is changed to <server_dir>/bananas/fruit.log for example, the service app log will be named fruit.log. However, all other logs will retain their default names, but they will be written in <service_dir>/bananas/. Note that it is not possible to define the names of any logs except the service app log.

_WebUI_Logging_LogMaxSize Defines the maximum size of each log file in bytes. The default is 5,242,880 or 5 MB (5*1024*1024). When a log file exceeds the limit set here, a second log file is created. This continues until 10 log files have been created, at which point, the first log file is overridden. Therefore the maximum log file size for each log is ten times the value defined here. Note that, depending on usage, log files for each WebUI Application may be written at very different rates. This parameter defines the size of all log files.

_WebUI_HTTPS_Port This parameter defines the port used for HTTPS. The default is 443. This parameter is written by Fixlet 2252 during WebUI Enablement. Fixlet 2250 can be used to change this value at any time.

_WebUI_Redirect_Port This parameter defines the HTTP port used by WebUI if port 80 is not used. This setting does not exist by default. If a port other than 80 is required, this parameter must be defined in conjunction with _WebUI_Redirect_Enable. When Fixlets 2252 and 2250 define a port other than 80, this parameter is defined and enabled.

_WebUI_Redirect_Enable Controls HTTP port access. Use this setting if you don’t want to redirect to the https port. The setting does not exist by default, allowing HTTP port access. To disable HTTP port access, the setting value must equal 0. This parameter works in conjunction with _WebUI_Redirect_Port setting.

_BESRelay_WebUISiteGather_IntervalMinutes Defines how often the WebUI Server gathers sites published by HCL. As the title suggests, this variable is an integer representing minutes between site updates. The default is 5.

_BESRelay_WebUISiteGather_Schedule Sets repeating times where the WebUI Server gathers sites published by HCL and overrides the setting in _BESRelay_WebUISiteGather_IntervalMinutes. It is best practice to change the interval minutes to the default of 5 if you have changed it previously. Enter comma-separated values in the following case-sensitive format <Day>:<hh:mm> where <Day> = Mon, Tue, Wed, Thu, Fri, Sat, or Sun. <hh:mm> is in 24 hour clock format. For example, the following value will schedule site updates every Sunday at 9am, Saturday at noon, and Friday at 10:30 PM: _BESRelay_WebUISiteGather_Schedule=Sun09:00,Sat12:00,Fri22:30

_WebUI_HTTPS_StrictTransportSecurity This setting prevents browsers from connecting to the WebUI using HTTP in favor of HTTPS. The default value is 0. Set this to 1 to enable this security feature.

_WebUIAppEnv_ENABLE_WEBUI_METRICS This setting can be enabled with a value of 1. The primary audience for this setting is WebUI developers, it has little value for administrators under most circumstances.

_WebUIAppEnv_APP_RESTART_DELAY_SECONDS This setting defines the number of seconds the App Monitor will wait before attempting to restart any applications that have stopped for any reason.

​_WebUIAppEnv_DEPLOYMENT_DOC_REFRESH_RATE_MS This setting controls how frequently deployment status is refreshed on the deployment document. The default is 15000 ms (every 15 seconds).

_WebUIAppEnv_SP_QUEUE_CONCURRENT This setting sets a limit on the number of stored procedures per App the WebUI allows at any given time in the background (to improve performance). User logins cache requests bypass the queue and get executed immediately. The minimum and the default value is 5.

_WebUIAppEnv_LANG This client setting sets LANG environment variable in the WebUI node processes. This setting does not exist by default. When WebUI is installed on a Linux machine, the LANG environment variable is not set by default on node processes. As such, not all localized messages are displayed correctly. To set the LANG environment variable, this parameter must be defined and set to a preferred language; for example, ja_JP.UTF-8 for Japanese.

_WebUIAppEnv_ENABLE_INLINE_REPORTING This client setting enables inline reporting feature. If WebUI is running on BigFix Platform versions less than 10, inline reporting feature is not enabled by default. To enable this feature, this parameter must be set to 1.