Configuring Vinyl on Startup¶
Overview¶
Configuration is supplied by the environment and applied on startup.
Vinyl configuration is based on the ASP.NET Core configuration system.
Sources¶
Vinyl supports multiple configuration sources, including:
- appsettings.json
- Environment Variables
appsettings.json¶
The appsettings.json file is a JSON file located in the Vinyl installation directory. Vinyl does not ship with an appsettings.json file: administrators need to create an appsettings.json.
The samples directory contains many example appsettings.json files. Administrators may start with one of these.
cd C:\inetpub\wwwroot\Vinyl\
cp .\samples\appsettings.connectioninfo.json .\appsettings.json
Or, to start from an empty file:
cd C:\inetpub\wwwroot\Vinyl\
"{}" | Out-File appsettings.json
Environment Variables¶
Configuration can also be supplied via system environment variables. A double-underscore is used for hierarchical keys.
The following environment variables:
ConnectionInfo__DatabaseType=SQLServer
ConnectionInfo__HostName=localhost
ConnectionInfo__DatabaseName=Vinyl
ConnectionInfo__UserName=Vinyl
ConnectionInfo__Password=password
Map to the equivalent JSON:
{
"ConnectionInfo": {
"DatabaseType": "SQLServer",
"HostName": "localhost",
"DatabaseName": "Vinyl",
"UserName": "Vinyl",
"Password": "password"
}
}
Settings¶
ConnectionInfo¶
The ConnectionInfo section supplies the Vinyl database connection information.
ConnectionInfo Keys¶
Key | Type | Description |
---|---|---|
DatabaseType | DatabaseType | Database type identifier. |
HostName | String | Database server host name. |
Port | Number | Database server port number. |
InstanceName | String | Database server instance name. |
TenantName | String | Vinyl tenant name. INTERNAL USE ONLY. |
DatabaseName | String | Vinyl database name. |
UserName | String | Vinyl database user name. |
Password | String | Vinyl database user password. |
ConnectionTimeout | Number | Database connection timeout in seconds. |
CommandTimeout | Number | Database command timeout in seconds. |
MaxPoolSize | Number | Database connection pool size. |
Advanced | Number | Additional connection string key/value pairs. |
DatabaseType Values¶
Value | Description |
---|---|
SQLServer | Microsoft SQL Server. |
MySQL | MySQL |
PostgreSql | Postgres |
ConnectionInfo Example¶
{
"ConnectionInfo": {
"DatabaseType": "SQLServer",
"HostName": "localhost",
"DatabaseName": "Vinyl",
"UserName": "Vinyl",
"Password": "password"
}
}
Tls¶
The Tls section configures TLS protocol support.
Tls Keys¶
Key | Type | Description |
---|---|---|
SecurityProtocol | SecurityProtocolType | Comma-delimited list of security protocols. |
SecurityProtocolType Values¶
Security protocol types are derived from the SecurityProtocolType enumeration.
Value | Description |
---|---|
Ssl3 | SSL 3.0 |
SystemDefault | System default protocol support. |
Tls | TLS 1.0 |
Tls11 | TLS 1.1 |
Tls12 | TLS 1.2 |
Tls13 | TLS 1.3 |
Tls Example¶
{
"Tls": {
"SecurityProtocol": "Tls,Tls11,Tls12"
}
}
ReverseProxy¶
The ReverseProxy section configures reverse proxy support.
ReverseProxy Keys¶
Key | Type | Description |
---|---|---|
ForwardedClientIpHeader | String | HTTP header that forwards the original client IP address. |
ForwardedSchemeHeader | String | HTTP header that forwards the original scheme. |
ForwardedHostHeader | String | HTTP header that forwards the original host and optional port. Requires Vinyl 3.3.34291 or later. |
ForwardedPortHeader | String | HTTP header that forwards the original port. |
ReverseProxy Example¶
{
"ReverseProxy": {
"ForwardedClientIpHeader": "X-Forwarded-For",
"ForwardedSchemeHeader": "X-Forwarded-Proto",
"ForwardedHostHeader": "X-Forwarded-Host",
"ForwardedPortHeader": "X-Forwarded-Port"
}
}
UrlRewrite¶
The UrlRewrite section configures URL rewriting support.
UrlRewrite Keys¶
Key | Type | Description |
---|---|---|
OriginalUrlHeader | String | HTTP header that forwards the original URL. |
UrlRewrite Example¶
{
"UrlRewrite": {
"OriginalUrlHeader": "X-Original-URL"
}
}
DataEncryption¶
The DataEncryption section configures Data Encryption Key (DEK) storage and encryption.
DataEncryption Keys¶
Key | Type | Description |
---|---|---|
Certificate | String | base64-encoded, PKCS#12 (PFX) X.509 certificate. |
CertificatePassword | String | X.509 certificate password. |
CertificateThumbprint | String | X.509 certificate thumbprint. |
Directory | String | File system directory path. |
Import | DataEncryption | Storage and encryption policies for importing DEKs. |
KeyEncryption | KeyEncryption | DEK encryption strategy. |
KeyStorage | KeyStorage | DEK storage strategy. |
KmsKeyId | String | AWS KMS key ARN. |
ParameterNamePrefix | String | AWS System Manager Parameter Store parameter name prefix. |
S3BucketEndpoint | String | S3 bucket endpoint. |
S3KeyPrefix | String | S3 key prefix. |
KeyEncryption Values¶
Value | Description |
---|---|
Certificate | X.509 certificate encryption policy. |
Kms | AWS KMS key encryption policy. |
None | No key encryption policy. Keys are stored in plain-text. |
Null | Passthrough key encryption policy. Keys are stored in plain-text. |
KeyStorage Values¶
Value | Description |
---|---|
Database | Data encryption keys are stored in the Vinyl database. |
FileSystem | Data encryption keys are stored on the file system. |
ParameterStore | Data encryption keys are stored in AWS System Manager Parameter Store. |
S3 | Data encryption keys are stored in an S3 bucket. |
DataEncryption Example¶
{
"DataEncryption": {
"KeyStorage": "Database",
"KeyEncryption": "Kms",
"KmsKeyId": "arn:aws:kms:us-east-1:1234567890:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
}
SharedState¶
The SharedState section configures the shared-state service which supports multi-server deployments.
SharedState Keys¶
Key | Type | Description |
---|---|---|
Provider | SharedStateProviderType | Shared state provider. |
RedisConnectionString | String | Redis connection string. |
RedisPrefix | String | Redis key prefix. |
SharedStateProviderType Values¶
Value | Description |
---|---|
InProcess | State is stored in-process for single-server deployments. |
Redis | State is stored in Redis for multi-server deployments. |
SharedState Example¶
{
"SharedState": {
"Provider": "Redis",
"RedisConnectionString": "localhost:6379"
}
}
Site¶
The Site section configures the Vinyl web site address and known aliases.
Site Keys¶
Key | Type | Description |
---|---|---|
Url | String | Canonical web site URL. |
Default | Boolean | Treat as the default web site. |
Redirect | Boolean | Redirect clients to the site URL. |
RedirectIfHeaderExists | String | HTTP header that indicates clients should be redirected. |
AllowCrossOrigin | Boolean | Allow cross-origin requests. |
Aliases | SiteAlias[] | Site aliases. |
SiteAlias Keys¶
Key | Type | Description |
---|---|---|
Url | String | Site alias URL. |
Site Example¶
{
"Site": {
"Url": "https://example.com/Vinyl",
"Default": true,
"Redirect": true,
"RedirectIfHeaderExists": "X-Forwarded-For",
"Aliases": [
{
"Url": "https://vinyl.example.com"
}
]
}
}
Security¶
The Security section configures Vinyl user accounts and security providers.
Security Keys¶
Key | Type | Description |
---|---|---|
Administrator | User | Admin account options. |
InvitationUrl | String | User invitation URL. INTERNAL USE ONLY. |
LocalAuthentication | SecurityProvider | Local User security provider options. |
Provider | String | base64-encoded security provider configuration. See Security provider Import. |
Providers | String[] | base64-encoded security provider configurations. See Security Provider Import. |
AuthenticationExpiry | Number | Authentication token expiration, in minutes. Requires Vinyl 3.3.34291 or later. |
User Keys¶
Key | Type | Description |
---|---|---|
AllowLocalAuthentication | Boolean | Enables local user authentication. |
ChangePasswordOnLogin | Boolean | Forces user to change password on login. |
DefaultPassword | String | Default password. Applied once on installation. |
Password | String | Password. Applied each time the system starts. |
SecurityProvider Keys¶
Key | Type | Description |
---|---|---|
Enabled | Boolean | Enables the security provider. |
ShowOnLoginForm | Boolean | Determines if the user authentication provider appears on the login form. |
Security Example¶
{
"Security": {
"Administrator": {
"Password": "s3cr3t",
"ChangePasswordOnLogin": false
},
"LocalAuthentication": {
"ShowOnLoginForm": false
},
"Provider": "Tm90aGluZyBjYW4gY29tZSBvZiBub3RoaW5nLCBzcGVhayBhZ2Fpbi4="
}
}
License¶
The License section supplies the Vinyl license.
License Keys¶
Key | Type | Description |
---|---|---|
LicenseKey | String | base64-encoded, Vinyl license key. |
License Example¶
{
"License": {
"LicenseKey": "Tm93IGlzIHRoZSB3aW50ZXIgb2Ygb3VyIGRpc2NvbnRlbnQ="
}
}
SignalR¶
The SignalR section configures client-server communications.
SignalR Keys¶
Key | Type | Description |
---|---|---|
LongPollingTimeout | String | Long-polling timeout, specified using a TimeSpan format, e.g. 00:00:30 . |
Transports | HttpTransportType | Comma-delimited list of HTTP transport types. |
HttpTransportType Values¶
HTTP transport types are derived from the HttpTransportType enumeration.
Value | Description |
---|---|
LongPolling | Long-polling. |
None | No transports. NOT SUPPORTED. |
ServerSentEvents | Server-sent events. |
WebSockets | WebSockets |
SignalR Example¶
{
"SignalR": {
"Transports": "WebSockets,LongPolling",
"LongPollingTimeout": "00:00:30"
}
}
Scripting¶
The Scripting section configures Vinyl's C# scripting SDK.
Scripting Keys¶
Key | Type | Description |
---|---|---|
Enabled | Boolean | Enables C# scripting. |
Scripting Example¶
{
"Scripting": {
"Enabled": false
}
}
ASP.NET Options¶
Configuration is based on the ASP.NET Core configuration system. The same configuration sources can be used to configure .NET.
Kestrel¶
The Kestrel section configures the Kestrel web server. Consult the Kestrel documentation for a list of supported options.
Kestrel Example¶
{
"Kestrel": {
"Limits": {
"MaxRequestBodySize": 100000000
}
}
}
Transitioning from connection.xml to System Environment Variables¶
If you are upgrading Vinyl from a version earlier than Vinyl 3.0, you may optionally transition from using connection.xml to system environment variables to better obscure the Vinyl database connection string.
Vinyl will resolve database settings in the following order:
- System Environment Variables
- appsettings.json
- Connection.xml
The basic steps to follow for transitioning from connection.xml to environment variables are:
-
Create system environment variables with the exact names. A web server restart may be required for the environment variables to persist.
ConnectionInfo__DatabaseType ConnectionInfo__HostName ConnectionInfo__DatabaseName ConnectionInfo__UserName ConnectionInfo__Password
-
Remove the connection.xml file from Vinyl root
- Recycle the Vinyl app pool