Admin Server and Statistics

The Admin tag is used to control the behavior of the administration server and statistics collection for the instance.

Element

Description

InetAddr

Defines a port for the embedded HTTP admin server, which can then be accessed via a browser. This element can also specify an IP address, in which case the HTTP server listens only on that address. If no IP address is specified, the HTTP server listens on all available addresses.

Starting with version 5.3.3, both IPv4 and IPv6 IP address formats are fully supported for use with specifying the network address of the embedded HTTP server. If no address is specified AMPS will listen for incoming connections on both IPv4 and IPv6 protocols.

If you wish to limit AMPS to listen for addresses of only a specific IP protocol you may specify the ANY address for that protocol.

For example:

0.0.0.0:8445 will cause AMPS to listen on port 8445 for only ipv4 addresses.

[::]:8445 will cause AMPS to listen on port 8445 for only ipv6 addresses.

There is no default for this parameter. If this parameter is not provided, AMPS does not provide an HTTP admin server, but will continue to collect statistics.

FileName

Location for storing the statistics information reported by the Admin Server.

When a filename is provided, 60East recommends configuring an Action to periodically truncate the statistics in the file. See Truncate Statistics for details.

Default: :memory: When the FileName is set to the default, the statistics database is maintained in memory.

Interval

The refresh interval for the Admin Server to update gathered statistics.

Default: 10s

Minimum: 1s

WWWAuthenticate

The HTTP authentication type use for the Admin server when Authentication is configured. This specifies how the Admin server will retrieve credentials from HTTP requests.

This option accepts one of:

  • Basic realm="<SECURITY_DOMAIN>": Basic authentication

  • NTLM: Microsoft security protocol

  • Negotiate: Negotiated authentication

Default: Negotiate

Authentication

The authentication to use for the Administrative interface. This is an Authentication element, as described in the Authentication section of this guide.

Entitlement

The entitlement to use for the Administrative interface. This is an Entitlement element, as described in the Entitlement section of this guide.

AnonymousPaths

The regular expression that defines paths in the Admin Server that can be accessed anonymously without going through authentication and entitlement.

Default: There is no default for this option.

Header

Add the specified HTTP header to responses from the Admin console. The contents of this element are added as an HTTP header verbatim. To add more than one header, include this element multiple times.

For example, the following elements add the specified headers to HTTP responses from the admin console:

<Header>X-Special-Information: "AMPS Admin"</Header><Header>X-Other-Information: "abc;123"</Header>

Default: There is no default for this option.

ExternalInetAddr

This parameter allows the instance to explicitly report a value that should be used for connections to the admin interface. When an upstream instance replicates to this instance, this is the address that will be recorded as the admin address in the statistics database for the upstream instance. This is the address that will be used by Galvanometer to collect replication information for this instance when Galvanometer displays a replication view.

Notice that this parameter does not affect the addresses that are used by the admin server. Instead, it provides information on the address to use to reach this server in cases where this should be a different address than that used for replication between instances. This parameter is useful for allowing Galvanometer to build a replication view in cases where the admin interface must be reached through a specific address, for example, when the instance must be accessed through a proxy. There is no default for this parameter.

AccessControlAllowOrigin

This option is included to allow the replication mesh functionality of Galvanometer to function in cases where organizational policies require an explicit domain list in the Access-Control-Allow-Origin header of HTTP responses, particularly in cases where requests to the admin console might be received from multiple subdomains (such as nyc.us.my.com, lon.uk.my.com, tok.jp.my.com, etc.) If this option is used, the value should be set to a regular expression that matches the set of domains from which requests might be expected. When this option is set, and the Origin header in the incoming HTTP request matches the value provided, the admin web server will return the value of the Origin header in request as the value of the Access-Control-Allow-Origin header of the response. Otherwise, the AMPS server will respond with the detected host address of the AMPS server. If this option is set, to comply with the CORS standard, the configuration should also generally include a header that indicates the origin response can vary on each request, as follows: <Header>Vary: Origin</Header> When this option is not set, the Admin server will default to providing * for the header value.

AMPS supports the ability to connect to the Admin interface over HTTPS. To enable HTTPS, provide a Certificate and a PrivateKey in the Admin configuration block.

Element

Description

Certificate (required for HTTPS)

The certificate file to use for the admin server.

Default: There is no default for this option.

PrivateKey (required for HTTPS)

The private key to use for the admin server.

Default: There is no default for this option.

Ciphers

The cipher list to use for the admin server. The cipher list is passed to the OpenSSL implementation without being interpreted by the AMPS server.

Default: There is no default for this option. For OpenSSL, details on the format of the cipher list are available at: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html

<Admin>
    <InetAddr>9090</InetAddr>
    <FileName>stats.db</FileName>
    <Interval>20s</Interval>
    <ExternalInetAddr>proxy.example.com:8185</ExternalInetAddr>
</Admin>

Last updated

Copyright 2013-2024 60East Technologies, Inc.