Overridable configuration parameters

This page presents the overridable parameters from the Stream configuration.

Overriding the parameters

To override one of these parameters, simply :

1. Access the EverTrust Stream server through SSH with an account with administrative privileges;

2. With an editor like vi, open the /etc/default/stream file and go at the bottom of it;

3. Add this line at the end of the file :

JAVA_OPTS="$JAVA_OPTS -D<option name>=<option value>

As an example, if you want to modify the CA timeout in Stream and bump it up from 60 seconds to 300 seconds, you need to add this :

JAVA_OPTS="$JAVA_OPTS -Dstream.ca.tiemout="300 seconds"

4. Save your modifications and restart the Stream service :

$ systemctl restart stream

One added line means one modified option, you need to add as many lines at the end of the file as there are values that you want to override.

You’ll find below an exhaustive list of overridable parameters.

Customizing trust chain colors

Parameter	Default value	Description
stream.trustchain.ca.online.root.operational	"#08907B"	Displayed color of online operational root CAs in the trust chain viewer
stream.trustchain.ca.online.root.non_operational	"#76A2A0"	Displayed color of online non-operational root CAs in the trust chain viewer
stream.trustchain.ca.offline.root.non_operational	"#08907B"	Displayed color of offline non-operational root CAs in the trust chain viewer
stream.trustchain.ca.online.subordinate.operational	"#187EC7"	Displayed color of online operational subordinate CAs in the trust chain viewer
stream.trustchain.ca.online.subordinate.non_operational	"#6892B1"	Displayed color of online non-operational subordinate CAs in the trust chain viewer
stream.trustchain.ca.offline.subordinate.non_operational	"#08907B"	Displayed color of offline non-operational subordinate CAs in the trust chain viewer

Parameter

Default value

Description

stream.trustchain.ca.online.root.operational

"#08907B"

Displayed color of online operational root CAs in the trust chain viewer

stream.trustchain.ca.online.root.non_operational

"#76A2A0"

Displayed color of online non-operational root CAs in the trust chain viewer

stream.trustchain.ca.offline.root.non_operational

"#08907B"

Displayed color of offline non-operational root CAs in the trust chain viewer

stream.trustchain.ca.online.subordinate.operational

"#187EC7"

Displayed color of online operational subordinate CAs in the trust chain viewer

stream.trustchain.ca.online.subordinate.non_operational

"#6892B1"

Displayed color of online non-operational subordinate CAs in the trust chain viewer

stream.trustchain.ca.offline.subordinate.non_operational

"#08907B"

Displayed color of offline non-operational subordinate CAs in the trust chain viewer

Bootstrapping parameters

Parameter	Default value	Description
stream.bootstrap.timeout	"1 minute"	Duration after which the boostrap of Stream times out
stream.bootstrap.administrator.name	"administrator"	Default administrator account name
stream.bootstrap.administrator.password.path	"var/run/adminPassword"	Absolute path of the file where the initial admin password should be stored into
stream.bootstrap.administrator.password.length	24	Length (in bytes) of the initial admin password

Parameter

Default value

Description

stream.bootstrap.timeout

"1 minute"

Duration after which the boostrap of Stream times out

stream.bootstrap.administrator.name

"administrator"

Default administrator account name

stream.bootstrap.administrator.password.path

"var/run/adminPassword"

Absolute path of the file where the initial admin password should be stored into

stream.bootstrap.administrator.password.length

Length (in bytes) of the initial admin password

Timeout parameters

Parameter	Default value	Description
stream.ca.timeout	"60 seconds"	Duration after which a signing request times out
stream.security.manager.timeout	"10 seconds"	Maximum duration that Stream can wait to get an answer from the actor that handles authentication
play.http.session.maxAge	"15 minutes"	Duration after which the authentication session expires
stream.crl.storage.timeout	"60 seconds"	Duration after which Stream times out when pushing a CRL to an external CRL storage
stream.queue.timeout	"5 seconds"	Duration that the Certificate Authority Manager actor will wait to retrieve all the existing queues in Stream before timing out
stream.trust.manager.timeout	"10 seconds"	Duration that the Trust Manager actor will wait to retrieve information about certificates (is it trusted ? its trust chain ?)
stream.trust.manager.cache.external.expireAfterAccess	"30 days"	Time during which an external CA CRL is kept in cache before being removed if nothing accesses it
stream.trust.manager.cache.managed.expireAfterAccess	"5 minutes"	Time during which a managed CA CRL is kept in cache before being removed if nothing accesses it
stream.keystore.timeout	"5 seconds"	Maximum duration for Stream to retrieve the signature of a CRL from the Content Signer

Parameter

Default value

Description

stream.ca.timeout

"60 seconds"

Duration after which a signing request times out

stream.security.manager.timeout

"10 seconds"

Maximum duration that Stream can wait to get an answer from the actor that handles authentication

play.http.session.maxAge

"15 minutes"

Duration after which the authentication session expires

stream.crl.storage.timeout

"60 seconds"

Duration after which Stream times out when pushing a CRL to an external CRL storage

stream.queue.timeout

"5 seconds"

Duration that the Certificate Authority Manager actor will wait to retrieve all the existing queues in Stream before timing out

stream.trust.manager.timeout

"10 seconds"

Duration that the Trust Manager actor will wait to retrieve information about certificates (is it trusted ? its trust chain ?)

stream.trust.manager.cache.external.expireAfterAccess

"30 days"

Time during which an external CA CRL is kept in cache before being removed if nothing accesses it

stream.trust.manager.cache.managed.expireAfterAccess

"5 minutes"

Time during which a managed CA CRL is kept in cache before being removed if nothing accesses it

stream.keystore.timeout

"5 seconds"

Maximum duration for Stream to retrieve the signature of a CRL from the Content Signer

HTTP Header parameters

Parameter	Default value	Description
stream.http.header.realip	"X-Real-IP"	Name of the HTTP header to use as Real IP
stream.security.http.headers.xapi.id	"X-API-ID"	Name of the HTTP header to use as XAPI-ID
stream.security.http.headers.xapi.key	"X-API-KEY"	Name of the HTTP header to use as XAPI-KEY

Parameter

Default value

Description

stream.http.header.realip

"X-Real-IP"

Name of the HTTP header to use as Real IP

stream.security.http.headers.xapi.id

"X-API-ID"

Name of the HTTP header to use as XAPI-ID

stream.security.http.headers.xapi.key

"X-API-KEY"

Name of the HTTP header to use as XAPI-KEY

Search queries parameters

Parameter	Default value	Description
stream.certificate.search.page.default_size	50	How many elements to retrieve in a certificate search query if no pageSize has been specified
stream.certificate.search.page.max_size	(no default value)	How big can the pageSize parameter be in a certificate search query ? (Must be a positive integer)
stream.event.search.page.default_size	50	How many elements to retrieve in an event search query if no pageSize has been specified
stream.event.search.page.max_size	(no default value)	How big can the pageSize parameter be in an event search query ? (Must be a positive integer)

Parameter

Default value

Description

stream.certificate.search.page.default_size

How many elements to retrieve in a certificate search query if no pageSize has been specified

stream.certificate.search.page.max_size

(no default value)

How big can the pageSize parameter be in a certificate search query ? (Must be a positive integer)

stream.event.search.page.default_size

How many elements to retrieve in an event search query if no pageSize has been specified

stream.event.search.page.max_size

(no default value)

How big can the pageSize parameter be in an event search query ? (Must be a positive integer)

Security parameters

Parameter	Default value	Description
stream.security.trustmanager.enforce_serverauth	false	Enforces TLS authentication for the Stream web application
stream.secret.manager.keyset.path	"/etc/stream.keyset"	Relative path (relative to /opt/stream/) to get the keyset file for Stream from
stream.event.ttl	(no default value)	(Optional) Duration after which Stream technical events will be removed from database. If not set manually, technical events will never be removed from database throug the TTL mechanism but can still be removed if the events collection is capped in the Mongo database.
stream.event.chainsign	true	Specify whether to chain and sign the Stream events to ensure they haven’t been tampered with
stream.event.seal.algorithm	AlgorithmIdentifiers.HMAC_SHA512	Algorithm to use to sign the Stream events
stream.event.manager.interval	"5 seconds"	How often will the Event Manager actor check in the database if new a new event appeared to sign it and display it in the "Events" section of Stream
stream.account.secret.length	42	Length of random passwords generated when creating a local account or resetting one’s password
stream.crl.storage.sync.interval	"15 minutes"	How often to push CRLs into external storages

Parameter

Default value

Description

stream.security.trustmanager.enforce_serverauth

false

Enforces TLS authentication for the Stream web application

stream.secret.manager.keyset.path

"/etc/stream.keyset"

Relative path (relative to /opt/stream/) to get the keyset file for Stream from

stream.event.ttl

(no default value)

(Optional) Duration after which Stream technical events will be removed from database. If not set manually, technical events will never be removed from database throug the TTL mechanism but can still be removed if the events collection is capped in the Mongo database.

stream.event.chainsign

true

Specify whether to chain and sign the Stream events to ensure they haven’t been tampered with

stream.event.seal.algorithm

AlgorithmIdentifiers.HMAC_SHA512

Algorithm to use to sign the Stream events

stream.event.manager.interval

"5 seconds"

How often will the Event Manager actor check in the database if new a new event appeared to sign it and display it in the "Events" section of Stream

stream.account.secret.length

Length of random passwords generated when creating a local account or resetting one’s password

stream.crl.storage.sync.interval

"15 minutes"

How often to push CRLs into external storages

Queue parameters

Parameter	Default value	Description
stream.queue.default.parallelism	5	Stream’s default queue parallelism size (the number of concurrent signature requests that can be processed at once)
stream.queue.default.size	100	Number of signature requests that can be queued before starting to discard them
stream.crl.queue.size	100	Number of CRL signature requests that can be queued before starting to discard them

Parameter

Default value

Description

stream.queue.default.parallelism

Stream’s default queue parallelism size (the number of concurrent signature requests that can be processed at once)

stream.queue.default.size

100

Number of signature requests that can be queued before starting to discard them

stream.crl.queue.size

100

Number of CRL signature requests that can be queued before starting to discard them