Key/Value Pairs in local-appsettings.config
The local-appsettings.config file contains configuration key/value pairs, CMS 10.6 SSH replication and CMS Asset SFTP access cipher suites, and CMS 10.6 asset text search index settings.
This topic includes:
Key/Value Pairs
local-appsettings.config key\value pairs include:
Key Name | Value | Description |
---|---|---|
userdomain | Default value: Empty string Example value: ingeniux | This value sets a default domain for CMS environments authenticating against a domain. If the Domain Controller option is selected during the Select User Provider Type step of the CMS installation process, the domain specified during setup populates the userdomain value field. See step 10 in Creating CMS Site Instances for details. |
tempImageTimeOut | Default value: 30 | This value represents the maximum number of seconds to write a temporary image file to disk after a user edits an image in the CMS before a timeout occurs. If a timeout occurs when writing an image file to disk, the operation stops. |
redirectToHttpAboutLogin | Default value: true | This setting is for https only. If true, redirect to http; otherwise, it stays as https. |
webpages:Version | Default value: 3.0.0.0 | MVC4 setting |
PreserveLoginUrl | Default value: true | MVC4 setting |
ClientValidationEnabled | Default value: true | MVC4 setting |
UnobtrusiveJavaScriptEnabled | Default value: true | MVC4 setting |
includeErrorStackTrace | Default value: false | If true, the stack trace for errors in the CMS displays via a pop-up alert in the UI. The CMS always logs the stack trace, regardless of whether the includeErrorStacktrace value is true or false. This setting is used for internal development only. |
ravenIndexDocumentDifferenceLimit | Default value: 2000 | The system checks and compares the configured value to 10 percent of the total document size in RavenDB's ContentStore. The system chooses the smaller of the two numbers and uses this number to determine if the index is out-of-sync. If this number is larger, the system resets the index. If the RavenDB Index resets, a warning-level entry is written to the CMS logs. Example CMS Log Entry: [WARN] [2019-04-17 13:56:36.3122] - Raven System Index detected incomplete. Resetting. Index count: 420196, Doc Count: 415099 The CSAPI logs always show a check occurring and warn if the document difference limit condition is met to trigger a re-indexing event. The re-indexing event only occurs if the performRavenIndexSanityCheckOnStartup configuration value is set to true (see table row). |
vs:EnableBrowserLink | Default value: false | If false, the browser link is disabled, which causes the site to send long poll requests to the server, constantly. |
performRavenIndexSanityCheckOnStartup | Default value: false | This value determines if RavenDB indexes reset if the document difference limit is met. If set to true and the ravenIndexDocumentDifferenceLimit condition is met, a re-indexing event occurs. |
syncIndexDefinitionsOnContentStoreInit | Default value: false | RavenDB index definitions are only checked and updated during the CMS upgrade process. If an external application that uses the RavenDB ContentStore creates a custom index for the CMS, this index regenerates during an upgrade event. If true, all index definitions for RavenDB are pushed when the application pool is restarted. |
AliasAutoUpdate | Default value: true | Version Notes: CMS 10.6 This setting is exclusive to CMS 10.6 DITA content. This value determines the update behavior when aliased DITA content contains new checked-in changes. If true, the alias auto-update behavior becomes enabled. If false, the system requires users to manually update aliases. See DITA Publishing Architecture in Ingeniux CMS for details about the CMS 10.6 DITA publishing pipeline. See Alias and DITA Content Updates for details about the DITA alias update feature. |
Raven/Encryption/FIPS | Default value: true | Raven Client Settings |
showUtilityTree | Default value: true | Shows Site Tree and Assets Tree utility buttons. |
siteStatusDialogDelay | Default value: 20000 | Delays (in milliseconds) during a long operation before displaying the Site Status dialog. |
EnableIngeniuxSFTPServer | Default value: false | Controls whether or not to enable the SFTP server for Ingeniux Assets. Note The port and private key are
controlled by IgxSftpSettings/1 document in the
database. |
DisableRavenClientCache | Default value: false | Customers who monitor their CMS server environments may notice high memory usage for the CMS application pool. If true, this setting reduces the memory footprint for the CMS application pool. |
OAuth/AccessExpiration | Example value: 00:20:00 | Version Notes: CMS 10.6 This setting is exclusive to CMS 10.6. Determines when the OAuth access tokens expire. For example, if the value is 00:20:00, then the tokens remain valid for 20 minutes. The tokens expire after that time frame ends. |
OAuth/RefreshAdditionalExpiration | Example value: 01:30:00 | Version Notes: CMS 10.6 This setting is exclusive to CMS 10.6 and correlates with OAuth/AccessExpiration. Determines when the OAuth refresh token expires. For example, if the value is 01:30:00, then the fresh token remains valid for an hour and 30 minutes. The token expires after that time frame ends. |
CMS 10.6 Asset Text Search Settings
CMS 10.6 provides asset text search functionality. After configuration, users can access the utility bar search feature to run text queries on text-based assets (XML, HTML, markdown, etc.).
The asset text search feature requires system administrators to configure the asset content indexing settings in local-appsettings.config. Use the following key/value pairs to configure settings for asset text search.
Key Name | Default Value | Description |
---|---|---|
AssetContentIndexing_Enabled | Default value: false | If false, asset text search indexing becomes disabled. If true, asset text search indexing becomes enabled. This setting is required for users to run asset text searches. |
AssetContentIndexing_InitialIndexingProcessorsCount | Default value: 0 Example value: 2 | Choose the number of processors that will index the asset text content
on the server. If set to the default value 0, half of the processors index the asset text. If set to a positive number, then the system specifies the exact number of processors to index the asset text based. For example, if set to 2, then two processors index the asset text. |
AssetContentIndexing_SideBySideDisabled | Default value: true | Similar to InSite Search, the asset text search feature supports
side-by-side indexing. If true, side-by-side indexing becomes disabled. If false, side-by-side indexing becomes enabled. Caution We recommend disabling this setting for large sites with thousands of
assets. Side-by-side indexing will result in an extensive asset text
index. |
AssetContentIndexing_OptimizationPeriod | Default value: 14 | This setting determines the scheduling cycle (in days) for search performance optimization. For example, if set to 14, the process occurs every 14 days (i.e., two weeks). This process optimizes search performance speed by periodically consolidating indexing from multiple files into a single file. |
AssetContentIndexing_SbsMaxReaderFailureCount | Default value: 15 | This setting correlates with AssetContentIndexing_SideBySideDisabled. The value sets the maximum reader failure count for side-by-side indexing. When the asset text search index exceeds the maximum reader failure count, side-by-side indexing no longer occurs. |
AssetContentIndexing_SbsIndexingSideLimitMB | Default value: 500 | This setting correlates with AssetContentIndexing_SideBySideDisabled. The value sets the maximum capacity (in MB) for side-by-side indexing. When the asset text search index exceeds maximum capacity, side-by-side indexing no longer occurs. |
AssetContentSearch_FragSize | Default value: 200 | This setting determines the fragmentation size of the highlighted text,
where the text displays in its surrounding context via the returned search
results. If CMS users search with frags, the system executes fragmentation via direct API calls. If users search without explicitly requesting frags, the system ignores this setting and does not generate frags. Caution Fragmentation slows
search performance by at least 60 percent due to high memory
usage. |
CMS 10.6: SSH Replication and CMS Asset SFTP Access Cipher Suites
CMS 10.6 provides local-appsettings.config settings related to SSH replication cipher suites and to CMS Asset SFTP access cipher suites.CMS 10.6 SSH Replication Cipher Suites
SSH Replication encryption settings include:
<!-- SFTP Encryption Settings, Id list semi-colon separated. see: https://www.rebex.net/sftp.net/features/ssh.aspx -->
<add key="SFTP/KeyExchangeCiphers" value="" />
<add key="SFTP/HostKeyAlgorithms" value="" />
<add key="SFTP/EncryptionCiphers" value="" />
<add key="SFTP/MACCiphers" value="" />
See Rebex: SSH Core for details. Use semi-colons (;) to delimit values.
CMS 10.6 also provides the following code configuration to enable or disable Rebex FIPS compliance:
<add key="Replication/Encryption/FIPS" value="false" />
By default, the configuration disables Rebex FIPS compliance.
The SSH replication settings require this configuration. Rebex FIPS ciphers only include CBC cipher sets, which most hardened environments disable due to vulnerabilities in CBC padding attacks.
CMS 10.6 Asset SFTP Access Cipher Suites
Asset SFTP access encryption settings include:
<!-- SFTP Encryption Settings for Assets, Id list semi-colon separated. see: https://www.rebex.net/sftp.net/features/ssh.aspx#ciphers -->
<add key="Assets/SFTP/KeyExchangeCiphers" value="" />
<add key="Assets/SFTP/HostKeyAlgorithms" value="" />
<add key="Assets/SFTP/EncryptionCiphers" value="" />
<add key="Assets/SFTP/MACCiphers" value="" />
See the tables in Rebex: SSH Ciphers for details about Key Exchange, Host Key, Encryption, and MAC ciphers. Use semi-colons (;) to delimit values.
The following example demonstrates a Key Exchange cipher setting that uses a specific suite set:
<add key="Assets/SFTP/KeyExchangeCiphers" value="diffie-hellman-group16-sha512;diffie-hellman-group14-sha256" />