Changeset 40130 in vbox for trunk/doc

Timestamp:

Feb 14, 2012 3:17:35 PM (13 years ago)

Author:

vboxsync

Message:

Main/webservice+doc/manual: Add SSL support to the webservice, and also add an optional parameter which ensures the authentication setting is correct. Update manual and SDK reference.

Location:

trunk/doc/manual

Files:

• docbook2latex.xsl (modified) (3 diffs)
• en_US/SDKRef.xml (modified) (6 diffs)
• en_US/user_AdvancedTopics.xml (modified) (2 diffs)

trunk/doc/manual/docbook2latex.xsl

@@ -19 +19 @@
         by this XSLT (see below).
 
-     Copyright (C) 2006-2010 Oracle Corporation
+     Copyright (C) 2006-2012 Oracle Corporation
 
      This file is part of VirtualBox Open Source Edition (OSE), as
@@ -585 +585 @@
             <xsl:with-param name="text" select="$subst6" />
             <xsl:with-param name="replace" select="'~'" />
-            <xsl:with-param name="with" select="'\~'" />
+            <xsl:with-param name="with" select="'\textasciitilde '" />
             <xsl:with-param name="disable-output-escaping" select="no" />
           </xsl:call-template>
@@ -676 +676 @@
             <xsl:with-param name="text" select="$subst8" />
             <xsl:with-param name="replace" select="'~'" />
-            <xsl:with-param name="with" select="'\~'" />
+            <xsl:with-param name="with" select="'\textasciitilde '" />
             <xsl:with-param name="disable-output-escaping" select="no" />
           </xsl:call-template>

trunk/doc/manual/en_US/SDKRef.xml

@@ -293 +293 @@
           binary package for your specific platform. Since the SDK contains
           only platform-independent text files and documentation, the binaries
-          are instead shipped with the platform-specific packages.</para>
+          are instead shipped with the platform-specific packages. For this
+          reason the information how to run it as a service is included in the
+          VirtualBox documentation.</para>
         </note></para>
 
@@ -340 +342 @@
             <computeroutput>-p</computeroutput>): This specifies which port to
             bind to on the host and defaults to 18083.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--ssl</computeroutput> (or
+            <computeroutput>-s</computeroutput>): This enables SSL support.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--keyfile</computeroutput> (or
+            <computeroutput>-K</computeroutput>): This specifies the file name
+            containing the server private key and the certificate. This is a
+            mandatory parameter if SSL is enabled.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--passwordfile</computeroutput> (or
+            <computeroutput>-a</computeroutput>): This specifies the file name
+            containing the password for the server private key. If unspecified
+            or an empty string is specified this is interpreted as an empty
+            password (i.e. the private key is not protected by a password). If
+            the file name <computeroutput>-</computeroutput> is specified then
+            then the password is read from the standard input stream, otherwise
+            from the specified file. The user is responsible for appropriate
+            access rights to protect the confidential password.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--cacert</computeroutput> (or
+            <computeroutput>-c</computeroutput>): This specifies the file name
+            containing the CA certificate appropriate for the server
+            certificate.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--capath</computeroutput> (or
+            <computeroutput>-C</computeroutput>): This specifies the directory
+            containing several CA certificates appropriate for the server
+            certificate.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--dhfile</computeroutput> (or
+            <computeroutput>-D</computeroutput>): This specifies the file name
+            containing the DH key. Alternatively it can contain the number of
+            bits of the DH key to generate. If left empty, RSA is used.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--randfile</computeroutput> (or
+            <computeroutput>-r</computeroutput>): This specifies the file name
+            containing the seed for the random number generator. If left empty,
+            an operating system specific source of the seed.</para>
           </listitem>
 
@@ -370 +424 @@
 
           <listitem>
+            <para><computeroutput>--threads</computeroutput> (or
+            <computeroutput>-T</computeroutput>): This specifies the maximum
+            number or worker threads, and defaults to 100. This normally does
+            not need to be changed.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--keepalive</computeroutput> (or
+            <computeroutput>-k</computeroutput>): This specifies the maximum
+            number of requests which can be sent in one web service connection,
+            and defaults to 100. This normally does not need to be changed.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--authentication</computeroutput> (or
+            <computeroutput>-A</computeroutput>): This specifies the desired
+            web service authentication method. If the parameter is not
+            specified or the empty string is specified it does not change the
+            authentication method, otherwise it is set to the specified value.
+            Using this parameter is a good measure against accidental
+            misconfiguration, as the web service ensures periodically that it
+            isn't changed.</para>
+          </listitem>
+
+          <listitem>
             <para><computeroutput>--verbose</computeroutput> (or
             <computeroutput>-v</computeroutput>): Normally, the web service
@@ -377 +456 @@
             are mapped to internally, which can be useful for debugging client
             programs.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--pidfile</computeroutput> (or
+            <computeroutput>-P</computeroutput>): Name of the PID file which is
+            created when the daemon was started.</para>
           </listitem>
 
@@ -389 +474 @@
             unattended and need to debug problems after they have
             occurred.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--logrotate</computeroutput> (or
+            <computeroutput>-R</computeroutput>): Number of old log files to
+            keep, defaults to 10. Log rotation is disabled if set to 0.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--logsize</computeroutput> (or
+            <computeroutput>-S</computeroutput>): Maximum size of log file in
+            bytes, defaults to 100MB. Log rotation is triggered if the file
+            grows beyond this limit.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--loginterval</computeroutput> (or
+            <computeroutput>-I</computeroutput>): Maximum time interval to be
+            put in a log file before rotation is triggered, in seconds, and
+            defaults to one day.</para>
           </listitem>
         </itemizedlist>
@@ -445 +550 @@
         use this variable carefully, and only if you fully understand what
         you're doing.</para>
-      </sect2>
-
-      <sect2>
-        <title>Solaris host: starting the web service via SMF</title>
-
-        <para>On Solaris hosts, the VirtualBox web service daemon is
-        integrated into the SMF framework. You can change the parameters, but
-        don't have to if the defaults below already match your needs:<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost
-svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083
-svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen></para>
-
-        <para>If you made any change, don't forget to run the following
-        command to put the changes into effect immediately:<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>If you forget the above command then the previous settings will
-        be used when enabling the service. Check the current property settings
-        with:<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>When everything is configured correctly you can start the
-        VirtualBox web service with the following command:<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>For more information about SMF, please refer to the Solaris
-        documentation.</para>
       </sect2>
     </sect1>

trunk/doc/manual/en_US/user_AdvancedTopics.xml

@@ -860 +860 @@
         device. Read/write access is also later needed when using the image
         from a virtual machine. On some host platforms (e.g. Windows Vista
-        and later), raw disk access may be restricted and not permitted by
-        the host OS in some situations.</para>
+        and later), raw disk access may be restricted and not permitted by
+        the host OS in some situations.</para>
 
         <para>Just like with regular disk images, this does not automatically
@@ -1877 +1877 @@
     Development Kit (SDK); please see <xref linkend="VirtualBoxAPI" />. As the
     client base using this interface is growing, we added start scripts for
-    the various operation systems we support. The following describes how to
-    use them. Please be aware that the web service is never started automatically
-    as a result of a standard installation.<itemizedlist>
-        <listitem>
-          <para>On Mac OS X, launchd is used. An example configuration file
-          can be found in
-          <computeroutput>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</computeroutput>.
-          It can be enabled by changing the
-          <computeroutput>Disabled</computeroutput> key from
-          <computeroutput>true</computeroutput> to
-          <computeroutput>false</computeroutput>. To manually start the
-          service use the following command: <screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen>
-          For additional information on how launchd services could be
-          configured see <literal><ulink
-          url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html">http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html</ulink></literal>.</para>
-        </listitem>
-        <listitem>
-          <para>On Linux, the web service can be automatically started during
-            host boot by adding appropriate parameters to the file /etc/default/virtualbox.
-            There is one mandatory parameter, VBOXWEB_USER which must be set to
-            the user which will later start the VMs.
-            <table>
-              <title>ignored</title>
-              <tgroup cols="2">
-                <tbody>
-                  <row>
-                    <entry><emphasis role="bold">Parameter</emphasis></entry>
-                    <entry><emphasis role="bold">Description</emphasis></entry>
-                    <entry><emphasis role="bold">Default</emphasis></entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_HOST</entry>
-                    <entry>The host to bind the web service to</entry>
-                    <entry>localhost</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_PORT</entry>
-                    <entry>The port to bind the web service to</entry>
-                    <entry>18083</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_TIMEOUT</entry>
-                    <entry>Session timeout in seconds; 0 disables timeouts</entry>
-                    <entry>300</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_ CHECK_INTERVAL</entry>
-                    <entry>Frequency of timeout checks in seconds</entry>
-                    <entry>5</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_THREADS</entry>
-                    <entry>Maximum number of worker threads to run in parallel</entry>
-                    <entry>100</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_KEEPALIVE</entry>
-                    <entry>Maximum number of requests before a socket will be closed</entry>
-                    <entry>100</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGFILE</entry>
-                    <entry>Name of file to write log to</entry>
-                    <entry><emphasis>no file</emphasis></entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_ROTATE</entry>
-                    <entry>Number of log files; 0 disables log rotation</entry>
-                    <entry>10</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGSIZE</entry>
-                    <entry>Maximum size of a log file in bytes to trigger rotation</entry>
-                    <entry>1MB</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGINTERVAL</entry>
-                    <entry>Maximum time interval in seconds to trigger log rotation</entry>
-                    <entry>1 day</entry>
-                  </row>
-                </tbody>
-              </tgroup>
-            </table>
-          </para>
-        </listitem>
-      </itemizedlist></para>
+    the various operation systems we support. The following sections describe
+    how to use them. The VirtualBox web service is never started automatically
+    as a result of a standard installation.</para>
+
+    <sect2 id="vboxwebsrv-linux">
+      <title>Linux: starting the webservice via <computeroutput>init</computeroutput></title>
+
+      <para>On Linux, the web service can be automatically started during
+      host boot by adding appropriate parameters to the file
+      <computeroutput>/etc/default/virtualbox</computeroutput>.
+      There is one mandatory parameter, <computeroutput>VBOXWEB_USER</computeroutput>,
+      which must be set to the user which will later start the VMs. The
+      paramters in the table below all start with <computeroutput>VBOXWEB_</computeroutput>
+      (<computeroutput>VBOXWEB_HOST</computeroutput>,
+      <computeroutput>VBOXWEB_PORT</computeroutput> etc.):
+      <table>
+        <title>ignored</title>
+        <tgroup cols="3">
+          <tbody>
+            <row>
+              <entry><emphasis role="bold">Parameter</emphasis></entry>
+              <entry><emphasis role="bold">Description</emphasis></entry>
+              <entry><emphasis role="bold">Default</emphasis></entry>
+            </row>
+            <row>
+              <entry>USER</entry>
+              <entry>The user as which the web service runs</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>HOST</entry>
+              <entry>The host to bind the web service to</entry>
+              <entry>localhost</entry>
+            </row>
+            <row>
+              <entry>PORT</entry>
+              <entry>The port to bind the web service to</entry>
+              <entry>18083</entry>
+            </row>
+            <row>
+              <entry>SSL_KEYFILE</entry>
+              <entry>Server key and certificate file, PEM format</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_PASSWORDFILE</entry>
+              <entry>File name for password to server key</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_CACERT</entry>
+              <entry>CA certificate file, PEM format</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_CAPATH</entry>
+              <entry>CA certificate path</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_DHFILE</entry>
+              <entry>DH file name or DH key length in bits</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_RANDFILE</entry>
+              <entry>File containing seed for random number generator</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>TIMEOUT</entry>
+              <entry>Session timeout in seconds; 0 disables timeouts</entry>
+              <entry>300</entry>
+            </row>
+            <row>
+              <entry>CHECK_INTERVAL</entry>
+              <entry>Frequency of timeout checks in seconds</entry>
+              <entry>5</entry>
+            </row>
+            <row>
+              <entry>THREADS</entry>
+              <entry>Maximum number of worker threads to run in parallel</entry>
+              <entry>100</entry>
+            </row>
+            <row>
+              <entry>KEEPALIVE</entry>
+              <entry>Maximum number of requests before a socket will be closed</entry>
+              <entry>100</entry>
+            </row>
+            <row>
+              <entry>LOGFILE</entry>
+              <entry>Name of file to write log to</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>ROTATE</entry>
+              <entry>Number of log files; 0 disables log rotation</entry>
+              <entry>10</entry>
+            </row>
+            <row>
+              <entry>LOGSIZE</entry>
+              <entry>Maximum size of a log file in bytes to trigger rotation</entry>
+              <entry>1MB</entry>
+            </row>
+            <row>
+              <entry>LOGINTERVAL</entry>
+              <entry>Maximum time interval in seconds to trigger log rotation</entry>
+              <entry>1 day</entry>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+      </para>
+
+      <para>Setting the parameter <computeroutput>SSL_KEYFILE</computeroutput>
+      enables the SSL/TLS support. Using encryption is strongly encouraged, as
+      otherwise everything (including passwords) is transferred in clear
+      text.</para>
+    </sect2>
+
+    <sect2 id="vboxwebsrv-solaris">
+      <title>Solaris: starting the web service via SMF</title>
+
+      <para>On Solaris hosts, the VirtualBox web service daemon is
+      integrated into the SMF framework. You can change the parameters, but
+      don't have to if the defaults below already match your needs:<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost
+svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083
+svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen></para>
+
+      <para>The table in the previous section showing the parameter names and
+      defaults also applies to Solaris. The parameter names must be changed
+      to lowercase and a prefix of <computeroutput>config/</computeroutput>
+      has to be added, e.g. <computeroutput>config/user</computeroutput> or
+      <computeroutput>config/ssl_keyfile</computeroutput>. If you made any
+      change, don't forget to run the following command to put the changes into
+      effect immediately:<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>If you forget the above command then the previous settings will
+      be used when enabling the service. Check the current property settings
+      with:<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>When everything is configured correctly you can start the
+      VirtualBox web service with the following command:<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>For more information about SMF, please refer to the Solaris
+      documentation.</para>
+    </sect2>
+
+    <sect2 id="vboxwebsrv-osx">
+      <title>Mac OS X: starting the webservice via launchd</title>
+
+      <para>On Mac OS X, launchd is used to start the VirtualBox webservice. An
+      example configuration file can be found in
+      <computeroutput>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</computeroutput>.
+      It can be enabled by changing the
+      <computeroutput>Disabled</computeroutput> key from
+      <computeroutput>true</computeroutput> to
+      <computeroutput>false</computeroutput>. To manually start the
+      service use the following command: <screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen>
+      For additional information on how launchd services could be
+      configured see <literal><ulink
+      url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html">http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html</ulink></literal>.</para>
+    </sect2>
   </sect1>