| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| blocks:server_configuration_file [2024-08-21 14:14] – added useForwardedHeaders admin | blocks:server_configuration_file [2025-11-12 09:13] (current) – Note for spotSnap added in 7.4 admin |
|---|
| * **type**. Server type. Must be set to //pixilab_server//. | * **type**. Server type. Must be set to //pixilab_server//. |
| * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. | * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. |
| * ** applicationConnectors**. specifies the connection details for the web server, such as port numbers used, etc. | * ** applicationConnectors**. Specifies the connection details for the web server, such as port numbers used, etc. |
| | * **allowCrossSiteAuth**. Set to true to allow cross-site authentication (e.g. for the Blocks editor), such as from within an IFRAME. Browsers allow this only under HTTPS, so you'll need HTTPS and a certificate to use this feature in addition to setting this option to true. |
| |
| See below for details on server sub-options. | See below for details on server sub-options. |
| - type: http | - type: http |
| port: 8080 | port: 8080 |
| | useForwardedHeaders: true |
| </code> | </code> |
| |
| If not specified, port 8080 is used for http and https is disabled. Under Windows, you may change the http connector to use the standard port 80 instead, thus removing the need to type :8080 after domain name IP address in a browser. Under Linux/MacOS, you can not use ports below 1024. | If not specified, port 8080 is used for http and https is disabled. Under Windows, you may change the http connector to use the standard port 80 instead, thus removing the need to type :8080 after domain name IP address in a browser. Under Linux/MacOS, you can not use ports below 1024. |
| |
| The above example is appropriate when using PIXILAB's Linux-based server, which provides an //nginx// reverse proxy managing the standard HTTP port 80 by forwarding to port 8080, mentioned above. Learn more about the nginx reverse proxy, including how it can also be used to support HTTPS connection, [[blocks:server:nginx|here]]. | The above example is appropriate when using PIXILAB's Linux-based server, which provides an //nginx// reverse proxy managing the standard HTTP port 80 by forwarding to port 8080, mentioned above. Learn more about the nginx reverse proxy, including how it can also be used to support HTTPS connection, [[blocks:server:nginx|here]]. The //useForwardedHeaders// option must be set to true when running Blocks behind a reverse proxy (and the reverse proxy must be configured to set allrelevant X-Forwarded-Xxx headers). If you're not using a reverse proxy (e.g., runnign Blocks on your Mac or Windows laptop), this setting can be omitted or set to false. |
| |
| See [[https://www.dropwizard.io/en/latest/manual/configuration.html#man-configuration-connectors|here]] for more details on advanced //applicationConnectors// settings. Those are advanced settings, that most users won't need. PIXILAB doesn't support servers where such advanced settings have been applied. | See [[https://www.dropwizard.io/en/latest/manual/configuration.html#man-configuration-connectors|here]] for more details on advanced //applicationConnectors// settings. Those are advanced settings, that most users won't need. PIXILAB doesn't support servers where such advanced settings have been applied. |
| apiKeys: | apiKeys: |
| upload: "super-secret" # Value required as apiKey query parameter for uploads | upload: "super-secret" # Value required as apiKey query parameter for uploads |
| | spotSnap: "spot-screen-spy" # Value required as apiKey for viewing screenshots |
| customKey: "super-secret2" | customKey: "super-secret2" |
| </code> | </code> |
| |
| The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. | The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. |
| | |
| | The //spotSnap// key's value (if specified) will allow Blocks' [[blocks:api:spot-screenshot|Display Spot Screenshot API]] to be used from non-authenticated clients. This setting was added in Blocks 7.4. |
| |
| You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: | You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: |