Configuring the Web Server
There are a pair of settings that must be set before running your Quillix Web Server for the first time. If you use the Quillix Installer, it will set the values for you. These settings can be found in the appsettings.json file in the Web Site’s install folder. The settings are “DBType” and “ConnectionString”. Appsettings.json is a text file of JSON data so you can edit it with any text editor.
DBType is a string value and must be set to “MSSQL” or “MYSQL”. Use “MSSQL” if you are using a Microsoft SQL Server database. Use “MYSQL” if you are using MySQL or a compatible database such as Amazon Aurora or MariaDB.
ConnectionString is an ODBC connection string to connect to your database. You must first create a 64-bit ODBC System DSN for your QCM database. The Quillix Web Server is a 64-bit application and can’t access a 32-bit DSN. Also, it will usually run behind a Web Server (IIS, Apache, Nginx, etc) so it needs a System, not User DSN. Then, set ConnectionString to the connection string used to connect to your database. This string will usually look like:
DSN=myDsn;Uid=myUsername;Pwd=myPassword;
Where myDsn, myUsername and myPassword are replaced with your specific settings. If you are manually changing the file, the ConnectionString will be visible as plaintext. If you use the Database Connection Utility to set the ConnectionString, it will be encrypted.
Customizing the Web Site
There are several values that may be set to customize the behavior of your Quillix Content Manager Web Site. These settings are found in the appsettings.json file in the Web Site’s install folder and in the resource.js and shortcuts.js files in the wwwroot/scripts folder.
appsettings.json
Your appsettings.json file should look similar to this:
{
"AppSettings": {
"Secret": "/lkLI0+ksvdxHNwNeIvq82dTNljtDuoxA9BwfIt/8anhfrNLFsGe1DixfVPzdkTe2ITqAwCIL2lpSHcK1JjMObtGzb8lnhiJMiuXopuGzpAoevdMs5PJfQDWOSECdE6BP2mWRAAXtQFoSeqT03lb4B0OCVeMalwdH5tfFYpMkHI=",
"ConnectionString": "ugeSnFlU+7c2gtz6X1yO6CLZvtA6b5rsDB1VTLndCXU=",
"AllowRememberMe": true,
"RememberMeLength": 30,
"ClearRememberMeOnLogin": true,
"DBType": "MSSQL",
"Version": "5.0.001",
"Tracing": false,
"TraceFile": "d:/qdata/trace.txt",
"UniversalDPI": 200,
"UniversalMaxSizeToRender": 1000,
"UniversalDPIForBigFiles": 0,
"PDFDPI": 200,
"PDFMaxSizeToRender": 1000,
"PDFDPIForBigFiles": 0,
"AudioMaxSize": 200,
"VideoMaxSize": 1000,
"DefaultGroupID": 99,
"AppendToDocs": true
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
The Quillix Web Server uses JSON Web Tokens (JWT) to secure access to the application. On login, each user is assigned a unique JWT. That token is returned to the server with every web request and authenticated by the Server to ensure that the user has access to the resource or operation that they are requesting. JWTs are encrypted and Secret is a random string used for the encryption operation. If you want to change this value, use a Cryptographically Secure Random Number Generator and create a 1024 bit value encoded in Base64.
These values are described in detail in the section “Configuring the Web Server” above. The ConnectString shown here has been encrypted and is similar to what you should see after you install the Web Server. This value is encrypted by the installer (Database Connection Utility), but you may edit the value and enter a plain text ODBC connection string. If you enter a plain text connection string, it will NOT be encrypted and will always be visible as plain text.
AllowRememberMe, RememberMeLength & ClearRememberMeOnLogin
The RememberMe feature allows a user to launch the Web Site without logging in. It can be enabled by setting AllowRememberMe to ‘true’ here and in resource.js (see below). When enabled, the system writes a cookie to the user’s system on login. The cookie uniquely identifies this user and is used at the next login to authenticate the user without going through the login process. RememberMeLength is the number of days that the cookie will be valid. After that number of days, the user is required to login again.
The cookie does present a security risk. If an attacker was able to copy the cookie to another system, they could impersonate the user without knowing login credentials. This is why ClearRememberMeOnLogin exists. If set to ‘true’, this setting invalidates all cookies on login. If the user logged in before the attacker, the attacker’s cookie would be invalidated and he would be unable to login. If the attacker logged in first, the user would get an error on login (stating that their RememberMe token was invalid). The user should report this to the IT staff so they can invalidate all Tokens for that user (this can be done in the Control Center). Since ClearRememberMeOnLogin clears all tokens, a user can only use RememberMe on one device at a time while this feature is enabled. A short RememberMeLength is also useful for mitigating the danger of RememberMe but it reduces the usefulness to the user by requiring them to login more often.
Identifies the version of QCM and should not be changed.
Tracing may be set to ‘true’ to enable tracing or false to disable. If set to ‘true’, you must also provide a value for TraceFile. The path to TraceFile must already exist, but the Web Server will create the file if it doesn’t exist or append to it if it does. These settings will slow the performance of your Web Server and should only be used to diagnose a problem condition.
Universal/PDF/Audio/Video
Every file added to a Quillix Content Manager repository is one of five types:
Image (JPEG, TIFF, PNG, GIF, BMP)
Audio (MP3, AAC, WAV, etc.)
Video (MP4, MOV, FLV, etc.)
Universal (anything else)
The following settings modify the processing of these files.
UniversalDPI, UniversalMaxSizeToRender & UniversalDPIForBigFiles
These settings control rendering of Universal files. Some Universal files (like ZIP, EXE or DLL files) cannot be rendered and will always return the default image (default.png in the Web Site’s install folder – the same place you can find appsettings.json). But, many Universal files can and will be rendered and returned to the Web Client for viewing. This includes Office documents (both Microsoft Office and OpenOffice), text, HTML and email files and others.
How the file is rendered is determined by:
if (File.length > UniversalMaxSizeToRender * 1024) then
if (UniversalDPIForBigFiles == 0) then
don’t render this file – return toobig.png
else
render the file at UniversalDPIForBigFiles
else
render the file at UniversalDPI
Larger DPI values take longer to render and larger files take longer to render, so modify these values to get performance that is acceptable for your users. UniversalDPIForBigFiles should be smaller than UniversalDPI and we recommend that it be set to 0 to disable rendering of large files. UniversalMaxSizeToRender is in KBytes so a value of 1000 corresponds to a file length of 1 MB. Files that are not rendered can still be downloaded and viewed in a native viewer (provided that the user has the ‘download’ privilege).
PDFDPI, PDFMaxSizeToRender & PDFDPIForBigFiles
These settings control rendering of PDF files and work the same as the Universal settings above.
How the file is rendered is determined by:
if (File.length > PDFMaxSizeToRender * 1024) then
if (PDFDPIForBigFiles == 0) then
don’t render this file – return toobig.png
else
render the file at PDFDPIForBigFiles
else
render the file at PDFDPI
Larger DPI values take longer to render and larger files take longer to render, so modify these values to get performance that is acceptable for your users. PDFDPIForBigFiles should be smaller than PDFDPI and we recommend that it be set to 0 to disable rendering of large files. PDFMaxSizeToRender is in KBytes so a value of 1000 corresponds to a file length of 1 MB. Files that are not rendered can still be downloaded and viewed in a native viewer (provided that the user has the ‘download’ privilege).
Audio files are normally shown in the web client by the audio HTML element and can be played in the browser. Audio files that are larger than this value will not be sent to the browser and will be replaced by the default image (default.png). AudioMaxSize is in MBytes so a value of 1 corresponds to a file length of 1 MB. Large files can still be downloaded and played in a native player (provided that the user has the ‘download’ privilege).
Video files are normally shown in the web client by the video HTML element and can be played in the browser. Video files that are larger than this value will not be sent to the browser and will be replaced by the default image (default.png). VideoMaxSize is in MBytes so a value of 1 corresponds to a file length of 1 MB. Large files can still be downloaded and played in a native player (provided that the user has the ‘download’ privilege).
QCM Web no longer uses GroupIDs for security on documents. But, to support interaction with the desktop QCM product, any documents filed by QCM Web will be assigned to DefaultGroupID.
This value is set to true or false. When true, the server will do a lookup before creating a document. If a document with the same index values is found, any new files will be appended to the existing document. When false, the server will always create a new document when indexing new files and you can have multiple documents with identical index values in the repository. This setting applies both to new files submitted through the QCM QSX with Quillix Capture and to new files indexed through QCM Web.
This section controls the .Net logging options. Only change this when directed by Prevalent Technical Support.
This setting guards against Host Header attacks by listing (semi-colon delimited list) the valid Host values for this Web Server. If your Quillix Web Server is behind IIS, Apache, Nginx or another Web Server (as recommended), that Web Server should be configured to protect against Host Header attacks. If Quillix Web Server is running self-hosted, be sure to set this value to the proper host names for your site.
resource.js
AllowRememberMe
This setting only shows or hides the control on the login page. You must also set the values in appsettings.json as described above. A value of ‘true’ will show the control while a value of ‘false’ will hide the control.
AllowInactivityTimeout & InactivityTimeout
This setting controls whether users are automatically logged off due to inactivity. A value of ‘false’ means that users are never automatically logged off. A value of ‘true’ will result in auto-logoff after InactivityTimeout number of minutes. In reality, the InactivityTimeout will be close to a multiple of 3. It is checked during the ‘refreshToken’ method which is scheduled every 3 minutes. If the system is busy, ‘refreshToken’ will not be run at exactly 3 minutes but instead will be run sometime after when the system is less busy.
MaskChar
The placeholder character used by field masks for ‘unfilled’ character positions. This character cannot occur in the entered field value. So, if you need the default character “_” in your field values, you must change this setting to a different character.
ChunkSize
In KBytes. Files smaller than this are transferred to the server in one block. Files larger than this are split into ‘chunks’ of this size and sent a piece at a time. Larger chunk sizes can improve network performance (because there are fewer calls to transfer the file). But since each chunk is loaded into memory, larger chunks will use more memory on the client and server. The default value should give good performance in most situations.
AllowInPlaceEdits
This setting controls whether document fields can be edited in the results grid. A value of ‘true’ allows edits in the result grid. A value of ‘false’ means that fields can only be edited from the popup window.
shortcuts.js
All keyboard shortcuts are defined in this file. Each one is contained in a block similar to this:
// Execute search [alt - e]
var ExecuteSearchCode = 69;
var ExecuteSearchAlt = true;
var ExecuteSearchShift = false;
var ExecuteSearchShortCutText = " [alt - e]";
This block defines the shortcut for the ‘Execute’ button on the ‘Search’ tab. To change the shortcut to a different keystroke, change ‘ExecuteSearchCode’ to the ASCII code of the new key and set ‘ExecuteSearchAlt’ and ‘ExecuteSearchShift’ as desired. Finally, change ‘ExecuteSearchShortCutText’ to show the user what the shortcut is. Any shortcut in this file may be modified in this way.
default.png & toobig.png
These files can be found in the Web Site’s install folder. Toobig.png is displayed when a PDF or Universal file is larger than the MaxRender setting and the DPIForBigFiles is 0. Default.png is displayed when a Universal file can’t be rendered or an error occurred when rendering. You may replace either or both of these files with images of you own design if desired.
Next Steps