Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Orion/Server admin guide

This page contains information on managing an Orion server.

Operating the server

Starting the server

The server is started by simply invoking the "eclipse" executable (eclipse.exe on Windows, "eclipse" on Unix platforms). Starting the OSGI console by passing the "-console" argument is also recommended:

 eclipse -console

Stopping the server

To stop the server, go to the OSGi console and type "close". You can also simply kill the server process, but an orderly shutdown is always recommended to ensure all data is correctly persisted.

Configuring the server

Changing the port

By default Orion will run on port 8080. To change the port, edit the file eclipse/eclipse.ini, and change the value of the "org.eclipse.equinox.http.jetty.http.port" system property.

Configuring paths where users can store files

By default all files created by users are stored in the Orion "server workspace". This is the location specified by the "-data" argument when launching the server. By default this workspace is stored at eclipse/serverworkspace/. To allow users to link files in other locations to their workspace, the org.eclipse.orion.server.core.allowedPathPrefixes system property needs to be edited. The property value is a comma-separated list of absolute file system paths. Users will be allowed to link to and edit files in any of those locations. This property can be set in the eclipse.ini file:


 -startup
 plugins/org.eclipse.equinox.launcher_1.2.0.v20110124-0830.jar
 --launcher.library
 plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.100.v20101220
 -consoleLog
 -console
 -data
 serverworkspace
 -vmargs
 -Dorg.eclipse.equinox.http.jetty.http.port=8080
 -Dorg.eclipse.equinox.http.jetty.autostart=false
 -Dorg.eclipse.orion.server.core.allowedPathPrefixes=/home/orion

Configuring authentication

Authentication for Orion is specified in the Orion server configuration file. This file is stored in the server workspace at the following location:

.metadata\.plugins\org.eclipse.core.runtime\.settings\org.eclipse.orion.server.configurator.prefs

You can manually create any of these parent directories if they don't exist yet. The file is a Java properties file with key/value pairs delimited by '=' character.

Authentication type

To configure the kind of authentication used by the server, set the "Auth-name" property in the server configuration file. For example, the following line will configure the server to use simple form-based authentication:

 Auth-name=FORM

Valid values for this property are:

  • FORM: Simple form-based authentication
  • Basic: Basic HTTP authentication (not secure unless running on https)
  • OpenID: Authentication only with OpenID
  • FORM+OpenID: User can select form-based authentication or OpenID authentication

Allowing users to create accounts

By default, any user is allowed to create an account. To diallow user account creation, specify this property in the server configuration file:

 everyoneCanCreateUsers=false

When this property is specified, account creation can only be performed on the user management page. This page is only accessible for the admin user.

Creating an admin user

No accounts are built into the Orion server by default. This avoids a vulnerability caused by well-known users and passwords that administrators neglect to change. While a small-scale server might not require an admin user at all, it is useful to create an admin account for larger-scale user management (seeing list of all users, adding/deleting users, etc). To create an admin account launch the server with a special system property specifying the admin password:

 eclipse -vmargs -Dorion.storage.admin.default.password="mypassword"

This will cause an administrator account to be created as the server starts up. The admin user name is "admin" and the password will be the value specified by the system property. Once the admin account has been created, the system property is no longer required on startup (the admin password can be changed later by logging in as the administrator and going to the profile management page).

Creating and deleting users

Users can be created and deleted by logging in as admin, and visiting the user management page at "/manage-users.html". For example a server on your own machine can be managed from http://localhost:8080/manage-users.html. Click the button Orion-new-user.gif to create a new user. To delete a user, click the Orion-delete-png.png button in the "Action" column next to the user to be deleted.

You can also create a user via the Orion server API. Use curl or another utility to send a POST request to "/users". The form requires the following parameters: "login" (user login id), "password" (initial password) and "passwordConf" (confirm password).

Changing passwords

To change a user's password, go to manage-users.html. From there, click on a user to view that user's profile page. On the user profile page you can change the password, change the user's display name, etc. Although there is no obvious link to the page in 0.2 M5, every user can change their password by visiting:

 user-profile.html#/users/username

Where "username" is the user name entered when logging into Orion.

Ongoing server management

Wiping server data

If you are deploying a demo server of Orion, you may want to periodically wipe out all user data, but preserve account names and passwords. This is done as follows:

  • Stop the server
  • Rename serverworkspace to serverworkspace.old
  • Reinstall or reimage the server if you want to be paranoid
  • Create a new clean serverworkspace directory
  • Copy the following two directories from the old server workspace to the new one:
 .metadata\.plugins\org.eclipse.core.runtime (contains server configuration file)
 .metadata\.plugins\org.eclipse.orion.server.user.securestore (contains user account information)
  • Start the server again

Back to the top