diff --git a/Documentation/DocuBlocks/clusterPassword.md b/Documentation/DocuBlocks/clusterPassword.md index 0efe881a12..fb876f7b57 100644 --- a/Documentation/DocuBlocks/clusterPassword.md +++ b/Documentation/DocuBlocks/clusterPassword.md @@ -6,8 +6,7 @@ The password used for authorization of cluster-internal requests. This password will be used to authenticate all requests and responses in cluster-internal communication, i.e. requests exchanged between -coordinators -and individual database servers. +coordinators and individual database servers. This option is used for cluster-internal requests only. Regular requests to @@ -15,7 +14,6 @@ coordinators are authenticated normally using the data in the `_users` collection. If coordinators and database servers are run with authentication turned -off, -(e.g. by setting the *--server.disable-authentication* option to *true*), +off, (e.g. by setting the *--server.authentication* option to *false*), the cluster-internal communication will also be unauthenticated. diff --git a/Documentation/DocuBlocks/clusterUsername.md b/Documentation/DocuBlocks/clusterUsername.md index 396bbbfb2a..d4b98f49f6 100644 --- a/Documentation/DocuBlocks/clusterUsername.md +++ b/Documentation/DocuBlocks/clusterUsername.md @@ -6,16 +6,13 @@ The username used for authorization of cluster-internal requests. This username will be used to authenticate all requests and responses in cluster-internal communication, i.e. requests exchanged between -coordinators -and individual database servers. +coordinators and individual database servers. This option is used for cluster-internal requests only. Regular requests -to -coordinators are authenticated normally using the data in the *_users* +to coordinators are authenticated normally using the data in the *_users* collection. If coordinators and database servers are run with authentication turned -off, -(e.g. by setting the *--server.disable-authentication* option to *true*), +off, (e.g. by setting the *--server.authentication* option to *false*), the cluster-internal communication will also be unauthenticated. diff --git a/Documentation/DocuBlocks/foxxQueues.md b/Documentation/DocuBlocks/foxxQueues.md index 814f067908..024177f82f 100644 --- a/Documentation/DocuBlocks/foxxQueues.md +++ b/Documentation/DocuBlocks/foxxQueues.md @@ -1,14 +1,13 @@ @startDocuBlock foxxQueues @brief enable or disable the Foxx queues feature -`--server.foxx-queues flag` +`--foxx.queues flag` If *true*, the Foxx queues will be available and jobs in the queues will be executed asynchronously. The default is *true*. When set to `false` the queue manager will be disabled and any jobs -are prevented from being processed, which may reduce CPU load a great -deal. +are prevented from being processed, which may reduce CPU load a bit. @endDocuBlock diff --git a/Documentation/DocuBlocks/foxxQueuesPollInterval.md b/Documentation/DocuBlocks/foxxQueuesPollInterval.md index d34b9285e0..3ddd87447b 100644 --- a/Documentation/DocuBlocks/foxxQueuesPollInterval.md +++ b/Documentation/DocuBlocks/foxxQueuesPollInterval.md @@ -1,17 +1,15 @@ @startDocuBlock foxxQueuesPollInterval @brief poll interval for Foxx queues -`--server.foxx-queues-poll-interval value` +`--foxx-queues-poll-interval value` The poll interval for the Foxx queues manager. The value is specified in seconds. Lower values will mean more immediate and more frequent Foxx -queue -job execution, but will make the queue thread wake up and query the +queue job execution, but will make the queue thread wake up and query the queues more often. When set to a low value, the queue thread might cause CPU load. The default is *1* second. If Foxx queues are not used much, then this -value -may be increased to make the queues thread wake up less. +value may be increased to make the queues thread wake up less. @endDocuBlock diff --git a/Documentation/DocuBlocks/keep_alive_timeout.md b/Documentation/DocuBlocks/keep_alive_timeout.md index 8014f5c100..36f4eb0c7f 100644 --- a/Documentation/DocuBlocks/keep_alive_timeout.md +++ b/Documentation/DocuBlocks/keep_alive_timeout.md @@ -1,13 +1,12 @@ @startDocuBlock keep_alive_timeout @brief timeout for HTTP keep-alive -`--server.keep-alive-timeout` +`--http.keep-alive-timeout` Allows to specify the timeout for HTTP keep-alive connections. The timeout value must be specified in seconds. Idle keep-alive connections will be closed by the server automatically -when -the timeout is reached. A keep-alive-timeout value 0 will disable the keep +when the timeout is reached. A keep-alive-timeout value 0 will disable the keep alive feature entirely. @endDocuBlock diff --git a/Documentation/DocuBlocks/serverAllowMethod.md b/Documentation/DocuBlocks/serverAllowMethod.md index bce4996fc4..dc4f5189e3 100644 --- a/Documentation/DocuBlocks/serverAllowMethod.md +++ b/Documentation/DocuBlocks/serverAllowMethod.md @@ -1,7 +1,7 @@ @brief allow HTTP method override via custom headers? -`--server.allow-method-override` +`--http.allow-method-override` When this option is set to *true*, the HTTP request method will optionally be fetched from one of the following HTTP request headers if present in @@ -15,8 +15,7 @@ If the option is set to *true* and any of these headers is set, the request method will be overridden by the value of the header. For example, this allows issuing an HTTP DELETE request which to the outside world will look like an HTTP GET request. This allows bypassing proxies and tools -that -will only let certain request types pass. +that will only let certain request types pass. Setting this option to *true* may impose a security risk so it should only be used in controlled environments. diff --git a/Documentation/DocuBlocks/serverAuthenticateSystemOnly.md b/Documentation/DocuBlocks/serverAuthenticateSystemOnly.md index cd48882e87..be40e203d1 100644 --- a/Documentation/DocuBlocks/serverAuthenticateSystemOnly.md +++ b/Documentation/DocuBlocks/serverAuthenticateSystemOnly.md @@ -1,14 +1,14 @@ @startDocuBlock serverAuthenticateSystemOnly @brief whether or not only requests to internal URLs need authentication -`--server.authenticate-system-only boolean` +`--server.authentication-system-only boolean` Controls whether incoming requests need authentication only if they are directed to the ArangoDB's internal APIs and features, located at */_api/*, */_admin/* etc. -IF the flag is set to *true*, then HTTP authentication is only +If the flag is set to *true*, then HTTP authentication is only required for requests going to URLs starting with */_*, but not for other URLs. The flag can thus be used to expose a user-made API without HTTP authentication to the outside world, but to prevent the outside world from @@ -16,16 +16,15 @@ using the ArangoDB API and the admin interface without authentication. Note that checking the URL is performed after any database name prefix has been removed. That means when the actual URL called is */_db/_system/myapp/myaction*, the URL */myapp/myaction* will be used for -*authenticate-system-only* check. +*authentication-system-only* check. -The default is *false*. +The default is *true*. -Note that authentication still needs to be enabled for the server -regularly +Note that authentication still needs to be enabled for the server regularly in order for HTTP authentication to be forced for the ArangoDB API and the web interface. Setting only this flag is not enough. You can control ArangoDB's general authentication feature with the -*--server.disable-authentication* flag. +*--server.authentication* flag. @endDocuBlock diff --git a/Documentation/DocuBlocks/serverAuthenticationDisable.md b/Documentation/DocuBlocks/serverAuthenticationDisable.md index 8e8bbd677a..c63c282287 100644 --- a/Documentation/DocuBlocks/serverAuthenticationDisable.md +++ b/Documentation/DocuBlocks/serverAuthenticationDisable.md @@ -1,19 +1,17 @@ @brief disable authentication for requests via UNIX domain sockets -`--server.disable-authentication-unix-sockets value` +`--server.authentication-unix-sockets value` -Setting *value* to true will turn off authentication on the server side -for requests coming in via UNIX domain sockets. With this flag enabled, +Setting *value* to false will turn off authentication on the server side +for requests coming in via UNIX domain sockets. With this setting, clients located on the same host as the ArangoDB server can use UNIX -domain -sockets to connect to the server without authentication. +domain sockets to connect to the server without authentication. Requests coming in by other means (e.g. TCP/IP) are not affected by this option. -The default value is *false*. +The default value is *true*. **Note**: this option is only available on platforms that support UNIX -domain -sockets. +domain sockets. diff --git a/Documentation/DocuBlocks/serverBacklog.md b/Documentation/DocuBlocks/serverBacklog.md index 1f78bf0279..f1f87e644e 100644 --- a/Documentation/DocuBlocks/serverBacklog.md +++ b/Documentation/DocuBlocks/serverBacklog.md @@ -1,7 +1,7 @@ @brief listen backlog size -`--server.backlog-size` +`--tcp.backlog-size` Allows to specify the size of the backlog for the *listen* system call The default value is 10. The maximum value is platform-dependent. diff --git a/Documentation/DocuBlocks/serverDisableReplicationApplier.md b/Documentation/DocuBlocks/serverDisableReplicationApplier.md index 113887a86f..579a7b9cd1 100644 --- a/Documentation/DocuBlocks/serverDisableReplicationApplier.md +++ b/Documentation/DocuBlocks/serverDisableReplicationApplier.md @@ -1,18 +1,17 @@ @brief disable the replication applier on server startup -`--server.disable-replication-applier flag` +`--database.replication-applier flag` -If *true* the server will start with the replication applier turned off, +If *false* the server will start with the replication applier turned off, even if the replication applier is configured with the *autoStart* option. Using the command-line option will not change the value of the *autoStart* option in the applier configuration, but will suppress auto-starting the replication applier just once. -If the option is not used, ArangoDB will read the applier configuration -from -the file *REPLICATION-APPLIER-CONFIG* on startup, and use the value of the +If the option is set to *true*, ArangoDB will read the applier configuration +from the file *REPLICATION-APPLIER-CONFIG* on startup, and use the value of the *autoStart* attribute from this file. -The default is *false*. +The default is *true*. diff --git a/Documentation/DocuBlocks/serverHideProductHeader.md b/Documentation/DocuBlocks/serverHideProductHeader.md index f57aad407b..080cbf0099 100644 --- a/Documentation/DocuBlocks/serverHideProductHeader.md +++ b/Documentation/DocuBlocks/serverHideProductHeader.md @@ -1,7 +1,7 @@ @brief hide the "Server: ArangoDB" header in HTTP responses -`--server.hide-product-header` +`--http.hide-product-header` If *true*, the server will exclude the HTTP header "Server: ArangoDB" in HTTP responses. If set to *false*, the server will send the header in diff --git a/Documentation/DocuBlocks/serverKeyfile.md b/Documentation/DocuBlocks/serverKeyfile.md index 71834e617e..1b99b5d987 100644 --- a/Documentation/DocuBlocks/serverKeyfile.md +++ b/Documentation/DocuBlocks/serverKeyfile.md @@ -1,10 +1,9 @@ @brief keyfile containing server certificate -`--server.keyfile filename` +`--ssl.keyfile filename` -If SSL encryption is used, this option must be used to specify the -filename +If SSL encryption is used, this option must be used to specify the filename of the server private key. The file must be PEM formatted and contain both the certificate and the server's private key. @@ -52,7 +51,6 @@ following commands should create a valid keyfile: For further information please check the manuals of the tools you use to create the certificate. -**Note**: the \-\-server.keyfile option must be set if the server is -started with -at least one SSL endpoint. +**Note**: the \-\-ssl.keyfile option must be set if the server is +started with at least one SSL endpoint. diff --git a/Documentation/DocuBlocks/serverReuseAddress.md b/Documentation/DocuBlocks/serverReuseAddress.md index d28ba2456e..bff5eba9ab 100644 --- a/Documentation/DocuBlocks/serverReuseAddress.md +++ b/Documentation/DocuBlocks/serverReuseAddress.md @@ -1,7 +1,7 @@ @brief try to reuse address -`--server.reuse-address` +`--tcp.reuse-address` If this boolean option is set to *true* then the socket option SO_REUSEADDR is set on all server endpoints, which is the default. diff --git a/Documentation/DocuBlocks/serverSSLCache.md b/Documentation/DocuBlocks/serverSSLCache.md index 3a4bfeb4a5..4f2f322a3f 100644 --- a/Documentation/DocuBlocks/serverSSLCache.md +++ b/Documentation/DocuBlocks/serverSSLCache.md @@ -1,13 +1,12 @@ @brief whether or not to use SSL session caching -`--server.ssl-cache value` +`--ssl.session-cache value` Set to true if SSL session caching should be used. *value* has a default value of *false* (i.e. no caching). **Note**: this option is only relevant if at least one SSL endpoint is -used, and -only if the client supports sending the session id. +used, and only if the client supports sending the session id. diff --git a/Documentation/DocuBlocks/serverSSLCipher.md b/Documentation/DocuBlocks/serverSSLCipher.md index 9a35151254..8bdb27ca66 100644 --- a/Documentation/DocuBlocks/serverSSLCipher.md +++ b/Documentation/DocuBlocks/serverSSLCipher.md @@ -1,7 +1,7 @@ @brief ssl cipher list to use -`--server.ssl-cipher-list cipher-list` +`--ssl.cipher-list cipher-list` This option can be used to restrict the server to certain SSL ciphers only, diff --git a/Documentation/DocuBlocks/serverSSLOptions.md b/Documentation/DocuBlocks/serverSSLOptions.md index 3f8acaafd2..387960c695 100644 --- a/Documentation/DocuBlocks/serverSSLOptions.md +++ b/Documentation/DocuBlocks/serverSSLOptions.md @@ -1,7 +1,7 @@ @brief ssl options to use -`--server.ssl-options value` +`--ssl-.options value` This option can be used to set various SSL-related options. Individual option values must be combined using bitwise OR. diff --git a/Documentation/DocuBlocks/serverSSLProtocol.md b/Documentation/DocuBlocks/serverSSLProtocol.md index 8165b6a9f0..bae4b9c9db 100644 --- a/Documentation/DocuBlocks/serverSSLProtocol.md +++ b/Documentation/DocuBlocks/serverSSLProtocol.md @@ -1,7 +1,7 @@ @brief SSL protocol type to use -`--server.ssl-protocolvalue` +`--ssl.protocol value` Use this option to specify the default encryption protocol to be used. The following variants are available: @@ -9,6 +9,7 @@ The following variants are available: - 2: SSLv23 - 3: SSLv3 - 4: TLSv1 +- 5: TLSv1.2 (recommended) The default *value* is 4 (i.e. TLSv1). diff --git a/Documentation/DocuBlocks/server_authentication.md b/Documentation/DocuBlocks/server_authentication.md index 3ab413d9cd..310618f6b6 100644 --- a/Documentation/DocuBlocks/server_authentication.md +++ b/Documentation/DocuBlocks/server_authentication.md @@ -1,12 +1,12 @@ @startDocuBlock server_authentication @brief disable authentication for ALL client requests -`--server.disable-authentication` +`--server.authentication` -Setting value to true will turn off authentication on the server side +Setting this option to *false* will turn off authentication on the server side so all clients can execute any action without authorization and privilege checks. -The default value is *false*. +The default value is *true*. @endDocuBlock diff --git a/Documentation/DocuBlocks/v8Contexts.md b/Documentation/DocuBlocks/v8Contexts.md index 5a29d187f9..e8367309bb 100644 --- a/Documentation/DocuBlocks/v8Contexts.md +++ b/Documentation/DocuBlocks/v8Contexts.md @@ -1,7 +1,7 @@ @brief number of V8 contexts for executing JavaScript actions -`--server.v8-contexts number` +`--javascript.v8-contexts number` Specifies the *number* of V8 contexts that are created for executing JavaScript code. More contexts allow execute more JavaScript actions in