Configuration - HTTP Binding Settings

The CSE supports HTTP binding for communication with clients and other CSEs. The HTTP binding is always enabled and its settings are configured in the configuration file under the section [http] and its subsections.

General Settings

Section: [http]

These are the general settings for the HTTP binding.

Setting	Description	Default
port	Port to listen to.	${basic.config:httpPort}
listenIF	Interface to listen to. Use 0.0.0.0 for "all" interfaces.	${basic.config:networkInterface}
address	Own address. Should be a local/public reachable address.	http://${basic.config:cseHost}:${basic.config:httpPort}
root	CSE Server root. Never provide a trailing `/`.	empty string
enableRemoteConfiguration	Enable an endpoint for get and set certain configuration values via a REST interface. ATTENTION: Enabling this feature exposes configuration values, IDs and passwords, and is a security risk.	False
enableStructureEndpoint	Enable an endpoint for getting a structured overview about a CSE's resource tree and deployment infrastructure (remote CSE's). ATTENTION: Enabling this feature exposes various potentially sensitive information. See also the [console].hideResources setting to hide resources from the tree.	False
enableUpperTesterEndpoint	Enable an endpoint for supporting Upper Tester commands to the CSE. This is to support certain testing and certification systems. See oneM2M's TS-0019 for further details. ATTENTION: Enabling this feature may lead to a total loss of data.	False
allowPatchForDelete	Allow the http PATCH method to be used as a replacement for the DELETE method. This is useful for constraint devices that only support http/1.0, which doesn't specify the DELETE method.	False
timeout	Timeout when sending http requests and waiting for responses.	10 seconds

Security

Section: [http.security]

These are the security settings for the HTTP binding.

Setting	Description	Default
useTLS	Enable TLS for communications. This can be overridden by the command line arguments --http and --https. See oneM2M TS-0003 Clause 8.2.1 "Overview on Security Association Establishment Frameworks".	False
tlsVersion	TLS version to be used in connections. Allowed versions: `TLS1.1`, `TLS1.2`, `auto` . Use `auto` to allow client-server certificate version negotiation.	auto
verifyCertificate	Verify certificates in requests. Set to False when using self-signed certificates.	False
caCertificateFile	Path and filename of the certificate file.	empty string
caPrivateKeyFile	Path and filename of the private key file.	empty string
enableBasicAuth	Enable basic authentication for the HTTP binding. See HTTP Basic Authentication.	False
enableTokenAuth	Enable token authentication for the HTTP binding. See HTTP Token Authentication.	False
basicAuthFile	Path and filename of the http basic authentication file. The file must contain lines with the format "username:password". Comments are lines starting with a # character.	${basic.config:baseDirectory}/certs/http_basic_auth.txt
tokenAuthFile	Path and filename of the http bearer token authentication file. The file must contain lines with the format "token". Comments are lines starting with a # character.	${basic.config:baseDirectory}/certs/http_token_auth.txt

CORS

Section: [http.cors]

These are the CORS (Cross-Origin Resource Sharing) settings for the HTTP binding.

Setting	Description	Default
enable	Enable CORS support for the HTTP binding.	False
resources	A comma separated list of allowed resource paths. The list elements could be regular expressions.	"/*" , ie. all resources under the HTTP server's root.

WSGI

Section: [http.wsgi]

These are the settings for the WSGI (Web Server Gateway Interface) support.

Setting	Description	Default
enable	Enable WSGI support for the HTTP binding.	False
threadPoolSize	The number of threads used to process requests. This number should be of similar size as the connectionLimit setting.	100
connectionLimit	The number of possible parallel connections that can be accepted by the WSGI server. Note: One connection uses one system file descriptor.	100