TracCloudGuideProfilePrefsLogListingCustom and TechStunnel: Difference between pages

From Redrock Wiki

(Difference between pages)
No edit summary
 
No edit summary
 
Line 1: Line 1:
{{TracCloudGuideTabs}}
{| style="width:100%; vertical-align:top; "
{| style="width:100%; vertical-align:top; "
| style="width:250px; vertical-align:top; padding:2px 15px 2px 2px;" | {{TracCloudGuideProfileTOC}}
| style="width:250px; vertical-align:top; padding:2px 15px 2px 2px;" | {{TechDocsTOC}}
| style="vertical-align:top; padding:20px 20px 20px 2px;" |
| style="vertical-align:top; padding:20px 20px 20px 2px;" |
{| style="width:100%; vertical-align:top; "
{| style="width:100%; vertical-align:top; "
<big><b>Log Listing Customization</b></big><br><br>
The Log Listing and Kiosk views of TracCloud can be easily customized, determining what data shows up and how it displays. Whether you only need a couple fields visible, or you need a lot of information but want to make sure one element is more prominently displayed than others, this article will explain exactly how to accomplish this.
<br><br>
These settings can be found in your Profile Preferences under the <b>Log In/Out</b> prefs. Your Kiosk and Visit Log List views can be customized separately, but the method for modifying them is the same.
<br>
[[File:H35h5j35h3g534f.png|800px]]
<br><br>
To begin, let’s start from scratch, with just one empty row visible. Left-clicking the row brings up a menu that lets us select what we want to add, from fields to additional rows.
<br>
[[File:53j4h43f35tg35h.png|800px]]
<br><br>
* <b>Add field</b>
::This lets us add fields that are going to be visible from the log listing. The student’s name, their visit reason, the logout button, etc.
<br>
* <b>Set Columns to</b>
::This allows us to adjust the width of each column within this row. “1” will make a single column take up the entire row, while “6” allows us to add up to 6 fields per row.
::[[File:46kj4h45vrtm65h5r.png|600px]]
<br>
* <b>Row</b>
::This is where we can add or remove rows. Having fields on separate rows allows you to adjust column width independently from other rows (as seen in the screenshot above). This is more frequently used in Tile configurations, since you won’t have as much horizontal space available.
<br>
* <b>Column</b>
::This lets us change the width of individual columns rather than relying on the row’s preset column width. We also have the ability to Split Column and Merge with next, which allows us to more specifically fine tune how large this field should appear in relation to other columns.


Each field can also be clicked on to display additional configuration options, such as font and label settings. Not every field will contain the same options, it depends on what is applicable to that particular field.
| style="vertical-align:top; font-size:160%; color:#7c1911; " | '''Use SSL Encryption to Secure Your Trac System''' <HR>
<br>
[[File:6j5m56b5467k.png|800px]]
<br><br>
* <b>What is the format for the [field]</b>
::Certain fields can be displayed in different ways. For example, a “Visit Time” field may contain the total time, the wait time, or the time entered. “Student Name” lets you choose different name formats, like “First Last” or “Last, First.” Depending on the information you want to display, this option will likely need to be changed.
<br>
* <b>What is the date/time format?</b>
::Determines the time formatting for relevant fields.
::[[File:5h4j64j456h4g45j4.png|300px]]
<br>
* <b>Would you like to display the label?</b>
::Toggles whether or not a label is displayed. For example, in the screenshot in the next preference, you can see that the student’s name is following the phrase “Student Name,” this is the label, which can be hidden if preferred.
<br>
* <b>Would you like to display the data in bold face?</b>
::Displays the field in bold lettering.
::[[File:Jyk547k5klj5.png|300px]]
<br>
* <b>What font style would you like to display the text?</b>
::Allows you to display this field in italics/oblique.
<br>
* <b>Would you like to adjust the size?</b>
::Allows you to adjust the text size of this field. The example below compares “X-small” to “XX-large.”
::[[File:75k5j57j57k57k57k.png|500px]]
<br>
* <b>What color would you like to display the text?</b>
::Write out the color you would like this text to display as. Blank/default is black.
::Colors can be specified by typing “red,” “blue,” etc.
::Hex color values can be entered as: #0C3773
::The center color can be used by entering: {#Center Color#}
<br>
* <b>What is the label override?</b>
::Allows you to rename the field label if you don’t want to use the default name. For example, the Student Name field’s standard label is “Student Name,” but you can change this to something like “Client” or “Name” if you’d prefer.
<br>
* <b>What is the data formatting?</b>
::Data formatting allows you to pull these fields into a specific portion of text. Similar to labels, but more flexible. This also provides the ability to apply HTML formatting to these fields as well, which is not possible with labels.
::Use {#} to determine where the field displays in your text. The example below is for the “Log Out the Student Button” field.
::[[File:6ik75j4g23frnhjr.png|400px]]
::[[File:6j43hetgv35.png|400px]]<br>
::Here’s an HTML example for the student’s name.
::[[File:6k5yjh4g53jk35.png|400px]]
::[[File:5j46k457k5j54h4gtr.png|400px]]
<br>
* <b>Would you like to hide this field from being displayed?</b>
::This setting hides the field from view. If you want to disable a field for the time being, but don’t want to completely remove it in case you need it again soon, you can hide it instead.
<br>
Using this information, we can start adding fields to put together our Log Listing. For example, maybe we want the student’s photo to be visible on the left side of the screen, then their name and visit time, followed by the visit details in the middle, then the visit controls on the right-side. That gets us a configuration like this:<br>
[[File:L5kmj6h435gfretj.png|800px]]
<br><br>
Which will cause our log listing to display as such. A couple field-specific changes were also made, such as the “Student Name” field being set to display in bold italics.<br>
[[File:H4e6k4k46o74hgwe.png|800px]]
<br><br>
As another example, let’s say we want the student photo more centered, their personal information on the left, and their visit information on the right. Here’s what that configuration might look like:
<br>
[[File:45l69lk76j4r7p79l68k.png|800px]]
<br><br>
Which displays as:
<br>
[[File:4657lj5h5j57k56.png|800px]]
<br><br>
And one more quick example before we take a look at tiles, here’s a more minimalist log listing, only including a small amount of information in a more compact space.<br>
[[File:5m5n54g35j4j4.png|800px]]<br>
[[File:65ki56l6j56j56h56h5.png|800px]]<br><br>


==Vertical List vs Tiles==
|-
All of the examples shown so far have been using the default “Vertical List” layout, which displays each student on their own row on the log list.<br>
| style="vertical-align:top; font-size:120%; " | <br />Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communications on the Internet. There are slight differences between SSL and TLS, but they essentially provide the same protection.<br /><br />
[[File:K76k7lk5kjhrty67.png|800px]]
 
<br><br>
|-
Alternatively, we can utilize the “Tiles” view. This will place the students side-by-side on the log listing. The tile spacing determines the size of the gap between tiles, playing a part in how many students can appear on each row.
| style="vertical-align:top; font-size:140%; color:#7c1911; " | For Hosted Systems <HR>
<br>
|-
[[File:857j6htrky6uh5.png|800px]]
| style="vertical-align:top; font-size:100%; " | If we host your Trac System, adding or updating your SSL certificate is a straightforward process.
<br><br>
 
Tile Spacing: 10<br>
1. '''Provide us with an Apache x509 Compatible certificate, along with any intermediate/root files and the matching key'''.
[[File:324534osdasg.png|600px]]
 
<br><br>
2. '''If a custom URL is being used, point your domain to <span style="color:red">rscprxy.go-redrock.com</span>'''. This will allow you to use a URL other than "school.go-redrock.com", for example, "tutortrac.school.edu" or otherwise.
Tile Spacing: 50<br>
 
[[File:534ij5ytfdsvdse.png|600px]]
 
<br><br>
|-
With this new format, we’ll want to reconfigure our Log List again to make sure it’s displaying as intended.<br>
| style="vertical-align:top; font-size:140%; color:#7c1911; " | For Non-Hosted Systems
Here’s an example of a log listing with the same basic information as before, just in a more compact layout.<br>
<BR>HTTPS Encryption and Web Certificate <HR>
[[File:U65i57lk57kj4jrtfg.png|800px]]<br>
 
[[File:64jynbgfsdxcv.png|800px]]
|-
<br><br>
| style="vertical-align:top; font-size:100%; " |There are several options for implementing TLS encryption for your Trac server.  A preferred method is to use a web server for https proxying such as Apache or Nginx.  Another option is using a dedicated proxying application such as HAProxy.  Both of these could be running on a separate physical server. Only internal traffic between the proxy and the Trac System server would then be plaintext. As an alternative, a 3rd party application (like Stunnel) may be installed on your Trac System server.<br /><br />
Alternately, we can have a super-compact view such as this.
 
<br>
|-
[[File:32435ryjhtgr.png|800px]]<br>
| style="vertical-align:top; font-size:140%; color:#7c1911; " | What is Stunnel? <HR>
[[File:6u5jh54grtj3hmy4.png|800px]]
 
<br><br>
|-
This is by no means a complete list of possible configurations. This feature is extremely flexible and can be configured in a near endless number of ways. Hopefully reading through this chapter gave you a few ideas on how you can configure the log listing for your own system.
| style="vertical-align:top; font-size:100%; " | Stunnel is a program that encrypts all data connections to your Trac server. Stunnel facilitates this by acting as a proxy between users' browsers and the Trac application. So, a user would open web browser and enter in your server address, i.e. '''<nowiki>https://trac.go-redrock.com/</nowiki>'''. Stunnel receives the encrypted request, decrypts the request, and then forwards the request to the Trac application. The Trac application will then issue a response back to Stunnel, Stunnel encrypts the response, and then forwards the encrypted response back to the user's browser. With this method, all network traffic from the server to the client is encrypted while the Trac application communicates with Stunnel in an unencrypted format.<br /><br />
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Installing Stunnel <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | Click  [https://www.stunnel.org/downloads.html on this link] to download and install the latest stable win64-installer. Once the .exe file has downloaded, install Stunnel using the default options.<br /><br />
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Secure Certificate Files <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | The necessary SSL Files are a certificate (typically cert.pem) and a key  file (typically key.pem). You will need to obtain your own Apache X509-compatible certificate from a "Trusted" source, such as DigiCert, GoDaddy, or VeriSign. These are just a few of the options available to you; in all, the mainstream browsers (Firefox, Chrome, Safari, etc) only trust about 100 of the major Certificate Authorities (CA).<br /><br />
 
If you choose to obtain your own certificate, be sure to retrieve an Apache X509-compatible certificate, as this is the only certificate type that is compatible with the Trac System. Some CA's will provide you with a chained certificate, which we will have to combine in order to make the file compatible. Place the certificate and key files in your  Stunnel installation directory (C:\Program Files (x86)\stunnel). Keep a copy of your req.pem (CSR) file to request your new certificate when it expires.<br /><br />
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Stunnel Config File <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | The Stunnel configuration file (Stunnel.conf) is located in the C:\Program Files (x86)\stunnel\ directory. You will need to edit this file to secure your Trac site. Below is a good default config file. Simply replace the contents of Stunnel.conf with this, and edit the IP Address on line 17.<br /><br />
 
'''Sample stunnel configuration file by Redrock Software'''<br />
 
; identify the private key and public certificate files
cert = cert.pem
key = key.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
; debug = 7 for verbose logging 1 for emerg only
debug = 3
output = stunnel.log
; Service-level configuration
[https]
accept = 443
connect = 192.168.0.1:81
TIMEOUTclose = 0
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Trac System Prefs.ini File <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | Open the Prefs.ini file in the Trac application folder. Edit the following lines to match the sample values.<br />
 
If a school is NOT using stunnel at all, set:
 
serverProcs=15
serverProcs2=0
redirect=None
 
If a school is using stunnel, but redirect=None,
 
serverProcs=15
serverProcs2=2
 
If a school is using stunnel, and redirect=https<nowiki/>://whatever.site, (it is set to a url)
 
serverProcs=2
serverProcs2=15
 
Full example:
 
[Server]
serverPort=80
serverPort2=81
serverProcs=15
serverProcs2=2
serverSecure=NO
serverSecure2=NO
 
The  Trac application is now listening for standard HTTP connections on port  80. Those connections will come from users accessing the Trac  application across the network. The Trac application is also listening  for standard HTTP connections on port 81. The HTTP connections on port  81 are coming from the Stunnel application, which is listening for HTTPS  connections on port 443.<br /><br />
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Force All Connections on Secure Port <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | After the server connections have been tested and confirmed on ports 80 and 443, you can now force all users to connect on the secure port 443. Open the Prefs.ini file in the Trac application folder and make the following change:<br />
 
redirect=https://[Your URL]/tracweb40/default.html
 
The  Trac application now listens for a standard HTTP connection on port 80  and redirects all requests to the address entered in the redirect  setting, which should be your secure HTTPS address. Now the connection  is on the secure HTTPS port 443 and Stunnel receives the request.  Stunnel makes the local HTTP connection to the Trac application on port  81 and responds back to the user's browser on the secure port 443. All  network traffic on your Trac system is directed to the secure connection  on port 443.<br /><br />
 
|-
| style="vertical-align:top; font-size:140%; color:#7c1911; " | Configure Stunnel as a Service <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | To set stunnel as a service, run the following command in a Command Prompt window.<br />
 
stunnel.exe -install
 
You  will receive a prompt informing you that the service was installed. You  can now access the Services from your Administrator Tool and start  Stunnel as a service.<br /><br />
 
|}
|-
| style="width:250px; vertical-align:top; padding:0px 0px 0px 0px;" |
| style="vertical-align:top; padding:0px 0px 0px 2px;" |
 
<!-- this table appears at the bottom of the manual page and contains a previous page and next page link  -->
{| style="width:70%; vertical-align:top; "
| style="width:50%; text-align:left;" | [[TechAsService|&larr; Previous Page]]
| style="width:50%; text-align:right;" | [[TechEmailTool|Next Page &rarr;]]
 
|}
|}
|}
__NOTOC__
[[Category:Trac 4]]

Revision as of 16:53, 24 April 2023

Tech Documentation

• Installation

• Windows DEP

• Service Setup

• TLS Encryption

• Mail Server

• SSO Authentication

• Data Imports

• Barcode Scanners

• Trac 4.0 Updates

• Migrating to TracCloud

Use SSL Encryption to Secure Your Trac System

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communications on the Internet. There are slight differences between SSL and TLS, but they essentially provide the same protection.

For Hosted Systems
If we host your Trac System, adding or updating your SSL certificate is a straightforward process.

1. Provide us with an Apache x509 Compatible certificate, along with any intermediate/root files and the matching key.

2. If a custom URL is being used, point your domain to rscprxy.go-redrock.com. This will allow you to use a URL other than "school.go-redrock.com", for example, "tutortrac.school.edu" or otherwise.


For Non-Hosted Systems
HTTPS Encryption and Web Certificate
There are several options for implementing TLS encryption for your Trac server. A preferred method is to use a web server for https proxying such as Apache or Nginx. Another option is using a dedicated proxying application such as HAProxy. Both of these could be running on a separate physical server. Only internal traffic between the proxy and the Trac System server would then be plaintext. As an alternative, a 3rd party application (like Stunnel) may be installed on your Trac System server.

What is Stunnel?
Stunnel is a program that encrypts all data connections to your Trac server. Stunnel facilitates this by acting as a proxy between users' browsers and the Trac application. So, a user would open web browser and enter in your server address, i.e. https://trac.go-redrock.com/. Stunnel receives the encrypted request, decrypts the request, and then forwards the request to the Trac application. The Trac application will then issue a response back to Stunnel, Stunnel encrypts the response, and then forwards the encrypted response back to the user's browser. With this method, all network traffic from the server to the client is encrypted while the Trac application communicates with Stunnel in an unencrypted format.

Installing Stunnel
Click on this link to download and install the latest stable win64-installer. Once the .exe file has downloaded, install Stunnel using the default options.

Secure Certificate Files
The necessary SSL Files are a certificate (typically cert.pem) and a key file (typically key.pem). You will need to obtain your own Apache X509-compatible certificate from a "Trusted" source, such as DigiCert, GoDaddy, or VeriSign. These are just a few of the options available to you; in all, the mainstream browsers (Firefox, Chrome, Safari, etc) only trust about 100 of the major Certificate Authorities (CA).

If you choose to obtain your own certificate, be sure to retrieve an Apache X509-compatible certificate, as this is the only certificate type that is compatible with the Trac System. Some CA's will provide you with a chained certificate, which we will have to combine in order to make the file compatible. Place the certificate and key files in your Stunnel installation directory (C:\Program Files (x86)\stunnel). Keep a copy of your req.pem (CSR) file to request your new certificate when it expires.

Stunnel Config File
The Stunnel configuration file (Stunnel.conf) is located in the C:\Program Files (x86)\stunnel\ directory. You will need to edit this file to secure your Trac site. Below is a good default config file. Simply replace the contents of Stunnel.conf with this, and edit the IP Address on line 17.

Sample stunnel configuration file by Redrock Software

; identify the private key and public certificate files
cert = cert.pem
key = key.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Some debugging stuff useful for troubleshooting
; debug = 7 for verbose logging 1 for emerg only
debug = 3
output = stunnel.log

; Service-level configuration
[https]
accept = 443
connect = 192.168.0.1:81
TIMEOUTclose = 0
Trac System Prefs.ini File
Open the Prefs.ini file in the Trac application folder. Edit the following lines to match the sample values.

If a school is NOT using stunnel at all, set: 

serverProcs=15
serverProcs2=0
redirect=None

If a school is using stunnel, but redirect=None, 

serverProcs=15
serverProcs2=2

If a school is using stunnel, and redirect=https://whatever.site, (it is set to a url) 

serverProcs=2
serverProcs2=15

Full example: 

[Server]
serverPort=80
serverPort2=81
serverProcs=15
serverProcs2=2
serverSecure=NO
serverSecure2=NO

The Trac application is now listening for standard HTTP connections on port 80. Those connections will come from users accessing the Trac application across the network. The Trac application is also listening for standard HTTP connections on port 81. The HTTP connections on port 81 are coming from the Stunnel application, which is listening for HTTPS connections on port 443.

Force All Connections on Secure Port
After the server connections have been tested and confirmed on ports 80 and 443, you can now force all users to connect on the secure port 443. Open the Prefs.ini file in the Trac application folder and make the following change:
redirect=https://[Your URL]/tracweb40/default.html

The Trac application now listens for a standard HTTP connection on port 80 and redirects all requests to the address entered in the redirect setting, which should be your secure HTTPS address. Now the connection is on the secure HTTPS port 443 and Stunnel receives the request. Stunnel makes the local HTTP connection to the Trac application on port 81 and responds back to the user's browser on the secure port 443. All network traffic on your Trac system is directed to the secure connection on port 443.

Configure Stunnel as a Service
To set stunnel as a service, run the following command in a Command Prompt window.
stunnel.exe -install

You will receive a prompt informing you that the service was installed. You can now access the Services from your Administrator Tool and start Stunnel as a service.

← Previous Page Next Page →
Retrieved from "https://wiki.go-redrock.com/index.php?title=TracCloudGuideProfilePrefsLogListingCustom&oldid=6798"