The web server of Linkurious Enterprise delivers the application to end users through HTTP/S.
It is configured in the
server configuration key within the configuration
3000): The port of the web server
Some firewalls block network traffic ports other than
root users can listen on ports lower than 1024,
you may want reroute traffic from
3000 as follows:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
If you use SSL, you can add a second rule to redirect
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3443
/): The base path where Linkurious Enterprise will be found
In some cases, you may want to host Linkurious Enterprise on a path other than root for a particular domain.
For example, if you want Linkurious Enterprise to be reachable at
http(s)://HOST:PORT/linkurious you should
set baseFolder equal to
"localhost"): The domain or sub-domain used to access the web server. It is mandatory to edit it for publishing visualizations online. It is also used to restrict the validity of cookies to a domain or sub-domain.
listenPort): The public HTTP port of the web server.
listenPortHttps): The public HTTPS port of the web server.
In some cases, Linkurious Enterprise needs to generate links to itself (for example when generating a link to a widget). For that, the server needs to know its public domain and port to generate those links.
The public port can be different from the actual port if you use traffic rerouting
(using a firewall or a reverse-proxy). In the example above (traffic rerouting),
the actual HTTP port (
3000, but the public HTTP port (
cookieSecret(optional): Set the secret used to compute the hash of you session.
cookieDomain(optional): Set this value if you need your cookie to be set for a domain different from
true): Set the
httpOnlyflag of your cookies.
false): Set the
secureflag of your cookies.
allowOrigin: Define the cross-origin resource sharing (CORS) policy. Accept cross-site HTTP/S requests by default. The value can be:
- a string (
"abc.com"): only requests from "abc.com" domain are allowed.
- wildcard-prefixed string (
"*.abc.com"): request from all sub-domains of
- an array of strings (
["abc.com", "*.def.com"]): requests from
abc.comand all sub-domains of
- a single wildcard (
"*"): requests from any domain are allowed.
- a string (
First, to embed Linkurious Enterprise in an iframe, make sure that Linkurious Enterprise and your main application url have the same base domain and the same http scheme. If not, Linkurious Enterprise cookie won't be sent in the HTTP request and Linkurious Enterprise interface will be unavailable.
For example, you can serve the main application containing the iframe under:
And Linkurious Enterprise under:
Note the usage of
httpsalso on the base domain. It's required in case Linkurious Enterprise is also served under
Then, in the configuration file of Linkurious Enterprise, within the
server key, update
By default, Linkurious Enterprise doesn't allow framing by returning at each request the following HTTP header:
Setting the configuration key to
true will remove the
X-Frame-Options HTTP header.
customHTTPHeaders(optional): For compliance, custom HTTP headers can be added to configuration to be returned in the headers with each response from the server.
Example:"customHTTPHeaders":"header1": "value1""header2": "value2"...
Note: Some header keys are reserved for Linkurious Enterprise and will be overwritten by the server to default values.
"anonymous"): Restrict the origin of images displayed in visualizations to prevent running malicious code on the graphic card of users. Display images from any origin by default. Read here to learn more.
It is possible to disable the gzip compression for dynamic content that is returned by the Linkurious Enterprise server.
false): Disable gzip compression for dynamic content when set to true.
3443): The port of the web server if HTTPS is enabled. See the Install section to learn why you should not set
false): Encrypt communications through HTTPS if
true. Requires a valid SSL certificate.
false): Force all traffic to use HTTPS only if
false): Force all generated URL in Linkurious Enterprise to use HTTPS (useful when HTTPS is not enabled in Linkurious Enterprise but offered by an external reverse proxy). The server will redirect HTTP
GETrequests to HTTPS and reject all other HTTP requests.
certificateFile: The relative path to the SSL certificate (must be in PEM format, located within the
certificateKeyFile: The relative path to a private key of the SSL certificate (must be in PEM format, located within the
certificatePassphrase: The pass-phrase protecting the SSL certificate (if any).
tlsCipherList(optional): The ciphers supported by any connection established by Linkurious Enterprise as a server or client. It expects a string in OpenSSL cipher list format. The default value is tls.DEFAULT_CIPHERS.
External communications with the Linkurious Enterprise server can be secured using SSL without installing third-party software.
If the Linkurious Enterprise server, graph database, and the search index are installed on different machines, we recommend using secure communication channels between these machines (e.g. HTTPS or WSS). Please refer to the data-source documentation and search index documentation to learn how to enable HTTPS.
To use custom Certificate Authorities (CA), please check how to use additional Certificate Authorities in Linkurious Enterprise.
The TLS protocol versions supported by Linkurious Enterprise are v1.0, v1.1, v1.2 and v1.3. By default, TLS v1.0 and v1.1 are disabled.
If you want to change the enabled versions of the TLS protocol:
- Stop Linkurious Enterprise
- Open the file at
data/manager/manager.jsonand add a line above
"server/app.js",(for example: add
"--tls-min-v1.3",to disable all versions of TLS bellow v1.3)
- After the change, save the file and restart Linkurious Enterprise.
Available options (source):
--tls-min-v1.0: only enable TLS v1.0 and above
--tls-min-v1.1: only enable TLS v1.1 and above
--tls-min-v1.2: only enable TLS v1.2 and above (default)
--tls-min-v1.3: only enable TLS v1.3 and above
To customize the exact list of ciphers used by the TLS protocol, see
tlsCipherList in the
server configuration above.