Configuration
You can change the log file configuration defined in log4j2.xml:
- You can change the log directory.
The default location is
$HOME/logs/steve.log. A more suitable location might be/var/log/steve/steve.log(remember to set directory permissions accordingly) - You can change the log level
- You can change the
$HOMEdirectory at startup with:java -Duser.home=/another/path, in this case the default log file would be/another/path/logs/steve.log.
As default, gzip is enabled to return compressed content. But, if you are running SteVe behind a proxy (like NGINX) that is already handling your compression, you should disable it in SteVe.
If your server has multiple network interfaces, using 0.0.0.0 as the [server host] (https://github.com/steve-community/steve/blob/master/src/main/resources/config/prod/main.properties#L22) will make the application listen to all interfaces. But this might have security implications.
The basic building blocks to use HTTPS with SteVe are already there. You should enable it in the properties file and change the port if you wish. The main part is the keystore path and password, which have to be set. Java Keystore is a "store" that can hold private keys, certificates, etc. You should create one using the Java Keytool. Here is one tutorial: https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores
The functionality of some of the Web UIs is offered as REST APIs as well. The API access is protected behind basic auth. So, an HTTP header Authorization: Basic <credentials> has to exist in the HTTP call.
The credentials come from the web_user database table. An entry similar to the following has to exist:
While username and password combination is used to sign in to the Web UIs, username and api_password combination is relevant for APIs.
Keep in mind that we store bcrypt-hashed values under password and api_password.
So, the <credentials> part of the header is Base64 encoding of username and api_password (plain value) joined by a single colon :.
Note: If you click on the APIs from the main menu of Web UI, you will be directed to Swagger UI. This page lists all API endpoints and you can make API calls directly from this page within your browser. On the right side, you should see an Authorize button. Upon clicking on it, enter your username and api_password (the plain value, not the hash of it) in the popup. Afterwards, the calls you will be making from this page will include the correct Auth header with the correct value. The documentation even renders the respective curl commands for each endpoint, such as:
Examples:
Retrieve a list of all RFID-Tags:
curl -H "Authorization: Basic <credentials>" http://localhost:8080/steve/api/v1/ocppTags
Retrieve all transactions of Tag "tag007"
curl -H "Authorization: Basic <credentials>" http://localhost:8080/steve/api/v1/transactions?ocppIdTag=tag007
Retrieve a list of all transactions in January 2023
curl -H "Authorization: Basic <credentials>" "http://localhost:8080/steve/api/v1/transactions?from=2023-01-01T00:00:00&to=2023-02-01T00:00:00&periodType=FROM_TO"
The OpenAPI 3 schema can be retrieved at /manager/v3/api-docs of a running steve instance. The file is not meant to be human-readable. You can copy/paste its contents to https://editor.swagger.io/ in order to browse the endpoints and their specifications.