2.5.3 将iTop设置为只读
将iTop设置为只读
所有iTop配置设置都存储在iTop安装目录内conf/production目录中的config-itop.php文件中。更改参数在iTop上具有立竿见影的效果,无需重新启动Web服务器,只需在浏览器中刷新iTop网页即可将新的参数纳入账号。
请参阅“参数配置以获取参数配置的完整列表。
下文描述了参数配置的几种用法。
将iTop设置为仅就绪模式
有时希望(例如,在执行一些维护任务时)将iTop应用设为只读。从版本1.0.2开始,两个参数可以用于控制:
- 应用是否为只读(以及针对谁)
- 应用为只读时显示哪个消息。
这两个参数是:access_mode和access_message。
参数access_mode可以采用以下值之一:
| Access_mode价值 | 实际的价值 | 影响 |
| ACCESS_READONLY | 0 | 应用对所有用户都是只读的。用户可以浏览应用,但不会将任何内容写入MySQL数据库。 |
| ACCESS_ADMIN_WRITE | 2 | 只有管理员用户可以写入数据库。应用对所有其他用户处于只读模式。 |
| ACCESS_FULL | 3 | 所有用户都可以写入数据库。这是默认模式。 |
例:
'access_mode' => ACCESS_ADMIN_WRITE, 'access_message' => '(maintenance until 2PM)',
这样会在iTop中显示以下内容:
从2.0开始,客户门户将该模式带入账号并显示完全相同的消息。
从不同的URL访问iTop
在某些情况下,从不同的URL访问相同的iTop实例可能会有所帮助。 (例如,对于公司内用户而言,是从网络中获得的;对于客户而言,则是来自网络中的)。
一种可能性是安装两个指向同一数据库的iTop实例。这样就可以在所有参数上拥有完整的控制,但是会增加维护的工作量,以使两个实例保持同步(iTop的版本,相同的参数……)。
另一种可能性是在配置文件中放置一些代码,以调整某些服务器参数上的设置依赖。由于配置文件是在每个“页面”上加载(即评估)的PHP文件,因此设置可以是完全动态的。
例如,假设您有一个反向代理来控制对iTop的访问,并且希望所有Internet用户使用HTTPS(安全)访问iTop,并希望Intranet用户通过http(更快)进行连接。您可以执行以下操作:
- 从互联网:
- 添加规则以重定向HTTPS上的所有HTTP通信
- 在HTTPS virtualhost配置中添加特定的标头:
- APACHE:RequestHeader将HTTPS设置为On
- NGINX:proxy_set_header HTTPS开启;
- 从内部网:
- 添加规则以重定向HTTP上的所有HTTPS流量
- 在app_root_url的配置文件中设置以下价值:
'app_root_url' => (isset($_SERVER['HTTP_HTTPS']) && ($_SERVER['HTTP_HTTPS'] == 'On')) ? 'https://itop.yourdomain/' : 'http://itop.yourdomain/'
其他组合也是可能的:在PHP中,可以访问$_SERVER 和$_COOKIES变量。
例如:如果您可以从以下任一位置访问iTophttps://itop.company.com/itop 要么https://public-itop.company.com/itop,您可以将以下PHP代码放入配置文件中:
'app_root_url' => 'https://'.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'itop.company.com').'/itop',
需要回退价值(如果未设置$_SERVER['HTTP_HOST']),因为从命令行(cron.php)运行的脚本也可能使用配置文件来检索“根” URL,以便生成绝对的URls指向到iTop(例如,生成通知时)。
警告:运行设置向导将覆盖这些设置,在这种情况下,必须手动重新输入
原贴链接:https://www.itophub.io/wiki/page?id=2_7_0%3Aadmin%3Asettings
Changing iTop Settings
All iTop configuration settings are stored in the file config-itop.php in the conf/production directory inside the iTop installation directory. Changing a parameter has an immediate effect on iTop, there is no need to restart the web server, just refresh the iTop web page in your browser to take into account the new parameter(s).
Refer to the chapter “Configuration parameters” for the full list of configuration parameters.
Hereafter are described a few usages that can be made of the configuration parameters.
Setting iTop in ready-only mode
It is sometimes desirable (while performing some maintenance tasks for example) to make the iTop application read-only. Since version 1.0.2, two parameters can be used to control:
whether or not the application is read-only (and for who)
which message is displayed when the application is read-only.
These 2 parameters are: access_mode and access_message.
The parameter access_mode can take one of the following values:
| Access_mode value | Actual value | Effect |
|---|---|---|
| ACCESS_READONLY | 0 | The application is read-only for all users. The users can browse the application but nothing will be written to the MySQL database. |
| ACCESS_ADMIN_WRITE | 2 | Only administrator users can write into the database. The application is in read-only mode for all other users. |
| ACCESS_FULL | 3 | All users can write into the database. This is the default mode. |
Example:
'access_mode' => ACCESS_ADMIN_WRITE, 'access_message' => '(maintenance until 2PM)',
This results in the following display in iTop:
Starting 2.0, the customer portal takes that mode into account and displays the exact same message.
Accessing iTop from different URLs
Under some circumstances, it may be helpful to access the same instance of iTop from different URLs. (For example from the intranet for users within the company and from internet for customers).
One possibility is to install two iTop instances pointing to the same database. This allows to have a complete control over all parameters, but increases the maintenance effort to keep the two instances in sync (same version of iTop, consistent parameters…).
Another possibility is to put some code in the configuration file to adjust the settings depending on some server parameter. Since the configuration file is a PHP file that is loaded (i.e. evaluated) on each 'page', the settings can be fully dynamic.
For example, imagine you have a reverse proxy that controls the access to iTop, and you want all Internet users to access iTop using HTTPS (secure) and intranet users to connect through http (faster). You can do the following:
From internet :
Add a rule to redirect all HTTP traffic on HTTPS
Add a specific header in HTTPS virtualhost config :
APACHE : RequestHeader set HTTPS On
NGINX : proxy_set_header HTTPS On;
From intranet :
Add a rule to redirect all HTTPS traffic on HTTP
Set the following value in the config file for app_root_url:
'app_root_url' => (isset($_SERVER['HTTP_HTTPS']) && ($_SERVER['HTTP_HTTPS'] == 'On')) ? 'https://itop.yourdomain/' : 'http://itop.yourdomain/',
Other combinations are possible: in PHP the $_SERVER and $_COOKIES variables are accessible.
For example: If you can access iTop either from https://itop.company.com/itop or https://public-itop.company.com/itop, you can put the following piece of PHP code in the configuration file:
'app_root_url' => 'https://'.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'itop.company.com').'/itop',
The fallback value (if $_SERVER['HTTP_HOST'] is not set) is needed since scripts running from the command line (cron.php) may also use the configuration file to retrieve the “root” url in order to generate absolute URls pointing to iTop (for example when generating notifications).
Warning: running the Setup Wizard will overwrite those settings, in which case they must be re-entered manually