D Disabling Transport Layer Security (TLS) in Graph Server
For demonstration or evaluation purposes, it is possible to turn off transport layer security (TLS) of the graph server.
Caution:
This is not recommended for production. In a secure configuration, the server must always have TLS enabled.The following instructions only apply if you installed the graph server via the RPM package.
Note:
If you deployed the graph server into your own web server (e.g Weblogic or Apache Tomcat), please refer to the manual of your web server for TLS configuration.- Edit
/etc/oracle/graph/server.conf
to changeenable_tls
tofalse
. - Edit the
WEB-INF/web.xml
file inside theWAR
file in/opt/oracle/graph/graphviz
and configure cookies to be sent over non-secure connections by setting<secure>false</secure>
as follows:<session-config> <tracking-mode>COOKIE</tracking-mode> <cookie-config> <secure>false</secure> </cookie-config> ... </session-config>
- Additionally, replace `
https
` with `http
` in the `pgx.base_url
` property in the sameWEB-INF/web.xml
file. For example:<context-param> <param-name>pgx.base_url</param-name> <param-value>http://localhost:7007</param-value> </context-param>
- Restart the server.
sudo systemctl restart pgx
The graph server now accepts connections over HTTP instead of HTTPS.
On Oracle Linux 7, you can execute the following script to perform the preceding four steps all at once:
echo "$(jq '.enable_tls = false' /etc/oracle/graph/server.conf)" > /etc/oracle/graph/server.conf
WAR=$(find /opt/oracle/graph/graphviz -name '*.war')
TMP=$(mktemp -d)
cd $TMP
unzip $WAR WEB-INF/web.xml
sed -i 's|<secure>true</secure>|<secure>false</secure>|' WEB-INF/web.xml
sed -i 's|https://|http://|' WEB-INF/web.xml
sudo zip $WAR WEB-INF/web.xml
rm -r $TMP
sudo systemctl restart pgx
Parent topic: Supplementary Information for Property Graph Support