Orchid Fusion VMS uses a configuration file (fusion.properties) and a logging file (logback.xml). These files contain settings that don’t change on a regular basis, and are reserved for those with administrator access. If a change to the configuration settings is required, please refer to the appropriate section (such as Working in Windows or Working in Ubuntu 16.04) earlier in this Installation Guide.
Orchid Fusion VMS’s configuration settings are included below.
Web Server Settings
listening.protocol
Possible values include http and https. (The ssl.pem and ssl.key also need to be set. See SSL Properties, which is described later in this topic.)
listening.port
Port number of the web server.
html.dir
Root path to the Orchid Fusion VMS HTML files.
listening.host
Listening address (0.0.0.0 binds to all network interfaces).
SSL Properties
ssl.pem
Full path to the PEM encoded TLS certificate file.
ssl.key
Full path to the PEM encoded RSA key.
Database Settings
database.file
The sqlite database file.
Fusion Server Settings
orchid.polling.interval
Number of seconds between Orchid Core VMS data sync.
fusion.admin.password
Updates the admin password (removed from the file after parsed). Prior to version 2.0.0, this was new.password.
fusion.(username).enabled
This allows for the creation of a new user. (Set this to True and set the password property below to create a new user. Set this to False to delete a Fusion user.)
fusion.(username).password
This may be used to reset the password of any user, or to create a new user (when combined with the enabled property above).
fusion.(username).superuser
This allows for the promotion of any user to superuser status. (Set this to True to create a new superuser. Set this to False to revoke superuser status.)
pages.orchids.size
Sets the number of Orchid Core VMS servers that will be displayed per page (on the Servers screen). The default is 10.
fusion.public.url
This optional setting may be used to set a custom, public URL for the Fusion server. Starting with version 2.6.2, this public URL will be displayed in Notification emails. In prior versions, the Notification emails displayed an IP address (which was not always helpful in identifying the source of the problem).
inactivity.threshold.minutes
This setting may be used to automatically log a user out of the system after a set number of minutes of inactivity. Enter a number greater than zero to set the number of minutes of inactivity that the system will allow. (After that number of minutes expires, the software will log the user out of the system.) Enter zero to disable this setting. (Default: 0.)
Library Settings
library.local.max.capacity.gibibyte
This represents the maximum capacity that the Library (local Fusion storage) will be able to hold. Value must be a whole number.
library.local.storage.dir
This is the file path to the local directory for Library exports.
- (Linux) library.local.storage.dir = /var/lib/fusion/library
- (Windows) library.local.storage.dir = <windows-install-dir/library
library.export.threads
The maximum number of threads used by the pool to execute Library export requests. (Default: 100)
library.export.http.client.read.timeout
The maximum time (in seconds) that the Library export HTTP client will wait for a response from Orchid when performing a Library export. (Default: 180)
library.export.http.client.connect.timeout
The maximum time (in seconds) that the Library export HTTP client will wait to establish a connection to Orchid when performing a Library export. (Default: 60)
library.export.signing.disabled
This setting allows you to disable the digital signature that will be applied to all Library exports. When set to True, Library exports will not be digitally signed. (Default: False)
library.rclone.remote
This is the name of your Rclone remote. (This is required if you want to export Library items to an external cloud storage service.)
library.rclone.url
This is the url through which Fusion and Rclone communicate. (This property is set by the installer and should not be changed.)
library.rclone.token
This is how Fusion authenticates to the Rclone service. (This property is set by the installer and should not be changed.)
RTSP Proxy Server Settings
rtsp.listening.protocol
Options are as follows:
- rtsp
Default – Orchid Fusion VMS UI will access the streams via UDP. - rtspt
Orchid Fusion VMS UI will access the streams via TCP-interleaved. - rtsps
Orchid Fusion VMS UI will access the streams via UDP SRTP. (Secure — ssl.pem and ssl.key must be set) - rtspst
Orchid Fusion VMS UI will access the streams via TCP-interleaved TLS. (Secure tcp — ssl.pem and ssl.key must be set)
rtsp.listening.port
The port the rtsp proxy listens on (default 9554)
rtsp.proxy.transport.protocol
This is the RTSP transport protocol between Orchid Fusion VMS and Orchid Core VMS. Options are:
- udp
Default - tcp
- http
(http only works with target Orchid Core VMS servers running rtsp)
rtsp.session.cleanup.period
Time (in seconds) to periodically check for inactive sessions. Default is 2 seconds.
rtsp.server.backlog
The maximum number of queued requests for the server. Default is 50.
rtsp.max.threads
The maximum number of threads used by the pool to handle client requests. A value of 0 will use the pool mainloop; a value of -1 will use an unlimited number of threads. The default is 100.
rtsp.max.sessions
The maximum allowed number of sessions. A value of 0 allows an unlimited number of sessions. Default is 128.
rtsp.port.range.min
Sets the minimum RTP port range. A value of 0 will disable the minimum setting (meaning the server may use any available port). Default is 0. If this is set to 0 (disabled), the rtsp.port.range.max will also be disabled.
rtsp.port.range.max
Sets the maximum RTP port range. A value of 0 will disable the maximum setting (meaning the server may use any available port). Default is 0. If this is set to 0 (disabled), the rtsp.port.range.min will also be disabled.
Sign In Options
Orchid Fusion VMS offers multiple ways to sign in. Important information regarding the configuration file is included below.
Google Authentication
Enabling Google sign in requires an OAuth client ID for Orchid Fusion VMS that is generated by Google. For more information, please refer to https://console.developers.google.com/apis/credentials.
google.auth.clientid
This property enables Google sign in. (For example: google.auth.clientid=<your client id>)
Active Directory
To use Active Directory authentication, you must already have an Active Directory server with at least one Active Directory group with one Active Directory user. The following properties will also need to be configured, as noted.
authentication.active.directory.servers
This command identifies the active directory server. If there are more than one, use a comma to separate multiple server addresses.
authentication.active.directory.admin.groups
This property was previously required to initialize admin access and provides a comma-separated list of groups for each domain. This property is now optional. You may use the Orchid Fusion VMS user interface to add Active Directory Administrator groups.
authentication.active.directory.referral.mode
This property allows authentication to follow references to another server. Values include follow (the default), ignore, and throw.
Azure Active Directory
To use Azure Active Directory authentication, you must create an Azure Active Directory App. (Please refer to Microsoft documentation for the most up-to-date instructions.). The following properties will also need to be configured, as noted.
authentication.azure.active.directory.clientid
This property provides the Application ID assigned to your App when you registered it with Azure Active Directory.
authentication.azure.active.directory.clientsecret
This property provides the application secret that you saved after creating it in the Azure Portal.
authentication.azure.active.directory.endpoint
This property provides the Microsoft OAuth 2.0 Authorize Endpoint assigned to your App when you registered it with Azure Active Directory.
authentication.azure.active.directory.domain
This property defines the domain associated with this Azure Active Directory instance. This can be anything, but in most cases should match the domain into which users are logging in. For example, for users logging in as <Users>@ipconfigure.com, the appropriate domain setting would be ipconfigure.com.
FreeIPA Authentication
To use FreeIPA authentication, you must already have a FreeIPA server with at least one FreeIPA group with one user. The following properties will also need to be configured, as noted.
authentication.freeipa.servers
This property provides a list of authentication domains from FreeIPA.
authentication.freeipa.(domain).userdn
This property sets the base domain name used when authenticating a FreeIPA user. (This is an advanced FreeIPA option that will only need to be defined if the users are located somewhere other than the domains defined in the property above.)
All LDAP Authenticators (Active Directory, FreeIPA)
Orchid Fusion VMS uses the LDAP protocol to communicate with both Active Directory and FreeIPA servers. You may need to define the property below (as noted).
authentication.domain.alias
This property provides a list of alternate domain names for servers registered with Active Directory or FreeIPA. (This is an advanced setting that will only be needed if the users are signing in to an “alias” domain for Active Directory or FreeIPA.)
Post your comment on this topic.