local configuration = {
endpoints = {
{
-- TCP port number the server will be listening on.
listenPort=4841,
-- Optionally bind to a specific network interface.
-- The value '*' means listen on all interfaces.
listenAddress="localhost",
-- Optionally set Endpoint URL, the URL that will be returned to
-- clients when they call GetEndpoints. This parameter may differ
-- from listenAddress. This is usefull when, for example, server
-- is working behind load balancer (inside Kubernetes or
-- Docker). In this case, the server will return the DNS name of
-- the site instead of the host name of the container.
endpointUrl="opc.tcp://realtimelogic.com:4841",
}
-- HTTP based endpoints
-- opc.http(s):// schemes are defined in OPCUA specfication,
-- but may not be supported by all clients.
{
endpointUrl = "opc.http://localhost:9357/opcua",
},
{
endpointUrl = "opc.https://localhost:9357/opcua",
},
-- http(s):// schemes are not defined in OPCUA specification
-- and can be specified for clients that do not support 'opc.http'
-- schemes.
{
endpointUrl = "http://localhost:9357/opcua",
},
{
endpointUrl = "https://localhost:9357/opcua",
},
},
-- This is a main certificate an key for server.
-- It uses in endpoint description, during asymmetric encryption
-- and for signing during session authentication process.
certificate = "/path/to/server/main.pem",
key = "/path/to/server/main.key",
-- List of secire policies can be applied to messages
-- To disable any policy remove required entry from list
securePolicies = {
{ -- #1
-- Unsecure policy.
-- Use this policy for testing purposes only.
securityPolicyUri = ua.Types.SecurityPolicy.None,
},
{ -- #2
-- Secure policy Basic128Rsa15
-- Asymmetric:
-- RSA key size 1024 or 2048 bits.
-- AES key size 128bit
securityPolicyUri = ua.Types.SecurityPolicy.Basic128Rsa15,
-- Secure mode sign and sign-and-encrypt
-- You can leave only one mode
securityMode = {
ua.Types.MessageSecurityMode.Sign,
ua.Types.MessageSecurityMode.SignAndEncrypt
},
-- certificate and private key should be used with secure policy.
-- 1. Path to files
-- 2. Content of certificate/key.
-- if these fields not specified then main certificate will be used.
certificate = "/path/to/certs/basic128rsa15.pem",
key = "/path/to/certs/basic128rsa15.key",
},
{ -- #3
-- Secure policy Aes128_Sha256_RsaOaep
-- Asymmetric:
-- RSA key size 1024 or 2048 bits.
-- AES key size 128bit
securityPolicyUri = ua.Types.SecurityPolicy.Aes128_Sha256_RsaOaep,
-- Secure mode sign and sign-and-encrypt
-- You can leave only one mode
securityMode = {
ua.Types.MessageSecurityMode.Sign,
ua.Types.MessageSecurityMode.SignAndEncrypt
},
-- certificate and private key should be used with secure policy.
-- 1. Path to files
-- 2. Content of certificate/key.
-- if these fields not specified then main certificate will be used.
certificate = "/path/to/certs/Aes128_Sha256_RsaOaep.pem",
key = "/path/to/certs/Aes128_Sha256_RsaOaep.key",
}
},
-- Size of the buffer used for encoding/decoding messages.
-- Cannot be less than 8192.
bufSize = 16384,
-- Log settings. If all parameters are false, then server will be
-- working in silent mode without producing logs.
logging = {
-- Trace information messages specific to sockets.
socket = {
-- Show data sent over sockets. Produces lots of data
dbgOn = false,
-- Client connect and disconnect information
infOn = false,
-- Socket errors.
errOn = true
},
-- For OPC UA binary protocol experts:
binary = {
-- Enable debugging of binary OPC-UA protocol:
-- * What kind of message received
-- * Encoding/decoding information
-- * What services are called
-- * Tokens refresh process
dbgOn = false,
-- Information messages:
-- * Number of channels created.
-- * Issued and expired token numbers.
infOn = true,
-- Binary protocol errors
errOn = true
},
services = {
-- Service execution information.
dbgOn = true,
-- Service message information.
infOn = true,
-- Service errors.
errOn = true
}
}
}