AR1/docs/configuration.md

Configuration Guide

This guide covers all configuration options available in Aurora GIS.

Configuration Files

Primary Configuration: config/const.php

This file contains the core application constants. It is created during initialization and should not be edited manually unless necessary.

const DB_HOST = 'localhost';           // PostgreSQL host
const DB_NAME = 'aurora_gis';         // Database name
const DB_USER = 'aurora_user';        // Database username
const DB_PASS = 'your_password';      // Database password
const DB_PORT = '5432';               // Database port

const DATA_DIR = '/var/www/data';     // Data directory for file storage
const SESS_USR_KEY = 'dc_user';       // Session key for user data
const SUPER_ADMIN_ID = 1;             // ID of super admin user

Database Configuration: config/database.php

This file handles database connections and connection pooling settings.

Key settings:

• PDO Error Mode: Set to ERRMODE_EXCEPTION for error handling
• Prepared Statements: Uses emulated prepares for PgBouncer compatibility
• Statement Timeout: 30 seconds (30000ms)
• Idle Transaction Timeout: 15 seconds (15000ms)

Authentication Configuration

OAuth Providers

Configure OAuth providers in config/const.php:

const DISABLE_OAUTH_USER_CREATION = false;  // Set to true to disable auto user creation
const GITHUB_CLIENT_ID = 'your_github_client_id';
const GITHUB_CLIENT_SECRET = 'your_github_client_secret';
const GOOGLE_CLIENT_ID = 'your_google_client_id';
const GOOGLE_CLIENT_SECRET = 'your_google_client_secret';
const MICROSOFT_CLIENT_ID = 'your_microsoft_client_id';
const MICROSOFT_CLIENT_SECRET = 'your_microsoft_client_secret';
const MICROSOFT_TENANT_ID = 'your_microsoft_tenant_id';

OAuth Setup

1. GitHub OAuth:

   • Go to GitHub Settings > Developer settings > OAuth Apps
   • Create a new OAuth App
   • Set Authorization callback URL: https://your-domain/auth-github.php
   • Copy Client ID and Client Secret

2. Google OAuth:

   • Go to Google Cloud Console > APIs & Services > Credentials
   • Create OAuth 2.0 Client ID
   • Add authorized redirect URI: https://your-domain/auth-google.php
   • Copy Client ID and Client Secret

3. Microsoft OAuth:

   • Go to Azure Portal > App registrations
   • Create new registration
   • Add redirect URI: https://your-domain/auth-microsoft.php
   • Copy Application (client) ID, Directory (tenant) ID, and Client secret

Data Directory Configuration

The DATA_DIR constant specifies where uploaded files and processed data are stored:

const DATA_DIR = '/var/www/data';

Ensure this directory:

• Exists and is writable by the web server user
• Has sufficient disk space
• Has proper permissions (755 for directories, 644 for files)

Subdirectories created automatically:

• uploads/ - Uploaded files
• uploads/geoserver_documents/ - GeoServer documents
• uploads/tabular/ - Tabular data files
• uploads/raster/ - Raster files
• uploads/qgis/ - QGIS projects
• logs/ - Application logs

Database Settings

Connection Pooling (PgBouncer)

If using PgBouncer for connection pooling, the application uses emulated prepared statements:

PDO::ATTR_EMULATE_PREPARES => true

Timeout Settings

Configured in config/database.php:

$pdo->exec("SET statement_timeout = 30000");  // 30 seconds
$pdo->exec("SET idle_in_transaction_session_timeout = 15000");  // 15 seconds

Adjust these values based on your workload:

• Increase statement_timeout for long-running queries
• Decrease idle_in_transaction_session_timeout to prevent connection leaks

Application Settings

Application settings are stored in the app_settings table and can be managed via the admin interface or directly in the database.

Common Settings

Access via includes/settings.php functions:

get_app_setting($pdo, 'setting_key', $default);
set_app_setting($pdo, 'setting_key', 'value');

System Settings Page

Access system settings via the admin interface at /system_settings.php:

• Site Name: Display name for the application
• Default Basemap: Default map tile provider
• Max Upload Size: Maximum file upload size
• Enable Public Access: Allow anonymous dataset access
• Email Settings: SMTP configuration for notifications

Worker Configuration

Background workers are configured via systemd service files in the systemd/ directory.

Worker Service Files

Each worker has a corresponding .service file:

• hotspot_worker.service - Hotspot analysis worker
• outlier_worker.service - Outlier analysis worker
• nearest_worker.service - Nearest neighbor analysis worker
• dissolve_worker.service - Dissolve operations worker
• clip_worker.service - Clip operations worker
• raster_clip_worker.service - Raster clip operations worker

Configuring Workers

Edit the service file to set:

• Working directory
• PHP path
• User/group
• Environment variables
• Resource limits

Example service file:

[Unit]
Description=Hotspot Analysis Worker
After=network.target postgresql.service

[Service]
Type=simple
User=www-data
WorkingDirectory=/var/www/html/aurora-gis
ExecStart=/usr/bin/php workers/hotspot_analysis_worker.php
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

GeoServer Configuration

If using GeoServer for WMS/WFS services:

1. Configure GeoServer connection in config/const.php or environment variables
2. Set GeoServer admin credentials
3. Configure workspace and data stores
4. Enable required services (WMS, WFS, WCS)

QGIS Server Configuration

For QGIS project rendering:

1. Install QGIS Server (see Installation Guide)
2. Configure QGIS Server settings in mapproxy_settings.php
3. Set QGIS Server URL in application settings
4. Ensure QGIS projects are accessible to QGIS Server

pg_tileserv Configuration

For vector tile generation:

1. Install and configure pg_tileserv
2. Ensure PostGIS tables have proper SRID constraints
3. Configure pg_tileserv to discover tables automatically
4. Set pg_tileserv URL in application settings

Security Configuration

File Upload Security

• File type validation is enforced
• File size limits can be configured
• Uploaded files are stored outside the web root when possible
• File names are sanitized to prevent path traversal

Database Security

• Use prepared statements (automatic via PDO)
• Database credentials stored in config/const.php (protect this file)
• User access controlled via access_group and user_access tables
• Dataset-level permissions via dataset_permissions table

Session Security

• Session key configured via SESS_USR_KEY constant
• Session cookies should be HTTP-only and secure in production
• Configure session timeout in php.ini

Performance Tuning

PostgreSQL Tuning

Key PostgreSQL settings for optimal performance:

-- Increase shared buffers
shared_buffers = 256MB

-- Increase work memory for complex queries
work_mem = 16MB

-- Enable parallel queries
max_parallel_workers_per_gather = 4

-- Optimize for spatial queries
random_page_cost = 1.1  # For SSD storage

PHP Tuning

In php.ini:

memory_limit = 512M
max_execution_time = 300
upload_max_filesize = 100M
post_max_size = 100M

Application Tuning

• Enable OPcache for PHP
• Use connection pooling (PgBouncer)
• Configure appropriate worker counts
• Monitor and optimize slow queries

Environment-Specific Configuration

Development

• Enable error display: ini_set('display_errors', 1)
• Use verbose logging
• Disable caching
• Use test database

Production

• Disable error display: ini_set('display_errors', 0)
• Enable error logging
• Use production database
• Enable caching
• Use HTTPS only
• Configure proper backup strategy

Monitoring and Logging

Application Logs

Logs are stored in the logs/ directory:

• error.log - PHP errors
• worker_*.log - Worker-specific logs
• import_*.log - Import operation logs

Database Logging

Enable PostgreSQL logging:

# In postgresql.conf
logging_collector = on
log_directory = 'log'
log_filename = 'postgresql-%Y-%m-%d.log'
log_statement = 'all'  # or 'mod' for modifications only

Related Documentation

• Installation Guide
• Architecture Overview
• Workers Documentation