Service Configuration Items
- If the HTTPS service is used, the private key of the server certificate cannot be in plaintext. You need to use the Huawei KMC component to manage the key. In this case, install the haveged service to prevent random number blocking. For details about how to install haveged, see the installation description on its official website. For example, you can run the apt-get install -y haveged command to install the haveged service in Ubuntu. Ensure that the source of the software to be installed is valid and verify its integrity before the installation.
The time for the client to maintain the connection depends on keepAlive set on the server. Set the keep-alive period for TCP connections, number of detection times, and detection interval as required.
- You are advised to use the inference service as a user with low OS permissions, instead of the root user.
Configuration Item |
Description |
Mandatory or Not |
Modifiable or Not |
|---|---|---|---|
server_name |
Inference service name. Defaults to StreamServer. Do not contain sensitive information. |
No |
Yes |
infer_config_repo |
Storage directory of the inference configuration file repository, which defaults to the inferConfigRepository folder. The inference service recursively scans all inference configuration files (JSON files) in this directory. For each configuration file, the inference service attempts to start the file-related service. If the hardware resources are used up, the service fails to be started. The inference service limits the hierarchical depth of the inferConfigRepository folder. The maximum number of layers is 10 and the maximum number of files and folders is 100 (including the inferConfigRepository folder itself). If the preceding conditions are not met, the inference server cannot be started. |
No |
Yes |
request_cache_size |
Size of the request buffer of each inference service. The value ranges from 1 to 1000, and defaults to 120. The minimum or maximum value is read if the actual value is out of the range. |
No |
Yes |
max_request_rate |
Client request rate limit. The value range is [1,30], and defaults to 20 requests per second. The minimum or maximum value is read if the actual value is out of the range. |
No |
Yes |
max_content_length |
Maximum size of a request packet sent by a client. By default, the total size of the packet and request header is less than 20,480 KB (20 MB). The unit is KB and the value range is [1,51200]. The minimum or maximum value is read if the actual value is out of the range. |
No |
Yes |
ip |
Listening IP address of the inference service. The default value is 127.0.0.1. If the server running the inference service is divided into the management plane, control plane, and user plane, the original isolation principle of the system will be damaged. You need to configure the IP address based on the actual network deployment. If this parameter is set to 0.0.0.0, network-wide listening is performed, which poses security risks. Therefore, the StreamServer cannot set this parameter to 0.0.0.0. |
No |
Yes |
port |
Listening port number of the inference service. The value ranges from 1025 to 65535 and defaults to 8080. |
No |
Yes |
protocol |
Communication protocol used by the inference service. Currently, http and https (default) are supported. If https is selected, you need to set server_crt, server_key, ca_crt, and server_key_mm. If http is selected, you do not need to set these parameters. The value can be http, https, HTTP, or HTTPS (case sensitive). If HTTP is used, plaintext data is transmitted between the server and client. In this case, you must ensure the security of the network environment and bear the data leakage risk caused by unsecured network environments. |
No |
Yes |
server_crt |
Path of the server.crt file, which is issued by the CA. The file owner of the target path is the MindX SDK installation user and the permission is 400. |
No |
Yes |
server_key |
Path of the server certificate private key file server.key. Use the encrypted private key file. The file owner of the target path is the MindX SDK installation user and the permission is 400 |
No |
Yes |
ca_crt |
Path of the CA certificate ca.crt. The file owner of the target path is the MindX SDK installation user and the permission is 400 |
No |
Yes |
crl |
Path of the ca.crl file. The file owner of the target path is the MindX SDK installation user and the permission is 400. This parameter is required only when the https protocol requires a local CRL. If no CRL is required or the http protocol is used, you do not need to set this parameter. |
No |
Yes |
server_key_mm |
Ciphertext of the server private key, which is managed by Huawei KMC. The plaintext key is not allowed, and you are advised not to manually modify this parameter. The maximum length of the private key is 400 bits. If HTTP is used, plaintext data is transmitted between the server and client. In this case, you must ensure the security of the network environment and bear the data leakage risk caused by unsecured network environments. |
No |
Yes |
cipher_list |
Protocol algorithm suite. The default value does not need to be changed. Multiple suites are separated by colons (:). If this parameter is not set, the default value is used. The StreamServer supports TLSv1.2 algorithm suites, among which ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA, AES256-SHA, and AES128-SHA are disabled by default. |
No |
Yes |
sdp_algorithm_id |
KMC encryption algorithm function, which is specified by the algorithm ID. The default value is AES256_GCM. |
No |
Yes |
ip_white_lists |
IP address trustlist requested by the inference service client. The value is an IPv4 address. Use commas (,) to separate multiple IP addresses. |
No |
Yes |