Advanced ALM Octane server configuration

This section describes advanced configuration tasks for the ALM Octane server.

Redirect http to https

This procedure describes how to redirect http to https. You need to redirect to https when accessing the ALM Octane server directly, and not through a front-end server.

To redirect http to https:

  1. Edit /opt/octane/webapps/root/WEB-INF/web.xml, and add the following at the end (before </web-app>):

  2. Restart .

  3. Access ALM OctaneALM Octane via http://<ALM Octane>:8080/ui. Port 8080 is the default port.

    You should be redirected to https://<ALM Octane>:8443/ui. If not, ensure that SecurePort in jetty.xml matches your secure port.

Back to top

Configure number of allowed open files (Linux)

If ALM Octane is under a very heavy load, it might try to use too many Linux resources. In this case, Linux kills the server process. Do the following to increase the number of allowed open files to 65536:

  1. Open the /etc/security/limits.conf file.

  2. Add the following line:

    octane hard nofile 65536
  3. Restart the ALM Octane server.

For details, see

Back to top

Configure secure database access

This section describes how to configure a secure connection from the ALM Octane server to the database server. The secure connection is protected with SSL/TLS for encryption and authentication, or is protected only with Oracle Native Network encryption.

This section includes: 

Before securing database access...

Before configuring secure database access, determine the following:

  • For SQL Server databases, determine if TLS 1.2 is required.

  • For Oracle databases, determine if the database requires SSL/TLS or only Native Oracle protection.

    Does the Oracle database require SSL/TLS? Instructions
    • Place the Oracle client wallet file in a location on the ALM Octane server into a directory accessible to all, such as /tmp/ewallet.p12.

    • Get the port number for secure access.


    Get the following, for use later:

    • Determine if native Data Integrity is configured in sqlnet.ora on the Oracle server as SQLNET.CRYPTO_CHECKSUM_SERVER.

    • Determine if native Network Encryption is configured on the Oracle server. If yes, get the algorithm as defined in sqlnet.ora on the Oracle server as SQLNET.ENCRYPTION_TYPES_SERVER, and see if the key is larger than 128 bits.

  • Prepare the connection string for the database

    This connection string will be used later.

    SQL Server

    SQL Server Scenario ConnectionString
    SSL/TLS is required

    Add the encryption method to the end of the ConnectionString value.


    TLSv1.2 is required

    Add the encryption method and the TLS version to the end of the ConnectionString value.



    Perform the following, based on your scenario.

    Oracle scenarios ConnectionString and other instructions
    SSL/TLS required

    Add the encryption method, the trust store, and the trust store password to the end of the ConnectionString value.

     jdbc:mercury:oracle://<server>:<port>;servicename=<serviceName>;EncryptionMethod=SSL;TrustStore=<path to client wallet file> ;TrustStorePassword=<wallet password>

    Oracle Native Data Integrity

    Add ;DataIntegrityLevel=accepted or ;DataIntegrityLevel=required to the end of the ConnectionString value.

    Oracle Native Encryption

    Add ;EncryptionLevel=accepted or ;EncryptionLevel=required to the end of the ConnectionString value.

    For encryption algorithms with keys longer than 128 bits, replace the Java security policy files in \opt\octane\java\jre\lib\security\.

    For details on Java security policy files, see

To configure a secure database connection for a previously-unsecured database

This step provides instructions for configuring the site schema connection.

Skip this section if you have a separate database server for your workspaces and you only want a secure connection to that database.

This section is relevant if the database server that was configured for a secure connection contains your site schema.

  1. Edit the setup.xml file. The default location is /opt/octane):

    1. Set the value of SiteAction to CONNECT_TO_EXISTING:

    2. Edit the line with ConnectionString. For details, see Prepare the connection string for the database.

  2. If SSL/TLS is required, make sure the trust on the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

  3. Run the service to start the ALM Octane server.

    service octane start

To configure a secure database connection for a new ALM Octane installation

  1. After installing ALM Octane, start the server:

    service octane start
  2. In the Database Server step, select the ConnectionString option and set the values for your database. For details, see Prepare the connection string for the database.

  3. Make sure the trust on ALM Octane the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

Back to top

Configure SSL offloading

When ALM Octane is installed with SSL offloading, make sure re-directions go to HTTPS addresses instead of HTTP addresses.

  1. The X-Forwarded-Proto header must be defined in a reverse proxy.

  2. If ALM Octane redirects to http instead of https, open the <ALM Octane-installation-folder>/octane/server/conf/jetty.xml file in an editor.

    Uncomment following lines to the <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> section:

    <Call name="addCustomizer">
    <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>

Back to top

Dedicate a cluster node for background jobs – 12.60 CP8 and later

You can dedicates nodes for certain purposes, such as for running background asynchronous jobs. This frees up nodes for processing requests that come directly from the ALM Octane UI, as users work.


Cluster nodes can be one of the following types:

  • Worker nodes. Cluster nodes that handle background asynchronous jobs, such as synchronization.

  • Web nodes. All other nodes. Web nodes generally handle direct requests from ALM Octane, but can also handle background jobs if the worker nodes are not available. The load balancer distributes the requests as usual among the web nodes.

To dedicate a node for background jobs

After the ALM Octane installation is complete, and you have verified that the server is up and you can log into ALM Octane, perform the following:

  1. Stop the ALM Octane server.

  2. Add another node to the cluster that is not connected to the load balancer.

  3. Follow the instructions for installing ALM Octane on cluster nodes. For details, see Cluster installation (optional).

  4. The ALM Octane site admin authenticates, and then updates the ROLE for this cluster node in the SERVER table using the REST API.

    PUT https://<server>:<port>/admin/servers
    {  "data": [

    For details on authenticating and working with the REST API, see Overview for developers.

  5. Start the ALM Octane server.

Back to top

See also: