Full text indexing installation
The Full Text Indexing component enables search within document content in ShareAspace.
Full text search is used to find phrases and text inside indexed files.
Note
The Full Text Indexing component and Elasticsearch can be installed on separate machines. However, it is recommended to install them on the same machine for simplicity and security.
The Full Text Indexing component can be installed on the same server as the ShareAspace Host. However, it is recommended to run external extensions on a separate server when possible.
Prerequisites
The Full Text Indexing component requires:
- Hardware prerequisites for a Full Text Indexing Server (IIS).
- Software prerequisites for a Full Text Indexing Server (IIS).
Note
It is possible to set up the Full Text Indexing component on one machine and the Elasticsearch on another machine but it is recommended to install them both on the same machine for reasons of security.
Elasticsearch setup
Elasticsearch is required to store and query indexed content.
Note
Official installation instructions are available at the Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/current/zip-windows.html.
Note
The following setup process is an example using the default SSL certificate and username/password.
TLS certificate setup (automatic)
Start Elasticsearch once to automatically generate TLS certificates:
PS C:\elasticsearch\bin> .\elasticsearch.bat
Certificates are placed in: config\certs.
Note
If valid certificates already exist, new ones will not be generated.
Note
Any certificate can be used instead of the one created by the Elasticsearch setup scripts. Usernames and passwords can also be changed. The Elasticsearch website has documentation covering this.
Trust the certificate:
Import-Certificate -FilePath "C:\elasticsearch\config\certs\http_ca.crt" -CertStoreLocation Cert:\LocalMachine\Root
Note
The certificate must be trusted by the server hosting the Full Text Indexing component.
Manual TLS setup (optional)
Important
Elasticsearch provides tools for managing certificates. Refer to the Elasticsearch certificate utility documentation for more information: https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html
ShareAspace full text indexing appsettings.json
{
...
"ConnectionSettings": {
"ServiceEndpoint": "https://localhost:9200/",
"CertificateFingerprint": "a8e7fee41...19b9687"
},
...
}
To generate a self-signed Elasticsearch TLS certificate for localhost, use the
elasticsearch-certutil.bat script found under the bin folder of the
Elasticsearch installation.
PS C:\elasticsearch\bin> .\elasticsearch-certutil.bat cert --self-signed --pem --multiple
The script will ask for a series of questions press enter on all but:
- "Enter instance name:" - type: localhost
- "Enter DNS names for instance (comma-separated if more than one) []:" - type: localhost
A ZIP file (default certificate-bundle.zip) containing the certificate
(localhost.crt) and the key (localhost.key) will be created.
Unpack the certificate and key under \config\certs.
Create a trust to the certificate.
Import-Certificate -FilePath "C:\elasticsearch\config\certs\http_ca.crt" -CertStoreLocation Cert:\LocalMachine\Root
Open the Elasticsearch configuration file \config\elasticsearch.yml and add the following lines:
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.certificate: "certs\\localhost.crt"
xpack.security.http.ssl.key: "certs\\localhost.key"
Finally, read the certificate fingerprint from the certificate and update the
ConnectionSettings.CertificateFingerprint in the ShareAspace Full Text
Indexing component appsettings.json configuration file.
# Get certificate fingerprint from the http_ca
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\elasticsearch\config\certs\http_ca.crt")
$sha256 = [System.Security.Cryptography.SHA256]::Create()
$hashBytes = $sha256.ComputeHash($cert.RawData)
$fingerprintSha256 = ($hashBytes | ForEach-Object { $_.ToString("x2") }) -join ":"
$formattedFingerPrint = $($fingerprintSha256 -replace ":")
Important
Do not confuse the SHA‑256 hash of the certificate (used in this configuration) with the SHA‑1 hash that is typically displayed in Windows as the certificate “thumbprint”. Both values are hashes of the same certificate but use different algorithms.
Superuser password
A default password for the elastic superuser is generated automatically. It
can easily be changed later by running the following command:
PS C:\elasticsearch\bin> .\elasticsearch-reset-password.bat -a -b -s -u elastic
Ingest
The Ingest plugin is included as a module in Elasticsearch since version 8.12.1 and does no longer have to be installed as a plugin.
If Elasticsearch cannot read the external GEO IP database (this can be seen in the log) it is possible to turn off this feature.
Open the Elasticsearch configuration file \config\elasticsearch.yml and add
the following lines:
ingest.geoip.downloader.enabled: false
Install as a service
Elasticsearch can be installed and hosted as a Windows service.
To install run:
PS C:\elasticsearch\bin> .\elasticsearch-service.bat install
Once installed the Windows service can be started using:
PS C:\elasticsearch\bin> .\elasticsearch-service.bat start
Installation steps
Step 1: Run the installer
Run the FullTextIndexing.msi installer to install the component on the IIS server.
Default installation path: C:\Program Files\Eurostep\ShareAspace\FullTextIndexing.
Step 2: Configure IIS
An IIS Application Pool named FullTextIndexing is created.
By default, it runs under LocalSystem.
Note
If a different account is used, it must have read access to the installation directory.
Step 3: Configure the component
See the Configuration section.
Important
The TLS certificate used by the Elasticsearch server must be trusted by the server hosting the Full Text Indexing component.
Step 4: Register the extension
See the Extension registration section.
Configuration
Open appsettings.json.
Default location: C:\Program Files\Eurostep\ShareAspace\FullTextIndexing\appsettings.json.
Example configuration
{
"NovaConfig": {
"SymmetricKey": "<generated-key>"
},
"ConnectionSettings": {
"ServiceEndpoint": "https://localhost:9200"
},
"IndexedCharacters": 100000,
"Elastic": {
"Secret": "_FULLTEXTINDEXINGSECRET_"
}
}
Configuration properties
NovaConfig.SymmetricKey– Symmetric key used when registering the extension.ConnectionSettings.ServiceEndpoint– Elasticsearch endpoint.ConnectionSettings.CertificateFingerprint– Elasticsearch TLS certificate fingerprint.IndexedCharacters– Maximum number of indexed characters per document.Elastic.Secret– Authentication secret for Elasticsearch.
SymmetricKey
Generate as described in: Generate Symmetric Signing Keys.
Elasticsearch connection
The ServiceEndpoint must match the Elasticsearch endpoint.
Important
The Elasticsearch TLS certificate must be trusted by the server hosting the Full Text Indexing component.
IndexedCharacters
Controls how much content is indexed per document.
- Default:
100000 - If the value is set to
-1the indexer will index all characters.
Warning
Indexing all characters may significantly impact performance and memory usage.
Authentication
The setting Secret in the Elastic section represents the secret key setup
when authenticating against Elasticsearch.
The username/password is configured by passing --user and --password
command line arguments to Eurostep.SAS.FullTextIndexingHost.exe:
Eurostep.SAS.FullTextIndexingHost.exe --user <USERNAME> --password <PASSWORD>
Eurostep.SAS.FullTextIndexingHost.exe --user elastic --password OLx..YskTyo=
Eurostep.SAS.FullTextIndexingHost.exe will return a "secret" to be used for
configuration parameter Elastic.Secret.
OpenTelemetry configuration
The Full Text Indexing component supports OpenTelemetry (OTEL) for logging, metrics, and tracing.
Configuration is performed using configuration variables, for example:
{
"OTEL_SERVICE_NAME": "ShareAspace.FullTextIndexing",
"OTEL_EXPORTER_OTLP_ENDPOINT": "https://host.example.com:4317",
"OTEL_EXPORTER_OTLP_PROTOCOL": "grpc"
}
Additional OTEL configuration options are available and are shared across all ShareAspace components.
See: OpenTelemetry logging.
Extension registration
The Full Text Indexing extension must be registered as a Nova Extension on a bootstrapped ShareAspace collection.
Example registration script:
param (
[Parameter(Mandatory = $true)]
[string]$NovaHost,
[Parameter(Mandatory = $true)]
[string]$PersonalAccessToken,
[Parameter(Mandatory = $true)]
[string]$Extension,
[Parameter(Mandatory = $true)]
[string]$ExtensionApiKey
)
$uri = "{0}/collection/externalExtension/novaExtension" -f $NovaHost
$pat = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$PersonalAccessToken"))
$headers = @{ "Authorization" = "Basic $pat" }
$body = @{ "hostUri" = $Extension; "apiKey" = $ExtensionApiKey; "tokenLifeTime" = 15 } | ConvertTo-Json
Invoke-WebRequest -Method Post -Uri $uri -Headers $headers -Body $body -ContentType "application/json" -UseBasicParsing
Example usage:
.\Add-Extension.ps1 `
-NovaHost https://host.example.com:5001 `
-PersonalAccessToken "<token>" `
-Extension "https://preview.example.com/FullTextIndexing" `
-ExtensionApiKey "<apikey>"