I. Overview
1.Version
| Report server version | JAR package | Function change |
|---|---|---|
| 10.0 | - | - |
| 10.0.19 | 2021-10-13 | When starting the private cloud authentication server, support specifying the English language. |
2. Application scenarios
The customer's report server is deployed on a virtual machine or cloud platform, and the physical information of the report server is not fixed, so there is no way to bind fixed machine information, so the "local machine information authentication" is no longer applicable.
At this time, you need to find a server with fixed physical information as the authorization server, and then send the machine information rif file of the authorization server to the business to generate the private cloud authentication server file "FanruanLicenseServer", which contains a "server.exe" file.
3. Function introduction
When the physical information of the report server is not fixed and cannot perform local machine authentication, if there is a server with fixed physical information, private cloud authentication can be performed.
The authorization server (License Server terminal) returns the authorized function point, authorized access domain name, authorized access port, authorized access application name, authorized access expiration date and other information to the report server (Report Server terminal).
The report server (Report Server terminal) does the verification. If the verification passes, it will enter the normal access program. If it does not pass, it will be regarded as an unauthorized server. As shown below:
The authorization server program refers to the server program that provides the authorization function (physical information needs to be provided), and the report server refers to a server running FineReport reports (physical information does not need to be provided).
4. Notes
1) The authorization server for private cloud authentication needs to be a machine with fixed physical information. The machine where the report engineering server is located does not need to have fixed physical information.
For example, physical information in a virtual machine environment may change, causing registration failure, and it is not suitable for use as an authorization server.
2) The report server is the server where the report project needs to be registered, and needs to communicate with the authorized server network.
3) One authorization server is not allowed to run two private cloud authentication programs.
4) The authentication program run by the authorization server cannot be closed for more than 24 hours.
If the shutdown time exceeds 24 hours, the authentication program needs to be re-run, and the report server needs to be re-registered.
If the shutdown time is less than 24 hours, the report server shows that the registration failed, and the authorization server will be automatically reconnected within 2 hours, and the registration will not be invalid.
5) After the authentication server is uninstalled, if you want to use this machine as the authorization server again, you need to regenerate the MachineInfo.rif file and send it to the business for re-registration.
6) Within the range allowed by the number of authorizations, one authorization server can authorize multiple report servers.
7) Use private cloud authentication in the case of clusters, without each node sending registration information to the business.
8) When the report server is migrated, it is not necessary to re-apply for the authorization file. It is only necessary to ensure that the machine where the report server is located and the network of the authorization server can be connected.
9) Support i386, arm and amd64 bit systems under Linux.
10) Access to private cloud through NAT is not supported.
II. The authorization server is Windows system
1. Download the machine tool
Click to download the machine tool to obtain the authorization server information file:
Upload the compressed package to the authorization server and decompress it.
2. Export authorization server information
Run the decompressed "machine.exe" file with administrator privileges, and automatically generate the require folder in the same directory.
The "MachineInfo.rif" file in the "require" folder is the exported authorization server information file. As shown below:
3. Obtain the authorization file
Please use the email address specified in the contract to send the registration information to FineReport business@fanruan.com, the email format is as follows:
After the business receives the email, it will generate the authorization file FanruanLicenseServer.zip after verification, and send it to the user by email.
The content of the email is shown in the table below:
| List | Contents | Notes | |
|---|---|---|---|
| Priority contact | Please contact FanRuan sales in advance to confirm relevant matters and sign the contract. | - | |
| Sender | Please use the email address specified in the contract. | If the email address for sending registration information is not the email address specified in the contract, registration will not be accepted. | |
| Recipient | business@fanruan.com | - | |
| Title | XXX Company Registration FineReport Official Authorization Document | If the company name is not indicated when sending the registration information, it will not be registered | |
| Text | Basic information | Company Name: XXX Company Project name: XXX project Contract signing date: XX/XX/XXXX | - |
| Registration method | Private cloud authentication | - | |
| Report server version | FineReport9.0 or FineReport10.0 | If the version is not indicated when sending the registration information, it will not be registered. | |
| Report server IP | Which report server IP is allowed to be registered, which is the report server's intranet IP For example: 192.168.100.25-192.168.100.26, 192.168.0.1 | If the report server IP is not indicated when sending the registration information, the registration will not be granted. The range of "Report Server IP Network Segment" is: 1.0.0.0-255.255.255.255 | |
| Report project name | Allowed authorized project names, for example: report1, report2 | If not provided, it means there is no restriction on this item. | |
| Authorization server domain name | The domain name of the authoritative server If not provided, make sure that the report server can access the authorization server through IP Format: www.baidu.com, www.google.com | - | |
| Public IP of the authorization server | If the report server needs to be accessed through the public IP of the authorization server, the public IP of the authorization server must also be provided. | - | |
| Number of authorizations | An authorization server can authorize multiple report servers at the same time. Here is the limit on the number of report servers registered at the same time. | - | |
| Attachment | MachineInfo.rif | - | |
4. Start the authorization server
On the license server, decompress the compressed package "FanruanLicenseServer.zip" of the license file sent by the business.
Run the "server.exe" file in the "bin" directory with administrator privileges. As shown below:
Note 1: If the startup fails and the reason for the error is that the port is occupied, then when using the command line to start the program, add the parameter -port port to specify another port.
Example: .server.exe -port 8088
Note 2: The server.exe file obtained on 2021-10-13 and later supports specifying the language when starting the authentication server. The default is Simplified Chinese, and English is additionally provided.
Example of startup command: .server.exe -port 8088 -language en
5. Set the service to start automatically after booting
The executable file running on the authorization server cannot be closed, that is, "server.exe" cannot be closed under Windows. If the Server is shut down and reopened, it is unregistered and needs to be re-executed in Section II.4.
Download the SrvanyUI service management tool:
, after decompression, run the SrvanyUI_1.0.exe file and install SrvanyUI.
Open SrvanyUI software, select File > Add, and add self-built service.
The service name is Private Cloud License Server, the internal ID is PrivateServer, the program path selects the file \FanruanLicenseServer\bin\server.exe above, and the startup mode is Automatic.
As shown below:
Click Confirm to run, as shown below:
Note: After the setting is successful, the service will start automatically. If you need to replace the private cloud, you need to stop the previous one.
6. Report Server Authentication Authorization
The report project is deployed on the report server. The administrator logs in to the decision-making platform, clicks Manage > Registration > Version Information, and clicks Register Now.
Select Private Cloud for the authentication method, fill in the IP and listening port displayed by the authorized server above for the server address, such as https://172.16.63.131:8081, and click Submit, as shown in the following figure:
Note 1: If the authorization server domain name is provided, fill in the authorization server domain name; if the authorization server domain name is not provided, fill in IP .
Note 2: Please make sure that the report server can access the authorization server.
After the authentication is successful, as shown in the following figure:
Note 1: The maximum number of connections here means that several projects can apply to the authorization server for authorization registration at the same time.
Note 2: If the authentication fails, check the firewall settings, open the corresponding port or close the firewall.
III. The authorization server is a Linux system
1. Download the machine tool
Click to download the machine tool to obtain the authorization server information file:
Note: In general, 64-bit Linux uses amd64, and 32-bit Linux uses i386.
In rare cases (when the physical machine uses RISC reduced instruction set, low-power CPU), arm is used, which is related to the use of hardware.
| System | Get server information file |
|---|---|
| Linux_amd64 | |
| Linux_arm32 | |
| Linux_i386 | |
| Linux_arm64 |
2. Export authorization server information
Note: The operation in this section must be performed with an administrator account, otherwise, an error will be reported when the authorization program is started, and the machine code will not match.
Take Linux_amd64 as an example:
Upload the compressed package to the authorization server, and decompress it to generate the machine.file file:
unzip linux_amd64.zip
Add permissions to the machine.file file:
chmod 777 machine
Run the machine.file file to automatically generate the authorization server information file, that is, the MachineInfo.rif file in the require directory:
./machine
3. Obtaining authorization documents
Please use the email address specified in the contract to send the registration information to FineReport business@fanruan.com, the email format is as follows:
After the business receives the email, it will generate the authorization file FanruanLicenseServer.zip after verification, and send it to the user by email.
The content of the email is shown in the table below:
| List | Contents | Notes | |
|---|---|---|---|
| Priority contact | Please contact FanRuan sales in advance to confirm relevant matters and sign the contract. | - | |
| Sender | Please use the email address specified in the contract. | If the email address for sending registration information is not the email address specified in the contract, registration will not be accepted. | |
| Recipient | business@fanruan.com | - | |
| Title | XXX Company Registration FineReport Official Authorization Document | If the company name is not indicated when sending the registration information, it will not be registered | |
| Text | Basic information | Company Name: XXX Company Project name: XXX project Contract signing date: XX/XX/XXXX | - |
| Registration method | Private cloud authentication | - | |
| Report server version | FineReport9.0 or FineReport10.0 | If the version is not indicated when sending the registration information, it will not be registered. | |
| Report server IP | Which report server IP is allowed to be registered, which is the report server's intranet IP For example: 192.168.100.25-192.168.100.26, 192.168.0.1 | If the report server IP is not indicated when sending the registration information, the registration will not be granted. The range of "Report Server IP Network Segment" is: 1.0.0.0-255.255.255.255 | |
| Report project name | Allowed authorized project names, for example: report1, report2 | If not provided, it means there is no restriction on this item. | |
| Authorization server domain name | The domain name of the authoritative server If not provided, make sure that the report server can access the authorization server through IP Format: www.baidu.com, www.google.com | - | |
| Public IP of the authorization server | If the report server needs to be accessed through the public IP of the authorization server, the public IP of the authorization server must also be provided. | - | |
| Number of authorizations | An authorization server can authorize multiple report servers at the same time. Here is the limit on the number of report servers registered at the same time. | - | |
| Attachment | MachineInfo.rif | - | |
4. Start the authorization server
Note: If it is a tool connection (xshell), after using nohup ./bin/server & command line, use exit to log out.
After logging in again, you can use the ps -ef|grep server command to check whether it is running in the background. If it runs successfully, it means that the private cloud background is successfully started. As long as the server is not shut down, it will keep running.
1) On the license server, decompress the license file package FanruanLicenseServer.zip sent by the business
unzip FanruanLicenseServer.zi
2) After the decompression is complete, run the server in the bin directory with administrator privileges
nohup ./server &
Note: The server.exe file obtained from 2021-10-13 and later supports specifying the language when starting the authentication server. The default is Simplified Chinese.Available in English.
Example of startup command: ./server -language en
3) The authentication server is successfully started, as shown in the following figure:
5. Report Server Authentication Authorization
The report project is deployed on the report server. The administrator logs in to the decision-making platform, clicks Manage > Registration > Version Information, and clicks Register Now.
Select Private Cloud for the authentication method, fill in the IP and listening port displayed by the authorized server above for the server address, such as https://172.16.63.131:8081, and click Submit, as shown in the following figure:
Note 1: If the authorization server domain name is provided, fill in the authorization server domain name; if the authorization server domain name is not provided, fill in IP .
Note 2: Please make sure that the report server can access the authorization server.
After the authentication is successful, as shown in the following figure:
Note 1: The maximum number of connections here means that several projects can apply to the authorization server for authorization registration at the same time.
Note 2: If the authentication fails, check the firewall settings, open the corresponding port or close the firewall.
IV. The authorization server is a Mac system
1. Download the machine tool
Click to download the machine tool to obtain the authorization server information file:
2. Export authorization server information
Upload the compressed package to the authorization server, and decompress it to generate the machine.file file:
unzip Mac.zip
Add permissions to the machine.file file:
chmod 777 machine
Run the machine.file file to automatically generate the authorization server information file, that is, the MachineInfo.rif file in the require directory:
./machine
3. Obtaining authorization documents
Please use the email address specified in the contract to send the registration information to FineReport business@fanruan.com, the email format is as follows:
After the business receives the email, it will generate the authorization file FanruanLicenseServer.zip after verification, and send it to the user by email.
The content of the email is shown in the table below:
| List | Contents | Notes | |
|---|---|---|---|
| Priority contact | Please contact FanRuan sales in advance to confirm relevant matters and sign the contract. | - | |
| Sender | Please use the email address specified in the contract. | If the email address for sending registration information is not the email address specified in the contract, registration will not be accepted. | |
| Recipient | business@fanruan.com | - | |
| Title | XXX Company Registration FineReport Official Authorization Document | If the company name is not indicated when sending the registration information, it will not be registered | |
| Text | Basic information | Company Name: XXX Company Project name: XXX project Contract signing date: XX/XX/XXXX | - |
| Registration method | Private cloud authentication | - | |
| Report server version | FineReport9.0 or FineReport10.0 | If the version is not indicated when sending the registration information, it will not be registered. | |
| Report server IP | Which report server IP is allowed to be registered, which is the report server's intranet IP For example: 192.168.100.25-192.168.100.26, 192.168.0.1 | If the report server IP is not indicated when sending the registration information, the registration will not be granted. The range of "Report Server IP Network Segment" is: 1.0.0.0-255.255.255.255 | |
| Report project name | Allowed authorized project names, for example: report1, report2 | If not provided, it means there is no restriction on this item. | |
| Authorization server domain name | The domain name of the authoritative server If not provided, make sure that the report server can access the authorization server through IP Format: www.baidu.com, www.google.com | - | |
| Public IP of the authorization server | If the report server needs to be accessed through the public IP of the authorization server, the public IP of the authorization server must also be provided. | - | |
| Number of authorizations | An authorization server can authorize multiple report servers at the same time. Here is the limit on the number of report servers registered at the same time. | - | |
| Attachment | MachineInfo.rif | - | |
4. Start the authorization server
Note: Do not close the executable file running on the authorization server, that is, the server cannot be closed under Mac.
On the license server, decompress the compressed package FanruanLicenseServer.zip of the license file sent by the business.
Run the server in the bin directory with administrator privileges, as shown in the following figure:
Note: The server.exe file obtained on 2021-10-13 and later supports the specified language when starting the authentication server. The default is Simplified Chinese, and English is additionally provided.
Example of startup command: ./server -language en
5. Report Server Authentication Authorization
The report project is deployed on the report server. The administrator logs in to the data decision system, clicks Manage > Registration > Version Information, and clicks Register Now.
Select Private Cloud for the authentication method, fill in the IP and listening port displayed by the authorized server above for the server address, such as https://172.16.63.131:8081, and click Submit, as shown in the following figure:
Note 1: If the authorization server domain name is provided, fill in the authorization server domain name; if the authorization server domain name is not provided, fill in IP .
Note 2: Please make sure that the report server can access the authorization server.
After the authentication is successful, as shown in the following figure:
Note 1: The maximum number of connections here means that several projects can apply to the authorization server for authorization registration at the same time.
Note 2: If the authentication fails, check the firewall settings, open the corresponding port or close the firewall.
V. Registration failed
1. Phenomenon description
If the registration fails, a pop-up window will appear on the page, as shown below:
2. Reasons for failure
Click Details to view the reasons for the registration failure, and troubleshoot according to the specific failure reasons.
| Error code | Error name | Meaning |
|---|---|---|
| 10000 | JSON_PARSER_ERROR | Data format is incorrect |
| 10001 | PARAM_INPUT_ERROR | The parameter you entered is incorrect |
| 20000 | DO_NOT_NEED_DEACTIVATE | The machine is not authorized without unbinding |
| 30000 | LICENSE_EXPIRED | Certificate has expired |
| 30001 | REPORT_VERSION_ERROR | Version mismatch |
| 30002 | ACCOUNT_STATUS_ERROR | The account status is abnormal (this prompt appears when unbinding, indicating that the machine does not need to unbind because it is not authorized) |
| 30003 | LICENSE_IP_ERROR | IP is not within the allowed range |
| 30004 | LICENSE_DOMAIN_ERROR | The domain name is not within the allowed range |
| 30005 | LICENSE_APPNAME_ERROR | The application name is not in the allowed range |
| 30007 | REGISTER_OUT_OF_LIMIT | It has reached the maximum number of licenses |
Note: In addition to the above failure reasons, other unified errors are reported: the content of the certificate is incorrect.
When there are multiple failure reasons, they are all displayed in the platform.
VI. Migrate the authorization server
1. Destruction authorization
First, destroy the current authentication server. Enter the bin directory as an administrator, and then run.
1) Windows
In Windows, open cmd, switch to the bin directory, and run the command as follows:
.\server.exe -destroy
As shown below:
2) Mac and Linux
On Mac and Linux, run the command as follows:
./server -destroy
As shown below:
2. Obtaining Destruction Evidence Documents
After executing the destroy command, the current server authentication license will be destroyed, and an evidence file of the destruction information will be generated, as shown in the following figure:
Note: In Windows, sometimes an error will be reported. You have to create a folder called uninstall in the same directory as bin, and the uninstall file will appear in this folder.
3. Re-registration
The customer sends the following two documents to the business by mail:
receipt.fr file and regenerate the MachineInfo.rif file according to the steps to apply for an authentication server.
The business receives the receipt.fr file, and after the verification is completed and confirmed to be destroyed, it sends a new authentication server file to the customer.
Note: After the authorization server is destroyed, if the report server is restarted, the registration will fail immediately; if the report server is not restarted, the registration will fail after about 24 hours.
