OptionaladvertisedOptionalallowtells if the server default endpoints should allow anonymous connection.
OptionalalternateOptionalalternatealternate hostname or IP to use
OptionalbuildOptionalcapabilitiessupported server capabilities for the Multicast (mDNS)
Optionalcertificatethe server certificate full path filename
the certificate should be in PEM format
OptionalcertificateOptional pre-built certificate + private-key provider. When supplied,
OPCUASecureObject.getCertificate() / .getCertificateChain() /
.getPrivateKey() delegate to this object verbatim, and the disk-backed
path (fs.existsSync + readCertificateChain + readPrivateKey) is
not used.
Intended for browser builds (bundled via esbuild) and test fixtures that want to stage a cert+key pair without staging PKI folders on disk.
When present, certificateFile / privateKeyFile become optional and
may be omitted.
When absent, those two fields remain required strings and a
DiskCertificateKeyPairProvider is created automatically.
Optionaldefaultthe default secure token life time in ms.
Optionaldisabletrue, if discovery service on secure channel shall be disabled
OptionaldiscoveryOptionalendpointsOptionalhostHost IP address or hostname where the TCP server listens for connections. If omitted, defaults to listening on all network interfaces:
Optionalhostnamethe primary hostname of the endpoint.
Optionalisif server shall raise AuditingEvent
Optionalmaxthe maximum number of simultaneous sessions allowed.
Optionalmaxthe maximum number authorized simultaneous connections per endpoint
Optionalnodeset_the nodeset.xml file(s) to load
node-opcua comes with pre-installed node-set files that can be used
example:
import { nodesets } from "node-opcua-nodesets";
const server = new OPCUAServer({
nodeset_filename: [
nodesets.standard,
nodesets.di,
nodesets.adi,
nodesets.machinery,
],
});
OptionalonOptionalonOptionalportthe TCP port to listen to.
Optionalprivatethe server private key full path filename
This file should contains the private key that has been used to generate the server certificate file.
the private key should be in PEM format
Optionalregisterstrategy used by the server to declare itself to a discovery server
Optionalresourceresource Path is a string added at the end of the url such as "/UA/Server"
Optionalsecuritythe possible security mode that the server will expose
Optionalsecuritythe possible security policies that the server will expose
OptionalserverOptionalserverServer Certificate Manager
this certificate manager will be used by the server to access and store certificates from the connecting clients
Optionalserverthe server Info
this object contains the value that will populate the Root/ObjectS/Server/ServerInfo OPCUA object in the address space.
OptionalskipskipOwnNamespace to true, if you don't want the server to create a dedicated namespace for its own (namespace=1). Use this flag if you intend to load the server own namespace from an external source.
Optionaltimeoutthe HEL/ACK transaction timeout in ms.
Use a large value ( i.e 15000 ms) for slow connections or embedded devices.
OptionaltransportOptionaluseruser Certificate Manager this certificate manager holds the X509 certificates used by client that uses X509 certificate token to impersonate a user
Optionaluseran object that implements user authentication methods
Additional endpoint URL(s) to advertise.
Use when the server is behind Docker port-mapping, a reverse proxy, or a NAT gateway. Each URL is parsed to extract hostname and port. Each entry can be a plain URL string (inherits all security settings from the main endpoint) or an
AdvertisedEndpointConfigobject with per-URL overrides. The server still listens onport.