Skip to content
Snippets Groups Projects
Select Git revision
  • 12417f0dddf4be86aa5b9a4cb25bf48a4e301086
  • ballinvoher default protected
  • client-http-server-for-token
  • master
  • gitlab-auth-issue
  • windows
  • microsoft
  • message
  • azure_auth
  • prometheus
  • permission-templates
  • no-datastore
  • save-public-keys
  • gitlab-group-level-start
  • v1.1.0
  • v1.0.0
  • v0.1
17 results

example-server.conf

Blame
    • example-server.conf 2.30 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54 
    

    

    

    # Server config
server {
  use_tls = true  # Optional. If this is set then `tls_key` and `tls_cert` must be set
  tls_key = "server.key"  # Path to TLS key
  tls_cert = "server.crt"  # Path to TLS certificate
  address = "127.0.0.1"  # Optional. IP address to listen on
  port = 443  # Port to listen on
  user = "www" # Optional. User to which the server drops privileges to
  cookie_secret = "supersecret"  # Authentication key for the client cookie
  csrf_secret = "supersecret"  # Authentication key for the CSRF token
  http_logfile = "http.log"  # Logfile for HTTP requests
  database {
    type = "mysql"
    dbname = "cashier_production"
    address = "host:3306"
    username = "user"
    password = "pass"
  }
}

# Oauth2 configuration
auth {
  provider = "google"  # Oauth provider to use
  oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com"  # Oauth client ID
  oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy"  # Oauth client secret
  oauth_callback_url = "https://sshca.example.com/auth/callback"  # Oauth callback url
  provider_opts {
    domain = "example.com"  # Oauth-provider specific options
  }
  users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] # Optional
}

# Configuration for the certificate signer.
ssh {
  signing_key = "signing_key"  # Path to the CA signing secret key
  additional_principals = ["ec2-user", "ubuntu"]  # Additional principals to allow
  max_age = "720h"  # Maximum lifetime of a ssh certificate
  permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"]  #  Permissions associated with a certificate
}

# Optional AWS config. if an aws config is present, then files (e.g. signing key or tls cert) can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`.
# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk
aws {
  region = "eu-west-1"
  access_key = "abcdef"
  secret_key = "xyz123"
}

# Optional Vault config. If a vault config is present then files (e.g. signing key or tls cert) can be read from a vault server using the syntax `/vault/secret/service/key_name`.
vault {
  address = "https://127.0.0.1:8200"
  token = "83f01274-c6f0-4dae-aab9-13a6fc62772e"
}