Skip to main content
Explore
Sign in
Explore
Snippets Groups Projects
Select Git revision
  • e3cdec27f6df33a9b89ff7141cd83ba64d1b9dad
  • ballinvoher default protected
  • client-http-server-for-token
  • master
  • gitlab-auth-issue
  • windows
  • microsoft
  • message
  • azure_auth
  • prometheus
  • permission-templates
  • no-datastore
  • save-public-keys
  • gitlab-group-level-start
  • v1.1.0
  • v1.0.0
  • v0.1
17 results

example-server.conf

Blame
    • user avatar
    Updates to static content generation, docs and examples
    Niall Sheridan authored 
    Static content generator finds the root of the git repo and executes from there. Packr will scan subdirs for boxes to be packed.
    e3cdec27
    History
    user avatar e3cdec27
    History
    example-server.conf 2.30 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54 
    

    

    

    # Server config
server {
  use_tls = true  # Optional. If this is set then `tls_key` and `tls_cert` must be set
  tls_key = "server.key"  # Path to TLS key
  tls_cert = "server.crt"  # Path to TLS certificate
  address = "127.0.0.1"  # Optional. IP address to listen on
  port = 443  # Port to listen on
  user = "www" # Optional. User to which the server drops privileges to
  cookie_secret = "supersecret"  # Authentication key for the client cookie
  csrf_secret = "supersecret"  # Authentication key for the CSRF token
  http_logfile = "http.log"  # Logfile for HTTP requests
  database {
    type = "mysql"
    dbname = "cashier_production"
    address = "host:3306"
    username = "user"
    password = "pass"
  }
}

# Oauth2 configuration
auth {
  provider = "google"  # Oauth provider to use
  oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com"  # Oauth client ID
  oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy"  # Oauth client secret
  oauth_callback_url = "https://sshca.example.com/auth/callback"  # Oauth callback url
  provider_opts {
    domain = "example.com"  # Oauth-provider specific options
  }
  users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] # Optional
}

# Configuration for the certificate signer.
ssh {
  signing_key = "signing_key"  # Path to the CA signing secret key
  additional_principals = ["ec2-user", "ubuntu"]  # Additional principals to allow
  max_age = "720h"  # Maximum lifetime of a ssh certificate
  permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"]  #  Permissions associated with a certificate
}

# Optional AWS config. if an aws config is present, then files (e.g. signing key or tls cert) can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`.
# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk
aws {
  region = "eu-west-1"
  access_key = "abcdef"
  secret_key = "xyz123"
}

# Optional Vault config. If a vault config is present then files (e.g. signing key or tls cert) can be read from a vault server using the syntax `/vault/secret/service/key_name`.
vault {
  address = "https://127.0.0.1:8200"
  token = "83f01274-c6f0-4dae-aab9-13a6fc62772e"
}