# NOTE: You can use the !include directive to import parts of this file.
# Logging level: debug, info, warn, error.
# Optional. Default is debug.
#
# log_level: debug
# The port Sproxy listens on (HTTPS).
# Optional. Default is 443.
#
# Example:
# listen: 8443
#
# listen:
# Whether SSL is used on port defined by `listen`.
# You should only set it to false iff you intent to do SSL-termination
# somewhere else, e. g. at a load-balancer in a local network.
# If true, you also have to specify `ssl_key` and `ssl_cert`.
# Note that there is no way Sproxy can be usable without HTTPS/SSL at the user side,
# because Sproxy sets cookie for HTTPS only.
# Optional. Default is true.
# ssl: true
# Listen on port 80 and redirect HTTP requests to HTTPS (see `https_port`).
# Optional. Default is true when `listen` == 443, otherwise false.
#
# listen80: true
# Port used in redirection of HTTP requests to HTTPS.
# I. e., http://example.com -> https://example.com[:https_port],
# If `https_port` == 443, the port part if omitted.
# This is useful when behind a dumb proxy or load-balancer, like Amazon ELB,
# (and`ssl` == false). It's unlikely that something other than 443
# is exposed to users, but if you are behind a proxy
# you can't really know the correct https port.
# Optional. Default is as `listen`.
#
# Example:
# https_port: 4040
#
# https_port:
# Whether HTTP2 is enabled. Optional. Default is true.
#
# http2: true
# The system user Sproxy switches to if launched as root (after opening the ports).
# Optional. Default is sproxy.
#
# user: sproxy
# Home directory for various files including SQLite3 authorization database.
# Optional. Default is current directory.
#
# home: "."
# File with SSL certificate. Required if `ssl` == true.
# It can be a bundle with the server certificate coming first:
# cat me-cert.pem CA-cert.pem > cert.pem
# Once again: most wanted certs go first ;-)
# Or you can opt in using of `ssl_cert_chain`
ssl_cert: /path/cert.pem
# File with SSL key (secret!). Required if `ssl` = true.
ssl_key: /path/key.pem
# Chain SSL certificate files.
# Optional. Default is an empty list
# Example:
# ssl_cert_chain:
# - /path/foo.pem
# - /path/bar.pem
#
# ssl_cert_chain: []
# PostgreSQL database connection string.
# Optional. If specified, sproxy will periodically pull the data from this
# database into internal SQLite3 database. Define password in a file
# referenced by the PGPASSFILE environment variable. Or use the `pgpassfile` option.
# Cannot be used with the `datafile` option.
# Example:
# database: "user=sproxy-readonly dbname=sproxy port=6001"
#
# database:
# PostgreSQL password file.
# Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file
# Example:
# pgpassfile: /run/keys/sproxy.pgpass
#
# pgpassfile:
# YAML file used to fill internal SQLite3 database.
# Optional. If specified, Sproxy will import it on start overwriting
# and existing data in the internal database.
# Useful for development or some simple deployments.
# Cannot be used with the `database` option.
# For example see the datafile.example.yml
#
# datafile: /path/data.yml
# Arbitrary string used to sign sproxy cookie and other things (secret!).
# Optional. If not specified, a random key of length 64 is generated on startup,
# and as a consequence, restaring sproxy will invalidate existing user sessions.
# This option could be useful for load-balancing with multiple sproxy instances,
# when all instances must understand cookies created by each other.
#
# key: !include /run/keys/sproxy.secret
# Credentials for supported OAuth2 providers.
# Currently supported: "google", "linkedin"
# At least one provider is required.
# Attributes:
# client_id - OAuth2 client ID.
# client_secret - OAuth2 client secret.
#
# Examples:
#
# oauth2:
# google:
# client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com"
# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com
#
# linkedin:
# client_id: "xxxxxxxxxxxxxx"
# client_secret: !include "/run/keys/xxxxxxxxxxxxxx"
#
# yandex:
# client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# client_secret: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
#
#
# oauth2:
# google:
# client_id:
# client_secret:
# Backend servers. At least one is required.
# NOTE: backends at TCP port are not secure, even on localhost,
# because any local user can connect to the backend bypassing sproxy
# authentication and authorization.
#
# It is recommended to communicate with backends via unix sockets only.
# Unix sockets should be secured with proper unix file permissions.
#
# Backend attributes:
# name - the domain name as in the Host HTTP header (without optional colon and port).
# May include wildcards * and ?. The first matching
# backend will be used. Examples: "*.example.com", "wiki.corp.com".
# Optional. Default is "*".
# address - backend IP address. Optional. Default is 127.0.0.1.
# port - backend TCP port. Required unless unix socket is defined.
# socket - unix socket. Highly recommended for security reasons.
# If defined, IP address and TCP port are ignored.
#
# cookie_name - sproxy cookie name. Optional. Default is "sproxy".
# cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109.
# cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days).
#
# timeout - response timeout in seconds. Optional. Default is 30.
# conn_count - number of connections to keep alive. Optional. Default is 32.
# This is specific to Haskell HTTP Client library, and is per host name,
# not per backend. HTTP Client's default is 10.
#
# backends:
# - name: wiki.example.com
# port: 9090
# cookie_name: sproxy_example
# cookie_max_age: 86400
#
backends:
- port: 8080
