diff options
Diffstat (limited to 'sproxy.yml.example')
-rw-r--r-- | sproxy.yml.example | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/sproxy.yml.example b/sproxy.yml.example new file mode 100644 index 0000000..d539956 --- /dev/null +++ b/sproxy.yml.example @@ -0,0 +1,139 @@ +--- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + +# The port Sproxy listens on (HTTPS). +# Optional. Default is 443. +# +# listen: 443 + +# Listen on port 80 and redirect HTTP requests to HTTPS. +# Optional. Default is true when listen == 443, otherwise false. +# +# listen80: true + +# Whether HTTP2 is enabled. Optional. Default is "true" +# +# http2: true + +# The system user Sproxy switches to if launched as root (after opening the ports). +# Optional. Default is sproxy. +# +# user: sproxy + +# Home directory for various files including SQLite3 authorization database. +# Optional. Default is current directory. +# +# home: "." + +# PostgreSQL database connection string. +# Optional. If specified, sproxy will periodically pull the data from this +# database into internal SQLite3 database. Define password in a file +# referenced by the PGPASSFILE environment variable. Or use the "pgpassfile" option. +# Example: +# database: "user=sproxy-readonly dbname=sproxy port=6001" +# +# database: + +# PostgreSQL password file. +# Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file +# Example: +# pgpassfile: /run/keys/sproxy.pgpass +# +# pgpassfile: + +# Logging level: debug, info, warn, error. +# Optional. Default is debug. +# +# log_level: debug + +# A file with arbitrary content used to sign sproxy cookie and other things (secret!). +# Optional. If not specified, a random key is generated on startup, and +# as a consequence, restaring sproxy will invalidate existing user sessions. +# This option could be useful for load-balancing with multiple sproxy instances, +# when all instances must understand cookies created by each other. +# This should not be very large, a few random bytes are fine. +# +# key: /run/keys/sproxy.secret + +# File with SSL certificate. Required. +# It can be a bundle with the server certificate coming first: +# cat me-cert.pem CA-cert.pem > cert.pem +# Once again: most wanted certs go first ;-) +# Or you can opt in using of `ssl_cert_chain` +ssl_cert: /path/cert.pem + +# File with SSL key (secret!). Required. +ssl_key: /path/key.pem + +# Chain SSL certificate files. +# Optional. Default is an empty list +# Example: +# ssl_cert_chain: +# - /path/foo.pem +# - /path/bar.pem +# +# ssl_cert_chain: [] + + +# Credentials for supported OAuth2 providers. +# Currently supported: "google", "linkedin" +# At least one provider is required. +# Attributes: +# client_id - OAuth2 client ID (string) +# client_secret - OAuth2 client secret. Regardless of its name, this is a file. +# The secret is read from the file which you should keep secret. +# Only the first line of this file is read. +# +# Example: +# oauth2: +# google: +# client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# client_secret: "/run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# +# linkedin: +# client_id: "xxxxxxxxxxxxxx" +# client_secret: "/run/keys/xxxxxxxxxxxxxx" +# +# +# oauth2: +# google: +# client_id: +# client_secret: + + +# Backend servers. At least one is required. +# NOTE: backends at TCP port are not secure, even on localhost, +# because any local user can connect to the backend bypassing sproxy +# authentication and authorization. +# +# It is recommended to communicate with backends via unix sockets only. +# Unix sockets should be secured with proper unix file permissions. +# +# Backend attributes: +# name - the host name as in the Host HTTP header. +# May include wildcards * and ?. The first matching +# backend will be used. Examples: "*.example.com", "wiki.corp.com". +# Optional. Default is "*". Note, that the name must include +# port number if non-standard. +# address - backend IP address. Optional. Default is 127.0.0.1. +# port - backend TCP port. Required unless unix socket is defined. +# socket - unix socket. Highly recommended for security reasons. +# If defined, IP address and TCP port are ignored. +# +# cookie_name - sproxy cookie name. Optional. Default is "sproxy". +# cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109. +# cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days). +# conn_count - number of connections to keep alive. Optional. Default is 32. +# This is specific to Haskell HTTP Client library, and is per host name, +# not per backend. HTTP Client's default is 10. +# +# backends: +# - name: wiki.example.com +# port: 9090 +# cookie_name: sproxy_example +# cookie_max_age: 86400 +# +backends: + - port: 8080 + +... # End of configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + |