From f5f80c5e63c443cbe7e61f5f029dd7d793318441 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 5 Dec 2016 19:10:30 +0300 Subject: sproxy.yml.example -> sproxy.example.yml --- README.md | 2 +- sproxy.example.yml | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sproxy.yml.example | 176 ----------------------------------------------------- sproxy2.cabal | 2 +- 4 files changed, 178 insertions(+), 178 deletions(-) create mode 100644 sproxy.example.yml delete mode 100644 sproxy.yml.example diff --git a/README.md b/README.md index abc3b7a..1dfa94c 100644 --- a/README.md +++ b/README.md @@ -198,7 +198,7 @@ Configuration ============= By default `sproxy2` will read its configuration from `sproxy.yml`. There is -example file with documentation [sproxy.yml.example](sproxy.yml.example). You +example file with documentation [sproxy.example.yml](sproxy.example.yml). You can specify a custom path with: ``` diff --git a/sproxy.example.yml b/sproxy.example.yml new file mode 100644 index 0000000..a9cf9cc --- /dev/null +++ b/sproxy.example.yml @@ -0,0 +1,176 @@ +--- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + +# NOTE: You can use the !include directive to import parts of this file. + +# Logging level: debug, info, warn, error. +# Optional. Default is debug. +# +# log_level: debug + +# The port Sproxy listens on (HTTPS). +# Optional. Default is 443. +# +# listen: 443 + +# Whether SSL is used on port defined by `listen`. +# You should only set it to false iff you intent to do SSL-termination +# somewhere else, e. g. at a load-balancer in a local network. +# If true, you also have to specify `ssl_key` and `ssl_cert`. +# Note that there is no way Sproxy can be usable without HTTPS/SSL at the user side, +# because Sproxy sets cookie for HTTPS only. +# Optional. Default is true. +# ssl: true + +# Listen on port 80 and redirect HTTP requests to HTTPS (see `https_port`). +# Optional. Default is true when `listen` == 443, otherwise false. +# +# listen80: true + +# Port used in redirection of HTTP requests to HTTPS. +# I. e., http://example.com -> https://example.com[:https_port], +# If `http_port` == 443, the port part if omitted. +# This is useful when behind a dumb proxy or load-balancer, like Amazon ELB, +# (and`ssl` == false). It's unlikely that something other than 443 +# is exposed to users, but if you are behind a proxy +# you can't really know the correct https port. +# Optional. Default is as `listen`. +# +# Example: +# https_port: 4040 +# +# https_port: + +# Whether HTTP2 is enabled. Optional. Default is true. +# +# http2: true + +# The system user Sproxy switches to if launched as root (after opening the ports). +# Optional. Default is sproxy. +# +# user: sproxy + +# Home directory for various files including SQLite3 authorization database. +# Optional. Default is current directory. +# +# home: "." + + +# File with SSL certificate. Required if `ssl` == true. +# It can be a bundle with the server certificate coming first: +# cat me-cert.pem CA-cert.pem > cert.pem +# Once again: most wanted certs go first ;-) +# Or you can opt in using of `ssl_cert_chain` +ssl_cert: /path/cert.pem + +# File with SSL key (secret!). Required if `ssl` = true. +ssl_key: /path/key.pem + +# Chain SSL certificate files. +# Optional. Default is an empty list +# Example: +# ssl_cert_chain: +# - /path/foo.pem +# - /path/bar.pem +# +# ssl_cert_chain: [] + + +# PostgreSQL database connection string. +# Optional. If specified, sproxy will periodically pull the data from this +# database into internal SQLite3 database. Define password in a file +# referenced by the PGPASSFILE environment variable. Or use the `pgpassfile` option. +# Cannot be used with the `datafile` option. +# Example: +# database: "user=sproxy-readonly dbname=sproxy port=6001" +# +# database: + +# PostgreSQL password file. +# Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file +# Example: +# pgpassfile: /run/keys/sproxy.pgpass +# +# pgpassfile: + + +# YAML file used to fill internal SQLite3 database. +# Optional. If specified, Sproxy will import it on start overwriting +# and existing data in the internal database. +# Useful for development or some simple deployments. +# Cannot be used with the `database` option. +# For example see the datafile.yml.example +# +# datafile: /path/data.yml + + +# Arbitrary string used to sign sproxy cookie and other things (secret!). +# Optional. If not specified, a random key is generated on startup, and +# as a consequence, restaring sproxy will invalidate existing user sessions. +# This option could be useful for load-balancing with multiple sproxy instances, +# when all instances must understand cookies created by each other. +# This should not be very large, a few random bytes are fine. +# +# key: !include /run/keys/sproxy.secret + + +# Credentials for supported OAuth2 providers. +# Currently supported: "google", "linkedin" +# At least one provider is required. +# Attributes: +# client_id - OAuth2 client ID. +# client_secret - OAuth2 client secret. +# +# Example: +# oauth2: +# google: +# client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com +# +# linkedin: +# client_id: "xxxxxxxxxxxxxx" +# client_secret: !include "/run/keys/xxxxxxxxxxxxxx" +# +# +# oauth2: +# google: +# client_id: +# client_secret: + + +# Backend servers. At least one is required. +# NOTE: backends at TCP port are not secure, even on localhost, +# because any local user can connect to the backend bypassing sproxy +# authentication and authorization. +# +# It is recommended to communicate with backends via unix sockets only. +# Unix sockets should be secured with proper unix file permissions. +# +# Backend attributes: +# name - the host name as in the Host HTTP header. +# May include wildcards * and ?. The first matching +# backend will be used. Examples: "*.example.com", "wiki.corp.com". +# Optional. Default is "*". Note, that the name must include +# port number if non-standard. +# address - backend IP address. Optional. Default is 127.0.0.1. +# port - backend TCP port. Required unless unix socket is defined. +# socket - unix socket. Highly recommended for security reasons. +# If defined, IP address and TCP port are ignored. +# +# cookie_name - sproxy cookie name. Optional. Default is "sproxy". +# cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109. +# cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days). +# conn_count - number of connections to keep alive. Optional. Default is 32. +# This is specific to Haskell HTTP Client library, and is per host name, +# not per backend. HTTP Client's default is 10. +# +# backends: +# - name: wiki.example.com +# port: 9090 +# cookie_name: sproxy_example +# cookie_max_age: 86400 +# +backends: + - port: 8080 + +... # End of configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + diff --git a/sproxy.yml.example b/sproxy.yml.example deleted file mode 100644 index a9cf9cc..0000000 --- a/sproxy.yml.example +++ /dev/null @@ -1,176 +0,0 @@ ---- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML - -# NOTE: You can use the !include directive to import parts of this file. - -# Logging level: debug, info, warn, error. -# Optional. Default is debug. -# -# log_level: debug - -# The port Sproxy listens on (HTTPS). -# Optional. Default is 443. -# -# listen: 443 - -# Whether SSL is used on port defined by `listen`. -# You should only set it to false iff you intent to do SSL-termination -# somewhere else, e. g. at a load-balancer in a local network. -# If true, you also have to specify `ssl_key` and `ssl_cert`. -# Note that there is no way Sproxy can be usable without HTTPS/SSL at the user side, -# because Sproxy sets cookie for HTTPS only. -# Optional. Default is true. -# ssl: true - -# Listen on port 80 and redirect HTTP requests to HTTPS (see `https_port`). -# Optional. Default is true when `listen` == 443, otherwise false. -# -# listen80: true - -# Port used in redirection of HTTP requests to HTTPS. -# I. e., http://example.com -> https://example.com[:https_port], -# If `http_port` == 443, the port part if omitted. -# This is useful when behind a dumb proxy or load-balancer, like Amazon ELB, -# (and`ssl` == false). It's unlikely that something other than 443 -# is exposed to users, but if you are behind a proxy -# you can't really know the correct https port. -# Optional. Default is as `listen`. -# -# Example: -# https_port: 4040 -# -# https_port: - -# Whether HTTP2 is enabled. Optional. Default is true. -# -# http2: true - -# The system user Sproxy switches to if launched as root (after opening the ports). -# Optional. Default is sproxy. -# -# user: sproxy - -# Home directory for various files including SQLite3 authorization database. -# Optional. Default is current directory. -# -# home: "." - - -# File with SSL certificate. Required if `ssl` == true. -# It can be a bundle with the server certificate coming first: -# cat me-cert.pem CA-cert.pem > cert.pem -# Once again: most wanted certs go first ;-) -# Or you can opt in using of `ssl_cert_chain` -ssl_cert: /path/cert.pem - -# File with SSL key (secret!). Required if `ssl` = true. -ssl_key: /path/key.pem - -# Chain SSL certificate files. -# Optional. Default is an empty list -# Example: -# ssl_cert_chain: -# - /path/foo.pem -# - /path/bar.pem -# -# ssl_cert_chain: [] - - -# PostgreSQL database connection string. -# Optional. If specified, sproxy will periodically pull the data from this -# database into internal SQLite3 database. Define password in a file -# referenced by the PGPASSFILE environment variable. Or use the `pgpassfile` option. -# Cannot be used with the `datafile` option. -# Example: -# database: "user=sproxy-readonly dbname=sproxy port=6001" -# -# database: - -# PostgreSQL password file. -# Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file -# Example: -# pgpassfile: /run/keys/sproxy.pgpass -# -# pgpassfile: - - -# YAML file used to fill internal SQLite3 database. -# Optional. If specified, Sproxy will import it on start overwriting -# and existing data in the internal database. -# Useful for development or some simple deployments. -# Cannot be used with the `database` option. -# For example see the datafile.yml.example -# -# datafile: /path/data.yml - - -# Arbitrary string used to sign sproxy cookie and other things (secret!). -# Optional. If not specified, a random key is generated on startup, and -# as a consequence, restaring sproxy will invalidate existing user sessions. -# This option could be useful for load-balancing with multiple sproxy instances, -# when all instances must understand cookies created by each other. -# This should not be very large, a few random bytes are fine. -# -# key: !include /run/keys/sproxy.secret - - -# Credentials for supported OAuth2 providers. -# Currently supported: "google", "linkedin" -# At least one provider is required. -# Attributes: -# client_id - OAuth2 client ID. -# client_secret - OAuth2 client secret. -# -# Example: -# oauth2: -# google: -# client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" -# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com -# -# linkedin: -# client_id: "xxxxxxxxxxxxxx" -# client_secret: !include "/run/keys/xxxxxxxxxxxxxx" -# -# -# oauth2: -# google: -# client_id: -# client_secret: - - -# Backend servers. At least one is required. -# NOTE: backends at TCP port are not secure, even on localhost, -# because any local user can connect to the backend bypassing sproxy -# authentication and authorization. -# -# It is recommended to communicate with backends via unix sockets only. -# Unix sockets should be secured with proper unix file permissions. -# -# Backend attributes: -# name - the host name as in the Host HTTP header. -# May include wildcards * and ?. The first matching -# backend will be used. Examples: "*.example.com", "wiki.corp.com". -# Optional. Default is "*". Note, that the name must include -# port number if non-standard. -# address - backend IP address. Optional. Default is 127.0.0.1. -# port - backend TCP port. Required unless unix socket is defined. -# socket - unix socket. Highly recommended for security reasons. -# If defined, IP address and TCP port are ignored. -# -# cookie_name - sproxy cookie name. Optional. Default is "sproxy". -# cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109. -# cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days). -# conn_count - number of connections to keep alive. Optional. Default is 32. -# This is specific to Haskell HTTP Client library, and is per host name, -# not per backend. HTTP Client's default is 10. -# -# backends: -# - name: wiki.example.com -# port: 9090 -# cookie_name: sproxy_example -# cookie_max_age: 86400 -# -backends: - - port: 8080 - -... # End of configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML - diff --git a/sproxy2.cabal b/sproxy2.cabal index 3433fae..178b435 100644 --- a/sproxy2.cabal +++ b/sproxy2.cabal @@ -18,8 +18,8 @@ extra-source-files: ChangeLog.md README.md datafile.yml.example + sproxy.example.yml sproxy.sql - sproxy.yml.example source-repository head type: git -- cgit v1.2.3