From f5f80c5e63c443cbe7e61f5f029dd7d793318441 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Mon, 5 Dec 2016 19:10:30 +0300 Subject: sproxy.yml.example -> sproxy.example.yml --- sproxy.example.yml | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 sproxy.example.yml (limited to 'sproxy.example.yml') diff --git a/sproxy.example.yml b/sproxy.example.yml new file mode 100644 index 0000000..a9cf9cc --- /dev/null +++ b/sproxy.example.yml @@ -0,0 +1,176 @@ +--- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + +# NOTE: You can use the !include directive to import parts of this file. + +# Logging level: debug, info, warn, error. +# Optional. Default is debug. +# +# log_level: debug + +# The port Sproxy listens on (HTTPS). +# Optional. Default is 443. +# +# listen: 443 + +# Whether SSL is used on port defined by `listen`. +# You should only set it to false iff you intent to do SSL-termination +# somewhere else, e. g. at a load-balancer in a local network. +# If true, you also have to specify `ssl_key` and `ssl_cert`. +# Note that there is no way Sproxy can be usable without HTTPS/SSL at the user side, +# because Sproxy sets cookie for HTTPS only. +# Optional. Default is true. +# ssl: true + +# Listen on port 80 and redirect HTTP requests to HTTPS (see `https_port`). +# Optional. Default is true when `listen` == 443, otherwise false. +# +# listen80: true + +# Port used in redirection of HTTP requests to HTTPS. +# I. e., http://example.com -> https://example.com[:https_port], +# If `http_port` == 443, the port part if omitted. +# This is useful when behind a dumb proxy or load-balancer, like Amazon ELB, +# (and`ssl` == false). It's unlikely that something other than 443 +# is exposed to users, but if you are behind a proxy +# you can't really know the correct https port. +# Optional. Default is as `listen`. +# +# Example: +# https_port: 4040 +# +# https_port: + +# Whether HTTP2 is enabled. Optional. Default is true. +# +# http2: true + +# The system user Sproxy switches to if launched as root (after opening the ports). +# Optional. Default is sproxy. +# +# user: sproxy + +# Home directory for various files including SQLite3 authorization database. +# Optional. Default is current directory. +# +# home: "." + + +# File with SSL certificate. Required if `ssl` == true. +# It can be a bundle with the server certificate coming first: +# cat me-cert.pem CA-cert.pem > cert.pem +# Once again: most wanted certs go first ;-) +# Or you can opt in using of `ssl_cert_chain` +ssl_cert: /path/cert.pem + +# File with SSL key (secret!). Required if `ssl` = true. +ssl_key: /path/key.pem + +# Chain SSL certificate files. +# Optional. Default is an empty list +# Example: +# ssl_cert_chain: +# - /path/foo.pem +# - /path/bar.pem +# +# ssl_cert_chain: [] + + +# PostgreSQL database connection string. +# Optional. If specified, sproxy will periodically pull the data from this +# database into internal SQLite3 database. Define password in a file +# referenced by the PGPASSFILE environment variable. Or use the `pgpassfile` option. +# Cannot be used with the `datafile` option. +# Example: +# database: "user=sproxy-readonly dbname=sproxy port=6001" +# +# database: + +# PostgreSQL password file. +# Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file +# Example: +# pgpassfile: /run/keys/sproxy.pgpass +# +# pgpassfile: + + +# YAML file used to fill internal SQLite3 database. +# Optional. If specified, Sproxy will import it on start overwriting +# and existing data in the internal database. +# Useful for development or some simple deployments. +# Cannot be used with the `database` option. +# For example see the datafile.yml.example +# +# datafile: /path/data.yml + + +# Arbitrary string used to sign sproxy cookie and other things (secret!). +# Optional. If not specified, a random key is generated on startup, and +# as a consequence, restaring sproxy will invalidate existing user sessions. +# This option could be useful for load-balancing with multiple sproxy instances, +# when all instances must understand cookies created by each other. +# This should not be very large, a few random bytes are fine. +# +# key: !include /run/keys/sproxy.secret + + +# Credentials for supported OAuth2 providers. +# Currently supported: "google", "linkedin" +# At least one provider is required. +# Attributes: +# client_id - OAuth2 client ID. +# client_secret - OAuth2 client secret. +# +# Example: +# oauth2: +# google: +# client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" +# client_secret: !include /run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com +# +# linkedin: +# client_id: "xxxxxxxxxxxxxx" +# client_secret: !include "/run/keys/xxxxxxxxxxxxxx" +# +# +# oauth2: +# google: +# client_id: +# client_secret: + + +# Backend servers. At least one is required. +# NOTE: backends at TCP port are not secure, even on localhost, +# because any local user can connect to the backend bypassing sproxy +# authentication and authorization. +# +# It is recommended to communicate with backends via unix sockets only. +# Unix sockets should be secured with proper unix file permissions. +# +# Backend attributes: +# name - the host name as in the Host HTTP header. +# May include wildcards * and ?. The first matching +# backend will be used. Examples: "*.example.com", "wiki.corp.com". +# Optional. Default is "*". Note, that the name must include +# port number if non-standard. +# address - backend IP address. Optional. Default is 127.0.0.1. +# port - backend TCP port. Required unless unix socket is defined. +# socket - unix socket. Highly recommended for security reasons. +# If defined, IP address and TCP port are ignored. +# +# cookie_name - sproxy cookie name. Optional. Default is "sproxy". +# cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109. +# cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days). +# conn_count - number of connections to keep alive. Optional. Default is 32. +# This is specific to Haskell HTTP Client library, and is per host name, +# not per backend. HTTP Client's default is 10. +# +# backends: +# - name: wiki.example.com +# port: 9090 +# cookie_name: sproxy_example +# cookie_max_age: 86400 +# +backends: + - port: 8080 + +... # End of configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML + -- cgit v1.2.3