--- # Sproxy configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML # Logging level: debug, info, warn, error. # Optional. Default is debug. # # log_level: debug # The port Sproxy listens on (HTTPS). # Optional. Default is 443. # # listen: 443 # Listen on port 80 and redirect HTTP requests to HTTPS. # Optional. Default is true when listen == 443, otherwise false. # # listen80: true # Whether HTTP2 is enabled. Optional. Default is "true" # # http2: true # The system user Sproxy switches to if launched as root (after opening the ports). # Optional. Default is sproxy. # # user: sproxy # Home directory for various files including SQLite3 authorization database. # Optional. Default is current directory. # # home: "." # File with SSL certificate. Required. # It can be a bundle with the server certificate coming first: # cat me-cert.pem CA-cert.pem > cert.pem # Once again: most wanted certs go first ;-) # Or you can opt in using of `ssl_cert_chain` ssl_cert: /path/cert.pem # File with SSL key (secret!). Required. ssl_key: /path/key.pem # Chain SSL certificate files. # Optional. Default is an empty list # Example: # ssl_cert_chain: # - /path/foo.pem # - /path/bar.pem # # ssl_cert_chain: [] # PostgreSQL database connection string. # Optional. If specified, sproxy will periodically pull the data from this # database into internal SQLite3 database. Define password in a file # referenced by the PGPASSFILE environment variable. Or use the "pgpassfile" option. # Cannot be used with the "datafile" option. # Example: # database: "user=sproxy-readonly dbname=sproxy port=6001" # # database: # PostgreSQL password file. # Optional. If specified, sproxy will set PGPASSFILE environment variable pointing to this file # Example: # pgpassfile: /run/keys/sproxy.pgpass # # pgpassfile: # YAML file used to fill internal SQLite3 database. # Optional. If specified, Sproxy will import it on start overwriting # and existing data in the internal database. # Useful for development or some simple deployments. # Cannot be used with the "database" option. # For example see the datafile.yml.example # # datafile: /path/data.yml # A file with arbitrary content used to sign sproxy cookie and other things (secret!). # Optional. If not specified, a random key is generated on startup, and # as a consequence, restaring sproxy will invalidate existing user sessions. # This option could be useful for load-balancing with multiple sproxy instances, # when all instances must understand cookies created by each other. # This should not be very large, a few random bytes are fine. # # key: /run/keys/sproxy.secret # Credentials for supported OAuth2 providers. # Currently supported: "google", "linkedin" # At least one provider is required. # Attributes: # client_id - OAuth2 client ID (string) # client_secret - OAuth2 client secret. Regardless of its name, this is a file. # The secret is read from the file which you should keep secret. # Only the first line of this file is read. # # Example: # oauth2: # google: # client_id: "XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" # client_secret: "/run/keys/XXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY.apps.googleusercontent.com" # # linkedin: # client_id: "xxxxxxxxxxxxxx" # client_secret: "/run/keys/xxxxxxxxxxxxxx" # # # oauth2: # google: # client_id: # client_secret: # Backend servers. At least one is required. # NOTE: backends at TCP port are not secure, even on localhost, # because any local user can connect to the backend bypassing sproxy # authentication and authorization. # # It is recommended to communicate with backends via unix sockets only. # Unix sockets should be secured with proper unix file permissions. # # Backend attributes: # name - the host name as in the Host HTTP header. # May include wildcards * and ?. The first matching # backend will be used. Examples: "*.example.com", "wiki.corp.com". # Optional. Default is "*". Note, that the name must include # port number if non-standard. # address - backend IP address. Optional. Default is 127.0.0.1. # port - backend TCP port. Required unless unix socket is defined. # socket - unix socket. Highly recommended for security reasons. # If defined, IP address and TCP port are ignored. # # cookie_name - sproxy cookie name. Optional. Default is "sproxy". # cookie_domain - sproxy cookie domain. Optional. Default is the request host name as per RFC2109. # cookie_max_age - sproxy cookie shelflife in seconds. Optional. Default is 604800 (7 days). # conn_count - number of connections to keep alive. Optional. Default is 32. # This is specific to Haskell HTTP Client library, and is per host name, # not per backend. HTTP Client's default is 10. # # backends: # - name: wiki.example.com # port: 9090 # cookie_name: sproxy_example # cookie_max_age: 86400 # backends: - port: 8080 ... # End of configuration. Don't remove this line. This is YAML: https://en.wikipedia.org/wiki/YAML