{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "./schemas/config.json", "title": "Configuration for app service", "type": "object", "properties": { "http_web": { "title": "Web Server Config", "description": "Configuration for the main HTTP(S) server", "type": "object", "properties": { "address": { "title": "Web Listener Address", "description": "Address to listen on for inbound connections", "type": "string", "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", "default": "0.0.0.0", "example": "0.0.0.0" }, "port": { "title": "Web Listener Port", "description": "Port number to listen on for inbound connections", "type": "integer", "minimum": 1, "maximum": 65535, "default": 8080, "example": 8080 }, "exposed_url": { "title": "Web Exposed URL", "description": "", "type": "string", "format": "uri", "example": "https://example.com" }, "tls": { "title": "Web TLS Config", "description": "Configuration for TLS/SSL for the HTTP API", "oneOf": [ { "type": "boolean", "const": false }, { "type": "object", "properties": { "key": { }, "cert": { } }, "required": [ "key", "cert" ] } ] }, "etag": { "title": "Web Etag Config", "description": "Controls the generation and validation of `Etag` headers. Each request type can have etags set to `weak`, `strong`, or `none`", "type": "object", "properties": { "static_assets": { "$ref": "#/$defs/etag_type" } } }, "cache_control": { "title": "Web Cache-Control Config", "description": "Controls the generation of `Cache-Control` headers. Each request type has a full `Cache-Control` directive string defined", "type": "object", "properties": { "static_assets": { "$ref": "#/$defs/cache_control_directives" } } } } }, "http_meta": { "title": "Metadata API Config", "description": "Configuration for the secondary metadata HTTP(S) server, used for health checks and other service meta-APIs", "type": "object", "properties": { "address": { "description": "Address to listen on for inbound connections", "type": "string", "pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", "default": "0.0.0.0", "example": "0.0.0.0" }, "port": { "description": "Port number to listen on for inbound connections", "type": "integer", "minimum": 1, "maximum": 65535, "default": 8081, "example": 8081 }, "tls": { "title": "TLS Config", "description": "Configuration for TLS/SSL for the HTTP API", "oneOf": [ { "type": "boolean", "const": false }, { "type": "object", "properties": { }, "required": [ ] } ] } } }, "logging": { "title": "Logging Config", "description": "Configuration that controls the service's log output", "type": "object", "properties": { "level": { "description": "", "type": "string", "enum": [ "silent", "fatal", "error", "warn", "info", "debug", "trace" ] }, "pretty": { "title": "", "description": "", "type": "boolean" } } }, "oidc": { "title": "OpenID Connect (OIDC) Config", "description": "Configuration for the OpenID Connect (OIDC) provider and client", "type": "object", "properties": { "server_url": { "title": "OIDC Server Location", "description": "URL pointing to the OIDC provider service", "type": "string", "format": "uri" }, "signing_algorithm": { "title": "", "description": "", "type": "string", "enum": [ "ES512" ] }, "client_id": { "title": "", "description": "", "type": "string" }, "client_secret": { "title": "", "description": "", "type": "string" } } }, "pkce_cookie": { "title": "PKCE Cookie Config", "description": "Configuration for the cookie used in the Proof Key for Code Exchange (PKCE) flow", "type": "object", "properties": { "name": { "title": "PKCE Cookie Name", "description": "The name of the cookie to store the PKCE code in", "type": "string", "default": "pkce_code" }, "secure": { "title": "PKCE Cookie Secure", "description": "Sets the `Secure` directive on the PKCE code cookie (this should always be `true` in production)", "type": "boolean", "default": true }, "ttl": { "title": "PKCE Cookie TTL", "description": "Time-to-live for the PKCE code cookie (in seconds)", "type": "integer", "default": 600 }, "code_bytes": { "title": "PKCE Code Input Bytes", "description": "Number of bytes of random data to generate for the verification code (more is stronger, must be in range 32-96)", "type": "integer", "minimum": 32, "maximum": 96, "example": 48, "default": 48 } } }, "session_cookie": { "title": "Session Cookie Config", "description": "Configuration for the cookie used in to store login session keys", "type": "object", "properties": { "name": { "title": "Session Cookie Name", "description": "The name of the cookie to store the session key in", "type": "string", "default": "pkce_code" }, "secure": { "title": "Session Cookie Secure", "description": "Sets the `Secure` directive on the session key cookie (this should always be `true` in production)", "type": "boolean", "default": true }, "ttl": { "title": "Session Cookie TTL", "description": "Time-to-live for the session key cookie (in seconds)", "type": "integer", "default": 7200 } } }, "storage": { "title": "Storage Config", "description": "Configuration for the main application data storage layer", "oneOf": [ { "$ref": "#/$defs/file_storage_config" } ] } }, "$defs": { "etag_type": { "type": "string", "enum": [ "none", "weak", "strong" ] }, "cache_control_directives": { "description": "A full `Cache-Control` directives string", "type": "string", "example": "public, max-age=3600" }, "file_storage_config": { "type": "object", "properties": { "engine": { "type": "string", "const": "file" } }, "required": [ "engine" ] } } }