63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
$schema: ../schemas/config.json
|
|
http_web:
|
|
address: 0.0.0.0
|
|
port: 8080
|
|
exposed_url: https://www.example.com:8080
|
|
tls: false
|
|
# tls:
|
|
# key: /tls/tls.key
|
|
# cert: /tls/tls.cert
|
|
compress:
|
|
- gzip
|
|
- deflate
|
|
- br
|
|
- identity
|
|
etag: true
|
|
cache_control:
|
|
static_assets: public, max-age=3600
|
|
http_meta:
|
|
# DO NOT expose the metadata API to the public internet
|
|
address: 0.0.0.0
|
|
port: 8081
|
|
tls: false
|
|
oidc:
|
|
server_url: https://oauth.example.com
|
|
signing_algorithm: ES512
|
|
client_id: your-client-id
|
|
client_secret:
|
|
from_env: OAUTH_CLIENT_SECRET
|
|
pkce_cookie:
|
|
name: app_pkce_code
|
|
secure: true
|
|
ttl: 300
|
|
code_bytes: 48
|
|
session_cookie:
|
|
name: app_session_key
|
|
secure: true
|
|
ttl: 7200
|
|
pepper:
|
|
from_env: SESSION_HASH_PEPPER
|
|
snowflake_uid:
|
|
epoch: 1577836800000
|
|
instance: 0 # todo: This should be populated by a StatefulSet ordinal in k8s; Need to prototype
|
|
storage:
|
|
engine: sqlite3
|
|
pool_min: 2
|
|
pool_max: 10
|
|
argon2:
|
|
# Using the argon2id variant with a time cost of 3 and memory cost 64MiB (65536)
|
|
# is the recommendation for memory constrained environments, according to RFC 9106. If
|
|
# running in an environment that has more available memory to use, the preferred
|
|
# configuration is to instead run with a time cost of 1 and memory cost of 2GiB (2097152).
|
|
#
|
|
# see: https://github.com/ranisalt/node-argon2/wiki/Options
|
|
# see: https://www.rfc-editor.org/rfc/rfc9106.html#section-7.4
|
|
hash_length: 100
|
|
time_cost: 3
|
|
memory_cost: 65536
|
|
parallelism: 4
|
|
logging:
|
|
level: info
|
|
pretty: false
|
|
|