diff options
author | sid77 <sid77@slackware.it> | 2016-08-21 02:00:41 +0200 |
---|---|---|
committer | Marco Bonetti <marco@intercom.io> | 2016-08-26 10:04:41 +0100 |
commit | 4028762f4a81a59ccc6d6e5662fa7e341fc74336 (patch) | |
tree | 0124ed9d2cf5ef154c2d4923643d9bdcc1edb638 /example-server.conf | |
parent | bc966492134279c03458cab2ed2f2f51104ee283 (diff) |
First attempt at dropping privileges
Diffstat (limited to 'example-server.conf')
-rw-r--r-- | example-server.conf | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/example-server.conf b/example-server.conf index 35a53d1..fcb6558 100644 --- a/example-server.conf +++ b/example-server.conf @@ -3,8 +3,9 @@ server { use_tls = true # Optional. If this is set then `tls_key` and `tls_cert` must be set tls_key = "server.key" # Path to TLS key tls_cert = "server.crt" # Path to TLS certificate + address = "127.0.0.1" # Optional. IP address to listen on port = 443 # Port to listen on - address = "127.0.0.1" # Optional. IP address to listen on. + user = "www" # Optional. User to which the server drops privileges to cookie_secret = "supersecret" # Authentication key for the client cookie csrf_secret = "supersecret" # Authentication key for the CSRF token http_logfile = "http.log" # Logfile for HTTP requests @@ -28,7 +29,7 @@ ssh { signing_key = "signing_key" # Path to the CA signing secret key additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow max_age = "720h" # Maximum lifetime of a ssh certificate - permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate. + permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate } # Optional AWS config. if an aws config is present, the signing key can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`. |