aboutsummaryrefslogtreecommitdiff
path: root/example-server.conf
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-05-29 14:21:36 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-05-29 14:21:36 +0100
commit46ec48845704b54d395727441edc049b009da774 (patch)
tree022ef93da7f270dd6fab1f44959ee563e774141c /example-server.conf
parent86580580cfef527311f0726fe30e68075ba33f25 (diff)
Replace json examples with hcl examples
Diffstat (limited to 'example-server.conf')
-rw-r--r--example-server.conf24
1 files changed, 24 insertions, 0 deletions
diff --git a/example-server.conf b/example-server.conf
new file mode 100644
index 0000000..94c6b69
--- /dev/null
+++ b/example-server.conf
@@ -0,0 +1,24 @@
+server {
+ use_tls = true # Optional. If this is set then `tls_key` and `tls_cert` must be set
+ tls_key = "server.key" # Path to TLS key
+ tls_cert = "server.crt" # Path to TLS certificate
+ port = 443 # Port to listen on
+ cookie_secret = "supersecret" # Authentication key for the client cookie
+}
+
+auth {
+ provider = "google" # Oauth provider to use
+ oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID
+ oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy" # Oauth client secret
+ oauth_callback_url = "https://sshca.example.com/auth/callback" # Oauth callback url
+ provider_opts {
+ domain = "example.com" # Oauth-provider specific options
+ }
+}
+
+ssh {
+ signing_key = "signing_key" # Path to the CA signing secret key
+ additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow
+ max_age = "720h" # Maximum lifetime of a ssh certificate
+ permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate.
+}