aboutsummaryrefslogtreecommitdiff
path: root/example-server.conf
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-06-05 22:18:24 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-06-05 23:00:46 +0100
commitb8af9fe60f27353bdd5933ed37508b30d4290046 (patch)
treefcc12e2f39f9fe4d7aa7d37fd4114309d3362c38 /example-server.conf
parenta52d19e9e78d08643ffd4aee0483515d8bae2939 (diff)
Add AWS S3 and Google GCS virtual filesystems.
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
Diffstat (limited to 'example-server.conf')
-rw-r--r--example-server.conf11
1 files changed, 11 insertions, 0 deletions
diff --git a/example-server.conf b/example-server.conf
index 94c6b69..5a88615 100644
--- a/example-server.conf
+++ b/example-server.conf
@@ -1,3 +1,4 @@
+# Server config
server {
use_tls = true # Optional. If this is set then `tls_key` and `tls_cert` must be set
tls_key = "server.key" # Path to TLS key
@@ -6,6 +7,7 @@ server {
cookie_secret = "supersecret" # Authentication key for the client cookie
}
+# Oauth2 configuration
auth {
provider = "google" # Oauth provider to use
oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID
@@ -16,9 +18,18 @@ auth {
}
}
+# Configuration for the certificate signer.
ssh {
signing_key = "signing_key" # Path to the CA signing secret key
additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow
max_age = "720h" # Maximum lifetime of a ssh certificate
permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate.
}
+
+# Optional AWS config. if an aws config is present, the signing key can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`.
+# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk
+aws {
+ region = "eu-west-1"
+ access_key = "abcdef"
+ secret_key = "xyz123"
+}