blob: 52d534d0b1bfb549ef0c42cde5d386538bd3e6d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# Server config
server {
address = "0.0.0.0" # Optional. IP address to listen on
port = 80 # Port to listen on
user = "www" # Optional. User to which the server drops privileges to
cookie_secret = "supersecret" # Authentication key for the client cookie
csrf_secret = "supersecret" # Authentication key for the CSRF token
secure_cookie = true
http_logfile = "http.log" # Logfile for HTTP requests
}
# Oauth2 configuration
github {
oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID
oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy" # Oauth client secret
oauth_callback_url = "https://sshca.example.com/auth/callback" # Oauth callback url
users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"]
orgs_whitelist = ["org1", "org2"]
}
# Configuration for the certificate signer.
ssh {
signing_key = "signing_key" # Path to the CA signing secret key
additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow
max_age = "720h" # Maximum lifetime of a ssh certificate
permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"] # Permissions associated with a certificate
}
|