aboutsummaryrefslogtreecommitdiff
path: root/ci/config-templates
diff options
context:
space:
mode:
Diffstat (limited to 'ci/config-templates')
-rw-r--r--ci/config-templates/Essentials.Accounts-template.json6
-rw-r--r--ci/config-templates/PageRouter-template.json2
-rw-r--r--ci/config-templates/SessionProvider-template.json23
-rw-r--r--ci/config-templates/SimpleBookmark-template.json8
-rw-r--r--ci/config-templates/config-template.json148
5 files changed, 102 insertions, 85 deletions
diff --git a/ci/config-templates/Essentials.Accounts-template.json b/ci/config-templates/Essentials.Accounts-template.json
index 54e9b58..eba3528 100644
--- a/ci/config-templates/Essentials.Accounts-template.json
+++ b/ci/config-templates/Essentials.Accounts-template.json
@@ -1,12 +1,12 @@
{
- "debug": ${DEBUG_PLUGINS},
+ "debug": ${DEBUG_PLUGINS:-false}, //Enables obnoxious debug logging
//endpoints
"login_endpoint": {
"path": "/api/account/login",
- "max_login_attempts": ${MAX_LOGIN_ATTEMPS}, //10 failed attempts in 10 minutes
- "failed_attempt_timeout_sec": 600 //10 minutes
+ "max_login_attempts": ${MAX_LOGIN_ATTEMPS:-10}, //10 failed attempts in 10 minutes
+ "failed_attempt_timeout_sec": 600 //10 minutes
},
"keepalive_endpoint": {
diff --git a/ci/config-templates/PageRouter-template.json b/ci/config-templates/PageRouter-template.json
index 86a51f8..7fe27c1 100644
--- a/ci/config-templates/PageRouter-template.json
+++ b/ci/config-templates/PageRouter-template.json
@@ -1,5 +1,5 @@
{
- "debug": ${DEBUG_PLUGINS},
+ "debug": ${DEBUG_PLUGINS:-false}, //Enables obnoxious debug logging
"store": {
//All builds require the routes.xml file in the config directory even after variable substitution
"route_file": "config/routes.xml"
diff --git a/ci/config-templates/SessionProvider-template.json b/ci/config-templates/SessionProvider-template.json
index 328f06f..b855bc8 100644
--- a/ci/config-templates/SessionProvider-template.json
+++ b/ci/config-templates/SessionProvider-template.json
@@ -1,25 +1,20 @@
{
- "debug": ${DEBUG_PLUGINS},
+ "debug": ${DEBUG_PLUGINS:-false}, //Enables obnoxious debug logging
//Provider assemblies to load
"provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ],
//Web session provider, valid format for VNCache and also memory sessions
"web": {
- //Cache system key prefix
- "cache_prefix": "websessions",
- //The session cookie name
- "cookie_name": "sb-session",
- //Size in bytes for generated session ids
- "cookie_size": 40,
- //time (in seconds) a session is valid for
- "valid_for_sec": 3600,
- //The maxium number of connections waiting for the cache server responses
- "max_waiting_connections": 100,
- //Enforce strict cross-origin session checks
- "strict_cors": true,
+
+ "cache_prefix": "websessions", //Cache system key prefix
+ "cookie_name": "sb-session", //The session cookie name
+ "cookie_size": 40, //Size in bytes for generated session ids
+ "valid_for_sec": 3600, //time (in seconds) a session is valid for
+ "max_waiting_connections": 100, //The maxium number of connections waiting for the cache server responses
+
///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
- "strict_tls_protocol": true
+ "strict_tls_protocol": ${SESSION_STRICT_TLS:-true}
}
} \ No newline at end of file
diff --git a/ci/config-templates/SimpleBookmark-template.json b/ci/config-templates/SimpleBookmark-template.json
index 8736d8d..dcbf701 100644
--- a/ci/config-templates/SimpleBookmark-template.json
+++ b/ci/config-templates/SimpleBookmark-template.json
@@ -1,7 +1,7 @@
{
//Comments are allowed
- "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging
+ "debug": ${DEBUG_PLUGINS:-false}, //Enables obnoxious debug logging
"bm_endpoint": {
@@ -10,7 +10,7 @@
"config": {
"max_limit": 100, //Max results per page
"default_limit": 20, //Default results per page
- "user_quota": ${MAX_BOOKMARKS} //Max bookmarks per user
+ "user_quota": ${MAX_BOOKMARKS:-5000} //Max bookmarks per user
}
},
@@ -29,7 +29,7 @@
"registration": {
"path": "/api/register", //Path for the registration endpoint
- "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN}, //Token lifetime in minutes
- "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN}0 //Signing key regeneration interval in minutes
+ "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN:-360}, //Token lifetime in minutes
+ "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN:-360}0 //Signing key regeneration interval in minutes
}
} \ No newline at end of file
diff --git a/ci/config-templates/config-template.json b/ci/config-templates/config-template.json
index 7055678..1573461 100644
--- a/ci/config-templates/config-template.json
+++ b/ci/config-templates/config-template.json
@@ -3,41 +3,38 @@
//Host application config, config is loaded as a read-only DOM that is available
//to the host and loaded child plugins, all elements are available to plugins via the 'HostConfig' property
- "http": {
- //The defaut HTTP version to being requests with (does not support http/2 yet)
- "default_version": "HTTP/1.1",
- //The maxium size (in bytes) of response messges that will be compressed
- "compression_limit": 512000,
- //Minium response size (in bytes) to compress
- "compression_minimum": 2048,
- //The size of the buffer to use when parsing multipart/form data uploads
- "multipart_max_buf_size": 8192,
- //The maxium ammount of data (in bytes) allows for mulitpart/form data file uploads
- "multipart_max_size": 80240,
- //Absolute maximum size (in bytes) of the request entity body (exludes headers)
- "max_entity_size": ${MAX_CONTENT_LENGTH},
- //Keepalive ms for HTTP1.1 keepalive connections
- "keepalive_ms": 1000000,
- //The buffer size to use when parsing headers (also the maxium request header size allowed)
- "header_buf_size": 8128,
- //The maxium number of headers allowed in an HTTP request message
- "max_request_header_count": 50,
- //The maxium number of allowed network connections, before 503s will be issued automatically and connections closed
- "max_connections": 5000,
- //The size in bytes of the buffer to use when writing response messages
- "response_buf_size": 65536,
- //time (in ms) to wait for a response from an active connection in recv mode, before dropping it
- "recv_timeout_ms": 5000,
- //Time in ms to wait for the client to accept transport data before terminating the connection
- "send_timeout_ms": 60000,
- //The size (in bytes) of the buffer used to store all response header data
- "response_header_buf_size": 16384,
- //Max number of file uploads allowed per request
- "max_uploads_per_request": 10
+ "tcp": {
+ "keepalive_sec": 0, //How long to wait for a keepalive response before closing the connection (0 to disable tcp keepalive)
+ "keepalive_interval_sec": 0, //How long to wait between keepalive probes
+ "max_recv_size": 655360, //640k absolute maximum recv buffer (defaults to OS socket buffer size)
+ "max_connections": ${HTTP_MAX_CONS:-5000}0, //Per listener instance
+ "backlog": 1000, //OS socket backlog,
+
+ "tx_buffer": 65536, //OS socket send buffer size 64k is a good default
+ "rx_buffer": 65536 //OS socket recv buffer size 64k is a good default
},
- //Compression is installed in the container at lib/ directory along with the native library supporting gzip and brotli
- "compression_lib": "lib/vnlib.net.compression/VNLib.Net.Compression.dll",
+ "http": {
+ "default_version": "HTTP/1.1", //The defaut HTTP version to being requests with (does not support http/2 yet)
+ "multipart_max_buf_size": 8192, //The size of the buffer to use when parsing multipart/form data uploads
+ "multipart_max_size": 80240, //The maxium ammount of data (in bytes) allows for mulitpart/form data file uploads
+ "max_entity_size": ${MAX_CONTENT_LENGTH:-5120000}, //Absolute maximum size (in bytes) of the request entity body (exludes headers)
+ "header_buf_size": 8128, //The buffer size to use when parsing headers (also the maxium request header size allowed)
+ "max_request_header_count": 50, //The maxium number of headers allowed in an HTTP request message
+ "max_connections":${HTTP_MAX_CONS:-5000}, //The maxium number of allowed network connections, before 503s will be issued automatically and connections closed
+ "response_header_buf_size": 8128, //The size (in bytes) of the buffer used to store all response header data
+ "max_uploads_per_request": 10, //Max number of multi-part file uploads allowed per request
+ "keepalive_ms": 1000000, //Keepalive ms for HTTP1.1 keepalive connections
+ "recv_timeout_ms": 5000, //time (in ms) to wait for a response from an active connection in recv mode, before dropping it
+ "send_timeout_ms": 60000, //Time in ms to wait for the client to accept transport data before terminating the connection
+
+ "compression": {
+ "enabled": ${COMPRESSION_ON:-true}, //controls compression globally
+ "assembly": "lib/vnlib.net.compression/VNLib.Net.Compression.dll", //A custom assembly path (ex: 'VNLib.Net.Compression.dll')
+ "max_size": ${COMPRESSION_MAX:-512000}, //Maxium size of a response to compress before it's bypassed
+ "min_size": ${COMPRESSION_MIN:-2048} //Minium size of a response to compress, if smaller compression is bypassed
+ }
+ },
//Setup the native lib
"vnlib.net.compression": {
@@ -45,24 +42,30 @@
"level": 1
},
-
- //Maxium ammount of time a request is allowed to be processed (includes loading or waiting for sessions) before operations will be cancelled and a 503 returned
- "max_execution_time_ms": 20000,
-
//Collection of objects to define hosts+interfaces to build server listeners from
"virtual_hosts": [
{
- "trace": ${HTTP_TRACE_ON},
+ "trace": ${HTTP_TRACE_ON:-false},
+ "force_port_check": false, //disable port checking by default (useful for containers)
//The interface to bind to, you may not mix TLS and non-TLS connections on the same interface
- "interface": {
- "address": "0.0.0.0",
- "port": 8080
- },
+ "interfaces": [
+ {
+ "address": "0.0.0.0",
+ "port": ${HTTP_PORT:-8080},
+
+ "ssl": ${TLS_ENABLE:-true}, //Enables TLS for this interface for this host specifically
+ "certificate": "${TLS_CERT}", //Cert may be pem or pfx (include private key in pfx, or include private key in a pem file)
+ "private_key": "${TLS_PRIVATE_KEY}", //A pem encoded private key, REQUIRED if using a PEM certificate, may be encrypted with a password
+ "password": null, //An optional password for the ssl private key
+ "client_cert_required": false, //requires that any client connecting to this host present a valid certificate
+ "use_os_ciphers": false //Use the OS's ciphers instead of the hard-coded ciphers
+ }
+ ],
//Collection of "trusted" servers to allow proxy header support from
- "downstream_servers": ${HTTP_DOWNSTREAM_SERVERS},
+ "downstream_servers": ${HTTP_DOWNSTREAM_SERVERS:-[]},
//The hostname to listen for, "*" as wildcard, and "[system]" as the default hostname for the current machine
"hostname": "*",
@@ -76,16 +79,31 @@
//A list of error file objects, files are loaded into memory (and watched for changes) and returned when the specified error code occurs
"error_files": [],
- //The default
- "cache_default_sec": 864000,
+ "cors": {
+ "enabled": false, //Enables cors protections for this host
+ "deny_cors_connections": false, //If true, all cors connections will be denied
+ "allowed_origins": [ ]
+ },
+
+ //Key-value headers object, some headers are special and are controlled by the vh processor
+ "headers": {
+ "Server": "Simple-Bookmark-Server",
+ "X-Frame-Options": "DENY",
+ "X-Content-Type-Options": "nosniff",
+ "X-XSS-Protection": "1; mode=block",
+ },
- "ssl": ${SSL_JSON},
+ //The default
+ "cache_default_sec": 864000,
+ //Maxium ammount of time a request is allowed to be processed (includes loading or waiting for sessions) before operations will be cancelled and a 503 returned
+ "max_execution_time_ms": 20000,
}
],
//Defines the directory where plugin's are to be loaded from
"plugins": {
+ "enabled": true,
//Hot-reload creates collectable assemblies that allow full re-load support in the host application, should only be used for development purposes!
"hot_reload": false,
"path": "plugins/",
@@ -93,27 +111,31 @@
"assets": "plugins/assets/"
},
- "sys_log": {
- "path": "data/logs/sys-log.txt",
- "flush_sec": 5,
- "retained_files": 31,
- "file_size_limit": 10485760,
- "interval": "infinite"
- },
-
- "app_log": {
- "path": "data/logs/app-log.txt",
- "flush_sec": 5,
- "retained_files": 31,
- "file_size_limit": 10485760,
- "interval": "infinite"
+ "logs":{
+ "sys_log": {
+ "enabled": ${LOG_ENABLE_FILES:-true},
+ "path": "data/logs/sys-log.txt",
+ "flush_sec": 5,
+ "retained_files": 31,
+ "file_size_limit": 10485760,
+ "interval": "infinite"
+ },
+
+ "app_log": {
+ "enabled": ${LOG_ENABLE_FILES:-true},
+ "path": "data/logs/app-log.txt",
+ "flush_sec": 5,
+ "retained_files": 31,
+ "file_size_limit": 10485760,
+ "interval": "infinite"
+ }
},
//HASHICORP VAULT
"hashicorp_vault": {
"url": "${HC_VAULT_ADDR}",
"token": "${HC_VAULT_TOKEN}",
- "trust_certificate": ${HC_VAULT_TRUST_CERT},
+ "trust_certificate": ${HC_VAULT_TRUST_CERT:-false},
},
//SQL CONFIG
@@ -139,13 +161,13 @@
"discovery_interval_sec": 120,
//Initial nodes to discover from
- "initial_nodes": ${VNCACHE_INITIAL_NODES},
+ "initial_nodes": ${VNCACHE_INITIAL_NODES:-[]},
//Disable TLS
"use_tls": false,
//Setting this value to true will cause the cache store to load a memory-only instance, without remote backing
- "memory_only": ${MEMCACHE_ONLY},
+ "memory_only": ${MEMCACHE_ONLY:-true},
//enable memory cache
"memory_cache": {
generated by cgit (git 2.46.0) at 2024-10-01 19:32:52 +0000