aboutsummaryrefslogtreecommitdiff
path: root/ci/container/config-templates
diff options
context:
space:
mode:
Diffstat (limited to 'ci/container/config-templates')
-rw-r--r--ci/container/config-templates/Essentials.Accounts-template.json76
-rw-r--r--ci/container/config-templates/PageRouter-template.json6
-rw-r--r--ci/container/config-templates/SessionProvider-template.json25
-rw-r--r--ci/container/config-templates/SimpleBookmark-template.json35
-rw-r--r--ci/container/config-templates/config-template.json170
5 files changed, 0 insertions, 312 deletions
diff --git a/ci/container/config-templates/Essentials.Accounts-template.json b/ci/container/config-templates/Essentials.Accounts-template.json
deleted file mode 100644
index 68568a9..0000000
--- a/ci/container/config-templates/Essentials.Accounts-template.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
- "debug": ${DEBUG_PLUGINS},
-
- //endpoints
-
- "login_endpoint": {
- "path": "/api/account/login",
- "max_login_attempts": ${MAX_LOGIN_ATTEMPS}, //10 failed attempts in 10 minutes
- "failed_attempt_timeout_sec": 600 //10 minutes
- },
-
- "keepalive_endpoint": {
- "path": "/api/account/keepalive",
- //Regen token every 10 mins along with cookies
- "token_refresh_sec": 600 //10 minutes
- },
-
- "profile_endpoint": {
- "path": "/api/account/profile"
- },
-
- "password_endpoint": {
- "path": "/api/account/reset"
- },
-
- "mfa_endpoint": {
- "path": "/api/account/mfa"
- },
-
- "logout_endpoint": {
- "path": "/api/account/logout"
- },
-
- "pki_auth_endpoint": {
- "path": "/api/account/pki",
- "jwt_time_dif_sec": 30,
- "max_login_attempts": 10,
- "failed_attempt_timeout_sec": 600,
- //Configures the PATCH and DELETE methods to update the user's stored key when logged in
- "enable_key_update": true
- },
-
- //If mfa is defined, configures mfa enpoints and enables mfa logins
- "mfa": {
- "upgrade_expires_secs": 180,
- "nonce_size": 64,
-
- //Defines totp specific arguments
- "totp": {
- "digits": 6,
- "issuer": "Simple-Bookmark",
- "period_secs": 30,
- "algorithm": "sha1",
- "secret_size": 32,
- "window_size": 2
- }
- },
-
- //Defines the included account provider
- "account_security": {
- //Time in seconds before a session is considered expired
- "session_valid_for_sec": 3600,
- //Path/domain for all security cookies
- "cookie_domain": "",
- "cookie_path": "/",
- "status_cookie_name": "li", //front-end cookie name must match to detect login status
- "otp_header_name": "X-Web-Token", //Front-end header name must match
- "otp_time_diff_sec": 30,
- "otp_key_size": 64,
- "pubkey_cookie_name": "client-id",
- "pubkey_signing_key_size": 32,
- "strict_origin": false,
- "strict_path": true, //Can be enabled if front-end is running on the same server
- //"allowed_origins": [""]
- }
-} \ No newline at end of file
diff --git a/ci/container/config-templates/PageRouter-template.json b/ci/container/config-templates/PageRouter-template.json
deleted file mode 100644
index 98dded3..0000000
--- a/ci/container/config-templates/PageRouter-template.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "debug": ${DEBUG_PLUGINS},
- "store": {
- "route_file": "static/routes.xml"
- }
-} \ No newline at end of file
diff --git a/ci/container/config-templates/SessionProvider-template.json b/ci/container/config-templates/SessionProvider-template.json
deleted file mode 100644
index 328f06f..0000000
--- a/ci/container/config-templates/SessionProvider-template.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-
- "debug": ${DEBUG_PLUGINS},
-
- //Provider assemblies to load
- "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ],
-
- //Web session provider, valid format for VNCache and also memory sessions
- "web": {
- //Cache system key prefix
- "cache_prefix": "websessions",
- //The session cookie name
- "cookie_name": "sb-session",
- //Size in bytes for generated session ids
- "cookie_size": 40,
- //time (in seconds) a session is valid for
- "valid_for_sec": 3600,
- //The maxium number of connections waiting for the cache server responses
- "max_waiting_connections": 100,
- //Enforce strict cross-origin session checks
- "strict_cors": true,
- ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
- "strict_tls_protocol": true
- }
-} \ No newline at end of file
diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json
deleted file mode 100644
index 8736d8d..0000000
--- a/ci/container/config-templates/SimpleBookmark-template.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-
- //Comments are allowed
- "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging
-
- "bm_endpoint": {
-
- "path": "/api/bookmarks", //Path for the bookmarks endpoint
-
- "config": {
- "max_limit": 100, //Max results per page
- "default_limit": 20, //Default results per page
- "user_quota": ${MAX_BOOKMARKS} //Max bookmarks per user
- }
- },
-
- //System website lookup endpoint (aka curl)
- "curl": {
- "path": "/api/lookup",
- "exe_path": "curl", //Path to the curl executable
- "extra_args": [
- "--globoff", //Disables unsafe url globbing
- "--no-keepalive", //Disables keepalive, uneeded for a single lookup request
- "--max-filesize", "100K", //Max file size 100K
- "--max-redirs", "5", //Max redirects 5
- "--location" //Follow redirects
- ]
- },
-
- "registration": {
- "path": "/api/register", //Path for the registration endpoint
- "token_lifetime_mins": ${REG_TOKEN_DURATION_MIN}, //Token lifetime in minutes
- "key_regen_interval_mins": ${REG_TOKEN_DURATION_MIN}0 //Signing key regeneration interval in minutes
- }
-} \ No newline at end of file
diff --git a/ci/container/config-templates/config-template.json b/ci/container/config-templates/config-template.json
deleted file mode 100644
index 0bd0ddb..0000000
--- a/ci/container/config-templates/config-template.json
+++ /dev/null
@@ -1,170 +0,0 @@
-{
-
- //Host application config, config is loaded as a read-only DOM that is available
- //to the host and loaded child plugins, all elements are available to plugins via the 'HostConfig' property
-
- "http": {
- //The defaut HTTP version to being requests with (does not support http/2 yet)
- "default_version": "HTTP/1.1",
- //The maxium size (in bytes) of response messges that will be compressed
- "compression_limit": 512000,
- //Minium response size (in bytes) to compress
- "compression_minimum": 2048,
- //The size of the buffer to use when parsing multipart/form data uploads
- "multipart_max_buf_size": 8192,
- //The maxium ammount of data (in bytes) allows for mulitpart/form data file uploads
- "multipart_max_size": 80240,
- //Absolute maximum size (in bytes) of the request entity body (exludes headers)
- "max_entity_size": 1024000,
- //Keepalive ms for HTTP1.1 keepalive connections
- "keepalive_ms": 1000000,
- //The buffer size to use when parsing headers (also the maxium request header size allowed)
- "header_buf_size": 8128,
- //The maxium number of headers allowed in an HTTP request message
- "max_request_header_count": 50,
- //The maxium number of allowed network connections, before 503s will be issued automatically and connections closed
- "max_connections": 5000,
- //The size in bytes of the buffer to use when writing response messages
- "response_buf_size": 4096,
- //time (in ms) to wait for a response from an active connection in recv mode, before dropping it
- "recv_timeout_ms": 5000,
- //Time in ms to wait for the client to accept transport data before terminating the connection
- "send_timeout_ms": 60000,
- //The size (in bytes) of the buffer used to store all response header data
- "response_header_buf_size": 16384,
- //Max number of file uploads allowed per request
- "max_uploads_per_request": 10
- },
-
- //Compression is installed in the container at lib/ directory along with the native library supporting gzip and brotli
- "compression_lib": "lib/vnlib.net.compression/VNLib.Net.Compression.dll",
-
- //Setup the native lib
- "vnlib.net.compression": {
- "lib_path": "lib/libvn_compress.so",
- "level": 1
- },
-
-
- //Maxium ammount of time a request is allowed to be processed (includes loading or waiting for sessions) before operations will be cancelled and a 503 returned
- "max_execution_time_ms": 20000,
-
- //Collection of objects to define hosts+interfaces to build server listeners from
- "virtual_hosts": [
- {
-
- "trace": ${HTTP_TRACE_ON},
-
- //The interface to bind to, you may not mix TLS and non-TLS connections on the same interface
- "interface": {
- "address": "0.0.0.0",
- "port": 8080
- },
-
- //Collection of "trusted" servers to allow proxy header support from
- "downstream_servers": ${HTTP_DOWNSTREAM_SERVERS},
-
- //The hostname to listen for, "*" as wildcard, and "[system]" as the default hostname for the current machine
- "hostname": "*",
- "path": "dist/",
-
- //A list of file extensions to deny access to, if a resource is requested and has one of the following extensions, a 404 is returned
- "deny_extensions": [ ".ts", ".json", ".htaccess", ".php" ],
- //The default file extensions to append to a resource that does not have a file extension
- "default_files": [ "index.html", "index.htm" ],
-
- //A list of error file objects, files are loaded into memory (and watched for changes) and returned when the specified error code occurs
- "error_files": [],
-
- //The default
- "cache_default_sec": 864000,
-
- "ssl": ${SSL_JSON},
- }
- ],
-
-
- //Defines the directory where plugin's are to be loaded from
- "plugins": {
- //Hot-reload creates collectable assemblies that allow full re-load support in the host application, should only be used for development purposes!
- "hot_reload": false,
- "path": "plugins/",
- "config_dir": "config/",
- "assets": "plugins/assets/"
- },
-
- "sys_log": {
- "path": "data/logs/sys-log.txt",
- "flush_sec": 5,
- "retained_files": 31,
- "file_size_limit": 10485760,
- "interval": "infinite"
- },
-
- "app_log": {
- "path": "data/logs/app-log.txt",
- "flush_sec": 5,
- "retained_files": 31,
- "file_size_limit": 10485760,
- "interval": "infinite"
- },
-
- //HASHICORP VAULT
- "hashicorp_vault": {
- "url": "${HC_VAULT_ADDR}",
- "token": "${HC_VAULT_TOKEN}",
- "trust_certificate": ${HC_VAULT_TRUST_CERT},
- },
-
- //SQL CONFIG
- "sql": {
- "provider": "${SQL_LIB_PATH}",
- "connection_string": "${SQL_CONNECTION_STRING}"
- },
-
- //VNCACHE global config
- //Enable vncache as the providers above rely on the object caching server
- "cache": {
-
- "assembly_name": "${CACHE_ASM_PATH}",
- "url": "${REDIS_CONNECTION_STRING}",
-
- //Max size (in bytes) of allowed data to be stored in each user's session object
- "max_object_size": 8128,
-
- //Request timeout
- "request_timeout_sec": 10,
-
- //Time delay between cluster node discovery
- "discovery_interval_sec": 120,
-
- //Initial nodes to discover from
- "initial_nodes": ${VNCACHE_INITIAL_NODES},
-
- //Disable TLS
- "use_tls": false,
-
- //Setting this value to true will cause the cache store to load a memory-only instance, without remote backing
- "memory_only": ${MEMCACHE_ONLY},
-
- //enable memory cache
- "memory_cache": {
- "buckets": 20,
- "bucket_size": 5000,
- "max_age_sec": 600,
- "refresh_interval_sec": 60,
- "zero_all": false,
- "max_object_size": 8128
- }
- },
-
- "secrets": {
- //Special key used by the loading library for access to the PasswordHashing library to pepper password hashes
- "passwords": "${PASSWORD_PEPPER}",
- "db_password": "${DATABASE_PASSWORD}",
- "client_private_key": "${VNCACHE_CLIENT_PRIVATE_KEY}",
- "cache_public_key": "${VNCACHE_CACHE_PUBLIC_KEY}",
- "redis_password": "${REDIS_PASSWORD}"
- }
-}
-
generated by cgit (git 2.46.0) at 2024-10-02 04:17:44 +0000