-
Gabriel Zachmann authoredGabriel Zachmann authored
example-config.yaml 6.28 KiB
# The issuer url to be used. MUST point to this server
issuer: "https://mytoken.example.com"
# Details about the service operator. Will be displayed in the privacy page.
service_operator:
# The name of the service operator
name: "Example Foundation"
homepage: "https://example.com"
# An email address where users can contact the service operator. It is recommend to use a email list for this
mail_contact: "mytoken@example.com"
# A dedicated email address for privacy related topics can be given. If you do not have a dedicated mail for privacy, it can be omitted.
mail_privacy: "mytoken-privacy@example.com"
# Configuration for the mytoken server
server:
# If TLS is not enabled, mytoken will listen on this port, default: 8000
port: 8000
tls:
# Unless false TLS is enabled if 'cert' and 'key' are given
enabled: true
# Unless false port 80 is redirected to 443
redirect_http: true
# The TLS certificate file
cert:
# The TLS certificate key file
key:
# If behind a load balancer or reverse proxy, set this option. Mytoken will read the client's ip address from this header.
# proxy_header: "X-FORWARDED-FOR"
# Configure the request limits (these are per IP)
request_limits:
# Unless false request limits are enabled
enabled: true
# The number of requests that are allowed within the specified time window, e.g. 10/1s 100/5min 1000/1h
max_requests: 100
# The time window in which the maximum number of requests is allowed, i.e. the quota is reseted after this time.
# The time is given in seconds.
window: 300
# Use the list to exclude hosts from the request limit. You can specify single IP addresses as well as subnets.
always_allow:
- "127.0.0.1"
# The database file for ip geo location. Will be installed by setup to this location.
geo_ip_db_file: "/IP2LOCATION-LITE-DB1.IPV6.BIN"
# Configuration of the mytoken API
api:
# Mytoken can support multiple api versions at the same time; this is the minimal version that is supported; older version won't be supported. Currently only 0 is supported.
min_supported_version: 0
# Configuration for the database
database:
hosts:
- "localhost"
user: "mytoken"
password: "mytoken"
# Read the db password from this file
password_file:
db: "mytoken"
# The interval (in seconds) in which mytoken tries to reconnect to db nodes that are down
try_reconnect_interval: 60
# Configuration for token signing
signing:
# The used algorithm
alg: "ES512"
# The file with the signing key
key_file: "/mytoken.key"
# If an RSA-based algorithm is used, this is the key len. Only needed when generating a new rsa key.
rsa_key_len: 2048