Commit 02df3660 authored by ale's avatar ale

Document more configuration options

parent 90d575cb
Pipeline #2840 passed with stages
in 4 minutes and 1 second
...@@ -105,6 +105,18 @@ The configuration is stored in a YAML file, by default ...@@ -105,6 +105,18 @@ The configuration is stored in a YAML file, by default
* `groups`: list of allowed groups * `groups`: list of allowed groups
* `admin_group`: a specific group that will be granted *admin* privileges * `admin_group`: a specific group that will be granted *admin* privileges
(the ability to read/write data about different users than oneself) (the ability to read/write data about different users than oneself)
* `http_server`: specifies standard parameters for the HTTP server
* `tls`: server-side TLS configuration
* `cert`: path to the server certificate
* `key`: path to the server's private key
* `ca`: path to the CA used to validate clients
* `acl`: TLS-based access controls, a list of entries with the
following attributes:
* `path` is a regular expression to match the request URL path
* `cn` is a regular expression that must match the CommonName
part of the subject of the client certificate
* `max_inflight_requests`: maximum number of in-flight requests to
allow before server-side throttling kicks in
* `user_meta_server`: connection parameters for * `user_meta_server`: connection parameters for
the [user-meta-server](https://git.autistici.org/id/usermetadb) backend the [user-meta-server](https://git.autistici.org/id/usermetadb) backend
used to store user audit logs used to store user audit logs
...@@ -130,15 +142,16 @@ The configuration is stored in a YAML file, by default ...@@ -130,15 +142,16 @@ The configuration is stored in a YAML file, by default
* `max_username_len`: maximum username length (default 64) * `max_username_len`: maximum username length (default 64)
* `min_backend_uid`: minimum auto-assigned UID (default 1000) * `min_backend_uid`: minimum auto-assigned UID (default 1000)
* `max_backend_uid`: maximum auto-assigned UID (default 0, disabled) * `max_backend_uid`: maximum auto-assigned UID (default 0, disabled)
* `http_server`: specifies standard parameters for the HTTP server * `ldap`: configuration for the LDAP backend
* `tls`: server-side TLS configuration * `uri`: LDAP URI to connect to
* `cert`: path to the server certificate * `bind_dn`: LDAP bind DN
* `key`: path to the server's private key * `bind_pw` / `bind_pw_file`: LDAP bind password, or file to read
* `ca`: path to the CA used to validate clients it from
* `acl`: TLS-based access controls, a list of entries with the * `base_dn`: base DN for all LDAP queries
following attributes: * `pwhash`: password hashing parameters
* `path` is a regular expression to match the request URL path * `algo`: password hashing algorithm, one of *argon2* or *scrypt*
* `cn` is a regular expression that must match the CommonName * `params`: parameters for the selected hashing algorithm, a map
part of the subject of the client certificate whose values will depend on the chosen algorithm: *argon2*
* `max_inflight_requests`: maximum number of in-flight requests to requires the *time*, *mem* and *threads* parameters (defaults
allow before server-side throttling kicks in to 1/4/4); *scrypt* requires *n*, *r* and *p* (defaults
16384/8/1)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment