Commit c09a313d authored by ale's avatar ale
Browse files

Update README with configuration attributes

parent 8ff5339d
......@@ -15,8 +15,9 @@ This repository includes a few separate binaries:
# Configuration
The *sso-server* program requires a YAML configuration file. It
understands the following attributes:
The *sso-server* daemon requires a YAML configuration file,
*/etc/sso/server.yml* by default. It understands the following
* `secret_key_file`: path to the Ed25519 secret key (should be exactly
64 bytes)
......@@ -52,10 +53,10 @@ understands the following attributes:
* `auth_key`: a long-term key to authenticate HTTP-based cookies
* `geo_ip_data_files`: GeoIP databases to use (in mmdb format), if
unset the module will use the default GeoLite2-Country db
* `remote_addr_header`: HTTP header to use to obtain the remote
client address, when the request comes from a trusted forwarder
* `keystore`: configures the connection to the keystore service
* `url`: URL for the keystore service
* `sharded`: if true, requests to the keystore service will be
partitioned according to the user's *shard* attribute
* `tls_config`: client TLS configuration
* `cert`: path to the client certificate
* `key`: path to the private key
......@@ -74,6 +75,8 @@ understands the following attributes:
proxies). If a request comes from here, we will trust the
X-Forwarded-Proto and X-Real-IP headers when determining the
client IP address
* `max_inflight_requests`: maximum number of in-flight requests to
allow before server-side throttling kicks in
## Device tracking
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment