fulgens/config.yaml.example

160 lines
7.4 KiB
Plaintext
Raw Normal View History

# This is just YAML, but I decided to use JSON-like formatting because I like it better.
# Global configuration
global: {
# IP defines the IP address to bind to.
ip: "0.0.0.0",
# serviceDirectory defines the directory to look for services in.
serviceDirectory: "./services",
# resourceDirectory defines the directory to look for resources in.
resourceDirectory: "./resources",
# compression defines the compression settings on a global level - per-route settings override these. It is optional.
compression: {
# algorithm defines the compression algorithm to use, possible values are "gzip", "brotli" and "zstd".
algorithm: "gzip",
# level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd.
level: 5
},
# logging defines the logging settings.
logging: {
# enabled defines whether logging is enabled.
enabled: true,
# file defines the file to log to, relative to the working directory.
file: "fulgens.log"
},
# database defines the database settings.
database: {
# type defines the type of database to use, possible values are "sqlite" and "postgres".
type: "sqlite",
# path defines the path to the directory to store database files in (sqlite only).
path: "./databases",
# connectionString defines the connection string to use for the database (postgres only).
connectionString: "postgres://user:password@localhost:5432/database"
},
# stealth enables stealth mode, which makes the server look like some preset http servers.
# stealth mode overrides all proxy preservations and headers.
stealth: {
# enabled defines whether stealth mode is enabled.
enabled: true,
# server defines the server to pretend to be, possible values are "nginx" or "net/http".
server: "nginx",
# php defines if the server should pretend to be running PHP. This should only be used on nginx.
php: {
# enabled defines whether PHP spoofing is enabled.
enabled: true,
# version defines the version of PHP to pretend to be.
version: "8.2.25"
},
# aspnet defines if the server should pretend to be running ASP.NET. This should only be used on nginx.
aspNet: true
}
}
# Routes define per-subdomain routing settings.
routes: [
{
# none is a special subdomain that matches all requests without a subdomain (Host header).
subdomain: "none",
# port defines the port to use for this route. They do not have to be unique.
port: "8080",
# services defines the services to use for this route. Services must be defined on a per-subdomain basis.
# Each service may not be used more than once globally. The server will fail to start if this is violated.
services: ["authentication"]
},
{
# any subdomain value that isn't "none" will match that specific subdomain.
subdomain: "www.localhost",
# port defines the port to use for this route. They do not have to be unique.
port: "8443",
# https defines the HTTPS settings for this route. If this block is missing, HTTPS will not be enabled for this port.
# If https is set once for any subdomain with this port, it will be enabled for all subdomains with this port.
# The connection will fail if the above condition is true, but there is not an HTTPS block for that subdomain.
https: {
# certificate defines the path to the certificate file.
certificate: "./certs/localhost.crt",
# key defines the path to the key file.
key: "./certs/localhost.key"
},
# paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis).
paths: [
{
# paths defines the paths to match. They can contain wildcards.
paths: ["/static", "/static/*"],
# static defines the static file serving settings for this path. This conflicts with proxy and redirect.
# static > proxy > redirect in terms of precedence.
static: {
# root defines the root directory to serve static files from.
root: "./static",
# directoryListing defines whether to show a directory listing when a directory is requested.
# if it is false or unset, a 403 Forbidden will be returned instead.
directoryListing: true
}
},
{
# paths defines the paths to match. They can contain wildcards.
paths: ["/proxy", "/proxy/*"],
# proxy defines the proxy settings for this path. This conflicts with static and redirect.
# static > proxy > redirect in terms of precedence.
proxy: {
# url defines the URL to proxy requests to.
url: "http://localhost:8000",
# stripPrefix defines whether to strip the prefix from the path before proxying.
stripPrefix: true,
headers: {
# forbid defines the headers to forbid from being sent to the proxied server.
forbid: [ "User-Agent" ],
# preserveServer defines whether to preserve the server header from the proxied server.
preserveServer: true,
# preserveAltSvc defines whether to preserve the Alt-Svc header from the proxied server.
preserveAltSvc: true,
# preserveXPoweredBy defines whether to preserve the X-Powered-By header from the proxied server.
preserveXPoweredBy: true,
# passHost defines whether the host / :authority header should be sent to the proxied server.
passHost: true,
# xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers.
xForward: false
}
},
},
{
# paths defines the paths to match. They can contain wildcards.
paths: ["/redirect", "/redirect/*"],
# redirect defines the redirect settings for this path. This conflicts with proxy and static.
# static > proxy > redirect in terms of precedence.
redirect: {
# url defines the URL to redirect to.
url: "https://www.ailur.dev",
# permanent defines whether the redirect is permanent (301) or temporary (302).
permanent: true
}
}
]
}
]
# Services define the settings for services.
services: {
# authentication defines the settings for the authentication service, which is built-in.
authentication: {
# privacyPolicy defines the URL to the privacy policy.
privacyPolicy: "https://git.ailur.dev/Paperwork/nucleus/src/commit/5d191eea87cffae8bdca42017ac26dc19e6cb3de/Privacy.md",
# url defines the publicly-facing URL of the service, in case of it being behind a reverse proxy.
url: "http://localhost:8000",
# identifier defines the identifier for the service, in the form of [Identifier] Accounts.
identifier: "Authenticator",
# adminKey defines the key to use for administrative operations, such as listing all users.
adminKey: "supersecretkey",
# testAppIsInternalApp defines whether the test app is an internal app, which allows it to bypass the user consent screen.
testAppIsInternalApp: true,
# testAppEnabled defines whether the test app is enabled, which is recommended for testing purposes.
testAppEnabled: true
},
# storage defines the settings for the storage service, which is built-in.
storage: {
# path defines the path to store blobs in.
path: "./blob",
# defaultQuota defines the default quota for users in bytes.
defaultQuota: 50000000
}
}