# This is just YAML, but I decided to use JSON-like formatting because I like it better. # Global configuration global: { # IP defines the IP address to bind to. ip: "0.0.0.0", # httpPort defines the port to bind to for HTTP. httpPort: "8080", # httpsPort defines the port to bind to for HTTPS (TLS). httpsPort: "8443", # serviceDirectory defines the directory to look for services in. serviceDirectory: "./services", # resourceDirectory defines the directory to look for resources in. resourceDirectory: "./resources", # compression defines the compression settings on a global level - per-route settings override these. It is optional. compression: { # algorithm defines the compression algorithm to use, possible values are "gzip", "brotli" and "zstd". algorithm: "gzip", # level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd. level: 5 }, # https defines the HTTPS settings on a global level - per-route settings override these. It is optional. https: { # certificate defines the path to the certificate file (must be a wildcard in order to support multiple subdomains). certificate: "./certs/localhost.crt", # key defines the path to the key file (must be a wildcard in order to support multiple subdomains). key: "./certs/localhost.key" }, # logging defines the logging settings. logging: { # enabled defines whether logging is enabled. enabled: true, # file defines the file to log to, relative to the working directory. file: "fulgens.log" }, # database defines the database settings. database: { # type defines the type of database to use, possible values are "sqlite" and "postgres". type: "sqlite", # path defines the path to the directory to store database files in (sqlite only). path: "./databases", # connectionString defines the connection string to use for the database (postgres only). connectionString: "postgres://user:password@localhost:5432/database" } } # Routes define per-subdomain routing settings. routes: [ { # none is a special subdomain that matches all requests without a subdomain (Host header). subdomain: "none", # services defines the services to use for this route. Services must be defined on a per-subdomain basis. # Each service may not be used more than once globally. The server will fail to start if this is violated. services: ["authentication"] }, { # any subdomain value that isn't "none" will match that specific subdomain. subdomain: "www.localhost", # https defines the HTTPS settings for this route. https: { # certificate defines the path to the certificate file. certificate: "./certs/localhost.crt", # key defines the path to the key file. key: "./certs/localhost.key" }, # paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis). paths: [ { # path defines the path to match. They can contain wildcards. path: "/static/*", # static defines the static file serving settings for this path. This conflicts with proxy and redirect. # static > proxy > redirect in terms of precedence. static: { # root defines the root directory to serve static files from. root: "./static", # directoryListing defines whether to show a directory listing when a directory is requested. # if it is false or unset, a 403 Forbidden will be returned instead. directoryListing: true } }, { # path defines the path to match. They can contain wildcards. path: "/proxy/*", # proxy defines the proxy settings for this path. This conflicts with static and redirect. # static > proxy > redirect in terms of precedence. proxy: { # url defines the URL to proxy requests to. url: "http://localhost:8000", # stripPrefix defines whether to strip the prefix from the path before proxying. stripPrefix: true headers: { # forbid defines the headers to forbid from being sent to the proxied server. forbid: ["Authorization"], # preserve defines the headers to preserve when sending to the client. preserve: [X-Powered-By", "Server"] # host defines whether the host / :authority header should be sent to the proxied server. host: true, # xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers. xForward: true } }, { # path defines the path to match. They can contain wildcards. path: "/redirect/*", # redirect defines the redirect settings for this path. This conflicts with proxy and static. # static > proxy > redirect in terms of precedence. redirect: { # url defines the URL to redirect to. url: "https://www.google.com", # permanent defines whether the redirect is permanent (301) or temporary (302). permanent: true } } } ] } ] # Services define the settings for services. services: { # authentication defines the settings for the authentication service, which is built-in. authentication: { # privacyPolicy defines the URL to the privacy policy. privacyPolicy: "https://git.ailur.dev/Paperwork/nucleus/src/commit/5d191eea87cffae8bdca42017ac26dc19e6cb3de/Privacy.md", # url defines the publicly-facing URL of the service, in case of it being behind a reverse proxy. url: "http://localhost:8000", # identifier defines the identifier for the service, in the form of [Identifier] Accounts. identifier: "Authenticator", # adminKey defines the key to use for administrative operations, such as listing all users. adminKey: "supersecretkey", # testAppIsInternalApp defines whether the test app is an internal app, which allows it to bypass the user consent screen. testAppIsInternalApp: true, # testAppEnabled defines whether the test app is enabled, which is recommended for testing purposes. testAppEnabled: true }, # storage defines the settings for the storage service, which is built-in. storage: { # path defines the path to store blobs in. path: "./blob", # defaultQuota defines the default quota for users in bytes. defaultQuota: 50000000 } }