160 lines
7.4 KiB
Plaintext
160 lines
7.4 KiB
Plaintext
# This is just YAML, but I decided to use JSON-like formatting because I like it better.
|
|
|
|
# Global configuration
|
|
global: {
|
|
# IP defines the IP address to bind to.
|
|
ip: "0.0.0.0",
|
|
# serviceDirectory defines the directory to look for services in.
|
|
serviceDirectory: "./services",
|
|
# resourceDirectory defines the directory to look for resources in.
|
|
resourceDirectory: "./resources",
|
|
# compression defines the compression settings on a global level - per-route settings override these. It is optional.
|
|
compression: {
|
|
# algorithm defines the compression algorithm to use, possible values are "gzip", "brotli" and "zstd".
|
|
algorithm: "gzip",
|
|
# level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd.
|
|
level: 5
|
|
},
|
|
# logging defines the logging settings.
|
|
logging: {
|
|
# enabled defines whether logging is enabled.
|
|
enabled: true,
|
|
# file defines the file to log to, relative to the working directory.
|
|
file: "fulgens.log"
|
|
},
|
|
# database defines the database settings.
|
|
database: {
|
|
# type defines the type of database to use, possible values are "sqlite" and "postgres".
|
|
type: "sqlite",
|
|
# path defines the path to the directory to store database files in (sqlite only).
|
|
path: "./databases",
|
|
# connectionString defines the connection string to use for the database (postgres only).
|
|
connectionString: "postgres://user:password@localhost:5432/database"
|
|
},
|
|
# stealth enables stealth mode, which makes the server look like some preset http servers.
|
|
# stealth mode overrides all proxy preservations and headers.
|
|
stealth: {
|
|
# enabled defines whether stealth mode is enabled.
|
|
enabled: true,
|
|
# server defines the server to pretend to be, possible values are "nginx" or "net/http".
|
|
server: "nginx",
|
|
# php defines if the server should pretend to be running PHP. This should only be used on nginx.
|
|
php: {
|
|
# enabled defines whether PHP spoofing is enabled.
|
|
enabled: true,
|
|
# version defines the version of PHP to pretend to be.
|
|
version: "8.2.25"
|
|
},
|
|
# aspnet defines if the server should pretend to be running ASP.NET. This should only be used on nginx.
|
|
aspNet: true
|
|
}
|
|
}
|
|
|
|
# Routes define per-subdomain routing settings.
|
|
routes: [
|
|
{
|
|
# none is a special subdomain that matches all requests without a subdomain (Host header).
|
|
subdomain: "none",
|
|
# port defines the port to use for this route. They do not have to be unique.
|
|
port: "8080",
|
|
# services defines the services to use for this route. Services must be defined on a per-subdomain basis.
|
|
# Each service may not be used more than once globally. The server will fail to start if this is violated.
|
|
services: ["authentication"]
|
|
},
|
|
{
|
|
# any subdomain value that isn't "none" will match that specific subdomain.
|
|
subdomain: "www.localhost",
|
|
# port defines the port to use for this route. They do not have to be unique.
|
|
port: "8443",
|
|
# https defines the HTTPS settings for this route. If this block is missing, HTTPS will not be enabled for this port.
|
|
# If https is set once for any subdomain with this port, it will be enabled for all subdomains with this port.
|
|
# The connection will fail if the above condition is true, but there is not an HTTPS block for that subdomain.
|
|
https: {
|
|
# certificate defines the path to the certificate file.
|
|
certificate: "./certs/localhost.crt",
|
|
# key defines the path to the key file.
|
|
key: "./certs/localhost.key"
|
|
},
|
|
# paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis).
|
|
paths: [
|
|
{
|
|
# paths defines the paths to match. They can contain wildcards.
|
|
paths: ["/static", "/static/*"],
|
|
# static defines the static file serving settings for this path. This conflicts with proxy and redirect.
|
|
# static > proxy > redirect in terms of precedence.
|
|
static: {
|
|
# root defines the root directory to serve static files from.
|
|
root: "./static",
|
|
# directoryListing defines whether to show a directory listing when a directory is requested.
|
|
# if it is false or unset, a 403 Forbidden will be returned instead.
|
|
directoryListing: true
|
|
}
|
|
},
|
|
{
|
|
# paths defines the paths to match. They can contain wildcards.
|
|
paths: ["/proxy", "/proxy/*"],
|
|
# proxy defines the proxy settings for this path. This conflicts with static and redirect.
|
|
# static > proxy > redirect in terms of precedence.
|
|
proxy: {
|
|
# url defines the URL to proxy requests to.
|
|
url: "http://localhost:8000",
|
|
# stripPrefix defines whether to strip the prefix from the path before proxying.
|
|
stripPrefix: true,
|
|
headers: {
|
|
# forbid defines the headers to forbid from being sent to the proxied server.
|
|
forbid: [ "User-Agent" ],
|
|
# preserveServer defines whether to preserve the server header from the proxied server.
|
|
preserveServer: true,
|
|
# preserveAltSvc defines whether to preserve the Alt-Svc header from the proxied server.
|
|
preserveAltSvc: true,
|
|
# preserveXPoweredBy defines whether to preserve the X-Powered-By header from the proxied server.
|
|
preserveXPoweredBy: true,
|
|
# passHost defines whether the host / :authority header should be sent to the proxied server.
|
|
passHost: true,
|
|
# xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers.
|
|
xForward: false
|
|
}
|
|
},
|
|
},
|
|
{
|
|
# paths defines the paths to match. They can contain wildcards.
|
|
paths: ["/redirect", "/redirect/*"],
|
|
# redirect defines the redirect settings for this path. This conflicts with proxy and static.
|
|
# static > proxy > redirect in terms of precedence.
|
|
redirect: {
|
|
# url defines the URL to redirect to.
|
|
url: "https://www.ailur.dev",
|
|
# permanent defines whether the redirect is permanent (301) or temporary (302).
|
|
permanent: true
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
|
|
# Services define the settings for services.
|
|
services: {
|
|
# authentication defines the settings for the authentication service, which is built-in.
|
|
authentication: {
|
|
# privacyPolicy defines the URL to the privacy policy.
|
|
privacyPolicy: "https://git.ailur.dev/Paperwork/nucleus/src/commit/5d191eea87cffae8bdca42017ac26dc19e6cb3de/Privacy.md",
|
|
# url defines the publicly-facing URL of the service, in case of it being behind a reverse proxy.
|
|
url: "http://localhost:8000",
|
|
# identifier defines the identifier for the service, in the form of [Identifier] Accounts.
|
|
identifier: "Authenticator",
|
|
# adminKey defines the key to use for administrative operations, such as listing all users.
|
|
adminKey: "supersecretkey",
|
|
# testAppIsInternalApp defines whether the test app is an internal app, which allows it to bypass the user consent screen.
|
|
testAppIsInternalApp: true,
|
|
# testAppEnabled defines whether the test app is enabled, which is recommended for testing purposes.
|
|
testAppEnabled: true
|
|
},
|
|
# storage defines the settings for the storage service, which is built-in.
|
|
storage: {
|
|
# path defines the path to store blobs in.
|
|
path: "./blob",
|
|
# defaultQuota defines the default quota for users in bytes.
|
|
defaultQuota: 50000000
|
|
}
|
|
}
|