1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# Which URL are we accessible at? This is used to determine the redirect URL
# and some user-accessible URLs.
url http://localhost:5555
# Should we run in production mode? This causes the Secure flag to be set on
# cookies and may come with other production-related changes in the future.
prod false
# Where are the template files? Usually this should be a directory inside the
# source directory, though it might exist in /usr/local/share or /usr/share if
# this ever gets packaged or something. Remember that this is a file glob, so
# be sure to use /* or something similar.
tmpl tmpl/*
# Should we serve /static ourself? This should usually be handled by the
# upstream Web server such as nginx(8) or OpenBSD httpd(8). However, this might
# be useful during development or when running behind relayd(8). If set to
# true, the static directory is assumed to be under the current working
# directory.
static true
# Where could the source code of this instance be found? It is important to
# keep this up to date to comply with the AGPL.
source https://git.sr.ht/~runxiyu/cca
listen {
# Which protocol are we listening for? This may be set to "http" for
# plain HTTP, or "fcgi" for FastCGI. FastCGI is recommended for most
# purposes, and both nginx(8) and OpenBSD httpd(8) may easily be
# configured to serve FastCGI. However, if for any reason we need to
# run behind relayd(8) or another reverse proxy, http is available.
proto http
# Which network backend should we use? This is usually set to "tcp"
# for plain TCP, and "unix" for UNIX domain sockets.
net tcp
# What is the address we should listen at? This is usually set to
# something like ":5555" for TCP, and a file path for UNIX domain
# sockets.
addr :5555
}
db {
# What type of database should we use? Currently, only "postgres" is
# supported.
type postgres
# What is the connection string to database?
# Example: postgresql:///cca?host=/var/run/postgresql
conn postgresql:///cca?host=/var/run/postgresql
}
auth {
# What is our OAUTH2 client ID?
client e8101cb5-84a3-49d7-860b-e5a75e63219a
# What is the OAUTH 2.0 authorize endpoint?
authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize
# What is the OAUTH 2.0 token endpoint?
token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token
# What is the URL to the JSON Web Key Set?
jwks https://login.microsoftonline.com/common/discovery/keys
# What is the client secret? Certificates are not supported yet.
secret something
# How long, in seconds, should cookies last?
expr 604800
}
# The following block contains some tweaks for performance.
perf {
# How long should the send queue be? This is implemented as the
# buffer number for a Go channel.
sendq 10
# How many arguments' space should we initially allocate for each
# message?
msg_args_cap 4
# How many bytes should we initially allocate for each argument in a
# message?
msg_bytes_cap 5
# How long should we wait to complete reading HTTP headers, before we
# time out? Note that a large value may cause the server to be
# vulnerable to Slow Loris attacks.
read_header_timeout 5
}
|
