blob: 0eed02c3fe4aa6569ae9c77f9aca7a9737dc1d9c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
# Which URL are we accessible at? This is used to determine the redirect URL
# and some user-accessible URLs.
url http://localhost:5555
# Should we run in production mode? This causes the Secure flag to be set on
# cookies and may come with other production-related changes in the future.
prod false
# Where are the template files? Usually this should be a directory inside the
# source directory, though it might exist in /usr/local/share or /usr/share if
# this ever gets packaged or something. Remember that this is a file glob, so
# be sure to use /* or something similar.
tmpl tmpl/*
# Where is the static directory? Reverse proxy setups are not recommended for
# performance reasons so we serve the static files ourselves.
static static/
# Where could the source code of this instance be found? It is important to
# keep this up to date to comply with the AGPL.
source https://git.sr.ht/~runxiyu/cca
listen {
# Which protocol are we listening for? Currently only "http" is
# supported because it is difficult to configure FastCGI to work with
# WebSockets.
proto http
# Which network backend should we use? This is usually set to "tcp"
# for plain TCP, and "unix" for UNIX domain sockets.
net tcp
# What is the address we should listen at? This is usually set to
# something like ":5555" for TCP on all interfaces, and a file path for
# UNIX domain sockets.
addr 127.0.0.1:5555
# Which transport should we use? Currently only "plain" and "tls" are
# supported.
trans plain
# If "trans" is set to "tls", this block must be configured:
tls {
# Where is the file containing the TLS certificate? You should
# use a certificate that includes the entire CA chain, which
# should usually be called "fullchain.pem" for certificates
# obtained from LE.
cert /etc/letsencrypt/live/cca.runxiyu.org/fullchain.pem
# Where is the file containing the TLS private key?
key /etc/letsencrypt/live/cca.runxiyu.org/privkey.pem
}
}
db {
# What type of database should we use? Currently, only "postgres" is
# supported.
type postgres
# What is the connection string to database?
# Example: postgresql:///cca?host=/var/run/postgresql
conn postgresql:///cca?host=/var/run/postgresql
}
auth {
# What is our OAUTH2 client ID?
client e8101cb5-84a3-49d7-860b-e5a75e63219a
# What is the OAUTH 2.0 authorize endpoint?
authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize
# What is the OAUTH 2.0 token endpoint?
token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token
# What is the URL to the JSON Web Key Set?
jwks https://login.microsoftonline.com/common/discovery/keys
# What is the client secret? Certificates are not supported yet.
secret something
# How long, in seconds, should cookies last?
expr 604800
}
# The following block contains some tweaks for performance.
perf {
# How long should the send queue be? This is implemented as the
# buffer number for a Go channel.
sendq 10
# How many arguments' space should we initially allocate for each
# message?
msg_args_cap 4
# How many bytes should we initially allocate for each argument in a
# message?
msg_bytes_cap 5
# How long should we wait to complete reading HTTP headers, before we
# time out? Note that a large value may cause the server to be
# vulnerable to Slow Loris attacks.
read_header_timeout 5
}
|