blob: 72eb71836c1c6b9cff451602c83a53db743c616c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# Which URL are we accessible at? This is used to determine the redirect URL
# and some user-accessible URLs.
url http://localhost:5555
# Should we run in production mode? This causes the Secure flag to be set on
# cookies and may come with other production-related changes in the future.
prod false
listen {
# Which protocol are we listening for? Currently only "http" is
# supported because it is difficult to configure FastCGI to work with
# WebSockets.
proto http
# Which network backend should we use? This is usually set to "tcp"
# for plain TCP, and "unix" for UNIX domain sockets.
net tcp
# What is the address we should listen at? This is usually set to
# something like ":5555" for TCP on all interfaces, and a file path for
# UNIX domain sockets.
addr 127.0.0.1:5555
# Which transport should we use? Currently only "plain" and "tls" are
# supported.
trans plain
# If "trans" is set to "tls", this block must be configured:
tls {
# Where is the file containing the TLS certificate? You should
# use a certificate that includes the entire CA chain, which
# should usually be called "fullchain.pem" for certificates
# obtained from LE.
cert /etc/letsencrypt/live/cca.runxiyu.org/fullchain.pem
# Where is the file containing the TLS private key?
key /etc/letsencrypt/live/cca.runxiyu.org/privkey.pem
}
}
db {
# What type of database should we use? Currently, only "postgres" is
# supported.
type postgres
# What is the connection string to database?
# Example: postgresql:///cca?host=/var/run/postgresql
conn postgresql:///cca?host=/var/run/postgresql
}
auth {
# What is our OAUTH2 client ID?
client e8101cb5-84a3-49d7-860b-e5a75e63219a
# What is the OAUTH 2.0 authorize endpoint?
authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize
# What is the OAUTH 2.0 token endpoint?
token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token
# What is the URL to the JSON Web Key Set?
jwks https://login.microsoftonline.com/common/discovery/keys
# What is the client secret? Certificates are not supported yet.
secret something
# How long, in seconds, should cookies last?
expr 604800
}
# The following block contains some tweaks for performance.
perf {
# How many arguments' space should we initially allocate for each
# message?
msg_args_cap 4
# How many bytes should we initially allocate for each argument in a
# message?
msg_bytes_cap 5
# How long should we wait to complete reading HTTP headers, before we
# time out? Note that a large value may cause the server to be
# vulnerable to Slow Loris attacks.
read_header_timeout 5
# The number propagation interval per course per connection is
# ((course count * connection count) >> usem_delay_shift_bits)
# milliseconds. You may configure it here. A smaller value (i.e. longer
# delay) could cause more latency in how the numbers update, but a
# larger value (i.e. shorter delay) could cause too much lock
# contention and degrade the system usability overall.
usem_delay_shift_bits 4
}
|
