summaryrefslogtreecommitdiff
path: root/docs/cca.scfg.example
blob: 62801629296cdd44872c7a671006e328dc1653a1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Which URL are we accessible at? This is used to determine the redirect URL
# and some user-accessible URLs.
url http://localhost:5555

# Should we run in production mode? This causes the Secure flag to be set on
# cookies and may come with other production-related changes in the future.
prod false

listen {
	# Which protocol are we listening for? Currently only "http" is
	# supported because it is difficult to configure FastCGI to work with
	# WebSockets.
	proto http

	# Which network backend should we use? This is usually set to "tcp"
	# for plain TCP, and "unix" for UNIX domain sockets.
	net tcp

	# What is the address we should listen at? This is usually set to
	# something like ":5555" for TCP on all interfaces, and a file path for
	# UNIX domain sockets.
	addr 127.0.0.1:5555

	# Which transport should we use? Currently only "plain" and "tls" are
	# supported.
	trans plain

	# If "trans" is set to "tls", this block must be configured:
	tls {
		# Where is the file containing the TLS certificate? You should
		# use a certificate that includes the entire CA chain, which
		# should usually be called "fullchain.pem" for certificates
		# obtained from LE.
		cert /etc/letsencrypt/live/cca.runxiyu.org/fullchain.pem

		# Where is the file containing the TLS private key?
		key /etc/letsencrypt/live/cca.runxiyu.org/privkey.pem
	}
}

db {
	# What type of database should we use? Currently, only "postgres" is
	# supported.
	type postgres

	# What is the connection string to database?
	# Example: postgresql:///cca?host=/var/run/postgresql
	conn postgresql:///cca?host=/var/run/postgresql
}

auth {
	# What is our OAUTH2 client ID?
	client e8101cb5-84a3-49d7-860b-e5a75e63219a

	# What is the OAUTH 2.0 authorize endpoint?
	authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize

	# What is the OAUTH 2.0 token endpoint?
	token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token

	# What is the URL to the JSON Web Key Set?
	jwks https://login.microsoftonline.com/common/discovery/keys

	# What is the client secret? Certificates are not supported yet.
	secret something
	
	# How long, in seconds, should cookies last?
	expr 604800
}

# The following block contains some tweaks for performance.
perf {
	# How many arguments' space should we initially allocate for each
	# message?
	msg_args_cap 4

	# How many bytes should we initially allocate for each argument in a
	# message?
	msg_bytes_cap 5

	# How long should we wait to complete reading HTTP headers, before we
	# time out? Note that a large value may cause the server to be
	# vulnerable to Slow Loris attacks.
	read_header_timeout 5

	# The number propagation interval per course per connection is
	# ((course count * connection count) >> usem_delay_shift_bits)
	# milliseconds. You may configure it here. A smaller value (i.e. longer
	# delay) could cause more latency in how the numbers update, but a
	# larger value (i.e. shorter delay) could cause too much lock
	# contention and degrade the system usability overall.
	usem_delay_shift_bits 5

	# Should we send a course's member count to a user as soon as they 
	# choose the course? Setting this to true may provide a better
	# user experience but would have a major performance impact.
	propagate_immediate true
}