/
config.json5
63 lines (59 loc) · 2.43 KB
/
config.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{
apps: {
http: {
servers: {
server: {
listen: [":2080"],
routes: [
{
handle: [
{
handler: "replauth",
hosts: [
/*
The external domain of your project here, for example
if your project is reachable at https://example.com
you would add the entry "example.com".
This should be added for every domain your site is
reachable at. In the future, this will support glob
patterns.
These values are used to verify that the repl auth JWT
is meant for your site and wasn't created for a different
one.
*/
],
/*
**THIS IS A DANGEREOUS VALUE TO SET TO true**
If set to true, this will not verify the host claim of the
JWT. If the host claim is not verified, then an attacker
could potentially impersonate a victim if the victim ever
used repl auth on a site the attacker owns.
If set to true, the hosts array can be left blank as it will
be ignored.
*/
ignoreHost: false,
/*
If true, all users will be forced to authenticate via repl
auth before they can visit your site at all. This is the same
as using the prebuild login page
(https://docs.replit.com/hosting/repl-auth-sidebar#using-a-prebuilt-login-page-the-easy-way)
in a repl. It even uses the same page.
*/
forceAuth: true,
},
{
handler: "reverse_proxy",
upstreams: [
{
dial: "localhost:9000",
},
],
},
],
},
],
},
},
},
},
}