-
Notifications
You must be signed in to change notification settings - Fork 127
/
acra-server.yaml
120 lines (80 loc) · 3.47 KB
/
acra-server.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Path to AcraCensor configuration file
acracensor_config_file:
# Use tls to encrypt transport between AcraServer and AcraConnector/client
acraconnector_tls_transport_enable: false
# Use raw transport (tcp/unix socket) between AcraServer and AcraConnector/client (don't use this flag if you not connect to database with ssl/tls
acraconnector_transport_encryption_disable: false
# Acrastruct may be injected into any place of data cell
acrastruct_injectedcell_enable: false
# Acrastruct will stored in whole data cell
acrastruct_wholecell_enable: true
# Path to basic auth passwords. To add user, use: `./acra-authmanager --set --user <user> --pwd <pwd>`
auth_keys: configs/auth.keys
# Expected client ID of AcraConnector in mode without encryption
client_id:
# path to config
config_file:
# Log everything to stderr
d: false
# Host to db
db_host:
# Port to db
db_port: 5432
# Turn on http debug server
ds: false
# dump config
dump_config: false
# Generate with yaml config markdown text file with descriptions of all args
generate_markdown_args_table: false
# Enable HTTP API
http_api_enable: false
# Port for AcraServer for HTTP API
incoming_connection_api_port: 9090
# Connection string for api like tcp://x.x.x.x:yyyy or unix:///path/to/socket
incoming_connection_api_string: tcp://0.0.0.0:9090/
# Time that AcraServer will wait (in seconds) on restart before closing all connections
incoming_connection_close_timeout: 10
# Host for AcraServer
incoming_connection_host: 0.0.0.0
# Port for AcraServer
incoming_connection_port: 9393
# URL (tcp://host:port) which will be used to expose Prometheus metrics (<URL>/metrics address to pull metrics)
incoming_connection_prometheus_metrics_string:
# Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket
incoming_connection_string: tcp://0.0.0.0:9393/
# Folder from which will be loaded keys
keys_dir: .acrakeys
# Count of keys that will be stored in in-memory LRU cache in encrypted form. 0 - no limits, -1 - turn off cache
keystore_cache_size: 0
# Logging format: plaintext, json or CEF
logging_format: plaintext
# Handle MySQL connections
mysql_enable: false
# Escape format for Postgresql bytea data
pgsql_escape_bytea: false
# Hex format for Postgresql bytea data (default)
pgsql_hex_bytea: false
# Turn on poison record detection, if server shutdown is disabled, AcraServer logs the poison record detection and returns decrypted data
poison_detect_enable: true
# On detecting poison record: log about poison record detection, execute script, return decrypted data
poison_run_script_file:
# On detecting poison record: log about poison record detection, stop and shutdown
poison_shutdown_enable: false
# Handle Postgresql connections (default true)
postgresql_enable: false
# Id that will be sent in secure session
securesession_id: acra_server
# Set authentication mode that will be used in TLS connection with Postgresql. Values in range 0-4 that set auth type (https://golang.org/pkg/crypto/tls/#ClientAuthType). Default is tls.RequireAndVerifyClientCert
tls_auth: 4
# Path to root certificate which will be used with system root certificates to validate Postgresql's and AcraConnector's certificate
tls_ca:
# Path to tls certificate
tls_cert:
# Expected Server Name (SNI) from Postgresql
tls_db_sni:
# Path to private key that will be used in TLS handshake with AcraConnector as server's key and Postgresql as client's key
tls_key:
# Log to stderr all INFO, WARNING and ERROR logs
v: false
# Turn on zone mode
zonemode_enable: false