/
studio-config-override.yaml
332 lines (316 loc) · 16.7 KB
/
studio-config-override.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
##################################################
## Content Repository ##
##################################################
# Absolute path to repository base (all actual repositories will be under this)
studio.repo.basePath: ${env:CRAFTER_DATA_DIR}/repos
# Sandbox git repository branch for every site
# studio.repo.siteSandboxBranch: master
# Git repository branch for publishing targets are configured here
# Git repository branch for the `live` publishing target, default "live"
# studio.repo.published.live: live
# Git repository branch for the `staging` publishing target, default "staging"
# studio.repo.published.staging: staging
############################################################
## Site Configuration ##
############################################################
# Destroy site context url for preview engine
studio.configuration.site.preview.destroy.context.url: ${env:ENGINE_URL}/api/1/site/context/destroy.json?crafterSite={siteName}&token=${studio.configuration.management.previewAuthorizationToken}
# Default preview URL
studio.configuration.site.defaultPreviewUrl: ^https?://localhost:8080/?
# Default authoring URL
studio.configuration.site.defaultAuthoringUrl: ^https?://localhost:8080/studio/?
# Default GraphQL server URL
studio.configuration.site.defaultGraphqlServerUrl: ^https?://localhost:8080/?
# Studio management authorization token.
studio.configuration.management.authorizationToken: ${env:STUDIO_MANAGEMENT_TOKEN}
# Preview engine management authorization token.
studio.configuration.management.previewAuthorizationToken: ${env:ENGINE_MANAGEMENT_TOKEN}
# Protected URLs with preview engine management authorization token.
# Comma separated list of preview engine urls
studio.configuration.management.previewProtectedUrls: >-
/api/1/monitoring/log.json,
/api/1/monitoring/memory.json,
/api/1/monitoring/status.json,
/api/1/monitoring/version.json,
/api/1/site/context/id,
/api/1/site/context/destroy,
/api/1/site/context/rebuild,
/api/1/site/context/graphql/rebuild,
/api/1/site/cache/clear,
/api/1/site/cache/statistics
############################################################
## Preview Deployer ##
############################################################
# Default preview deployer URL (can be overridden per site)
studio.preview.defaultPreviewDeployerUrl: ${env:DEPLOYER_URL}/api/1/target/deploy/{siteEnv}/{siteName}
# Default preview create target URL (can be overridden per site)
studio.preview.createTargetUrl: ${env:DEPLOYER_URL}/api/1/target/create_if_not_exists
# Default preview create target URL (can be overridden per site)
studio.preview.deleteTargetUrl: ${env:DEPLOYER_URL}/api/1/target/delete-if-exists/{siteEnv}/{siteName}
# URL to the preview repository (aka Sandbox) where authors save work-in-progress
studio.preview.repoUrl: ${env:CRAFTER_DATA_DIR}/repos/sites/{siteName}/sandbox
############################################################
## Preview Search ##
############################################################
studio.preview.search.createUrl: ${env:SEARCH_URL}/api/2/admin/index/create
studio.preview.search.deleteUrl: ${env:SEARCH_URL}/api/2/admin/index/delete/{siteName}
##################################################
## Database ##
##################################################
# Crafter Studio uses an embedded MariaDB by default
# Crafter DB schema name
studio.db.schema: ${env:MARIADB_SCHEMA}
# Crafter DB connection string
studio.db.url: jdbc:mariadb://${env:MARIADB_HOST}:${env:MARIADB_PORT}/${env:MARIADB_SCHEMA}?user=${env:MARIADB_USER}&password=${env:MARIADB_PASSWD}&socketTimeout=${env:MARIADB_SOCKET_TIMEOUT}
# Connection string used to initialize database. This creates the `crafter` schema, the `crafter` user and/or upgrades the database
studio.db.initializer.url: jdbc:mariadb://${env:MARIADB_HOST}:${env:MARIADB_PORT}?user=${env:MARIADB_ROOT_USER}&password=${env:MARIADB_ROOT_PASSWD}
# Connection string if using a database with an already created schema and user (like AWS RDS)
# studio.db.initializer.url: ${studio.db.url}
# Port number for the embedded database (note this must match what's in the connection URLs in this config file)
studio.db.port: ${env:MARIADB_PORT}
# Data folder for the embedded database
studio.db.dataPath: ${env:MARIADB_DATA_DIR}
# Socket path for the embedded database
studio.db.socket: /tmp/MariaDB4j.${env:MARIADB_PORT}.sock
##################################################
## Security ##
##################################################
# Enable random admin password generation
# studio.db.initializer.randomAdminPassword.enabled: false
# Random admin password length
# studio.db.initializer.randomAdminPassword.length: 16
# Random admin password allowed chars
# studio.db.initializer.randomAdminPassword.chars: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*_=+-/
# HTTP Session timeout for studio (value is in minutes).
# studio.security.sessionTimeout: 60
# Defines security provider for accessing repository. Possible values
# - db (users are stored in database)
# - ldap (users are imported from LDAP into the database)
# - headers (use when authenticating via headers)
# studio.security.type: ldap
#
# Salt for encrypting
studio.security.cipher.salt: ${env:CRAFTER_SYSTEM_ENCRYPTION_KEY}
# Key for encrypting
studio.security.cipher.key: ${env:CRAFTER_SYSTEM_ENCRYPTION_SALT}
# Password requirements validation regular expression
# The supported capture group keys are:
# hasNumbers
# hasLowercase
# hasUppercase
# hasSpecialChars
# noSpaces
# minLength
# maxLength
# minMaxLength
# studio.security.passwordRequirements.validationRegex: ^(?=(?<hasNumbers>.*[0-9]))(?=(?<hasLowercase>.*[a-z]))(?=(?<hasUppercase>.*[A-Z]))(?=(?<hasSpecialChars>.*[~|!`,;\/@#$%^&+=]))(?<minLength>.{8,})$
# Studio authentication chain configuration
# studio.authentication.chain:
# Authentication provider type
# - provider: HEADERS
# Authentication via headers enabled
# enabled: false
# Authentication header for secure key
# secureKeyHeader: secure_key
# Authentication headers secure key that is expected to match secure key value from headers
# Typically this is placed in the header by the authentication agent
# secureKeyHeaderValue: secure
# Authentication header for username
# usernameHeader: username
# Authentication header for first name
# firstNameHeader: firstname
# Authentication header for last name
# lastNameHeader: lastname
# Authentication header for email
# emailHeader: email
# Authentication header for groups: comma separated list of sites and groups
# Example:
# site_author,site_xyz_developer
# groupsHeader: groups
# Enable/disable logout for headers authenticated users (SSO)
# logoutEnabled: false
# If logout is enabled for headers authenticated users (SSO), set the endpoint of the SP or IdP logout, which should
# be called after local logout. The {baseUrl} macro is provided so that the browser is redirected back to Studio
# after logout (https://STUDIO_SERVER:STUDIO_PORT/studio)
# logoutUrl: /YOUR_DOMAIN/logout?ReturnTo={baseUrl}
# Authentication provider type
# - provider: LDAP
# Authentication via LDAP enabled
# enabled: false
# LDAP Server url
# ldapUrl: ldap://localhost:389
# LDAP bind DN (user)
# ldapUsername: cn=Manager,dc=my-domain,dc=com
# LDAP bind password
# ldapPassword: secret
# LDAP base context (directory root)
# ldapBaseContext: dc=my-domain,dc=com
# LDAP username attribute
# usernameLdapAttribute: uid
# LDAP first name attribute
# firstNameLdapAttribute: cn
# LDAP last name attribute
# lastNameLdapAttribute: sn
# Authentication header for email
# emailLdapAttribute: mail
# LDAP groups attribute
# groupNameLdapAttribute: crafterGroup
# LDAP groups attribute name regex
# groupNameLdapAttributeRegex: .*
# LDAP groups attribute match index
# groupNameLdapAttributeMatchIndex: 0
# Authentication provider type
# - provider: DB
# Authentication via DB enabled
# enabled: true
# The key used for encryption of configuration properties
studio.security.encryption.key: ${env:CRAFTER_ENCRYPTION_KEY}
# The salt used for encryption of configuration properties
studio.security.encryption.salt: ${env:CRAFTER_ENCRYPTION_SALT}
# Defines name used for environment specific configuration. It is used for environment overrides in studio. Default value is default.
studio.configuration.environment.active: ${env:CRAFTER_ENVIRONMENT}
##################################################
## SMTP Configuration (Email) ##
##################################################
# Default value for from header when sending emails.
# studio.mail.from.default: admin@example.com
# SMTP server name to send emails.
studio.mail.host: ${env:MAIL_HOST}
# SMTP port number to send emails.
studio.mail.port: ${env:MAIL_PORT}
# SMTP username for authenticated access when sending emails.
# studio.mail.username:
# SMTP password for authenticated access when sending emails.
# studio.mail.password:
# Turn on/off (value true/false) SMTP authenaticated access protocol.
# studio.mail.smtp.auth: false
# Enable/disable (value true/false) SMTP TLS protocol when sending emails.
# studio.mail.smtp.starttls.enable: false
# Enable/disable (value true/false) SMTP EHLO protocol when sending emails.
# studio.mail.smtp.ehlo: true
# Enable/disable (value true/false) debug mode for email service. Enabling debug mode allows tracking/debugging communication between email service and SMTP server.
# studio.mail.debug: false
##################################################
## Clustering ##
##################################################
#-----------------------------------------------------------------------------
# IMPORTANT: When enabling clustering, please specify the environment variable
# SPRING_PROFILES_ACTIVE=crafter.studio.externalDb in your crafter-setenv.sh
# (or Docker/Kubernetes env variables). This will stop studio from starting
# its embedded DB. Also configure the appropiate MARIADB env variables
# -----------------------------------------------------------------------------
# Cluster Git URL format for synching members.
# - Typical SSH URL format: ssh://{username}@{localAddress}{absolutePath}
# - Typical HTTPS URL format: https://{localAddress}/repos/sites
# studio.clustering.sync.urlFormat: ssh://{username}@{localAddress}{absolutePath}
# Cluster Syncers
# Cluster member after heartbeat stale for amount of minutes will be declared inactive
# studio.clustering.heartbeatStale.timeLimit: 5
# Cluster member after being inactive for amount of minutes will be removed from cluster
# studio.clustering.inactivity.timeLimit: 5
# Cluster member registration, this registers *this* server into the pool
# Cluster node registration data, remember to uncomment the next line
# studio.clustering.node.registration:
# This server's local address (reachable to other cluster members). You can also specify a different port by
# attaching :PORT to the adddress (e.g 192.168.1.200:2222)
# localAddress: ${env:CLUSTER_NODE_ADDRESS}
# Authentication type to access this server's local repository
# possible values
# - none (no authentication needed)
# - basic (username/password authentication)
# - key (ssh authentication)
# authenticationType: none
# Username to access this server's local repository
# username: user
# Password to access this server's local repository
# password: SuperSecurePassword
# Private key to access this server's local repository (multiline string)
# privateKey: |
# -----BEGIN PRIVATE KEY-----
# privateKey
# -----END PRIVATE KEY-----
################################################################
## CORS ##
################################################################
# This is configured as permissive by default for ease of deployment
# Remember to tighten this up for production
# Disable CORS headers completely
# studio.cors.disable: false
# Value for the Access-Control-Allow-Origin header
# studio.cors.origins: '*'
# Value for the Access-Control-Allow-Headers header
# studio.cors.headers: '*'
# Value for the Access-Control-Allow-Methods header
# studio.cors.methods: '*'
# Value for the Access-Control-Allow-Credentials header
# studio.cors.credentials: true
# Value for the Access-Control-Max-Age header
# studio.cors.maxage: -1
################################################################
## Search ##
################################################################
# URLs to connect to Elasticsearch
studio.search.urls: ${env:ES_URL}
# The username for Elasticsearch
studio.search.username: ${env:ES_USERNAME}
# The password for Elasticsearch
studio.search.password: ${env:ES_PASSWORD}
# The connection timeout in milliseconds, if set to -1 the default will be used
studio.search.timeout.connect: -1
# The socket timeout in milliseconds, if set to -1 the default will be used
studio.search.timeout.socket: -1
# The number of threads to use, if set to -1 the default will be used
studio.search.threads: -1
# Indicates if keep alive should be enabled for sockets used by the search client, defaults to false
studio.search.keepAlive: false
##########################################################
## Serverless Delivery ##
##########################################################
# Indicates if serverless delivery is enabled
# studio.serverless.delivery.enabled: false
# The URL for the serverless delivery deployer create URL
# studio.serverless.delivery.deployer.target.createUrl: ${studio.preview.createTargetUrl}
# The URL for the serverless delivery deployer delete URL
# studio.serverless.delivery.deployer.target.deleteUrl: ${studio.preview.deleteTargetUrl}
# The template name for serverless deployer targets
# studio.serverless.delivery.deployer.target.template: aws-cloudformed-s3
# Replace existing target configuration if one exists?
# studio.serverless.delivery.deployer.target.replace: false
# The URL the deployer will use to clone/pull the site's published repo. When the deployer is in a separate node
# (because of clustering), this URL should be an SSH/HTTP URL to the load balancer in front of the Studios
# studio.serverless.delivery.deployer.target.remoteRepoUrl: ${env:CRAFTER_DATA_DIR}/repos/sites/{siteName}/published
# The deployer's local path where it will store the clone of the published site. This property is not needed if
# the deployer is not the preview deployer, so you can leave an empty string ('') instead
# studio.serverless.delivery.deployer.target.localRepoPath: ${env:CRAFTER_DATA_DIR}/repos/aws/{siteName}
# Parameters for the target template. Please check the deployer template documentation for the possible parameters.
# The following parameters will be sent automatically, and you don't need to specify them: env, site_name, replace,
# disable_deploy_cron, local_repo_path, repo_url, use_crafter_search
# studio.serverless.delivery.deployer.target.template.params:
# # The delivery Elasticsearch endpoint (optional is authoring is using the same one, specified in the ES_URL env variable)
# elastic_search_url:
# aws:
# # AWS region (optional if specified through default AWS chain)
# region: us-east-1
# # AWS access key (optional if specified through default AWS chain)
# default_access_key:
# # AWS secret key (optional if specified through default AWS chain)
# default_secret_key:
# cloudformation:
# # AWS access key (optional if aws.accessKey is specified)
# access_key:
# # AWS secret key (optional if aws.secretKey is specified)
# secret_key:
# # Namespace to use for CloudFormation resources (required when target template is aws-cloudformed-s3)
# namespace: myorganization
# # The domain name of the serverless delivery LB (required when target template is aws-cloudformed-s3)
# deliveryLBDomainName:
# # The SSL certificate ARN the CloudFront CDN should use (optional when target template is aws-cloudformed-s3)
# cloudfrontCertificateArn:
# # The alternate domains names (besides *.cloudfront.net) for the CloudFront CDN (optional when target template is aws-cloudformed-s3)
# alternateCloudFrontDomainNames:
##################################################
## Forwarded Headers ##
##################################################
# Indicates if Forwarded or X-Forwarded headers should be used when resolving the client-originated protocol and
# address. Enable when Studio is behind a reverse proxy or load balancer that sends these
studio.forwarded.headers.enabled: false