-
Notifications
You must be signed in to change notification settings - Fork 112
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
- Loading branch information
Showing
1 changed file
with
108 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,102 +1,166 @@ | ||
# This standalone.toml config file will start a reva service that: | ||
# - authenticates requests using basic auth | ||
# - serves http requests on port 10000 | ||
# - /owncloud - ocdav: owncloud webdav api | ||
# - /data - dataprovider: file up and download | ||
# - /metrics - prometheus: metrics | ||
# - serves grpc requests on port 9999 | ||
# - authprovider - provides basic auth | ||
# - storageprovider - handles storage metadata | ||
# - usershareprovider - provides user shares | ||
# - userprovider - provides user matadata (used to look up email, displayname etc after a login) | ||
# - preferences - provides user preferences | ||
# - gateway: to lookup services and authenticate requests | ||
# - authregistry - used by the gateway to look up auth providers | ||
# - storageregistry - used by the gateway to look up storage providers | ||
|
||
[core] | ||
log_file = "stderr" | ||
log_mode = "dev" | ||
max_cpus = "100%" | ||
max_cpus = "2" # defaults to runtime.NumCPU() | ||
#tracing_enabled = false | ||
#tracing_endpoint = "localhost:6831" | ||
#tracing_collector = "http://localhost:14268/api/traces" | ||
#tracing_service_name = "revad" | ||
|
||
[log] | ||
level = "debug" | ||
mode = "console" | ||
#mode = "console" # "console" or "json" | ||
#output = "./standalone.log" | ||
|
||
[http] | ||
network = "tcp" | ||
address = "0.0.0.0:10000" | ||
enabled_services = ["datasvc", "ocdavsvc", "prometheussvc"] | ||
enabled_middlewares = ["cors", "auth"] | ||
#network = "tcp" | ||
# allow access from any host, not only localhost | ||
address = "0.0.0.0:10000" # "localhost:9998" | ||
enabled_services = ["ocdav", "dataprovider", "prometheus"] # [] | ||
enabled_middlewares = ["cors", "auth"] # [] | ||
|
||
[http.middlewares.auth] | ||
gatewaysvc = "0.0.0.0:9999" | ||
gateway = "localhost:9999" | ||
auth_type = "basic" # used to look up the authprovider in the authregistry by the gateway | ||
credential_strategy = "basic" | ||
token_strategy = "header" | ||
token_writer = "header" | ||
token_manager = "jwt" | ||
skip_methods = ["/owncloud/status.php", "/metrics"] | ||
skip_methods = ["/owncloud/status.php", "/metrics"] # [] | ||
|
||
[http.middlewares.auth.token_strategies.header] | ||
header = "X-Access-Token" | ||
[http.middlewares.auth.token_writers.header] | ||
header = "X-Access-Token" | ||
|
||
[http.middlewares.auth.token_managers.jwt] | ||
secret = "Pive-Fumkiu4" | ||
|
||
[http.services.datasvc] | ||
[http.services.dataprovider] | ||
driver = "local" | ||
prefix = "data" | ||
temp_folder = "/var/tmp/" | ||
|
||
[http.services.datasvc.drivers.local] | ||
[http.services.dataprovider.drivers.local] | ||
root = "/var/tmp/reva/data" | ||
|
||
[http.services.ocdavsvc] | ||
[http.services.ocdav] | ||
prefix = "owncloud" | ||
chunk_folder = "/var/tmp/revad/chunks" | ||
gatewaysvc = "0.0.0.0:9999" | ||
gateway = "localhost:9999" | ||
|
||
[grpc] | ||
network = "tcp" | ||
address = "0.0.0.0:9999" | ||
enabled_services = ["storageprovidersvc", "authsvc", "storageregistrysvc", "preferencessvc", "usershareprovidersvc", "gatewaysvc"] | ||
#network = "tcp" | ||
# allow access from any host, not only localhost | ||
address = "0.0.0.0:9999" # "localhost:9999" | ||
enabled_services = [ | ||
"authprovider", # provides basic auth | ||
"storageprovider", # handles storage metadata | ||
"usershareprovider", # provides user shares | ||
"userprovider", # provides user matadata (used to look up email, displayname etc after a login) | ||
"preferences", # provides user preferences | ||
"gateway", # to lookup services and authenticate requests | ||
"authregistry", # used by the gateway to look up auth providers | ||
"storageregistry", # used by the gateway to look up storage providers | ||
] | ||
enabled_interceptors = ["auth"] | ||
|
||
[grpc.interceptors.auth] | ||
token_manager = "jwt" | ||
skip_methods = ["/cs3.gatewayv0alpha.GatewayService/GenerateAccessToken", "/cs3.gatewayv0alpha.GatewayService/WhoAmI", "/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"] | ||
#header = "x-access-token" | ||
skip_methods = [ | ||
# we need to allow calls that happen during authentication | ||
"/cs3.gatewayv0alpha.GatewayService/Authenticate", | ||
"/cs3.gatewayv0alpha.GatewayService/WhoAmI", | ||
"/cs3.gatewayv0alpha.GatewayService/GetUser", | ||
"/cs3.gatewayv0alpha.GatewayService/ListAuthProviders", | ||
"/cs3.authregistryv0alpha.AuthRegistryService/ListAuthProviders", | ||
"/cs3.authregistryv0alpha.AuthRegistryService/GetAuthProvider", | ||
"/cs3.authproviderv0alpha.AuthProviderService/Authenticate", | ||
"/cs3.userproviderv0alpha.UserProviderService/GetUser", | ||
] | ||
|
||
[grpc.interceptors.auth.token_managers.jwt] | ||
secret = "Pive-Fumkiu4" | ||
|
||
[grpc.services.usershareprovidersvc] | ||
[grpc.services.usershareprovider] | ||
driver = "memory" | ||
|
||
[grpc.services.storageprovidersvc] | ||
[grpc.services.storageprovider] | ||
driver = "local" | ||
mount_path = "/" | ||
mount_id = "123e4567-e89b-12d3-a456-426655440000" | ||
data_server_url = "http://0.0.0.0:10000/data" | ||
data_server_url = "http://localhost:10000/data" | ||
# make the gateway return the storageprovider reported by the storageprovider | ||
expose_data_server = true | ||
|
||
[grpc.services.storageprovidersvc.available_checksums] | ||
[grpc.services.storageprovider.available_checksums] | ||
md5 = 100 | ||
unset = 1000 | ||
|
||
[grpc.services.storageprovidersvc.drivers.local] | ||
[grpc.services.storageprovider.drivers.local] | ||
root = "/var/tmp/reva/data" | ||
|
||
[grpc.services.authsvc] | ||
# the authprovider handles basic auth | ||
[grpc.services.authprovider] | ||
auth_manager = "json" | ||
token_manager = "jwt" | ||
user_manager = "json" | ||
userprovidersvc = "localhost:9999" | ||
|
||
[grpc.services.authsvc.token_managers.jwt] | ||
[grpc.services.authprovider.auth_managers.json] | ||
users = "./examples/users.demo.json" | ||
|
||
[grpc.services.authprovider.token_managers.jwt] | ||
secret = "Pive-Fumkiu4" | ||
|
||
[grpc.services.authsvc.user_managers.json] | ||
users = "./examples/users.demo.json" | ||
[grpc.services.userprovider] | ||
driver = "json" | ||
|
||
[grpc.services.authsvc.auth_managers.json] | ||
[grpc.services.userprovider.drivers.json] | ||
users = "./examples/users.demo.json" | ||
|
||
[grpc.services.storageregistrysvc] | ||
[grpc.services.authregistry] | ||
driver = "static" | ||
|
||
[grpc.services.storageregistrysvc.drivers.static.rules] | ||
"/" = "0.0.0.0:9999" | ||
"123e4567-e89b-12d3-a456-426655440000" = "0.0.0.0:9999" | ||
[grpc.services.authregistry.drivers.static.rules] | ||
basic = "localhost:9999" | ||
oidc = "localhost:9998" | ||
|
||
[grpc.services.storageregistry] | ||
driver = "static" | ||
|
||
[grpc.services.storageregistry.drivers.static.rules] | ||
"/" = "localhost:9999" | ||
"123e4567-e89b-12d3-a456-426655440000" = "localhost:9999" | ||
|
||
|
||
[grpc.services.gatewaysvc] | ||
storageregistrysvc = "0.0.0.0:9999" | ||
authsvc = "0.0.0.0:9999" | ||
publicshareprovidersvc = "0.0.0.0:9999" | ||
usershareprovidersvc = "0.0.0.0:9999" | ||
ocmshareprovidersvc = "0.0.0.0:9999" | ||
appregistrysvc = "0.0.0.0:9999" | ||
preferencessvc = "0.0.0.0:9999" | ||
[grpc.services.gateway] | ||
authregistrysvc = "localhost:9999" | ||
storageregistrysvc = "localhost:9999" | ||
appregistrysvc = "localhost:9999" | ||
preferencessvc = "localhost:9999" | ||
usershareprovidersvc = "localhost:9999" | ||
publicshareprovidersvc = "localhost:9999" | ||
ocmshareprovidersvc = "localhost:9999" | ||
userprovidersvc = "localhost:9999" | ||
commit_share_to_storage_grant = true | ||
datagatewaysvc = "http://0.0.0.0:10000/data" | ||
shared_secret_key = "xyz" | ||
datagateway = "http://localhost:10000/data" | ||
transfer_shared_secret = "replace-me-with-a-transfer-secret" | ||
transfer_expires = 6 # give it a moment | ||
token_manager = "jwt" | ||
|
||
[grpc.services.gateway.token_managers.jwt] | ||
secret = "Pive-Fumkiu4" |