forked from AthenZ/authorization-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexample_config.yaml
129 lines (129 loc) · 2.89 KB
/
example_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
version: v2.0.0
server:
port: 8082
timeout: 10s
shutdownTimeout: 10s
shutdownDelay: 9s
disableKeepAlives: true
tls:
enable: true
certPath: "test/data/dummyServer.crt"
keyPath: "test/data/dummyServer.key"
caPath: "test/data/dummyCa.pem"
certRefreshPeriod: "24h"
disableCipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
enableInsecureCipherSuites:
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
healthCheck:
port: 6082
endpoint: /healthz
debug:
enable: false
port: 6083
dump: true
profiling: true
metrics:
port: 6084
athenz:
url: https://athenz.io:4443/zts/v1
timeout: 30s
caPath: _athenz_root_ca_
# caPath: /etc/ssl/cert.pem
proxy:
scheme: http
host: localhost
port: 80
bufferSize: 4096
originHealthCheckPaths: []
noAuthPaths:
- "/no-auth/any/*"
- "/no-auth/single/a?c"
- "/no-auth/no-regex/^$|([{"
preserveHost: true
transport:
tlsHandshakeTimeout: "10s"
disableKeepAlives: false
disableCompression: false
maxIdleConns: 100
maxIdleConnsPerHost: 0
maxConnsPerHost: 0
idleConnTimeout: "90s"
responseHeaderTimeout: "0"
expectContinueTimeout: "1s"
maxResponseHeaderBytes: 0
writeBufferSize: 0
readBufferSize: 0
forceAttemptHTTP2: true
dialContext:
timeout: "1s"
originLog:
statusCode:
enable: true
exclude:
- 200
authorization:
athenzDomains:
- provider-domain1
- provider-domain2
publicKey:
sysAuthDomain: sys.auth
refreshPeriod: 24h
retryDelay: ""
eTagExpiry: 168h
eTagPurgePeriod: 84h
policy:
disable: false
expiryMargin: 48h
refreshPeriod: 1h
purgePeriod: 24h
retryDelay: ""
retryAttempts: 0
mappingRules:
domain1:
- method: get
action: action
path: "/path1/{path2}"
resource: path1.{path2}
- method: get
action: action
path: "/path?param={value}"
resource: "path.{value}"
domain2:
- method: get
action: action
path: "/path1/{path2}?param={value}"
resource: "{path2}.{value}"
resourcePrefix: /public
jwk:
refreshPeriod: ""
retryDelay: ""
urls:
- http://your-jwk-set-url1
- https://your-jwk-set-url2
accessToken:
enable: true
verifyCertThumbprint: true
verifyClientID: true
authorizedClientIDs:
common_name1:
- client_id1
- client_id2
common_name2:
- client_id1
- client_id2
certBackdateDuration: 1h
certOffsetDuration: 1h
roleToken:
enable: true
roleAuthHeader: Athenz-Role-Auth
log:
level: debug
color: true