Created
June 20, 2019 13:01
-
-
Save afoninsky/5b95d66138e83fe0c83756f2c433f4eb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// The JSON comments are somewhat brittle. Don't try anything too fancy. | |
{ | |
// Default HTTP(S) address:port to listen on for websocket and long polling clients. Either a | |
// numeric or a canonical name, e.g. ":80" or ":https". Could include a host name, e.g. | |
// "localhost:80". | |
// Could be blank: if TLS is not configured, will use ":80", otherwise ":443". | |
// Can be overridden from the command line, see option --listen. | |
"listen": ":18080", | |
// Cach-Control header for static content. 11 hours. | |
"cache_control": 39600, | |
// URL path for mounting the directory with static files. | |
"static_mount": "/", | |
// Address:port to listen for gRPC clients. Leave blank to disable gRPC support. | |
// Could be overridden from the command line with --grpc_listen. | |
"grpc_listen": ":16061", | |
// Salt for signing API key. 32 random bytes base64-encoded. Use 'keygen' to generate | |
// the API key and the salt. | |
"api_key_salt": "T713/rYYgW7g4m3vG6zGRh7+FM1t0T8j13koXScOAj4=", | |
// Maximum message size allowed from client in bytes (262144 = 256KB). | |
// Intended to prevent malicious clients from sending very large messages inband (does | |
// not affect out-of-band large files). | |
"max_message_size": 262144, | |
// Maximum number of subscribers per group topic. | |
"max_subscriber_count": 128, | |
// Maximum number of indexable tags per topic or user. | |
"max_tag_count": 16, | |
// URL path for exposing runtime stats. Disabled if the path is blank. | |
// Could be overriden from the command line with --expvar. | |
"expvar": "/debug/vars", | |
// Large media/blob handlers. | |
"media": { | |
// Media handler to use | |
"use_handler": "fs", | |
// Maximum size of uploaded file (8MB here for testing, maybe increase to 100MB = 104857600 in prod) | |
"max_size": 8388608, | |
// Garbage collection periodicity in seconds | |
"gc_period": 60, | |
// Number of unused entries to delete in one pass | |
"gc_block_size": 100, | |
// Configurations for various handlers. | |
"handlers": { | |
// File system storage. | |
"fs": { | |
// File system location to store uploaded files. In case of a cluster it | |
// must be accessible by all cluster members, i.e. a network drive. | |
"upload_dir": "uploads" | |
}, | |
// Amazon AWS S3 storage. | |
"s3":{ | |
// Use AWS console to get Access Key ID and Secret Access Key. | |
// https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ | |
"access_key_id": "your_s3_access_key_id", | |
"secret_access_key": "your_s3_secret_access_key", | |
// Region where the bucket is hosted. | |
"region": "s3 region, like us-east-2", | |
// Name of the S3 bucket. | |
"bucket": "your_s3_bucket_name", | |
// Origin URLs allowed to download files. See | |
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin | |
"cors_origins": ["*"] | |
} | |
} | |
}, | |
// TLS (httpS) configuration. Applies to both web and gRPC interfaces. | |
"tls": { | |
// Enable TLS. | |
"enabled": false, | |
// Listen for connections on this port and redirect them to HTTPS port. | |
"http_redirect": ":80", | |
// Add Strict-Transport-Security to headers, the value signifies age. | |
// Zero or negative value turns it off. | |
"strict_max_age": 604800, | |
// Letsencrypt configuration | |
"autocert": { | |
// Location of certificates. | |
"cache": "/etc/letsencrypt/live/your.domain.here", | |
// Contact address for this installation. LetsEncrypt will send | |
// messages to this address in case of problems. Replace with your | |
// own address or remove this line. | |
"email": "noreply@example.com", | |
// Domains served. Replace with your own domain name. | |
"domains": ["whatever.example.com"] | |
}, | |
// If "autocert" config is not defined, read static certificates from | |
// these locations. Ignored if "autocert" is defined. | |
"cert_file": "/etc/httpd/conf/your.domain.crt", | |
"key_file": "/etc/httpd/conf/your.domain.key" | |
}, | |
// Authentication configuration. | |
"auth_config": { | |
// Optional mapping of externally-visible authenticator names to internal names. | |
// For example use ["login-password:basic", "basic:"] to rename "basic" authenticator to | |
// "login-password" and make it unaccessible by the old name. | |
// Default is identity mapping. | |
"logical_names": [], | |
// Basic (login + password) authentication. | |
"basic": { | |
// Add 'auth-name:username' to tags making user discoverable by username. | |
"add_to_tags": true, | |
// The minimum length of a login in unicode runes, i.e. "登录" is length 2, not 6. | |
// The maximum length is 32 and it cannot be changed. | |
"min_login_length": 4, | |
// The minimum length of a password in unicode runes, "пароль" is length 6, not 12. | |
// There is no maximum length. | |
"min_password_length": 6 | |
}, | |
// Token authentication | |
"token": { | |
// Lifetime of a security token in seconds. 1209600 = 2 weeks. | |
"expire_in": 1209600, | |
// Serial number of the token. Can be used to invalidate all issued tokens at once. | |
"serial_num": 1, | |
// Secret key (HMAC salt) for signing the tokens. Generate your own then keep it secret. | |
// 32 random bytes base64 encioded. | |
"key": "wfaY2RgF2S1OQI/ZlK+LSrp1KB2jwAdGAIHQ7JZn+Kc=" | |
} | |
}, | |
// Database configuration | |
"store_config": { | |
// XTEA encryption key for user IDs and topic names. 16 random bytes base64-encoded. | |
// Generate your own and keep it secret. | |
"uid_key": "la6YsO+bNX/+XIkOqc5Svw==", | |
// Maximum number of results fetched in one DB call. | |
"max_results": 1024, | |
// Configurations of individual adapters. | |
"adapters": { | |
// MySQL configuration. See https://godoc.org/github.com/go-sql-driver/mysql#Config | |
// for other possible options. | |
"mysql": { | |
// DSN, passed unchanged to MySQL driver. The 'parseTime=true' is required. | |
// The 'collation=utf8mb4_unicode_ci' is optional but highly recommended for | |
// emoji and certain CJK characters. | |
// See https://github.com/go-sql-driver/mysql#dsn-data-source-name for syntax. | |
"dsn": "root@tcp(localhost)/tinode?parseTime=true&collation=utf8mb4_unicode_ci", | |
// Name of the main database. | |
"database": "tinode" | |
}, | |
// RethinkDB configuration. https://godoc.org/github.com/rethinkdb/rethinkdb-go#ConnectOpts | |
// for other possible options. | |
"rethinkdb": { | |
"addresses": "rethinkdb-debug-rethinkdb-debug-proxy.staging.svc.cluster.local", | |
"database": "test", | |
"username": "admin", | |
"password": "***" | |
} | |
} | |
}, | |
// Account validators (email or SMS or captcha) | |
"acc_validation": { | |
// Email validator config. | |
"email": { | |
// Restrict use of "email" namespace. | |
"add_to_tags": true, | |
// List of authentication levels which require this validation method. | |
// Remove this line to disable email validation. | |
"required": ["auth"], | |
// Configuration passed to the validator unchanged. | |
"config": { | |
// Address of the host where the Tinode server is running. This will be used | |
// in URLs in the email. | |
"host_url": "http://localhost:6060/", | |
// Address of the SMPT server to use. | |
"smtp_server": "smtp.example.com", | |
// SMTP port to use. "25" for basic email RFC 5321 (2821, 821), "587" for RFC 3207 (TLS). | |
"smtp_port": "25", | |
// Address to use for authentication and to show in From: | |
"sender": "noreply@example.com", | |
// Password of the sender. | |
"sender_password": "your-password-here", | |
// Message body template for credential validation. Uses http/template syntax. | |
"validation_body_templ": "./templ/email-validation-body.templ", | |
// Subject line for validation requests. | |
"validation_subject": "Tinode registration: confirm email", | |
// Message body template for password reset. Uses http/template syntax. | |
"reset_body_templ": "./templ/email-password-reset.templ", | |
// Subject line for password reset requests. | |
"reset_subject": "Reset Tinode password", | |
// Additional message headers (currently unused). | |
"headers": [], | |
// Allow this many confirmation attempts before blocking the credential. | |
"max_retries": 4, | |
// List of allowed email domains. Missing or empty list means any email domain is accepted. | |
"domains": [], | |
// Dummy response to accept. Remove the line in production. | |
"debug_response": "123456" | |
} | |
}, | |
// Dummy placeholder validator for SMS and voice validation. Disabled by default. | |
// Use something like twillio.com in production. | |
"tel": { | |
"add_to_tags": true, | |
"config": { | |
"template": "./templ/sms-validation.templ", | |
"max_retries": 4, | |
"debug_response": "123456" | |
} | |
} | |
}, | |
// Configuration of push notifications. | |
"push": [ | |
{ | |
// Notificator which writes to STDOUT. Useful for debugging. | |
"name":"stdout", | |
"config": { | |
// Disabled. | |
"enabled": false | |
} | |
}, | |
{ | |
// Google FCM notificator. | |
"name":"fcm", | |
"config": { | |
// Disabled. Won't work without the server key anyway. See below. | |
"enabled": false, | |
// Number of notifications to keep before they start to be dropped. | |
"buffer": 1024, | |
// Firebase project ID. | |
"project_id": "your-project-id", | |
// Service account credentials as json. | |
// See instructions how to download the service account credentials file: | |
// https://cloud.google.com/iam/docs/creating-managing-service-account-keys | |
// Then insert the file contents here. Yes, this is convoluted, but that's Google's fault. | |
"credentials": { | |
"type": "service_account", | |
"project_id": "your-project-id", | |
"private_key_id": "some-random-looking-hex-number", | |
"private_key": "-----BEGIN PRIVATE KEY----- base64-encoded bits of your private key \n-----END PRIVATE KEY-----\n", | |
"client_email": "firebase-adminsdk-abc123@your-project-id.iam.gserviceaccount.com", | |
"client_id": "1234567890123456789", | |
"auth_uri": "https://accounts.google.com/o/oauth2/auth", | |
"token_uri": "https://oauth2.googleapis.com/token", | |
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", | |
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-abc123%40your-project-id.iam.gserviceaccount.com" | |
}, | |
// An alternative way to provide Firebase service account credentials. | |
"credentials_file": "/path/to/service-account-file-with-credentials.json", | |
// Time in seconds before notification is discarded if undelivered (by Google). | |
"time_to_live": 3600, | |
// Include Android Notification. Set to false to push a data-only message. | |
"include_android_notification": false, | |
// Android resource ID to use as a notification icon. Used only if include_android_notification=true. | |
"icon": "ic_logo_push", | |
// Notification color (Android). Used only if include_android_notification=true. | |
"icon_color": "#3949AB" | |
} | |
} | |
], | |
// Cluster-mode configuration. | |
"cluster_config": { | |
// Name of this node. Can be assigned from the command line. | |
// Empty string disables clustering. | |
"self": "", | |
// List of available nodes. | |
"nodes": [ | |
// Name and TCP address of every node in the cluster. The ports 12001..12003 | |
// are cluster communication ports. They don't need to be exposed to clients. | |
{"name": "one", "addr":"localhost:12001"}, | |
{"name": "two", "addr":"localhost:12002"}, | |
{"name": "three", "addr":"localhost:12003"} | |
], | |
// Failover config. | |
"failover": { | |
// Failover is enabled. | |
"enabled": true, | |
// Time in milliseconds between heartbeats. | |
"heartbeat": 100, | |
// Initiate leader election when the leader is not available for this many heartbeats. | |
"vote_after": 8, | |
// Consider node failed when it missed this many heartbeats. | |
"node_fail_after": 16 | |
} | |
}, | |
// Configuration of plugins | |
"plugins": [ | |
{ | |
// Enable or disable this plugin. | |
"enabled": false, | |
// Name of the plugin, must be unique. | |
"name": "python_chat_bot", | |
// Timeout in microseconds. | |
"timeout": 20000, | |
// Events to send to the plugin. | |
"filters": { | |
// Account creation events. | |
"account": "C" | |
}, | |
// Error code to use in case flugin has failed. | |
"failure_code": 0, | |
// Text of an error message to report in case of plugin falure. | |
"failure_text": null, | |
// Address of the plugin. | |
"service_addr": "tcp://localhost:40051" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment