Skip to content

Instantly share code, notes, and snippets.

@rainest
Created December 13, 2018 22:15
Show Gist options
  • Save rainest/4663e48c4f3393eb7b4e2de5138b608f to your computer and use it in GitHub Desktop.
Save rainest/4663e48c4f3393eb7b4e2de5138b608f to your computer and use it in GitHub Desktop.
# -----------------------
# Kong configuration file
# -----------------------
#
# The commented-out settings shown in this file represent the default values.
#
# This file is read when `kong start` or `kong prepare` are used. Kong
# generates the Nginx configuration with the settings specified in this file.
#
# All environment variables prefixed with `KONG_` and capitalized will override
# the settings specified in this file.
# Example:
# `log_level` setting -> `KONG_LOG_LEVEL` env variable
#
# Boolean values can be specified as `on`/`off` or `true`/`false`.
# Lists must be specified as comma-separated strings.
#
# All comments in this file can be removed safely, including the
# commented-out properties.
# You can verify the integrity of your settings with `kong check <conf>`.
#------------------------------------------------------------------------------
# GENERAL
#------------------------------------------------------------------------------
#prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's
# prefix path, containing temporary files
# and logs.
# Each Kong process must have a separate
# working directory.
#log_level = notice # Log level of the Nginx server. Logs are
# found at <prefix>/logs/error.log.
# Note: see http://nginx.org/en/docs/ngx_core_module.html#error_log for a list
# of accepted values.
#proxy_access_log = logs/access.log # Path for proxy port request access
# logs. Set this value to `off` to
# disable logging proxy requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
#proxy_error_log = logs/error.log # Path for proxy port request error
# logs. Granularity of these logs is
# adjusted by the `log_level`
# directive.
#admin_access_log = logs/admin_access.log # Path for Admin API request access
# logs. Set this value to `off` to
# disable logging Admin API requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
#admin_error_log = logs/error.log # Path for Admin API request error
# logs. Granularity of these logs is
# adjusted by the `log_level`
# directive.
#custom_plugins = # Comma-separated list of additional plugins
# this node should load.
# Use this property to load custom plugins
# that are not bundled with Kong.
# Plugins will be loaded from the
# `kong.plugins.{name}.*` namespace.
#anonymous_reports = on # Send anonymous usage data such as error
# stack traces to help improve Kong.
#------------------------------------------------------------------------------
# NGINX
#------------------------------------------------------------------------------
#proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
# Comma-separated list of addresses and ports on
# which the proxy server should listen.
# The proxy server is the public entrypoint of Kong,
# which proxies traffic from your consumers to your
# backend services. This value accepts IPv4, IPv6, and
# hostnames.
# Some suffixes can be specified for each pair:
# - `ssl` will require that all connections made
# through a particular address/port be made with TLS
# enabled.
# - `http2` will allow for clients to open HTTP/2
# connections to Kong's proxy server.
# - Finally, `proxy_protocol` will enable usage of the
# PROXY protocol for a given address/port.
#
# This value can be set to `off`, thus disabling
# the proxy port for this node, enabling a
# 'control-plane' mode (without traffic proxying
# capabilities) which can configure a cluster of
# nodes connected to the same database.
#proxy_url =
# Kong Proxy URL
#
# Here you may provide the lookup, or balancer,
# address for your Kong Proxy nodes.
#
# This value is commonly used in a microservices
# or service-mesh oriented architecture.
#
# Accepted format (parts in parenthesis are optional):
#
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>))
#
# Examples:
#
# - <scheme>://<IP>:<PORT>
# proxy_url = http://127.0.0.1:8000
# - SSL <scheme>://<HOSTNAME>
# proxy_url = https://proxy.domain.tld
# - <scheme>://<HOSTNAME>/<PATH>
# proxy_url = http://dev-machine/dev-285
#
# By default:
#
# Kong Manager, and Kong Portal will use
# the window request host and append the resolved
# listener port depending on the requested protocol.
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#listen for
# a description of the accepted formats for this and other *_listen values.
# Note bis: see https://www.nginx.com/resources/admin-guide/proxy-protocol/
# for more details about the `proxy_protocol` parameter.
#admin_api_uri = # Hierarchical part of a URI which is composed
# optionally of a host, port, and path at which your
# Admin interface API accepts HTTP or HTTPS traffic.
# When this config is disabled, the gui will use the
# window protocol + host and append the resolved
# admin_gui_listen HTTP/HTTPS port.
#admin_listen = 127.0.0.1:8001, 127.0.0.1:8444 ssl
# Comma-separated list of addresses and ports on
# which the Admin interface should listen.
# The Admin interface is the API allowing you to
# configure and manage Kong.
# Access to this interface should be *restricted*
# to Kong administrators *only*. This value accepts
# IPv4, IPv6, and hostnames.
# Some suffixes can be specified for each pair:
# - `ssl` will require that all connections made
# through a particular address/port be made with TLS
# enabled.
# - `http2` will allow for clients to open HTTP/2
# connections to Kong's proxy server.
# - Finally, `proxy_protocol` will enable usage of the
# PROXY protocol for a given address/port.
#
# This value can be set to `off`, thus disabling
# the Admin interface for this node, enabling a
# 'data-plane' mode (without configuration
# capabilities) pulling its configuration changes
# from the database.
#nginx_user = nobody nobody # Defines user and group credentials used by
# worker processes. If group is omitted, a
# group whose name equals that of user is
# used. Ex: [user] [group].
#nginx_worker_processes = auto # Determines the number of worker processes
# spawned by Nginx.
#nginx_daemon = on # Determines wether Nginx will run as a daemon
# or as a foreground process. Mainly useful
# for development or when running Kong inside
# a Docker environment.
#mem_cache_size = 128m # Size of the in-memory cache for database
# entities. The accepted units are `k` and
# `m`, with a minimum recommended value of
# a few MBs.
#ssl_cipher_suite = modern # Defines the TLS ciphers served by Nginx.
# Accepted values are `modern`,
# `intermediate`, `old`, or `custom`.
# Note: see https://wiki.mozilla.org/Security/Server_Side_TLS for detailed
# descriptions of each cipher suite.
#ssl_ciphers = # Defines a custom list of TLS ciphers to be
# served by Nginx. This list must conform to
# the pattern defined by `openssl ciphers`.
# This value is ignored if `ssl_cipher_suite`
# is not `custom`.
#ssl_cert = # The absolute path to the SSL certificate for
# `proxy_listen` values with SSL enabled.
#ssl_cert_key = # The absolute path to the SSL key for
# `proxy_listen` values with SSL enabled.
#client_ssl = off # Determines if Nginx should send client-side
# SSL certificates when proxying requests.
#client_ssl_cert = # If `client_ssl` is enabled, the absolute
# path to the client SSL certificate for the
# `proxy_ssl_certificate` directive. Note that
# this value is statically defined on the
# node, and currently cannot be configured on
# a per-API basis.
#client_ssl_cert_key = # If `client_ssl` is enabled, the absolute
# path to the client SSL key for the
# `proxy_ssl_certificate_key` address. Note
# this value is statically defined on the
# node, and currently cannot be configured on
# a per-API basis.
#admin_ssl_cert = # The absolute path to the SSL certificate for
# `admin_listen` values with SSL enabled.
#admin_ssl_cert_key = # The absolute path to the SSL key for
# `admin_listen` values with SSL enabled.
#upstream_keepalive = 60 # Sets the maximum number of idle keepalive
# connections to upstream servers that are
# preserved in the cache of each worker
# process. When this number is exceeded, the
# least recently used connections are closed.
#server_tokens = on # Enables or disables emitting Kong version on
# error pages and in the "Server" or "Via"
# (in case the request was proxied) response
# header field.
#latency_tokens = on # Enables or disables emitting Kong latency
# information in the "X-Kong-Proxy-Latency"
# and "X-Kong-Upstream-Latency" response
# header fields.
#trusted_ips = # Defines trusted IP addresses blocks that are
# known to send correct X-Forwarded-* headers.
# Requests from trusted IPs make Kong forward
# their X-Forwarded-* headers upstream.
# Non-trusted requests make Kong insert its
# own X-Forwarded-* headers.
#
# This property also sets the
# `set_real_ip_from` directive(s) in the Nginx
# configuration. It accepts the same type of
# values (CIDR blocks) but as a
# comma-separated list.
#
# To trust *all* /!\ IPs, set this value to
# `0.0.0.0/0,::/0`.
#
# If the special value `unix:` is specified,
# all UNIX-domain sockets will be trusted.
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html for
# examples of accepted values.
#real_ip_header = X-Real-IP # Defines the request header field whose value
# will be used to replace the client address.
# This value sets the ngx_http_realip_module
# directive of the same name in the Nginx
# configuration.
# If set to `proxy_protocol`, then at least
# one of the `proxy_listen` entries must
# have the `proxy_protocol` flag enabled.
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
# for a description of this directive.
#real_ip_recursive = off # This value sets the ngx_http_realip_module
# directive of the same name in the Nginx
# configuration.
# Note: see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
# for a description of this directive.
#client_max_body_size = 0 # Defines the maximum request body size allowed
# by requests proxied by Kong, specified in
# the Content-Length request header. If a
# request exceeds this limit, Kong will
# respond with a 413 (Request Entity Too
# Large). Setting this value to 0 disables
# checking the request body size.
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
# for further description of this parameter. Numeric values may be suffixed
# with 'k' or 'm' to denote limits in terms of kilobytes or megabytes.
#client_body_buffer_size = 8k # Defines the buffer size for reading the
# request body. If the client request body is
# larger than this value, the body will be
# buffered to disk. Note that when the body is
# buffered to disk Kong plugins that access or
# manipulate the request body may not work, so
# it is advisable to set this value as high as
# possible (e.g., set it as high as
# `client_max_body_size` to force request
# bodies to be kept in memory). Do note that
# high-concurrency environments will require
# significant memory allocations to process
# many concurrent large request bodies.
# Note: see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size
# for further description of this parameter. Numeric values may be suffixed
# with 'k' or 'm' to denote limits in terms of kilobytes or megabytes.
#error_default_type = text/plain # Default MIME type to use when the request
# `Accept` header is missing and Nginx
# is returning an error for the request.
# Accepted values are `text/plain`,
# `text/html`, `application/json`, and
# `application/xml`.
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------
# Kong will store all of its data (such as APIs, consumers and plugins) in
# either Cassandra or PostgreSQL.
#
# All Kong nodes belonging to the same cluster must connect themselves to the
# same database.
#database = postgres # Determines which of PostgreSQL or Cassandra
# this node will use as its datastore.
# Accepted values are `postgres` and
# `cassandra`.
#pg_host = 127.0.0.1 # The PostgreSQL host to connect to.
#pg_port = 5432 # The port to connect to.
#pg_user = kong # The username to authenticate if required.
#pg_password = # The password to authenticate if required.
#pg_database = kong # The database name to connect to.
#pg_ssl = off # Toggles client-server TLS connections
# between Kong and PostgreSQL.
#pg_ssl_verify = off # Toggles server certificate verification if
# `pg_ssl` is enabled.
# See the `lua_ssl_trusted_certificate`
# setting to specify a certificate authority.
#cassandra_contact_points = 127.0.0.1 # A comma-separated list of contact
# points to your cluster.
#cassandra_port = 9042 # The port on which your nodes are listening
# on. All your nodes and contact points must
# listen on the same port.
#cassandra_keyspace = kong # The keyspace to use in your cluster.
#cassandra_timeout = 5000 # Defines the timeout (in ms), for reading
# and writing.
#cassandra_ssl = off # Toggles client-to-node TLS connections
# between Kong and Cassandra.
#cassandra_ssl_verify = off # Toggles server certificate verification if
# `cassandra_ssl` is enabled.
# See the `lua_ssl_trusted_certificate`
# setting to specify a certificate authority.
#cassandra_username = kong # Username when using the
# `PasswordAuthenticator` scheme.
#cassandra_password = # Password when using the
# `PasswordAuthenticator` scheme.
#cassandra_consistency = ONE # Consistency setting to use when reading/
# writing to the Cassandra cluster.
#cassandra_lb_policy = RoundRobin # Load balancing policy to use when
# distributing queries across your Cassandra
# cluster.
# Accepted values are:
# `RoundRobin`, `RequestRoundRobin`,
# `DCAwareRoundRobin`, and
# `RequestDCAwareRoundRobin`.
# Prefer the later if and only if you are
# using a multi-datacenter cluster.
#cassandra_local_datacenter = # When using the `DCAwareRoundRobin`
# or `RequestDCAwareRoundRobin` load
# balancing policy, you must specify the name
# of the local (closest) datacenter for this
# Kong node.
#cassandra_repl_strategy = SimpleStrategy # When migrating for the first time,
# Kong will use this setting to
# create your keyspace.
# Accepted values are
# `SimpleStrategy` and
# `NetworkTopologyStrategy`.
#cassandra_repl_factor = 1 # When migrating for the first time, Kong
# will create the keyspace with this
# replication factor when using the
# `SimpleStrategy`.
#cassandra_data_centers = dc1:2,dc2:3 # When migrating for the first time,
# will use this setting when using the
# `NetworkTopologyStrategy`.
# The format is a comma-separated list
# made of <dc_name>:<repl_factor>.
#cassandra_schema_consensus_timeout = 10000 # Defines the timeout (in ms) for
# the waiting period to reach a
# schema consensus between your
# Cassandra nodes.
# This value is only used during
# migrations.
#------------------------------------------------------------------------------
# DATASTORE CACHE
#------------------------------------------------------------------------------
# In order to avoid unecessary communication with the datastore, Kong caches
# entities (such as APIs, Consumers, Credentials...) for a configurable period
# of time. It also handles invalidations if such an entity is updated.
#
# This section allows for configuring the behavior of Kong regarding the
# caching of such configuration entities.
#db_update_frequency = 5 # Frequency (in seconds) at which to check for
# updated entities with the datastore.
# When a node creates, updates, or deletes an
# entity via the Admin API, other nodes need
# to wait for the next poll (configured by
# this value) to eventually purge the old
# cached entity and start using the new one.
#db_update_propagation = 0 # Time (in seconds) taken for an entity in the
# datastore to be propagated to replica nodes
# of another datacenter.
# When in a distributed environment such as
# a multi-datacenter Cassandra cluster, this
# value should be the maximum number of
# seconds taken by Cassandra to propagate a
# row to other datacenters.
# When set, this property will increase the
# time taken by Kong to propagate the change
# of an entity.
# Single-datacenter setups or PostgreSQL
# servers should suffer no such delays, and
# this value can be safely set to 0.
#db_cache_ttl = 3600 # Time-to-live (in seconds) of an entity from
# the datastore when cached by this node.
# Database misses (no entity) are also cached
# according to this setting.
# If set to 0, such cached entities/misses
# never expire.
#------------------------------------------------------------------------------
# DNS RESOLVER
#------------------------------------------------------------------------------
# By default the DNS resolver will use the standard configuration files
# `/etc/hosts` and `/etc/resolv.conf`. The settings in the latter file will be
# overridden by the environment variables `LOCALDOMAIN` and `RES_OPTIONS` if
# they have been set.
#dns_resolver = # Comma separated list of nameservers, each
# entry in `ip[:port]` format to be used by
# Kong. If not specified the nameservers in
# the local `resolv.conf` file will be used.
# Port defaults to 53 if omitted. Accepts
# both IPv4 and IPv6 addresses.
#dns_hostsfile = /etc/hosts # The hosts file to use. This file is read
# once and its content is static in memory.
# To read the file again after modifying it,
# Kong must be reloaded.
#dns_order = LAST,SRV,A,CNAME # The order in which to resolve different
# record types. The `LAST` type means the
# type of the last successful lookup (for the
# specified name). The format is a (case
# insensitive) comma separated list.
#dns_stale_ttl = 4 # Defines, in seconds, how long a record will
# remain in cache past its TTL. This value
# will be used while the new DNS record is
# fetched in the background.
# Stale data will be used from expiry of a
# record until either the refresh query
# completes, or the `dns_stale_ttl` number of
# seconds have passed.
#dns_not_found_ttl = 30 # TTL in seconds for empty DNS responses and
# "(3) name error" responses.
#dns_error_ttl = 1 # TTL in seconds for error responses.
#dns_no_sync = off # If enabled, then upon a cache-miss every
# request will trigger its own dns query.
# When disabled multiple requests for the
# same name/type will be synchronised to a
# single query.
#------------------------------------------------------------------------------
# DEVELOPMENT & MISCELLANEOUS
#------------------------------------------------------------------------------
# Additional settings inherited from lua-nginx-module allowing for more
# flexibility and advanced usage.
#
# See the lua-nginx-module documentation for more informations:
# https://github.com/openresty/lua-nginx-module
#lua_ssl_trusted_certificate = # Absolute path to the certificate
# authority file for Lua cosockets in PEM
# format. This certificate will be the one
# used for verifying Kong's database
# connections, when `pg_ssl_verify` or
# `cassandra_ssl_verify` are enabled.
#lua_ssl_verify_depth = 1 # Sets the verification depth in the server
# certificates chain used by Lua cosockets,
# set by `lua_ssl_trusted_certificate`.
# This includes the certificates configured
# for Kong's database connections.
#lua_package_path = # Sets the Lua module search path (LUA_PATH).
# Useful when developing or using custom
# plugins not stored in the default search
# path.
#lua_package_cpath = # Sets the Lua C module search path
# (LUA_CPATH).
#lua_socket_pool_size = 30 # Specifies the size limit for every cosocket
# connection pool associated with every remote
# server.
#enforce_rbac = off # Specifies whether Admin API RBAC is enforced;
# accepts one of 'entity', 'both', 'on', or
# 'off'. When 'on' is passed, only
# endpoint-level authorization is enforced;
# when 'entity' is passed, entity-level
# authorization applies; 'both' enables both
# endpoint and entity-level authorization;
# 'off' disables both. When enabled, Kong will
# deny requests to the Admin API when a
# nonexistent or invalid RBAC authorization
# token is passed, or the RBAC user with which
# the token is associated does not have
# permissions to access/modify the requested
# resource.
#rbac_auth_header = Kong-Admin-Token # Defines the name of the HTTP request
# header from which the Admin API will
# attempt to identify the RBAC user.
#------------------------------------------------------------------------------
# ADMIN GUI
#------------------------------------------------------------------------------
#admin_gui_listen = 0.0.0.0:8002, 0.0.0.0:8445 ssl
# Admin GUI Listeners
#
# Comma-separated list of addresses and ports on which
# Kong will expose the Admin GUI. This web application
# lets you configure and manage Kong, and therefore
# should be kept private and secured.
#
# Suffixes can be specified for each pair, similarly to
# the `admin_listen` directive.
#admin_gui_url =
# Admin GUI URL
#
# Here you may provide the lookup, or balancer,
# address for your admin application.
#
# Accepted format (items in parenthesis are optional):
#
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>))
#
# Examples:
#
# - http://127.0.0.1:8003
# - https://kong-admin.test
# - http://dev-machine/dev-285
#
# By default:
#
# The application will use the window request host and
# append the resolved listener port depending on the
# requested protocol.
#admin_gui_ssl_cert =
# The absolute path to the SSL certificate for
# `admin_gui_listen` values with SSL enabled.
#admin_gui_ssl_cert_key =
# The absolute path to the SSL key for
# `admin_gui_listen` values with SSL enabled.
#admin_gui_flags = {}
# Alters the layout Admin GUI (JSON)
#admin_gui_access_log = logs/admin_gui_access.log
# Admin GUI Access Logs
#
# Here you can set an absolute or relative path for the
# Admin GUI access logs. When the path is relative,
# logs are placed in the `prefix` location.
#
# Setting this value to `off` disables access logs
# for the Admin GUI.
#admin_gui_error_log = logs/admin_gui_error.log
# Admin GUI Error Logs
#
# Here you can set an absolute or relative path for your
# Portal API access logs. When the path is relative,
# logs are placed in the `prefix` location.
#
# Setting this value to `off` disables error logs for
# the Admin GUI.
#
# Granularity can be adjusted through the `log_level`
# directive.
#admin_gui_auth =
# Admin GUI Authentication Plugin Name
#
# Here you may secure access to the Admin GUI by
# specifying an authentication plugin to use.
#
# Supported Plugins:
#
# Value to Use | Authentication Type
# ----------------------+--------------------------
# basic-auth | Basic Authentication
# ldap-auth-advanced | LDAP Authentication
#admin_gui_auth_conf =
# Admin GUI Authentication Plugin Config (JSON)
#
# Here you may specify the configuration for the
# authentication plugin you have chosen.
#
# For information about Plugin Configuration
# consult the associated plugin documentation.
#
# Example for `basic-auth`:
#
# admin_gui_auth_conf = { "hide_credentials": true }
#------------------------------------------------------------------------------
# VITALS
#------------------------------------------------------------------------------
#vitals = on # When enabled, Kong will store and report
# metrics about its performance.
#
# When running Kong in a multi-node setup,
# `vitals` entails two separate meanings
# depending on the node.
#
# On a Proxy-only node, `vitals` determines
# whether to collect data for Vitals.
#
# On an Admin-only node, `vitals` determines
# whether to display Vitals metrics and
# visualizations on the dashboard.
#vitals_strategy = database # Determines whether to use the Kong database
# (either PostgreSQL or Cassandra, as defined
# by the 'database' config value above), or a
# separate storage engine, for Vitals metrics.
# Accepted values are 'database', 'prometheus',
# or 'influxdb'.
#vitals_tsdb_address = # Defines the host and port of the TSDB server
# to which Vitals data is written and read.
# This value is only applied when the
# 'vitals_strategy` option is set to
# 'prometheus' or 'influxdb'. This value
# accepts IPv4, IPv6, and hostname values.
# If the 'vitals_strategy' is set to
# 'prometheus', this value determines the
# address of the Prometheus server from which
# Vitals data will be read. For 'influxdb'
# strategies, this value controls both the read
# and write source for Vitals data.
#vitals_statsd_address = # Defines the host and port (and an optional
# protocol) of the StatsD server to which
# Kong should write Vitals metics. This value
# is only applied when the 'vitals_strategy' is
# set to 'prometheus'. This value accepts IPv4,
# IPv6, and, hostnames. Additionally, the suffix
# 'tcp' can be specified; doing so will result
# in Kong sending StatsD metrics via TCP
# instead of the UDP (default).
#vitals_statsd_prefix = kong # Defines the prefix value attached to all
# Vitals StatsD events. This prefix is useful
# when writing metrics to a multi-tenant StatsD
# exporter or server.
#vitals_statsd_udp_packet_size = 1024 # Defines the maximum buffer size in
# which Vitals statsd metrics will be
# held and sent in batches.
# This value is defined in bytes.
#vitals_prometheus_scrape_interval = 5 # Defines the scrape_interval query
# parameter sent to the Prometheus
# server when reading Vitals data.
# This should be same as the scrape
# interval (in seconds) of the
# Prometheus server.
#------------------------------------------------------------------------------
# DEVELOPER PORTAL
#------------------------------------------------------------------------------
#portal = off
# Developer Portal Switch
#
# When enabled:
#
# Kong will expose the Dev Portal interface and
# read-only APIs on the `portal_gui_listen` address,
# and endpoints on the Admin API to manage assets.
#
# When enabled along with `portal_auth`:
#
# Kong will expose management endpoints for developer
# accounts on the Admin API and the Dev Portal API.
#portal_gui_listen = 0.0.0.0:8003, 0.0.0.0:8446 ssl
# Developer Portal GUI Listeners
#
# Comma-separated list of addresses on which Kong will
# expose the Developer Portal GUI. Suffixes can be
# specified for each pair, similarly to
# the `admin_listen` directive.
#portal_gui_protocol = http
# Developer Portal GUI protocol
#
# Here you may provide the protocol used in conjunction
# with portal_gui_host to construct the lookup, or balancer
# address for your Kong Proxy nodes.
#
# Examples: http
# https
#portal_gui_host = 127.0.0.1:8003
# Developer Portal GUI host
#
# Here you may provide the host used in conjunction
# with portal_gui_protocol to construct the lookup,
# or balancer address for your Kong Proxy nodes.
#
# Examples:
#
# - <IP>:<PORT>
# portal_gui_host = 127.0.0.1:8003
# - <HOSTNAME>
# portal_gui_host = portal_api.domain.tld
# - <HOSTNAME>/<PATH>
# portal_gui_host = dev-machine/dev-285
#portal_gui_use_subdomains = off
# Developer Portal GUI subdomain toggle
#
# By default Kong Portal uses the first namespace in
# the request path to determine workspace. By turning
# portal_gui_subdomains 'on', Kong Portal will expect
# workspace to be included in the request url as a subdomain.
#
# Example (off):
# - <scheme>://<HOSTNAME>/<WORKSPACE>/<PATH>
# http://kong-portal.com/example-workspace/index
#
# Example (on):
# - <scheme>://<WORKSPACE>.<HOSTNAME>
# http://example-workspace.kong-portal.com/index
#portal_gui_ssl_cert =
# Developer Portal GUI SSL Certificate
#
# The absolute path to the SSL certificate for
# `portal_gui_listen` values with SSL enabled.
#portal_gui_ssl_cert_key =
# Developer Portal GUI SSL Certificate Key
#
# The absolute path to the SSL key for
# `portal_gui_listen` values with SSL enabled.
#portal_api_listen = 0.0.0.0:8004, 0.0.0.0:8447 ssl
# Developer Portal API Listeners
#
# Comma-separated list of addresses on which Kong will
# expose the Developer Portal API. Suffixes can be
# specified for each pair, similarly to
# the `admin_listen` directive.
#portal_api_url =
# Developer Portal API URL
#
# Here you may provide the lookup, or balancer,
# address for your Developer Portal nodes.
#
# This value is commonly used in a microservices
# or service-mesh oriented architecture.
#
# portal_api_url is the address on which your
# Kong Dev Portal API is accessible by Kong. You
# should only set this value if your Kong Dev Portal API
# lives on a different node than your Kong Proxy.
#
# Accepted format (parts in parenthesis are optional):
#
# <scheme>://<IP / HOSTNAME>(:<PORT>(/<PATH>))
#
# Examples:
#
# - <scheme>://<IP>:<PORT>
# portal_api_url = http://127.0.0.1:8003
# - SSL <scheme>://<HOSTNAME>
# portal_api_url = https://portal_api.domain.tld
# - <scheme>://<HOSTNAME>/<PATH>
# portal_api_url = http://dev-machine/dev-285
#
# By default this value points to the local interface:
#
# - http://0.0.0.0:8004
#portal_api_ssl_cert =
# Developer Portal API SSL Certificate
#
# The absolute path to the SSL certificate for
# `portal_api_listen` values with SSL enabled.
#portal_api_ssl_cert_key =
# Developer Portal API SSL Certificate Key
#
# The absolute path to the SSL key for
# `portal_api_listen` values with SSL enabled.
#portal_api_access_log = logs/portal_api_access.log
# Developer Portal API Access Log location
#
# Here you can set an absolute or relative path for your
# Portal API access logs.
#
# Setting this value to `off` will disable logging
# Portal API access logs.
#
# When using relative pathing, logs will be placed under
# the `prefix` location.
#portal_api_error_log = logs/error.log
# Developer Portal API Error Log location
#
# Here you can set an absolute or relative path for your
# Portal API access logs.
#
# Setting this value to `off` will disable logging
# Portal API access logs.
#
# When using relative pathing, logs will be placed under
# the `prefix` location.
#
# Granularity can be adjusted through the `log_level`
# directive.
#------------------------------------------------------------------------------
# DEFAULT DEVELOPER PORTAL AUTHENTICATION
#
# Referenced on workspace creation to set Dev Portal authentication defaults
# in the database for that particular workspace.
#------------------------------------------------------------------------------
#portal_auth =
# Developer Portal Authentication Plugin Name
#
# Here you may specify the authentication plugin
# to apply to your Developer Portal. Developers
# will use the specified form of authentication
# to request access, register, and login to your
# Developer Portal.
#
# Supported Plugins:
#
# - Basic Authentication:
#
# portal_auth = basic-auth
#
# - OIDC Authentication:
#
# portal_auth = openid-connect
#
#portal_auth_conf =
# Developer Portal Authentication Plugin Config (JSON)
#
# Here you may specify the plugin configuration object
# in JSON format to be applied to your Developer
# Portal authentication.
#
# For information about Plugin Configuration
# consult the associated plugin documentation.
#
# Example for `basic-auth`:
#
# portal_auth_conf = { "hide_credentials": true }
#portal_auto_approve = off
# Developer Portal Auto Approve Access
#
# When this flag is set to "on", a developer will
# automatically be marked as "approved" after completing
# registration. Access can still be revoked through the
# Admin GUI or API.
#portal_token_exp = 21600
# Duration in seconds for the expiration of portal
# reset token.
# Default `21600` (6 hours)
#------------------------------------------------------------------------------
# DEFAULT PORTAL SMTP CONFIGURATION
#
# Referenced on workspace creation to set SMTP defaults in the database
# for that particular workspace.
#------------------------------------------------------------------------------
#portal_invite_email = on
# Enable or disable portal_invite_email
# Default `on`
#portal_access_request_email = on
# Enable or disable portal_access_request_email
# Default `on`
#portal_approved_email = on
# Enable or disable portal_approved_email
# Default `on`
#portal_reset_email = on
# Enable or disable portal_reset_email
# Default `on`
#portal_reset_success_email = on
# Enable or disable portal_reset_success_email
# Default `on`
#portal_emails_from = # The name and email address for the `From` header
# for portal emails
#
# Example
# portal_emails_from = Your Name <example@example.com>
#
# Note: Some SMTP servers will not use
# this value, but instead insert the email and name
# associated with the account.
# Default `nil`
#portal_emails_reply_to =
# Email address for the `Reply-To` header for
# portal emails
#
# Example
# portal_emails_reply_to = example@example.com
#
# Note: Some SMTP servers will not use
# this value, but instead insert the email
# associated with the account.
# Default `nil`
#------------------------------------------------------------------------------
# ADMIN SMTP CONFIGURATION
#------------------------------------------------------------------------------
#admin_emails_from = "" # The email address for the `From` header
# for admin emails
#admin_emails_reply_to = # Email address for the `Reply-To` header
# for admin emails
#admin_invitation_expiry = 259200 # Seconds before admin invitation link
# expires. 0 means no expiration.
#
# Examples:
# 259200 = 1 * 60 * 60 * 72
# ^ number of hours
#------------------------------------------------------------------------------
# GENERAL SMTP CONFIGURATION
#------------------------------------------------------------------------------
#smtp_mock = on # This flag will mock the sending of emails. This can be
# used for testing before the SMTP client is fully
# configured.
#
# Example
# smtp_mock = on - Emails will NOT attempt send.
# smtp_mock = off - Emails will attempt send.
#
# Default `on`
#smtp_host = # The host of the SMTP server to connect to.
# Default `localhost`
#smtp_port = # The port number on the SMTP server to connect to.
# Default `25`
#smtp_starttls = # When set to `on`, STARTTLS is used to encrypt
# communication with the SMTP server. This is normally
# used in conjunction with port 587.
# Default `off`
#smtp_username = # Username used for authentication with SMTP server
# Default `nil`
#smtp_password = # Password used for authentication with SMTP server
# Default `nil`
#smtp_ssl = # When set to `on`, SMTPS is used to encrypt
# communication with the SMTP server. This is normally
# used in conjunction with port 465.
# Default `off`
#smtp_auth_type = # The method used to authenticate with the SMTP server
# Valid options are `plain`, `login`, or `nil`
# Default `nil`
#smtp_domain = localhost.localdomain
# The domain used in the `EHLO` connection and part of
# the `Message-ID` header
# Default `localhost.localdomain`
#smtp_timeout_connect = 60000
# The timeout (in milliseconds) for connecting to the
# SMTP server.
# Default 60000
#smtp_timeout_send = 60000
# The timeout (in milliseconds) for sending data to the
# SMTP server.
# Default 60000
#smtp_timeout_read = 60000
# The timeout (in milliseconds) for reading data from
# the SMTP server.
# Default 60000
#smtp_admin_emails = # Comma separated list of admin emails to receive
# notifications.
# Example `admin1@example.com, admin2@example.com`
# Default `nil`
#-------------------------------------------------------------------------------
# DATA & ADMIN AUDIT
#-------------------------------------------------------------------------------
# When enabled, Kong will store detailed audit data regarding Admin API and
# database access. In most cases, updates to the database are associated with
# Admin API requests. As such, database object audit log data is tied to a
# given HTTP via a unique identifier, providing built-in association of Admin
# API and database traffic.
# audit_log = off # When enabled, Kong will log information about
# Admin API access and database row insertions,
# updates, and deletes.
# audit_log_ignore_methods = # Comma-separated list of HTTP methods that
# will not generate audit log entries. By
# default, all HTTP requests will be logged.
# audit_log_ignore_paths = # Comma-separated list of request paths that
# will not generate audit log entries. By
# default, all HTTP requests will be logged.
# audit_log_ignore_tables = # Comma-separated list of database tables that
# will not generate audit log entries. By
# default, updates to all database tables will
# be logged (the term "updates" refers to the
# creation, update, or deletion of a row).
# audit_log_record_ttl = 2592000 # Length, in seconds, of the TTL for audit log
# records. Records in the database older than
# their TTL are automatically purged.
# audit_log_signing_key = # Defines the path to a private RSA signing key
# that can be used to insert a signature of
# audit records, adjacent to the record. The
# corresponding public key should be stored
# offline, and can be used the validate audit
# entries in the future. If this value is
# undefined, no signature will be generated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment