Last active
January 24, 2017 16:17
-
-
Save sax1johno/9ce5b6b93859167fb84c62e53b8d1184 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## RESTHeart Configuration File. | |
--- | |
#### Listeners | |
# Listeners allow to specify the protocol, ip, port and to use. | |
# The supported protocols are: http, https and ajp. You can setup a listener per protocol (up to 3). | |
# WARNING: RESTHeart uses basic authentication; usernames and passwords are sent over the net on each request. | |
# Using the http listener is not secure: users credentials can be sniffed by a man-in-the-middle attack. | |
# Use the http listener only on trusted environments. | |
https-listener: true | |
https-host: 0.0.0.0 | |
https-port: 4443 | |
http-listener: true | |
http-host: 0.0.0.0 | |
http-port: 8080 | |
ajp-listener: false | |
ajp-host: 0.0.0.0 | |
ajp-port: 8009 | |
#### SSL Configuration | |
# Configure the keystore to enable the https listener. | |
# RESTHeart comes with a self-signed certificate that makes straightforward enabling https. | |
# Specify use-embedded-keystore: true to use it (this is the default setting). | |
# Using the self-signed certificate leads to issues with some clients; | |
# for instance, with curl you need to specify the "--insecure" option or you'll get an error message. | |
use-embedded-keystore: true | |
# To use your own certificate you need to import it (and eventually the CA certificates chain) into a java keystore | |
# and specify use-embedded-keystore: false and the keystore-file,keystore-password and certpassword configuration properties. | |
# Refer to the java keystore documentation for that. | |
#keystore-file: /path/to/keystore/file | |
#keystore-password: password | |
#certpassword: password | |
#### MongoDB | |
# Specify the mongodb connection using a Mongo Client URI. | |
# The format of the URI is: | |
# mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]] | |
# | |
# The URI option authSource allows to specify the authetication database, example: | |
# mongodb://user:secret@127.0.0.1/?authSource=authdb | |
# | |
# More information at http://api.mongodb.org/java/current/com/mongodb/MongoClientURI.html | |
mongo-uri: mongodb://dbuser:password@aws-us-east-1-portal.8.dblayer.com:15234/?authSource=restheart | |
# Use mongo-mounts to bind URls to mongodb resources using the out-of-the-box URL rewrite feature. | |
mongo-mounts: | |
- what: "*" | |
where: / | |
#### Static Web Resources | |
# Static web resources to bind to the specified URL. | |
# The 'what' property is the path of the directory containing the resources. | |
# The path is either absolute (starting with /) or relative to the restheart.jar directory | |
# If embedded is true, the resources are either included in the restheart.jar or in the classpath | |
static-resources-mounts: | |
- what: browser | |
where: /browser | |
welcome-file: browser.html | |
secured: false | |
embedded: true | |
#### Application Logic | |
# RESTHeart has a pipeline architecture where specialized undertow handlers are chained to serve the requests. | |
# In order to provide additional application logic, custom hanlders pipes can be bound under the /_logic URL. | |
# The custom hanlder must extends the org.restheart.handlers.ApplicationLogicHandler class | |
# Use application-logic-mounts to configure custom handlers. | |
# In the following example two built-in application logic handlers are defined: | |
# PingHandler bound to /_logic/ping that implements a simple ping service | |
# GetRoleHandler bound to /_logic/roles that returns the current user authentication status and eventually its roles | |
# CacheInvalidator bound to /_logic/ic that invalidates a db or collection cache entry | |
application-logic-mounts: | |
- what: org.restheart.handlers.applicationlogic.PingHandler | |
where: /ping | |
secured: false | |
args: | |
msg: "ciao from the restheart team" | |
- what: org.restheart.handlers.applicationlogic.GetRoleHandler | |
where: /roles | |
secured: false | |
args: | |
url: /_logic/roles | |
- what: org.restheart.handlers.applicationlogic.CacheInvalidator | |
where: /ic | |
secured: true | |
### Metadata Named Singletons | |
# Metadata implementation can rely on singletons, this section configures the | |
# singleton factory #org.restheart.hal.metadata.singletons.NamedSingletonsFactory | |
metadata-named-singletons: | |
# Checkers group used by handler: | |
# org.restheart.handlers.metadata.CheckMetadataHandler | |
# More information in checkers javadoc | |
- group: checkers | |
interface: org.restheart.hal.metadata.singletons.Checker | |
singletons: | |
- name: jsonSchema | |
class: org.restheart.hal.metadata.singletons.JsonSchemaChecker | |
- name: checkContent | |
class: org.restheart.hal.metadata.singletons.JsonPathConditionsChecker | |
- name: checkContentSize | |
class: org.restheart.hal.metadata.singletons.ContentSizeChecker | |
# Checkers group used by handlers: | |
# org.restheart.handlers.metadata.RequestTransformerMetadataHandler and | |
# org.restheart.handlers.metadata.ResponseTransformerMetadataHandler | |
# More information in transformers javadoc | |
- group: transformers | |
interface: org.restheart.hal.metadata.singletons.Transformer | |
singletons: | |
- name: addRequestProperties | |
class: org.restheart.hal.metadata.singletons.RequestPropsInjecterTransformer | |
- name: filterProperties | |
class: org.restheart.hal.metadata.singletons.FilterTransformer | |
- name: stringsToOids | |
class: org.restheart.hal.metadata.singletons.ValidOidsStringsAsOidsTransformer | |
- name: oidsToStrings | |
class: org.restheart.hal.metadata.singletons.OidsAsStringsTransformer | |
# WebHook group used by handler: | |
# org.restheart.handlers.metadata.WebHookHandler | |
# More information in webhook javadoc | |
- group: webhooks | |
interface: org.restheart.hal.metadata.singletons.WebHook | |
singletons: | |
- name: snooper | |
class: org.restheart.hal.metadata.singletons.SnooperWebHook | |
### Security | |
# The security is configured by setting: | |
# idm: the Identity Manager responsible of authentication | |
# access-manager: the Access Manager responsible of authorization | |
# The RESTHeart security is pluggable and you can provide you own implementation of both IDM and AM. | |
# The provided default implementations of IDM and AM are SimpleFileIdentityManager, DbIdentityManager and SimpleAccessManager. | |
# conf-file paths are either absolute (starting with /) or relative to the restheart.jar file path | |
# idm: | |
# implementation-class: org.restheart.security.impl.SimpleFileIdentityManager | |
# conf-file: ./etc/security.yml | |
# access-manager: | |
# implementation-class: org.restheart.security.impl.SimpleAccessManager | |
# conf-file: ./etc/security.yml | |
# Authentication Token | |
# Note: you need to pay attention to the authentitcation token in case of multi-node deployments (horizontal scalability). | |
# In this case, you need to either disable it or use a load balancer with the sticky session option | |
# or use a distributed auth token cache implementation (not provided in the current version). | |
# auth-token-enabled: true | |
# auth-token-ttl: 15 | |
#### Logging | |
# enable-log-console: true => log messages to the console (default value: true) | |
# enable-log-file: true => log messages to a file (default value: true) | |
# log-file-path: to specify the log file path (default value: restheart.log in system temporary directory) | |
# log-level: to set the log level. Value can be OFF, ERROR, WARN, INFO, DEBUG, TRACE and ALL. (default value is INFO) | |
# requests-log-level: log the request-response. 0 => no log, 1 => light log, 2 => detailed dump | |
# WARNING: use requests-log-level level 2 only for development purposes, it logs user credentials (Authorization and Auth-Token headers) | |
enable-log-file: false | |
#log-file-path: /tmp/restheart.log | |
enable-log-console: true | |
log-level: INFO | |
requests-log-level: 1 | |
#### ETag policy | |
# the following configuration defines the default etag check policy | |
# the policy applies for dbs, collections (also applies to file buckets) and documents | |
# valid values are REQUIRED, REQUIRED_FOR_DELETE, OPTIONAL | |
etag-check-policy: | |
db: REQUIRED_FOR_DELETE | |
coll: REQUIRED_FOR_DELETE | |
doc: OPTIONAL | |
#### Performace Settings | |
## Eager DB Cursor Preallocation Policy | |
# In big collections, reading a far page involves skipping the db cursor for many documents resulting in a performance bottleneck | |
# For instance, with default pagesize of 100, a GET with page=50.000 involves 500.000 skips on the db cursor. | |
# The eager db cursor preallocation engine boosts up performaces (in some use cases, up to 1000%). the following options control its behavior. | |
eager-cursor-allocation-pool-size: 100 | |
eager-cursor-allocation-linear-slice-width: 1000 | |
eager-cursor-allocation-linear-slice-delta: 100 | |
eager-cursor-allocation-linear-slice-heights: [ 1 ] | |
eager-cursor-allocation-random-max-cursors: 20 | |
eager-cursor-allocation-random-slice-min-width: 1000 | |
# In order to save bandwitdth RESTHeart can force requests to support the giz encoding (if not, requests will be rejected) | |
force-gzip-encoding: false | |
# local-cache allows to cache the db and collection properties to drammatically improve performaces. | |
# Without caching, a GET on a document would requires two additional queries to retrieve the db and the collection properties. | |
# Pay attention to local caching only in case of multi-node deployments (horizontal scalability). | |
# In this case a change in a db or collection properties would reflect on other nodes at worst after the TTL (cache entries time to live). | |
# In most of the cases Dbs and collections properties only change at development time. | |
local-cache-enabled: true | |
# TTL in milliseconds; specify a value < 0 to never expire cached entries | |
local-cache-ttl: 1000 | |
# Limit for the maximum number of concurrent requests being served | |
requests-limit: 1000 | |
# Number of I/O threads created for non-blocking tasks. at least 2. suggested value: core*2 | |
io-threads: 2 | |
# Number of threads created for blocking tasks (such as ones involving db access). suggested value: core*16 | |
worker-threads: 8 | |
# Use 16k buffers for best performance - as in linux 16k is generally the default amount of data that can be sent in a single write() call | |
buffer-size: 16384 | |
buffers-per-region: 20 | |
# Should the buffer pool use direct buffers, this instructs the JVM to use native (if possible) I/O operations on the buffers | |
direct-buffers: true | |
#### Connetction Options | |
## see http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#common-listener-options | |
connection-options: | |
# The maximum size of a HTTP header block, in bytes. | |
# If a client sends more data that this as part of the request header then the connection will be closed. | |
# Defaults to 1Mbyte. | |
MAX_HEADER_SIZE: 1048576 | |
# The default maximum size of a request entity. | |
# Defaults to unlimited. | |
MAX_ENTITY_SIZE: -1 | |
#The default maximum size of the HTTP entity body when using the mutiltipart parser. | |
# Generall this will be larger than MAX_ENTITY_SIZE | |
# If this is not specified it will be the same as MAX_ENTITY_SIZE | |
MULTIPART_MAX_ENTITY_SIZE: -1 | |
# The idle timeout in milliseconds after which the channel will be closed. | |
# If the underlying channel already has a read or write timeout set | |
# the smaller of the two values will be used for read/write timeouts. | |
# Defaults to unlimited (-1). | |
IDLE_TIMEOUT: -1 | |
# The maximum allowed time of reading HTTP request in milliseconds. | |
# -1 or missing value disables this functionality. | |
REQUEST_PARSE_TIMEOUT: -1 | |
# The amount of time the connection can be idle with no current requests | |
# before it is closed; | |
# Defaults to unlimited (-1). | |
NO_REQUEST_TIMEOUT: -1 | |
# The maximum number of query parameters that are permitted in a request. | |
# If a client sends more than this number the connection will be closed. | |
# This limit is necessary to protect against hash based denial of service attacks. | |
# Defaults to 1000. | |
MAX_PARAMETERS: 1000 | |
# The maximum number of headers that are permitted in a request. | |
# If a client sends more than this number the connection will be closed. | |
# This limit is necessary to protect against hash based denial of service attacks. | |
# Defaults to 200. | |
MAX_HEADERS: 200 | |
# The maximum number of cookies that are permitted in a request. | |
# If a client sends more than this number the connection will be closed. | |
# This limit is necessary to protect against hash based denial of service attacks. | |
# Defaults to 200. | |
MAX_COOKIES: 200 | |
# The charset to use to decode the URL and query parameters. | |
# Defaults to UTF-8. | |
URL_CHARSET: UTF-8 | |
# If this is true then a Connection: keep-alive header will be added to responses, | |
# even when it is not strictly required by the specification. | |
# Defaults to true | |
ALWAYS_SET_KEEP_ALIVE: true | |
# If this is true then a Date header will be added to all responses. | |
# The HTTP spec says this header should be added to all responses, | |
# unless the server does not have an accurate clock. | |
# Defaults to true | |
ALWAYS_SET_DATE: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment