/restheart.yml
Created Apr 20, 2017
| ## RESTHeart Configuration File. | |
| --- | |
| #### Listeners | |
| # Listeners allow to specify the protocol, ip, port and to use. | |
| # The supported protocols are: http, https and ajp. You can setup a listener per protocol (up to 3). | |
| # WARNING: RESTHeart uses basic authentication; usernames and passwords are sent over the net on each request. | |
| # Using the http listener is not secure: users credentials can be sniffed by a man-in-the-middle attack. | |
| # Use the http listener only on trusted environments. | |
| https-listener: true | |
| https-host: 0.0.0.0 | |
| https-port: 4443 | |
| http-listener: true | |
| http-host: 0.0.0.0 | |
| http-port: 8080 | |
| ajp-listener: false | |
| ajp-host: 0.0.0.0 | |
| ajp-port: 8009 | |
| #### SSL Configuration | |
| # Configure the keystore to enable the https listener. | |
| # RESTHeart comes with a self-signed certificate that makes straightforward enabling https. | |
| # Specify use-embedded-keystore: true to use it (this is the default setting). | |
| # Using the self-signed certificate leads to issues with some clients; | |
| # for instance, with curl you need to specify the "--insecure" option or you'll get an error message. | |
| use-embedded-keystore: true | |
| # To use your own certificate you need to import it (and eventually the CA certificates chain) into a java keystore | |
| # and specify use-embedded-keystore: false and the keystore-file,keystore-password and certpassword configuration properties. | |
| # Refer to the java keystore documentation for that. | |
| #keystore-file: /path/to/keystore/file | |
| #keystore-password: password | |
| #certpassword: password | |
| #### MongoDB | |
| # Specify the mongodb connection using a Mongo Client URI. | |
| # The format of the URI is: | |
| # mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]] | |
| # | |
| # The URI option authSource allows to specify the authetication database, example: | |
| # mongodb://user:secret@127.0.0.1/?authSource=authdb | |
| # | |
| # More information at http://api.mongodb.org/java/current/com/mongodb/MongoClientURI.html | |
| mongo-uri: mongodb://dbuser:secret@aws-us-east-1-portal.8.dblayer.com:15234,aws-us-east-1-portal.7.dblayer.com:15234/?authSource=restheart | |
| # Use mongo-mounts to bind URls to mongodb resources using the out-of-the-box URL rewrite feature. | |
| mongo-mounts: | |
| - what: "*" | |
| where: / | |
| #### Static Web Resources | |
| # Static web resources to bind to the specified URL. | |
| # The 'what' property is the path of the directory containing the resources. | |
| # The path is either absolute (starting with /) or relative to the restheart.jar directory | |
| # If embedded is true, the resources are either included in the restheart.jar or in the classpath | |
| static-resources-mounts: | |
| - what: browser | |
| where: /browser | |
| welcome-file: browser.html | |
| secured: false | |
| embedded: true | |
| #### Application Logic | |
| # RESTHeart has a pipeline architecture where specialized undertow handlers are chained to serve the requests. | |
| # In order to provide additional application logic, custom hanlders pipes can be bound under the /_logic URL. | |
| # The custom hanlder must extends the org.restheart.handlers.ApplicationLogicHandler class | |
| # Use application-logic-mounts to configure custom handlers. | |
| # In the following example two built-in application logic handlers are defined: | |
| # PingHandler bound to /_logic/ping that implements a simple ping service | |
| # GetRoleHandler bound to /_logic/roles that returns the current user authentication status and eventually its roles | |
| # CacheInvalidator bound to /_logic/ic that invalidates a db or collection cache entry | |
| application-logic-mounts: | |
| - what: org.restheart.handlers.applicationlogic.PingHandler | |
| where: /ping | |
| secured: false | |
| args: | |
| msg: "ciao from the restheart team" | |
| - what: org.restheart.handlers.applicationlogic.GetRoleHandler | |
| where: /roles | |
| secured: false | |
| args: | |
| url: /_logic/roles | |
| - what: org.restheart.handlers.applicationlogic.CacheInvalidator | |
| where: /ic | |
| secured: true | |
| ### Metadata Named Singletons | |
| # Metadata implementation can rely on singletons, this section configures the | |
| # singleton factory #org.restheart.hal.metadata.singletons.NamedSingletonsFactory | |
| metadata-named-singletons: | |
| # Checkers group used by handler: | |
| # org.restheart.handlers.metadata.CheckMetadataHandler | |
| # More information in checkers javadoc | |
| - group: checkers | |
| interface: org.restheart.hal.metadata.singletons.Checker | |
| singletons: | |
| - name: jsonSchema | |
| class: org.restheart.hal.metadata.singletons.JsonSchemaChecker | |
| - name: checkContent | |
| class: org.restheart.hal.metadata.singletons.JsonPathConditionsChecker | |
| - name: checkContentSize | |
| class: org.restheart.hal.metadata.singletons.ContentSizeChecker | |
| # Checkers group used by handlers: | |
| # org.restheart.handlers.metadata.RequestTransformerMetadataHandler and | |
| # org.restheart.handlers.metadata.ResponseTransformerMetadataHandler | |
| # More information in transformers javadoc | |
| - group: transformers | |
| interface: org.restheart.hal.metadata.singletons.Transformer | |
| singletons: | |
| - name: addRequestProperties | |
| class: org.restheart.hal.metadata.singletons.RequestPropsInjecterTransformer | |
| - name: filterProperties | |
| class: org.restheart.hal.metadata.singletons.FilterTransformer | |
| - name: stringsToOids | |
| class: org.restheart.hal.metadata.singletons.ValidOidsStringsAsOidsTransformer | |
| - name: oidsToStrings | |
| class: org.restheart.hal.metadata.singletons.OidsAsStringsTransformer | |
| # WebHook group used by handler: | |
| # org.restheart.handlers.metadata.WebHookHandler | |
| # More information in webhook javadoc | |
| - group: webhooks | |
| interface: org.restheart.hal.metadata.singletons.WebHook | |
| singletons: | |
| - name: snooper | |
| class: org.restheart.hal.metadata.singletons.SnooperWebHook | |
| ### Security | |
| # The security is configured by setting: | |
| # idm: the Identity Manager responsible of authentication | |
| # access-manager: the Access Manager responsible of authorization | |
| # The RESTHeart security is pluggable and you can provide you own implementation of both IDM and AM. | |
| # The provided default implementations of IDM and AM are SimpleFileIdentityManager, DbIdentityManager and SimpleAccessManager. | |
| # conf-file paths are either absolute (starting with /) or relative to the restheart.jar file path | |
| # idm: | |
| # implementation-class: org.restheart.security.impl.SimpleFileIdentityManager | |
| # conf-file: ./etc/security.yml | |
| # access-manager: | |
| # implementation-class: org.restheart.security.impl.SimpleAccessManager | |
| # conf-file: ./etc/security.yml | |
| # Authentication Token | |
| # Note: you need to pay attention to the authentitcation token in case of multi-node deployments (horizontal scalability). | |
| # In this case, you need to either disable it or use a load balancer with the sticky session option | |
| # or use a distributed auth token cache implementation (not provided in the current version). | |
| # auth-token-enabled: true | |
| # auth-token-ttl: 15 | |
| #### Logging | |
| # enable-log-console: true => log messages to the console (default value: true) | |
| # enable-log-file: true => log messages to a file (default value: true) | |
| # log-file-path: to specify the log file path (default value: restheart.log in system temporary directory) | |
| # log-level: to set the log level. Value can be OFF, ERROR, WARN, INFO, DEBUG, TRACE and ALL. (default value is INFO) | |
| # requests-log-level: log the request-response. 0 => no log, 1 => light log, 2 => detailed dump | |
| # WARNING: use requests-log-level level 2 only for development purposes, it logs user credentials (Authorization and Auth-Token headers) | |
| enable-log-file: false | |
| #log-file-path: /tmp/restheart.log | |
| enable-log-console: true | |
| log-level: INFO | |
| requests-log-level: 1 | |
| #### ETag policy | |
| # the following configuration defines the default etag check policy | |
| # the policy applies for dbs, collections (also applies to file buckets) and documents | |
| # valid values are REQUIRED, REQUIRED_FOR_DELETE, OPTIONAL | |
| etag-check-policy: | |
| db: REQUIRED_FOR_DELETE | |
| coll: REQUIRED_FOR_DELETE | |
| doc: OPTIONAL | |
| #### Performace Settings | |
| ## Eager DB Cursor Preallocation Policy | |
| # In big collections, reading a far page involves skipping the db cursor for many documents resulting in a performance bottleneck | |
| # For instance, with default pagesize of 100, a GET with page=50.000 involves 500.000 skips on the db cursor. | |
| # The eager db cursor preallocation engine boosts up performaces (in some use cases, up to 1000%). the following options control its behavior. | |
| eager-cursor-allocation-pool-size: 100 | |
| eager-cursor-allocation-linear-slice-width: 1000 | |
| eager-cursor-allocation-linear-slice-delta: 100 | |
| eager-cursor-allocation-linear-slice-heights: [ 1 ] | |
| eager-cursor-allocation-random-max-cursors: 20 | |
| eager-cursor-allocation-random-slice-min-width: 1000 | |
| # In order to save bandwitdth RESTHeart can force requests to support the giz encoding (if not, requests will be rejected) | |
| force-gzip-encoding: false | |
| # local-cache allows to cache the db and collection properties to drammatically improve performaces. | |
| # Without caching, a GET on a document would requires two additional queries to retrieve the db and the collection properties. | |
| # Pay attention to local caching only in case of multi-node deployments (horizontal scalability). | |
| # In this case a change in a db or collection properties would reflect on other nodes at worst after the TTL (cache entries time to live). | |
| # In most of the cases Dbs and collections properties only change at development time. | |
| local-cache-enabled: true | |
| # TTL in milliseconds; specify a value < 0 to never expire cached entries | |
| local-cache-ttl: 1000 | |
| # Limit for the maximum number of concurrent requests being served | |
| requests-limit: 1000 | |
| # Number of I/O threads created for non-blocking tasks. at least 2. suggested value: core*2 | |
| io-threads: 2 | |
| # Number of threads created for blocking tasks (such as ones involving db access). suggested value: core*16 | |
| worker-threads: 8 | |
| # Use 16k buffers for best performance - as in linux 16k is generally the default amount of data that can be sent in a single write() call | |
| buffer-size: 16384 | |
| buffers-per-region: 20 | |
| # Should the buffer pool use direct buffers, this instructs the JVM to use native (if possible) I/O operations on the buffers | |
| direct-buffers: true | |
| #### Connetction Options | |
| ## see http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#common-listener-options | |
| connection-options: | |
| # The maximum size of a HTTP header block, in bytes. | |
| # If a client sends more data that this as part of the request header then the connection will be closed. | |
| # Defaults to 1Mbyte. | |
| MAX_HEADER_SIZE: 1048576 | |
| # The default maximum size of a request entity. | |
| # Defaults to unlimited. | |
| MAX_ENTITY_SIZE: -1 | |
| #The default maximum size of the HTTP entity body when using the mutiltipart parser. | |
| # Generall this will be larger than MAX_ENTITY_SIZE | |
| # If this is not specified it will be the same as MAX_ENTITY_SIZE | |
| MULTIPART_MAX_ENTITY_SIZE: -1 | |
| # The idle timeout in milliseconds after which the channel will be closed. | |
| # If the underlying channel already has a read or write timeout set | |
| # the smaller of the two values will be used for read/write timeouts. | |
| # Defaults to unlimited (-1). | |
| IDLE_TIMEOUT: -1 | |
| # The maximum allowed time of reading HTTP request in milliseconds. | |
| # -1 or missing value disables this functionality. | |
| REQUEST_PARSE_TIMEOUT: -1 | |
| # The amount of time the connection can be idle with no current requests | |
| # before it is closed; | |
| # Defaults to unlimited (-1). | |
| NO_REQUEST_TIMEOUT: -1 | |
| # The maximum number of query parameters that are permitted in a request. | |
| # If a client sends more than this number the connection will be closed. | |
| # This limit is necessary to protect against hash based denial of service attacks. | |
| # Defaults to 1000. | |
| MAX_PARAMETERS: 1000 | |
| # The maximum number of headers that are permitted in a request. | |
| # If a client sends more than this number the connection will be closed. | |
| # This limit is necessary to protect against hash based denial of service attacks. | |
| # Defaults to 200. | |
| MAX_HEADERS: 200 | |
| # The maximum number of cookies that are permitted in a request. | |
| # If a client sends more than this number the connection will be closed. | |
| # This limit is necessary to protect against hash based denial of service attacks. | |
| # Defaults to 200. | |
| MAX_COOKIES: 200 | |
| # The charset to use to decode the URL and query parameters. | |
| # Defaults to UTF-8. | |
| URL_CHARSET: UTF-8 | |
| # If this is true then a Connection: keep-alive header will be added to responses, | |
| # even when it is not strictly required by the specification. | |
| # Defaults to true | |
| ALWAYS_SET_KEEP_ALIVE: true | |
| # If this is true then a Date header will be added to all responses. | |
| # The HTTP spec says this header should be added to all responses, | |
| # unless the server does not have an accurate clock. | |
| # Defaults to true | |
| ALWAYS_SET_DATE: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment