diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2021-07-04 21:38:15 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-04 21:38:15 -0700 |
| commit | 4ab25fa39533f254bb8dac780ce6b005a9dbc80c (patch) | |
| tree | 757bc2cc45fc1016cb89b33a83bc2d50554b0efa /weed/command/scaffold/security.toml | |
| parent | 5bcc77b46cd96c096bad7afbd8544496d828cff6 (diff) | |
| parent | 5dbbe19c8b3d7081de90f282189cc9589d29581c (diff) | |
| download | seaweedfs-4ab25fa39533f254bb8dac780ce6b005a9dbc80c.tar.xz seaweedfs-4ab25fa39533f254bb8dac780ce6b005a9dbc80c.zip | |
Merge pull request #2181 from bingoohuang/master
extract embed toml example to separate files
Diffstat (limited to 'weed/command/scaffold/security.toml')
| -rw-r--r-- | weed/command/scaffold/security.toml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/weed/command/scaffold/security.toml b/weed/command/scaffold/security.toml new file mode 100644 index 000000000..0c69b2f24 --- /dev/null +++ b/weed/command/scaffold/security.toml @@ -0,0 +1,60 @@ +# Put this file to one of the location, with descending priority +# ./security.toml +# $HOME/.seaweedfs/security.toml +# /etc/seaweedfs/security.toml +# this file is read by master, volume server, and filer + +# the jwt signing key is read by master and volume server. +# a jwt defaults to expire after 10 seconds. +[jwt.signing] +key = "" +expires_after_seconds = 10 # seconds + +# jwt for read is only supported with master+volume setup. Filer does not support this mode. +[jwt.signing.read] +key = "" +expires_after_seconds = 10 # seconds + +# all grpc tls authentications are mutual +# the values for the following ca, cert, and key are paths to the PERM files. +# the host name is not checked, so the PERM files can be shared. +[grpc] +ca = "" +# Set wildcard domain for enable TLS authentication by common names +allowed_wildcard_domain = "" # .mycompany.com + +[grpc.volume] +cert = "" +key = "" +allowed_commonNames = "" # comma-separated SSL certificate common names + +[grpc.master] +cert = "" +key = "" +allowed_commonNames = "" # comma-separated SSL certificate common names + +[grpc.filer] +cert = "" +key = "" +allowed_commonNames = "" # comma-separated SSL certificate common names + +[grpc.msg_broker] +cert = "" +key = "" +allowed_commonNames = "" # comma-separated SSL certificate common names + +# use this for any place needs a grpc client +# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload" +[grpc.client] +cert = "" +key = "" + +# volume server https options +# Note: work in progress! +# this does not work with other clients, e.g., "weed filer|mount" etc, yet. +[https.client] +enabled = true +[https.volume] +cert = "" +key = "" + |