mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-12-16 11:39:02 +08:00
61 lines
1.6 KiB
TOML
61 lines
1.6 KiB
TOML
# Put this file to one of the location, with descending priority
|
|
# ./security.toml
|
|
# $HOME/.seaweedfs/security.toml
|
|
# /etc/seaweedfs/security.toml
|
|
# this file is read by master, volume server, and filer
|
|
|
|
# the jwt signing key is read by master and volume server.
|
|
# a jwt defaults to expire after 10 seconds.
|
|
[jwt.signing]
|
|
key = ""
|
|
expires_after_seconds = 10 # seconds
|
|
|
|
# jwt for read is only supported with master+volume setup. Filer does not support this mode.
|
|
[jwt.signing.read]
|
|
key = ""
|
|
expires_after_seconds = 10 # seconds
|
|
|
|
# all grpc tls authentications are mutual
|
|
# the values for the following ca, cert, and key are paths to the PERM files.
|
|
# the host name is not checked, so the PERM files can be shared.
|
|
[grpc]
|
|
ca = ""
|
|
# Set wildcard domain for enable TLS authentication by common names
|
|
allowed_wildcard_domain = "" # .mycompany.com
|
|
|
|
[grpc.volume]
|
|
cert = ""
|
|
key = ""
|
|
allowed_commonNames = "" # comma-separated SSL certificate common names
|
|
|
|
[grpc.master]
|
|
cert = ""
|
|
key = ""
|
|
allowed_commonNames = "" # comma-separated SSL certificate common names
|
|
|
|
[grpc.filer]
|
|
cert = ""
|
|
key = ""
|
|
allowed_commonNames = "" # comma-separated SSL certificate common names
|
|
|
|
[grpc.msg_broker]
|
|
cert = ""
|
|
key = ""
|
|
allowed_commonNames = "" # comma-separated SSL certificate common names
|
|
|
|
# use this for any place needs a grpc client
|
|
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
|
|
[grpc.client]
|
|
cert = ""
|
|
key = ""
|
|
|
|
# volume server https options
|
|
# Note: work in progress!
|
|
# this does not work with other clients, e.g., "weed filer|mount" etc, yet.
|
|
[https.client]
|
|
enabled = true
|
|
[https.volume]
|
|
cert = ""
|
|
key = ""
|
|
|