-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverconfig.json.example
214 lines (187 loc) · 8.89 KB
/
serverconfig.json.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
{
// Port to listen on. Overriden by the --port command line setting.
port: 3001,
// List of domains which the server is willing to proxy for. Subdomains are included automatically.
allowProxyFor : [
"nicta.com.au",
"gov.au",
"csiro.au"
],
singlePageRouting: {
resolvePathRelativeToWwwroot: "/index.html",
// Whether to route unmatched routes to /index.html and let the frontend resolve the route
resolveUnmatchedPathsWithIndexHtml: false
},
// If this setting is true, the allowProxyFor list is ignored, and all requests are accepted.
proxyAllDomains: false,
// The largest size, in bytes, of data that the proxy will send in a POST request
proxyPostSizeLimit: 102400,
// List of directories where init (catalog) files will be sought, before defaulting to wwwroot/init. This helps with managing catalog files
// separately from the main codebase.
initPaths: [ "../randominits" ],
// Optional: IP addresses to refuse to proxy for, even if they're resolved from a hostname that we would ordinarily allow.
// The default is as shown here. If your server has access to an IP range that is not accessible to clients of the proxy, and you
// want to ensure that the client can't get access to it through the proxy, it is vital that you add that IP range to this list.
blacklistedAddresses: [
// loopback addresses
"127.0.0.0/8",
"::1/128",
// link local addresses
"169.254.0.0/16",
"fe80::/10",
// private network addresses
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
"fc00::/7",
// other
"0.0.0.0/8",
"100.64.0.0/10",
"192.0.0.0/24",
"192.0.2.0/24",
"198.18.0.0/15",
"192.88.99.0/24",
"198.51.100.0/24",
"203.0.113.0/24",
"224.0.0.0/4",
"240.0.0.0/4",
"255.255.255.255/32",
"::/128",
"2001:db8::/32",
"ff00::/8"
],
// Pass requests through to another proxy upstream.
upstreamProxy: "proxy.example.com",
// Hosts in this list will not be passed through to the upstream proxy.
bypassUpstreamProxyFor: [
"server.example.com"
],
// List of URLs and parameters to request tokens.
// Be careful using this configuration as this configuration effectively currently opens up access to these services and allows anyone to
// anonymously mint tokens for the specified server using these credentials.
"esriTokenAuth": {
"postSizeLimit": 1024,
"servers": {
"https://example.com/somelayer": {
"username": "myusername",
"password": "mypassword",
"tokenUrl": "https://example.com/tokens/generateToken"
}
}
}
// Enables and configures the feedback service. This service accepts posted JSON like:
// {
// "name":"My Name",
// "email":"myemail@example.com",
// "comment":"This thing is so great! yeah!"
// }
// And creates a GitHub issue based on the feedback.
feedback: {
userAgent: "TerriaBot (TerriaJS Feedback)",
issuesUrl: "https://api.github.com/repos/TerriaJS/NationalMap-Feedback/issues",
accessToken: "provide your GitHub access token here",
// Add additional suported feedback parameters if required on a custom feedback form.
// name gives the key that the parameter uses and descriptiveLabel is used as the title for the parameter in the GitHub issue description.
additionalParameters: [
{
name: "organisation",
descriptiveLabel: "Organisation"
{
]
},
// The value of the Express "trust proxy" application setting. Set this to true if you want to provide publicly usable URLs behind a reverse proxy
// See http://expressjs.com/en/api.html#trust.proxy.options.table
trustProxy: false,
// Add very simple HTTP basic authentication with a single username/password for all users.
// All services are authenticated except /ping.
basicAuthentication: {
username: "myusername",
password: "mypassword"
},
// Rate limits basic authentication requests. These settings are ignored if `basicAuthentication` is not
// configured. Note that this uses simple in-memory storage of requests,
// which means that the actual allowed rate will be higher when multiple terriajs-server processes
// are used. The first two wait times after `freeRetries` are `minWait`. Successive wait times are
// the sum of the two previous wait times, up to `maxWait`.
// The defaults are as shown here.
rateLimit: {
// The number of retries the user gets before they need to start waiting.
freeRetries: 2,
// The initial wait time (in milliseconds) after the free retries above.
minWait: 200,
// The maximum time that the user will need to wait.
maxWait: 60000
},
// Services for creating and/or resolving share URLs (or rather, the JSON that is stored in some service)
// A prefix of "foo" translates to a URL like "nationalmap.gov.au/#share=foo-12345" where 12345 is the actual
// unique key generated by the service.
shareUrlPrefixes: {
// A blank prefix resolves without the separator: .../#share=12345
"s": {
"service": "s3",
// Required: the AWS region to access
"region": "us-west-2",
// Required: an existing S3 bucket in which to store objects
"bucket": "terria-sharedata"
// Optional: The access key ID and secret access key of a user with S3 getObject and putObject permission on the above bucket
// If not provided here, you must ensure they're available as environment variables or in a shared credentials file.
// See http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/node-configuring.html
"accessKeyId": "ABC123",
"secretAccessKey": "abc+123-XYZ",
// Optional: The length of the random share key to generate (not including prefix), up to 54 characters. Defaults to the full length.
"keyLength": 16
},
"g": {
service: "gist",
// Optional: your Github access token with Gist creation privileges. If not supplied, all Gists will be created as "anonymous" and lower
// usage limits apply
// accessToken: "ABC123",
// Optional: user agent HTTP Header to set
userAgent: "My service",
// Optional: The filename to give to the gist file (default: usercatalog.json)
gistFilename: "usercatalog.json",
// Optional: The description attached to each Gist
gistDescription: "User catalog"
}
},
// Which service (of those defined above) should be used when new URLs are requested.
newShareUrlPrefix: "g",
// The largest size, in bytes, of share JSON which can be received - can also be string, it defaults to '200kb'
shareMaxRequestSize: "200kb",
// The domain at which you're running the server. Mostly used for describing the available endpoints. Defaults to "localhost"
hostName: 'example.com',
// Optional: Run TerriaJS-Server in HTTPS mode. (In production, it's probably better to use Nginx or something to do the HTTPS bit.)
https: {
// Name and location of keys. You can make self-signed certs for testing like:
// openssl req -nodes -new -x509 -keyout key.pem -out cert.pem
key: 'key.pem',
cert: 'cert.pem'
},
// True to automatically redirect `http` requests to `https`.
// If `trustProxy` is defined, the protocol will be determined from the `X-Forwarded-Proto` header
// if it exists. The default is false.
redirectToHttps: true,
// The `Strict-Transport-Security` header value to include in https responses when
// `redirectToHttps` is enabled. Ignored if `redirectToHttps` is false.
strictTransportSecurity: "max-age=63072000; includeSubDomains; preload",
// The list of hosts for which `http` access is allowed, even if `redirectToHttps` is true.
// This is mostly useful to allow non-https access to localhost in development.
// The default is `["localhost"]`.
httpAllowedHosts: [
"localhost"
],
// An array of options which you to inform which additional parameters are appended to the url querystring.
// By default no additional parameters are appended.
// A regex pattern is used to test whether parameters should be attached. Set to '.' to match everything
// Eg a request to somedomain.com/secured becomes somedomain.com/secured?apikey=123
"appendParamToQueryString": {
"somedomain.com": [
{
"regexPattern": "secured",
"params": {
"apikey": "123"
}
}
]
}
}