andreas/kopano-docker
1
0
Fork 0
Code Issues 8 Pull Requests Packages Projects 1 Releases Wiki Activity
Files
521b52e66801255c514757164361f05e837e545d
kopano-docker/etc/kopano/konnectd.cfg
Andreas Balogh 521b52e668 added kopano & postifx configuration files
2022-01-21 21:24:34 +00:00

147 lines
6.5 KiB
INI
Raw Blame History

##############################################################
# Kopano Konnect SETTINGS
# OpenID Connect Issuer Identifier.
# This setting defines the OpenID Connect Issuer Identifier to be provided by
# this Konnect server. Setting this is mandatory and the setting must be a
# https URL which can be accessed by all applications and users which are to
# use this Konnect for sign-in or validation. Defaults to "https://localhost" to
# allow unconfigured startup.
#oidc_issuer_identifier=https://localhost
# Address:port specifier for where konnectd should listen for
# incoming connections. Defaults to `127.0.0.1:8777`.
#listen = 127.0.0.1:8777
# Disable TLS validation for all client request.
# When set to yes, TLS certificate validation is turned off. This is insecure
# and should not be used in production setups. Defaults to `no`.
#insecure = no
# Identity manager which provides the user backend Konnect should use. This is
# one of `kc` or `ldap`. Defaults to `kc`, which means Konnect will use a
# Kopano Groupware Storage server as backend.
#identity_manager = kc
# Full file path to a PEM encoded PKCS#1 or PKCS#5 private key which is used to
# sign tokens. This file must exist and be valid to be able to start the
# service. A suitable key can be generated with:
# `openssl genpkey -algorithm RSA \
# -out konnectd-signing-private-key.pem.pem \
# -pkeyopt rsa_keygen_bits:4096`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-signing-private-key.pem
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#signing_private_key = /etc/kopano/konnectd-signing-private-key.pem
# Key ID to use in created JWT. This setting is useful once private keys need
# to be changed because they expire. It should be a unique value identiying
# the signing_private_key. Example: `k20180912-1`. Not set by default, which
# means that Konnect uses the file name of the key file (dereferencing symlinks)
# without extension.
#signing_kid =
# JWT signing method. This must match the private key type as defined in
# signing_private_key and defaults to `PS256`.
#signing_method = PS256
# Full path to a directory containing pem encoded keys for validation. Konnect
# loads all `*.pem` files in that directory and adds the public key parts (if
# found) to the validator for received tokens using the file name without
# extension as key ID.
#validation_keys_path =
# Full file path to a encryption secret key file containing random bytes. This
# file must exist to be able to start the service. A suitable file can be
# generated with:
# `openssl rand -out konnectd-encryption-secret.key 32`
# If this is not set, Konnect will try to load
# /etc/kopano/konnectd-encryption-secret.key
# and if not found, fall back to a random key on every startup. Not set by
# default. If set, the file must be there.
#encryption_secret_key = /etc/kopano/konnectd-encryption-secret.key
# Full file path to the identifier registration configuration file. This file
# must exist to be able to start the service. An example file is shipped with
# the documentation / sources. If not set, Konnect will try to load
# /etc/kopano/konnectd-identifier-registration.yaml
# without failing when the file is not there. If set, the file must be there.
#identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
# Full file path to the identifier scopes configuration file. An example file is
# shipped with the documentation / sources. If not set, Konnect will try to
# load /etc/kopano/konnectd-identifier-scopes.yaml without failing if the file
# is not there. If set, the file must be there.
#identifier_scopes_conf = /etc/kopano/konnectd-identifier-scopes.yaml
# Path to the location of konnectd web resources. This is a mandatory setting
# since Konnect needs to find its web resources to start.
#web_resources_path = /usr/share/kopano-konnect
# Custom base path for URI endpoints for Konnect API and the identifier web
# application. This needs to be changed when Konnect is served from a path
# instead of the root of the domain.
#uri_base_path = /
# Space separated list of scopes to be accepted by this Konnect server. By
# default this is not set, which means that all scopes which are known by the
# Konnect server and its configured identifier backend are allowed.
#allowed_scopes =
# Space separated list of IP address or CIDR network ranges of remote addresses
# which are to be trusted. This is used to allow special behavior if Konnect
# runs behind a trusted proxy which injects authentication credentials into
# HTTP requests. Not set by default.
#trusted_proxies =
# Flag to enable client controlled guest support. When set to `yes`, a registered
# client can send authorize guests, by sending signed requests. Defaults to `no`.
#allow_client_guests = no
# Flag to enable dynamic client registration API. When set to `yes`, clients
# can register themselves and make authorized calls to the token endpoint.
# Defaults to `no`.
#allow_dynamic_client_registration = no
# Additional arguments to be passed to the identity manager.
#identity_manager_args =
###############################################################
# Log settings
# Log level controls the verbosity of the output log. It can be one of
# `panic`, `fatal`, `error`, `warn`, `info` or `debug`. Defaults to `info`.
#log_level = info
###############################################################
# Kopano Groupware Storage Server Identity Manager (kc)
# URI for connecting to the Kopano Groupware Storage server. This can either be
# a http(s):// URL for remote systems or a file:// URI to a socket for local
# connection. Defaults to `file:///run/kopano/server.sock` and is only used
# when the identity_manager is `kc`.
#kc_server_uri = file:///run/kopano/server.sock
# Session timeout for sessions of the Kopano Groupware Storage server in
# seconds. Access token valid duration is limited to this value and Konnect
# will expire sessions if they are inactive for the timeout duration. This value
# needs to be lower or same as the corresponding value used in the Kopano
# Groupware Storage server's configuration to avoid constant session expiration
# and recreation.
#kc_session_timeout = 300
###############################################################
# LDAP Identity Manager (ldap)
# Below are the settings for the LDAP identity manager. They are only used when
# the identity_manager is `ldap`.
#ldap_uri =
#ldap_binddn =
#ldap_bindpw =
#ldap_basedn =
#ldap_scope = sub
#ldap_login_attribute = uid
#ldap_uuid_attribute = uidNumber
#ldap_filter = (objectClass=inetOrgPerson)
Reference in New Issue View Git Blame Copy Permalink