138 lines
5.1 KiB
INI
138 lines
5.1 KiB
INI
##############################################################
|
|
# Kopano Web SETTINGS
|
|
|
|
# Site's host name.
|
|
# Full qualified host name. If set, kweb provides HTTP/HTTPS for this host
|
|
# including automatic ACME CA TLS and Content Security Policy generation. If not
|
|
# set (the default), kweb is available under all names and does not try to
|
|
# obtain a certificate via ACME.
|
|
#hostname=
|
|
|
|
# ACME CA email.
|
|
# To allow automatic TLS via ACME, the CA needs an email address. Provide your
|
|
# email address here to enable automatic TLS via ACME. If tls_acme_email and
|
|
# hostname are set, kweb will automatically manage TLS certificates unless
|
|
# explictly disabled by other settings.
|
|
#tls_acme_email =
|
|
|
|
# ACME CA subscriber agreement.
|
|
# Set to `yes` to accept the CA's subscriber agreement. If this is `no` or
|
|
# not set and kweb is otherwise configured to use ACME, kweb will log the link
|
|
# to the CA's subscriber agreement and then exit. You have to change this
|
|
# setting to `yes` to use automatic TLS via ACME.
|
|
#tls_acme_agree = no
|
|
|
|
# ACME CA server directory.
|
|
# URL to the certificate authority's ACME server directory. Default is to use
|
|
# Let's Encrypt (https://acme-v02.api.letsencrypt.org/directory).
|
|
#tls_acme_ca = https://acme-v02.api.letsencrypt.org/directory
|
|
|
|
# HTTP Strict Transport Security.
|
|
# Value for HTTP Strict Transport Security response header. Default to
|
|
# `max-age=31536000;` and is only used if hostname is set. Set explicitly to
|
|
# empty to disable.
|
|
#hsts=max-age=31536000;
|
|
|
|
# Bind address to bind the listeners.
|
|
# This setting defines where to bind kweb http listeners. By default kweb binds
|
|
# to all interfaces/ips since it needs to be available from external.
|
|
#bind=0.0.0.0
|
|
|
|
# Web root folder.
|
|
# Full path to the web root. All files below that folder are served by kweb and
|
|
# the path is used as base for otherwise relative paths.
|
|
# Default: `/usr/share/kopano-kweb/www`
|
|
#web_root = /usr/share/kopano-kweb/www
|
|
|
|
# Port for HTTPS listener.
|
|
# When TLS is enabled, kweb will serve the TLS listener on this port. Defaults
|
|
# to 9443 if `hostname` is not set and `443` otherwise.
|
|
#https_port = 443
|
|
|
|
# Port for HTTP listener.
|
|
# When TLS is disabled, kweb will serve the listener on this port. Defaults to
|
|
# 9080 if `hostname` is not set and `80` otherwise.
|
|
#http_port = 80
|
|
|
|
# HTTP/2 support.
|
|
# Set to `yes` to enable HTTP/2 support on all TLS listeners. HTTP/2 is enabled
|
|
# by default. Set to `no` to disable.
|
|
#http2 = yes
|
|
|
|
# QUIC support.
|
|
# Experimental support for QUIC. Set to `true` to enable. Default is `no`.
|
|
#quic = no
|
|
|
|
###############################################################
|
|
# Log settings
|
|
|
|
# HTTP request log file (access log in combined format).
|
|
# Full path to log file where to log HTTP requests. Not set by default which
|
|
# means requests are not logged.
|
|
#request_log_file = /var/log/kopano-kweb/access.log
|
|
|
|
###############################################################
|
|
# TLS settings
|
|
|
|
# TLS support.
|
|
# Support encrypted listeners and automatic TLS certificate creation when set
|
|
# to `yes`. Set to `no` to disable all TLS and listen on plain HTTP.
|
|
#tls = yes
|
|
|
|
# TLS certificate bundle.
|
|
# Path to a TLS certificate bundle (concatenation of the server's certificate
|
|
# followed by the CA's certificate chain). If set, the TLS listener will use
|
|
# that certificate instead of trying automatic TLS.
|
|
#tls_cert =
|
|
|
|
# TLS private key.
|
|
# Path to the server's private key file which matches the certificate bundle. It
|
|
# must match the certificate in tls_cert.
|
|
#tls_key =
|
|
|
|
# TLS protocols.
|
|
# Minimal and maximal TLS protocol versions to be offered. Defaults to TLS 1.2
|
|
# and TLS 1.3 (`tls1.2 tls1.3`).
|
|
#tls_protocols = tls1.2 tls1.3
|
|
|
|
# TLS self sign.
|
|
# By default kweb creates self signed TLS certificates on startup on if ACME is
|
|
# not possible due to missing settings. If set to `yes`, ACME is disabled and a
|
|
# self signed certificate will always be created. Default: `no`.
|
|
#tls_always_self_sign = no
|
|
|
|
# TLS must stable.
|
|
# Enables must stable for certificates managed by kweb. If this is set to `yes`
|
|
# and kweb requests certificates via ACME, those certificates will require that
|
|
# the OSCP information is stapled with the response. Defaults to `no`.
|
|
#tls_must_staple = no
|
|
|
|
###############################################################
|
|
# App settings
|
|
|
|
# Default top level redirect.
|
|
# When set, top level requests `/` will redirect to the configured value.
|
|
# Not set by default.
|
|
#default_redirect =
|
|
|
|
# Legacy support.
|
|
# To make integration into existing environments easier kwebd can act as a
|
|
# reverse proxy to allow serving requests Kopano WebApp and Z-Push running e.g.
|
|
# in Apache or Nginx. Set the address to the legacy web server here. Not set by
|
|
# default.
|
|
#legacy_reverse_proxy = 127.0.0.1:8000
|
|
|
|
###############################################################
|
|
# Limiting settings
|
|
|
|
# Rate limit tate.
|
|
# Limits Excessive access to services. Requests will be terminated with an error
|
|
# 429 (Too Many Requests) and X-RateLimit-RetryAfter is added.
|
|
# Format "rate burst unit", Defaults to "100 200 minute".
|
|
#ratelimit_rate = "100 200 minute"
|
|
|
|
# Rate limit whitelist.
|
|
# Your trusted IPs (comma separated). Defines the CIDR IP range you don't want
|
|
# to perform rate limit. Defaults to `127.0.0.1/8`.
|
|
#ratelimit_whitelist = 127.0.0.1/8
|