zrok/etc/frontend.yml
2024-07-25 11:37:43 -04:00

55 lines
2.1 KiB
YAML

# The `v` field determines the configuration version. When software is released that changes the structure of the
# configuration, the software will expect this field to be incremented. This protects you against invalid configuration
# versions and will refer to you to the documentation when the configuration structure changes.
#
v: 3
# Setting the `host_match` setting will cause a `zrok access public` to ignore `Host` headers that do not contain the
# configured string. This will allow you to let a load balancer access the frontend by IP address for health check
# purposes, and will allow `Host` headers that match the configured DNS name to be routed through `zrok`.
#
#host_match: zrok.io
# Setting the `interstitial` setting to `true` will allow this frontend to offer interstitial pages if they are
# configured on the share by the controller.
#
#interstitial: true
# The OAuth configuration is used when enabling OAuth authentication with your public frontend.
#
#oauth:
# # `bind_address` is the <address:port> of the interface where the OAuth frontend listener should
# # bind
# #
# bind_address: 127.0.0.1:8181
#
# # `redirect_url` is the <scheme://address[:port]> of the URL where OAuth requests should be directed.
# #
# redirect_url: https://oauth.zrok.io
#
# # `cookie_domain` is the domain where the authentication cookies should be applied. Should likely match
# # the `host_match` specified above.
# #
# cookie_domain: zrok.io
#
# # `hash_key` is a unique key for your installation that is used to secure authentication payloads
# # with OAuth providers.
# #
# hash_key: "<yourRandomHashKey>"
#
# # `providers` contains an array of provider details enabled in your installation. Currently only
# # `google` and `github` are supported. Your configuration can include `google`, `github`, or both.
# #
# providers:
# - name: google
# client_id: <client-id>
# client_secret: <client-secret>
# - name: github
# client_id: <client-id>
# client_secret: <client-secret>
#
# The `tls` section sets the cert and key to use and enables serving over HTTPS
#
#tls:
# cert_path: "/Path/To/Cert/zrok.crt"
# key_path: "/Path/To/Cert/zrok.key"