eric/smart-city-digital-twin-martinique
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08ca495bde34e8684393d582477010074932ca4d
smart-city-digital-twin-mar…/configuration/ditto/gateway.conf

364 lines
11 KiB
Plaintext
Raw Blame History

ditto {
version = "3.8.12"
extensions {
jwt-authorization-subjects-provider = {
extension-class = org.eclipse.ditto.gateway.service.security.authentication.jwt.DittoJwtAuthorizationSubjectsProvider
}
jwt-authentication-result-provider = {
extension-class = org.eclipse.ditto.gateway.service.security.authentication.jwt.DefaultJwtAuthenticationResultProvider
extension-config = {
role = regular
jwt-authorization-subjects-provider = {
extension-class = org.eclipse.ditto.gateway.service.security.authentication.jwt.DittoJwtAuthorizationSubjectsProvider
extension-config = {
role = regular
}
}
}
}
jwt-authentication-result-provider-devops = {
extension-class = org.eclipse.ditto.gateway.service.security.authentication.jwt.DefaultJwtAuthenticationResultProvider
extension-config = {
role = devops
jwt-authorization-subjects-provider = {
extension-class = org.eclipse.ditto.gateway.service.security.authentication.jwt.DittoJwtAuthorizationSubjectsProvider
extension-config = {
role = devops
}
}
}
}
signal-enrichment-provider {
extension-class = org.eclipse.ditto.gateway.service.endpoints.utils.DefaultGatewaySignalEnrichmentProvider
extension-config = {
cache {
enabled = true
maximum-size = 20000
expire-after-create = 2m
}
}
}
http-bind-flow-provider = org.eclipse.ditto.gateway.service.endpoints.routes.LoggingHttpBindFlowProvider
websocket-config-provider = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpWebSocketConfigProvider
gateway-authentication-directive-factory = org.eclipse.ditto.gateway.service.endpoints.directives.auth.DittoGatewayAuthenticationDirectiveFactory
http-request-actor-props-factory = org.eclipse.ditto.gateway.service.endpoints.actors.DefaultHttpRequestActorPropsFactory
sse-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.sse.NoOpSseEventSniffer
streaming-authorization-enforcer = org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer
incoming-websocket-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpIncomingWebSocketEventSniffer
outgoing-websocket-event-sniffer = org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpOutgoingWebSocketEventSniffer
custom-api-routes-provider = org.eclipse.ditto.gateway.service.endpoints.routes.NoopCustomApiRoutesProvider
sse-connection-supervisor = org.eclipse.ditto.gateway.service.endpoints.routes.sse.NoOpSseConnectionSupervisor
websocket-connection-supervisor = "org.eclipse.ditto.gateway.service.endpoints.routes.websocket.NoOpWebSocketSupervisor"
connections-retrieval-actor-props-factory = org.eclipse.ditto.gateway.service.endpoints.actors.DefaultConnectionsRetrievalActorPropsFactory
}
service-name = "gateway"
mapping-strategy.implementation = "org.eclipse.ditto.gateway.service.util.GatewayMappingStrategies"
gateway {
http {
hostname = ""
hostname = ${?HOSTNAME}
hostname = ${?BIND_HOSTNAME}
port = 8080
port = ${?HTTP_PORT}
port = ${?PORT}
coordinated-shutdown-timeout = 65s
coordinated-shutdown-timeout = ${?COORDINATED_SHUTDOWN_REQUEST_TIMEOUT}
schema-versions = [2]
protocol-headers = ["X-Forwarded-Proto", "x_forwarded_proto"]
forcehttps = false
forcehttps = ${?FORCE_HTTPS}
redirect-to-https = false
redirect-to-https = ${?REDIRECT_TO_HTTPS}
redirect-to-https-blocklist-pattern = "/api.*|/ws.*|/status.*|/overall.*"
enablecors = false
enablecors = ${?ENABLE_CORS}
request-timeout = 60s
request-timeout = ${?REQUEST_TIMEOUT}
additional-accepted-media-types = ${?ADDITIONAL_ACCEPTED_MEDIA_TYPES}
query-params-as-headers = [
"accept"
"channel"
"correlation-id"
"requested-acks"
"declared-acks"
"response-required"
"timeout"
"live-channel-timeout-strategy"
"allow-policy-lockout"
"condition"
"live-channel-condition"
"at-historical-revision"
"at-historical-timestamp"
"dry-run"
]
}
streaming {
session-counter-scrape-interval = 30s
parallelism = 64
parallelism = ${?GATEWAY_STREAMING_PARALLELISM}
search-idle-timeout = 60s
search-idle-timeout = ${?GATEWAY_STREAMING_SEARCH_IDLE_TIMEOUT}
subscription-refresh-delay = 5m
subscription-refresh-delay = ${?GATEWAY_STREAMING_SUBSCRIPTION_REFRESH_DELAY}
acknowledgement {
forwarder-fallback-timeout = 65s
}
websocket {
subscriber {
backpressure-queue-size = 100
}
publisher {
backpressure-buffer-size = 200
}
throttling-rejection-factor = 1.25
throttling {
enabled = false
}
streaming-authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
}
sse {
throttling {
enabled = false
}
streaming-authorization-enforcer = "org.eclipse.ditto.gateway.service.streaming.NoOpAuthorizationEnforcer"
}
}
command {
default-timeout = ${ditto.gateway.http.request-timeout}
max-timeout = 1m
smart-channel-buffer = 10s
connections-retrieve-limit = 100
}
message {
default-timeout = 10s
max-timeout = 1m
}
claim-message {
default-timeout = 1m
max-timeout = 10m
}
dns {
address = none
address = ${?DNS_SERVER}
}
authentication {
http {
proxy {
enabled = false
enabled = ${?AUTH_HTTP_PROXY_ENABLED}
hostname = ${?AUTH_HTTP_PROXY_HOST}
port = ${?AUTH_HTTP_PROXY_PORT}
username = ${?AUTH_HTTP_PROXY_USERNAME}
password = ${?AUTH_HTTP_PROXY_PASSWORD}
}
}
oauth {
protocol = "https"
protocol = ${?OAUTH_PROTOCOL}
allowed-clock-skew = 10s
allowed-clock-skew = ${?OAUTH_ALLOWED_CLOCK_SKEW}
openid-connect-issuers = {
google = {
issuer = "accounts.google.com"
}
}
token-integration-subject = "integration:{{policy-entry:label}}:{{jwt:aud}}"
token-integration-subject = ${?OAUTH_TOKEN_INTEGRATION_SUBJECT}
}
# PRE-AUTHENTICATION = open access for /api/2/
pre-authentication {
enabled = true
}
devops {
secured = false
devops-authentication-method = "basic"
password = "ditto-devops-secret"
password = ${?DEVOPS_PASSWORD}
status-secured = false
status-authentication-method = "basic"
statusPassword = "ditto-status-secret"
statusPassword = ${?STATUS_PASSWORD}
}
}
health-check {
enabled = true
enabled = ${?HEALTH_CHECK_ENABLED}
interval = 60s
interval = ${?HEALTH_CHECK_INTERVAL}
service.timeout = 10s
service.timeout = ${?HEALTH_CHECK_SERVICE_TIMEOUT}
cluster-roles = {
enabled = true
enabled = ${?HEALTH_CHECK_ROLES_ENABLED}
expected = [
"policies"
"things"
"search"
"gateway"
"connectivity"
]
}
}
public-health {
cache-timeout = 20s
cache-timeout = ${?GATEWAY_STATUS_HEALTH_EXTERNAL_TIMEOUT}
}
cloud-events {
empty-schema-allowed = true
data-types = [
"application/json"
"application/vnd.eclipse.ditto+json"
]
}
cache {
publickeys {
maxentries = 32
expiry = 60m
maximum-size = ${ditto.gateway.cache.publickeys.maxentries}
expire-after-write = ${ditto.gateway.cache.publickeys.expiry}
}
}
statistics {
ask-timeout = 5s
ask-timeout = ${?STATISTICS_UPDATE_INTERVAL}
update-interval = 15s
update-interval = ${?STATISTICS_UPDATE_INTERVAL}
details-expire-after = 3s
details-expire-after = ${?STATISTICS_DETAILS_EXPIRE_AFTER}
shards = [
{
region = "thing"
role = "things"
root = "/user/thingsRoot"
}
{
region = "policy"
role = "policies"
root = "/user/policiesRoot"
}
{
region = "search-wildcard-updater"
role = "search"
root = "/user/thingsWildcardSearchRoot/searchUpdaterRoot"
}
]
}
}
tracing {
filter = {
includes = ["**"]
excludes = ["GET /ws/2"]
}
}
}
secrets {
devops_password {
name = "devops_password"
name = ${?DEVOPS_PASSWORD_NAME}
}
status_password {
name = "status_password"
name = ${?STATUS_PASSWORD_NAME}
}
}
pekko.http.client {
user-agent-header = eclipse-ditto/${ditto.version}
}
pekko {
actor {
default-dispatcher {
executor = "org.eclipse.ditto.internal.utils.metrics.service.executor.InstrumentedForkJoinExecutorServiceConfigurator"
}
deployment {
/gatewayRoot/proxy {
router = round-robin-pool
resizer {
lower-bound = 5
upper-bound = 100
messages-per-resize = 50
}
}
}
}
cluster {
sharding {
role = ${ditto.service-name}
passivation {
strategy = "off"
}
}
roles = ["gateway"]
}
coordinated-shutdown {
phases {
service-requests-done {
timeout = 70s
}
}
}
http {
server {
server-header = ""
request-timeout = ${ditto.gateway.http.request-timeout}
idle-timeout = 610s
max-connections = 4096
raw-request-uri-header = on
parsing {
max-uri-length = 8k
max-content-length = 1m
uri-parsing-mode = relaxed
}
websocket {
periodic-keep-alive-mode = ping
periodic-keep-alive-max-idle = 30s
}
termination-deadline-exceeded-response {
status = 502
}
}
host-connection-pool {
max-open-requests = 1024
idle-timeout = 60s
}
}
management.health-checks.readiness-checks {
gateway-http-readiness = "org.eclipse.ditto.gateway.service.health.GatewayHttpReadinessCheck"
}
management.health-checks.liveness-checks {
subsystem-health = "org.eclipse.ditto.internal.utils.health.SubsystemHealthCheck"
}
}
authentication-dispatcher {
type = Dispatcher
executor = "org.eclipse.ditto.internal.utils.metrics.service.executor.InstrumentedThreadPoolExecutorServiceConfigurator"
thread-pool-executor {
core-pool-size-min = 4
core-pool-size-factor = 2.0
core-pool-size-max = 8
}
throughput = 100
}
signal-enrichment-cache-dispatcher {
type = Dispatcher
executor = "org.eclipse.ditto.internal.utils.metrics.service.executor.InstrumentedThreadPoolExecutorServiceConfigurator"
}
Reference in New Issue View Git Blame Copy Permalink