internal: centralise config for listeners to use same config system everywhere (#3367)
* centralise config for listeners to use same config system everywhere Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #3360 * add docs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9a9c826c0b
commit
2ce8e18bab
|
@ -7,11 +7,10 @@ postgresql:
|
||||||
port: 5432
|
port: 5432
|
||||||
password: 'env://POSTGRES_PASSWORD'
|
password: 'env://POSTGRES_PASSWORD'
|
||||||
|
|
||||||
web:
|
listen:
|
||||||
listen: 0.0.0.0:9000
|
listen_http: 0.0.0.0:9000
|
||||||
listen_tls: 0.0.0.0:9443
|
listen_https: 0.0.0.0:9443
|
||||||
listen_metrics: 0.0.0.0:9300
|
listen_metrics: 0.0.0.0:9300
|
||||||
outpost_port_offset: 0
|
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
host: localhost
|
host: localhost
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
@ -22,8 +21,7 @@ Required environment variables:
|
||||||
- AUTHENTIK_INSECURE: Skip SSL Certificate verification
|
- AUTHENTIK_INSECURE: Skip SSL Certificate verification
|
||||||
|
|
||||||
Optionally, you can set these:
|
Optionally, you can set these:
|
||||||
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST
|
- AUTHENTIK_HOST_BROWSER: URL to use in the browser, when it differs from AUTHENTIK_HOST`
|
||||||
- AUTHENTIK_PORT_OFFSET: Offset to add to the listening ports, i.e. value of 100 makes proxy listen on 9100`
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
|
@ -47,15 +45,6 @@ func main() {
|
||||||
fmt.Println(helpMessage)
|
fmt.Println(helpMessage)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
portOffset := 0
|
|
||||||
portOffsetS := os.Getenv("AUTHENTIK_PORT_OFFSET")
|
|
||||||
if portOffsetS != "" {
|
|
||||||
v, err := strconv.Atoi(portOffsetS)
|
|
||||||
if err != nil {
|
|
||||||
fmt.Println(err.Error())
|
|
||||||
}
|
|
||||||
portOffset = v
|
|
||||||
}
|
|
||||||
|
|
||||||
akURLActual, err := url.Parse(akURL)
|
akURLActual, err := url.Parse(akURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -72,7 +61,7 @@ func main() {
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
ac.Server = proxyv2.NewProxyServer(ac, portOffset)
|
ac.Server = proxyv2.NewProxyServer(ac)
|
||||||
|
|
||||||
err = ac.Start()
|
err = ac.Start()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -61,7 +61,7 @@ func main() {
|
||||||
g := gounicorn.NewGoUnicorn()
|
g := gounicorn.NewGoUnicorn()
|
||||||
ws := web.NewWebServer(g)
|
ws := web.NewWebServer(g)
|
||||||
g.HealthyCallback = func() {
|
g.HealthyCallback = func() {
|
||||||
if !config.Get().Web.DisableEmbeddedOutpost {
|
if !config.Get().DisableEmbeddedOutpost {
|
||||||
go attemptProxyStart(ws, u)
|
go attemptProxyStart(ws, u)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -110,7 +110,7 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
|
||||||
tw.Check()
|
tw.Check()
|
||||||
})
|
})
|
||||||
|
|
||||||
srv := proxyv2.NewProxyServer(ac, 0)
|
srv := proxyv2.NewProxyServer(ac)
|
||||||
ws.ProxyServer = srv
|
ws.ProxyServer = srv
|
||||||
ac.Server = srv
|
ac.Server = srv
|
||||||
l.Debug("attempting to start outpost")
|
l.Debug("attempting to start outpost")
|
||||||
|
|
|
@ -19,6 +19,7 @@ var cfg *Config
|
||||||
func Get() *Config {
|
func Get() *Config {
|
||||||
if cfg == nil {
|
if cfg == nil {
|
||||||
cfg = defaultConfig()
|
cfg = defaultConfig()
|
||||||
|
cfg.Setup()
|
||||||
}
|
}
|
||||||
return cfg
|
return cfg
|
||||||
}
|
}
|
||||||
|
@ -26,9 +27,11 @@ func Get() *Config {
|
||||||
func defaultConfig() *Config {
|
func defaultConfig() *Config {
|
||||||
return &Config{
|
return &Config{
|
||||||
Debug: false,
|
Debug: false,
|
||||||
Web: WebConfig{
|
Listen: ListenConfig{
|
||||||
Listen: "localhost:9000",
|
HTTP: "localhost:9000",
|
||||||
ListenTLS: "localhost:9443",
|
HTTPS: "localhost:9443",
|
||||||
|
LDAP: "localhost:3389",
|
||||||
|
LDAPS: "localhost:6636",
|
||||||
},
|
},
|
||||||
Paths: PathsConfig{
|
Paths: PathsConfig{
|
||||||
Media: "./media",
|
Media: "./media",
|
||||||
|
|
|
@ -3,11 +3,12 @@ package config
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
|
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
|
||||||
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
|
||||||
Web WebConfig `yaml:"web"`
|
Listen ListenConfig `yaml:"listen"`
|
||||||
Paths PathsConfig `yaml:"paths"`
|
Paths PathsConfig `yaml:"paths"`
|
||||||
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
|
||||||
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
|
||||||
Redis RedisConfig `yaml:"redis"`
|
Redis RedisConfig `yaml:"redis"`
|
||||||
|
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RedisConfig struct {
|
type RedisConfig struct {
|
||||||
|
@ -26,11 +27,13 @@ type RedisConfig struct {
|
||||||
CacheTimeoutReputation int `yaml:"cache_timeout_reputation" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION"`
|
CacheTimeoutReputation int `yaml:"cache_timeout_reputation" env:"AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebConfig struct {
|
type ListenConfig struct {
|
||||||
Listen string `yaml:"listen"`
|
HTTP string `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"`
|
||||||
ListenTLS string `yaml:"listen_tls"`
|
HTTPS string `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"`
|
||||||
ListenMetrics string `yaml:"listen_metrics"`
|
LDAP string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP,default=0.0.0.0:3389"`
|
||||||
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
|
LDAPS string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS,default=0.0.0.0:6636"`
|
||||||
|
Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS,default=0.0.0.0:9300"`
|
||||||
|
Debug string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG,default=0.0.0.0:9900"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type PathsConfig struct {
|
type PathsConfig struct {
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
func EnableDebugServer() {
|
func EnableDebugServer() {
|
||||||
|
@ -21,5 +22,5 @@ func EnableDebugServer() {
|
||||||
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
h.HandleFunc("/debug/pprof/profile", pprof.Profile)
|
||||||
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
h.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
|
||||||
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
h.HandleFunc("/debug/pprof/trace", pprof.Trace)
|
||||||
l.Println(http.ListenAndServe("0.0.0.0:9900", nil))
|
l.Println(http.ListenAndServe(config.Get().Listen.Debug, nil))
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/pires/go-proxyproto"
|
"github.com/pires/go-proxyproto"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/crypto"
|
"goauthentik.io/internal/crypto"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
"goauthentik.io/internal/outpost/ldap/metrics"
|
"goauthentik.io/internal/outpost/ldap/metrics"
|
||||||
|
@ -48,7 +49,7 @@ func (ls *LDAPServer) Type() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ls *LDAPServer) StartLDAPServer() error {
|
func (ls *LDAPServer) StartLDAPServer() error {
|
||||||
listen := "0.0.0.0:3389"
|
listen := config.Get().Listen.LDAP
|
||||||
|
|
||||||
ln, err := net.Listen("tcp", listen)
|
ln, err := net.Listen("tcp", listen)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
"github.com/pires/go-proxyproto"
|
"github.com/pires/go-proxyproto"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
@ -28,7 +29,7 @@ func (ls *LDAPServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certifica
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ls *LDAPServer) StartLDAPTLSServer() error {
|
func (ls *LDAPServer) StartLDAPTLSServer() error {
|
||||||
listen := "0.0.0.0:6636"
|
listen := config.Get().Listen.LDAPS
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
MaxVersion: tls.VersionTLS12,
|
MaxVersion: tls.VersionTLS12,
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/utils/sentry"
|
"goauthentik.io/internal/utils/sentry"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
|
@ -31,7 +32,7 @@ func RunServer() {
|
||||||
rw.WriteHeader(204)
|
rw.WriteHeader(204)
|
||||||
})
|
})
|
||||||
m.Path("/metrics").Handler(promhttp.Handler())
|
m.Path("/metrics").Handler(promhttp.Handler())
|
||||||
listen := "0.0.0.0:9300"
|
listen := config.Get().Listen.Metrics
|
||||||
l.WithField("listen", listen).Info("Starting Metrics server")
|
l.WithField("listen", listen).Info("Starting Metrics server")
|
||||||
err := http.ListenAndServe(listen, m)
|
err := http.ListenAndServe(listen, m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/utils/sentry"
|
"goauthentik.io/internal/utils/sentry"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
|
@ -31,7 +32,7 @@ func RunServer() {
|
||||||
rw.WriteHeader(204)
|
rw.WriteHeader(204)
|
||||||
})
|
})
|
||||||
m.Path("/metrics").Handler(promhttp.Handler())
|
m.Path("/metrics").Handler(promhttp.Handler())
|
||||||
listen := "0.0.0.0:9300"
|
listen := config.Get().Listen.Metrics
|
||||||
l.WithField("listen", listen).Info("Starting Metrics server")
|
l.WithField("listen", listen).Info("Starting Metrics server")
|
||||||
err := http.ListenAndServe(listen, m)
|
err := http.ListenAndServe(listen, m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -14,6 +13,7 @@ import (
|
||||||
"github.com/pires/go-proxyproto"
|
"github.com/pires/go-proxyproto"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"goauthentik.io/api/v3"
|
"goauthentik.io/api/v3"
|
||||||
|
"goauthentik.io/internal/config"
|
||||||
"goauthentik.io/internal/crypto"
|
"goauthentik.io/internal/crypto"
|
||||||
"goauthentik.io/internal/outpost/ak"
|
"goauthentik.io/internal/outpost/ak"
|
||||||
"goauthentik.io/internal/outpost/proxyv2/application"
|
"goauthentik.io/internal/outpost/proxyv2/application"
|
||||||
|
@ -23,9 +23,6 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type ProxyServer struct {
|
type ProxyServer struct {
|
||||||
Listen string
|
|
||||||
PortOffset int
|
|
||||||
|
|
||||||
defaultCert tls.Certificate
|
defaultCert tls.Certificate
|
||||||
stop chan struct{} // channel for waiting shutdown
|
stop chan struct{} // channel for waiting shutdown
|
||||||
|
|
||||||
|
@ -36,7 +33,7 @@ type ProxyServer struct {
|
||||||
akAPI *ak.APIController
|
akAPI *ak.APIController
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
|
func NewProxyServer(ac *ak.APIController) *ProxyServer {
|
||||||
l := log.WithField("logger", "authentik.outpost.proxyv2")
|
l := log.WithField("logger", "authentik.outpost.proxyv2")
|
||||||
defaultCert, err := crypto.GenerateSelfSignedCert()
|
defaultCert, err := crypto.GenerateSelfSignedCert()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -55,9 +52,6 @@ func NewProxyServer(ac *ak.APIController, portOffset int) *ProxyServer {
|
||||||
globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
|
globalMux.Use(web.NewLoggingHandler(l.WithField("logger", "authentik.outpost.proxyv2.http"), nil))
|
||||||
globalMux.Use(sentryhttp.New(sentryhttp.Options{}).Handle)
|
globalMux.Use(sentryhttp.New(sentryhttp.Options{}).Handle)
|
||||||
s := &ProxyServer{
|
s := &ProxyServer{
|
||||||
Listen: "0.0.0.0:%d",
|
|
||||||
PortOffset: portOffset,
|
|
||||||
|
|
||||||
cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
|
cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi),
|
||||||
apps: make(map[string]*application.Application),
|
apps: make(map[string]*application.Application),
|
||||||
log: l,
|
log: l,
|
||||||
|
@ -116,7 +110,7 @@ func (ps *ProxyServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certific
|
||||||
|
|
||||||
// ServeHTTP constructs a net.Listener and starts handling HTTP requests
|
// ServeHTTP constructs a net.Listener and starts handling HTTP requests
|
||||||
func (ps *ProxyServer) ServeHTTP() {
|
func (ps *ProxyServer) ServeHTTP() {
|
||||||
listenAddress := fmt.Sprintf(ps.Listen, 9000+ps.PortOffset)
|
listenAddress := config.Get().Listen.HTTP
|
||||||
listener, err := net.Listen("tcp", listenAddress)
|
listener, err := net.Listen("tcp", listenAddress)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ps.log.WithField("listen", listenAddress).WithError(err).Fatalf("listen failed")
|
ps.log.WithField("listen", listenAddress).WithError(err).Fatalf("listen failed")
|
||||||
|
@ -131,7 +125,7 @@ func (ps *ProxyServer) ServeHTTP() {
|
||||||
|
|
||||||
// ServeHTTPS constructs a net.Listener and starts handling HTTPS requests
|
// ServeHTTPS constructs a net.Listener and starts handling HTTPS requests
|
||||||
func (ps *ProxyServer) ServeHTTPS() {
|
func (ps *ProxyServer) ServeHTTPS() {
|
||||||
listenAddress := fmt.Sprintf(ps.Listen, 9443+ps.PortOffset)
|
listenAddress := config.Get().Listen.HTTPS
|
||||||
config := &tls.Config{
|
config := &tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
MaxVersion: tls.VersionTLS12,
|
MaxVersion: tls.VersionTLS12,
|
||||||
|
|
|
@ -54,10 +54,10 @@ func RunMetricsServer() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
l.WithField("listen", config.Get().Web.ListenMetrics).Info("Starting Metrics server")
|
l.WithField("listen", config.Get().Listen.Metrics).Info("Starting Metrics server")
|
||||||
err := http.ListenAndServe(config.Get().Web.ListenMetrics, m)
|
err := http.ListenAndServe(config.Get().Listen.Metrics, m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.WithError(err).Warning("Failed to start metrics server")
|
l.WithError(err).Warning("Failed to start metrics server")
|
||||||
}
|
}
|
||||||
l.WithField("listen", config.Get().Web.ListenMetrics).Info("Stopping Metrics server")
|
l.WithField("listen", config.Get().Listen.Metrics).Info("Stopping Metrics server")
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,7 @@ func (ws *WebServer) listenTLS() {
|
||||||
GetCertificate: ws.GetCertificate(),
|
GetCertificate: ws.GetCertificate(),
|
||||||
}
|
}
|
||||||
|
|
||||||
ln, err := net.Listen("tcp", config.Get().Web.ListenTLS)
|
ln, err := net.Listen("tcp", config.Get().Listen.HTTPS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ws.log.WithError(err).Fatalf("failed to listen (TLS)")
|
ws.log.WithError(err).Fatalf("failed to listen (TLS)")
|
||||||
return
|
return
|
||||||
|
@ -50,7 +50,7 @@ func (ws *WebServer) listenTLS() {
|
||||||
defer proxyListener.Close()
|
defer proxyListener.Close()
|
||||||
|
|
||||||
tlsListener := tls.NewListener(proxyListener, tlsConfig)
|
tlsListener := tls.NewListener(proxyListener, tlsConfig)
|
||||||
ws.log.WithField("listen", config.Get().Web.ListenTLS).Info("Starting HTTPS server")
|
ws.log.WithField("listen", config.Get().Listen.HTTPS).Info("Starting HTTPS server")
|
||||||
ws.serve(tlsListener)
|
ws.serve(tlsListener)
|
||||||
ws.log.WithField("listen", config.Get().Web.ListenTLS).Info("Stopping HTTPS server")
|
ws.log.WithField("listen", config.Get().Listen.HTTPS).Info("Stopping HTTPS server")
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,16 +68,16 @@ func (ws *WebServer) Shutdown() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebServer) listenPlain() {
|
func (ws *WebServer) listenPlain() {
|
||||||
ln, err := net.Listen("tcp", config.Get().Web.Listen)
|
ln, err := net.Listen("tcp", config.Get().Listen.HTTP)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ws.log.WithError(err).Fatal("failed to listen")
|
ws.log.WithError(err).Fatal("failed to listen")
|
||||||
}
|
}
|
||||||
proxyListener := &proxyproto.Listener{Listener: ln}
|
proxyListener := &proxyproto.Listener{Listener: ln}
|
||||||
defer proxyListener.Close()
|
defer proxyListener.Close()
|
||||||
|
|
||||||
ws.log.WithField("listen", config.Get().Web.Listen).Info("Starting HTTP server")
|
ws.log.WithField("listen", config.Get().Listen.HTTP).Info("Starting HTTP server")
|
||||||
ws.serve(proxyListener)
|
ws.serve(proxyListener)
|
||||||
ws.log.WithField("listen", config.Get().Web.Listen).Info("Stopping HTTP server")
|
ws.log.WithField("listen", config.Get().Listen.HTTP).Info("Stopping HTTP server")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebServer) serve(listener net.Listener) {
|
func (ws *WebServer) serve(listener net.Listener) {
|
||||||
|
|
|
@ -37,6 +37,15 @@ All of these variables can be set to values, but you can also use a URI-like for
|
||||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached policies until they expire in seconds, defaults to 300
|
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached policies until they expire in seconds, defaults to 300
|
||||||
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300
|
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300
|
||||||
|
|
||||||
|
## Listen Setting
|
||||||
|
|
||||||
|
- `AUTHENTIK_LISTEN__HTTP`: Listening port for HTTP (Server and Proxy outpost)
|
||||||
|
- `AUTHENTIK_LISTEN__HTTPS`: Listening port for HTTPS (Server and Proxy outpost)
|
||||||
|
- `AUTHENTIK_LISTEN__LDAP`: Listening port for LDAP (LDAP outpost)
|
||||||
|
- `AUTHENTIK_LISTEN__LDAPS`: Listening port for LDAPS (LDAP outpost)
|
||||||
|
- `AUTHENTIK_LISTEN__METRICS`: Listening port for Prometheus metrics (All)
|
||||||
|
- `AUTHENTIK_LISTEN__DEBUG`: Listening port for Go Debugging metrics (All)
|
||||||
|
|
||||||
## authentik Settings
|
## authentik Settings
|
||||||
|
|
||||||
### `AUTHENTIK_SECRET_KEY`
|
### `AUTHENTIK_SECRET_KEY`
|
||||||
|
|
Reference in New Issue