forked from mingodad/envelope
-
Notifications
You must be signed in to change notification settings - Fork 0
/
envelope.conf
253 lines (214 loc) · 10.1 KB
/
envelope.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
# ---------------------------------
# Envelope Install Path
# ---------------------------------
# This will be the folder that contains all the files for this Envelope Server instance.
#
# Example:
# You want to put all your Envelope files in /opt/example, so your config line would read:
# => install_path = /opt/example
install_path = /opt/envelope/
# ---------------------------------
# Envelope Port
# ---------------------------------
# This sets the port that Envelope listens on. A normal configuration is to set it to a local-only port. This
# should be a port that is only accessible by NGINX (or your preferred SSL proxy). If you do open Envelope up
# to outside traffic, passwords and other data sent out to the network will be sent in the clear. That's could
# lead to a security breach and is highly discouraged.
#
# For security reasons make sure to set your firewall to block network access to the following port:
envelope_port = 8888
# ---------------------------------
# PostgreSQL Cluster Location
# ---------------------------------
# The path to the cluster you'd like to publish with Envelope Server.
# This path is only used in the command for rsyncing the production data directory to the development area,
# so you can use it like this:
# [email protected]:/opt/data
# Keep in mind, it can't ask for a password. You need to set up a authorized_keys file in your .ssh to do this.
cluster_path = /opt/envelope_data/
# ---------------------------------
# PostgreSQL Connection Settings
# ---------------------------------
# Connection details for connecting to your live PostgreSQL cluster. This is the cluster you want
# Envelope to publish. For Envelope's developer features to work properly, conn-host must be set to 127.0.0.1
#
# Envelope server connects to your live PostgreSQL cluster for normal use but it does not start, stop,
# restart or in any other way manipulate your live PostgreSQL process.
#
# The defaults are:
# conn_host = 127.0.0.1
# conn_sslmode = disable
# conn_dbname = postgres
# conn_port = 5432
conn_host = 127.0.0.1
conn_sslmode = disable
conn_dbname = postgres
conn_port = 5432
# ---------------------------------
# Path Settings: Role Folder
# ---------------------------------
# The role folder is for permission protected documents. All requests for role files are first checked
# against the database to see if the user has permission to the appropriate ROLE. If so, the file is then
# accessed and the request proceeds. If not, the request is cancelled and a permission error is returned.
#
# If you need to move role out of the Envelope instance folder use this setting.
# Default: role_path = /<install_path>/role
role_path = /opt/envelope/role
# ---------------------------------
# Envelope Log Level
# ---------------------------------
# Each log level is cumulative and will log all items in the less verbose levels.
#
# Valid log levels are:
# log_level = error # (default) On error, various debug information and request values are logged.
# log_level = warn # Functions that fail but do not error will sometimes warn
# log_level = notice # Request type is logged. File and database access is logged.
# log_level = info # Full information for each request is logged.
log_level = error
# ---------------------------------
# Miscellaneous Executables
# ---------------------------------
# Some executeables are used by the envelope program for miscellaneous uses.
#
# zip: Downloading multiple files from the file manager
# unzip: Unzipping a package in the package manager
# grep: Searching the file manager
# rsync: Syncing the development databases with the production database
grep_binary = /usr/bin/grep
sed_binary = /usr/bin/sed
rsync_binary = /usr/bin/rsync
zip_binary = /usr/bin/zip
unzip_binary = /usr/bin/unzip
# ---------------------------------
# Public Access
# ---------------------------------
# These settings extend Envelope Server to allow access to a limited API for clients that don't need to log in.
#
# In order to keep your database secure, all public access is required to have a username and password. This way
# you can set access to database objects within PostgreSQL using standard GROUPs and ROLEs.
# Example:
# You have a user for public access and you'd like Envelope to use it:
# public_username = public_user
# public_password = 872345g3uhto28y927ygr28hr2ht
public_username =
public_password =
# ---------------------------------
# PostgreSQL Executables
# ---------------------------------
# The path to the PostgreSQL executables for the version of PostgreSQL you'd like Envelope to use for managing
# the developer environments.
#
# Envelope needs to know where pg_ctl and postmaster live in order to manage the developer environments.
postmaster_binary = /usr/local/pgsql/bin/postgres
pg_ctl_binary = /usr/local/pgsql/bin/pg_ctl
# ---------------------------------
# Fossil Executable
# ---------------------------------
# The path to the Fossil executable for the version of Fossil SCM you'd like Envelope to use for managing
# the developer environments.
#
# Envelope needs to know where fossil lives in order to manage the developer environments.
fossil_binary = /opt/envelope/bin/fossil
# ---------------------------------
# Envelope Executable
# ---------------------------------
# This is the path that we will install envelope as.
#
# If you have purchased the full installer and would like to install startup scripts,
# then this path will be used in the generation of your startup scripts
envelope_binary = /opt/envelope/bin/envelope
# ---------------------------------
# Envelope Developer Environments
# ---------------------------------
# Version 1.0 of Envelope Server will only be able to allow developer environments if the production cluster
# is local. When a developer does a 'pull' Envelope uses Rsync to create a copy of the production system and
# then allows the developer to test against the copy.
#
# Example:
# You have two developers who work on one feature at a time and they tend to work independently. Occasionally,
# feature work may be involved so you want to set up an extra area for bug fixes to the current branch. You
# would use the following setting:
# developers = joseph:5441,michael:5442,postgres:5440
#
# Envelope will set up developer environments for the following developers:
developers = postgres:5433
# ---------------------------------
# Envelope AES Key Reset
# ---------------------------------
# If aes_key_reset is true, then Envelope will automatically reset the AES key seed at midnight server time
# and when the Envelope Server is restarted.
#
# If aes_key_reset is false, then Envelope will not reset the AES key seed at midnight or when Envelope is
# restarted.
aes_key_reset = disable
# ---------------------------------
# Envelope Email Notifications
# ---------------------------------
# When Envelope detects a failed login an email is sent. If its during working hours, each email address in
# the email_work_hours list is sent a notification. If its off work hours then notifications are sent to
# each email in the email_off_hours setting.
# Example:
# You want an email if its during work hours and a text during off hours.
email_off_hours = username@localhost
email_work_hours = username@localhost
# ---------------------------------
# Notification Email Script
# ---------------------------------
# The Envelope Installer normally provides a script for email notifications, but as long as you keep the
# arguments the same, you can replace the script with your own.
#
# When you install Envelope you have a choice between a shell script or a perl script. The installer will
# put the name for the one you choose here. Envelope will look for the script in /<install path>/bin
sendmail_script = sendmail.sh
# ---------------------------------
# Envelope Public Timeout
# ---------------------------------
# If you allow public access to Envelope you need to limit how much processing a public user can do during a
# request. Otherwise, a malicious user could overwhelm your database and affect performance of authorized
# user requests. This setting is in milliseconds (1000 = one second).
# You can also set the timeout for trusted users, and superusers. (0 = no timeout)
statement_timeout_public = 5000
statement_timeout_trusted = 0
statement_timeout_super = 0
# ---------------------------------
# Envelope Cookie Timeout
# ---------------------------------
# When a user logs in the time is recorded in their cookie. You can set Envelope to automatically expire
# all user cookies after a certain amount of inactivity. Timeouts are in seconds. The minimum and default
# is two minutes.
# Example:
# You wish to log people out after ten minutes of inactivity.
# cookie_timeout = 600
cookie_timeout = 600
# ---------------------------------
# NGINX Configuration
# ---------------------------------
# The Envelope Installer can help you set up NGINX in one of two ways.
# 1) You want to access your Envelope Server at www.<your domain>.com because you have no other website.
# 2) You have a website at www.<your domain>.com so you want to access Envelope Server somewhere else.
#
# Example:
# Envelope Server at www.example.com
# domain = example.com
# subdomain = www
#
# Example: Envelope Server at app.example.com (www may go somewhere else)
# domain = example.com
# subdomain = app
domain = localhost
subdomain = www
# ---------------------------------
# SSL Certificate folder
# ---------------------------------
# The installer uses this folder to copy your certificates to where nginx can use them.
# If this is empty, then the installer will create self-signed cretificates for you:
ssl_folder = /opt/ssl
# ---------------------------------
# Permissions
# ---------------------------------
# The Envelope Server will default to running as the following *nix user. Additionally, when files are
# created, the owner name will be set to the following *nix user:
username = root
groupname = wheel