-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy path.env-dist
35 lines (31 loc) · 1.46 KB
/
.env-dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# domain:
WEBSOCKETD_TRAEFIK_HOST=socket.example.com
WEBSOCKETD_INSTANCE=
WEBSOCKETD_HTTP_AUTH=
WEBSOCKETD_IP_SOURCERANGE=0.0.0.0/0
# URL path:
WEBSOCKETD_APP_PATH=/app
# Turn on dev console:
WEBSOCKETD_DEV_CONSOLE=false
# OAUTH2
# Set to `true` to use OpenID/OAuth2 authentication via the
# traefik-forward-auth service in d.rymcg.tech.
# Using OpenID/OAuth2 will require login to access your app,
# but it will not affect what a successfully logged-in person can do in your
# app. If your app has built-in authentication and can check the user
# header that traefik-forward-auth sends, then your app can limit what the
# logged-in person can do in the app. But if your app can't check the user
# header, or if your app doesn't have built-in authentication at all, then
# any person with an account on your Gitea server can log into your app and
# have full access.
WEBSOCKETD_OAUTH2=
# In addition to Oauth2 authentication, you can configure basic authorization
# by entering which authorization group can log into your app. You create
# groups of email addresses in the `traefik` folder by running `make groups`.
WEBSOCKETD_OAUTH2_AUTHORIZED_GROUP=
# Mutual TLS (mTLS):
# Set true or false. If true, all clients must present a certificate signed by Step-CA:
WEBSOCKETD_MTLS_AUTH=false
# Enter a comma separated list of client domains allowed to connect via mTLS.
# Wildcards are allowed and encouraged on a per-app basis:
WEBSOCKETD_MTLS_AUTHORIZED_CERTS=*.clients.websocketd.example.com