-
Notifications
You must be signed in to change notification settings - Fork 381
/
Copy pathconfig.yml
369 lines (337 loc) · 12.3 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
# General
# Each server within a cluster needs a unique name. Set to UUID to have deepstream autogenerate a unique id
serverName: UUID
# Show the deepstream logo on startup
showLogo: true
# Plugin startup timeout – deepstream init will fail if any plugins fail to emit a 'done' event within this timeout
dependencyInitializationTimeout: 5000
# Directory where all plugins reside
#libDir: ../lib
# Exit the process a fatal error occurs, like losing a cache connection
exitOnFatalError: false
# Log messages with this level and above. Valid levels are DEBUG, INFO, WARN, ERROR, OFF
logLevel: INFO
# This disables specific feature in DS, which is a more performant way
# than disabling via permissions and is also how telemetry figures out
# what features are enabled
enabledFeatures:
record: true
event: true
rpc: true
presence: true
telemetry:
type: deepstreamIO
options:
# Disable telemetry entirely
enabled: false
# Prints whatever will be sent to the telemetry endpoint,
# without actually sending it
debug: false
# An anonymous uuid that allows us to know its one unique
# deployment. Please don't generate these randomly if using
# node, it really skews up analytics.
# deploymentId: <uuid goes here>
rpc:
# Timeout for client RPC acknowledgement
ackTimeout: 1000
# Timeout for actual RPC provider response
responseTimeout: 10000
# Don't send requestorName by default.
provideRequestorName: false
# Don't send requestorData by default.
provideRequestorData: false
record:
# Maximum time permitted to fetch from cache
cacheRetrievalTimeout: 30000
# Maximum time permitted to fetch from storage
storageRetrievalTimeout: 30000
# A list of prefixes that, when a record starts with one of the prefixes the
# records data won't be stored in the db
# storageExclusionPrefixes:
# - no-storage/
# - temporary-data/
# A list of prefixes that, when a record is updated via setData and it matches one of the prefixes
# it will be permissioned and written directly to the cache and storage layers
# storageHotPathPrefixes:
# - analytics/
# - metrics/
# Invalid configuration: data should NOT have additional properties
listen:
# Try finding a provider randomly rather than by the order they subscribed to.
shuffleProviders: true
# The amount of time to wait for a provider to acknowledge or reject a listen request
responseTimeout: 500
# The amount of time before trying to reattempt finding matches for subscriptions. This
# is not a cheap operation so it's recommended to raise keep this at minutes rather then
# second intervals if you are experiencing heavy loads
rematchInterval: 60000
# The amount of time a server will refuse to retry finding a subscriber after a previously
# failed attempt. This is used to avoid servers constantly trying to find a match without a
# cooldown period
matchCooldown: 10000
httpServer:
type: default
options:
# url path for http health-checks, GET requests to this path will return 200 if deepstream is alive
healthCheckPath: /health-check
# -- CORS --
# if disabled, only requests with an 'Origin' header matching one specified under 'origins'
# below will be permitted and the 'Access-Control-Allow-Credentials' response header will be
# enabled
allowAllOrigins: true
# maximum allowed size of a POST request body, in bytes, defaults to 1 MB
maxMessageSize: 1048576
# a list of allowed origins
origins:
- 'https://example.com'
# Options required to create an ssl app
# ssl:
# key: fileLoad(ssl/key.pem)
# cert: fileLoad(ssl/cert.pem)
# ca: ...
# type: uws
# options:
# # url path for http health-checks, GET requests to this path will return 200 if deepstream is alive
# healthCheckPath: /health-check
# # -- CORS --
# # if disabled, only requests with an 'Origin' header matching one specified under 'origins'
# # below will be permitted and the 'Access-Control-Allow-Credentials' response header will be
# # enabled
# allowAllOrigins: true
# # a list of allowed origins
# origins:
# - 'https://example.com'
# # maximum allowed size of a POST request body, in bytes, defaults to 1 MB
# maxMessageSize: 1048576
# # Headers to copy over from websocket
# headers:
# - user-agent
# # Options required to create an ssl app
# ssl:
# key: file(ssl/key.pem)
# cert: file(ssl/cert.pem)
# ## dhParams: ...
# ## passphrase: ...
# Connection Endpoint Configuration
# to disable, replace configuration with null eg. `http: null`
connectionEndpoints:
- type: ws-binary
options:
# url path websocket connections connect to
urlPath: /deepstream
# the amount of milliseconds between each ping/heartbeat message
heartbeatInterval: 30000
# the amount of milliseconds that writes to sockets are buffered
outgoingBufferTimeout: 0
# the maximum amount of bytes to buffer before flushing, stops the client from large enough packages
# to block its responsiveness
maxBufferByteSize: 100000
# Security
# should the server log invalid auth data, defaults to false
logInvalidAuthData: false
# amount of time a connection can remain open while not being logged in
unauthenticatedClientTimeout: 180000
# invalid login attempts before the connection is cut
maxAuthAttempts: 3
# maximum allowed size of an individual message in bytes
maxMessageSize: 1048576
# - type: ws-text
# options:
# # url path websocket connections connect to
# urlPath: /deepstream-v3
# # the amount of milliseconds between each ping/heartbeat message
# heartbeatInterval: 30000
# # the amount of milliseconds that writes to sockets are buffered
# outgoingBufferTimeout: 0
# # the maximum amount of bytes to buffer before flushing, stops the client from large enough packages
# # to block its responsiveness
# maxBufferByteSize: 100000
# # Security
# # should the server log invalid auth data, defaults to false
# logInvalidAuthData: false
# # amount of time a connection can remain open while not being logged in
# unauthenticatedClientTimeout: 180000
# # invalid login attempts before the connection is cut
# maxAuthAttempts: 3
# # maximum allowed size of an individual message in bytes
# maxMessageSize: 1048576
# - type: ws-json
# options:
# # url path websocket connections connect to
# urlPath: /deepstream-json
# # the amount of milliseconds between each ping/heartbeat message
# heartbeatInterval: 30000
# # the amount of milliseconds that writes to sockets are buffered
# outgoingBufferTimeout: 0
# # the maximum amount of bytes to buffer before flushing, stops the client from large enough packages
# # to block its responsiveness
# maxBufferByteSize: 100000
# # Security
# # should the server log invalid auth data, defaults to false
# logInvalidAuthData: false
# # amount of time a connection can remain open while not being logged in
# unauthenticatedClientTimeout: 180000
# # invalid login attempts before the connection is cut
# maxAuthAttempts: 3
# # maximum allowed size of an individual message in bytes
# maxMessageSize: 1048576
- type: http
options:
# allow 'authData' parameter in POST requests, if disabled only token and OPEN auth is
# possible
allowAuthData: true
# path for POST requests
postPath: /api
# path for GET requests
getPath: /api
# should the server log invalid auth data, defaults to false
logInvalidAuthData: false
# http request timeout in milliseconds, defaults to 20000
requestTimeout: 20000
# - type: mqtt
# options:
# # port for the mqtt server
# port: 1883
# # host for the mqtt server
# host: 0.0.0.0
# # timeout for idle devices
# idleTimeout: 60000
# Logger Configuration
logger:
# use the default logger, this does not currently support meta objects
type: default
options:
colors: true
# log using json, this supports meta objects
# name: pino
# options:
# # value of logLevel (line 4) will always overwrite this value
# logLevel: INFO
# name: winston
# options:
# transports:
# # specify a list of transports (console, file, time)
# -
# type: console
# options:
# level: verbose
# colorize: true
# -
# type: file
# level: debug
# options:
# filename: 'logs.json'
# -
# type: time
# level: warn
# options:
# filename: time-rotated-logfile
# datePattern: .yyyy-MM-dd-HH-mm
# cache:
# name: redis
# options:
# host: ${REDIS_HOST}
# port: ${REDIS_PORT}
# storage:
# name: mongodb
# options:
# connectionString: ${MONGO_CONNECTION_STRING}
# db: default
# Authentication
auth:
- type: none
# # reading users and passwords from the storage layer
# - type: storage
# options:
# # the table users are stored in storage
# table: Users
# # the split character used for tables (defaults to /)
# tableSplitChar: string
# # automatically create users if they don't exist in the database
# createUser: true
# # the name of a HMAC digest algorithm
# hash: 'md5'
# # the number of times the algorithm should be applied
# iterations: 100
# # the length of the resulting key
# # keyLength: 32
# - type: file
# options:
# # Path to the user file. Can be json, js or yml
# users: fileLoad(users.yml)
# # the name of a HMAC digest algorithm
# hash: 'md5'
# # the number of times the algorithm should be applied
# iterations: 100
# # the length of the resulting key
# keyLength: 32
# # getting permissions from a http webhook
# - type: http
# options:
# # a post request will be send to this url on every incoming connection
# endpointUrl: https://someurl.com/validateLogin
# # any of these will be treated as access granted
# permittedStatusCodes: [ 200 ]
# # if the webhook didn't respond after this amount of milliseconds, the connection will be rejected
# requestTimeout: 2000
# # promote the following items from the login auth data into headers
# promoteToHeader:
# - token
# # the codes which the auth handler should retry. This is useful for when the API you depend on is
# # flaky or going through a not so blue/green deployment
# retryStatusCodes: [ 404, 504 ]
# # the maximum amount of retries before returning a false login
# retryAttempts: 3
# # the time in milliseconds between retries
# retryInterval: 5000
# Permissioning
permission:
type: config
options:
# Permissions file
permissions: fileLoad(permissions.yml)
# Amount of times nested cross-references will be loaded. Avoids endless loops
maxRuleIterations: 3
# PermissionResults are cached to increase performance. Lower number means more loading
cacheEvacuationInterval: 60000
monitoring:
- type: none
# # Allows monitoring stats to be requested via HTTP, useful for polling agents
# # such as LogStash
# - type: http
# options:
# url: /monitoring
# allowOpenPermissions: false
# headerKey: deepstream-password2
# headerValue: deepstream-secret
# # Logs monitoring stats, useful for kibana where you can visualize meta data
# - type: log
# options:
# logInterval: 30000
# monitoringKey: DEEPSTREAM_MONITORING
# clusterNode:
# type: default
# options:
# host: localhost
# port: 6379
# Custom Plugins
# plugins:
# custom:
# path: '...'
# heap-snapshot:
# name: 'heap-snapshot'
# options:
# interval: 60000
# outputDir: file(../heap-snapshots)
# aws:
# name: aws
# options:
# accessKeyId: ${AWS_ACCESS_KEY}
# secretAccessKey: ${AWS_SECRET_ACCESS_KEY}
# services:
# - type: s3-sync
# options:
# syncInterval: 60000
# syncDir: file(../heap-snapshots)
# bucketName: ${SYNC_BUCKET_NAME}
# bucketRegion: ${AWS_DEFAULT_REGION}