| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- # Put this file to one of the location, with descending priority
- # ./security.toml
- # $HOME/.seaweedfs/security.toml
- # /etc/seaweedfs/security.toml
- # this file is read by master, volume server, and filer
- # the jwt signing key is read by master and volume server.
- # a jwt defaults to expire after 10 seconds.
- [jwt.signing]
- key = ""
- expires_after_seconds = 10 # seconds
- # jwt for read is only supported with master+volume setup. Filer does not support this mode.
- [jwt.signing.read]
- key = ""
- expires_after_seconds = 10 # seconds
- # all grpc tls authentications are mutual
- # the values for the following ca, cert, and key are paths to the PERM files.
- # the host name is not checked, so the PERM files can be shared.
- [grpc]
- ca = ""
- # Set wildcard domain for enable TLS authentication by common names
- allowed_wildcard_domain = "" # .mycompany.com
- [grpc.volume]
- cert = ""
- key = ""
- allowed_commonNames = "" # comma-separated SSL certificate common names
- [grpc.master]
- cert = ""
- key = ""
- allowed_commonNames = "" # comma-separated SSL certificate common names
- [grpc.filer]
- cert = ""
- key = ""
- allowed_commonNames = "" # comma-separated SSL certificate common names
- [grpc.msg_broker]
- cert = ""
- key = ""
- allowed_commonNames = "" # comma-separated SSL certificate common names
- # use this for any place needs a grpc client
- # i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
- [grpc.client]
- cert = ""
- key = ""
- # volume server https options
- # Note: work in progress!
- # this does not work with other clients, e.g., "weed filer|mount" etc, yet.
- [https.client]
- enabled = true
- [https.volume]
- cert = ""
- key = ""
|
