diff options
Diffstat (limited to 'gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample')
-rw-r--r-- | gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample b/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample new file mode 100644 index 0000000..a5f4ea1 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/etc/proxy-server.conf-sample @@ -0,0 +1,78 @@ +[DEFAULT] +# Standard from Swift + +[pipeline:main] +# Standard from Swift, this is just an example of where to put swauth +pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server + +[app:proxy-server] +# Standard from Swift, main point to note is the inclusion of +# allow_account_management = true (only for the proxy servers where you want to +# be able to create/delete accounts). +use = egg:swift#proxy +allow_account_management = true + +[filter:swauth] +use = egg:swauth#swauth +# You can override the default log routing for this filter here: +# set log_name = swauth +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = False +# The reseller prefix will verify a token begins with this prefix before even +# attempting to validate it. Also, with authorization, only Swift storage +# accounts with this prefix will be authorized by this middleware. Useful if +# multiple auth systems are in use for one Swift cluster. +# reseller_prefix = AUTH +# If you wish to use a Swauth service on a remote cluster with this cluster: +# swauth_remote = http://remotehost:port/auth +# swauth_remote_timeout = 10 +# When using swauth_remote, the rest of these settings have no effect. +# +# The auth prefix will cause requests beginning with this prefix to be routed +# to the auth subsystem, for granting tokens, creating accounts, users, etc. +# auth_prefix = /auth/ +# Cluster strings are of the format name#url where name is a short name for the +# Swift cluster and url is the url to the proxy server(s) for the cluster. +# default_swift_cluster = local#http://127.0.0.1:8080/v1 +# You may also use the format name#url#url where the first url is the one +# given to users to access their account (public url) and the second is the one +# used by swauth itself to create and delete accounts (private url). This is +# useful when a load balancer url should be used by users, but swauth itself is +# behind the load balancer. Example: +# default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1 +# Number of seconds a newly issued token should be valid for, by default. +# token_life = 86400 +# Maximum number of seconds a newly issued token can be valid for. +# max_token_life = <same as token_life> +# Specifies how the user key is stored. The default is 'plaintext', leaving the +# key unsecured but available for key-signing features if such are ever added. +# An alternative is 'sha1' which stores only a one-way hash of the key leaving +# it secure but unavailable for key-signing. +# auth_type = plaintext +# Used if the auth_type is sha1 or another method that can make use of a salt. +# auth_type_salt = swauthsalt +# This allows middleware higher in the WSGI pipeline to override auth +# processing, useful for middleware such as tempurl and formpost. If you know +# you're not going to use such middleware and you want a bit of extra security, +# you can set this to false. +# allow_overrides = true +# Highly recommended to change this. If you comment this out, the Swauth +# administration features will be disabled for this proxy. +super_admin_key = swauthkey + +[filter:ratelimit] +# Standard from Swift +use = egg:swift#ratelimit + +[filter:cache] +# Standard from Swift +use = egg:swift#memcache + +[filter:healthcheck] +# Standard from Swift +use = egg:swift#healthcheck + +[filter:catch_errors] +# Standard from Swift +use = egg:swift#catch_errors |