Home > Reference > Configuration

ACP Configuration

Configure ACP

To configure ACP, edit the /etc/acp/config.yaml file.

# logging configuration
logging:
  # sets the log level (panic, error, warn, info, debug)
  level: info

# server configuration
server:
  # public url where ACP is deployed
  url: "https://localhost:8443"
  # http port
  port: 8443
  # disable TLS
  dangerousDisableTLS: false
  # enable audit logs
  auditLogs: true
  # client authentication type:
  #   - NoClientCert
  #   - RequestClientCert
  #   - RequireAnyClientCert
  #   - VerifyClientCertIfGive
  #   - RequireAndVerifyClientCert
  clientAuthType: "NoClientCert"
  # paths for http server certificate and private key (ecdsa or rsa)
  certificate:
    certPath: "/var/lib/acp/certs/srv/cert.pem"
    keyPath: "/var/lib/acp/certs/srv/cert-key.pem"

# sql connection settings
sql:
  # connection url
  url: "postgres://user:password@localhost/authorization?sslmode=disable"
  # migrations settings
  migrations:
    # disable migrations
    disable: false
    # path to migrations
    path: "/var/lib/acp/migrations"

# http client settings
client:
  # rootCA which will be used to verify server certificates
  # comment this variable or set it to empty value to use system CA
  rootCA: "/var/lib/acp/certs/ca.pem"

# oauth settings
oauth2:
  # path to rootCA which will be used to verify client certificates
  # comment this variable or set it to empty value to use system CA
  rootCA: "/var/lib/acp/certs/ca.pem"
  # read client certificate from header
  # enable this flag if ACP is deployed behind Reverse Proxy (RP)
  clientCertificateFromHeader: false
  # header name containing client certificate which must be passed by RP
  clientCertificateHeader: "x-client-certificate"

# hazelcast settings
hazelcast:
  # list of hazelcast addresses
  addresses:
  - localhost:5701
  # hazelcast group name
  # username: dev
  # hazelcast group password
  # password: p@ssw0rd!

# secrets settings
# secrets are used for encryption of sensitive data
# at least one key with unique id and length of 32 characters must be defined
# if list contains more keys, always the first key is used for encryption
secrets:
  - id: "default"
    key: "FmIQrzqf7dT57SjVH3g52SEVx45WH9pE"

# web settings
web:
  # path to static files
  staticDir: "/var/lib/acp/web/static"
  # path to templates
  templatesDir: "/var/lib/acp/web/templates"
  # path to swagger files
  swaggerDir: "/var/lib/acp/web/swagger"
  # path to web app files
  appDir: "/var/lib/acp/web/app/build"
  # path to static web app files
  appStaticDir: "/var/lib/acp/web/app/build/static"
  # path to swagger yaml file
  swaggerPath: "/usr/share/doc/acp/swagger.yaml"

  # elasticsearch configuration
elasticsearch:
  # path to the directory with templates and pipelines configuration
  configuration:
    path: "/var/lib/acp/elasticsearch"
  addresses: []
  # - localhost:9200
  # http basic authentication
  username: ""
  password: ""
  # endpoint for elastic service
  cloudID: ""
  # base64-encoded token for authorization
  apiKey: ""

# admin settings
admin:
  kibana:
    # url where kibana proxy is deployed
    proxyURL: ""

Apply the changes

To apply your changes, restart the server by executing command

sudo service acp restart