ACP Configuration
Configure ACP
To configure ACP, edit the /etc/acp/config.yaml
file.
# logging configuration
logging:
# sets the log level (panic, error, warn, info, debug)
level: info
# server configuration
server:
# public url where ACP is deployed
url: "https://localhost:8443"
# http port
port: 8443
# disable TLS
dangerousDisableTLS: false
# enable audit logs
auditLogs: true
# client authentication type:
# - NoClientCert
# - RequestClientCert
# - RequireAnyClientCert
# - VerifyClientCertIfGive
# - RequireAndVerifyClientCert
clientAuthType: "NoClientCert"
# paths for http server certificate and private key (ecdsa or rsa)
certificate:
certPath: "/var/lib/acp/certs/srv/cert.pem"
keyPath: "/var/lib/acp/certs/srv/cert-key.pem"
# sql connection settings
sql:
# connection url
url: "postgres://user:password@localhost/authorization?sslmode=disable"
# migrations settings
migrations:
# disable migrations
disable: false
# path to migrations
path: "/var/lib/acp/migrations"
# http client settings
client:
# rootCA which will be used to verify server certificates
# comment this variable or set it to empty value to use system CA
rootCA: "/var/lib/acp/certs/ca.pem"
# oauth settings
oauth2:
# path to rootCA which will be used to verify client certificates
# comment this variable or set it to empty value to use system CA
rootCA: "/var/lib/acp/certs/ca.pem"
# read client certificate from header
# enable this flag if ACP is deployed behind Reverse Proxy (RP)
clientCertificateFromHeader: false
# header name containing client certificate which must be passed by RP
clientCertificateHeader: "x-client-certificate"
# hazelcast settings
hazelcast:
# list of hazelcast addresses
addresses:
- localhost:5701
# hazelcast group name
# username: dev
# hazelcast group password
# password: p@ssw0rd!
# secrets settings
# secrets are used for encryption of sensitive data
# at least one key with unique id and length of 32 characters must be defined
# if list contains more keys, always the first key is used for encryption
secrets:
- id: "default"
key: "FmIQrzqf7dT57SjVH3g52SEVx45WH9pE"
# web settings
web:
# path to static files
staticDir: "/var/lib/acp/web/static"
# path to templates
templatesDir: "/var/lib/acp/web/templates"
# path to swagger files
swaggerDir: "/var/lib/acp/web/swagger"
# path to web app files
appDir: "/var/lib/acp/web/app/build"
# path to static web app files
appStaticDir: "/var/lib/acp/web/app/build/static"
# path to swagger yaml file
swaggerPath: "/usr/share/doc/acp/swagger.yaml"
# elasticsearch configuration
elasticsearch:
# path to the directory with templates and pipelines configuration
configuration:
path: "/var/lib/acp/elasticsearch"
addresses: []
# - localhost:9200
# http basic authentication
username: ""
password: ""
# endpoint for elastic service
cloudID: ""
# base64-encoded token for authorization
apiKey: ""
# admin settings
admin:
kibana:
# url where kibana proxy is deployed
proxyURL: ""
Apply the changes
To apply your changes, restart the server by executing command
sudo service acp restart