1{
2 "wfe": {
3 "listenAddress": "0.0.0.0:4001",
4 "TLSListenAddress": "0.0.0.0:4431",
5 "timeout": "30s",
6 "serverCertificatePath": "test/wfe-tls/boulder/cert.pem",
7 "serverKeyPath": "test/wfe-tls/boulder/key.pem",
8 "allowOrigins": [
9 "*"
10 ],
11 "shutdownStopTimeout": "10s",
12 "subscriberAgreementURL": "https://boulder.service.consul:4431/terms/v7",
13 "debugAddr": ":8013",
14 "directoryCAAIdentity": "happy-hacker-ca.invalid",
15 "directoryWebsite": "https://github.com/letsencrypt/boulder",
16 "legacyKeyIDPrefix": "http://boulder.service.consul:4000/reg/",
17 "goodkey": {
18 "blockedKeyFile": "test/example-blocked-keys.yaml"
19 },
20 "tls": {
21 "caCertFile": "test/grpc-creds/minica.pem",
22 "certFile": "test/grpc-creds/wfe.boulder/cert.pem",
23 "keyFile": "test/grpc-creds/wfe.boulder/key.pem"
24 },
25 "raService": {
26 "dnsAuthority": "consul.service.consul",
27 "srvLookup": {
28 "service": "ra",
29 "domain": "service.consul"
30 },
31 "timeout": "15s",
32 "noWaitForReady": true,
33 "hostOverride": "ra.boulder"
34 },
35 "saService": {
36 "dnsAuthority": "consul.service.consul",
37 "srvLookup": {
38 "service": "sa",
39 "domain": "service.consul"
40 },
41 "timeout": "15s",
42 "noWaitForReady": true,
43 "hostOverride": "sa.boulder"
44 },
45 "accountCache": {
46 "size": 9000,
47 "ttl": "5s"
48 },
49 "getNonceService": {
50 "dnsAuthority": "consul.service.consul",
51 "srvLookup": {
52 "service": "nonce",
53 "domain": "service.consul"
54 },
55 "timeout": "15s",
56 "noWaitForReady": true,
57 "hostOverride": "nonce.boulder"
58 },
59 "redeemNonceService": {
60 "dnsAuthority": "consul.service.consul",
61 "srvLookups": [
62 {
63 "service": "nonce1",
64 "domain": "service.consul"
65 },
66 {
67 "service": "nonce2",
68 "domain": "service.consul"
69 }
70 ],
71 "srvResolver": "nonce-srv",
72 "timeout": "15s",
73 "noWaitForReady": true,
74 "hostOverride": "nonce.boulder"
75 },
76 "noncePrefixKey": {
77 "passwordFile": "test/secrets/nonce_prefix_key"
78 },
79 "chains": [
80 [
81 "/hierarchy/intermediate-cert-rsa-a.pem",
82 "/hierarchy/root-cert-rsa.pem"
83 ],
84 [
85 "/hierarchy/intermediate-cert-rsa-b.pem",
86 "/hierarchy/root-cert-rsa.pem"
87 ],
88 [
89 "/hierarchy/intermediate-cert-ecdsa-a.pem",
90 "/hierarchy/root-cert-ecdsa.pem"
91 ],
92 [
93 "/hierarchy/intermediate-cert-ecdsa-b.pem",
94 "/hierarchy/root-cert-ecdsa.pem"
95 ],
96 [
97 "/hierarchy/intermediate-cross-cert-ecdsa-a.pem",
98 "/hierarchy/root-cert-rsa.pem"
99 ],
100 [
101 "/hierarchy/intermediate-cross-cert-ecdsa-b.pem",
102 "/hierarchy/root-cert-rsa.pem"
103 ]
104 ],
105 "staleTimeout": "5m",
106 "authorizationLifetimeDays": 30,
107 "pendingAuthorizationLifetimeDays": 7,
108 "limiter": {
109 "redis": {
110 "username": "boulder-wfe",
111 "passwordFile": "test/secrets/wfe_ratelimits_redis_password",
112 "lookups": [
113 {
114 "Service": "redisratelimits",
115 "Domain": "service.consul"
116 }
117 ],
118 "lookupDNSAuthority": "consul.service.consul",
119 "readTimeout": "250ms",
120 "writeTimeout": "250ms",
121 "poolSize": 100,
122 "routeRandomly": true,
123 "tls": {
124 "caCertFile": "test/redis-tls/minica.pem",
125 "certFile": "test/redis-tls/boulder/cert.pem",
126 "keyFile": "test/redis-tls/boulder/key.pem"
127 }
128 },
129 "Defaults": "test/config-next/wfe2-ratelimit-defaults.yml",
130 "Overrides": "test/config-next/wfe2-ratelimit-overrides.yml"
131 },
132 "features": {
133 "ServeRenewalInfo": true,
134 "RequireCommonName": false
135 }
136 },
137 "syslog": {
138 "stdoutlevel": 4,
139 "sysloglevel": -1
140 },
141 "openTelemetry": {
142 "endpoint": "bjaeger:4317",
143 "sampleratio": 1
144 },
145 "openTelemetryHttpConfig": {
146 "trustIncomingSpans": true
147 }
148}
View as plain text