1{
2 "log": {
3 "level": "debug",
4 "format": "json"
5 },
6 "profiling": "cpu",
7 "serve": {
8 "proxy": {
9 "port": 1234,
10 "host": "127.0.0.1",
11 "timeout": {
12 "read": "1s",
13 "write": "2s",
14 "idle": "3s"
15 },
16 "cors": {
17 "enabled": true,
18 "allowed_origins": [
19 "https://example.com",
20 "https://*.example.com"
21 ],
22 "allowed_methods": [
23 "POST",
24 "GET",
25 "PUT",
26 "PATCH",
27 "DELETE"
28 ],
29 "allowed_headers": [
30 "Authorization",
31 "Content-Type"
32 ],
33 "exposed_headers": [
34 "Content-Type"
35 ],
36 "allow_credentials": true,
37 "max_age": 10,
38 "debug": true
39 },
40 "tls": {
41 "key": {
42 "path": "/path/to/key.pem",
43 "base64": "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3..."
44 },
45 "cert": {
46 "path": "/path/to/cert.pem",
47 "base64": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr..."
48 }
49 }
50 },
51 "api": {
52 "port": 1235,
53 "host": "127.0.0.2",
54 "cors": {
55 "enabled": true,
56 "allowed_origins": [
57 "https://example.org",
58 "https://*.example.org"
59 ],
60 "allowed_methods": [
61 "GET",
62 "PUT",
63 "PATCH",
64 "DELETE"
65 ],
66 "allowed_headers": [
67 "Authorization",
68 "Content-Type"
69 ],
70 "exposed_headers": [
71 "Content-Type"
72 ],
73 "allow_credentials": true,
74 "max_age": 10,
75 "debug": true
76 },
77 "tls": {
78 "key": {
79 "path": "/path/to/key.pem",
80 "base64": "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3..."
81 },
82 "cert": {
83 "path": "/path/to/cert.pem",
84 "base64": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr..."
85 }
86 }
87 }
88 },
89 "access_rules": {
90 "repositories": [
91 "file://path/to/rules.json",
92 "inline://W3siaWQiOiJmb28tcnVsZSIsImF1dGhlbnRpY2F0b3JzIjpbXX1d",
93 "https://path-to-my-rules/rules.json"
94 ],
95 "matching_strategy": "glob"
96 },
97 "errors": {
98 "fallback": [
99 "json"
100 ],
101 "handlers": {
102 "redirect": {
103 "enabled": true,
104 "config": {
105 "to": "http://path-to/redirect"
106 }
107 },
108 "json": {
109 "enabled": true,
110 "config": {
111 "verbose": true,
112 "when": [
113 {
114 "error": [
115 "unauthorized",
116 "forbidden",
117 "internal_server_error"
118 ],
119 "request": {
120 "header": {
121 "content_type": [
122 "application/json"
123 ],
124 "accept": [
125 "application/json"
126 ]
127 },
128 "cidr": [
129 "127.0.0.0/24"
130 ]
131 }
132 }
133 ]
134 }
135 }
136 }
137 },
138 "authenticators": {
139 "anonymous": {
140 "enabled": true,
141 "config": {
142 "subject": "guest"
143 }
144 },
145 "cookie_session": {
146 "enabled": true,
147 "config": {
148 "check_session_url": "https://session-store-host",
149 "only": [
150 "sessionid"
151 ]
152 }
153 },
154 "jwt": {
155 "enabled": true,
156 "config": {
157 "jwks_urls": [
158 "https://my-website.com/.well-known/jwks.json",
159 "https://my-other-website.com/.well-known/jwks.json",
160 "file://path/to/local/jwks.json"
161 ],
162 "scope_strategy": "wildcard"
163 }
164 },
165 "noop": {
166 "enabled": true
167 },
168 "oauth2_client_credentials": {
169 "enabled": true,
170 "config": {
171 "token_url": "https://my-website.com/oauth2/token"
172 }
173 },
174 "oauth2_introspection": {
175 "enabled": true,
176 "config": {
177 "introspection_url": "https://my-website.com/oauth2/introspection",
178 "scope_strategy": "exact",
179 "pre_authorization": {
180 "enabled": true,
181 "client_id": "some_id",
182 "client_secret": "some_secret",
183 "scope": [
184 "foo",
185 "bar"
186 ],
187 "token_url": "https://my-website.com/oauth2/token"
188 }
189 }
190 },
191 "unauthorized": {
192 "enabled": true
193 }
194 },
195 "authorizers": {
196 "allow": {
197 "enabled": true
198 },
199 "deny": {
200 "enabled": true
201 },
202 "keto_engine_acp_ory": {
203 "enabled": true,
204 "config": {
205 "base_url": "http://my-keto/",
206 "required_action": "unknown",
207 "required_resource": "unknown"
208 }
209 }
210 },
211 "mutators": {
212 "header": {
213 "enabled": false,
214 "config": {
215 "headers": {
216 "foo": "bar"
217 }
218 }
219 },
220 "cookie": {
221 "enabled": true,
222 "config": {
223 "cookies": {
224 "foo": "bar"
225 }
226 }
227 },
228 "hydrator": {
229 "enabled": true,
230 "config": {
231 "api": {
232 "url": "https://some-url/"
233 }
234 }
235 },
236 "id_token": {
237 "enabled": true,
238 "config": {
239 "issuer_url": "https://my-oathkeeper/",
240 "jwks_url": "https://fetch-keys/from/this/location.json",
241 "ttl": "1h"
242 }
243 },
244 "noop": {
245 "enabled": true
246 }
247 }
248}
View as plain text