149 lines
3.6 KiB
JSON
149 lines
3.6 KiB
JSON
{
|
|
"wfe": {
|
|
"timeout": "30s",
|
|
"serverCertificatePath": "test/certs/ipki/boulder/cert.pem",
|
|
"serverKeyPath": "test/certs/ipki/boulder/key.pem",
|
|
"allowOrigins": [
|
|
"*"
|
|
],
|
|
"shutdownStopTimeout": "10s",
|
|
"subscriberAgreementURL": "https://boulder.service.consul:4431/terms/v7",
|
|
"directoryCAAIdentity": "happy-hacker-ca.invalid",
|
|
"directoryWebsite": "https://github.com/letsencrypt/boulder",
|
|
"legacyKeyIDPrefix": "http://boulder.service.consul:4000/reg/",
|
|
"goodkey": {
|
|
"blockedKeyFile": "test/example-blocked-keys.yaml"
|
|
},
|
|
"tls": {
|
|
"caCertFile": "test/certs/ipki/minica.pem",
|
|
"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
|
|
"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
|
|
},
|
|
"raService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookup": {
|
|
"service": "ra",
|
|
"domain": "service.consul"
|
|
},
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "ra.boulder"
|
|
},
|
|
"saService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookup": {
|
|
"service": "sa",
|
|
"domain": "service.consul"
|
|
},
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "sa.boulder"
|
|
},
|
|
"accountCache": {
|
|
"size": 9000,
|
|
"ttl": "5s"
|
|
},
|
|
"getNonceService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookup": {
|
|
"service": "nonce-taro",
|
|
"domain": "service.consul"
|
|
},
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "nonce.boulder"
|
|
},
|
|
"redeemNonceService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookups": [
|
|
{
|
|
"service": "nonce-taro",
|
|
"domain": "service.consul"
|
|
},
|
|
{
|
|
"service": "nonce-zinc",
|
|
"domain": "service.consul"
|
|
}
|
|
],
|
|
"srvResolver": "nonce-srv",
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "nonce.boulder"
|
|
},
|
|
"noncePrefixKey": {
|
|
"passwordFile": "test/secrets/nonce_prefix_key"
|
|
},
|
|
"chains": [
|
|
[
|
|
"test/certs/webpki/int-rsa-a.cert.pem",
|
|
"test/certs/webpki/root-rsa.cert.pem"
|
|
],
|
|
[
|
|
"test/certs/webpki/int-rsa-b.cert.pem",
|
|
"test/certs/webpki/root-rsa.cert.pem"
|
|
],
|
|
[
|
|
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
|
"test/certs/webpki/root-ecdsa.cert.pem"
|
|
],
|
|
[
|
|
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
|
"test/certs/webpki/root-ecdsa.cert.pem"
|
|
],
|
|
[
|
|
"test/certs/webpki/int-ecdsa-a-cross.cert.pem",
|
|
"test/certs/webpki/root-rsa.cert.pem"
|
|
],
|
|
[
|
|
"test/certs/webpki/int-ecdsa-b-cross.cert.pem",
|
|
"test/certs/webpki/root-rsa.cert.pem"
|
|
]
|
|
],
|
|
"staleTimeout": "5m",
|
|
"authorizationLifetimeDays": 30,
|
|
"pendingAuthorizationLifetimeDays": 7,
|
|
"limiter": {
|
|
"redis": {
|
|
"username": "boulder-wfe",
|
|
"passwordFile": "test/secrets/wfe_ratelimits_redis_password",
|
|
"lookups": [
|
|
{
|
|
"Service": "redisratelimits",
|
|
"Domain": "service.consul"
|
|
}
|
|
],
|
|
"lookupDNSAuthority": "consul.service.consul",
|
|
"readTimeout": "250ms",
|
|
"writeTimeout": "250ms",
|
|
"poolSize": 100,
|
|
"routeRandomly": true,
|
|
"tls": {
|
|
"caCertFile": "test/certs/ipki/minica.pem",
|
|
"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
|
|
"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
|
|
}
|
|
},
|
|
"Defaults": "test/config-next/wfe2-ratelimit-defaults.yml",
|
|
"Overrides": "test/config-next/wfe2-ratelimit-overrides.yml"
|
|
},
|
|
"features": {
|
|
"ServeRenewalInfo": true,
|
|
"TrackReplacementCertificatesARI": true
|
|
},
|
|
"certificateProfileNames": [
|
|
"defaultBoulderCertificateProfile"
|
|
]
|
|
},
|
|
"syslog": {
|
|
"stdoutlevel": 4,
|
|
"sysloglevel": -1
|
|
},
|
|
"openTelemetry": {
|
|
"endpoint": "bjaeger:4317",
|
|
"sampleratio": 1
|
|
},
|
|
"openTelemetryHttpConfig": {
|
|
"trustIncomingSpans": true
|
|
}
|
|
}
|