Files
geo/deploy/ops-config.yaml
root b939cfa2fa
Deployment Config CI / Deployment Config (push) Successful in 27s
Backend CI / Backend (push) Successful in 15m4s
feat(auth): support per-deploy login password key override
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
2026-05-14 11:54:40 +08:00

66 lines
1.3 KiB
YAML

server:
port: 8090
mode: release
trusted_proxies:
- 127.0.0.1
- ::1
- 10.42.0.0/16
- 10.43.0.0/16
- 172.16.0.0/12
database:
host: pgbouncer
port: 5432
user: geo
password: ${OPS_POSTGRES_PASSWORD:geo_dev}
dbname: geo
sslmode: disable
max_open_conns: 5
max_idle_conns: 2
monitoring_database:
host: monitoring-pgbouncer
port: 5432
user: geo
password: ${OPS_POSTGRES_PASSWORD:geo_dev}
dbname: geo_monitoring
sslmode: disable
max_open_conns: 5
max_idle_conns: 2
redis:
addr: redis:6379
db: 0
cache:
driver: redis
log:
level: info
format: json
jwt:
secret: "geo-ops-15645415841" # 必须通过 OPS_JWT_SECRET 环境变量提供
access_ttl: 8h
auth:
password_cipher:
# 生产多实例请在 ops-config.local.yaml 中配置同一把 private_key_pem。
enabled: true
key_id: ops-password-rsa-oaep-v1
private_key_pem: ""
default_admin:
username: admin
display_name: 系统管理员
email: ""
password: "liang0920" # 必须通过 OPS_DEFAULT_ADMIN_PASSWORD 提供(首次启动且表为空时使用)
admin_users:
default_plan_code: free
ip_region:
# 可选外部 xdb 路径;文件不存在时自动使用二进制 embed 内置数据。
v4_xdb_path: ""
v6_xdb_path: ""