b939cfa2fa
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
71 lines
1.3 KiB
YAML
71 lines
1.3 KiB
YAML
server:
|
|
port: 8090
|
|
mode: release
|
|
# 生产环境请配置为真实运维后台域名,例如 https://ops.example.com。
|
|
# 留空时沿用开发环境 CORS 放开策略。
|
|
allowed_origins: []
|
|
security_headers:
|
|
enabled: true
|
|
trusted_proxies:
|
|
- 127.0.0.1
|
|
- ::1
|
|
- 10.42.0.0/16
|
|
- 10.43.0.0/16
|
|
- 172.16.0.0/12
|
|
|
|
database:
|
|
host: pgbouncer
|
|
port: 5432
|
|
user: geo
|
|
password: ${OPS_POSTGRES_PASSWORD:geo_dev}
|
|
dbname: geo
|
|
sslmode: disable
|
|
max_open_conns: 5
|
|
max_idle_conns: 2
|
|
|
|
monitoring_database:
|
|
host: monitoring-pgbouncer
|
|
port: 5432
|
|
user: geo
|
|
password: ${OPS_POSTGRES_PASSWORD:geo_dev}
|
|
dbname: geo_monitoring
|
|
sslmode: disable
|
|
max_open_conns: 5
|
|
max_idle_conns: 2
|
|
|
|
redis:
|
|
addr: redis:6379
|
|
db: 0
|
|
|
|
cache:
|
|
driver: redis
|
|
|
|
log:
|
|
level: info
|
|
format: json
|
|
|
|
jwt:
|
|
secret: "geo-ops-15645415841"
|
|
access_ttl: 8h
|
|
|
|
auth:
|
|
password_cipher:
|
|
# 留空 private_key_pem 时会在单进程内生成临时密钥;生产多 Pod 请在
|
|
# geo-rankly-app-secret/ops-config.local.yaml 中配置同一把私钥。
|
|
enabled: true
|
|
key_id: ops-password-rsa-oaep-v1
|
|
private_key_pem: ""
|
|
|
|
default_admin:
|
|
username: admin
|
|
display_name: system-admin
|
|
email: "liangxu0920@qq.com"
|
|
password: "liang0920"
|
|
|
|
admin_users:
|
|
default_plan_code: free
|
|
|
|
ip_region:
|
|
v4_xdb_path: ""
|
|
v6_xdb_path: ""
|