zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-21 11:49:37 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/proxy/config/default-config.yaml
jianglai c5515ab4e6 Add ability to configure proxy quotas 
The quotas can be configured in the yaml configuration file. Default quota will be applied to any userId that is not matched in the custom quota list.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=178804649
2017-12-13 12:43:45 -05:00

193 lines
6.3 KiB
YAML
Raw Blame History

# This is the default configuration file for the proxy. Do not make changes to
# it unless you are writing new features that requires you to. To customize an
# individual deployment or environment, create a proxy-config.yaml file in the
# same directory overriding only the values you wish to change. You may need
# to override some of these values to configure and enable some services used in
# production environments.
# GCP project ID
projectId: your-gcp-project-id
# OAuth scope that the GoogleCredential will be constructed with. This list
# should include all service scopes that the proxy depends on.
gcpScopes:
# The default OAuth scope granted to GCE instances. Local development instance
# needs this scope to mimic running on GCE. Currently it is used to access
# Cloud KMS and Stackdriver Monitoring APIs.
- https://www.googleapis.com/auth/cloud-platform
# The OAuth scope required to be included in the access token for the GAE app
# to authenticate.
- https://www.googleapis.com/auth/userinfo.email
# Access token is valid for 60 minutes.
#
# See also: Data store
# (https://developers.google.com/api-client-library/java/google-api-java-client/oauth2#data_store).
accessTokenValidPeriodSeconds: 3600
# Access token is refreshed 1 minutes before expiry.
#
# This is the default refresh time used by
# com.google.api.client.auth.oauth2.Credential#intercept.
accessTokenRefreshBeforeExpirySeconds: 60
# Name of the encrypted PEM file.
sslPemFilename: your-ssl.pem
# Strings used to construct the KMS crypto key URL.
# See: https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys
kms:
# Location where your key ring is stored (global, us-east1, etc).
location: your-kms-location
# Name of the KeyRing that contains the CryptoKey file.
keyRing: your-kms-keyRing
# Name of the CryptoKey used to encrypt the PEM file.
cryptoKey: your-kms-cryptoKey
epp:
port: 700
relayHost: registry-project-id.appspot.com
relayPath: /_dr/epp
# Maximum input message length in bytes.
#
# The first 4 bytes in a message is the total length of message, in bytes.
#
# We accept a message up to 1 GB, which should be plentiful, if not over the
# top. In fact we should probably limit this to a more reasonable number, as a
# 1 GB message will likely cause the proxy to go out of memory.
#
# See also: RFC 5734 4 Data Unit Format
# (https://tools.ietf.org/html/rfc5734#section-4).
maxMessageLengthBytes: 1073741824
# Length of the header field in bytes.
#
# Note that value of the header field is the total length (in bytes) of the
# message, including the header itself, the length of the epp xml instance is
# therefore 4 bytes shorter than this value.
headerLengthBytes: 4
# Time after which an idle connection will be closed.
#
# The RFC gives registry discretionary power to set a timeout period. 1 hr
# should be reasonable enough for any registrar to login and submit their
# request.
readTimeoutSeconds: 3600
# Hostname of the EPP server.
# TODO(b/64510444) Remove this after nomulus no longer check sni header.
serverHostname: epp.yourdomain.tld
# Quota configuration for EPP
quota:
# Token database refresh period. Set to 0 to disable refresh.
#
# After the set time period, inactive userIds will be deleted.
refreshSeconds: 0
# Default quota for any userId not matched in customQuota.
defaultQuota:
# List of identifiers, e. g. IP address, certificate hash.
#
# userId for defaultQuota should always be an empty list. Any value
# in the list will be discarded.
#
# There should be no duplicate userIds, either within this list, or
# across quota groups within customQuota. Any duplication will result
# in an error when constructing QuotaConfig.
userId: []
# Number of tokens allotted to the matched user. Set to -1 to allow
# infinite quota.
tokenAmount: 100
# Token refill period. Set to 0 to disable refill.
#
# After the set time period, the token for the user will be
# reset to tokenAmount.
refillSeconds: 0
# List of custom quotas for specific userId. Use the same schema as
# defaultQuota for list entries.
customQuota: []
whois:
port: 43
relayHost: registry-project-id.appspot.com
relayPath: /_dr/whois
# Maximum input message length in bytes.
#
# Domain name cannot be longer than 256 characters. 512-character message
# length should be safe for most cases, including registrar queries.
#
# See also: RFC 1035 2.3.4 Size limits
# (http://www.freesoft.org/CIE/RFC/1035/9.htm).
maxMessageLengthBytes: 512
# Whois protocol is transient, the client should not establish a long lasting
# idle connection.
readTimeoutSeconds: 60
# Quota configuration for WHOIS
quota:
# Token database refresh period. Set to 0 to disable refresh.
#
# After the set time period, inactive token buckets will be deleted.
refreshSeconds: 3600
# Default quota for any userId not matched in customQuota.
defaultQuota:
# List of identifiers, e. g. IP address, certificate hash.
#
# userId for defaultQuota should always be an empty list.
userId: []
# Number of tokens allotted to the matched user. Set to -1 to allow
# infinite quota.
tokenAmount: 100
# Token refill period. Set to 0 to disable refill.
#
# After the set time period, the token for the given user will be
# reset to tokenAmount.
refillSeconds: 600
# List of custom quotas for specific userId. Use the same schema as
# defaultQuota for list entries.
customQuota: []
healthCheck:
port: 11111
# Health checker request message, defined in GCP load balancer backend.
checkRequest: HEALTH_CHECK_REQUEST
# Health checker response message, defined in GCP load balancer backend.
checkResponse: HEALTH_CHECK_RESPONSE
httpsRelay:
port: 443
# Maximum size of an HTTP message in bytes.
maxMessageLengthBytes: 524288
metrics:
# Max queries per second for the Google Cloud Monitoring V3 (aka Stackdriver)
# API. The limit can be adjusted by contacting Cloud Support.
stackdriverMaxQps: 30
# Max number of points that can be sent to Stackdriver in a single
# TimeSeries.Create API call.
stackdriverMaxPointsPerRequest: 200
# How often metrics are written.
writeIntervalSeconds: 60
Reference in a new issue View git blame Copy permalink