kore-doc

The kore documentation found under https://docs.kore.io/
Commits | Files | Refs | README | git clone https://git.kore.io/kore-doc.git

commit 5be91dbe16ae3204836fb1a71eeddb82d2787b1a
parent 8d7ea22533103d03f32dbaa948b668aaad8059ca
Author: Joris Vink <joris@coders.se>
Date:   Mon, 31 Aug 2020 14:28:14 +0200

take table freom python

Diffstat:
applications/koreconf.md | 137++++++++++++++++++++-----------------------------------------------------------
1 file changed, 35 insertions(+), 102 deletions(-)

diff --git a/applications/koreconf.md b/applications/koreconf.md @@ -33,109 +33,42 @@ server notls { # Configuration options. -Below we will quickly go over all available quick toggle configuration options, their default settings and what they do. - There are more options than what is listed below, specifically for validators, authentication blocks and domains. Please find those in https://github.com/jorisvink/kore/blob/master/conf/kore.conf.example. --- -**socket_backlog** -> Maximum length to queue pending connections (see listen(2)). Must be set before any bind directives. - -**root** -> The directory the worker processes will chroot() or chdir() into. - -**runas** -> The username the worker processes drop privileges to. - -**workers** (default: number of cores on system) -> The number of worker processes to spawn and keep alive. - -**worker_max_connections** (default: 748) -> The number of active connections each worker will accept. - -**worker_rlimit_nofiles** (default: 1024) -> Limit of maximum open files per worker. - -**worker_accept_threshold** (default: 16) -> The number of accepts a worker will do in one go before going up its -> accept lock to another worker. - -**worker_death_policy** (default: restart) -> Workers are restarted when they unexpectedly exit. Setting this to "terminate" will instead bring down the entire Kore server. - -**worker_set_affinity** (default: enabled) -> Workers bind themselves to a single CPU by default. Turn this off by setting this option to 0. - -**rand_file** (default: none) -> The entropy file to be loaded at startup time. - -**keymgr_root** -> The root path for the keymgr process (if not set, will use root from above). - -**keymgr_runas** -> The user the keymgr process will drop privileges towards. - -**filemap_index** (default: index.html) -> The default filemap index file. - -**pidfile** (default: none) -> Store the pid of the parent process in this file. - -**http_header_max** (default: 4096) -> Maximum size of HTTP headers (in bytes). - -**http_header_timeout** (default: 10) -> Timeout in seconds for receiving the HTTP headers before the connection is closed. - -**http_body_max** (default: 1024000) -> Maximum size of an HTTP body (in bytes). -> -> If set to 0 disallows requests with a body all together. - -**http_body_timeout** (default: 60) -> Timeout in seconds for receiving the HTTP body in full before the connection is closed with an 408. - -**http_body_disk_offload** (default: disabled) -> Number of bytes after which Kore will use a temporary file to hold the HTTP body instead of holding it in memory. -> -> If set to 0 no disk offloading will be done. This is turned off by default. - -**http_body_disk_path** (default: tmp_files) -> Path where Kore will store any temporary HTTP body files. - -**http_keepalive_time** (default: 20 seconds) -> Maximum seconds an HTTP connection can be kept open by the browser. -> -> Set to 0 to turn off keep-alive completely. - -**http_hsts_enable** (default: 31536000 seconds) -> If not 0 the age of the HSTS header that is included in all responses. - -**http_request_limit** (default: disabled) -> The number of HTTP requests Kore workers will process in one loop. - -**websocket_maxframe** (default: 16384) -> The maximum number of bytes per websocket frame. - -**websocket_timeout** (default: 120 seconds) -> The number of seconds a websocket connection is kept open without traffic. - -**task_threads** (default: 2) -> The number of OS threads to use for background tasks. - -**tls_version** (default: 1.2, 1.3) -> The TLS versions allowed, by default this is set to TLSv1.2 + TLSv1.3. - -**tls_cipher** (default: A very sane set of ciphersuites preferring AEAD ciphers and ephemeral key exchanges, RSA key exchanges are not enabled). -> The server TLS ciphersuites that are allowed. - -**tls_dhparam** (default: dh2048.pem) -> The DH parameters to load (**required**) - -**curl_recv_max** (default: 2097152) -> Maximum incoming bytes for a response. - -**curl_timeout** (default: 60) -> Timeout in seconds before a transfer is cancelled. - +| Configuration option | Description | +| --- | --- | +| root | The root path in which the Kore server runs (either via chroot or chdir). If not set, the current working directory. | +| runas | The user the worker processes will run as. If not set, the current user. | +| workers | The number of worker processes to use. If not set, the number of CPU cores in the system. | +| worker\_max\_connections | The maximum number of active connections a worker process holds before refusing to accept more. | +| worker\_rlimit\_nofiles | The maximum number of open file descriptor per worker. | +| worker\_accept\_threshold | The maximum number of new connections to accept in a single event loop. | +| worker\_death\_policy | The death policy for a worker, "restart" by default. If set to "terminate" will cause the Kore server to shutdown on abnormal worker termination. | +| worker\_set\_affinity | Worker CPU affinity (0 or 1, default 1). | +| pidfile | The path to a file in which the server will write the PID for the parent process. | +| socket\_backlog | The number of pending connections. | +| tls\_version | The TLS version to use (default: both, 1.2 for TLSv1.2 only and 1.3 for TLSv1.3 only). | +| tls\_cipher | OpenSSL ciphersuite list to use. Defaults to a very sane list with only AEAD ciphers and ephemeral key exchanges. | +| tls\_dhparam | Path to DH parameters for the server to use. | +| rand\_file | Path to a 2048 byte file containing entropy used to seed the PRNG. | +| keymgr\_runas | The user the keymgr process will run as. If not set, the current user. | +| keymgr\_root | The root path for the keymgr process. If not set, inherited from the root option. | +| acme\_runas | The user the acme process will run as. If not set, the current user. | +| acme\_root | The root path for the acme process. If not set, inherited from the root option. | +| acme\_email | An email adress used for account registration. | +| acme\_provider | A URL to the directory for an ACME provider. Defaults to Let's Encrypt. | +| pledge | OpenBSD only, pledge categories for the worker processes. | +| seccomp\_tracing | Linux only, seccomp violations will be logged and not cause the process to terminate. Either "yes" or "no". | +| filemap\_ext | The default extension for files in a filemap. | +| filemap\_index | The root file in a filemap. (eg index.html). | +| http\_media\_type | Add a new HTTP media type (in the form of "mediatype ext1 ext2 ext"). | +| http\_header\_max | The maximum number of bytes HTTP headers can consist of. If a request comes in with headers larger than this the connection is closed. Defaults to 4096 bytes. | +| http\_header\_timeout | The number of seconds after which Kore will close a connection if no HTTP headers were received. Defaults to 10. | +| http\_body\_max | The maximum number of bytes an HTTP body can consist of. If a request comes in with a body larger than this the connection is closed with a 413 response. Defaults to 1MB. | +| http\_body\_timeout | The number of seconds after which Kore will close a connection if no HTTP body was received in full. Defaults to 60. | +| http\_body\_disk\_offload | The number in bytes from which point Kore will offload incoming HTTP bodies onto a file on disk instead of keeping it in memory. Disabled by default. | +| http\_body\_disk\_path | A path where the temporary body files are written if the http\_body\_disk\_offload setting is enabled. | +| http\_server\_version | Allows you to override the Kore server header. | +| http\_pretty\_error | If set to "yes" will display HTML based HTTP error codes. Defaults to "no". |