Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Load ¶
Load loads the config from the given file.
The loading order is:
- Default values (defined in defaultXxxConf variables)
- YAML config file (overrides defaults)
- Environment variables with LH_ prefix (overrides YAML)
The config file path can be specified via:
- The filename parameter
- The LH_CONFIG_FILE environment variable
- Auto-discovery from possibleConfigLocations
Special shortcut: LH_LOG_LEVEL is an alias for LH_LOGGING_INTERNAL_LEVEL
func LoadStorageBackends ¶
LoadStorageBackends loads and returns the storage backends for the passed Config
Types ¶
type Config ¶
type Config struct {
// EntityID is the entity identifier URL.
// Env: LH_ENTITY_ID
EntityID string `yaml:"entity_id" envconfig:"ENTITY_ID"`
// Server holds server configuration.
// Env prefix: LH_SERVER_
Server lighthouse.ServerConf `yaml:"server" envconfig:"SERVER"`
// Logging holds logging configuration.
// Env prefix: LH_LOGGING_
Logging loggingConf `yaml:"logging" envconfig:"LOGGING"`
// Storage holds storage configuration.
// Env prefix: LH_STORAGE_
Storage storageConf `yaml:"storage" envconfig:"STORAGE"`
// Caching holds caching configuration.
// Env prefix: LH_CACHE_
Caching cachingConf `yaml:"cache" envconfig:"CACHE"`
// Signing holds signing configuration.
// Env prefix: LH_SIGNING_
Signing SigningConf `yaml:"signing" envconfig:"SIGNING"`
// Endpoints holds endpoints configuration.
// Env prefix: LH_ENDPOINTS_
Endpoints Endpoints `yaml:"endpoints" envconfig:"ENDPOINTS"`
// API holds API configuration.
// Env prefix: LH_API_
API apiConf `yaml:"api" envconfig:"API"`
// Stats holds statistics configuration.
// Env prefix: LH_STATS_
Stats StatsConf `yaml:"stats" envconfig:"STATS"`
}
Config holds configuration for the entity.
All configuration options can be set via environment variables with the LH_ prefix. Environment variables override values from the YAML config file.
Special environment variables:
- LH_CONFIG_FILE: Path to the configuration file
- LH_LOG_LEVEL: Shortcut for LH_LOGGING_INTERNAL_LEVEL
Environment variables (with prefix LH_):
- LH_ENTITY_ID: Entity identifier URL
- LH_SERVER_*: Server configuration (see ServerConf)
- LH_LOGGING_*: Logging configuration (see loggingConf)
- LH_STORAGE_*: Storage configuration (see storageConf)
- LH_CACHE_*: Caching configuration (see cachingConf)
- LH_SIGNING_*: Signing configuration (see SigningConf)
- LH_ENDPOINTS_*: Endpoints configuration (see Endpoints)
- LH_FEDERATION_DATA_*: Federation configuration (see federationConf)
- LH_API_*: API configuration (see apiConf)
- LH_STATS_*: Statistics configuration (see StatsConf)
type Endpoints ¶
type Endpoints struct {
// FetchEndpoint configures the fetch endpoint.
// Env prefix: LH_ENDPOINTS_FETCH_
FetchEndpoint lighthouse.EndpointConf `yaml:"fetch" envconfig:"FETCH"`
// ListEndpoint configures the list endpoint.
// Env prefix: LH_ENDPOINTS_LIST_
ListEndpoint lighthouse.EndpointConf `yaml:"list" envconfig:"LIST"`
// ResolveEndpoint configures the resolve endpoint.
// Env prefix: LH_ENDPOINTS_RESOLVE_
ResolveEndpoint resolveEndpointConf `yaml:"resolve" envconfig:"RESOLVE"`
// TrustMarkStatusEndpoint configures the trust mark status endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_STATUS_
TrustMarkStatusEndpoint lighthouse.EndpointConf `yaml:"trust_mark_status" envconfig:"TRUST_MARK_STATUS"`
// TrustMarkedEntitiesListingEndpoint configures the trust mark list endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_LIST_
TrustMarkedEntitiesListingEndpoint lighthouse.EndpointConf `yaml:"trust_mark_list" envconfig:"TRUST_MARK_LIST"`
// TrustMarkEndpoint configures the trust mark endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_
TrustMarkEndpoint lighthouse.EndpointConf `yaml:"trust_mark" envconfig:"TRUST_MARK"`
// HistoricalKeysEndpoint configures the historical keys endpoint.
// Env prefix: LH_ENDPOINTS_HISTORICAL_KEYS_
HistoricalKeysEndpoint lighthouse.EndpointConf `yaml:"historical_keys" envconfig:"HISTORICAL_KEYS"`
// EnrollmentEndpoint configures the enrollment endpoint.
// Env prefix: LH_ENDPOINTS_ENROLL_
// Note: checker config is YAML-only
EnrollmentEndpoint checkedEndpointConf `yaml:"enroll" envconfig:"ENROLL"`
// EnrollmentRequestEndpoint configures the enrollment request endpoint.
// Env prefix: LH_ENDPOINTS_ENROLL_REQUEST_
EnrollmentRequestEndpoint lighthouse.EndpointConf `yaml:"enroll_request" envconfig:"ENROLL_REQUEST"`
// TrustMarkRequestEndpoint configures the trust mark request endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_REQUEST_
TrustMarkRequestEndpoint lighthouse.EndpointConf `yaml:"trust_mark_request" envconfig:"TRUST_MARK_REQUEST"`
// EntityCollectionEndpoint configures the entity collection endpoint.
// Env prefix: LH_ENDPOINTS_ENTITY_COLLECTION_
EntityCollectionEndpoint collectionEndpointConf `yaml:"entity_collection" envconfig:"ENTITY_COLLECTION"`
}
Endpoints holds configuration for the different possible endpoints.
Environment variables (with prefix LH_ENDPOINTS_):
- LH_ENDPOINTS_FETCH_PATH, LH_ENDPOINTS_FETCH_URL, LH_ENDPOINTS_FETCH_STATEMENT_LIFETIME
- LH_ENDPOINTS_LIST_PATH, LH_ENDPOINTS_LIST_URL
- LH_ENDPOINTS_RESOLVE_PATH, LH_ENDPOINTS_RESOLVE_URL, LH_ENDPOINTS_RESOLVE_*
- LH_ENDPOINTS_TRUST_MARK_STATUS_PATH, LH_ENDPOINTS_TRUST_MARK_STATUS_URL
- LH_ENDPOINTS_TRUST_MARK_LIST_PATH, LH_ENDPOINTS_TRUST_MARK_LIST_URL
- LH_ENDPOINTS_TRUST_MARK_PATH, LH_ENDPOINTS_TRUST_MARK_URL
- LH_ENDPOINTS_HISTORICAL_KEYS_PATH, LH_ENDPOINTS_HISTORICAL_KEYS_URL
- LH_ENDPOINTS_ENROLL_PATH, LH_ENDPOINTS_ENROLL_URL
- LH_ENDPOINTS_ENROLL_REQUEST_PATH, LH_ENDPOINTS_ENROLL_REQUEST_URL
- LH_ENDPOINTS_TRUST_MARK_REQUEST_PATH, LH_ENDPOINTS_TRUST_MARK_REQUEST_URL
- LH_ENDPOINTS_ENTITY_COLLECTION_PATH, LH_ENDPOINTS_ENTITY_COLLECTION_URL, LH_ENDPOINTS_ENTITY_COLLECTION_*
type LoggerConf ¶
type LoggerConf struct {
// Dir is the directory for log files.
// Env: LH_LOGGING_ACCESS_DIR or LH_LOGGING_INTERNAL_DIR
Dir string `yaml:"dir" envconfig:"DIR"`
// StdErr enables logging to stderr.
// Env: LH_LOGGING_ACCESS_STDERR or LH_LOGGING_INTERNAL_STDERR
StdErr bool `yaml:"stderr" envconfig:"STDERR"`
}
LoggerConf holds configuration related to logging.
Environment variables depend on context:
- Access logs: LH_LOGGING_ACCESS_DIR, LH_LOGGING_ACCESS_STDERR
- Internal logs: LH_LOGGING_INTERNAL_DIR, LH_LOGGING_INTERNAL_STDERR
type SigningConf ¶
type SigningConf struct {
lighthouse.SigningConf `yaml:",inline"`
}
SigningConf holds signing configuration. Note: alg, rsa_key_len, and key_rotation are now managed in the database. Use 'lhmigrate config2db' to migrate these values from a config file, or use the Admin API to manage them at runtime.
Environment variables (with prefix LH_SIGNING_):
- LH_SIGNING_KMS: Key management system ("filesystem" or "pkcs11")
- LH_SIGNING_PK_BACKEND: Public key storage backend ("filesystem" or "db")
- LH_SIGNING_AUTO_GENERATE_KEYS: Auto-generate keys if missing
- LH_SIGNING_FILESYSTEM_KEY_FILE: Path to single key file
- LH_SIGNING_FILESYSTEM_KEY_DIR: Directory for key files
- LH_SIGNING_PKCS11_STORAGE_DIR: PKCS#11 storage directory
- LH_SIGNING_PKCS11_MODULE_PATH: Path to PKCS#11 module
- LH_SIGNING_PKCS11_TOKEN_LABEL: HSM token label
- LH_SIGNING_PKCS11_TOKEN_SERIAL: HSM token serial
- LH_SIGNING_PKCS11_TOKEN_SLOT: HSM slot number
- LH_SIGNING_PKCS11_PIN: HSM user PIN
- LH_SIGNING_PKCS11_MAX_SESSIONS: Maximum concurrent sessions
- LH_SIGNING_PKCS11_USER_TYPE: User type for login
- LH_SIGNING_PKCS11_NO_LOGIN: Token doesn't support login
- LH_SIGNING_PKCS11_LABEL_PREFIX: Prefix for object labels
- LH_SIGNING_PKCS11_LOAD_LABELS: Extra labels to load (comma-separated)
type StatsBufferConf ¶
type StatsBufferConf struct {
// Size is the maximum number of entries in the ring buffer.
// Default: 10000
// Env: LH_STATS_BUFFER_SIZE
Size int `yaml:"size" envconfig:"SIZE"`
// FlushInterval is how often the buffer is flushed to the database.
// Default: 5s
// Env: LH_STATS_BUFFER_FLUSH_INTERVAL
FlushInterval time.Duration `yaml:"flush_interval" envconfig:"FLUSH_INTERVAL"`
// FlushThreshold triggers a flush when the buffer is this percentage full.
// Value between 0 and 1. Default: 0.8
// Env: LH_STATS_BUFFER_FLUSH_THRESHOLD
FlushThreshold float64 `yaml:"flush_threshold" envconfig:"FLUSH_THRESHOLD"`
}
StatsBufferConf configures the in-memory ring buffer.
Environment variables (with prefix LH_STATS_BUFFER_):
- LH_STATS_BUFFER_SIZE: Ring buffer size
- LH_STATS_BUFFER_FLUSH_INTERVAL: Flush interval (e.g., "5s")
- LH_STATS_BUFFER_FLUSH_THRESHOLD: Flush threshold (0-1)
type StatsCaptureConf ¶
type StatsCaptureConf struct {
// ClientIP records the client's IP address.
// Env: LH_STATS_CAPTURE_CLIENT_IP
ClientIP bool `yaml:"client_ip" envconfig:"CLIENT_IP"`
// UserAgent records the User-Agent header.
// Env: LH_STATS_CAPTURE_USER_AGENT
UserAgent bool `yaml:"user_agent" envconfig:"USER_AGENT"`
// QueryParams records URL query parameters as JSON.
// Env: LH_STATS_CAPTURE_QUERY_PARAMS
QueryParams bool `yaml:"query_params" envconfig:"QUERY_PARAMS"`
// GeoIP enables country lookup from IP addresses.
// Env prefix: LH_STATS_CAPTURE_GEO_IP_
GeoIP StatsGeoIPConf `yaml:"geo_ip" envconfig:"GEO_IP"`
}
StatsCaptureConf controls what request data is captured.
Environment variables (with prefix LH_STATS_CAPTURE_):
- LH_STATS_CAPTURE_CLIENT_IP: Capture client IP
- LH_STATS_CAPTURE_USER_AGENT: Capture User-Agent
- LH_STATS_CAPTURE_QUERY_PARAMS: Capture query parameters
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
type StatsConf ¶
type StatsConf struct {
// Enabled controls whether statistics collection is active.
// Env: LH_STATS_ENABLED
Enabled bool `yaml:"enabled" envconfig:"ENABLED"`
// Buffer configures the in-memory ring buffer for request logs.
// Env prefix: LH_STATS_BUFFER_
Buffer StatsBufferConf `yaml:"buffer" envconfig:"BUFFER"`
// Capture controls what data is collected from each request.
// Env prefix: LH_STATS_CAPTURE_
Capture StatsCaptureConf `yaml:"capture" envconfig:"CAPTURE"`
// Retention defines how long data is kept.
// Env prefix: LH_STATS_RETENTION_
Retention StatsRetentionConf `yaml:"retention" envconfig:"RETENTION"`
// Endpoints is a list of endpoint paths to track.
// If empty, all federation endpoints are tracked.
// Example: ["/.well-known/openid-federation", "/fetch", "/resolve"]
// Env: LH_STATS_ENDPOINTS (comma-separated)
Endpoints []string `yaml:"endpoints" envconfig:"ENDPOINTS"`
}
StatsConf holds all statistics collection configuration.
Environment variables (with prefix LH_STATS_):
- LH_STATS_ENABLED: Enable statistics collection
- LH_STATS_ENDPOINTS: Endpoints to track (comma-separated)
- LH_STATS_BUFFER_SIZE: Ring buffer size
- LH_STATS_BUFFER_FLUSH_INTERVAL: Flush interval (e.g., "5s")
- LH_STATS_BUFFER_FLUSH_THRESHOLD: Flush threshold (0-1)
- LH_STATS_CAPTURE_CLIENT_IP: Capture client IP
- LH_STATS_CAPTURE_USER_AGENT: Capture User-Agent
- LH_STATS_CAPTURE_QUERY_PARAMS: Capture query parameters
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
- LH_STATS_RETENTION_DETAILED_DAYS: Days to keep detailed logs
- LH_STATS_RETENTION_AGGREGATED_DAYS: Days to keep aggregated stats
YAML example:
stats:
enabled: true
buffer:
size: 10000
flush_interval: 5s
flush_threshold: 0.8
capture:
client_ip: true
user_agent: true
query_params: true
geo_ip:
enabled: false
database_path: /path/to/GeoLite2-Country.mmdb
retention:
detailed_days: 90
aggregated_days: 365
endpoints: []
func (*StatsConf) AggregatedRetention ¶
AggregatedRetention returns the retention period for aggregated stats as a Duration.
func (*StatsConf) DetailedRetention ¶
DetailedRetention returns the retention period for detailed logs as a Duration.
type StatsGeoIPConf ¶
type StatsGeoIPConf struct {
// Enabled turns on GeoIP country lookup.
// Env: LH_STATS_CAPTURE_GEO_IP_ENABLED
Enabled bool `yaml:"enabled" envconfig:"ENABLED"`
// DatabasePath is the path to a MaxMind GeoLite2-Country.mmdb file.
// Env: LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH
DatabasePath string `yaml:"database_path" envconfig:"DATABASE_PATH"`
}
StatsGeoIPConf configures GeoIP lookup.
Environment variables (with prefix LH_STATS_CAPTURE_GEO_IP_):
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
type StatsRetentionConf ¶
type StatsRetentionConf struct {
// DetailedDays is how many days to keep individual request logs.
// Default: 90
// Env: LH_STATS_RETENTION_DETAILED_DAYS
DetailedDays int `yaml:"detailed_days" envconfig:"DETAILED_DAYS"`
// AggregatedDays is how many days to keep daily aggregated statistics.
// Default: 365
// Env: LH_STATS_RETENTION_AGGREGATED_DAYS
AggregatedDays int `yaml:"aggregated_days" envconfig:"AGGREGATED_DAYS"`
}
StatsRetentionConf defines data retention periods.
Environment variables (with prefix LH_STATS_RETENTION_):
- LH_STATS_RETENTION_DETAILED_DAYS: Days to keep detailed logs
- LH_STATS_RETENTION_AGGREGATED_DAYS: Days to keep aggregated stats
Source Files
Click to show internal directories.
Click to hide internal directories.