Documentation
¶
Index ¶
- func Load(filename string) error
- func LoadStorageBackends(c StorageConf) (model.Backends, error)
- func MustLoad(filename string)
- type CachingConf
- type Config
- type Endpoints
- type LoggerConf
- type SigningConf
- type StatsBufferConf
- type StatsCaptureConf
- type StatsConf
- type StatsGeoIPConf
- type StatsRetentionConf
- type StorageConf
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Load ¶
Load loads the config from the given file.
The loading order is:
- Default values (defined in defaultXxxConf variables)
- YAML config file (overrides defaults)
- Environment variables with LH_ prefix (overrides YAML)
The config file path can be specified via:
- The filename parameter
- The LH_CONFIG_FILE environment variable
- Auto-discovery from possibleConfigLocations
Special shortcut: LH_LOG_LEVEL is an alias for LH_LOGGING_INTERNAL_LEVEL
func LoadStorageBackends ¶
func LoadStorageBackends(c StorageConf) (model.Backends, error)
LoadStorageBackends loads and returns the storage backends for the passed Config
Types ¶
type CachingConf ¶ added in v0.20.0
type CachingConf struct {
// RedisAddr is the Redis server address.
// Env: LH_CACHE_REDIS_ADDR
RedisAddr string `yaml:"redis_addr" envconfig:"REDIS_ADDR"`
// Username is the Redis username.
// Env: LH_CACHE_USERNAME
Username string `yaml:"username" envconfig:"USERNAME"`
// Password is the Redis password.
// Env: LH_CACHE_PASSWORD
Password string `yaml:"password" envconfig:"PASSWORD"`
// RedisDB is the Redis database number.
// Env: LH_CACHE_REDIS_DB
RedisDB int `yaml:"redis_db" envconfig:"REDIS_DB"`
// Disabled disables caching.
// Env: LH_CACHE_DISABLED
Disabled bool `yaml:"disabled" envconfig:"DISABLED"`
// MaxLifetime is the maximum cache lifetime.
// Env: LH_CACHE_MAX_LIFETIME
MaxLifetime duration.DurationOption `yaml:"max_lifetime" envconfig:"MAX_LIFETIME"`
}
CachingConf holds caching configuration.
Environment variables (with prefix LH_CACHE_):
- LH_CACHE_REDIS_ADDR: Redis server address
- LH_CACHE_USERNAME: Redis username
- LH_CACHE_PASSWORD: Redis password
- LH_CACHE_REDIS_DB: Redis database number
- LH_CACHE_DISABLED: Disable caching
- LH_CACHE_MAX_LIFETIME: Maximum cache lifetime (e.g., "1h", "30m")
type Config ¶
type Config struct {
// EntityID is the entity identifier URL.
// Env: LH_ENTITY_ID
EntityID string `yaml:"entity_id" envconfig:"ENTITY_ID"`
// Server holds server configuration.
// Env prefix: LH_SERVER_
Server lighthouse.ServerConf `yaml:"server" envconfig:"SERVER"`
// Logging holds logging configuration.
// Env prefix: LH_LOGGING_
Logging loggingConf `yaml:"logging" envconfig:"LOGGING"`
// Storage holds storage configuration.
// Env prefix: LH_SERVER_
Storage StorageConf `yaml:"storage" envconfig:"STORAGE"`
// Caching holds caching configuration.
// Env prefix: LH_CACHE_
Caching CachingConf `yaml:"cache" envconfig:"CACHE"`
// Signing holds signing configuration.
// Env prefix: LH_SIGNING_
Signing SigningConf `yaml:"signing" envconfig:"SIGNING"`
// Endpoints holds endpoints configuration.
// Env prefix: LH_ENDPOINTS_
Endpoints Endpoints `yaml:"endpoints" envconfig:"ENDPOINTS"`
// API holds API configuration.
// Env prefix: LH_API_
API apiConf `yaml:"api" envconfig:"API"`
// Stats holds statistics configuration.
// Env prefix: LH_STATS_
Stats StatsConf `yaml:"stats" envconfig:"STATS"`
}
Config holds configuration for the entity.
All configuration options can be set via environment variables with the LH_ prefix. Environment variables override values from the YAML config file.
Special environment variables:
- LH_CONFIG_FILE: Path to the configuration file
- LH_LOG_LEVEL: Shortcut for LH_LOGGING_INTERNAL_LEVEL
Environment variables (with prefix LH_):
- LH_ENTITY_ID: Entity identifier URL
- LH_SERVER_*: Server configuration (see ServerConf)
- LH_LOGGING_*: Logging configuration (see loggingConf)
- LH_STORAGE_*: Storage configuration (see StorageConf)
- LH_CACHE_*: Caching configuration (see CachingConf)
- LH_SIGNING_*: Signing configuration (see SigningConf)
- LH_ENDPOINTS_*: Endpoints configuration (see Endpoints)
- LH_FEDERATION_DATA_*: Federation configuration (see federationConf)
- LH_API_*: API configuration (see apiConf)
- LH_STATS_*: Statistics configuration (see StatsConf)
type Endpoints ¶
type Endpoints struct {
// FetchEndpoint configures the fetch endpoint.
// Env prefix: LH_ENDPOINTS_FETCH_
FetchEndpoint lighthouse.EndpointConf `yaml:"fetch" envconfig:"FETCH"`
// ListEndpoint configures the list endpoint.
// Env prefix: LH_ENDPOINTS_LIST_
ListEndpoint lighthouse.EndpointConf `yaml:"list" envconfig:"LIST"`
// ResolveEndpoint configures the resolve endpoint.
// Env prefix: LH_ENDPOINTS_RESOLVE_
ResolveEndpoint resolveEndpointConf `yaml:"resolve" envconfig:"RESOLVE"`
// TrustMarkStatusEndpoint configures the trust mark status endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_STATUS_
TrustMarkStatusEndpoint lighthouse.EndpointConf `yaml:"trust_mark_status" envconfig:"TRUST_MARK_STATUS"`
// TrustMarkedEntitiesListingEndpoint configures the trust mark list endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_LIST_
TrustMarkedEntitiesListingEndpoint lighthouse.EndpointConf `yaml:"trust_mark_list" envconfig:"TRUST_MARK_LIST"`
// TrustMarkEndpoint configures the trust mark endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_
TrustMarkEndpoint lighthouse.EndpointConf `yaml:"trust_mark" envconfig:"TRUST_MARK"`
// HistoricalKeysEndpoint configures the historical keys endpoint.
// Env prefix: LH_ENDPOINTS_HISTORICAL_KEYS_
HistoricalKeysEndpoint lighthouse.EndpointConf `yaml:"historical_keys" envconfig:"HISTORICAL_KEYS"`
// EnrollmentEndpoint configures the enrollment endpoint.
// Env prefix: LH_ENDPOINTS_ENROLL_
// Note: checker config is YAML-only
EnrollmentEndpoint checkedEndpointConf `yaml:"enroll" envconfig:"ENROLL"`
// EnrollmentRequestEndpoint configures the enrollment request endpoint.
// Env prefix: LH_ENDPOINTS_ENROLL_REQUEST_
EnrollmentRequestEndpoint lighthouse.EndpointConf `yaml:"enroll_request" envconfig:"ENROLL_REQUEST"`
// TrustMarkRequestEndpoint configures the trust mark request endpoint.
// Env prefix: LH_ENDPOINTS_TRUST_MARK_REQUEST_
TrustMarkRequestEndpoint lighthouse.EndpointConf `yaml:"trust_mark_request" envconfig:"TRUST_MARK_REQUEST"`
// EntityCollectionEndpoint configures the entity collection endpoint.
// Env prefix: LH_ENDPOINTS_ENTITY_COLLECTION_
EntityCollectionEndpoint collectionEndpointConf `yaml:"entity_collection" envconfig:"ENTITY_COLLECTION"`
}
Endpoints holds configuration for the different possible endpoints.
Environment variables (with prefix LH_ENDPOINTS_):
- LH_ENDPOINTS_FETCH_PATH, LH_ENDPOINTS_FETCH_URL, LH_ENDPOINTS_FETCH_STATEMENT_LIFETIME
- LH_ENDPOINTS_LIST_PATH, LH_ENDPOINTS_LIST_URL
- LH_ENDPOINTS_RESOLVE_PATH, LH_ENDPOINTS_RESOLVE_URL, LH_ENDPOINTS_RESOLVE_*
- LH_ENDPOINTS_TRUST_MARK_STATUS_PATH, LH_ENDPOINTS_TRUST_MARK_STATUS_URL
- LH_ENDPOINTS_TRUST_MARK_LIST_PATH, LH_ENDPOINTS_TRUST_MARK_LIST_URL
- LH_ENDPOINTS_TRUST_MARK_PATH, LH_ENDPOINTS_TRUST_MARK_URL
- LH_ENDPOINTS_HISTORICAL_KEYS_PATH, LH_ENDPOINTS_HISTORICAL_KEYS_URL
- LH_ENDPOINTS_ENROLL_PATH, LH_ENDPOINTS_ENROLL_URL
- LH_ENDPOINTS_ENROLL_REQUEST_PATH, LH_ENDPOINTS_ENROLL_REQUEST_URL
- LH_ENDPOINTS_TRUST_MARK_REQUEST_PATH, LH_ENDPOINTS_TRUST_MARK_REQUEST_URL
- LH_ENDPOINTS_ENTITY_COLLECTION_PATH, LH_ENDPOINTS_ENTITY_COLLECTION_URL, LH_ENDPOINTS_ENTITY_COLLECTION_*
type LoggerConf ¶
type LoggerConf struct {
// Dir is the directory for log files.
// Env: LH_LOGGING_ACCESS_DIR or LH_LOGGING_INTERNAL_DIR
Dir string `yaml:"dir" envconfig:"DIR"`
// StdErr enables logging to stderr.
// Env: LH_LOGGING_ACCESS_STDERR or LH_LOGGING_INTERNAL_STDERR
StdErr bool `yaml:"stderr" envconfig:"STDERR"`
}
LoggerConf holds configuration related to logging.
Environment variables depend on context:
- Access logs: LH_LOGGING_ACCESS_DIR, LH_LOGGING_ACCESS_STDERR
- Internal logs: LH_LOGGING_INTERNAL_DIR, LH_LOGGING_INTERNAL_STDERR
type SigningConf ¶ added in v0.20.0
type SigningConf struct {
lighthouse.SigningConf `yaml:",inline"`
}
SigningConf holds signing configuration. Note: alg, rsa_key_len, and key_rotation are now managed in the database. Use 'lhmigrate config2db' to migrate these values from a config file, or use the Admin API to manage them at runtime.
Environment variables (with prefix LH_SIGNING_):
- LH_SIGNING_KMS: Key management system ("filesystem" or "pkcs11")
- LH_SIGNING_PK_BACKEND: Public key storage backend ("filesystem" or "db")
- LH_SIGNING_AUTO_GENERATE_KEYS: Auto-generate keys if missing
- LH_SIGNING_FILESYSTEM_KEY_FILE: Path to single key file
- LH_SIGNING_FILESYSTEM_KEY_DIR: Directory for key files
- LH_SIGNING_PKCS11_STORAGE_DIR: PKCS#11 storage directory
- LH_SIGNING_PKCS11_MODULE_PATH: Path to PKCS#11 module
- LH_SIGNING_PKCS11_TOKEN_LABEL: HSM token label
- LH_SIGNING_PKCS11_TOKEN_SERIAL: HSM token serial
- LH_SIGNING_PKCS11_TOKEN_SLOT: HSM slot number
- LH_SIGNING_PKCS11_PIN: HSM user PIN
- LH_SIGNING_PKCS11_MAX_SESSIONS: Maximum concurrent sessions
- LH_SIGNING_PKCS11_USER_TYPE: User type for login
- LH_SIGNING_PKCS11_NO_LOGIN: Token doesn't support login
- LH_SIGNING_PKCS11_LABEL_PREFIX: Prefix for object labels
- LH_SIGNING_PKCS11_LOAD_LABELS: Extra labels to load (comma-separated)
type StatsBufferConf ¶ added in v0.20.0
type StatsBufferConf struct {
// Size is the maximum number of entries in the ring buffer.
// Default: 10000
// Env: LH_STATS_BUFFER_SIZE
Size int `yaml:"size" envconfig:"SIZE"`
// FlushInterval is how often the buffer is flushed to the database.
// Default: 5s
// Env: LH_STATS_BUFFER_FLUSH_INTERVAL
FlushInterval time.Duration `yaml:"flush_interval" envconfig:"FLUSH_INTERVAL"`
// FlushThreshold triggers a flush when the buffer is this percentage full.
// Value between 0 and 1. Default: 0.8
// Env: LH_STATS_BUFFER_FLUSH_THRESHOLD
FlushThreshold float64 `yaml:"flush_threshold" envconfig:"FLUSH_THRESHOLD"`
}
StatsBufferConf configures the in-memory ring buffer.
Environment variables (with prefix LH_STATS_BUFFER_):
- LH_STATS_BUFFER_SIZE: Ring buffer size
- LH_STATS_BUFFER_FLUSH_INTERVAL: Flush interval (e.g., "5s")
- LH_STATS_BUFFER_FLUSH_THRESHOLD: Flush threshold (0-1)
type StatsCaptureConf ¶ added in v0.20.0
type StatsCaptureConf struct {
// ClientIP records the client's IP address.
// Env: LH_STATS_CAPTURE_CLIENT_IP
ClientIP bool `yaml:"client_ip" envconfig:"CLIENT_IP"`
// UserAgent records the User-Agent header.
// Env: LH_STATS_CAPTURE_USER_AGENT
UserAgent bool `yaml:"user_agent" envconfig:"USER_AGENT"`
// QueryParams records URL query parameters as JSON.
// Env: LH_STATS_CAPTURE_QUERY_PARAMS
QueryParams bool `yaml:"query_params" envconfig:"QUERY_PARAMS"`
// GeoIP enables country lookup from IP addresses.
// Env prefix: LH_STATS_CAPTURE_GEO_IP_
GeoIP StatsGeoIPConf `yaml:"geo_ip" envconfig:"GEO_IP"`
}
StatsCaptureConf controls what request data is captured.
Environment variables (with prefix LH_STATS_CAPTURE_):
- LH_STATS_CAPTURE_CLIENT_IP: Capture client IP
- LH_STATS_CAPTURE_USER_AGENT: Capture User-Agent
- LH_STATS_CAPTURE_QUERY_PARAMS: Capture query parameters
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
type StatsConf ¶ added in v0.20.0
type StatsConf struct {
// Enabled controls whether statistics collection is active.
// Env: LH_STATS_ENABLED
Enabled bool `yaml:"enabled" envconfig:"ENABLED"`
// Buffer configures the in-memory ring buffer for request logs.
// Env prefix: LH_STATS_BUFFER_
Buffer StatsBufferConf `yaml:"buffer" envconfig:"BUFFER"`
// Capture controls what data is collected from each request.
// Env prefix: LH_STATS_CAPTURE_
Capture StatsCaptureConf `yaml:"capture" envconfig:"CAPTURE"`
// Retention defines how long data is kept.
// Env prefix: LH_STATS_RETENTION_
Retention StatsRetentionConf `yaml:"retention" envconfig:"RETENTION"`
// Endpoints is a list of endpoint paths to track.
// If empty, all federation endpoints are tracked.
// Example: ["/.well-known/openid-federation", "/fetch", "/resolve"]
// Env: LH_STATS_ENDPOINTS (comma-separated)
Endpoints []string `yaml:"endpoints" envconfig:"ENDPOINTS"`
}
StatsConf holds all statistics collection configuration.
Environment variables (with prefix LH_STATS_):
- LH_STATS_ENABLED: Enable statistics collection
- LH_STATS_ENDPOINTS: Endpoints to track (comma-separated)
- LH_STATS_BUFFER_SIZE: Ring buffer size
- LH_STATS_BUFFER_FLUSH_INTERVAL: Flush interval (e.g., "5s")
- LH_STATS_BUFFER_FLUSH_THRESHOLD: Flush threshold (0-1)
- LH_STATS_CAPTURE_CLIENT_IP: Capture client IP
- LH_STATS_CAPTURE_USER_AGENT: Capture User-Agent
- LH_STATS_CAPTURE_QUERY_PARAMS: Capture query parameters
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
- LH_STATS_RETENTION_DETAILED_DAYS: Days to keep detailed logs
- LH_STATS_RETENTION_AGGREGATED_DAYS: Days to keep aggregated stats
YAML example:
stats:
enabled: true
buffer:
size: 10000
flush_interval: 5s
flush_threshold: 0.8
capture:
client_ip: true
user_agent: true
query_params: true
geo_ip:
enabled: false
database_path: /path/to/GeoLite2-Country.mmdb
retention:
detailed_days: 90
aggregated_days: 365
endpoints: []
func (*StatsConf) AggregatedRetention ¶ added in v0.20.0
AggregatedRetention returns the retention period for aggregated stats as a Duration.
func (*StatsConf) DetailedRetention ¶ added in v0.20.0
DetailedRetention returns the retention period for detailed logs as a Duration.
func (*StatsConf) ToAPIConfig ¶ added in v0.20.0
ToAPIConfig converts config.StatsConf to api/stats.Config.
type StatsGeoIPConf ¶ added in v0.20.0
type StatsGeoIPConf struct {
// Enabled turns on GeoIP country lookup.
// Env: LH_STATS_CAPTURE_GEO_IP_ENABLED
Enabled bool `yaml:"enabled" envconfig:"ENABLED"`
// DatabasePath is the path to a MaxMind GeoLite2-Country.mmdb file.
// Env: LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH
DatabasePath string `yaml:"database_path" envconfig:"DATABASE_PATH"`
}
StatsGeoIPConf configures GeoIP lookup.
Environment variables (with prefix LH_STATS_CAPTURE_GEO_IP_):
- LH_STATS_CAPTURE_GEO_IP_ENABLED: Enable GeoIP lookup
- LH_STATS_CAPTURE_GEO_IP_DATABASE_PATH: Path to GeoLite2 database
type StatsRetentionConf ¶ added in v0.20.0
type StatsRetentionConf struct {
// DetailedDays is how many days to keep individual request logs.
// Default: 90
// Env: LH_STATS_RETENTION_DETAILED_DAYS
DetailedDays int `yaml:"detailed_days" envconfig:"DETAILED_DAYS"`
// AggregatedDays is how many days to keep daily aggregated statistics.
// Default: 365
// Env: LH_STATS_RETENTION_AGGREGATED_DAYS
AggregatedDays int `yaml:"aggregated_days" envconfig:"AGGREGATED_DAYS"`
}
StatsRetentionConf defines data retention periods.
Environment variables (with prefix LH_STATS_RETENTION_):
- LH_STATS_RETENTION_DETAILED_DAYS: Days to keep detailed logs
- LH_STATS_RETENTION_AGGREGATED_DAYS: Days to keep aggregated stats
type StorageConf ¶ added in v0.20.0
type StorageConf struct {
// Deprecated: Only used for discovering a migration need
BackendType string `yaml:"backend" envconfig:"-"`
// Driver is the database driver type.
// Env: LH_STORAGE_DRIVER
Driver storage.DriverType `yaml:"driver" envconfig:"DRIVER"`
// DataDir is the directory for SQLite database files.
// Env: LH_STORAGE_DATA_DIR
DataDir string `yaml:"data_dir" envconfig:"DATA_DIR"`
// DSN is the database connection string.
// Env: LH_STORAGE_DSN
DSN string `yaml:"dsn" envconfig:"DSN"`
// DSNConf provides individual connection parameters (embedded).
// Env: LH_STORAGE_USER, LH_STORAGE_PASSWORD, LH_STORAGE_HOST, LH_STORAGE_PORT, LH_STORAGE_DB
storage.DSNConf
// Debug enables debug logging.
// Env: LH_STORAGE_DEBUG
Debug bool `yaml:"debug" envconfig:"DEBUG"`
}
StorageConf holds storage/database configuration.
Environment variables (with prefix LH_STORAGE_):
- LH_STORAGE_DRIVER: Database driver (sqlite, mysql, postgres)
- LH_STORAGE_DATA_DIR: Directory for SQLite database files
- LH_STORAGE_DSN: Database connection string
- LH_STORAGE_USER: Database username (for DSN building)
- LH_STORAGE_PASSWORD: Database password
- LH_STORAGE_HOST: Database host
- LH_STORAGE_PORT: Database port
- LH_STORAGE_DB: Database name
- LH_STORAGE_DEBUG: Enable debug logging
Source Files
Click to show internal directories.
Click to hide internal directories.