mirror of
https://github.com/lightninglabs/aperture.git
synced 2026-01-02 08:54:24 +01:00
38cd0e7847
We move the proxy from using its placeholder macaroon creation and verification to instead use the agreed upon macaroon design. Much of this is solely a refactor, but some new functionality has also been introduced as part of integrating the LSAT mint: 1. A request's target service is now verified to ensure its attached LSAT is authorized. 2. The preimage is now checked against the token's committed payment hash to ensure it has been paid for.
39 lines
1.0 KiB
YAML
39 lines
1.0 KiB
YAML
listenaddr: "localhost:8081"
|
|
staticroot: "./static"
|
|
debuglevel: "debug"
|
|
|
|
authenticator:
|
|
lndhost: "localhost:10009"
|
|
tlspath: "/path/to/lnd/tls.cert"
|
|
macdir: "/path/to/lnd/data/chain/bitcoin/simnet"
|
|
network: "simnet"
|
|
|
|
etcd:
|
|
host: "localhost:2379"
|
|
user: "user"
|
|
password: "password"
|
|
|
|
services:
|
|
# List of services that should be reachable behind the proxy.
|
|
# Requests will be matched to the services in order, picking the first
|
|
# that satisfies hostregexp and (if set) pathregexp.
|
|
# So order is important!
|
|
#
|
|
# Use single quotes for regular expressions with special characters in them to
|
|
# avoid YAML parsing errors!
|
|
- name: "service1"
|
|
hostregexp: '^service1.com$'
|
|
pathregexp: '^/.*$'
|
|
address: "127.0.0.1:10009"
|
|
protocol: https
|
|
tlscertpath: "path-to-optional-tls-cert/tls.cert"
|
|
capabilities: "add,subtract"
|
|
|
|
- name: "service2"
|
|
hostregexp: "service2.com:8083"
|
|
pathregexp: '^/.*$'
|
|
address: "123.456.789:8082"
|
|
protocol: https
|
|
constraints:
|
|
"valid_until": "2020-01-01"
|