aljaz/aperture
1
1
Fork 0
mirror of https://github.com/lightninglabs/aperture.git synced 2025-12-17 00:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4431801ef7a233d5c1b2d5df4c89af72a5dc725
aperture/sample-conf.yaml
Boris Nagaev a4431801ef multi: replace LSAT with L402 
auth: LsatAuthenticator -> L402Authenticator
sed -i 's/LsatAuthenticator/L402Authenticator/g' aperture.go auth/authenticator.go auth/authenticator_test.go

rename package lsat to l402
git mv lsat/ l402
sed 's@aperture/lsat@aperture/l402@g' -i `git grep -l aperture/lsat`
sed -i 's@package lsat@package l402@' `git grep -l 'package lsat'`
sed -i 's@lsat\.@l402.@g' -i `git grep -l 'lsat\.'`
sed 's@l402.Id@lsat.Id@' -i mint/mint_test.go

replace lsat with l402 in the code
sed 's@lsat@l402@' -i mint/mint_test.go
sed 's@Lsat@L402@' -i l402/client_interceptor.go
sed 's@lsatstore@l402store@' -i l402/store_test.go

replace LSAT to L402 in comments
sed '/\/\//s@LSAT@L402@g' -i `git grep -l '//.*LSAT'`

replace LSAT -> L402 in the code, skip when a string starts with it
sed 's@\([^"/]\)LSAT@\1L402@g' -i `git grep -l LSAT`
2024-04-16 19:33:03 -03:00

218 lines
6.8 KiB
YAML
Raw Blame History

# The address which the proxy can be reached at.
listenaddr: "localhost:8081"
# The root path of static content to serve upon receiving a request the proxy
# cannot handle.
staticroot: "./static"
# Should the static file server be enabled that serves files from the directory
# specified in `staticroot`?
servestatic: false
# The log level that should be used for the proxy.
#
# Valid options include: trace, debug, info, warn, error, critical, off.
debuglevel: "debug"
# Whether the proxy should create a valid certificate through Let's Encrypt for
# the fully qualifying domain name.
autocert: false
servername: aperture.example.com
# The port on which the pprof profile will be served. If no port is provided,
# the profile will not be served.
profile: 9999
# Settings for the lnd node used to generate payment requests. All of these
# options are required.
authenticator:
## Common fields.
# The chain network the lnd is active on.
network: "simnet"
# Set to true to disable any auth.
disable: false
## Direct LND connection fields.
# The host:port which lnd's RPC can be reached at.
lndhost: "localhost:10009"
# The path to lnd's TLS certificate.
tlspath: "/path/to/lnd/tls.cert"
# The path to lnd's macaroon directory.
macdir: "/path/to/lnd/data/chain/bitcoin/simnet"
## LNC connection fields.
# The LNC connection passphrase.
# NOTE: The passphrase generates a secret for authenticating the LNC
# connection. Once a passphrase has been utilized for a connection, it
# cannot be reused in a different server/database.
passphrase: "your pairing phrase"
# The host:port of the mailbox server to be used.
mailboxaddress: "mailbox.terminal.lightning.today:443"
# Set to true to skip verification of the mailbox server's tls cert.
devserver: false
# The selected database backend. The current default backend is "sqlite".
# Aperture also has support for postgres and etcd.
dbbackend: "sqlite"
# Settings for the sqlite process which the proxy will use to reliably store and
# retrieve token information.
sqlite:
# The full path to the database.
dbfile: "/path/to/.aperture/aperture.db"
# Settings for the postgres instance which the proxy will use to reliably store
# and retrieve token information.
postgres:
# Connection parameters.
host: "localhost"
port: 5432
user: "user"
password: "password"
dbname: "aperture"
# Max open connections to keep alive to the database server.
maxconnections: 25
# Whether to require using SSL (mode: require) when connecting to the
# server.
requireSSL: true
# Settings for the etcd instance which the proxy will use to reliably store and
# retrieve token information.
etcd:
# The client host:port which the etcd instance can be reached at.
host: "localhost:2379"
# If authentication is enabled, the user and password required to access the
# etcd instance.
user: "user"
password: "password"
# List of services that should be reachable behind the proxy. Requests will be
# matched to the services in order, picking the first that satisfies hostregexp
# and (if set) pathregexp. So order is important!
#
# Use single quotes for regular expressions with special characters in them to
# avoid YAML parsing errors!
services:
# The identifying name of the service. This will also be used to identify
# which capabilities caveat (if any) corresponds to the service.
- name: "service1"
# The regular expression used to match the service host.
hostregexp: '^service1.com$'
# The regular expression used to match the path of the URL.
pathregexp: '^/.*$'
# The host:port which the service can be reached at.
address: "127.0.0.1:10009"
# The HTTP protocol that should be used to connect to the service. Valid
# options include: http, https.
protocol: https
# If required, a path to the service's TLS certificate to successfully
# establish a secure connection.
tlscertpath: "path-to-optional-tls-cert/tls.cert"
# A comma-delimited list of capabilities that will be granted for tokens of
# the service at the base tier.
capabilities: "add,subtract"
# The set of constraints that are applied to tokens of the service at the
# base tier.
constraints:
# This is just an example of how aperture could be extended
# but would not have any effect without additional support added.
"valid_until": 1682483169
# a caveat will be added that expires the L402 after this many seconds,
# 31557600 = 1 year.
timeout: 31557600
# The L402 value in satoshis for the service. It is ignored if
# dynamicprice.enabled is set to true.
price: 0
# Options to use for connection to the price serving gRPC server.
dynamicprice:
# Whether or not a gRPC server is available to query price data from. If
# this option is set to true then the 'price' option is ignored.
enabled: true
# The address of the gRPC pricer server.
grpcaddress: "127.0.0.1:10010"
# Whether or not TLS encryption should be used for communications with the
# gRPC server.
insecure: false
# The path to the pricer server's tls.cert. If the 'insecure' option is
# set to true then this path must be set.
tlscertpath: "path-to-pricer-server-tls-cert/tls.cert"
- name: "service2"
hostregexp: "service2.com:8083"
pathregexp: '^/.*$'
address: "123.456.789:8082"
protocol: https
constraints:
"valid_until": "2020-01-01"
price: 1
- name: "service3"
hostregexp: "service3.com:8083"
pathregexp: '^/.*$'
address: "123.456.789:8082"
protocol: https
constraints:
"valid_until": "2020-01-01"
dynamicprice:
enbled: true
grpcaddress: 123.456.789:8083
insecure: false
tlscertpath: "path-to-pricer-server-tls-cert/tls.cert"
# Settings for a Tor instance to allow requests over Tor as onion services.
# Configuring Tor is optional.
tor:
# The host:port which Tor's control can be reached at.
control: "localhost:9051"
# The internal port we should listen on for client requests over Tor. Note
# that this port should not be exposed to the outside world, it is only
# intended to be reached by clients through the onion service.
listenport: 8082
# The port through which the onion services to be created can be reached at.
virtualport: 8082
# Whether a v3 onion service should be created to handle requests.
v3: false
# Enable the Lightning Node Connect hashmail server, allowing up to 1k messages
# per burst and a new message every 20 milliseconds.
hashmail:
enabled: true
messagerate: 20ms
messageburstallowance: 1000
# Enable the prometheus metrics exporter so that a prometheus server can scrape
# the metrics.
prometheus:
enabled: true
listenaddr: "localhost:9000"
Reference in New Issue View Git Blame Copy Permalink