首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 0

Luoooo/geoserver-cloud-config

代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
acl-service.yml 2.17 KB
一键复制 编辑 原始数据 按行查看 历史
Gabriel Roldan 提交于 2023-12-17 14:51 . acl: use a separate user for geoserver->acl-service communication
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
jndi:

  datasources:

    acl:

      enabled: true

      wait-for-it: true

      wait-timeout: 15

      url: jdbc:postgresql://acldb:5432/acl

      username: acl

      password: acls3cr3t

      maximum-pool-size: 50

      minimum-idle: 2

      connection-timeout: 3000

      idle-timeout: 60000



acl.db.jndiName: java:comp/env/jdbc/acl

acl.db.schema: acl

acl.db.dialect: org.hibernate.spatial.dialect.postgis.PostgisPG10Dialect



geoserver:

  acl:

    security:

      headers:

        # Remember to only enable header pre-authentication if behing a reverse proxy 

        # that removes the incoming request headers used for `user-header` and `roles-header`

        # and adds the sanitized ones.

        enabled: false

        user-header: sec-username

        roles-header: sec-roles

        admin-roles: ["ROLE_ADMINISTRATOR"]

      internal:

        # HTTP Basic Auth

        enabled: true

        users:

          admin:

            admin: true

            enabled: ${acl.users.admin.enabled:true}

            # password is a bcrypt encoded value for s3cr3t

            password: "${acl.users.admin.password:{bcrypt}$2a$10$FE62N3ejbKm56EX5VrtSQeDDka8YjwgjwF9sSEKbatGZuZ8e7S9v.}"

            #for a plain-text password (e.g. coming from a docker or kubernetes secret,

            # use the {noop} prefix, as in: password: "{noop}plaintextpwd}", or password: "{noop}${ACL_ADMIN_PASSWORD}"

          geoserver:

            # special user for GeoServer to ACL communication

            # Using a `{noop}` default credentials for performance, since bcrypt adds a significant per-request overhead

            # in the orther of 100ms. In production it should be replaced by a docker/k8s secret

            admin: true

            enabled: ${acl.users.geoserver.enabled:true}

            password: "${acl.users.geoserver.password:{noop}s3cr3t}"





logging:

  level:

    root: warn

    org.geoserver.acl: info

    org.geoserver.cloud.config: info

    org.springframework.jdbc.support: info



management:

  endpoint:

    health:

      probes:

        enabled: true

  endpoints:

    web:

      exposure:

        include:

        - '*'



---

spring.config.activate.on-profile: acl_debug

logging:

  level:

    org.geoserver.acl: debug
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化