X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/da1614ac6d9b1b2aeba6267b304ce70c1726b608..3377c83ecf5937d5f02c15ef3683181572559137:/services/api/config/application.default.yml diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml index c05b4afd63..d62fb4ea02 100644 --- a/services/api/config/application.default.yml +++ b/services/api/config/application.default.yml @@ -43,6 +43,7 @@ test: common: secret_token: ~ + blob_signing_key: ~ uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %> # Git repositories must be readable by api server, or you won't be @@ -86,13 +87,12 @@ common: admin_notifier_email_from: arvados@example.com email_subject_prefix: "[ARVADOS] " user_notifier_email_from: arvados@example.com + new_user_notification_recipients: [ ] + new_inactive_user_notification_recipients: [ ] # Visitors to the API server will be redirected to the workbench workbench_address: https://workbench.local:3001/ - # Websocket endpoint - websocket_address: wss://localhost:3002/websocket - # The e-mail address of the user you would like to become marked as an admin # user on their first login. # In the default configuration, authentication happens through the Arvados SSO @@ -115,3 +115,27 @@ common: assets.version: "1.0" arvados_theme: default + + # Default: do not advertise a websocket server. + websocket_address: false + + # You can run the websocket server separately from the regular HTTP service + # by setting "ARVADOS_WEBSOCKETS=ws-only" in the environment before running + # the websocket server. When you do this, you need to set the following + # configuration variable so that the primary server can give out the correct + # address of the dedicated websocket server: + #websocket_address: wss://127.0.0.1:3333/websocket + + # Amount of time (in seconds) for which a blob permission signature + # remains valid. Default: 2 weeks (1209600 seconds) + blob_signing_ttl: 1209600 + + # Allow clients to create collections by providing a manifest with + # unsigned data blob locators. IMPORTANT: This effectively disables + # access controls for data stored in Keep: a client who knows a hash + # can write a manifest that references the hash, pass it to + # collections.create (which will create a permission link), use + # collections.get to obtain a signature for that data locator, and + # use that signed locator to retrieve the data from Keep. + # Do not use turn this on if you want to + permit_create_collection_with_unsigned_manifest: false