##----------------------------------------------------------------------------
## 2014 Cloudmark, Inc.  All rights reserved.
##
## CMAE SERVER SAMPLE CONFIGURATION FILE
##
## This configuration file describes the settings and preferences for the
## authority program, and provides a convenient template for changing them.
##
## Lines with a "#" as their first non-whitespace character are ignored.
##----------------------------------------------------------------------------

## KEY: server user           (User/group as whom server should run)
##
##      When a server is run as root, there are security advantages to dropping
##      root privileges during normal operation (even if root privileges are
##      required during startup).  This config item, if set, directs the server
##      to set its user and group ids to the given user and group (or if no
##      group is specified, to the default group of the given user).
##
## Default: none
##
#server user = someuser
#server user = someuser:somegroup


## KEY: server pid file       (Pathname of pid file)
##
##      To prevent multiple servers running and to easily identify the process
##      id of a running server, the server is capable of creating and removing
##      a "pid file" (a simple text file containing the process ID of the
##      running server).  This config item specifies the pathname of that file.
##
## Default: none
##
#server pid file = /var/run/authority_server.pid


## KEY: server log priority   (Minimum logging level for server)
##
## Available Levels:  emergency
##                    alert
##                    critical
##                    error
##                    warning
##                    notice
##                    info     (default value)
##                    debug
##
#server log priority = info


## KEY: server log file       (Path to server log file)
##
## The authority_server will attempt to log through the syslog facility.
## If you prefer to log directly to a given file, specify that file here.
##
## Default: none
##          
#server log file = ./log/server.log

## KEY: log requests	
##
## If this parameter is yes, an INFO log message will be posted
## for each HTTP request that is received.
## Note that this logging is subject to the 'server log priority' parameter.
##
#log requests = no


## KEY: server syslog facility    (Syslog facility for server logging)
##
##      If no log file is specified, the server will log via the syslog
##      facility using the syslog facility specified here.
##
## Default: daemon
##
#server syslog facility = daemon


## KEY: server bind address               (IP address for server)
## An address can take the following forms
## for ipv4 addresses
##    d.d.d.d:p           where each d is a decimal number in the range 0-255
##                           and p is a port number 
##                        NOTE: Port number is required
##
## for ipv6 addresses
##   [x:x:x:x:x:x:x:x]:p  where each x is a hexadecimal numver in the range 0-FFFF
##                           and the :: convention for a block of zeros is 
##                           understood. p is a port number 
##                        NOTE: Port number is required
##   
##
## Multiple occurrances of this parameter, on separate lines, one value per line
## are allowed, in which case the server will listen on all specified addresses.
##   server bind address = 1.2.3.4:8888
##   server bind address = 5.6.7.8:9999
##
##
## Default:  all interfaces, port 2780  (0.0.0.0:2780)
##
#server bind address = 127.0.0.1:2780


## KEY: cartridge lib dir     (Directory containing cartridge libraries)
##
## This directory, if not an absolute path, is taken relative to this product's
## home directory (ie: the directory that contains bin/authority_server)
##
## Default: ./lib
##          
#cartridge lib dir = ./lib


## KEY: cartridge config dir   (Directory containing cartridge config files)
##
## This directory, if not an absolute path, is taken relative to this product's
## home directory (ie: the directory that contains bin/authority_server)
##
## Default: ./etc
##          
#cartridge config dir = ./etc


## KEY: max message size      (Limit on message size, in bytes)
##
##      This limit applies to both client and server.
##      The client MUST truncate messages to fit.
##      The server WILL terminate connections that try to send more
##        than the sepcified limit.
##
## Default: 20 MiB
##          
#max message size = 20971520


## KEY: max clients
##
##      The maximumn number of clients allowed to simultaneously connect
##      to the server.
##
## Default: 2000
##          
#max clients = 2000

## KEY: idle timeout          (Max connection idle time in seconds)
###
###      The server will close any connect that shows no activity for this long.
### Default: zero (no timeout)
###          
#idle timeout = 0


## KEY: workers
##
##	This parameter sets the number of worker threads associated
##	with each server bind address.
##
## Default: 10
##
#workers = 10


## KEY: installation identifier
##
##      This is a string that identifies the installation for logging purposes.
##      This string is required.
##
## Default: none
#

## KEY: server statistics interval
##
##      If non-zero, specifies the inerval in seconds at which the
##      server will write statistics to the log.
##      If zero, statistics will only be written at the end of the run.
##
## Default: 3600
##
#server statistics interval

## KEY: use ssl
##      
##      If this key is yes, then connections will be secured with SSL
##
## Default: no
##
#use ssl = no

## === SSL Specific Parameters ===
##
##  The following parameters are related to SSL connections and only apply
## if 'use ssl' is yes
##


## KEY: ssl certificate
##
##      This is the path to the file containing the server's SSL certificate
##
## Default: none
##

## KEY: ssl private key
##
##      This is the path to the file containing the server's private key
##
## Default: none
##

## KEY: ssl CA file
##
##      If non empty, this is the path to a file of CA certificates in
##      PEM format.
#
## Default: none
#

## KEY: ssl CA path
##
##      If non empty, this is the path to a directory containing certificates in
##      PEM format. Each file in the director contains a single certificate.
##
## Default: none
#

## KEY: ssl ciphers
##
##      This parameter is a list of ciphers to be made available, in the format
##      described by https://www.openssl.org/docs/apps/ciphers.html
##
## Default: RC4+RSA:HIGH:+MEDIUM:+LOW
##
#ssl ciphers = RC4+RSA:HIGH:+MEDIUM:+LOW

## KEY: ssl named curve
##
##      If non empty, this is the name of the curve to use for EC
#
## Default: none
#
#
## KEY: ssl DH params file
##
##      If non empty, this is the path to a file containing the DH params
#
## Default: none
#

## KEY: ssl CA file
##
##      If non empty, this is the path to a file of CA certificates in
##      PEM format.
#
## Default: none
#
#
## KEY: ssl options
##      This parameter is a list of options to pass to openssl. The possible options
##      are outlined in https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
##
## Default: SSL_OP_NO_SSLv2
##
#ssl options = SSL_OP_ALL SSL_OP_NO_SSLv2 SSL_OP_NO_SSLv3


## KEY: ssl session timeout
##
##      Sets the the ssl session timeout in seconds
##
## Default: 300
##
#ssl session timeout = 300


## KEY: ssl verify client
##
##      If yes, the server will verify the client prior to connecting
##
## Default: no
##
#ssl verify client = no


## KEY: ssl verify depth
##
##      This parameter sets the maximum length of the certificate verification
##      chain
##
## Default: 9
##
#ssl verify depth=9