The config.json has be located at the same place the vaccinator executable is located (default is /opt/vaccinator/).
The default content of config.json looks like this:
{
"connectionString": "connectionString",
"maxConnections": 0,
"listenIPPort": "127.0.0.1:443",
"useLetsEncrypt": 1,
"domain": "dc1.myDomain",
"certFolder": "/opt/vaccinator/certs/",
"debugMode": 0,
"IPExtractor": "",
"disableIPCheck": 0,
"CORSDomains": "",
"runAs": "vaccinator"
}
This are the available options and their meanings:
Parameter | Description | ||
---|---|---|---|
connectionString |
This is the database connection string for the CockroachDB. Reference: https://www.postgresql.org/docs/11/libpq-connect.html#LIBPQ-CONNSTRING |
||
maxConnections |
This value determines how many database connections the DataVaccinator keeps in his connection pool. If you specify 0 (which means auto), it will multiply the number of CPU cores (incl. hyperthreading) with 3. Reference: https://www.cockroachlabs.com/docs/v21.1/connection-pooling.html#sizing-connection-pools |
||
listenIPPort |
The IP address(es) and ports to listen to. This value is mandatory. listenIPPort allows one or more entries, divided by a space character. An entry has to look like this: "IP:Port". Multiple entries look like "IP:Port IP:Port IP:Port". The IP part can be an IPv4 address like 127.0.0.1 or an IPv6 address like [::1] (in square brackets). Both need to be followed by a proxy value. Example for listening on port 443 for both IPv4 and IPv6: |
||
useLetsEncrypt |
Set to 1 if you like to let DataVaccinator use Let’s Encrypt certificate automatically. Default is 0. |
||
domain |
The domain used for certificate generation (Let’s Encrypt). You may leave it empty to let acme try to determine by itself. Please note that this is only used if useLetsEncrypt is 1. |
||
certFolder |
The folder where the Let’s Encrypt SSL certificate files are getting stored. If you leave empty "", it will use a certs/ folder in the binary location folder (eg /opt/vaccinator/certs/). If the folder does not yet exist, it is created with 770 permissions (rwxrwx---). Please note that this is only created and used if useLetsEncrypt is 1. |
||
debugMode |
Set to 1 if you like to get additional debug information to StdOut. Default is 0. |
||
IPExtractor |
If not set (empty string), the DataVaccinator will determine source IP addresses by using the network layer. In some cases, behind loadbalancers or proxy servers, this will return the same IP for all requests. Here you can advise to use other headers. The following values are available:
|
||
disableIPCheck |
If set to 1, the DataVaccinator will not verify the IP address of the calling client against the "IP" field in database table "provider". Default is 0.
|
||
CORSDomains |
Enables CORS to allow cross domain access (avoid issues with cross-origin-policy). Refer CORS Protocol definition for further details. You can provide an empty string ("") to disable this feature (default). To allow all domains, enter "*". If you like to define specific urls, you can enter complete urls. Divide multiple allowed urls using comma. Example: "http://127.0.0.1,https://someDomain.de" |
||
runAs |
Define the user to downgrade to, if initially started as root. If given (not empty ""), the executable tries to downgrade it’s privileges to this user after the ports are bound. This is to prevent running the executable with root permissions permanently. Background: Linux does not allow you to open ports below 1024 if the process is not root (permission denied). So you have to be root to open port 80 or 443. The systemd service script, generated by the installer, is therefore running the vaccinator executable as root. This is why downgrading is useful then. |