yumoqing/hermes-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hermes-service/config.yaml
yumoqing 57afe1264c feat(security): implement IP filtering and API key authentication 
- Added validate_ip_and_apikey() decorator for endpoint protection
- Implemented IP address validation with configurable allowed_ips list
- Added API key authentication with header-based or bearer token support
- Fixed endpoint function signatures to properly receive Request objects
- Updated configuration structure and security documentation
- Removed debug print statements before final commit
2026-04-22 21:41:45 +08:00

63 lines
1.5 KiB
YAML
Raw Blame History

# Hermes Service Configuration for Nginx Deployment
# This configuration file controls security features when running behind Nginx
# Security settings
security:
# Enable IP address checking
enable_ip_check: true
# List of allowed IP addresses or CIDR ranges
# If empty, all IPs are allowed (when IP check is disabled)
allowed_ips:
- "127.0.0.1"
- "::1"
- "8.222.165.87"
- "47.237.201.139"
# Enable API key authentication
enable_api_key: true
# Authentication method: "header" or "bearer"
auth_method: "header"
# Header name for API key (used when auth_method is "header")
api_key_header: "X-API-Key"
# List of valid API keys
# Each key can have a description and optional expiration
api_keys:
- key: "5ftyuvhfhi3345"
description: "Production API key"
expires_at: null # null means never expires, or use ISO format: "2025-12-31T23:59:59Z"
# Nginx integration settings
nginx:
# Trust X-Forwarded-For header from these proxies
# Only set this if you're behind a trusted proxy like Nginx
trusted_proxies:
- "127.0.0.1"
- "::1"
# Enable real IP detection from X-Forwarded-For header
enable_real_ip: false
# Service settings
service:
# Host to bind to (should be 127.0.0.1 when behind Nginx)
host: "127.0.0.1"
# Port to listen on
port: 9123
# Log level
log_level: "info"
# CORS settings (usually handled by Nginx in production)
cors:
allow_origins:
- "*"
allow_credentials: true
allow_methods:
- "*"
allow_headers:
- "*"
Reference in New Issue View Git Blame Copy Permalink