63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
# Hermes Service Configuration for Nginx Deployment
|
|
# This configuration file controls security features when running behind Nginx
|
|
|
|
# Security settings
|
|
security:
|
|
# Enable IP address checking
|
|
enable_ip_check: false
|
|
|
|
# List of allowed IP addresses or CIDR ranges
|
|
# If empty, all IPs are allowed (when IP check is disabled)
|
|
allowed_ips:
|
|
- "127.0.0.1"
|
|
- "::1"
|
|
# - "192.168.1.0/24"
|
|
# - "10.0.0.0/8"
|
|
|
|
# Enable API key authentication
|
|
enable_api_key: false
|
|
|
|
# Authentication method: "header" or "bearer"
|
|
auth_method: "header"
|
|
|
|
# Header name for API key (used when auth_method is "header")
|
|
api_key_header: "X-API-Key"
|
|
|
|
# List of valid API keys
|
|
# Each key can have a description and optional expiration
|
|
api_keys:
|
|
# - key: "your-api-key-here"
|
|
# description: "Main production key"
|
|
# expires_at: null # null means never expires, or use ISO format: "2025-12-31T23:59:59Z"
|
|
|
|
# Nginx integration settings
|
|
nginx:
|
|
# Trust X-Forwarded-For header from these proxies
|
|
# Only set this if you're behind a trusted proxy like Nginx
|
|
trusted_proxies:
|
|
- "127.0.0.1"
|
|
- "::1"
|
|
|
|
# Enable real IP detection from X-Forwarded-For
|
|
enable_real_ip: true
|
|
|
|
# Service settings
|
|
service:
|
|
# Host to bind to (should be 127.0.0.1 when behind Nginx)
|
|
host: "127.0.0.1"
|
|
|
|
# Port to listen on
|
|
port: 9120
|
|
|
|
# Log level
|
|
log_level: "info"
|
|
|
|
# CORS settings (usually handled by Nginx in production)
|
|
cors:
|
|
allow_origins:
|
|
- "*"
|
|
allow_credentials: true
|
|
allow_methods:
|
|
- "*"
|
|
allow_headers:
|
|
- "*" |