diff options
-rw-r--r-- | doc/catlfish-node.cfg.5.adoc | 81 |
1 files changed, 49 insertions, 32 deletions
diff --git a/doc/catlfish-node.cfg.5.adoc b/doc/catlfish-node.cfg.5.adoc index 2cbf596..dd0d48f 100644 --- a/doc/catlfish-node.cfg.5.adoc +++ b/doc/catlfish-node.cfg.5.adoc @@ -10,98 +10,115 @@ catlfish-node.cfg - catlfish node configuration OPTIONS ------- **configurl**: __url__:: -// write description here + URL to the global configuration file. The signature should be located at the same URL but with ".sig" appended. Handles http:, https:, and file: URL:s. + When using file: URL:s, the magic cookie `CURRENTWORKINGDIRECTORY` can be used to indicate the current working directory. + Example: `file:///CURRENTWORKINGDIRECTORY/myconfig.cfg` will refer to the file myconfig.cfg in the current directory. **ctapiaddress**: __ip-address__ (optional):: -// write description here + IP address and port for the external API if it is different from the global configuration, e.g. __10.0.0.1:443__. **dbbackend**: **permdb**|**fsdb** (default: fsdb):: -// write description here + The database backend that the node uses. **fsdb** uses plain files to store each database entry, using the database key as the filename. + **permdb** uses a commit-based append-only file and has much better performance. **frontendaddress**: __ip-address__ (optional):: + IP address and port for the frontend internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__. + + **hsm**: :: + // write description here + **label**: __hsm-keyname__ (optional)::: + The name of the key in your HSM. + + **library**: __path__ (optional)::: + Path to the HSM library + + **pin**: __hsm-pin__ (optional)::: + The PIN used to access your HSM. If the first character is `@`, the rest of the string is a file name containing the PIN. + + **slot**: __hsm-slot__ (optional)::: + The slot number the key is in. + **logadminkey**: __key__:: -// write description here + The key that signs the global configuration file. In BASE64. **merge**: :: -// write description here + Configuration variables for merge nodes. Used when the node is the primary merge node. **backup-sendentries-chunksize**: __number-of-entries__::: -// write description here + Maximum number of entries to send to a backup node in one API call. **backup-sendlog-chunksize**: __number-of-entries__::: -// write description here + Maximum number of entry hashes to send to a backup node in one API call. **backup-window-size**: __number-of-entries__::: -// write description here + Maximum number of entries to distribute to a backupp node before verifying that the backup node has received them properly. **dist-sendentries-chunksize**: __number-of-entries__::: -// write description here + Maximum number of entries to send to a frontend node in one API call. **dist-sendlog-chunksize**: __number-of-entries__::: -// write description here + Maximum number of entry hashes to send to a frontend node in one API call. **dist-window-size**: __number-of-entries__::: -// write description here + Maximum number of entries to distribute to a frontend node before making the frontend node verify them. **min-delay**: __seconds__::: -// write description here + The interval between two attempts to create an STH. **mergeaddress**: __ip-address__ (optional):: -// write description here + IP address and port for the merge internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__. **nodename**: __nodename__:: -// write description here + Name of the node. **paths**: :: // write description here **configdir**: __path__::: -// write description here + The directory where compileconfig.py writes the Erlang configuration files. **db**: __path__::: -// write description here + The directory where the database is stored. **https_cacertfile**: __path__::: -// write description here + Certificate chain for the **https_certfile** certificate. **https_certfile**: __path__::: -// write description here + Certificate for the internal API. **https_keyfile**: __path__::: -// write description here + Private key for the **https_certfile** certificate. **knownroots**: __path__::: -// write description here + A directory with the root certificates that are accepted by the log, one per file, in PEM format, with a .pem filename extension. **logprivatekey**: __path__::: -// write description here - - **logpublickey**: __path__::: -// write description here + Private key for the log. Used on signing nodes that don\'t use an HSM. **privatekeys**: __path__::: -// write description here + Directory with the private key for this node in a file named __**nodename**-private.pem__ **public_cacertfile**: __path__::: -// write description here + Certificate for the external API. **verifycert_bin**: __path__::: -// write description here + Path to verifycert.erl. Used on primary signing nodes. **publichttpaddress**: __ip-address__ (optional):: -// write description here + IP address and port for a non-HTTPS version of the external API, e.g. __10.0.0.1:80__. + Use this if you need a plain HTTP server, e.g. if you are using a reverse proxy to handle the external requests. **ratelimits**: :: + // write description here **add_chain**: __rate__::: -// write description here + Rate limiting of submissions to the log, formatted as "**frequency** per second|minute|hour", e.g. "10 per second". **signingaddress**: __ip-address__ (optional):: -// write description here + IP address and port for the signing internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__. **storageaddress**: __ip-address__ (optional):: -// write description here - + IP address and port for the storage internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__. |