summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/catlfish-node.cfg.5.adoc81
1 files changed, 49 insertions, 32 deletions
diff --git a/doc/catlfish-node.cfg.5.adoc b/doc/catlfish-node.cfg.5.adoc
index 2cbf596..dd0d48f 100644
--- a/doc/catlfish-node.cfg.5.adoc
+++ b/doc/catlfish-node.cfg.5.adoc
@@ -10,98 +10,115 @@ catlfish-node.cfg - catlfish node configuration
OPTIONS
-------
**configurl**: __url__::
-// write description here
+ URL to the global configuration file. The signature should be located at the same URL but with ".sig" appended. Handles http:, https:, and file: URL:s.
+ When using file: URL:s, the magic cookie `CURRENTWORKINGDIRECTORY` can be used to indicate the current working directory.
+ Example: `file:///CURRENTWORKINGDIRECTORY/myconfig.cfg` will refer to the file myconfig.cfg in the current directory.
**ctapiaddress**: __ip-address__ (optional)::
-// write description here
+ IP address and port for the external API if it is different from the global configuration, e.g. __10.0.0.1:443__.
**dbbackend**: **permdb**|**fsdb** (default: fsdb)::
-// write description here
+ The database backend that the node uses. **fsdb** uses plain files to store each database entry, using the database key as the filename.
+ **permdb** uses a commit-based append-only file and has much better performance.
**frontendaddress**: __ip-address__ (optional)::
+ IP address and port for the frontend internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.
+
+ **hsm**: ::
+
// write description here
+ **label**: __hsm-keyname__ (optional):::
+ The name of the key in your HSM.
+
+ **library**: __path__ (optional):::
+ Path to the HSM library
+
+ **pin**: __hsm-pin__ (optional):::
+ The PIN used to access your HSM. If the first character is `@`, the rest of the string is a file name containing the PIN.
+
+ **slot**: __hsm-slot__ (optional):::
+ The slot number the key is in.
+
**logadminkey**: __key__::
-// write description here
+ The key that signs the global configuration file. In BASE64.
**merge**: ::
-// write description here
+ Configuration variables for merge nodes. Used when the node is the primary merge node.
**backup-sendentries-chunksize**: __number-of-entries__:::
-// write description here
+ Maximum number of entries to send to a backup node in one API call.
**backup-sendlog-chunksize**: __number-of-entries__:::
-// write description here
+ Maximum number of entry hashes to send to a backup node in one API call.
**backup-window-size**: __number-of-entries__:::
-// write description here
+ Maximum number of entries to distribute to a backupp node before verifying that the backup node has received them properly.
**dist-sendentries-chunksize**: __number-of-entries__:::
-// write description here
+ Maximum number of entries to send to a frontend node in one API call.
**dist-sendlog-chunksize**: __number-of-entries__:::
-// write description here
+ Maximum number of entry hashes to send to a frontend node in one API call.
**dist-window-size**: __number-of-entries__:::
-// write description here
+ Maximum number of entries to distribute to a frontend node before making the frontend node verify them.
**min-delay**: __seconds__:::
-// write description here
+ The interval between two attempts to create an STH.
**mergeaddress**: __ip-address__ (optional)::
-// write description here
+ IP address and port for the merge internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.
**nodename**: __nodename__::
-// write description here
+ Name of the node.
**paths**: ::
// write description here
**configdir**: __path__:::
-// write description here
+ The directory where compileconfig.py writes the Erlang configuration files.
**db**: __path__:::
-// write description here
+ The directory where the database is stored.
**https_cacertfile**: __path__:::
-// write description here
+ Certificate chain for the **https_certfile** certificate.
**https_certfile**: __path__:::
-// write description here
+ Certificate for the internal API.
**https_keyfile**: __path__:::
-// write description here
+ Private key for the **https_certfile** certificate.
**knownroots**: __path__:::
-// write description here
+ A directory with the root certificates that are accepted by the log, one per file, in PEM format, with a .pem filename extension.
**logprivatekey**: __path__:::
-// write description here
-
- **logpublickey**: __path__:::
-// write description here
+ Private key for the log. Used on signing nodes that don\'t use an HSM.
**privatekeys**: __path__:::
-// write description here
+ Directory with the private key for this node in a file named __**nodename**-private.pem__
**public_cacertfile**: __path__:::
-// write description here
+ Certificate for the external API.
**verifycert_bin**: __path__:::
-// write description here
+ Path to verifycert.erl. Used on primary signing nodes.
**publichttpaddress**: __ip-address__ (optional)::
-// write description here
+ IP address and port for a non-HTTPS version of the external API, e.g. __10.0.0.1:80__.
+ Use this if you need a plain HTTP server, e.g. if you are using a reverse proxy to handle the external requests.
**ratelimits**: ::
+
// write description here
**add_chain**: __rate__:::
-// write description here
+ Rate limiting of submissions to the log, formatted as "**frequency** per second|minute|hour", e.g. "10 per second".
**signingaddress**: __ip-address__ (optional)::
-// write description here
+ IP address and port for the signing internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.
**storageaddress**: __ip-address__ (optional)::
-// write description here
-
+ IP address and port for the storage internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.