forked from corona-warn-app/cwa-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
application.yaml
102 lines (97 loc) · 3.1 KB
/
application.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
logging:
level:
org:
springframework:
web: INFO
app:
coronawarn: INFO
services:
submission:
# The initial value of the moving average for fake request delays.
initial-fake-delay-milliseconds: 10
# The number of samples for the calculation of the moving average for fake request delays.
fake-delay-moving-average-samples: 10
# The retention threshold for acceptable diagnosis keys during submission.
retention-days: 14
# The ApacheHttpClient's connection pool size.
connection-pool-size: 200
payload:
# The maximum number of keys accepted for any submission.
max-number-of-keys: 14
verification:
base-url: ${VERIFICATION_BASE_URL:http://localhost:8004}
path: /version/v1/tan/verify
monitoring:
# The batch size (number of requests) to use for monitoring request count.
batch-size: 5
spring:
jpa:
hibernate:
ddl-auto: validate
flyway:
enabled: true
locations: classpath:/db/migration, classpath:/db/specific/{vendor}
password: ${POSTGRESQL_PASSWORD_FLYWAY:local_setup_flyway}
user: ${POSTGRESQL_USER_FLYWAY:local_setup_flyway}
# Postgres configuration
datasource:
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://${POSTGRESQL_SERVICE_HOST}:${POSTGRESQL_SERVICE_PORT}/${POSTGRESQL_DATABASE}?ssl=true&sslmode=verify-full&sslrootcert=${SSL_POSTGRES_CERTIFICATE_PATH}&sslcert=${SSL_SUBMISSION_CERTIFICATE_PATH}&sslkey=${SSL_SUBMISSION_PRIVATE_KEY_PATH}
username: ${POSTGRESQL_USER_SUBMISSION:local_setup_submission}
password: ${POSTGRESQL_PASSWORD_SUBMISSION:local_setup_submission}
# Actuator configuration
management:
server:
port: 8081
endpoint:
metrics:
enabled: true
prometheus:
enabled: true
health:
group:
readiness:
include: db, verificationService
show-details: always
endpoints:
web:
exposure:
include: 'health, prometheus'
metrics:
export:
prometheus:
enabled: true
health:
probes:
enabled: true
client:
ssl:
key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store: ${SSL_SUBMISSION_KEYSTORE_PATH}
key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
verification:
trust-store: ${SSL_VERIFICATION_TRUSTSTORE_PATH}
trust-store-password: ${SSL_VERIFICATION_TRUSTSTORE_PASSWORD}
server:
ssl:
enabled: true
enabled-protocols: TLSv1.2,TLSv1.3
protocol: TLS
ciphers: >-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_CCM_SHA256
key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store: ${SSL_SUBMISSION_KEYSTORE_PATH}
key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store-provider: SUN
key-store-type: JKS