-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfluree_server4.properties
189 lines (139 loc) · 8.91 KB
/
fluree_server4.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Fluree properties
# These settings are base properties that control how Fluree operates. All of these settings can
# be over-ridden by environment variables or passing a java property flags (i.e. -Dfdb-mode=dev) at startup.
# Environment variables take precedent over java property flags which take precedent over settings in this file.
############################################################
### Base Settings
# Main 'mode' to start this instance of Fluree in.
# Can be dev, query or ledger. Typically over-ride by environment variable passed at startup
fdb-mode=dev
# License key - needed for enterprise features
fdb-license-key=
fdb-encryption-secret=
############################################################
### Ledger Group Settings
# Multiple ledgers you control can work together as a group for both
# redundancy and to split database workloads.
# Consensus type = in-memory or raft (defaults to raft)
fdb-consensus-type=raft
# If this server is joining an existing network, list true (defaults to false)
fdb-join?=true
# When adding a new server, the number of rounds to wait for the server to sync its logs.
# If it is not synced in this amount of time, this server will not be added to the network
fdb-group-catch-up-rounds=10
# Main private key for ledger group.
# We will auto-generation one if not provided, and store it at fdb-group-private-key-file.
# Take care not to lose it, or generate a new one and use it instead by executing
# FlureeDB with the command :keygen
fdb-group-private-key=
# If fdb-group-private-key is not provided, we'll look for it in this file
# If not found in this file, we'll generate a default one and place it in this file
fdb-group-private-key-file=default-private-key.txt
# List all servers participating in ledger-group with format of server-id@host:port
# All tx-group servers should have this same config.
# Uses raft for communication, so total servers (n) can support (f) failures: n = 2f + 1,
# i.e. anything less than 3 servers can sustain no failures, 5 servers can sustain two failures.
# Specify which of the above listed server-ids is this server. Note this must be unique for every
# Server in the tx-group, and is likely easiest to supply this setting via environment variable
fdb-group-this-server=server4
# Tx group's internal communication timeout threshold. Will initiate a leader election between this
# value and 2x this value if the leader hasn't been heard from.
# Specify as number of milliseconds, or can use units as well such as 1000ms or 1s.
# Assuming your tx-group network is local, 1000-3000 ms is a good range. Adjust as needed to avoid unintended
# leader elections
fdb-group-timeout=2000
# Tx group leader will send out a heartbeat at this interval. By default, will be 1/2 of fdb-group-timeout
# This can never be less than fdb-group-timeout, and ideally should be 1/3 to 1/2 of that value.
# A number in milliseconds can be provided, or can be used with units such as 1000ms or 1s
fdb-group-heartbeat=
# Where to store index/block segments and log. Replicated on every machine if using "file".
# Current options are:
# - file - on-disk and replicated on every ledger
# - memory - stored in memory (useful for testing). Currently only supported for a single, centralized server. fdb-consensus-type must be set to 'in-memory'
fdb-storage-type=file
# Where to store tx-group raft log files and snapshots. These logs have fairly frequent disk access.
fdb-group-log-directory=data/group/
# A snapshot of the current group state will be taken after this many new commits. Larger values mean larger
# log files, small values mean lots of snapshots which can be time consuming for large networks.
# Ideally somewhere in the range of 100 to 1000.
fdb-group-snapshot-threshold=200
# Number of historic tx-group raft logs to keep around. Can be as low as 1. Historic logs take up disk
# space but can be useful for debugging if something goes wrong. High transactional volume servers
# may want to retain extra logs as there will be more frequent rotation
fdb-group-log-history=5
# For file storage, specify directory to place ledger (blockchain) and db indexes
fdb-storage-file-directory=data/ledger/
# Total memory cache of index segments across all databases. This setting can be changed per-ledger.
fdb-memory-cache=200mb
# These settings apply per-database, make sure all ledgers and query peers have at least this
# much memory * number of databases you expect to be active on those servers. This setting must be
# consistent across the entire ledger group.
fdb-memory-reindex=1mb
fdb-memory-reindex-max=2mb
# How frequently to report out stats as a log entry in milliseconds, or can use shorthand
# like 2m for two minutes, 45s for 45 seconds.
fdb-stats-report-frequency=1m
############################################################
### HTTP API port
# Port in which the query peers will respond to API calls from clients
fdb-api-port=8094
# If fdb-api-open is true, will allow full access on above port for any request and will
# utilize default auth identity to regulate query/read permissions. If false, every request
# must be signed, and the auth id associated with the signature will determine query/read permissions.
fdb-api-open=true
############################################################
### Password authentication
## This is used to allow private keys to be derived from string passwords.
## This is not as secure as users maintaining their own unique private keys
## however it adds more convenience for enterprise apps using Fluree
## as their primary transaction store and who desire password authentication
# Set to true to enable pw-auth, false to disable it.
# This defaults to true, but will only work if there is a signing key for
# transactions. (which can be a default key with root access which exists
# when first starting Fluree, or can be explicitly set below with
# `fdb-pw-auth-signing-key`). If the root private
# key no longer exists or has permission, effectively this feature is disabled
# from any new activity. If you want if off always, set to 'false' below.
fdb-pw-auth-enable=true
# Required for password auth.
# This secret is used to generate a HMAC signature that is used by
# scrypt to generate a valid private key. Every auth record uses
# a unique salt ensuring different private keys for identical passwords.
# A server must have permission to access to the salt (stored in the _auth record)
# to successfully regenerate a private key - along with the normalized password and
# the following secret. Without all 3 elements, the private key cannot be regenerated.
fdb-pw-auth-secret=fluree
# Maximum allowed expiration time per JWT token in milliseconds.
# Blank means any amount of time is valid. (86400000 ms in 24 hours, 31536000000 in 1 year)
fdb-pw-auth-jwt-max-exp=1y
# If renewal JWT tokens are allowed (blank if not allowed), maximum time from initial issuance
# a token can be renewed for in ms. To make this 'forever', use the maximum long value (9223372036854775807).
# For example, if you had a JWT token that expires after 120 seconds, but want to allow an active user
# to not be challenged for a password for up to 1 day, enter "1d" here and an unexpired token can be renewed
# as many times as desired (swapped for an 'fresh' token) so long as the original token issued from the
# password was less then this time period ago.
fdb-pw-auth-jwt-max-renewal=1y
# JWT tokens issued are secured with this secret. If empty, will
# default to use fdb-pw-auth-secret
fdb-pw-auth-jwt-secret=
# A valid Fluree private key with proper permissions must be used to sign
# any new transaction where new password auth records are created. If a
# default root key still exists and has proper permission, that will be used by default.
fdb-pw-auth-signing-key=
############################################################
### Decentralized Ledgers
# External port to expose for external ledger communication. If using a ledger group behind a
# load balancer then this should be consistent across the ledger group.
# i.e. fdb-ledger-port=9795
fdb-ledger-port=
# List each auth identity private key at each network and/or database you are participating in.
# Format is private-key1@network/db,private-key2@network/db2 where the db is optional and multiple
# dbs or networks are separated by commas. If only a network is specified, the private key will be used
# as a default for all databases on that network and it is assumed this server is participating with every database.
# i.e. fdb-ledger-private-keys=53ab638dd26d02d95214f58eb5df0b086baba584c66f6ae5b8574d722c6bc3f3@networka/dbname
fdb-ledger-private-keys=
# List of seed servers to contact for each network/db. Like fdb-ledger-identities, the db is optional.
# Every network/db + server address combination should be separated by a comma
fdb-ledger-servers=