kore.conf

The configuration file of an application describes to Kore what modules to load, how validators work, what page handlers to map to which functions and more.

Therefore it is an integral part of Kore as a whole.

Server context

A server context sets up a one or more listeners for the Kore server. These listeners can either be ipv4/ipv6 addresses or unix sockets.

The old bind and bind_unix configuration options have been migrated since Kore 4.0.0 to these server contexts.

You can also turn off TLS in a server context by specifying the tls no option inside of a context.

Example:

server tls {
    bind 127.0.0.1 443
    bind ::1 443
    bind_unix /var/run/socket.path
    bind_unix @linux-abstract-socket
}

server notls {
    bind 127.0.0.1 80
    tls no
}

Configuration options.

There are more options than what is listed below, specifically for validators, authentication blocks and domains. Please find those in https://github.com/jorisvink/kore/blob/master/conf/kore.conf.example.


Configuration option Description
root The root path in which the Kore server runs (either via chroot or chdir). If not set, the current working directory.
runas The user the worker processes will run as. If not set, the current user.
workers The number of worker processes to use. If not set, the number of CPU cores in the system.
worker_max_connections The maximum number of active connections a worker process holds before refusing to accept more.
worker_rlimit_nofiles The maximum number of open file descriptor per worker.
worker_accept_threshold The maximum number of new connections to accept in a single event loop.
worker_death_policy The death policy for a worker, "restart" by default. If set to "terminate" will cause the Kore server to shutdown on abnormal worker termination.
worker_set_affinity Worker CPU affinity (0 or 1, default 1).
pidfile The path to a file in which the server will write the PID for the parent process.
socket_backlog The number of pending connections.
tls_version The TLS version to use (default: both, 1.2 for TLSv1.2 only and 1.3 for TLSv1.3 only).
tls_cipher OpenSSL ciphersuite list to use. Defaults to a very sane list with only AEAD ciphers and ephemeral key exchanges.
tls_dhparam Path to DH parameters for the server to use.
rand_file Path to a 2048 byte file containing entropy used to seed the PRNG.
keymgr_runas The user the keymgr process will run as. If not set, the current user.
keymgr_root The root path for the keymgr process. If not set, inherited from the root option.
acme_runas The user the acme process will run as. If not set, the current user.
acme_root The root path for the acme process. If not set, inherited from the root option.
acme_email An email address used for account registration.
acme_provider A URL to the directory for an ACME provider. Defaults to Let's Encrypt.
pledge OpenBSD only, pledge categories for the worker processes.
seccomp_tracing Linux only, seccomp violations will be logged and not cause the process to terminate. Either "yes" or "no".
filemap_ext The default extension for files in a filemap.
filemap_index The root file in a filemap. (eg index.html).
http_media_type Add a new HTTP media type (in the form of "mediatype ext1 ext2 ext").
http_header_max The maximum number of bytes HTTP headers can consist of. If a request comes in with headers larger than this the connection is closed. Defaults to 4096 bytes.
http_header_timeout The number of seconds after which Kore will close a connection if no HTTP headers were received. Defaults to 10.
http_body_max The maximum number of bytes an HTTP body can consist of. If a request comes in with a body larger than this the connection is closed with a 413 response. Defaults to 1MB.
http_body_timeout The number of seconds after which Kore will close a connection if no HTTP body was received in full. Defaults to 60.
http_body_disk_offload The number in bytes from which point Kore will offload incoming HTTP bodies onto a file on disk instead of keeping it in memory. Disabled by default.
http_body_disk_path A path where the temporary body files are written if the http_body_disk_offload setting is enabled.
http_server_version Allows you to override the Kore server header.
http_pretty_error If set to "yes" will display HTML based HTTP error codes. Defaults to "no".

results matching ""

    No results matching ""