kore.conf
The configuration file of an application describes to Kore what modules to load, how validators work, what page handlers to map to which functions and more.
Therefore it is an integral part of Kore as a whole.
Server context
A server context sets up a one or more listeners for the Kore server. These listeners can either be ipv4/ipv6 addresses or unix sockets.
The old bind and bind_unix configuration options have been migrated since Kore 4.0.0 to these server contexts.
You can also turn off TLS in a server context by specifying the tls no option inside of a context.
Example:
server tls {
bind 127.0.0.1 443
bind ::1 443
bind_unix /var/run/socket.path
bind_unix @linux-abstract-socket
}
server notls {
bind 127.0.0.1 80
tls no
}
Configuration options.
There are more options than what is listed below, specifically for validators, authentication blocks and domains. Please find those in https://github.com/jorisvink/kore/blob/master/conf/kore.conf.example.
Configuration option | Description |
---|---|
root | The root path in which the Kore server runs (either via chroot or chdir). If not set, the current working directory. |
runas | The user the worker processes will run as. If not set, the current user. |
workers | The number of worker processes to use. If not set, the number of CPU cores in the system. |
worker_max_connections | The maximum number of active connections a worker process holds before refusing to accept more. |
worker_rlimit_nofiles | The maximum number of open file descriptor per worker. |
worker_accept_threshold | The maximum number of new connections to accept in a single event loop. |
worker_death_policy | The death policy for a worker, "restart" by default. If set to "terminate" will cause the Kore server to shutdown on abnormal worker termination. |
worker_set_affinity | Worker CPU affinity (0 or 1, default 1). |
pidfile | The path to a file in which the server will write the PID for the parent process. |
socket_backlog | The number of pending connections. |
tls_version | The TLS version to use (default: both, 1.2 for TLSv1.2 only and 1.3 for TLSv1.3 only). |
tls_cipher | OpenSSL ciphersuite list to use. Defaults to a very sane list with only AEAD ciphers and ephemeral key exchanges. |
tls_dhparam | Path to DH parameters for the server to use. |
rand_file | Path to a 2048 byte file containing entropy used to seed the PRNG. |
keymgr_runas | The user the keymgr process will run as. If not set, the current user. |
keymgr_root | The root path for the keymgr process. If not set, inherited from the root option. |
acme_runas | The user the acme process will run as. If not set, the current user. |
acme_root | The root path for the acme process. If not set, inherited from the root option. |
acme_email | An email address used for account registration. |
acme_provider | A URL to the directory for an ACME provider. Defaults to Let's Encrypt. |
pledge | OpenBSD only, pledge categories for the worker processes. |
seccomp_tracing | Linux only, seccomp violations will be logged and not cause the process to terminate. Either "yes" or "no". |
filemap_ext | The default extension for files in a filemap. |
filemap_index | The root file in a filemap. (eg index.html). |
http_media_type | Add a new HTTP media type (in the form of "mediatype ext1 ext2 ext"). |
http_header_max | The maximum number of bytes HTTP headers can consist of. If a request comes in with headers larger than this the connection is closed. Defaults to 4096 bytes. |
http_header_timeout | The number of seconds after which Kore will close a connection if no HTTP headers were received. Defaults to 10. |
http_body_max | The maximum number of bytes an HTTP body can consist of. If a request comes in with a body larger than this the connection is closed with a 413 response. Defaults to 1MB. |
http_body_timeout | The number of seconds after which Kore will close a connection if no HTTP body was received in full. Defaults to 60. |
http_body_disk_offload | The number in bytes from which point Kore will offload incoming HTTP bodies onto a file on disk instead of keeping it in memory. Disabled by default. |
http_body_disk_path | A path where the temporary body files are written if the http_body_disk_offload setting is enabled. |
http_server_version | Allows you to override the Kore server header. |
http_pretty_error | If set to "yes" will display HTML based HTTP error codes. Defaults to "no". |