forked from corona-warn-app/cwa-server
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathapplication.yaml
146 lines (141 loc) · 5.59 KB
/
application.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
logging:
level:
org:
springframework:
web: INFO
app:
coronawarn: INFO
com:
netflix:
config:
sources:
URLConfigurationSource: ERROR
services:
submission:
# The initial value of the moving average for fake request delays.
initial-fake-delay-milliseconds: 10
# The number of samples for the calculation of the moving average for fake request delays.
fake-delay-moving-average-samples: 10
# The retention threshold for acceptable diagnosis keys during submission.
retention-days: 14
# The number of keys to save to the DB for every real submitted key.
# Example: If the 'random-key-padding-multiplier' is set to 10, and 5 keys are being submitted,
# then the 5 real submitted keys will be saved to the DB, plus an additional 45 keys with
# random 'key_data'. All properties, besides the 'key_data', of the additional keys will be
# identical to the real key.
random-key-padding-multiplier: ${RANDOM_KEY_PADDING_MULTIPLIER:1}
# The number of checkins to save to the DB for every real submitted checkin.
# Same logic as described above for diagnosis keys
random-checkins-padding-multiplier: ${RANDOM_CHECKINS_PADDING_MULTIPLIER:1}
# Pepper used in generating fake location ids
random-checkins-padding-pepper: ${RANDOM_CHECKINS_PADDING_PEPPER}
# The number of checkins allowed to be saved in the DB for each day.
max-allowed-checkins-per-day: ${MAX_ALLOWED_CHECKINS_PER_DAY:20}
# The ApacheHttpClient's connection pool size.
connection-pool-size: 200
# The maximum request size accepted by the SubmissionController (e.g. 200B or 100KB).
maximum-request-size: ${MAXIMUM_REQUEST_SIZE:100KB}
# The maximum rolling period accepted by the SubmissionController (e.g. 144 (24 hours))
max-rolling-period: ${MAX_ROLLING_PERIOD:144}
# The minimum rolling period accepted by the SubmissionController (e.g. 1 (10 minutes))
min-rolling-period: ${MIN_ROLLING_PERIOD:1}
# The flag for unencrypted checkins used by the EventCheckinFacade.
unencrypted-checkins-enabled: ${UNENCRYPTED_CHECKINS_ENABLED:false}
payload:
# The maximum number of keys accepted for any submission.
max-number-of-keys: ${MAX_NUMBER_OF_KEYS:14}
# Country codes representing the list of countries which are allowed to be specified in the
# visitedCountries and originCountry field of a submission payload
# Comma separated country code values must be provided. The value must not end with ','
supported-countries: ${SUPPORTED_COUNTRIES}
# The default 'origin country' when not provided in submission payload
default-origin-country: ${ORIGIN_COUNTRY:DE}
checkins:
# Checkin data for events older than the number below are ignored by the system
accepted-event-date-threshold-days: ${DAYS_TO_PUBLISH:10}
verification:
base-url: ${VERIFICATION_BASE_URL:http://localhost:8004}
path: /version/v1/tan/verify
monitoring:
# The batch size (number of requests) to use for monitoring request count.
batch-size: 5
client:
ssl:
key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store: ${SSL_SUBMISSION_KEYSTORE_PATH}
key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
trust-store: ${SSL_VERIFICATION_TRUSTSTORE_PATH}
trust-store-password: ${SSL_VERIFICATION_TRUSTSTORE_PASSWORD}
spring:
lifecycle:
# keep in sync or lower than the kubernetes setting 'terminationGracePeriodSeconds'
# 5s +5s Feign client + 20s DB timeout
timeout-per-shutdown-phase: 30s
transaction:
default-timeout: 20
flyway:
enabled: true
locations: classpath:/db/migration, classpath:/db/specific/{vendor}
password: ${POSTGRESQL_PASSWORD_FLYWAY:local_setup_flyway}
user: ${POSTGRESQL_USER_FLYWAY:local_setup_flyway}
# Postgres configuration
datasource:
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://${POSTGRESQL_SERVICE_HOST}:${POSTGRESQL_SERVICE_PORT}/${POSTGRESQL_DATABASE}?ssl=true&sslmode=verify-full&sslrootcert=${SSL_POSTGRES_CERTIFICATE_PATH}&sslcert=${SSL_SUBMISSION_CERTIFICATE_PATH}&sslkey=${SSL_SUBMISSION_PRIVATE_KEY_PATH}
username: ${POSTGRESQL_USER_SUBMISSION:local_setup_submission}
password: ${POSTGRESQL_PASSWORD_SUBMISSION:local_setup_submission}
# Actuator configuration
management:
server:
port: 8081
endpoint:
metrics:
enabled: true
prometheus:
enabled: true
health:
group:
readiness:
include: db, verificationService
show-details: always
endpoints:
web:
exposure:
include: 'health, prometheus'
metrics:
export:
prometheus:
enabled: true
health:
probes:
enabled: true
server:
shutdown: graceful
ssl:
enabled: true
enabled-protocols: TLSv1.2+TLSv1.3
protocol: TLS
ciphers: >-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_CCM_SHA256
key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store: ${SSL_SUBMISSION_KEYSTORE_PATH}
key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD}
key-store-provider: SUN
key-store-type: JKS
feign:
client:
config:
default:
connect-timeout: 5000
read-timeout: 5000