-
Notifications
You must be signed in to change notification settings - Fork 8
/
.env-dist
39 lines (34 loc) · 1.66 KB
/
.env-dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
THTTPD_TRAEFIK_HOST=thttpd.example.com
THTTPD_UID=54321
THTTPD_GID=54321
# Instance name is needed for dynamic router name (default is `default` if blank):
THTTPD_INSTANCE=
# Filter access by IP address source range (CIDR):
##Disallow all access: 0.0.0.0/32
##Allow all access: 0.0.0.0/0
THTTPD_IP_SOURCERANGE=0.0.0.0/0
# HTTP Basic Authentication:
# Use `make config` to fill this in properly, or set this to blank to disable.
THTTPD_HTTP_AUTH=
# OAUTH2
# Set to `true` to use OpenID/OAuth2 authentication via the
# traefik-forward-auth service in d.rymcg.tech.
# Using OpenID/OAuth2 will require login to access your app,
# but it will not affect what a successfully logged-in person can do in your
# app. If your app has built-in authentication and can check the user
# header that traefik-forward-auth sends, then your app can limit what the
# logged-in person can do in the app. But if your app can't check the user
# header, or if your app doesn't have built-in authentication at all, then
# any person with an account on your Gitea server can log into your app and
# have full access.
THTTPD_OAUTH2=
# In addition to Oauth2 authentication, you can configure basic authorization
# by entering which authorization group can log into your app. You create
# groups of email addresses in the `traefik` folder by running `make groups`.
THTTPD_OAUTH2_AUTHORIZED_GROUP=
# Mutual TLS (mTLS):
# Set true or false. If true, all clients must present a certificate signed by Step-CA:
THTTPD_MTLS_AUTH=false
# Enter a comma separated list of client domains allowed to connect via mTLS.
# Wildcards are allowed and encouraged on a per-app basis:
THTTPD_MTLS_AUTHORIZED_CERTS=*.clients.thttpd.example.com