# Which URL are we accessible at? This is used to determine the redirect URL # and some user-accessible URLs. url http://localhost:5555 # Should we run in production mode? This causes the Secure flag to be set on # cookies and may come with other production-related changes in the future. prod false listen { # Which protocol are we listening for? Currently only "http" is # supported because it is difficult to configure FastCGI to work with # WebSockets. proto http # Which network backend should we use? This is usually set to "tcp" # for plain TCP, and "unix" for UNIX domain sockets. net tcp # What is the address we should listen at? This is usually set to # something like ":5555" for TCP on all interfaces, and a file path for # UNIX domain sockets. addr 127.0.0.1:5555 # Which transport should we use? Currently only "plain" and "tls" are # supported. trans plain # If "trans" is set to "tls", this block must be configured: tls { # Where is the file containing the TLS certificate? You should # use a certificate that includes the entire CA chain, which # should usually be called "fullchain.pem" for certificates # obtained from LE. cert /etc/letsencrypt/live/cca.runxiyu.org/fullchain.pem # Where is the file containing the TLS private key? key /etc/letsencrypt/live/cca.runxiyu.org/privkey.pem } } db { # What type of database should we use? Currently, only "postgres" is # supported. type postgres # What is the connection string to database? # Example: postgresql:///cca?host=/var/run/postgresql conn postgresql:///cca?host=/var/run/postgresql } auth { # What is our OAUTH2 client ID? client e8101cb5-84a3-49d7-860b-e5a75e63219a # What is the OAUTH 2.0 authorize endpoint? authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize # What is the OAUTH 2.0 token endpoint? token https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/token # What is the URL to the JSON Web Key Set? jwks https://login.microsoftonline.com/common/discovery/keys # What is the client secret? Certificates are not supported yet. secret something # How long, in seconds, should cookies last? expr 604800 } # The following block contains some tweaks for performance. perf { # How many arguments' space should we initially allocate for each # message? msg_args_cap 4 # How many bytes should we initially allocate for each argument in a # message? msg_bytes_cap 5 # How long should we wait to complete reading HTTP headers, before we # time out? Note that a large value may cause the server to be # vulnerable to Slow Loris attacks. read_header_timeout 5 # The number propagation interval per course per connection is # ((course count * connection count) >> usem_delay_shift_bits) # milliseconds. You may configure it here. A smaller value (i.e. longer # delay) could cause more latency in how the numbers update, but a # larger value (i.e. shorter delay) could cause too much lock # contention and degrade the system usability overall. usem_delay_shift_bits 5 # Should we send a course's member count to a user as soon as they # choose the course? Setting this to true may provide a better # user experience but would have a major performance impact. propagate_immediate true # How long should the send queue be, for messages sequentially # propagated through a queue, rather than usems? senq 10 } # Minimum course requirements for each year group req { y9 { sport 2 non_sport 1 } y10 { sport 2 non_sport 1 } y11 { sport 1 non_sport 1 } y12 { sport 1 non_sport 1 } }