-
Notifications
You must be signed in to change notification settings - Fork 80
/
config.json
283 lines (205 loc) · 16.6 KB
/
config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
// Note: C++/JavaScript-style single and multi-line comments are permitted and ignored in nmos-cpp config files
// Configuration settings and defaults
{
// Configuration settings and defaults for logging
// error_log [registry, node]: filename for the error log or an empty string to write to stderr
//"error_log": "",
// access_log [registry, node]: filename for the access log (in Common Log Format) or an empty string to discard
//"access_log": "",
// logging_level [registry, node]: integer value, between 40 (least verbose, only fatal messages) and -40 (most verbose)
//"logging_level": 0,
// logging_categories [registry, node]: array of logging categories to be included in the error log
//"logging_categories": ["send_query_ws_events"],
// Configuration settings and defaults for the NMOS APIs
// host_name [registry, node]: the fully-qualified host name for which to advertise services, also used to construct response headers and fields in the data model
//"host_name": "", // when omitted or an empty string, the default is used
// domain [registry, node]: the domain on which to browse for services or an empty string to use the default domain (specify "local." to explictly select mDNS)
//"domain": "",
// host_address/host_addresses [registry, node]: IP addresses used to construct response headers (e.g. 'Link' or 'Location'), and host and URL fields in the data model
//"host_address": "127.0.0.1",
//"host_addresses": array-of-ip-address-strings,
// is04_versions [registry, node]: used to specify the enabled API versions (advertised via 'api_ver') for a version-locked configuration
//"is04_versions": ["v1.2", "v1.3"],
// is09_versions [registry, node]: used to specify the enabled API versions (advertised via 'api_ver') for a version-locked configuration
//"is09_versions": ["v1.0"],
// is10_versions [registry, node]: used to specify the enabled API versions for a version-locked configuration
//"is10_versions": ["v1.0"],
// pri [registry, node]: used for the 'pri' TXT record; specifying nmos::service_priorities::no_priority (maximum value) disables advertisement completely
//"pri": 100,
// authorization_highest_pri, authorization_lowest_pri [registry, node]: used to specify the (inclusive) range of suitable 'pri' values of discovered Authorization APIs, to avoid development and live systems colliding
//"authorization_highest_pri": 0,
//"authorization_lowest_pri": 2147483647,
// discovery_backoff_min/discovery_backoff_max/discovery_backoff_factor [registry, node]: used to back-off after errors interacting with all discoverable service instances
// e.g. Registration APIs, System APIs, Authorization APIs, or OCSP servers
//"discovery_backoff_min": 1,
//"discovery_backoff_max": 30,
//"discovery_backoff_factor": 1.5,
// service_name_prefix [registry, node]: used as a prefix in the advertised service names ("<prefix>_<api>_<host>:<port>", e.g. "nmos-cpp_node_127-0-0-1:3212")
//"service_name_prefix": "nmos-cpp"
// port numbers [registry, node]: ports to which clients should connect for each API
// http_port [registry, node]: if specified, this becomes the default port for each HTTP API and the next higher port becomes the default for each WebSocket API
//"http_port": 0,
//"query_port": 3211,
//"query_ws_port": 3213,
//"registration_port": 3210,
//"node_port": 3212,
//"system_port": 10641,
// listen_backlog [registry, node]: the maximum length of the queue of pending connections, or zero for the implementation default (the implementation may not honour this value)
//"listen_backlog": 0,
// registration_heartbeat_interval [registry, node]:
// [registry]: used in System API resource is04 object's heartbeat_interval field
// "Constants related to the AMWA IS-04 Discovery and Registration Specification are contained in the is04 object.
// heartbeat_interval defines how often Nodes should perform a heartbeat to maintain their resources in the Registration API."
// See https://specs.amwa.tv/is-09/releases/v1.0.0/docs/4.2._Behaviour_-_Global_Configuration_Parameters.html#amwa-is-04-nmos-discovery-and-registration-parameters
//"registration_heartbeat_interval": 5,
// registration_expiry_interval [registry]:
// "Registration APIs should use a garbage collection interval of 12 seconds by default (triggered just after two failed heartbeats at the default 5 second interval)."
// See https://specs.amwa.tv/is-04/releases/v1.2.0/docs/4.1._Behaviour_-_Registration.html#heartbeating
//"registration_expiry_interval": 12,
// query_paging_default/query_paging_limit [registry]: default/maximum number of results per "page" when using the Query API (a client may request a lower limit)
//"query_paging_default": 10,
//"query_paging_limit": 100,
// ptp_announce_receipt_timeout [registry]: number of PTP announce intervals that must pass before declaring timeout, between 2 and 10 inclusive (default is 3, as per SMPTE ST 2059-2)
//"ptp_announce_receipt_timeout": 3,
// ptp_domain_number [registry]: the PTP domain number, between 0 and 127 (default is 127, as per SMPTE ST 2059-2)
//"ptp_domain_number": 127,
// Configuration settings and defaults for experimental extensions
// seed id [registry, node]: optional, used to generate repeatable id values when running with the same configuration
//"seed_id": uuid-string,
// label [registry, node]: used in resource label field
//"label": "",
// description [registry, node]: used in resource description field
//"description": "",
// registration_available [registry]: used to flag the Registration API as temporarily unavailable
//"registration_available": true,
// allow_invalid_resources [registry]: boolean value, true (attempt to ignore schema validation errors and cope with out-of-order registrations) or false (default)
//"allow_invalid_resources": false,
// port numbers [registry, node]: ports to which clients should connect for each API
// see http_port
//"settings_port": 3209,
//"logging_port": 5106,
// port numbers [registry]: ports to which clients should connect for each API
// see http_port
//"admin_port": 3208,
//"mdns_port": 3208,
//"schemas_port": 3208,
// addresses [registry, node]: IP addresses on which to listen for each API, or empty string for the wildcard address
// server_address [registry, node]: if specified, this becomes the default address on which to listen for each API instead of the wildcard address
//"server_address": "",
// addresses [registry, node]: IP addresses on which to listen for specific APIs
//"settings_address": "127.0.0.1",
//"logging_address": "",
// addresses [registry]: IP addresses on which to listen for specific APIs
//"admin_address": "",
//"mdns_address": "",
//"schemas_address": "",
// client_address [registry, node]: IP address of the network interface to bind client connections
// for now, only supporting HTTP/HTTPS client connections on Linux
//"client_address": "",
// query_ws_paging_default/query_ws_paging_limit [registry]: default/maximum number of events per message when using the Query WebSocket API (a client may request a lower limit)
//"query_ws_paging_default": 10,
//"query_ws_paging_limit": 100,
// logging_limit [registry, node]: maximum number of log events cached for the Logging API
//"logging_limit": 1234,
// logging_paging_default/logging_paging_limit [registry, node]: default/maximum number of results per "page" when using the Logging API (a client may request a lower limit)
//"logging_paging_default": 100,
//"logging_paging_limit": 100,
// http_trace [registry, node]: whether server should enable (default) or disable support for HTTP TRACE
//"http_trace": true,
// proxy_map [registry, node]: mapping between the port numbers to which the client connects, and the port numbers on which the server should listen, if different
// for use with a reverse proxy; each element of the array is an object like { "client_port": 80, "server_port": 8080 }
//"proxy_map": array-of-mappings,
// proxy_address [registry, node]: address of the forward proxy to use when making HTTP requests or WebSocket connections, or an empty string for no proxy
//"proxy_address": "127.0.0.1",
// proxy_port [registry, node]: forward proxy port
//"proxy_port": 8080,
// href_mode [registry, node]: whether the host name (1), addresses (2) or both (3) are used to construct response headers, and host and URL fields in the data model
//"href_mode": 1,
// client_secure [registry, node]: whether clients should use a secure connection for communication (https and wss)
// when true, CA root certificates must also be configured
//"client_secure": false,
// ca_certificate_file [registry, node]: full path of certification authorities file in PEM format
// on Windows, if C++ REST SDK is built with CPPREST_HTTP_CLIENT_IMPL=winhttp (reported as "client=winhttp" by nmos::get_build_settings_info)
// the trusted root CA certificates must also be imported into the certificate store
//"ca_certificate_file": "ca.pem",
// server_secure [registry, node]: whether server should listen for secure connection for communication (https and wss)
// e.g. typically false when using a reverse proxy, or the same as client_secure otherwise
// when true, server certificates etc. must also be configured
//"server_secure": false,
// server_certificates [registry, node]: an array of server certificate objects, each has the name of the key algorithm, the full paths of private key file and certificate chain file
// each value must be an object like { "key_algorithm": "ECDSA", "private_key_file": "server-ecdsa-key.pem", "certificate_chain_file": "server-ecdsa-chain.pem" }
// key_algorithm (attribute of server_certificates objects): name of the key algorithm for the certificate, see nmos::key_algorithm
// private_key_file (attribute of server_certificates objects): full path of private key file in PEM format
// certificate_chain_file (attribute of server_certificates object): full path of certificate chain file in PEM format, which must be sorted
// starting with the server's certificate, followed by any intermediate CA certificates, and ending with the highest level (root) CA
// on Windows, if C++ REST SDK is built with CPPREST_HTTP_LISTENER_IMPL=httpsys (reported as "listener=httpsys" by nmos::get_build_settings_info)
// one of the certificates must also be bound to each port e.g. using 'netsh add sslcert'
//"server_certificates": [{"key_algorithm": "ECDSA", "private_key_file": "server-ecdsa-key.pem", "certificate_chain_file": "server-ecdsa-chain.pem"}, {"key_algorithm": "RSA", "private_key_file": "server-rsa-key.pem", "certificate_chain_file": "server-rsa-chain.pem"}],
// validate_certificates [registry, node]: boolean value, false (ignore all server certificate validation errors), or true (do not ignore, the default behaviour)
//"validate_certificates": true,
// dh_param_file [registry, node]: Diffie-Hellman parameters file in PEM format for ephemeral key exchange support, or empty string for no support
//"dh_param_file": "dhparam.pem",
// system_label [registry]: used in System API resource label field
//"system_label": "",
// system_description [registry]: used in System API resource description field
//"system_description": "",
// system_tags [registry]: used in System API resource tags field
// "Each tag has a single key, but MAY have multiple values."
// {
// "tag_1": [ "tag_1_value_1", "tag_1_value_2" ],
// "tag_2": [ "tag_2_value_1" ]
// }
// See https://specs.amwa.tv/is-09/releases/v1.0.0/docs/2.1._APIs_-_Common_Keys.html#tags
//"system_tags": {},
// "syslog contains hostname and port for the system's syslog "version 1" server using the UDP transport (IETF RFC 5246)"
// See https://specs.amwa.tv/is-09/releases/v1.0.0/docs/4.2._Behaviour_-_Global_Configuration_Parameters.html#syslog-parameters
// system_syslog_hostname [registry]: the fully-qualified host name or the IP address of the system's syslog "version 1" server
//"system_syslog_hostname": "",
// system_syslog_port [registry]: the port number for the system's syslog "version 1" server
//"system_syslog_port": 514,
// "syslogv2 contains hostname and port for the system's syslog "version 2" server using the TLS transport (IETF RFC 5245)"
// See https://specs.amwa.tv/is-09/releases/v1.0.0/docs/4.2._Behaviour_-_Global_Configuration_Parameters.html#syslog-parameters
// system_syslogv2_hostname [registry]: the fully-qualified host name or the IP address of the system's syslog "version 2" server
//"system_syslogv2_hostname": "",
// system_syslogv2_port [registry]: the port number for the system's syslog "version 2" server
//"system_syslogv2_port": 6514,
// hsts_max_age [registry, node]: the HTTP Strict-Transport-Security response header's max-age value; default is approximately 365 days
// (the header is omitted if server_secure is false, or hsts_max_age is negative)
// See https://tools.ietf.org/html/rfc6797#section-6.1.1
//"hsts_max_age": 31536000,
// hsts_include_sub_domains [registry, node]: the HTTP Strict-Transport-Security HTTP response header's includeSubDomains value
// See https://tools.ietf.org/html/rfc6797#section-6.1.2
//"hsts_include_sub_domains": false,
// ocsp_interval_min/ocsp_interval_max [registry, node]: used to poll for certificate status (OCSP) changes; default is about one hour
// Note that if half of the server certificate expiry time is shorter, then the ocsp_interval_min/max will be overridden by it
//"ocsp_interval_min": 3600,
//"ocsp_interval_max": 3660,
// ocsp_request_max [registry, node]: timeout for interactions with the OCSP server
//"ocsp_request_max": 30,
// authorization_address [registry, node]: IP address or host name used to construct request URLs for the Authorization API (if not discovered via DNS-SD)
//"authorization_address": ip-address-string,
// authorization_port [registry, node]: used to construct request URLs for the authorization server's Authorization API (if not discovered via DNS-SD)
//"authorization_port" 443,
// authorization_version [registry, node]: used to construct request URLs for Authorization API (if not discovered via DNS-SD)
//"authorization_version": "v1.0",
// authorization_selector [registry, node]: used to construct request URLs for the authorization API (if not discovered via DNS-SD)
//"authorization_selector", "",
// authorization_request_max [registry, node]: timeout for interactions with the Authorization API /certs & /token endpoints
//"authorization_request_max": 30,
// fetch_authorization_public_keys_interval_min/fetch_authorization_public_keys_interval_max [registry, node]: used to poll for Authorization API public keys changes; default is about one hour
// "Resource Servers (Nodes) SHOULD seek to fetch public keys from the Authorization Server at least once every hour. Resource Servers MUST vary their retrieval
// interval at random by up to at least one minute to avoid overloading the Authorization Server due to Resource Servers synchronising their retrieval time."
// See https://specs.amwa.tv/is-10/releases/v1.0.0/docs/4.1._Behaviour_-_Authorization_Servers.html#authorization-server-public-keys
//"fetch_authorization_public_keys_interval_min": 3600,
//"fetch_authorization_public_keys_interval_max": 3660,
// server_authorization [registry, node]: whether server should use authorization to protect its APIs
//"server_authorization": false,
// retry_after [registry, node]: used to specify the HTTP Retry-After header to indicate the number of seconds when the client may retry its request again, default to 5 seconds
// "Where a Resource Server has no matching public key for a given token, it SHOULD attempt to obtain the missing public key via the the token iss
// claim as specified in RFC 8414 section 3. In cases where the Resource Server needs to fetch a public key from a remote Authorization Server it
// MAY temporarily respond with an HTTP 503 code in order to avoid blocking the incoming authorized request. When a HTTP 503 code is used, the Resource
// Server SHOULD include an HTTP Retry-After header to indicate when the client may retry its request.
// If the Resource Server fails to verify a token using all public keys available it MUST reject the token."
//"service_unavailable_retry_after": 5,
"don't worry": "about trailing commas"
}