Update docs
[?]
Jul 23, 2021, 3:12 AM
Q2E4J3PHH4RVCS2WOOUCUZ6BVH6IP56Z7AGLDP7UUPXXPYZBTP2ACDependencies
- [2]
632K26XVdoc/manual/src/installation.md: give a conf syntax type - [3]
3JXCTKECAdd markdown files for documentation - [4]
5DXGOH6Qstatsd: add a chance to set hostname and port in hydra.conf - [5]
L4JYZ7BMdoc: switch shell session code blocks to `console` type.
Change contents
- edit in doc/manual/src/SUMMARY.md at line 5
- [Configuration](configuration.md) - file addition: configuartion.md[3.99]
Configuration=============This chapter is a collection of configuration snippets for differentscenarios.Including files---------------`hydra.conf` supports Apache-style includes. This is **IMPORTANT**because that is how you keep your **secrets** out of the **Nix store**.Hopefully this got your attention 😌This:```<github_authorization>NixOS = Bearer gha-secret😱secret😱secret😱</github_authorization>```should **NOT** be in `hydra.conf`.`hydra.conf` is rendered in the Nix store and is therefore world-readable.Instead, the above should be written to a file outside the Nix store byother means (manually, using Nixops' secrets feature, etc) and includedlike so:```Include github_authorizations.conf```Note that the included files must be relative to `hydra.conf` (not absolute).Serving behind reverse proxy----------------------------To serve hydra web server behind reverse proxy like *nginx* or *httpd*some additional configuration must be made.Edit your `hydra.conf` file in a similar way to this example:```confusing_frontend_proxy 1base_uri example.com````base_uri` should be your hydra servers proxied URL. If you are usingHydra nixos module then setting `hydraURL` option should be enough.If you want to serve Hydra with a prefix path, for example[http://example.com/hydra]() then you need to configure your reverseproxy to pass `X-Request-Base` to hydra, with prefix path as value. Forexample if you are using nginx, then use configuration similar tofollowing:server {listen 433 ssl;server_name example.com;.. other configuration ..location /hydra/ {proxy_pass http://127.0.0.1:3000;proxy_redirect http://127.0.0.1:3000 https://example.com/hydra;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Request-Base /hydra;}}Statsd Configuration--------------------By default, Hydra will send stats to statsd at `localhost:8125`. Point Hydra to a different server via:```<statsd>host = alternative.hostport = 18125</statsd>```Using LDAP as authentication backend (optional)-----------------------------------------------Instead of using Hydra\'s built-in user management you can optionallyuse LDAP to manage roles and users.The `hydra-server` accepts the environment variable*HYDRA\_LDAP\_CONFIG*. The value of the variable should point to a validYAML file containing the Catalyst LDAP configuration. The format of theconfiguration file is describe in the[*Catalyst::Authentication::Store::LDAP*documentation](https://metacpan.org/pod/Catalyst::Authentication::Store::LDAP#CONFIGURATION-OPTIONS).An example is given below.Roles can be assigned to users based on their LDAP group membership(*use\_roles: 1* in the below example). For a user to have the role*admin* assigned to them they should be in the group *hydra\_admin*. Ingeneral any LDAP group of the form *hydra\_some\_role* (notice the*hydra\_* prefix) will work.credential:class: Passwordpassword_field: passwordpassword_type: self_checkstore:class: LDAPldap_server: localhostldap_server_options.timeout: 30binddn: "cn=root,dc=example"bindpw: notapasswordstart_tls: 0start_tls_optionsverify: noneuser_basedn: "ou=users,dc=example"user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"user_scope: oneuser_field: cnuser_search_options:deref: alwaysuse_roles: 1role_basedn: "ou=groups,dc=example"role_filter: "(&(objectClass=groupOfNames)(member=%s))"role_scope: onerole_field: cnrole_value: dnrole_search_options:deref: always - edit in doc/manual/src/installation.md at line 166[3.12652]→[3.12652:12891](∅→∅),[3.12891]→[2.0:8](∅→∅),[2.8]→[3.1113:1161](∅→∅),[3.1113]→[3.1113:1161](∅→∅),[3.1161]→[3.12943:13942](∅→∅),[3.12943]→[3.12943:13942](∅→∅),[3.13942]→[3.0:217](∅→∅),[3.217]→[3.13942:15610](∅→∅),[3.13942]→[3.13942:15610](∅→∅)
Serving behind reverse proxy----------------------------To serve hydra web server behind reverse proxy like *nginx* or *httpd*some additional configuration must be made.Edit your `hydra.conf` file in a similar way to this example:```confusing_frontend_proxy 1base_uri example.com````base_uri` should be your hydra servers proxied URL. If you are usingHydra nixos module then setting `hydraURL` option should be enough.If you want to serve Hydra with a prefix path, for example[http://example.com/hydra]() then you need to configure your reverseproxy to pass `X-Request-Base` to hydra, with prefix path as value. Forexample if you are using nginx, then use configuration similar tofollowing:server {listen 433 ssl;server_name example.com;.. other configuration ..location /hydra/ {proxy_pass http://127.0.0.1:3000;proxy_redirect http://127.0.0.1:3000 https://example.com/hydra;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Request-Base /hydra;}}Statsd Configuration--------------------By default, Hydra will send stats to statsd at `localhost:8125`. Point Hydra to a different server via:```<statsd>host = alternative.hostport = 18125</statsd>```Using LDAP as authentication backend (optional)-----------------------------------------------Instead of using Hydra\'s built-in user management you can optionallyuse LDAP to manage roles and users.The `hydra-server` accepts the environment variable*HYDRA\_LDAP\_CONFIG*. The value of the variable should point to a validYAML file containing the Catalyst LDAP configuration. The format of theconfiguration file is describe in the[*Catalyst::Authentication::Store::LDAP*documentation](https://metacpan.org/pod/Catalyst::Authentication::Store::LDAP#CONFIGURATION-OPTIONS).An example is given below.Roles can be assigned to users based on their LDAP group membership(*use\_roles: 1* in the below example). For a user to have the role*admin* assigned to them they should be in the group *hydra\_admin*. Ingeneral any LDAP group of the form *hydra\_some\_role* (notice the*hydra\_* prefix) will work.credential:class: Passwordpassword_field: passwordpassword_type: self_checkstore:class: LDAPldap_server: localhostldap_server_options.timeout: 30binddn: "cn=root,dc=example"bindpw: notapasswordstart_tls: 0start_tls_optionsverify: noneuser_basedn: "ou=users,dc=example"user_filter: "(&(objectClass=inetOrgPerson)(cn=%s))"user_scope: oneuser_field: cnuser_search_options:deref: alwaysuse_roles: 1role_basedn: "ou=groups,dc=example"role_filter: "(&(objectClass=groupOfNames)(member=%s))"role_scope: onerole_field: cnrole_value: dnrole_search_options:deref: always