-
Notifications
You must be signed in to change notification settings - Fork 61
/
settings.cfg.example
92 lines (73 loc) · 2.69 KB
/
settings.cfg.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
from os import path
dirname = path.dirname(__file__)
# The public facing hostname of the MDM
# This will also be used as the self signed certificate dnsname
PUBLIC_HOSTNAME = 'commandment.dev'
# Development mode listen port
PORT = 5443
# Configure your Database URI.
# All SQLAlchemy options are available here:
# http://flask-sqlalchemy.pocoo.org/2.1/config/
SQLALCHEMY_DATABASE_URI = 'sqlite:///commandment.db'
# SQLALCHEMY_DATABASE_ECHO = True
# SQLALCHEMY_TRACK_MODIFICATIONS = False
# ---------------
# Certificates
# ---------------
# [APNS]
# You may supply the certificate as a pair of PEM encoded files, or as a .p12 container.
# If you supply .p12 it will be encoded as a PEM keypair
# -----
PUSH_CERTIFICATE = '../push.pem'
PUSH_KEY = '../push.key'
PUSH_CERTIFICATE_PASSWORD = 'sekret' # for pkcs12 only
# If commandment is running in development mode, specify the path to the certificate and private key.
# These can also be generated at start up.
# Normally SSL should be handled by Apache/Nginx/etc.
# [SSL]
# Specify the Enterprise CA here if Apple Devices won't natively trust your CA eg. If you are using a
# self-signed CA or Enterprise CA Certificate.
# -----
CA_CERTIFICATE = path.join(dirname, 'ssl', 'ca.crt')
# Specify the development web server SSL certificate.
# This only applies if you are running via the CLI or flask run
# -----
SSL_CERTIFICATE = path.join(dirname, 'ssl', 'server.crt')
SSL_RSA_KEY = path.join(dirname, 'ssl', 'server.key')
# If not using external storage, the path to the root directory for upload storage.
# This should not be used in production.
# -----
STORAGE_ROOT = path.join(dirname, 'storage')
# -------------------------
# SCEP via SCEPy (optional)
# -------------------------
# Directory where certs, revocation lists, serials etc will be kept
# -----
SCEPY_CA_ROOT = "/path/to/ca"
# X.509 Name Attributes used to generate the CA Certificate.
# -----
SCEPY_CA_X509_CN = 'SCEPY-CA'
SCEPY_CA_X509_O = 'SCEPy'
SCEPY_CA_X509_C = 'AU'
# SubjectAltName extension is always on and will use this DNSName
SAN_DNSNAME = 'scepy.dev'
# (Optional) SCEP static challenge. This will have to be part of your SCEP profile
# -----
SCEPY_CHALLENGE = 'sekret'
# Raw data will be dumped to this directory for inspection with tools such as OpenSSL (openssl asn1parse)
# -----
SCEPY_DUMP_DIR = '/tmp/scepy_dump'
# If the GetCACert would return a single cert, force it to use a CMS degenerate case?
# -----
SCEPY_FORCE_DEGENERATE_FOR_SINGLE_CERT = False
# ------------------------
# Authlib (Authentication)
# ------------------------
# Token Expiry
#
# OAUTH2_TOKEN_EXPIRES_IN = {
# 'authorization_code': 864000,
# 'implicit': 3600,
# 'password': 864000,
# 'client_credentials': 864000
# }