# Secret will be used to sign session cookies, CSRF tokens and for other encryption utilities. # It is highly recommended to change this value before running cerebro in production. secret = "ki:s:[[@=Ag?QI`W2jMwkY:eqvrJ]JqoJyi2axj3ZvOv^/KavOT4ViJSv?6YY4[N" # Application base path basePath = "/admin/" # Defaults to RUNNING_PID at the root directory of the app. # To avoid creating a PID file set this value to /dev/null #pidfile.path = "/var/run/cerebro.pid" pidfile.path=/dev/null # Rest request history max size per user rest.history.size = 50 // defaults to 50 if not specified # Path of local database file #data.path: "/var/lib/cerebro/cerebro.db" data.path = "./cerebro.db" play { # Cerebro port, by default it's 9000 (play's default) server.http.port = ${?CEREBRO_PORT} } es = { gzip = true } # Authentication auth = { # either basic or ldap type: ${?AUTH_TYPE} settings { # LDAP url = ${?LDAP_URL} # OpenLDAP might be something like "ou=People,dc=domain,dc=com" base-dn = ${?LDAP_BASE_DN} # Usually method should be "simple" otherwise, set it to the SASL mechanisms to try method = ${?LDAP_METHOD} # user-template executes a string.format() operation where # username is passed in first, followed by base-dn. Some examples # - %s => leave user untouched # - %s@domain.com => append "@domain.com" to username # - uid=%s,%s => usual case of OpenLDAP user-template = ${?LDAP_USER_TEMPLATE} // User identifier that can perform searches bind-dn = ${?LDAP_BIND_DN} bind-pw = ${?LDAP_BIND_PWD} group-search { // If left unset parent's base-dn will be used base-dn = ${?LDAP_GROUP_BASE_DN} // Attribute that represent the user, for example uid or mail user-attr = ${?LDAP_USER_ATTR} // Define a separate template for user-attr // If left unset parent's user-template will be used user-attr-template = ${?LDAP_USER_ATTR_TEMPLATE} // Filter that tests membership of the group. If this property is empty then there is no group membership check // AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com // OpenLDAP example => CN=mygroup group = ${?LDAP_GROUP} } # Basic auth username = ${?BASIC_AUTH_USER} password = ${?BASIC_AUTH_PWD} } } # A list of known hosts hosts = [ { host = "http://elasticsearch" name = "traefik-tutorial-cluster" headers-whitelist = [ "x-proxy-user", "x-proxy-roles", "X-Forwarded-For" ] } # Example of host with authentication # { # host = "http://some-authenticated-host:9200" # name = "Secured Cluster" # auth = { # username = "username" # password = "secret-password" # } # } ]