Configuration File
Path of Configuration File
Production environment: /usr/local/janusec/config.json
Development environment: ./config.json
Configuration Items
The following is based on Janusec Application Gateway V1.0.0+, and use //
as comment, please delete // comment
before using it.
{
"node_role": "primary", // "primary" for primary node, "replica" for replica nodes
"primary_node": { // keep empty for replica nodes
"admin": { // Administrator portal
"listen": true, // Listen on new ports for admin portal
"listen_http": ":9080", // Format :port or IP:Port,when listen is true, http://IP:9080/janusec-admin/ is available
"listen_https": ":9443", // Format :port or IP:Port,when listen is true, https://any_application_domain:9443/janusec-admin/ is available
"portal": "https://gate.janusec.com:9443/janusec-admin/", // admin portal, used for OAuth callback, if listen is false, remove colon and port number
},
"database_type": "sqlite", // sqlite or postgres
"database": { // PostgreSQL 10/11/12+
"host": "127.0.0.1", // PostgreSQL IP Address
"port": "5432", // PostgreSQL Port, 5432
"user": "postgres", // PostgreSQL user
"password": "123456", // PostgreSQL password, less than 32bit
"dbname": "janusec" // PostgreSQL database name
}
},
"replica_node": { // for replica nodes
// copy from the node management
"node_key": "",
// If listen is true, IP:Port is required.
// If https is required, it need a seperate domain for primary node, and an empty applicaiton should be configured, destination may be 127.0.0.1:9999 which not used.
"sync_addr": "http://gateway.primary_node.com:9080/janusec-admin/api"
}
}
Upgrade note
From version 1.0.0, oauth
configuration removed from config.json to Web Administration UI, and not required in config.json
.
If you upgrade janusec from version 0.9.x, the oauth
field will not be deleted automatically, it will not affect the gateway working, but manually delete it is preferred (and delete the comma before it).
Here is the oauth
field in version 0.9.x for your information:
"oauth": { // OAuth2
"enabled": false, // true: Enable LDAP or OAuth2 Authentication
"provider": "wxwork", // ldap (LDAP), wxwork(WeChat Work), dingtalk(DingTalk), feishu(Feishu), cas2(CAS Server)
"wxwork": { // WeChat Work
"display_name": "Login with WeChat Work",
// Only http/https and domain changable, don't use port number
"callback": "https://your_domain.com/oauth/wxwork",
// Get form https://work.weixin.qq.com/wework_admin/frame#profile
"corpid": "wwd03be1f8",
// Create Application "JANUSEC" at https://work.weixin.qq.com/wework_admin/frame#apps
"agentid": "1000002",
// Secret
"corpsecret": "BgZtz_hssdZV5em-AyGhOgLlm18rU_NdZI"
// Note:Authorized Callback domian should be configured.
},
"dingtalk": { // DingTalk
"display_name": "Login with DingTalk",
"callback": "https://your_domain.com/oauth/dingtalk",
"appid": "dingoa8xvc",
"appsecret": "crrALdXUIj4T0zBekYh4u9sU_T1GZT"
},
"feishu": {
"display_name": "Login with Feishu",
"callback": "https://your_domain.com/oauth/feishu",
"appid": "cli_9ef21d00e",
"appsecret": "ihUBspRAG1PtNdDLUZ"
// Create application JANUSEC is required
// "Secure Settings"-"Redirect URL" is required, example: "https://your_domain.com/oauth/feishu"
},
"ldap": {
"display_name": "Login with LDAP",
// change the entrance, replace the domain
"entrance": "https://gate.janusec.com/ldap/login",
// change the ldap server with domain:port
"address": "ldap.janusec.com:389",
// keep the {uid}
"dn":"uid={uid},ou=People,dc=janusec,dc=com",
"using_tls":false,
// Enable Authenticator (Google Authenticator or Microsoft Authenticator)
"authenticator_enabled": false
},
"cas2": {
// Show on UI
"display_name": "Login with CAS 2.0",
// Entrance of the CAS Server, end with /cas
"entrance": "https://cas_server/cas",
// callback address, using the domain name of the gateway, and end with /oauth/cas2, no port number
"callback": "http://gate.janusec.com/oauth/cas2"
}
}