6.1.2.3. Configuration

halon-api loads the non-reloadable configuration from /etc/halon/api.yaml. It is described by, and can be validated with, the api.schema.json JSON schema (included in our Visual Studio Code integration). The default startup configuration file in /opt/halon/api/share can normally be used as a base:

$ cp /opt/halon/api/share/api.yaml /etc/halon/

6.1.2.3.1. Authentication directives

authentication.secret

The secret that needs to be sent in the request using the X-API-Key header.

6.1.2.3.2. Listener directives

listeners[]

The API must have one or more listen directives, which specify which TCP port and address to listen on. Required.

listeners[].port

Which TCP port to listen on. Required.

listeners[].address

IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

listeners[].pki

The X.509 certificate and private key. The private key and certificate should have either a path or data property.

pki:
  certificate:
    data: |-
      -----BEGIN CERTIFICATE-----
      ...
  privatekey:
    data: |-
      -----BEGIN PRIVATE KEY-----
      ...

6.1.2.3.3. Other directives

accounting

If accounting logs should be generated. The default is false.

6.1.2.3.4. Environment directives

environment.privdrop.user
environment.privdrop.group
environment.controlsockets.smtpd.path
environment.controlsockets.smtpd.port
environment.controlsockets.smtpd.address
environment.controlsockets.rated.path
environment.controlsockets.dlpd.path