6.1.2.3. Configuration
halon-api loads the non-reloadable configuration from /etc/halon/api.yaml.
It is described by, and can be validated with, the
api.schema.json
JSON schema (included in our Visual Studio Code integration).
The default startup configuration file in /opt/halon/api/share can normally be used as a base:
$ cp /opt/halon/api/share/api.yaml /etc/halon/
6.1.2.3.1. Authentication directives
- authentication.secret
The secret that needs to be sent in the request using the X-API-Key header.
6.1.2.3.2. Listener directives
- listeners[]
The API must have one or more listen directives, which specify which TCP port and address to listen on. Required.
- listeners[].port
Which TCP port to listen on. Required.
- listeners[].address
IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.
- listeners[].pki
The X.509 certificate and private key. The private key and certificate should have either a
pathordataproperty.pki: certificate: data: |- -----BEGIN CERTIFICATE----- ... privatekey: data: |- -----BEGIN PRIVATE KEY----- ...
6.1.2.3.3. Other directives
- accounting
If accounting logs should be generated. The default is false.
6.1.2.3.4. Environment directives
- environment.privdrop.user
- environment.privdrop.group
- environment.controlsockets.smtpd.path
- environment.controlsockets.smtpd.port
- environment.controlsockets.smtpd.address
- environment.controlsockets.rated.path
- environment.controlsockets.dlpd.path