4.1.2.2. Configuration

halon-api loads the non-reloadable configuration from /etc/halon/api.yaml. It is described by, and can be validated with, the api.schema.json JSON schema (included in our Visual Studio Code plugin). The default startup configuration files in /opt/halon/api/share can normally be used as a base:

$ cp /opt/halon/api/share/api.yaml /etc/halon/

4.1.2.2.1. Authentication directives

authentication.secret

The secret that needs to be sent in the request using the X-API-Key header.

4.1.2.2.2. Listener directives

listeners[]

The API must have one or more listen directives, which specify which TCP port and address to listen on. Required.

listeners[].port

Which TCP port to listen on. Required.

listeners[].address

IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.

listeners[].pki

The X.509 certificate and private key. The private key and certificate should have either a path or data property.

pki:
    certificate:
        data: |-
        -----BEGIN CERTIFICATE-----
        ...
    privatekey:
        data: |-
        -----BEGIN PRIVATE KEY-----
        ...

4.1.2.2.3. Environment directives

environment.privdrop.user
environment.privdrop.group