6.3. Configuration
halon-submission-tracking loads the non-reloadable configuration from /etc/halon/submission-tracking.yaml.
It is described by, and can be validated with, the
submission-tracking.schema.json
JSON schema (included in our Visual Studio Code integration).
The default startup configuration file in /opt/halon/submission-tracking/share can normally be used as a base:
$ cp /opt/halon/submission-tracking/share/submission-tracking.yaml /etc/halon/
6.3.1. Listener directives
- listeners[]
One or more listen directives needs to be configured which specify which TCP port and address to listen on. Required.
- listeners[].port
Which TCP port to listen on. Required.
- listeners[].address
IPv4 or IPv6 address to listen on. The default is to listen to all IPv4 and IPv6 addresses.
- listeners[].pki
The X.509 certificate and private key. The private key and certificate should have either a
pathordataproperty.pki: certificate: data: |- -----BEGIN CERTIFICATE----- ... privatekey: data: |- -----BEGIN PRIVATE KEY----- ...
- listeners[].proxy[]
A list of IP addresses and subnets to trust as being a reverse proxy.
6.3.2. Secret directives
- secrets[]
One or more secrets needs to be configured which are used to validate the hash of the tracking payload. Required.
- secrets[].id
The ID of the secret that should be used to validate the hash of the tracking payload. This must be an integer between 1 and 254. Required.
- secrets[].key
The key for the secret that should be used to validate the hash of the tracking payload. Required.
6.3.3. Host directives
- hosts[]
One or more host directives needs to be configured which specify the webhook event receiver node(s). Required.
- hosts[].port
Which TCP port to connect to. Required.
- hosts[].address
Hostname, IPv4 address or IPv6 address to connect to. Required.
- hosts[].path
The URL path. The default is
/.
- hosts[].tls.enabled
If TLS should be used for the requests. The default is false.
- hosts[].tls.verify
If the server certificate should be verified. The default is true.
- hosts[].apikey
The API key that will be used for the requests (sent in the X-API-Key header).
6.3.4. Queue directives
- queues.timeout.connect
The connect timeout (in seconds) against the webhook event receiver node(s). The default is 30.
- queues.timeout.socket
The socket timeout (in seconds) against the webhook event receiver node(s). The default is 900.
- queues.retry.interval
The interval (in seconds). The default is 0 (No interval).
- queues.retry.count
The retry count. The default is 0 (No retries).
- queues.min_items
Minimum items to send in bulk request. The default is 1.
Note
This value is unique to each worker (child process).
- queues.max_items
Maximum items to send in bulk request. The default is 1.
Note
This value is unique to each worker (child process).
- queues.max_interval
Maximum time to wait for
queues.min_items(in seconds). The default is to wait indefinitely.Note
This value is unique to each worker (child process).
6.3.5. Other directives
- workers
The amount of child processes that should be started to handle incoming requests. The default is as many as there are CPU cores.
- redis.host
The hostname or IP of the redis server. The default is localhost.
6.3.6. Environment directives
- environment.privdrop.user
- environment.privdrop.group