summarylogtreecommitdiffstats
path: root/bazel-remote.conf
blob: 420c54729e81dc9f0278f113afbf467939aa9012 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# These two are the only required options:
dir: /var/cache/bazel-remote
max_size: 100  # GiB

# The form to store CAS blobs in ("zstd" or "uncompressed"):
#storage_mode: zstd

# The server listener address for HTTP/HTTPS. For TCP listeners,
# use [host]:port, where host is optional (default 0.0.0.0) and can
# be either a hostname or IP address. For Unix domain socket listeners,
# use unix:///path/to/socket.sock, where /path/to/socket.sock can be
# either an absolute or relative path to a socket path.
#http_address: 0.0.0.0:8080
http_address: 127.0.0.1:7777

# The server listener address for gRPC (unix sockets are also supported
# as described above):
#grpc_address: 0.0.0.0:9092

# If profile_address (or the deprecated profile_port and/or profile_host)
# is specified, then serve /debug/pprof/* URLs here (unix sockets are also
# supported as described above):
#profile_address: 127.0.0.1:7070

# HTTP read/write timeouts. Note that these do not apply to the proxy
# backends or the profiling endpoint. Reasonable values might be twice
# the length of time that you expect a client to read/write the largest
# likely blob. Units can be one of: "s", "m", "h".
#http_read_timeout: 15s
#http_write_timeout: 20s

# Specify a certificate if you want to use HTTPS and gRPCs:
#tls_cert_file: path/to/tls.cert
#tls_key_file:  path/to/tls.key
# If you want to use mutual TLS with client certificates:
#tls_ca_file: path/to/ca/cert.pem

# Optionally specify the minimum supported TLS version for the
# HTTPS/gRPCs servers (must be one of 1.0, 1.1, 1.2, 1.3):
#min_tls_version: "1.0"

# Alternatively, you can use simple authentication:
#htpasswd_file: path/to/.htpasswd

# At most one authentication mechanism can be used
#ldap:
#  url: ldaps://ldap.example.com:636
#  base_dn: OU=My Users,DC=example,DC=com
#  username_attribute: sAMAccountName      # defaults to "uid"
#  bind_user: ldapuser
#  bind_password: ldappassword
#  cache_time: 3600                        # in seconds (default 1 hour)
#  groups_query: (memberOf=CN=bazel-users,OU=Groups,OU=My Users,DC=example,DC=com)

# If tls_ca_file or htpasswd_file are specified, you can choose
# whether or not to allow unauthenticated read access:
#allow_unauthenticated_reads: false

# If specified, bazel-remote should exit after being idle
# for this long. Time units can be one of: "s", "m", "h".
#idle_timeout: 45s

# If set to true, do not validate that ActionCache
# items are valid ActionResult protobuf messages.
#disable_http_ac_validation: false

# If set to true, do not check that CAS items referred
# to by ActionResult messages are in the cache.
#disable_grpc_ac_deps_check: false

# If set to true, enable metrics for each HTTP/gRPC endpoint.
#enable_endpoint_metrics: false

# Specify a custom list of histogram buckets for endpoint request duration metrics
#endpoint_metrics_duration_buckets: [.5, 1, 2.5, 5, 10, 20, 40, 80, 160, 320]

# At most one of the proxy backends can be selected:
#
# If this is 0, proxy backends won't upload blobs.
#num_uploaders: 100
# The maximum number of proxy uploads to queue, before dropping uploads.
#max_queued_uploads: 1000000
# The largest blob size that will be accepted, for example 10MB:
#max_blob_size: 10485760
#
#gcs_proxy:
#  bucket: gcs-bucket
#  use_default_credentials: false
#  json_credentials_file: path/to/creds.json
#
#s3_proxy:
#  endpoint: minio.example.com:9000
#  bucket: test-bucket
#  prefix: test-prefix
#  disable_ssl: true
#  bucket_lookup_type: auto
#
# Provide exactly one auth_method (access_key, iam_role, or credentials_file) and accompanying configuration.
#
# Access key authenticaiton:
#  auth_method: access_key
#  access_key_id: EXAMPLE_ACCESS_KEY
#  secret_access_key: EXAMPLE_SECRET_KEY
#  signature_type: v4
#
# IAM Role authentication.
#  auth_method: iam_role
#  iam_role_endpoint: http://169.254.169.254
#  region: us-east-1
#
# AWS credentials file.
#  auth_method: credentials_file
#  aws_shared_credentials_file: path/to/aws/credentials
#  aws_profile: my-profile
#
#http_proxy:
#  url: https://remote-cache.com:8080/cache
# If you want to use mutual TLS with client certificates:
#  cert_file: path/to/client.cert
#  key_file:  path/to/client.key
# If you want to use a custom CA:
#  ca_file: path/to/ca.crt
#
# Note that the grpc proxy backend requires remote asset API support if
# you want client -http-> bazel-remote -grpc-> backend requests to work.
#grpc_proxy:
#  url: grpc://remote-cache.com:9092
# If you want to use mutual TLS with client certificates:
#  cert_file: path/to/client.cert
#  key_file:  path/to/client.key
# If you want to use a custom CA:
#  ca_file: path/to/ca.crt
#
#azblob_proxy:
#  tenant_id: TENANT_ID
#  storage_account: STORAGE_ACCOUNT
#  container_name: CONTAINER_NAME
#
# Provide exactly one auth_method (client_certificate, client_secret, environment_credential,
#shared_key, default) and accompanying configuration.
#
# Storage account shared key.
#  auth_method: shared_key
#  shared_key: APP_SHARED_KEY
#
# Client secret credentials.
#  auth_method: client_secret
#  client_id: APP_ID
#  client_secret: APP_SECRET
#
# Client certificate credentials.
#  auth_method: client_certificate
#  cert_path: path/to/cert_file
#
# Default and environment methods don't have any additional parameters.
#  auth_method: environment_credential
#
#  auth_method: default
  
# If set to a valid port number, then serve /debug/pprof/* URLs here:
#profile_port: 7070
# IP address to use, if profiling is enabled:
#profile_host: 127.0.0.1

# If true, enable experimental remote asset API support:
#experimental_remote_asset_api: true

# If supplied, controls the verbosity of the access logger ("none" or "all"):
#access_log_level: none

# If supplied, controls the timezone of the access logger ("UTC", "local" or "none"):
#log_timezone: local

# vim:set ft=yaml: