# SECURITY WARNING: keep the secret key used in production secret! # 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成 # $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo SECRET_KEY: # SECURITY WARNING: keep the bootstrap token used in production secret! # 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制 BOOTSTRAP_TOKEN: # Development env open this, when error occur display the full process track, Production disable it # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志 # DEBUG: true # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ # 日志级别 # LOG_LEVEL: DEBUG # LOG_DIR: # Session expiration setting, Default 24 hour, Also set expired on on browser close # 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期 # SESSION_COOKIE_AGE: 86400 # SESSION_EXPIRE_AT_BROWSER_CLOSE: false # Database setting, Support sqlite3, mysql, postgres .... # 数据库设置 # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases # SQLite setting: # 使用单文件sqlite数据库 # DB_ENGINE: sqlite3 # DB_NAME: # MySQL or postgres setting like: # 使用Mysql作为数据库 DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: DB_NAME: jumpserver # When Django start it will bind this host and port # ./manage.py runserver 127.0.0.1:8080 # 运行时绑定端口 HTTP_BIND_HOST: 0.0.0.0 HTTP_LISTEN_PORT: 8080 WS_LISTEN_PORT: 8070 # Use Redis as broker for celery and web socket # Redis配置 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 # REDIS_PASSWORD: # REDIS_DB_CELERY: 3 # REDIS_DB_CACHE: 4 # Use OpenID Authorization # 使用 OpenID 进行认证设置 # AUTH_OPENID: False # True or False # AUTH_OPENID_CLIENT_ID: client-id # AUTH_OPENID_CLIENT_SECRET: client-secret # AUTH_OPENID_PROVIDER_ENDPOINT: https://op-example.com/ # AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: https://op-example.com/authorize # AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: https://op-example.com/token # AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: https://op-example.com/jwks # AUTH_OPENID_PROVIDER_USERINFO_ENDPOINT: https://op-example.com/userinfo # AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: https://op-example.com/logout # AUTH_OPENID_PROVIDER_SIGNATURE_ALG: HS256 # AUTH_OPENID_PROVIDER_SIGNATURE_KEY: None # AUTH_OPENID_SCOPES: "openid profile email" # AUTH_OPENID_ID_TOKEN_MAX_AGE: 60 # AUTH_OPENID_ID_TOKEN_INCLUDE_CLAIMS: True # AUTH_OPENID_USE_STATE: True # AUTH_OPENID_USE_NONCE: True # AUTH_OPENID_SHARE_SESSION: True # AUTH_OPENID_IGNORE_SSL_VERIFICATION: True # AUTH_OPENID_ALWAYS_UPDATE_USER: True # Use Radius authorization # 使用Radius来认证 # AUTH_RADIUS: false # RADIUS_SERVER: localhost # RADIUS_PORT: 1812 # RADIUS_SECRET: # CAS 配置 # AUTH_CAS': False, # CAS_SERVER_URL': "http://host/cas/", # CAS_ROOT_PROXIED_AS': 'http://jumpserver-host:port', # CAS_LOGOUT_COMPLETELY': True, # CAS_VERSION': 3, # LDAP/AD settings # LDAP 搜索分页数量 # AUTH_LDAP_SEARCH_PAGED_SIZE: 1000 # # 定时同步用户 # 启用 / 禁用 # AUTH_LDAP_SYNC_IS_PERIODIC: True # 同步间隔 (单位: 时) (优先) # AUTH_LDAP_SYNC_INTERVAL: 12 # Crontab 表达式 # AUTH_LDAP_SYNC_CRONTAB: * 6 * * * # # LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证 # AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False # # LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html) # In order to perform this operation a successful bind must be completed on the connection # AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1 # OTP settings # OTP/MFA 配置 # OTP_VALID_WINDOW: 0 # OTP_ISSUER_NAME: Jumpserver # Perm show single asset to ungrouped node # 是否把未授权节点资产放入到 未分组 节点中 # PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false # # 启用定时任务 # PERIOD_TASK_ENABLE: True # # 启用二次复合认证配置 # LOGIN_CONFIRM_ENABLE: False # # Windows 登录跳过手动输入密码 # WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False