Skip to content
Copyright © 2022- basebox GmbH, all rights reserved.
Licensed to be used in conjunction with basebox, only.

dbproxy reference

This page describes dbproxy's configuration file.

dbproxy Configuration File

The configuration file is in TOML syntax; it is very similar to good old INI files and organizes options in sections, denoted by square brackets.

Section generic

log_level

Type: String
Set broker's log level or verbosity; we recommend setting it to info. Possible values from least to most verbose are:
"error", "warn", "info", "debug", "trace"

Section auth

jwks_file

Type: String
Path and file name to a JSON Web Key Set (JWKS) file. This file contains the public keys that broker uses to verify access token signatures. This is an alternative to specifying the discovery_url and jwks_url fields below and can be used for environments that have no access to the internet. Example: "/path/to/jwks.json"

discovery_url

Type: String
URL of IdP's discovery endpoint. If not set, the URL is made up by appending ".well-known/openid-configuration" to the id_token_validation.iss field (see below).
Example: "https://idp.example.com/realms/testing/.well-known/openid-configuration"

jwks_url

Type: String
URL of the OpenID Connect server's public keystore. If set, the discovery endpoint is not used at all.
Example: "https://idp.example.com/realms/testing/protocol/openid-connect/certs"

iss

Type: String
Validate contents of 'iss' field, usually the URL of the authentication realm. For Auth0, use the Domain field in your Auth0 application's settings with a leading 'https://'. Example: "https://idp.example.com/realms/testing"

aud

Type: String
Validate contents of aud field when validating Access tokens. For Keycloak, this defaults to "account".
Example: "account"

Section graphql

schema_file

Type: String
Path and file name to GraphQL schema file.
Example: "/path/to/schema_file.graphql"

resolver_map_file

Type: String
Path and file name of the resolver file, generated by bbc. Example: "/path/to/resover_file.toml"

type_map_file

Type: String
Path and file name of the type map file, generated by bbc. Example: "/path/to/type_map.json"

Section database

This section configures how dbproxy connects to the PostgreSQL database.

db_type

Type: String
Type of database; currently, only "postgres" is supported.
Example: "postgres"

host

Type: String
The host or IP where the DB server is running. Do not set this value if you want to use PostgresSQL peer authentication (see below). Example: "localhost"

port

Type: Integer The IP port of the PostgreSQL server. Do not set this value if you want to use PostgresSQL peer authentication (see below). Example: 5432

db_name

Type: String
The database name.
Example: "bbtest"

Info

Username and password are optional; if unset, basebox will use peer authentication, which does not require a password to be specified in the configuration.

This works only if dbproxy is running on the same machine as the PostgreSQL server. More info about Peer Authentication can be found here.

username

Type: String
The username to use when connecting to the database.
Example: "bbtest"

password

Type: String
The password to use when connecting to the database.
Example: "oergsbriubih4535t34ft"

ssl_mode

Type: String
Controls whether or with what priority a secure SSL TCP/IP connection will be negotiated with the database server. Can be "no", "optional" or "must". Only use this option if username and password are set.
Example: "optional"

Section server

host

Type: String
IP address of the host/network connection dbproxy should be listening for connections.
For production use, this should be set to the IP address of the host; use "0.0.0.0" to listen on all available interfaces and "127.0.0.1" to only accept local connections (for testing etc)
Example: "127.0.0.1"

port

Type: Integer
Port number; default is 80 for http, 443 for https.
Example: 8080

workers

Type: Integer
Number of HTTP server threads to spawn; default is one per CPU core.
Example: 2

cert_file

Type: String
Path and file name of TLS certificate (chain) file. If set, dbproxy will run in TLS/SSL mode. Example: "/path/to/cert.pem"

cert_key_file

Type: String
Path and file name of TLS/SSL key file.
Example: "/path/to/key.pem"