@@ -283,6 +283,226 @@ Controls whether HTTPS is required when retrieving metadata from the authority.
283283> [ !WARNING]
284284> Setting this to ` false ` is not recommended for production environments.
285285
286+ ## HTTPS
287+
288+ These settings configure [ HTTPS] ( /servicecontrol/security/hosting-guide.md#https ) .
289+
290+ ### ServiceControl.Audit/Https.Enabled
291+
292+ _ Added in version 6.9.0_
293+
294+ Controls whether HTTPS is enabled.
295+
296+ | Context | Name |
297+ | --- | --- |
298+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_ENABLED ` |
299+ | ** App config key** | ` ServiceControl.Audit/Https.Enabled ` |
300+ | ** SCMU field** | N/A |
301+
302+ | Type | Default value |
303+ | --- | --- |
304+ | bool | ` false ` |
305+
306+ ### ServiceControl.Audit/Https.CertificatePath
307+
308+ _ Added in version 6.9.0_
309+
310+ The path to the HTTPS certificate file (PFX format).
311+
312+ | Context | Name |
313+ | --- | --- |
314+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_CERTIFICATEPATH ` |
315+ | ** App config key** | ` ServiceControl.Audit/Https.CertificatePath ` |
316+ | ** SCMU field** | N/A |
317+
318+ | Type | Default value |
319+ | --- | --- |
320+ | string | None |
321+
322+ ### ServiceControl.Audit/Https.CertificatePassword
323+
324+ _ Added in version 6.9.0_
325+
326+ The password for the HTTPS certificate file.
327+
328+ | Context | Name |
329+ | --- | --- |
330+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_CERTIFICATEPASSWORD ` |
331+ | ** App config key** | ` ServiceControl.Audit/Https.CertificatePassword ` |
332+ | ** SCMU field** | N/A |
333+
334+ | Type | Default value |
335+ | --- | --- |
336+ | string | None |
337+
338+ ### ServiceControl.Audit/Https.Hsts.Enabled
339+
340+ _ Added in version 6.9.0_
341+
342+ Controls whether HTTP Strict Transport Security (HSTS) headers are sent.
343+
344+ | Context | Name |
345+ | --- | --- |
346+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_HSTS_ENABLED ` |
347+ | ** App config key** | ` ServiceControl.Audit/Https.Hsts.Enabled ` |
348+ | ** SCMU field** | N/A |
349+
350+ | Type | Default value |
351+ | --- | --- |
352+ | bool | ` false ` |
353+
354+ ### ServiceControl.Audit/Https.Hsts.MaxAge
355+
356+ _ Added in version 6.9.0_
357+
358+ The max-age directive value for the HSTS header.
359+
360+ | Context | Name |
361+ | --- | --- |
362+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_HSTS_MAXAGE ` |
363+ | ** App config key** | ` ServiceControl.Audit/Https.Hsts.MaxAge ` |
364+ | ** SCMU field** | N/A |
365+
366+ | Type | Default value |
367+ | --- | --- |
368+ | TimeSpan | ` 365.00:00:00 ` (365 days) |
369+
370+ ### ServiceControl.Audit/Https.Redirection.Enabled
371+
372+ _ Added in version 6.9.0_
373+
374+ Controls whether HTTP requests are redirected to HTTPS.
375+
376+ | Context | Name |
377+ | --- | --- |
378+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_REDIRECTION_ENABLED ` |
379+ | ** App config key** | ` ServiceControl.Audit/Https.Redirection.Enabled ` |
380+ | ** SCMU field** | N/A |
381+
382+ | Type | Default value |
383+ | --- | --- |
384+ | bool | ` false ` |
385+
386+ ### ServiceControl.Audit/Https.Redirection.HttpPort
387+
388+ _ Added in version 6.9.0_
389+
390+ The HTTP port to listen on for redirecting requests to HTTPS.
391+
392+ | Context | Name |
393+ | --- | --- |
394+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_HTTPS_REDIRECTION_HTTPPORT ` |
395+ | ** App config key** | ` ServiceControl.Audit/Https.Redirection.HttpPort ` |
396+ | ** SCMU field** | N/A |
397+
398+ | Type | Default value |
399+ | --- | --- |
400+ | int | None |
401+
402+ ## Forwarded headers
403+
404+ These settings configure [ forwarded headers] ( /servicecontrol/security/hosting-guide.md#forwarded-headers ) for reverse proxy scenarios.
405+
406+ ### ServiceControl.Audit/ForwardedHeaders.Enabled
407+
408+ _ Added in version 6.9.0_
409+
410+ Controls whether forwarded headers are processed.
411+
412+ | Context | Name |
413+ | --- | --- |
414+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_FORWARDEDHEADERS_ENABLED ` |
415+ | ** App config key** | ` ServiceControl.Audit/ForwardedHeaders.Enabled ` |
416+ | ** SCMU field** | N/A |
417+
418+ | Type | Default value |
419+ | --- | --- |
420+ | bool | ` false ` |
421+
422+ ### ServiceControl.Audit/ForwardedHeaders.AllowedHosts
423+
424+ _ Added in version 6.9.0_
425+
426+ A semicolon-separated list of allowed proxy hosts. Use ` * ` to allow any host.
427+
428+ | Context | Name |
429+ | --- | --- |
430+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_FORWARDEDHEADERS_ALLOWEDHOSTS ` |
431+ | ** App config key** | ` ServiceControl.Audit/ForwardedHeaders.AllowedHosts ` |
432+ | ** SCMU field** | N/A |
433+
434+ | Type | Default value |
435+ | --- | --- |
436+ | string | None |
437+
438+ ### ServiceControl.Audit/ForwardedHeaders.ForwardLimit
439+
440+ _ Added in version 6.9.0_
441+
442+ Limits the number of entries in the forwarded headers that are processed.
443+
444+ | Context | Name |
445+ | --- | --- |
446+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_FORWARDEDHEADERS_FORWARDLIMIT ` |
447+ | ** App config key** | ` ServiceControl.Audit/ForwardedHeaders.ForwardLimit ` |
448+ | ** SCMU field** | N/A |
449+
450+ | Type | Default value |
451+ | --- | --- |
452+ | int | ` 1 ` |
453+
454+ ### ServiceControl.Audit/ForwardedHeaders.KnownProxies
455+
456+ _ Added in version 6.9.0_
457+
458+ A semicolon-separated list of known proxy IP addresses.
459+
460+ | Context | Name |
461+ | --- | --- |
462+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_FORWARDEDHEADERS_KNOWNPROXIES ` |
463+ | ** App config key** | ` ServiceControl.Audit/ForwardedHeaders.KnownProxies ` |
464+ | ** SCMU field** | N/A |
465+
466+ | Type | Default value |
467+ | --- | --- |
468+ | string | None |
469+
470+ ## CORS
471+
472+ These settings configure [ Cross-Origin Resource Sharing (CORS)] ( /servicecontrol/security/hosting-guide.md#cors ) .
473+
474+ ### ServiceControl.Audit/Cors.Enabled
475+
476+ _ Added in version 6.9.0_
477+
478+ Controls whether CORS restrictions are enabled.
479+
480+ | Context | Name |
481+ | --- | --- |
482+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_CORS_ENABLED ` |
483+ | ** App config key** | ` ServiceControl.Audit/Cors.Enabled ` |
484+ | ** SCMU field** | N/A |
485+
486+ | Type | Default value |
487+ | --- | --- |
488+ | bool | ` false ` |
489+
490+ ### ServiceControl.Audit/Cors.AllowedOrigins
491+
492+ _ Added in version 6.9.0_
493+
494+ A semicolon-separated list of allowed CORS origins. Use ` * ` to allow any origin.
495+
496+ | Context | Name |
497+ | --- | --- |
498+ | ** Environment variable** | ` SERVICECONTROL_AUDIT_CORS_ALLOWEDORIGINS ` |
499+ | ** App config key** | ` ServiceControl.Audit/Cors.AllowedOrigins ` |
500+ | ** SCMU field** | N/A |
501+
502+ | Type | Default value |
503+ | --- | --- |
504+ | string | None |
505+
286506## Embedded database
287507
288508These settings are not valid for ServiceControl instances hosted in a container.
0 commit comments