--- logging: level: org: springframework: web: INFO app: coronawarn: INFO com: netflix: config: sources: URLConfigurationSource: ERROR services: submission: # The initial value of the moving average for fake request delays. initial-fake-delay-milliseconds: 10 # The number of samples for the calculation of the moving average for fake request delays. fake-delay-moving-average-samples: 10 # The retention threshold for acceptable diagnosis keys during submission. retention-days: 14 # How many days in the past are keys of a self reported submission allowed. Only if it's smaller then 'retention-days' it will have an effect. srs-days: ${MAX_NUMBER_OF_DAYS_FOR_SRS:14} # The number of keys to save to the DB for every real submitted key. # Example: If the 'random-key-padding-multiplier' is set to 10, and 5 keys are being submitted, # then the 5 real submitted keys will be saved to the DB, plus an additional 45 keys with # random 'key_data'. All properties, besides the 'key_data', of the additional keys will be # identical to the real key. random-key-padding-multiplier: ${RANDOM_KEY_PADDING_MULTIPLIER:1} # The number of checkins to save to the DB for every real submitted checkin. # Same logic as described above for diagnosis keys random-checkins-padding-multiplier: ${RANDOM_CHECKINS_PADDING_MULTIPLIER:1} # Pepper used in generating fake location ids random-checkins-padding-pepper: ${RANDOM_CHECKINS_PADDING_PEPPER} # The number of checkins allowed to be saved in the DB for each day. max-allowed-checkins-per-day: ${MAX_ALLOWED_CHECKINS_PER_DAY:20} # The ApacheHttpClient's connection pool size. connection-pool-size: 200 # The maximum request size accepted by the SubmissionController (e.g. 200B or 100KB). maximum-request-size: ${MAXIMUM_REQUEST_SIZE:100KB} # The maximum rolling period accepted by the SubmissionController (e.g. 144 (24 hours)) max-rolling-period: ${MAX_ROLLING_PERIOD:144} # The minimum rolling period accepted by the SubmissionController (e.g. 1 (10 minutes)) min-rolling-period: ${MIN_ROLLING_PERIOD:1} # The flag for unencrypted checkins used by the EventCheckinFacade. unencrypted-checkins-enabled: ${UNENCRYPTED_CHECKINS_ENABLED:false} # To prevent a potential overload of the distribution and the clients, we'll allow only this amount of keys per day max-keys-per-day: ${MAX_KEYS_PER_DAY:1000000} payload: # The maximum number of keys accepted for any submission. max-number-of-keys: ${MAX_NUMBER_OF_KEYS:14} # Country codes representing the list of countries which are allowed to be specified in the # visitedCountries and originCountry field of a submission payload # Comma separated country code values must be provided. The value must not end with ',' supported-countries: ${SUPPORTED_COUNTRIES} # The default 'origin country' when not provided in submission payload default-origin-country: ${ORIGIN_COUNTRY:DE} checkins: # Checkin data for events older than the number below are ignored by the system accepted-event-date-threshold-days: ${DAYS_TO_PUBLISH:10} verification: base-url: ${VERIFICATION_BASE_URL:http://localhost:8004} path: /version/v1/tan/verify srs-verify: base-url: ${SRS_VERIFY_BASE_URL:https://localhost:8105} path: /version/v1/srs monitoring: # The batch size (number of requests) to use for monitoring request count. batch-size: 5 client: ssl: key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD} key-store: ${SSL_SUBMISSION_KEYSTORE_PATH} key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD} trust-store: ${SSL_VERIFICATION_TRUSTSTORE_PATH} trust-store-password: ${SSL_VERIFICATION_TRUSTSTORE_PASSWORD} feign-retry: # feign retry waiting time in milliseconds period: ${FEIGN_RETRY_PERIOD:500} # feign total maximum wait time in seconds before feign.RetryableException max-period: ${FEIGN_RETRY_MAX_PERIOD:10} # feign max retry attemps, when reached feign.RetryableException is thrown max-attempts: ${FEIGN_RETRY_MAX_ATTEMPTS:10} spring: lifecycle: # keep in sync or lower than the kubernetes setting 'terminationGracePeriodSeconds' # 5s +5s Feign client + 20s DB timeout timeout-per-shutdown-phase: 30s transaction: default-timeout: 20 flyway: enabled: true locations: classpath:/db/migration, classpath:/db/specific/{vendor} password: ${POSTGRESQL_PASSWORD_FLYWAY:local_setup_flyway} user: ${POSTGRESQL_USER_FLYWAY:local_setup_flyway} # Postgres configuration datasource: driver-class-name: org.postgresql.Driver url: jdbc:postgresql://${POSTGRESQL_SERVICE_HOST}:${POSTGRESQL_SERVICE_PORT}/${POSTGRESQL_DATABASE}?ssl=true&sslmode=verify-full&sslrootcert=${SSL_POSTGRES_CERTIFICATE_PATH}&sslcert=${SSL_SUBMISSION_CERTIFICATE_PATH}&sslkey=${SSL_SUBMISSION_PRIVATE_KEY_PATH} username: ${POSTGRESQL_USER_SUBMISSION:local_setup_submission} password: ${POSTGRESQL_PASSWORD_SUBMISSION:local_setup_submission} # Actuator configuration management: server: port: 8081 endpoint: metrics: enabled: true prometheus: enabled: true health: group: readiness: include: db, verificationService, srsVerifyService show-details: always endpoints: web: exposure: include: 'health, prometheus' metrics: export: prometheus: enabled: true health: probes: enabled: true server: shutdown: graceful ssl: enabled: true enabled-protocols: TLSv1.2+TLSv1.3 protocol: TLS ciphers: >- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_AES_128_CCM_SHA256 key-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD} key-store: ${SSL_SUBMISSION_KEYSTORE_PATH} key-store-password: ${SSL_SUBMISSION_KEYSTORE_PASSWORD} key-store-provider: SUN key-store-type: JKS feign: client: config: default: connect-timeout: 20000 read-timeout: 20000