.kuzzlerc.sample.jsonc

{
  // -------------------------------------------------------------------------
  // Kuzzle configuration sample file
  //
  // You can copy this file to a valid rc file location to customize Kuzzle
  // configuration (see https://github.com/dominictarr/rc)
  // -------------------------------------------------------------------------
  // The HTTP section lets you configure how Kuzzle should handle HTTP requests
  "http": {
    // * accessControlAllowOrigin:
    //    sets the default Access-Control-Allow-Origin HTTP
    //    header used to send responses to the client
    // * accessControlAllowOriginUseRegExp
    //    Allow the usage of Regular Expressions to verify the origin
    //    based on Access-Control-Allow-Origin.
    //    /!\ This convert every string in Access-Control-Allow-Origin into Regular Expressions
    //    be careful with the Regular Expressions that you use.
    // * accessControlAllowMethods:
    //    sets the default Access-Control-Allow-Method header
    // * accessControlAllowHeaders:
    //    sets the default Access-Control-Allow-Headers
    // (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
    // * cookieAuthentication:
    //    Allows browser clients to connect to Kuzzle with cookies.
    //    /!\ This should not be allowed if the "http.accessControlAllowOrigin"
    //    configuration contains a wildcard ("*").
    "accessControlAllowOrigin": "*",
    "accessControlAllowOriginUseRegExp": false,
    "accessControlAllowMethods": "GET,POST,PUT,PATCH,DELETE,OPTIONS,HEAD",
    "accessControlAllowHeaders": "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, Content-Encoding, Content-Length, X-Kuzzle-Volatile",
    "cookieAuthentication": true
  },
  // Kuzzle configured limits
  "limits": {
    // * concurrentRequests:
    //      Number of requests Kuzzle processes simultaneously.
    //      Requests received above this limit are buffered until a slot is freed
    //      This value should be kept low to avoid overloading Kuzzle's event loop.
    // * documentsFetchCount:
    //      Maximum number of documents that can be fetched by a single API
    //      request. The minimum value to this limit is 1.
    //      This limits is applied to any route returning multiple documents,
    //      such as document:mGet or document:search
    //      You may have to configure ElasticSearch as well if you need
    //      to set this value higher than 10000
    // * documentsWriteCount:
    //      Maximum number of documents that can be written by a single API
    //      request. The minimum value to this limit is 1.
    //      There is no higher limit to this value, but you may
    //      also have to change the value of the "maxRequestSize" parameter
    //      (in the "server" section) to make Kuzzle accept larger requests.
    // * loginsPerSecond:
    //      Maximum number of logins per second and per network connection.
    // * requestsBufferSize:
    //      Maximum number of requests that can be buffered.
    //      Requests received above this limit are discarded with a 503 error
    // * requestsBufferWarningThreshold:
    //      Number of buffered requests after
    //      which Kuzzle will throw 'core:overload' events
    //      (see https://docs.kuzzle.io/plugins/1/events/core-overload/)
    // * subscriptionConditionsCount
    //      Maximum number of conditions a subscription filter can contain
    //      NB: A condition is either a "simple" operator (anything but "and",
    //          "or" and "bool"), or a boolean condition that contains only
    //          simple operators.
    // * subscriptionMinterms
    //      Maximum number of minterms (AND) clauses
    //      after the filters are transformed in their Canonical Disjunctive Normal Form (CDNF).
    // * subscriptionRooms
    //      Maximum number of different subscription rooms
    //      (i.e. different index+collection+filters subscription
    //      configurations)
    //      Depends primarily on available memory.
    //      If set to 0, an unlimited number of rooms can be created
    // * subscriptionDocumentTTL
    //      Maximum time (in milliseconds) a document will be kept in cache for
    //      real-time subscriptions.
    //      This cache is used to notify subscriber when a document enters or
    //      leaves a scope after an update.
    //      By default, subscriptions will be kept 72 hours.
    //      /!\ Please note that keeping subscriptions over a long period of
    //      /!\ time may result in memory overuse.
    //      If set to 0, the subscription will be kept in cache forever.
    //      /!\ Setting the property to 0 will lead to a memory leak if
    //      /!\ documents enter a real-time subscription scope and never exit
    //      /!\ that scope.
    "concurrentRequests": 50,
    "documentsFetchCount": 10000,
    "documentsWriteCount": 200,
    "loginsPerSecond": 1,
    "requestsBufferSize": 50000,
    "requestsBufferWarningThreshold": 5000,
    "subscriptionConditionsCount": 100,
    "subscriptionMinterms": 0,
    "subscriptionRooms": 1000000,
    "subscriptionDocumentTTL": 259200000 // 72 * 60 * 60 * 1000
  },
  // The application section lets you configure your application
  // (see https://docs.kuzzle.io/core/2/guides/advanced/configuration)
  "application": {
    // any key/value..
  },
  // The plugins section lets you define plugins behaviors
  // (see https://docs.kuzzle.io/core/2/guides/write-plugins)
  "plugins": {
    // [Common]
    //   * failsafeMode
    //        If true, Kuzzle will not load custom plugin and features (including
    //        the ones defined in the application).
    //        The API will only be available to administrators ("admin" profile)
    //        during failsafe mode.
    //   * bootstrapLockTimeout
    //        Maximum amount of time (in milliseconds)
    //        to wait for a concurrent plugin bootstrap
    //   * include
    //        List of Kuzzle's embedded plugins to be activated.
    //        Edit this list to deactivate one or more of those plugins.
    //        NOTE: this list does not control plugins installed manually.
    //   * pipeWarnTime:
    //        Warning time threshold (in milliseconds)
    //        on a pipe plugin action
    //   * initTimeout:
    //        Maximum execution time (in milliseconds)
    //        of a plugin initialization
    //   * maxConcurrentPipes:
    //        Maximum number of pipes that can be executed in parallel.
    //        New pipes submitted while the maximum number of pipes is met are
    //        delayed for later execution.
    //        This parameter controls is used to limit the stress put on the
    //        event loop, allowing for Kuzzle to process pipes faster, and to
    //        protect it from performances degradation if an abnormal number of
    //        pipes are submitted.
    //        (timers do not start while a pipe is hold back)
    //   * pipesBufferSize:
    //        Maximum number of pipes that can be delayed. If full, new pipes
    //        are rejected.
    "common": {
      "failsafeMode": false,
      "bootstrapLockTimeout": 30000,
      "pipeWarnTime": 500,
      "initTimeout": 10000,
      "maxConcurrentPipes": 50,
      "pipesBufferSize": 50000,
      "include": [
        "kuzzle-plugin-logger",
        "kuzzle-plugin-auth-passport-local"
      ]
    },
    // plugin logger configuration.
    // see https://github.com/kuzzleio/kuzzle-plugin-logger
    "kuzzle-plugin-logger": {
      "services": {
        "stdout": {
          "level": "info",
          "addDate": true,
          "dateFormat": "YYYY-MM-DD HH-mm-ss"
        }
      }
    },
    // [Kuzzle Plugin Auth Passport Local]
    //   * algorithm
    //      one of the supported encryption algorithms
    //      (run crypto.getHashes() to get the complete list).
    //      Examples: sha256, sha512, blake2b512, whirlpool, ...
    //   * stretching
    //      boolean and controlling if the password is stretched or not.
    //   * digest
    //      describes how the hashed password is stored in the database
    //      https://nodejs.org/api/buffer.html#buffer_buf_tostring_encoding_start_end
    //   * encryption
    //      determines whether the hashing algorithm uses crypto.createHash (hash)
    //      or crypto.createHmac (hmac).
    //      https://nodejs.org/api/crypto.html
    //   * requirePassword
    //      if true, kuzzle will refuse any credentials update or deletion,
    //      unless the currently valid password is provided
    //      or if the change is performed via the security controller
    //   * resetPasswordExpiresIn
    //      a positive time representation of the delay after which a
    //      reset password token expires (see the "ms" NPM package for possible
    //      formats: https://www.npmjs.com/package/ms).
    //      Users with expired passwords are given a resetPasswordToken when
    //      logging in and must change their password to be allowed to log in again
    //   * passwordPolicies
    //      set of additional rules to apply to users, or to groups of users
    //      See the documentation at https://docs.kuzzle.io/core/2/guides/main-concepts/5-authentication#password-policies
    "kuzzle-plugin-auth-passport-local": {
      "algorithm": "sha512",
      "stretching": true,
      "digest": "hex",
      "encryption": "hmac",
      "requirePassword": false,
      "resetPasswordExpiresIn": -1,
      "passwordPolicies": []
    }
    // Custom plugin configurations must be described here.
    // Example:
    //
    // "plugin-name": {
    //   "<configuration property name>": "<value>"
    // }
  },
  // The repositories are used internally by Kuzzle to store its data (users,
  // permissions, configuration etc.)
  "repositories": {
    // [Common]
    //   * cacheTTL:
    //      Time to live (in milliseconds) of cached objects.
    //      Decreasing this value will lower Redis memory and
    //      disk consumption, at the cost of increasing
    //      queries rate to the database and response times
    "common": {
      "cacheTTL": 1440000
    }
  },
  // The security section contains the configuration for Kuzzle permissions
  // mechanism
  "security": {
    // [debug]
    // Configuration for the Debug Controller
    // * native_debug_protocol:
    //    Allows the Debug Controller to use methods from the Chrome Devtools Protocol,
    //    see (https://chromedevtools.github.io/devtools-protocol/v8)
    "debug": {
      "native_debug_protocol": false
    },
    // [restrictedProfileIds]
    // The profileIds applied to a user created with the API action
    // "security:createRestrictedUser"
    "restrictedProfileIds": [
      "default"
    ],
    // [jwt]
    // configuration for the npm package jsonwebtoken
    // (see https://github.com/auth0/node-jsonwebtoken)
    //
    //   * algorithm:
    //      hash/encryption method used to sign the token
    //   * expiresIn:
    //      Token default expiration time
    //      (interpreted by https://www.npmjs.com/package/ms)
    //   * gracePeriod:
    //      Duration in ms during which a renewed jwt is still
    //      considered valid
    //   * maxTTL:
    //      Maximum duration in milliseconds a token can be requested
    //      to be valid.
    //      If set to -1 (default), no maximum duration is set.
    //   * secret:
    //      String or buffer data containing either the secret for HMAC
    //      algorithms, or the PEM encoded private key for RSA and ECDSA.
    //      If left to null (default), Kuzzle will autogenerate a random
    //      seed (can only be used with HMAC algorithms).
    "jwt": {
      "algorithm": "HS256",
      "expiresIn": "1h",
      "gracePeriod": 1000,
      "maxTTL": -1,
      "secret": null
    },
    // [apiKey]
    // API Keys configuration
    //
    //   * maxTTL:
    //      Maximum time to live of an API Key, in milliseconds
    //      If set to -1 (default), API Keys can be created with an infinite duration.
    "apiKey": {
      "maxTTL": -1
    },
    // [default]
    // The default role defines permissions for all users,
    // until an administrator configures the backend rights
    // By default, all users are granted all permissions
    "default": {
      "role": {
        "controllers": {
          "*": {
            "actions": {
              "*": true
            }
          }
        }
      }
    },
    // [standard]
    // Permissions used when creating an administrator user, either using the
    // CLI or the Back Office.
    //
    // By default, the admin user is granted all permissions.
    // Anonymous and non-administrator users have their rights restricted
    "standard": {
      "roles": {
        "admin": {
          "controllers": {
            "*": {
              "actions": {
                "*": true
              }
            }
          }
        },
        "default": {
          "controllers": {
            "auth": {
              "actions": {
                "checkToken": true,
                "getCurrentUser": true,
                "getMyRights": true,
                "logout": true,
                "updateSelf": true
              }
            },
            "server": {
              "actions": {
                "publicApi": true
              }
            }
          }
        },
        "anonymous": {
          "controllers": {
            "auth": {
              "actions": {
                "checkToken": true,
                "getCurrentUser": true,
                "getMyRights": true,
                "login": true
              }
            },
            "server": {
              "actions": {
                "publicApi": true,
                "openapi": true
              }
            }
          }
        }
      },
      "profiles": {
        "admin": {
          "rateLimit": 0,
          "policies": [
            {
              "roleId": "admin"
            }
          ]
        },
        "default": {
          "rateLimit": 10,
          "policies": [
            {
              "roleId": "default"
            }
          ]
        },
        "anonymous": {
          "rateLimit": 200,
          "policies": [
            {
              "roleId": "anonymous"
            }
          ]
        }
      }
    }
  },
  // Kuzzle server is the entry point for incoming requests
  "server": {
    // General network configuration:
    //   * maxRequestSize:
    //       The maximum size of an incoming request. Units can be expressed in
    //       bytes ("b" or none), kilobytes ("kb"), megabytes ("mb"), gigabytes
    //       ("gb") or terabytes ("tb")
    //   * port:
    //       The listening port for HTTP and WebSocket
    //   * strictSdkVersion:
    //       Raise an error when an incompatible SDK is used.
    "maxRequestSize": "1mb",
    "port": 7512,
    "strictSdkVersion": true,
    // [logs]
    // Configuration section for Kuzzle access logs
    //   * transports:
    //       An array of Winston transports configurations to output access
    //       logs. Possible transport types are: console, file, elasticsearch
    //       and syslog.
    //       Please refer to https://github.com/winstonjs/winston/blob/master/docs/transports.md
    //       for more information on transports configuration.
    //   * accessLogFormat:
    //       Access log format.
    //       Currently supported are "combined" (=Apache combined logs format)
    //       and "logstash".
    //       "logstash" will output the whole request input to JSON, ready to
    //       be consumed by logstash agent.
    //   * accessLogIpOffset:
    //       The offset to use as the client ip, from the FORWARDED-FOR chain,
    //       beginning from the right (0 = the ip address of the last
    //       client|proxy which connected to Kuzzle
    "logs": {
      "transports": [
        {
          "transport": "console",
          "level": "info",
          "stderrLevels": [],
          "silent": true
        }
      ],
      "accessLogFormat": "combined",
      "accessLogIpOffset": 0
    },
    // [protocols]
    // protocols accepted by Kuzzle.
    // protocols can be extended and configured in this section.
    "protocols": {
      "http": {
        // * additionalContentTypes:
        //    Enables Kuzzle to accept additional Content-Types.
        //    Note: This relies on the implementation of a
        //    "protocol:http:beforeParsingPayload" pipe that implements
        //    the formatting of the additional content types to JSON.
        //    The default content types are:
        //      * application/json
        //      * application/x-www-form-urlencoded
        //      * multipart/form-data
        // * allowCompression:
        //    Enable support for compressed requests, using the
        //    Content-Encoding header
        //    Currently supported compression algorithms:
        //      gzip, deflate, identity
        //    Note: "identity" is always an accepted value, even if
        //    compression support is disabled
        // * enabled:
        //    Set to "false" to disable HTTP support
        // * maxEncodingLayers:
        //    Maximum number of encoding layers that can be applied
        //    to an http message, using the Content-Encoding header.
        //    This parameter is meant to prevent abuses by setting an
        //    abnormally large number of encodings, forcing Kuzzle to
        //    allocate as many decoders to handle the incoming request.
        // * maxFormFileSize:
        //    Maximum size of requests sent via http forms
        "additionalContentTypes": [],
        "allowCompression": true,
        "enabled": true,
        "maxEncodingLayers": 3,
        "maxFormFileSize": "1mb"
      },
      "mqtt": {
        // * enabled:
        //    Set to true to enable MQTT support
        // * allowPubSub
        //    Allow MQTT pub/sub capabilities or restrict to Kuzzle requests only
        // * developmentMode
        //    Switches responseTopic back to a regular public topic
        // * disconnectDelay
        //    Delay in ms to apply between a disconnection notification is
        //    received and the connection is actually removed
        // * requestTopic
        //    Name of the topic listened by the plugin for requests
        // * responseTopic
        //    Name of the topic clients should listen to get requests result
        // * server
        //    Constructor options passed to underlying MQTT server.
        //    See aedes documentation for further reference: https://github.com/moscajs/aedes
        // * realtimeNotifications:
        //    Set to "true" to enable realtime notifications like "TokenExpired" notifications
        "enabled": false,
        "allowPubSub": false,
        "developmentMode": false,
        "disconnectDelay": 250,
        "requestTopic": "Kuzzle/request",
        "responseTopic": "Kuzzle/response",
        "server": {
          "port": 1883
        },
        "realtimeNotifications": true
      },
      "websocket": {
        // * compression:
        //    Enable/Disable per message compression
        // * enabled:
        //    Set to true to enable WebSocket support
        // * idleTimeout:
        //    The maximum time (in milliseconds) without sending or receiving a
        //    message from a client. Once reached, the client's socket is
        //    forcibly closed.
        //    If a client socket is inactive for too long, the server will send
        //    a PING request before closing the socket.
        //    Minimum value: 1000 (but it's strongly advised to not set a value
        //    this low to forcibly close idle client sockets)
        // * rateLimit:
        //    The maximum number of messages per second a single socket can
        //    submit to the server.
        //    Requests exceeding that rate limit are rejected.
        //    Disabled if set to 0.
        // * realtimeNotifications:
        //    Set to "true" to enable realtime notifications like "TokenExpired" notifications
        // * sendPingsAutomatically:
        //    Whether or not we should automatically send pings to uphold a stable connection given whatever idleTimeout.
        // * resetIdleTimeoutOnSend:
        //    This one depends on kernel timeouts and is a bad default
        "compression": false,
        "enabled": true,
        "idleTimeout": 60000,
        "rateLimit": 0,
        "realtimeNotifications": true,
        "sendPingsAutomatically": false,
        "resetIdleTimeoutOnSend": false
      }
    }
  },
  // Services are the external components Kuzzle relies on.
  "services": {
    // [common]
    //   * defaultInitTimeout:
    //       Time in ms after which a service is considered
    //       failing if it has not init.
    //   * retryInterval:
    //       Default interval in ms between Kuzzle tries to init
    //       the service again on first failure.
    "common": {
      "defaultInitTimeout": 120000,
      "retryInterval": 1000
    },
    // [internalIndex]
    // The database engine used for Kuzzle internal index
    //   * bootstrapLockTimeout:
    //       Maximum amount of time (in milliseconds)
    //       to wait for a concurrent database bootstrap
    "internalIndex": {
      "bootstrapLockTimeout": 60000
    },
    // [internalCache]
    // The cache service relies on Redis sample settings for Redis service
    // (see also https://github.com/luin/ioredis)
    //
    // 1. using a single Redis database:
    //   * node:
    //     * host:
    //         The host on which Redis can be reached.
    //         Can take an IP address, an URI or a hostname
    //     * port:
    //         The port on which Redis is running its database:
    //     * (optional, deprecated) database:
    //         ID of the redis database (default: 0)
    //         NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //               Use 'options.db' instead. If both options are set, then
    //               "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-redisport-host-options
    //   * (optional) pingKeepAlive (default: 0):
    //       The amount of time (in milliseconds) after which a PING command will be issued
    //       to the Redis server to keep the connection alive.
    //       Values <= 0 will disable the keepalive feature.
    "internalCache": {
      "backend": "redis",
      "node": {
        "host": "localhost",
        "port": 6379
      },
      "options": {
        "db": 0
      }
    },
    // 2. using a master/slaves Redis instance with Redis sentinels
    //    (cf. http://redis.io/topics/sentinel):
    //   * node:
    //     * sentinels:
    //         array of sentinels instances:
    //           * host:
    //               Host name/address of the sentinel server
    //               Can be an IP address, an URI or a hostname
    //           * port:
    //               Network port opened by Redis on the sentinel server
    //     * name:
    //         Group of Redis instances composed of a master and one
    //         or more slaves
    //     * (optional, deprecated) database:
    //         ID of the redis database (default: 0)
    //         NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //               Use 'options.db' instead. If both options are set, then
    //               "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#redis--eventemitter
    //   * (optional) pingKeepAlive (default: 0):
    //       The amount of time (in milliseconds) after which a PING command will be issued
    //       to the Redis server to keep the connection alive.
    //       Values <= 0 will disable the keepalive feature.
    //"internalCache": {
    //  "backend": "redis",
    //  "node": {
    //    "sentinels": [
    //      {"host": "sentinel-host-1", "port": 26379},
    //      {"host": "sentinel-host-2", "port": 26379},
    //      {"host": "sentinel-host-3", "port": 26379}
    //    ],
    //    "name": "kuzzle"
    //  },
    //  "options": {
    //    "db": 0
    //  }
    //},
    // 3. using a redis cluster (cf. http://redis.io/topics/cluster-spec):
    //   * nodes: array of master nodes of the cluster
    //     * host:
    //         Host name/address of a redis cluster node
    //         Can be an IP address, an URI or a hostname
    //     * port:
    //        Network port opened by the redis cluster node
    //   * (optional, deprecated) database:
    //       ID of the redis database (default: 0)
    //       NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //             Use 'options.db' instead. If both options are set, then
    //             "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-redisport-host-options
    //   * (optional) clusterOptions:
    //       Redis Cluster specific options compatible with IORedis.
    //       See Redis Cluster client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-clusterstartupnodes-options
    //   * (optional) overrideDnsLookup:
    //       Only available when using a Redis Cluster config.
    //       Use with caution: if set to true, it makes Kuzzle skip DNS validation for TLS certificates
    //       This is the only way to connect to an AWS Elasticache Cluster with TLS encryption.
    //       See: https://github.com/luin/ioredis#special-note-aws-elasticache-clusters-with-tls
    //   * (optional) pingKeepAlive (default: 0):
    //       The amount of time (in milliseconds) after which a PING command will be issued
    //       to the Redis server to keep the connection alive.
    //       Values <= 0 will disable the keepalive feature.
    //"internalCache": {
    //  "backend": "redis",
    //  "nodes": [
    //    {"host": "redis-1", "port": 6379},
    //    {"host": "redis-2", "port": 6379},
    //    {"host": "redis-3", "port": 6379}
    //  ],
    //  "options": {
    //    "db": 0
    //  },
    //  "clusterOptions": {
    //    "enableReadyCheck": true
    //  }
    //},
    // [memoryStorage]
    // The Redis memoryStorage Engine
    // (see "internalCache" above for sample settings)
    // By default, the memoryStorage engine uses the same Redis server
    // as internalCache, on database ID "5"
    //
    // 1. using a single Redis database:
    //   * node:
    //     * host:
    //         The host on which Redis can be reached.
    //         Can take an IP address, an URI or a hostname
    //     * port:
    //         The port on which Redis is running its database:
    //   * (optional, deprecated) database:
    //       ID of the redis database (default: 5)
    //       NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //             Use 'options.db' instead. If both options are set, then
    //             "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-redisport-host-options
    //   * (optional) pingKeepAlive (default: 0):
    //       The amount of time (in milliseconds) after which a PING command will be issued
    //       to the Redis server to keep the connection alive.
    //       Values <= 0 will disable the keepalive feature.
    "memoryStorage": {
      "backend": "redis",
      "node": {
        "host": "localhost",
        "port": 6379
      },
      "options": {
        "db": 5
      }
    },
    // 2. using a master/slaves Redis instance with Redis sentinels
    //    (cf. http://redis.io/topics/sentinel):
    //   * node:
    //     * sentinels:
    //         array of sentinels instances:
    //           * host:
    //               Host name/address of the sentinel server
    //               Can be an IP address, an URI or a hostname
    //           * port:
    //               Network port opened by Redis on the sentinel server
    //     * name:
    //         Group of Redis instances composed of a master and one
    //         or more slaves
    //   * (optional, deprecated) database:
    //       ID of the redis database (default: 5)
    //       NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //             Use 'options.db' instead. If both options are set, then
    //             "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-redisport-host-options
    //"memoryStorage": {
    //  "backend": "redis",
    //  "node": {
    //    "sentinels": [
    //      {"host": "sentinel-host-1", "port": 26379},
    //      {"host": "sentinel-host-2", "port": 26379},
    //      {"host": "sentinel-host-3", "port": 26379}
    //    ],
    //    "name": "kuzzle"
    //  },
    //  "options": {
    //    "db": 5
    //  }
    //},
    // 3. using a redis cluster (cf. http://redis.io/topics/cluster-spec):
    //   * nodes: array of master nodes of the cluster
    //     * host:
    //         Host name/address of a redis cluster node
    //         Can be an IP address, an URI or a hostname
    //     * port:
    //        Network port opened by the redis cluster node
    //   * (optional, deprecated) database:
    //       ID of the redis database (default: 5)
    //       NOTE: this option is deprecated and will be removed in Kuzzle v3.
    //             Use 'options.db' instead. If both options are set, then
    //             "options.db" will take precedence.
    //   * (optional) options:
    //       Redis specific options compatible with IORedis.
    //       See Redis client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-redisport-host-options
    //   * (optional) clusterOptions:
    //       Redis Cluster specific options compatible with IORedis.
    //       See Redis Cluster client constructor available options:
    //       https://github.com/luin/ioredis/blob/master/API.md#new-clusterstartupnodes-options
    //   * (optional) overrideDnsLookup:
    //       Only available when using a Redis Cluster config.
    //       Use with caution: if set to true, it makes Kuzzle skip DNS validation for TLS certificates
    //       This is the only way to connect to an AWS Elasticache Cluster with TLS encryption.
    //       See: https://github.com/luin/ioredis#special-note-aws-elasticache-clusters-with-tls
    //"memoryStorage": {
    //  "backend": "redis",
    //  "nodes": [
    //    {"host": "redis-1", "port": 6379},
    //    {"host": "redis-2", "port": 6379},
    //    {"host": "redis-3", "port": 6379}
    //  ],
    //  "options": {
    //    "db": 5
    //  },
    //  "clusterOptions": {
    //    "enableReadyCheck": true
    //  }
    //},
    // [storageEngine]
    // The default storage layer is Elasticsearch and it is
    // currently the only storage layer we support.
    //  * majorVersion:
    //      The major version of the Elasticsearch server.
    //      This value is used to determine which Elasticsearch client to use.
    //      Currently, only Elasticsearch 7.x and 8.x are supported.
    //  * backend:
    //      The storage engine to use. Currently, only "elasticsearch" is supported.
    //  * aliases:
    //      List of aliases for the storageEngine configuration.
    //   * client:
    //       Elasticsearch constructor options. Use this field to specify your
    //       Elasticsearch config options, this object is passed through to the
    //       Elasticsearch constructor and can contain all options/keys outlined
    //       here:
    //       https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/client-configuration.html
    //   * commonMapping.dynamic:
    //       Default policy against new fields that are not referenced in the
    //       collection mapping.
    //       The value of this configuration will change Elasticsearch behavior
    //       on fields that are not declared in the collection mapping.
    //         - "true": Stores document and update the collection mapping with
    //           inferred type
    //         - "false": Stores document and does not update the collection
    //           mapping (field are not indexed)
    //         - "strict": Rejects document
    //       See https://www.elastic.co/guide/en/elasticsearch/reference/7.4/dynamic-mapping.html
    "storageEngine": {
      "majorVersion": "7",
      "backend": "elasticsearch",
      "aliases": [
        "storageEngine"
      ],
      "client": {
        "node": "http://localhost:9200"
      },
      // default mapping applied to all collections
      "commonMapping": {
        "dynamic": "false",
        "properties": {
          "_kuzzle_info": {
            "properties": {
              "author": {
                "type": "keyword"
              },
              "createdAt": {
                "type": "date"
              },
              "updatedAt": {
                "type": "date"
              },
              "updater": {
                "type": "keyword"
              }
            }
          }
        }
      },
      // Global settings to apply by default (can be overriden by user requests)
      "defaultSettings": {
        "number_of_shards": 1,
        "number_of_replicas": 1
      },
      // Internal index default name and collections
      // When starting, at initialisation, kuzzle will attempt
      // to update all ES dynamic settings of existing internal
      // index's collections. Static settings are setted only at
      // creation.
      // See https://www.elastic.co/guide/en/elasticsearch/reference/7.5/index-modules.html#index-modules-settings
      "internalIndex": {
        "name": "kuzzle",
        "collections": {
          "users": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "dynamic": "false",
              "properties": {
                "profileIds": {
                  "type": "keyword"
                }
              }
            }
          },
          "profiles": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "dynamic": "false",
              "properties": {
                "policies": {
                  "properties": {
                    "roleId": {
                      "type": "keyword"
                    }
                  }
                }
              }
            }
          },
          "roles": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "dynamic": "false",
              "properties": {
                "controllers": {
                  "dynamic": "false",
                  "properties": {}
                }
              }
            }
          },
          "validations": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "properties": {
                "index": {
                  "type": "keyword"
                },
                "collection": {
                  "type": "keyword"
                },
                "validations": {
                  "dynamic": "false",
                  "properties": {}
                }
              }
            }
          },
          "config": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "dynamic": "false",
              "properties": {}
            }
          },
          "api-keys": {
            "settings": {
              "number_of_shards": 1,
              "number_of_replicas": 1
            },
            "mappings": {
              "dynamic": "false",
              "properties": {
                "userId": {
                  "type": "keyword"
                },
                "hash": {
                  "type": "keyword"
                },
                "expiresAt": {
                  "type": "long"
                },
                "ttl": {
                  "type": "keyword"
                },
                "description": {
                  "type": "text"
                },
                "token": {
                  "type": "keyword"
                }
              }
            }
          }
        }
      },
      // Maximum duration for a scroll session
      "maxScrollDuration": "1m",
      "defaults": {
        // Number of retries to attempt on an update conflict
        // before throwing an error
        "onUpdateConflictRetries": 0,
        // Time to live of a paginated search
        "scrollTTL": "15s"
      },
      // If true, Kuzzle will generate aliases for collections that don't have one.
      //
      // Typically, if an indice named `&platform.devices` does not have an alias
      // named `@&platform.devices` and pointing on the indice then it will be generated
      // even if another alias already exists on the indice.
      //
      // This option should be true only for retro-compatibility with Kuzzle < 2.14.0
      //
      // Also see https://github.com/kuzzleio/kuzzle/pull/2117
      "generateMissingAliases": true
    }
  },
  // Configuration of the Kuzzle's internal statistics module
  //   * enabled:
  //      Enable or disable the stats module
  //   * ttl:
  //      Time to live (in seconds) of a statistics frame
  //   * statsInterval:
  //      Time (in seconds) between statistics snapshots
  "stats": {
    "enabled": true,
    "ttl": 3600,
    "statsInterval": 10
  },
  // [validation]
  // Defines the specifications used to validate data.
  // Please refer to the guide for more information.
  // (https://docs.kuzzle.io/guide/1/datavalidation)
  //
  // /!\ No syntax check will be performed here /!\
  "validation": {},
  // [dump]
  // Kuzzle provides diagnostic tools, enabling analysis, support
  // and debugging on unexpected events (errors, crashes)
  // DO NOT disable this feature if you bought enterprise support
  //  * enabled:
  //      Enable/disable information dump on crash or on errors
  //      (see below)
  //  * history:
  //      * coredump:
  //          Maximum number of core dumps to keep.
  //          Core dumps weight usually between 1 and 2GB,
  //          so make sure you have enough space to store
  //          the provided number of coredumps.
  //      * reports:
  //          Maximum number of reports directories
  //  * path:
  //      Directory path where the dumps are stored
  //  * gcore:
  //      Location of the "gcore" binary
  //  * dateFormat:
  //      Format used to generate dump names
  //      (see http://momentjs.com for formats)
  //  * handledErrors:
  //      Creates a dump whenever an error belonging to the
  //      provided list is generated
  //       * enabled:
  //          Enable/disable dumps on generated errors.
  //          If disabled, dumps will only occur on crashes.
  //       * whitelist:
  //          List of error types triggering a dump
  "dump": {
    "enabled": true,
    "history": {
      "coredump": 3,
      "reports": 10
    },
    "path": "./dump/",
    "gcore": "/usr/bin/gcore",
    "dateFormat": "YYYYMMDD-HHmm",
    "handledErrors": {
      "enabled": true,
      "whitelist": [
        "Error",
        "RangeError",
        "TypeError",
        "KuzzleError",
        "InternalError"
      ]
    }
  },
  // [realtime]
  // Realtime engine options
  //   * pcreSupport (DEPRECATED):
  //       Backward-compatibility option. Since v1.11, Kuzzle's realtime engine
  //       has been switched to RE2 as its regular expressions engine, instead
  //       of regular PCREs. RE2 supports most of PCREs features, but not all.
  //       You can switch back to PCREs if you absolutely cannot convert
  //       existing regular expressions to make them compatible with RE2 in a
  //       timely fashion, but note that this will make Kuzzle vulnerable to
  //       ReDoS attacks (see https://en.wikipedia.org/wiki/ReDoS)
  //
  //       It is *VERY STRONGLY* advised to leave that option deactivated.
  //       This option is deprecated and will be removed from Kuzzle v2.
  //       More information about the RE2 engine: https://github.com/google/re2
  //
  "realtime": {
    "pcreSupport": false
  },
  // [cluster]
  // Kuzzle Cluster configuration
  //   * activityHistory:
  //       Depth of nodes activity (addition or removal) to keep in memory for
  //       the cluster:status API action
  //   * heartbeat:
  //       Delay between 2 heartbeat frames. A higher value means less
  //       reactivity for detecting dead nodes, while a lower value might mean
  //       erroneous node evictions on slow networks.
  //   * interface:
  //      Network interface to use as the node IP address.
  //      If the configured interface cannot be found, the node will refuse to
  //      start.
  //      Accepted values:
  //        * interface name (e.g. eth0, wlan0, vmnet1, ...)
  //        * IP address (v4 or v6)
  //        * MAC address
  //        * null value: no preferred network interface
  //   * ipv6:
  //       If true, asks nodes to use IPv6 to connect to each others
  //   * ip:
  //       The type of IP address to use.
  //       If no suitable IP address can be found, the node will refuse to
  //       start.
  //       Accepted values:
  //         * 'public': will target only public IPs
  //         * 'private': will target only private IPs (private addresses,
  //           ULAs and link-local addresses)
  //         * null (or blank string): no target preference. If this
  //           property is left to null, it is advised to configure an interface
  //   * joinTimeout:
  //       The cluster join timeout (in ms): if that timeout is reached before
  //       the node could join the cluster, it will kill itself.
  //   * minimumNodes:
  //       The minimum number of nodes required by the cluster. It should be set
  //       to AT LEAST to ((total number of nodes / 2) + 1), to ensure that the
  //       cluster continues to work correctly even in the face of a network
  //       split. If there are fewer nodes available than the configured
  //       minimum, the entire cluster stops accepting requests, until there are
  //       enough nodes available again.
  //       In this example, we plan to run a cluster of 3 nodes.
  //  * ports:
  //       The network TCP ports allowing cluster nodes to send messages to each
  //       others. Cluster nodes MUST be able to open those ports between
  //       themselves.
  //       There is no need to expose these ports publicly.
  //       * command:
  //          used for issuing commands between nodes (handshakes, full
  //          state requests, ...)
  //       * sync:
  //          one-way port to propagate sync information from a node to the
  //          other ones
  //  * syncTimeout:
  //      The maximum time (in milliseconds) for a new node to receive a
  //      fullstate from another node. If the cluster holds a very large number
  //      of realtime subscriptions, it might be necessary to allow more time
  //      for a fullstate to be sent to new nodes.
  "cluster": {
    "activityDepth": 50,
    "heartbeat": 2000,
    "interface": null,
    "ipv6": false,
    "ip": "private",
    "joinTimeout": 60000,
    "minimumNodes": 2,
    "ports": {
      "command": 7510,
      "sync": 7511
    },
    "syncTimeout": 5000
  }
}