Ubuntu Lawast Kurulumu: Revizyonlar arasındaki fark

Bu yazımızda siz değerli okuyucularımıza Ubuntu Sunucusu üzerinde Docker Servisini kurarak lawast yazılımının ayarlarını anlatacağız.

1- Sunucu Kutusundan çıkartılarak gerekli donanımsal yapılandırılmaları gerçekleştirilir ve Fişe takılır.

2- Sunucu Vmware ( Son versiyon ) Usb disk üzerinde çalıştırılır.

3- Sunucuya Vmware üzerinde Ubuntu için sanal makine oluşturulur.

4- Ubuntu kurulur.

"sudo apt-get update", "sudo apt update", "sudo apt upgrade"

şeklinde ubuntu sunucumuzu en güncel hale getiririz.

5- Ubuntu üzerinde Docker kurulur. Kurulum aşağıdaki sitede anlatıldığı şekilde yapılır.

Ubuntu Docker Kurlumu

Docker kurulumumuz gerçekleştikten sonra.

/home/lawast/ Klasörü içerisinde kurulum yapmamız için gerekli klasörler ve yaml dosyaları oluşturulur.

PostgreSQL Kurulumu

Ör; /home/lawast/postgresql/docker-compose.yml

---

version: '3.1'

---

services:

 postgresdb:
   image: postgres:latest
   restart: always
   environment:
     POSTGRES_PASSWORD: Size-ait-olan-şifre
     POSTGRES_USER: sizin-kullanıcı-adınız
   volumes:
     - ./data:/var/lib/postgresql/data
   ports:
     - 5432:5432

---

Komut satırından

 "docker compose up -d" yazılarak enter tuşana basılır.

SoftEtherVPN Kurulumu

/home/lawast/softethervpn/docker-compose.yml ve vpn_server.config ( bu dosyanın içi boş olucak )

---

version: "3"

services:

 softethervpn:
   image: siomiz/softethervpn
   volumes:
     - ./vpn_server.config:/usr/vpnserver/vpn_server.config
   cap_add:
     - NET_ADMIN
   ports:            
     - 5555:5555/tcp
   environment:
     - PSK= PreSharedKey
     - SPW= AdminPassword
     - HPW= AdminHubPassword

---

Kurulduktan sonra Virtual nat ve secure nat ayarları yapılıyor.

"192.168.1.0/255.255.255.0/192.168.1.1, 172.19.0.0/255.255.0.0/172.19.0.1"

Izpbx FreePBX Santral Kurulumu

/home/lawast/izpbx/docker-compose.yml ve .env ( bu dosya daha sonra link olarak eklenecek. :) )

---

version: '3'

networks:

 izpbx:
   driver: bridge

services:

 db:
   image: docker.io/mariadb:10.11.4
   container_name: izpbx-db
   command: --sql-mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
   restart: unless-stopped
   env_file:
   - .env
   environment:
   - TZ
   - MYSQL_DATABASE
   - MYSQL_USER
   - MYSQL_PASSWORD
   - MYSQL_ROOT_PASSWORD
   volumes:
   - ./data/db:/var/lib/mysql
   networks:
     izpbx:
   ports:
   - ${APP_PORT_MYSQL}:3306

 izpbx:
   image: docker.io/izdock/izpbx-asterisk:20.16.9
   container_name: izpbx
   restart: unless-stopped
   depends_on:
   - db
   env_file:
   - .env
   volumes:
   - ./data/izpbx:/data
   cap_add:
   - NET_ADMIN
   privileged: true
   ulimits:
     nofile:
       soft: 8192
       hard: 32768
   network_mode: host

---

Örnek .env dosyası

---

1. 1. 1. Persistent data management
   2. enable persistent data storage (comment if you want disable persistence of data) (default: /data)

APP_DATA=/data

1. 1. 1. TimeZone configuration
   2. set the timezone based on your geographical location (default: TZ=UTC)

TZ=Europe/Istanbul

1. 1. 1. Database
   2. WARNING: default izPBX security passwords. please change it according to your security defaults
   3. NOTE: to avoid writing the mysql root password here, the MYSQL_ROOT_PASSWORD variable can be disabled
   4. if the MYSQL_USER can create the asterisk database or if it already exist

MYSQL_PASSWORD=hQpqBAhWKgXn0VMiIPad MYSQL_ROOT_PASSWORD=DmX6qEW8HmAOuYZXk9Kr

1. 1. WARNING: enable the following vars only for testing
2. MYSQL_RANDOM_ROOT_PASSWORD=true
3. MYSQL_ALLOW_EMPTY_ROOT_PASSWORD=true

1. 1. WARNING: if docker-compose is configured with "network_mode: host" then use "MYSQL_SERVER=127.0.0.1" or the address of the remote database server
   2. WARNING: if docker-compose is not configured with "network_mode: host" then use "MYSQL_SERVER=db" or the address of the remote database server
2. MYSQL_SERVER=db

MYSQL_SERVER=127.0.0.1 MYSQL_DATABASE=asterisk MYSQL_DATABASE_CDR=asteriskcdrdb MYSQL_USER=asterisk

1. 1. 1. Email addreses and SMTP smarthost
   2. outgoing mails will set as From as: (default: [email protected])
2. [email protected]

1. 1. outgoing mails will to send notifications, like cron, fail2ban, etc... (default: [email protected])
2. [email protected]

1. 1. specify DNS name or IP address for the SMTP RelayHost (default: none)
2. SMTP_RELAYHOST=smtp.example.com
3. SMTP_RELAYHOST_PORT=25
4. SMTP_RELAYHOST_USERNAME=yourusername
5. SMTP_RELAYHOST_PASSWORD=yoursecurepassword
6. SMTP_STARTTLS=true
7. SMTP_ALLOWED_SENDER_DOMAINS=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
8. SMTP_MESSAGE_SIZE_LIMIT=67108864

1. 1. 1. Webserver and HTTP/HTTPS
   2. enable if the pbx is exposed to internet and want autoconfigure virtualhosting based on the following FQDN (default: none)
2. APP_FQDN=izpbx.example.com

1. 1. enable https protocols (default: false)
   2. by default izpbx will use a self-signed certificate generated on first run if missing

HTTPD_HTTPS_ENABLED=true

1. use custom ssl certificates (only used when LETSENCRYPT_ENABLED=false) place you certs into: /etc/asterisk/keys
2. NOTE: if you want recreate the self-signed certificates after initial deploy, you must delete the certs and restart izpbx
3. HTTPD_HTTPS_CERT_FILE=/etc/asterisk/keys/default.crt
4. HTTPD_HTTPS_KEY_FILE=/etc/asterisk/keys/default.key
5. HTTPD_HTTPS_CHAIN_FILE=/etc/asterisk/keys/default.chain.crt

1. 1. redirect unencrypted http connetions to https (default: false)

HTTPD_REDIRECT_HTTP_TO_HTTPS=true

1. 1. auto generate Let's Encrypt SSL certificates if the pbx is exposed to Internet and want enable https protocol (default: false)
   2. To use LETSENCRYPT make sure SMTP_MAIL_TO and APP_FQDN are set to correct values
2. LETSENCRYPT_ENABLED=true
3. LETSENCRYPT_COUNTRY_CODE=IT
4. LETSENCRYPT_COUNTRY_STATE=Rome

1. 1. by default everyone can connect to HTTP/HTTPS WEB interface, comment out to restrict the access and enhance the security (default: 0.0.0.0/0)
2. HTTPD_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

1. 1. 1. phpMyAdmin
2. PMA_ALIAS=/admin/pma
3. PMA_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

1. 1. 1. FOP2 configuration (https://www.fop2.com/docs/)
2. FOP2_AUTOUPGRADE=true
3. FOP2_LICENSE_NAME=<put here your corporation name>
4. FOP2_LICENSE_CODE=<put here your license code>
5. FOP2_LICENSE_IFACE=docker0

1. 1. the following variables are not mandatory, you can leave commented (FOP2_AMI_PASSWORD will be a random hash)
2. FOP2_AMI_HOST=localhost
3. FOP2_AMI_PORT=5038
4. FOP2_AMI_USERNAME=admin
5. FOP2_AMI_PASSWORD=amp111

1. 1. 1. Zabbix Network Monitoring
   2. for automatic discovery of HOSTNAME leave ZABBIX_HOSTNAME commented
2. ZABBIX_SERVER=zabbixserver.example.com
3. ZABBIX_HOSTNAME=izpbx.example.com
4. ZABBIX_HOSTMETADATA=izPBX CHANGEM3WithAS3cur3HA$H

1. 1. 1. Fail2ban
   2. format: FAIL2BAN_SECTION_KEY=VALUE
   3. by default izpbx will will use: FAIL2BAN_DEFAULT_SENDER=$SMTP_MAIL_FROM and FAIL2BAN_DEFAULT_DESTEMAIL=$SMTP_MAIL_TO, anyway you can override it bellow

FAIL2BAN_ENABLED=true FAIL2BAN_ASTERISK_ENABLED=true

1. FAIL2BAN_ASTERISK_LOGPATH=/var/log/asterisk/security
2. [email protected]
3. [email protected]
4. FAIL2BAN_DEFAULT_BANACTION=iptables-allports[blocktype=DROP]

FAIL2BAN_DEFAULT_IGNOREIP=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 192.168.1.0/24 FAIL2BAN_DEFAULT_BANTIME=300 FAIL2BAN_DEFAULT_FINDTIME=3600 FAIL2BAN_DEFAULT_MAXRETRY=10 FAIL2BAN_RECIDIVE_ENABLED=true FAIL2BAN_RECIDIVE_BANTIME=1814400 FAIL2BAN_RECIDIVE_FINDTIME=15552000 FAIL2BAN_RECIDIVE_MAXRETRY=10

1. 1. 1. FreePBX Advanced Settings
   2. prefix every FreePBX internal variable with FREEPBX_
   3. modules enabled on first startup
2. FREEPBX_MODULES_EXTRA=soundlang callrecording cdr conferences customappsreg featurecodeadmin infoservices logfiles music manager arimanager filestore recordings announcement asteriskinfo backup callforward callwaiting daynight calendar certman cidlookup contactmanager donotdisturb fax findmefollow iaxsettings miscapps miscdests ivr parking phonebook presencestate printextensions queues cel timeconditions pm2
   1. enable automatic upgrading FreePBX on izpbx startup from previous version to a new major version (ex. from 15 to 16)
   2. WARNING: this is a dangerous task!!! be sure to have a backup before enabling core autoupgrade!

FREEPBX_AUTOUPGRADE_CORE=true

1. enable automatic modules updates (NOTE: only on initial deploy)

FREEPBX_AUTOUPGRADE_MODULES=true FREEPBX_FREEPBX_SYSTEM_IDENT=KarasoyPBX FREEPBX_AS_DISPLAY_READONLY_SETTINGS=1 FREEPBX_AS_OVERRIDE_READONLY=1 FREEPBX_ENABLECW=0 FREEPBX_TONEZONE=it FREEPBX_PHPTIMEZONE=Europe/Istanbul

1. FREEPBX_BRAND_IMAGE_TANGO_LEFT=images/tango.png
2. FREEPBX_BRAND_IMAGE_FREEPBX_FOOT=images/freepbx_small.png
3. FREEPBX_BRAND_IMAGE_SPONSOR_FOOT=images/sangoma-horizontal_thumb.png
4. FREEPBX_BRAND_FREEPBX_ALT_LEFT=FreePBX
5. FREEPBX_BRAND_FREEPBX_ALT_FOOT=FreePBX®
6. FREEPBX_BRAND_SPONSOR_ALT_FOOT=www.sangoma.com
7. FREEPBX_BRAND_IMAGE_FREEPBX_LINK_LEFT=http://www.freepbx.org
8. FREEPBX_BRAND_IMAGE_FREEPBX_LINK_FOOT=http://www.freepbx.org
9. FREEPBX_BRAND_IMAGE_SPONSOR_LINK_FOOT=http://www.sangoma.com
10. FREEPBX_RSSFEEDS=

1. 1. WORKAROUND @20200322 https://issues.freepbx.org/browse/FREEPBX-20559 : fwconsole setting SIGNATURECHECK 0
2. FREEPBX_SIGNATURECHECK=0

1. 1. 1. PhoneBook Settings
   2. PhoneBook server address used by VoiP Phones.
   3. You can specify IP or DNS name. If empty, by default will be used in order: 'http://$APP_FQDN' or 'http://PBXIP'
2. PHONEBOOK_ADDRESS=https://izpbx.example.com

1. 1. 1. DHCP/NTP/TFTP Server
2. DHCP_DOMAIN=izpbx.local
3. DHCP_POOL_START=10.1.1.10
4. DHCP_POOL_END=10.1.1.250
5. DHCP_POOL_LEASE=72h
   1. DHCP_DNS: leave commented to use docker container DNS ip address
6. DHCP_DNS=10.1.1.1
7. DHCP_GW=10.1.1.1
8. DHCP_NTP=10.1.1.1

1. 1. 1. NTP Server
2. NTP_SERVERS=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org
3. NTP_ALLOW_FROM=127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

1. 1. 1. Container Network Ports
   2. webserver and freepbx ports

APP_PORT_HTTP=80 APP_PORT_HTTPS=443

1. asterisk ports

APP_PORT_IAX=4569 APP_PORT_PJSIP=5060 APP_PORT_SIP=5160 APP_PORT_WEBRTC=8089 APP_PORT_UCP_HTTP=8001 APP_PORT_UCP_HTTPS=8003 APP_PORT_AMI=8088

1. 1. WARNING: tune the APP_PORT_RTP_END to a lower value (ex. 10200) if 'network_mode: host' is not used

APP_PORT_RTP_START=10000 APP_PORT_RTP_END=20000

1. database port

APP_PORT_MYSQL=3306

1. other services ports

APP_PORT_DHCP=67 APP_PORT_TFTP=69 APP_PORT_NTP=123 APP_PORT_FOP2=4445 APP_PORT_ZABBIX=10050

1. 1. 1. Container Services

MSMTP_ENABLED=true

1. POSTFIX_ENABLED=true

CRON_ENABLED=true HTTPD_ENABLED=true IZPBX_ENABLED=true FAIL2BAN_ENABLED=true

1. DHCP_ENABLED=true
2. TFTP_ENABLED=true
3. NTP_ENABLED=true
4. FOP2_ENABLED=true
5. ZABBIX_ENABLED=true
6. PMA_ENABLED=true

PHONEBOOK_ENABLED=true

---

izpbx ilk kurulum yapıldıktan sonra 10-15 dakika aralığında web sayfasından erişilebilir oluyor.

Ardından Freepbx update kısmından Please confirm the following actions: Upgrades, installs, enables and disables:

   PBX API 16.0.13 will be downloaded and installed and switched to the stable track
   Dynamic Routes 16.0.4 will be downloaded and installed and switched to the stable track

bu 2 modül yükleniyor.

Ftp Yazılımının Kurulumu Ftp yazılımı alınan yedeklerin firma tarafından indirilip kendilerince yedeklenmesi için kurulmaktadır. Tüm yedekler /home/karasoy/yedek klasöründe tutulur. Buna göre hazırlanmış yaml dosyası /home/karasoy/uygulama/ftp altında compose.yaml olarak kaydedilir. Örnek Yaml dosyası aşağıdaki gibi

services:

 sftpgo:
   image: 195.142.235.184:5000/ftp
   container_name: ftp
   ports:
     - 8080:8080
     - 2022:2022    
   volumes:
     -  /home/karasoy/yedek:/srv/sftpgo
     - ./config-data:/var/lib/sftpgo

/home/karasoy/uygulama/ftp/config-data klasörünün içerisine içeriği aşağıdaki gibi olan Sftpgo.json dosyası oluşturulur. {

 "common": {
   "idle_timeout": 15,
   "upload_mode": 0,
   "actions": {
     "execute_on": [],
     "execute_sync": [],
     "hook": ""
   },
   "setstat_mode": 0,
   "rename_mode": 0,
   "temp_path": "",
   "proxy_protocol": 0,
   "proxy_allowed": [],
   "proxy_skipped": [],
   "startup_hook": "",
   "post_connect_hook": "",
   "post_disconnect_hook": "",
   "data_retention_hook": "",
   "max_total_connections": 0,
   "max_per_host_connections": 20,
   "allowlist_status": 0,
   "allow_self_connections": 0,
   "defender": {
     "enabled": false,
     "driver": "memory",
     "ban_time": 30,
     "ban_time_increment": 50,
     "threshold": 15,
     "score_invalid": 2,
     "score_valid": 1,
     "score_limit_exceeded": 3,
     "score_no_auth": 0,
     "observation_time": 30,
     "entries_soft_limit": 100,
     "entries_hard_limit": 150
   },
   "rate_limiters": [
     {
       "average": 0,
       "period": 1000,
       "burst": 1,
       "type": 2,
       "protocols": [
         "SSH",
         "FTP",
         "DAV",
         "HTTP"
       ],
       "generate_defender_events": false,
       "entries_soft_limit": 100,
       "entries_hard_limit": 150
     }
   ]
 },
 "acme": {
   "domains": [],
   "email": "",
   "key_type": "4096",
   "certs_path": "certs",
   "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory",
   "renew_days": 30,
   "http01_challenge": {
     "port": 80,
     "proxy_header": "",
     "webroot": ""
   },
   "tls_alpn01_challenge": {
     "port": 0
   }
 },
 "sftpd": {
   "bindings": [
     {
       "port": 2022,
       "address": "",
       "apply_proxy_config": true
     }
   ],
   "max_auth_tries": 0,
   "banner": "",
   "host_keys": [],
   "host_certificates": [],
   "host_key_algorithms": [],
   "moduli": [],
   "kex_algorithms": [],
   "ciphers": [],
   "macs": [],
   "trusted_user_ca_keys": [],
   "revoked_user_certs_file": "",
   "login_banner_file": "",
   "enabled_ssh_commands": [
     "md5sum",
     "sha1sum",
     "sha256sum",
     "cd",
     "pwd",
     "scp"
   ],
   "keyboard_interactive_authentication": true,
   "keyboard_interactive_auth_hook": "",
   "password_authentication": true,
   "folder_prefix": ""
 },
 "ftpd": {
   "bindings": [
     {
       "port": 0,
       "address": "",
       "apply_proxy_config": true,
       "tls_mode": 0,
       "certificate_file": "",
       "certificate_key_file": "",
       "min_tls_version": 12,
       "force_passive_ip": "",
       "passive_ip_overrides": [],
       "passive_host": "",
       "client_auth_type": 0,
       "tls_cipher_suites": [],
       "passive_connections_security": 0,
       "active_connections_security": 0,
       "debug": false
     }
   ],
   "banner": "",
   "banner_file": "",
   "active_transfers_port_non_20": true,
   "passive_port_range": {
     "start": 50000,
     "end": 50100
   },
   "disable_active_mode": false,
   "enable_site": false,
   "hash_support": 0,
   "combine_support": 0,
   "certificate_file": "",
   "certificate_key_file": "",
   "ca_certificates": [],
   "ca_revocation_lists": []
 },
 "webdavd": {
   "bindings": [
     {
       "port": 0,
       "address": "",
       "enable_https": false,
       "certificate_file": "",
       "certificate_key_file": "",
       "min_tls_version": 12,
       "client_auth_type": 0,
       "tls_cipher_suites": [],
       "prefix": "",
       "proxy_allowed": [],
       "client_ip_proxy_header": "",
       "client_ip_header_depth": 0,
       "disable_www_auth_header": false
     }
   ],
   "certificate_file": "",
   "certificate_key_file": "",
   "ca_certificates": [],
   "ca_revocation_lists": [],
   "cors": {
     "enabled": false,
     "allowed_origins": [],
     "allowed_methods": [],
     "allowed_headers": [],
     "exposed_headers": [],
     "allow_credentials": false,
     "max_age": 0,
     "options_passthrough": false,
     "options_success_status": 0,
     "allow_private_network": false
   },
   "cache": {
     "users": {
       "expiration_time": 0,
       "max_size": 50
     },
     "mime_types": {
       "enabled": true,
       "max_size": 1000,
       "custom_mappings": []
     }
   }
 },
 "data_provider": {
   "driver": "sqlite",
   "name": "sftpgo.db",
   "host": "",
   "port": 0,
   "username": "",
   "password": "",
   "sslmode": 0,
   "disable_sni": false,
   "target_session_attrs": "",
   "root_cert": "",
   "client_cert": "",
   "client_key": "",
   "connection_string": "",
   "sql_tables_prefix": "",
   "track_quota": 2,
   "delayed_quota_update": 0,
   "pool_size": 0,
   "users_base_dir": "/srv/sftpgo/data",
   "actions": {
     "execute_on": [],
     "execute_for": [],
     "hook": ""
   },
   "external_auth_hook": "",
   "external_auth_scope": 0,
   "pre_login_hook": "",
   "post_login_hook": "",
   "post_login_scope": 0,
   "check_password_hook": "",
   "check_password_scope": 0,
   "password_hashing": {
     "bcrypt_options": {
       "cost": 10
     },
     "argon2_options": {
       "memory": 65536,
       "iterations": 1,
       "parallelism": 2
     },
     "algo": "bcrypt"
   },
   "password_validation": {
     "admins": {
       "min_entropy": 0
     },
     "users": {
       "min_entropy": 0
     }
   },
   "password_caching": true,
   "update_mode": 0,
   "create_default_admin": false,
   "naming_rules": 5,
   "is_shared": 0,
   "node": {
     "host": "",
     "port": 0,
     "proto": "http"
   },
   "backups_path": "/srv/sftpgo/backup"
 },
 "httpd": {
   "bindings": [
     {
       "port": 8080,
       "address": "",
       "enable_web_admin": true,
       "enable_web_client": true,
       "enable_rest_api": true,
       "enabled_login_methods": 0,
       "enable_https": false,
       "certificate_file": "",
       "certificate_key_file": "",
       "min_tls_version": 12,
       "client_auth_type": 0,
       "tls_cipher_suites": [],
       "proxy_allowed": [],
       "client_ip_proxy_header": "",
       "client_ip_header_depth": 0,
       "hide_login_url": 0,
       "render_openapi": true,
       "web_client_integrations": [],
       "oidc": {
         "client_id": "",
         "client_secret": "",
         "config_url": "",
         "redirect_base_url": "",
         "scopes": [
           "openid",
           "profile",
           "email"
         ],
         "username_field": "",
         "role_field": "",
         "implicit_roles": false,
         "custom_fields": [],
         "insecure_skip_signature_check": false,
         "debug": false
       },
       "security": {
         "enabled": false,
         "allowed_hosts": [],
         "allowed_hosts_are_regex": false,
         "hosts_proxy_headers": [],
         "https_redirect": false,
         "https_host": "",
         "https_proxy_headers": [],
         "sts_seconds": 0,
         "sts_include_subdomains": false,
         "sts_preload": false,
         "content_type_nosniff": false,
         "content_security_policy": "",
         "permissions_policy": "",
         "cross_origin_opener_policy": "",
         "expect_ct_header": ""
       },
       "branding": {
         "web_admin": {
           "name": "",
           "short_name": "",
           "favicon_path": "",
           "logo_path": "",
           "login_image_path": "",
           "disclaimer_name": "",
           "disclaimer_path": "",
           "default_css": "",
           "extra_css": []
         },
         "web_client": {
           "name": "",
           "short_name": "",
           "favicon_path": "",
           "logo_path": "",
           "login_image_path": "",
           "disclaimer_name": "",
           "disclaimer_path": "",
           "default_css": "",
           "extra_css": []
         }
       }
     }
   ],
   "templates_path": "templates",
   "static_files_path": "static",
   "openapi_path": "openapi",
   "web_root": "",
   "certificate_file": "",
   "certificate_key_file": "",
   "ca_certificates": [],
   "ca_revocation_lists": [],
   "signing_passphrase": "",
   "token_validation": 0,
   "max_upload_file_size": 0,
   "cors": {
     "enabled": false,
     "allowed_origins": [],
     "allowed_methods": [],
     "allowed_headers": [],
     "exposed_headers": [],
     "allow_credentials": false,
     "max_age": 0,
     "options_passthrough": false,
     "options_success_status": 0,
     "allow_private_network": false
   },
   "setup": {
     "installation_code": "",
     "installation_code_hint": "Installation code"
   },
   "hide_support_link": false
 },
 "telemetry": {
   "bind_port": 0,
   "bind_address": "127.0.0.1",
   "enable_profiler": false,
   "auth_user_file": "",
   "certificate_file": "",
   "certificate_key_file": "",
   "min_tls_version": 12,
   "tls_cipher_suites": []
 },
 "http": {
   "timeout": 20,
   "retry_wait_min": 2,
   "retry_wait_max": 30,
   "retry_max": 3,
   "ca_certificates": [],
   "certificates": [],
   "skip_tls_verify": false,
   "headers": []
 },
 "command": {
   "timeout": 30,
   "env": [],
   "commands": []
 },
 "kms": {
   "secrets": {
     "url": "",
     "master_key": "",
     "master_key_path": ""
   }
 },
 "mfa": {
   "totp": [
     {
       "name": "Default",
       "issuer": "SFTPGo",
       "algo": "sha1"
     }
   ]
 },
 "smtp": {
   "host": "",
   "port": 25,
   "from": "",
   "user": "",
   "password": "",
   "auth_type": 0,
   "encryption": 0,
   "domain": "",
   "templates_path": "templates",
   "debug": 0,
   "oauth2": {
     "provider": 0,
     "tenant": "",
     "client_id": "",
     "client_secret": "",
     "refresh_token": ""
   }
 },
 "plugins": []

}