post_commands:
    - sudo tee -a /opt/surfly/ats_certs.pem < path_to_your_root_certificate

# `client_id` is the unique identifier of a client in our build system
client_id: abc

# `client_secret` together with `client_id` are used to authenticate a server in our build system
client_secret: a1b4

# `version` is used to specify the version of the build. Recommended value is `prod`
version: prod

# List of paths to the certificates (deprecated since v3.304)
# certificates: ["/home/client/mycert1.pem", "/home/client/mycert1.pem"]

# Directory with certificates in *.pem format
ssl_certs_dir: /certs

# List of the steps to skip during the installation process
skip: [
  "prepare_machine",  # do not update dependencies
  "installation",  # download a build, but skip installation process
  "backup_database", # do not create a database backup copy
  "backup_services", # do not create a services backup copy
  "backup",  # do not create any backup
  ]

# Use verbose output for the ansible playbook
verbose: false

# Use local build file instead of requesting it from the Surfly build server
build_file: /home/user/abc_def_ghi.xfc.tar.gz

# All variables from the section will be set as environmental variables
# on the server when running ./setup command
environment:
  # Size of Varnish cache (default: 1.5G)
  varnish_size: 2G

  # Minimum number of threads in varnish per worker (default: 100, number of workers: 2)
  varnish_min_threads: 200

  # Size of short-lived Varnish cache (default: 1G)
  varnish_transient_size: 1000M

  # varnish storage backend. Usually "malloc" or "file,<filepath>". Default: "malloc"
  varnish_storage_backend: malloc

  # Size of Redis cache (default: 1G)
  redis_size: 1000M

  # Redis host
  redis_host: 127.0.0.1

  # Redis port
  redis_port: 6379

  # Size of in memory Apache Traffic Server cache (default: 512M)
  ats_size: 512M

  # Connection string to PostgreSQL database
  # Examples:
  # - Connect over Unix socket:
  #   surfly =
  #
  # - Remote database:
  #   surfly = host=1.2.3.4 port=5432 user=surfly_app password=secret
  # Documentation: http://www.pgbouncer.org/config.html
  db_connect_string: surfly =

  # Allow Surfly to create a session on private resources. Note: if you enable
  # this option, make sure your firewall configuration is strict.
  # Can also be a space separated list of private IP addresses and subnets to be
  # allowed
  allow_private_resources: true

  # Space separated list of the DNS servers (if it is not specified, it is
  # populated from the /etc/resolv.conf file)
  nginx_dns_resolvers: 8.8.8.8 8.8.4.4

  # max number of connections per nginx process (both frontend and backend)
  nginx_max_connections: 1024

  # The number of processes serving proxy requests. The recommended value is
  # less or equal to the number of CPU cores
  proxy_workers: 4

  # The number of processes serving dashboard requests. The recommended value is
  # less or equal to the number of CPU cores and less than 20
  dashboard_workers: 4

  # The number of processes serving Session API requests
  api_app_workers: 2

  # Rate limit Surfly REST API requests, req/min per IP address
  rest_api_rate_limit: 100

  # Proxy settings
  dep_http_proxy: http://10.0.0.11:8000
  dep_https_proxy: http://10.0.0.11:8000
  dep_ftp_proxy: http://10.0.0.11:8000
  dep_no_proxy: localhost,127.0.0.1

  # Default localization for new users
  # The time zone has to specified as a name of an entry in the tz database
  # see https://www.iana.org/time-zones and https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
  default_time_zone: UTC
  # The language has to be specified as a two letter iso 639-1 language code
  default_language: en

  # Include to set default login page to Single Sign On instead of password based login
  default_login_sso: true

  # Specify allowed HTTP methods for proxy application (default: all allowed (when absent))
  valid_http_methods: GET POST HEAD

  # Authentication token to call session API (default: randomly generated token (when absent))
  # Note: Spaces are not allowed
  cobro_auth_token: your_cobro_auth_oken

  # Force podman containers to run as root user instead of rootless (default: false (when absent))
  force_privileged: false

  # Include to block all connections to dashboard backends. Default: ommited
  disable_dashboard: true

  # Error template directory path, this can be used to rebrand error response pages.
  # For more info see the section on Surfly error in rebranding
  error_template_dir: /home/client/error_templ

  # Multi-server setup
  #
  # Unique cobro server id
  cobro_server_id: 81

  # Region of the server. The value is a valid session option for preferred region to start a session on
  cobro_server_region: eu-west

  # Description of the server. Used in `/v2/servers/` REST API endpoint
  cobro_server_description: Server 81 in OVH

  # IP addresses assigned to the server. This is a string with arbitrary format, it only affects
  # the server description in the `/v2/servers/` REST API endpoint. You need to update this manually
  # if the actual IP is changed.
  cobro_server_ips: 78.47.179.204, 2a01:4f8:b0:a033::2

  # Autorization token for internal dashboard API
  dashboard_auth_token: your_auth_token

  # Space separated list of dashboard URLs for a cobro server to register in
  dashboard_urls: https://app.yourdomain.com

  ##

  # Report attempts to violate the Content Security Policy to this URL
  csp_report_uri: https://example.com/csp/

  # Set timezone on the server
  server_timezone: UTC

  # Use the branding settings of the company with this ID to style the login
  # page and as a default for users in companies without custom branding
  # settings
  default_branding_company: 1

  # Specifies bind address for haproxy. More information is available here
  # https://www.haproxy.com/documentation/hapee/latest/configuration/binds/syntax/
  haproxy_listen_on: ::

  # Specifies dashboard session cookie timeout, in seconds
  session_cookie_age: 1209600

# Specifies the endpoints used for the session-recorder feature
start_recording_endpoint: https://recorder.example.com/start
end_recording_endpoint: https://recorder.example.com/end

# License key for Pdftron document editor, without it default pdf.js viewer is used
pdftron_key: PDFTRONKEY

# If specified, it enables server-side rendering mode in Pdftron document editor
pdftron_server: https://editor.example.com/

# Enable screenshot functionality on the server by providing credentials to
# S3 bucket to upload screenshots to
screenshots:
  screenshot_s3_bucket: screenshot_bucket
  screenshot_aws_access_key_id: ACCESSKEY
  screenshot_aws_secret_access_key: SECRETKEY

# Enable async session history CSV extraction by providing credentials to
# S3 bucket to upload CSVs to (link to uploaded file will be sent via e-mail)
session_history_csv:
  csv_upload_aws_bucket: csv_bucket
  csv_upload_aws_access_key_id: ACCESSKEY
  csv_upload_aws_secret_access_key: SECRETKEY

# Indicate the time period, in seconds, after which a session is classified as inactive and terminated as a 'zombie'
# if there has been no activity in the session during that time.
collect_zombie_period: 120

email:
  # By default Surfly prints the content of the all outgoing emails to the logs.
  # Use `surflyapp.email_backends.SMTPBackend` to send emails via your own
  # SMTP server or `surflyapp.email_backends.MandrillBackend` to use your
  # own Mandrill account
  email_backend: "surflyapp.email_backends.ConsoleBackend"

  # Default `from` email address
  default_from_email: support@surfly.com


  # SMTP configuration
  #
  # For more information, check official Django documentation
  # https://docs.djangoproject.com/en/1.11/topics/email/#smtp-backend
  email_host: localhost
  email_port: 1025
  email_host_user: client
  email_host_password: password
  email_use_tls: true
  email_use_ssl: false

  # MANDRILL configuration
  #
  # API key for your Mandrill account
  mandrill_api_key: "your_mandrill_key"

# OAuth2 configuration for admission into session
oauth:
  oauth_server_name: yourdomain.com
  github_client_id: CLIENTID
  github_client_secret: CLIENTSECRET

# Configuration for the Vonage SMS API
sms:
  vonage_com_api_key: APIKEY
  vonage_com_api_secret: APISECRET
  vonage_us_phone_number: PHONENUMBER

# Install and configure dns cache. dnsmasq is installed as the caching server
# (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) and
# NetworkManager is configured to use it
dns_cache: false

# Email address to which notifications should be send to
notify_email: admin@yourdomain.com

# The section is used by a redundant server to synchronize state with master node (main server)
master_node:
  host: 192.168.33.11  # IP address of the master node
  user: client  # the script establishes SSH connection with this user
  notify: ["success", "failure"]  # Send notifications to `notify_email` with synchronization's results

# Override redirect URLs for specific domains, specify favicon and tab title of the dashboard for specific domains
domain_redirects:
  surfly.com:
    contact: https://www.surfly.com/contact/
    dashboard_favicon: https://docs.surfly.com/installation/favicon.ico
    dashboard_title: "Surfly"
    docs: https://docs.surfly.com
    error404: https://some-other-404-page.example.com
    home: https://www.surfly.com
    register: https://some-other-register-page.example.com
    successful_session_start: http://help.surfly.com/en/articles/5342170-what-defines-the-successful-start-of-a-session
    videochat_docs: https://docs.surfly.com/surfly-options.html#header-video

# HTTP header to use for agent IP checks configured in Company settings,
# e.g. `X-Forwarded-For`. Set this if you have a hardware
# firewall in front of Surfly. Only the first comma-separated IP is considered
# when reading the header's value. If not set, the actual source IP is used.
client_ip_header: X-Forwarded-For

# Custom urls to verify the server status. By default https://app.your_domain.com/healthcheck/ is used
# Please make sure the domain name used here is being resolved to the server being configured
# If you want to simplify this on test environments you can also use http://localhost:8017/healthcheck/
# But this is strongly unadvised in production environments, as it won't check the certificate being used for the
# domain used on the server, and it might result in false positives during the deploy
healthcheck_urls:
  - https://eu.surfly.com/healthcheck/

# Run commands after Surfly installation was successfully finished. A command might be formatted using
# values from config.yaml file:
post_commands:
  - logger "Version {config[version]} is deployed"
  - curl -s http://localhost:8003/CobroVersion | echo $(</dev/stdin)

# Lock a specific version of Surfly
version_lock: v3.100

# Console settings

# Email backend for Console
# base.email_backends.SMTPBackend - send emails via your own SMTP server
# base.email_backends.MandrillBackend - use your own Mandrill account
# base.email_backends.ConsoleBackend - print the content of the all outgoing emails to the logs
console_email_backend: "base.email_backends.ConsoleBackend"
# The remaining email settings are identical to those outlined in the 'email' section above.

# S3 credentials for storing Console UI assets (user avatars, company logos, etc.)
console_ui_assets_s3_access_key_id: "s3_access_key_id"
console_ui_assets_s3_secret_access_key: "s3_secret_access_key"
console_ui_assets_s3_endpoint_url: "s3_endpoint_url"
console_ui_assets_s3_bucket_name: "s3_bucket_name"
console_ui_assets_s3_region_name: "s3_region_name"

client_id: abc
client_secret: your_client_secret
vaersion: prod
email:
  email_backend: "surflyapp.email_backends.MandrillBackend"
  mandrill_api_key: "abc123"

client_id: abc
client_secret: your_client_secret
vaersion: prod
email:
  email_backend: "surflyapp.email_backends.SMTPBackend"
  email_host: youremailserver.com
  email_port: 1025
  email_host_user: client
  email_host_password: password
  email_use_tls: true
  email_use_ssl: false

./setup create_user

./setup manage_command set_invite_by {COMPANY_ID} {email|sms}

./setup manage_command set_invite_by 67145 sms

pg_dump -U surfly_app surfly > ~/$(date +"%Y-%m-%d").sql

dropdb -U postgres surfly && createdb -U postgres -O surfly_app -E UTF8 surfly && psql -U surfly_app surfly < ~/2018-03-16.sql

pg_dump -U surfly_app surfly | pigz > ~/$(date +"%Y-%m-%d").gz

dropdb -U postgres surfly && createdb -U postgres -O surfly_app -E UTF8 surfly && gunzip -c ~/2018-03-16.gz | psql -U surfly_app surfly

~/install/upgrade_pg

podman exec ss-varnish varnishadm -n /opt/varnish/ "ban req.url ~ ."

systemctl --user restart ss-trafficserver

systemctl --user list-dependencies ss-surfly.target

systemctl --user status ss-paws

systemctl --user restart ss-surfly.target

systemctl --user stop ss-surfly.target

systemctl --user start ss-surfly.target

master_node:
  host: 192.168.33.11
  user: client

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.

ssh-keygen -R github.com

ssh-keygen -R github.com
curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts

...
verbose: true
...