nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5816 Commits
2 Branches
112 MiB
Tree: d78474264d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd78474264d'
${ noResults }
mastodon_neko/.env.production.sample

232 lines
8.3 KiB
Raw Normal View History

Adding e-mail configuration
8 years ago
Clean up redis configuration. Allow using REDIS_URL to set advanced (#2732) connection options instead of setting REDIS_HOST etc individually Close #1986
7 years ago
Document REDIS_NAMESPACE (#5038)
7 years ago
Adding a docker-compose template for running Mastodon easily
8 years ago
Fixing the docker container setup (with assets compilation &co)
8 years ago
fix DB_URL (#2778)
7 years ago
Fixing the docker container setup (with assets compilation &co)
8 years ago
Full-text search for authorized statuses (#6423) * Add full-text search for authorized statuses - Search API will return statuses that match the query - Only for logged in users - Only if you are author of the status, - Or you were mentioned in it - Or you favourited or reblogged it - Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX` - Run `rails chewy:deploy` to create & populate index Fix #5880 Fix #4293 Fix #1152 * Add commented out docker-compose configuration for ES container * Optimize index import, filter search results * Add basic normalization to the index * Add better stemming and normalization to the index * Skip webfinger request if search query includes both @ and a space * Fix code style * Visually separate search result sections * Fix code style issues
6 years ago
Adjust suggested ES host in .env sample for docker-compose config (#6710)
6 years ago
Full-text search for authorized statuses (#6423) * Add full-text search for authorized statuses - Search API will return statuses that match the query - Only for logged in users - Only if you are author of the status, - Or you were mentioned in it - Or you favourited or reblogged it - Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX` - Run `rails chewy:deploy` to create & populate index Fix #5880 Fix #4293 Fix #1152 * Add commented out docker-compose configuration for ES container * Optimize index import, filter search results * Add basic normalization to the index * Add better stemming and normalization to the index * Skip webfinger request if search query includes both @ and a space * Fix code style * Visually separate search result sections * Fix code style issues
6 years ago
Adding e-mail configuration
8 years ago
enforce LOCAL_HTTPS=true in production (#6061) * enforce https in production * note changes in production env sample * typo fix
6 years ago
Adds better documentation to LOCAL_DOMAIN and LOCAL_HTTPS (#3149) Fixes #2254
7 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
enforce LOCAL_HTTPS=true in production (#6061) * enforce https in production * note changes in production env sample * typo fix
6 years ago
Adding e-mail configuration
8 years ago
Allow running mastodon on a different domain as the one used for identifying users (#1267) * Allow running mastodon on a different domain as the one used for identifying users * Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing * Compare to web_domain instead of local_domain when dealing with feeds/API * Correctly identify mentions to local accounts Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
7 years ago
Add additional documentation and warnings to the WEB_DOMAIN setting. (#2386) * Add additional documentation and warnings to the WEB_DOMAIN setting. This feature is largely undocumented, and quite a number of users have shot them in the feet already despite the warning. Added a bit of documentation and expanded the warning until we have a mechanism for dealing with conflicting user URIs. * Change WEB_DOMAIN comments to point to the extensive online documentation
7 years ago
Allow running mastodon on a different domain as the one used for identifying users (#1267) * Allow running mastodon on a different domain as the one used for identifying users * Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing * Compare to web_domain instead of local_domain when dealing with feeds/API * Correctly identify mentions to local accounts Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
7 years ago
Allow alternate domains for mastodon handlers (#3187)
7 years ago
Adding e-mail configuration
8 years ago
comment correction (#4812)
7 years ago
Adding a docker-compose template for running Mastodon easily
8 years ago
Update sample .env
7 years ago
Adding e-mail configuration
8 years ago
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
comment correction (#4812)
7 years ago
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
7 years ago
Add single user mode
8 years ago
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817
7 years ago
Add single user mode
8 years ago
Allow setting of default language through config Setting of locale in controller extracted to Localized concern, the doorkeeper authorized applications controller moved under custom namespace with inclusion of Localized, which resolves the "it sometimes appears in a different random language" bug
7 years ago
Adding e-mail configuration
8 years ago
Moved into a comment per feedback
7 years ago
Allow using an SMTP server without authentication (#1597) * Allow using an SMTP server without authentication (e.g Postfix relay on the same host) by setting SMTP_LOGIN and SMTP_AUTH_METHOD to 'none' * Add note in .env.production.sample about SMTP settings for servers where no auth is required * Assume that SMTP_LOGIN and SMTP_PASSWORD will be blank if we set SMTP_AUTH_METHOD to none
7 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Improve example env file for local Postfix relay (#2892)
7 years ago
Adding e-mail configuration
8 years ago
Add documentation of SMTP_DOMAIN (#1738) Without setting it, exim will reject the mail with a message like: rejected EHLO from [10.20.0.1]: syntactically invalid argument(s): {}
7 years ago
smtp delivery type fix (#1556) * delivery fix # Conflicts: # config/environments/production.rb * added stub in .env file * reordered and added a comment
7 years ago
More SMTP customization (#1372) * Allow SMTP auth method customization * Add SMTP openssl_verify_mode option support Allows one use self-signed certs with their SMTP server. * Add SMTP enable_starttls_auto option support
7 years ago
Allow to set CA file for SMTP (#2713)
7 years ago
More SMTP customization (#1372) * Allow SMTP auth method customization * Add SMTP openssl_verify_mode option support Allows one use self-signed certs with their SMTP server. * Add SMTP enable_starttls_auto option support
7 years ago
Show SMTP_TLS in config sample (#4477)
7 years ago
Fix CDN_HOST variable requirement
8 years ago
Custom Paperclip path. (#778) * Custom Paperclip path. * Document PAPERCLIP_ROOT. * Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH).
7 years ago
Fix CDN_HOST variable requirement
8 years ago
Document CORS requirement for asset host (#6941)
6 years ago
added 'https://' to CDN_HOST variable example (#3446)
7 years ago
Upgrade Paperclip to 5, AWS-SDK to 2, do not generate medium/small versions of avatars
8 years ago
Cache attachments on external host with service worker (#7493)
6 years ago
Add single user mode
8 years ago
:wrench: S3 protocol from ENV add support for reading S3 protocol from ENV also add S3_HOSTNAME in .env.production.sample
7 years ago
Add single user mode
8 years ago
Update Finnish translations, add sample Minio config (#954)
7 years ago
Cache attachments on external host with service worker (#7493)
6 years ago
Update Finnish translations, add sample Minio config (#954)
7 years ago
Change to switch signature version for Amazon S3 (#2124)
7 years ago
Update Finnish translations, add sample Minio config (#954)
7 years ago
Add environment sample for OpenStack Swift (#4816)
7 years ago
Cache attachments on external host with service worker (#7493)
6 years ago
Add environment sample for OpenStack Swift (#4816)
7 years ago
Add OpenStack Keystone V3 support (#4889) Keystone V2 is deprecated in favour of V3. This adds the necessary connection parameters for establishing a V3 connection. Connections to V2 endpoints are still possible and the configuration should remain compatible. This also introduces a SWIFT_REGION variable for multi-region OpenStack environments and a SWIFT_CACHE_TTL that controls how long tokens and other meta-data is cached for. Caching tokens avoids rate-limiting errors that would result in media uploads becoming unavailable during high load or when using tasks like media:remove_remote. fog-openstack only supports token caching for V3 endpoints, so a recommendation for using V3 was added.
7 years ago
Add environment sample for OpenStack Swift (#4816)
7 years ago
Improve OpenStack v3 compatibility (#7392) * Update paperclip.rb * Update .env.production.sample * Update paperclip.rb
6 years ago
Add OpenStack Keystone V3 support (#4889) Keystone V2 is deprecated in favour of V3. This adds the necessary connection parameters for establishing a V3 connection. Connections to V2 endpoints are still possible and the configuration should remain compatible. This also introduces a SWIFT_REGION variable for multi-region OpenStack environments and a SWIFT_CACHE_TTL that controls how long tokens and other meta-data is cached for. Caching tokens avoids rate-limiting errors that would result in media uploads becoming unavailable during high load or when using tasks like media:remove_remote. fog-openstack only supports token caching for V3 endpoints, so a recommendation for using V3 was added.
7 years ago
Add environment sample for OpenStack Swift (#4816)
7 years ago
Add OpenStack Keystone V3 support (#4889) Keystone V2 is deprecated in favour of V3. This adds the necessary connection parameters for establishing a V3 connection. Connections to V2 endpoints are still possible and the configuration should remain compatible. This also introduces a SWIFT_REGION variable for multi-region OpenStack environments and a SWIFT_CACHE_TTL that controls how long tokens and other meta-data is cached for. Caching tokens avoids rate-limiting errors that would result in media uploads becoming unavailable during high load or when using tasks like media:remove_remote. fog-openstack only supports token caching for V3 endpoints, so a recommendation for using V3 was added.
7 years ago
Add environment sample for OpenStack Swift (#4816)
7 years ago
Add single user mode
8 years ago
Update sample .env
7 years ago
Make the streaming API also handle websockets (because trying to get the browser EventSource interface to work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
7 years ago
Add env variable to disable prepared statements (#1293)
7 years ago
Improve streaming server with cluster (#1970)
7 years ago
Some Dockerfile improvements (#3182) - improve docker_entrypoint.sh - serve static files with puma by default - sort packages list - use virtual package for build deps - show how to assign UID/GID
7 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Add LDAP options to .env.production.sample (#6592)
6 years ago
Add ldap search filter (#8151)
6 years ago
Add LDAP options to .env.production.sample (#6592)
6 years ago
Make PAM gem optional, allow configuration over environment (#6415)
6 years ago
Update pam documentation (#6518) * document pam email extraction * remove superfluous newline
6 years ago
Make PAM gem optional, allow configuration over environment (#6415)
6 years ago
rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833)
6 years ago
Make PAM gem optional, allow configuration over environment (#6415)
6 years ago
fix logic for pam_controlled_service (#6599)
6 years ago
Make PAM gem optional, allow configuration over environment (#6415)
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Fix #6536 (#6558)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669)
6 years ago
CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales
6 years ago
New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538)
6 years ago
HTTP proxy support for outgoing request, manage access to hidden service (#7134) * Add support for HTTP client proxy * Add access control for darknet Supress error when access to darknet via transparent proxy * Fix the codes pointed out * Lint * Fix an omission + lint * any? -> include? * Change detection method to regexp to avoid test fail
6 years ago
 
  1. # Service dependencies
  2. # You may set REDIS_URL instead for more advanced options
  3. # You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers
  4. REDIS_HOST=redis
  5. REDIS_PORT=6379
  6. # You may set DATABASE_URL instead for more advanced options
  7. DB_HOST=db
  8. DB_USER=postgres
  9. DB_NAME=postgres
  10. DB_PASS=
  11. DB_PORT=5432
  12. # Optional ElasticSearch configuration
  13. # ES_ENABLED=true
  14. # ES_HOST=es
  15. # ES_PORT=9200
  16. 

  17. # Federation
  18. # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
  19. # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
  20. LOCAL_DOMAIN=example.com
  21. 

  22. # Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)
  23. 

  24. # Use this only if you need to run mastodon on a different domain than the one used for federation.
  25. # You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
  26. # DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
  27. # WEB_DOMAIN=mastodon.example.com
  28. 

  29. # Use this if you want to have several aliases handler@example1.com
  30. # handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
  31. # be added. Comma separated values
  32. # ALTERNATE_DOMAINS=example1.com,example2.com
  33. 

  34. # Application secrets
  35. # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
  36. SECRET_KEY_BASE=
  37. OTP_SECRET=
  38. 

  39. # VAPID keys (used for push notifications
  40. # You can generate the keys using the following command (first is the private key, second is the public one)
  41. # You should only generate this once per instance. If you later decide to change it, all push subscription will
  42. # be invalidated, requiring the users to access the website again to resubscribe.
  43. #
  44. # Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
  45. #
  46. # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
  47. VAPID_PRIVATE_KEY=
  48. VAPID_PUBLIC_KEY=
  49. 

  50. # Registrations
  51. # Single user mode will disable registrations and redirect frontpage to the first profile
  52. # SINGLE_USER_MODE=true
  53. # Prevent registrations with following e-mail domains
  54. # EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
  55. # Only allow registrations with the following e-mail domains
  56. # EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
  57. 

  58. # Optionally change default language
  59. # DEFAULT_LOCALE=de
  60. 

  61. # E-mail configuration
  62. # Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
  63. # If you want to use an SMTP server without authentication (e.g local Postfix relay)
  64. # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
  65. # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
  66. SMTP_SERVER=smtp.mailgun.org
  67. SMTP_PORT=587
  68. SMTP_LOGIN=
  69. SMTP_PASSWORD=
  70. SMTP_FROM_ADDRESS=notifications@example.com
  71. #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
  72. #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
  73. #SMTP_AUTH_METHOD=plain
  74. #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
  75. #SMTP_OPENSSL_VERIFY_MODE=peer
  76. #SMTP_ENABLE_STARTTLS_AUTO=true
  77. #SMTP_TLS=true
  78. 

  79. # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
  80. # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
  81. # PAPERCLIP_ROOT_URL=/system
  82. 

  83. # Optional asset host for multi-server setups
  84. # The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN
  85. # if WEB_DOMAIN is not set. For example, the server may have the
  86. # following header field:
  87. # Access-Control-Allow-Origin: https://example.com/
  88. # CDN_HOST=https://assets.example.com
  89. 

  90. # S3 (optional)
  91. # The attachment host must allow cross origin request from WEB_DOMAIN or
  92. # LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
  93. # following header field:
  94. # Access-Control-Allow-Origin: https://192.168.1.123:9000/
  95. # S3_ENABLED=true
  96. # S3_BUCKET=
  97. # AWS_ACCESS_KEY_ID=
  98. # AWS_SECRET_ACCESS_KEY=
  99. # S3_REGION=
  100. # S3_PROTOCOL=http
  101. # S3_HOSTNAME=192.168.1.123:9000
  102. 

  103. # S3 (Minio Config (optional) Please check Minio instance for details)
  104. # The attachment host must allow cross origin request - see the description
  105. # above.
  106. # S3_ENABLED=true
  107. # S3_BUCKET=
  108. # AWS_ACCESS_KEY_ID=
  109. # AWS_SECRET_ACCESS_KEY=
  110. # S3_REGION=
  111. # S3_PROTOCOL=https
  112. # S3_HOSTNAME=
  113. # S3_ENDPOINT=
  114. # S3_SIGNATURE_VERSION=
  115. 

  116. # Swift (optional)
  117. # The attachment host must allow cross origin request - see the description
  118. # above.
  119. # SWIFT_ENABLED=true
  120. # SWIFT_USERNAME=
  121. # For Keystone V3, the value for SWIFT_TENANT should be the project name
  122. # SWIFT_TENANT=
  123. # SWIFT_PASSWORD=
  124. # Some OpenStack V3 providers require PROJECT_ID (optional)
  125. # SWIFT_PROJECT_ID=
  126. # Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
  127. # issues with token rate-limiting during high load.
  128. # SWIFT_AUTH_URL=
  129. # SWIFT_CONTAINER=
  130. # SWIFT_OBJECT_URL=
  131. # SWIFT_REGION=
  132. # Defaults to 'default'
  133. # SWIFT_DOMAIN_NAME=
  134. # Defaults to 60 seconds. Set to 0 to disable
  135. # SWIFT_CACHE_TTL=
  136. 

  137. # Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
  138. # S3_CLOUDFRONT_HOST=
  139. 

  140. # Streaming API integration
  141. # STREAMING_API_BASE_URL=
  142. 

  143. # Advanced settings
  144. # If you need to use pgBouncer, you need to disable prepared statements:
  145. # PREPARED_STATEMENTS=false
  146. 

  147. # Cluster number setting for streaming API server.
  148. # If you comment out following line, cluster number will be `numOfCpuCores - 1`.
  149. STREAMING_CLUSTER_NUM=1
  150. 

  151. # Docker mastodon user
  152. # If you use Docker, you may want to assign UID/GID manually.
  153. # UID=1000
  154. # GID=1000
  155. 

  156. # LDAP authentication (optional)
  157. # LDAP_ENABLED=true
  158. # LDAP_HOST=localhost
  159. # LDAP_PORT=389
  160. # LDAP_METHOD=simple_tls
  161. # LDAP_BASE=
  162. # LDAP_BIND_DN=
  163. # LDAP_PASSWORD=
  164. # LDAP_UID=cn
  165. # LDAP_SEARCH_FILTER="%{uid}=%{email}"
  166. 

  167. # PAM authentication (optional)
  168. # PAM authentication uses for the email generation the "email" pam variable
  169. # and optional as fallback PAM_DEFAULT_SUFFIX
  170. # The pam environment variable "email" is provided by:
  171. # https://github.com/devkral/pam_email_extractor
  172. # PAM_ENABLED=true
  173. # Fallback email domain for email address generation (LOCAL_DOMAIN by default)
  174. # PAM_EMAIL_DOMAIN=example.com
  175. # Name of the pam service (pam "auth" section is evaluated)
  176. # PAM_DEFAULT_SERVICE=rpam
  177. # Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
  178. # PAM_CONTROLLED_SERVICE=rpam
  179. 

  180. # Global OAuth settings (optional) :
  181. # If you have only one strategy, you may want to enable this
  182. # OAUTH_REDIRECT_AT_SIGN_IN=true
  183. 

  184. # Optional CAS authentication (cf. omniauth-cas) :
  185. # CAS_ENABLED=true
  186. # CAS_URL=https://sso.myserver.com/
  187. # CAS_HOST=sso.myserver.com/
  188. # CAS_PORT=443
  189. # CAS_SSL=true
  190. # CAS_VALIDATE_URL=
  191. # CAS_CALLBACK_URL=
  192. # CAS_LOGOUT_URL=
  193. # CAS_LOGIN_URL=
  194. # CAS_UID_FIELD='user'
  195. # CAS_CA_PATH=
  196. # CAS_DISABLE_SSL_VERIFICATION=false
  197. # CAS_UID_KEY='user'
  198. # CAS_NAME_KEY='name'
  199. # CAS_EMAIL_KEY='email'
  200. # CAS_NICKNAME_KEY='nickname'
  201. # CAS_FIRST_NAME_KEY='firstname'
  202. # CAS_LAST_NAME_KEY='lastname'
  203. # CAS_LOCATION_KEY='location'
  204. # CAS_IMAGE_KEY='image'
  205. # CAS_PHONE_KEY='phone'
  206. 

  207. # Optional SAML authentication (cf. omniauth-saml)
  208. # SAML_ENABLED=true
  209. # SAML_ACS_URL=
  210. # SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
  211. # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
  212. # SAML_IDP_CERT=
  213. # SAML_IDP_CERT_FINGERPRINT=
  214. # SAML_NAME_IDENTIFIER_FORMAT=
  215. # SAML_CERT=
  216. # SAML_PRIVATE_KEY=
  217. # SAML_SECURITY_WANT_ASSERTION_SIGNED=true
  218. # SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
  219. # SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
  220. # SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
  221. # SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
  222. # SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
  223. # SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
  224. # SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
  225. # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
  226. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
  227. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
  228. 

  229. # Use HTTP proxy for outgoing request (optional)
  230. # http_proxy=http://gateway.local:8118
  231. # Access control for hidden service.
  232. # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true