abunchtell
/
mastodon
1
0
Fork 0
Code Issues 0 Activity
The code powering m.abunchtell.com https://m.abunchtell.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8150 Commits
1 Branch
94 MiB
 
 
 
 
Tree: 5605b828e5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5605b828e5'
${ noResults }
mastodon/.env.production.sample

249 lines
8.9 KiB
Raw Blame History 

  1. # Service dependencies

  2. # You may set REDIS_URL instead for more advanced options

  3. # You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers

  4. REDIS_HOST=redis

  5. REDIS_PORT=6379

  6. # You may set DATABASE_URL instead for more advanced options

  7. DB_HOST=db

  8. DB_USER=postgres

  9. DB_NAME=postgres

  10. DB_PASS=

  11. DB_PORT=5432

  12. # Optional ElasticSearch configuration

  13. # You may also set ES_PREFIX to share the same cluster between multiple Mastodon servers (falls back to REDIS_NAMESPACE if not set)

  14. # ES_ENABLED=true

  15. # ES_HOST=es

  16. # ES_PORT=9200

  17. 

  18. # Federation

  19. # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.

  20. # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.

  21. LOCAL_DOMAIN=example.com

  22. 

  23. # Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)

  24. 

  25. # Use this only if you need to run mastodon on a different domain than the one used for federation.

  26. # You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md

  27. # DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.

  28. # WEB_DOMAIN=mastodon.example.com

  29. 

  30. # Use this if you want to have several aliases handler@example1.com

  31. # handler@example2.com etc. for the same user. LOCAL_DOMAIN should not

  32. # be added. Comma separated values

  33. # ALTERNATE_DOMAINS=example1.com,example2.com

  34. 

  35. # Application secrets

  36. # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)

  37. SECRET_KEY_BASE=

  38. OTP_SECRET=

  39. 

  40. # VAPID keys (used for push notifications

  41. # You can generate the keys using the following command (first is the private key, second is the public one)

  42. # You should only generate this once per instance. If you later decide to change it, all push subscription will

  43. # be invalidated, requiring the users to access the website again to resubscribe.

  44. #

  45. # Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)

  46. #

  47. # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html

  48. VAPID_PRIVATE_KEY=

  49. VAPID_PUBLIC_KEY=

  50. 

  51. # Registrations

  52. # Single user mode will disable registrations and redirect frontpage to the first profile

  53. # SINGLE_USER_MODE=true

  54. # Prevent registrations with following e-mail domains

  55. # EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc

  56. # Only allow registrations with the following e-mail domains

  57. # EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc

  58. 

  59. # Optionally change default language

  60. # DEFAULT_LOCALE=de

  61. 

  62. # E-mail configuration

  63. # Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers

  64. # If you want to use an SMTP server without authentication (e.g local Postfix relay)

  65. # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and

  66. # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).

  67. SMTP_SERVER=smtp.mailgun.org

  68. SMTP_PORT=587

  69. SMTP_LOGIN=

  70. SMTP_PASSWORD=

  71. SMTP_FROM_ADDRESS=notifications@example.com

  72. #SMTP_REPLY_TO=

  73. #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN

  74. #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail

  75. #SMTP_AUTH_METHOD=plain

  76. #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt

  77. #SMTP_OPENSSL_VERIFY_MODE=peer

  78. #SMTP_ENABLE_STARTTLS_AUTO=true

  79. #SMTP_TLS=true

  80. 

  81. # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.

  82. # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system

  83. # PAPERCLIP_ROOT_URL=/system

  84. 

  85. # Optional asset host for multi-server setups

  86. # The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN

  87. # if WEB_DOMAIN is not set. For example, the server may have the

  88. # following header field:

  89. # Access-Control-Allow-Origin: https://example.com/

  90. # CDN_HOST=https://assets.example.com

  91. 

  92. # S3 (optional)

  93. # The attachment host must allow cross origin request from WEB_DOMAIN or

  94. # LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the

  95. # following header field:

  96. # Access-Control-Allow-Origin: https://192.168.1.123:9000/

  97. # S3_ENABLED=true

  98. # S3_BUCKET=

  99. # AWS_ACCESS_KEY_ID=

  100. # AWS_SECRET_ACCESS_KEY=

  101. # S3_REGION=

  102. # S3_PROTOCOL=http

  103. # S3_HOSTNAME=192.168.1.123:9000

  104. 

  105. # S3 (Minio Config (optional) Please check Minio instance for details)

  106. # The attachment host must allow cross origin request - see the description

  107. # above.

  108. # S3_ENABLED=true

  109. # S3_BUCKET=

  110. # AWS_ACCESS_KEY_ID=

  111. # AWS_SECRET_ACCESS_KEY=

  112. # S3_REGION=

  113. # S3_PROTOCOL=https

  114. # S3_HOSTNAME=

  115. # S3_ENDPOINT=

  116. # S3_SIGNATURE_VERSION=

  117. 

  118. # Google Cloud Storage (optional)

  119. # Use S3 compatible API. Since GCS does not support Multipart Upload,

  120. # increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.

  121. # The attachment host must allow cross origin request - see the description

  122. # above.

  123. # S3_ENABLED=true

  124. # AWS_ACCESS_KEY_ID=

  125. # AWS_SECRET_ACCESS_KEY=

  126. # S3_REGION=

  127. # S3_PROTOCOL=https

  128. # S3_HOSTNAME=storage.googleapis.com

  129. # S3_ENDPOINT=https://storage.googleapis.com

  130. # S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes

  131. 

  132. # Swift (optional)

  133. # The attachment host must allow cross origin request - see the description

  134. # above.

  135. # SWIFT_ENABLED=true

  136. # SWIFT_USERNAME=

  137. # For Keystone V3, the value for SWIFT_TENANT should be the project name

  138. # SWIFT_TENANT=

  139. # SWIFT_PASSWORD=

  140. # Some OpenStack V3 providers require PROJECT_ID (optional)

  141. # SWIFT_PROJECT_ID=

  142. # Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid

  143. # issues with token rate-limiting during high load.

  144. # SWIFT_AUTH_URL=

  145. # SWIFT_CONTAINER=

  146. # SWIFT_OBJECT_URL=

  147. # SWIFT_REGION=

  148. # Defaults to 'default'

  149. # SWIFT_DOMAIN_NAME=

  150. # Defaults to 60 seconds. Set to 0 to disable

  151. # SWIFT_CACHE_TTL=

  152. 

  153. # Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)

  154. # S3_ALIAS_HOST=

  155. 

  156. # Streaming API integration

  157. # STREAMING_API_BASE_URL=

  158. 

  159. # Advanced settings

  160. # If you need to use pgBouncer, you need to disable prepared statements:

  161. # PREPARED_STATEMENTS=false

  162. 

  163. # Cluster number setting for streaming API server.

  164. # If you comment out following line, cluster number will be `numOfCpuCores - 1`.

  165. STREAMING_CLUSTER_NUM=1

  166. 

  167. # Docker mastodon user

  168. # If you use Docker, you may want to assign UID/GID manually.

  169. # UID=1000

  170. # GID=1000

  171. 

  172. # LDAP authentication (optional)

  173. # LDAP_ENABLED=true

  174. # LDAP_HOST=localhost

  175. # LDAP_PORT=389

  176. # LDAP_METHOD=simple_tls

  177. # LDAP_BASE=

  178. # LDAP_BIND_DN=

  179. # LDAP_PASSWORD=

  180. # LDAP_UID=cn

  181. # LDAP_SEARCH_FILTER=%{uid}=%{email}

  182. 

  183. # PAM authentication (optional)

  184. # PAM authentication uses for the email generation the "email" pam variable

  185. # and optional as fallback PAM_DEFAULT_SUFFIX

  186. # The pam environment variable "email" is provided by:

  187. # https://github.com/devkral/pam_email_extractor

  188. # PAM_ENABLED=true

  189. # Fallback email domain for email address generation (LOCAL_DOMAIN by default)

  190. # PAM_EMAIL_DOMAIN=example.com

  191. # Name of the pam service (pam "auth" section is evaluated)

  192. # PAM_DEFAULT_SERVICE=rpam

  193. # Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)

  194. # PAM_CONTROLLED_SERVICE=rpam

  195. 

  196. # Global OAuth settings (optional) :

  197. # If you have only one strategy, you may want to enable this

  198. # OAUTH_REDIRECT_AT_SIGN_IN=true

  199. 

  200. # Optional CAS authentication (cf. omniauth-cas) :

  201. # CAS_ENABLED=true

  202. # CAS_URL=https://sso.myserver.com/

  203. # CAS_HOST=sso.myserver.com/

  204. # CAS_PORT=443

  205. # CAS_SSL=true

  206. # CAS_VALIDATE_URL=

  207. # CAS_CALLBACK_URL=

  208. # CAS_LOGOUT_URL=

  209. # CAS_LOGIN_URL=

  210. # CAS_UID_FIELD='user'

  211. # CAS_CA_PATH=

  212. # CAS_DISABLE_SSL_VERIFICATION=false

  213. # CAS_UID_KEY='user'

  214. # CAS_NAME_KEY='name'

  215. # CAS_EMAIL_KEY='email'

  216. # CAS_NICKNAME_KEY='nickname'

  217. # CAS_FIRST_NAME_KEY='firstname'

  218. # CAS_LAST_NAME_KEY='lastname'

  219. # CAS_LOCATION_KEY='location'

  220. # CAS_IMAGE_KEY='image'

  221. # CAS_PHONE_KEY='phone'

  222. 

  223. # Optional SAML authentication (cf. omniauth-saml)

  224. # SAML_ENABLED=true

  225. # SAML_ACS_URL=

  226. # SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback

  227. # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO

  228. # SAML_IDP_CERT=

  229. # SAML_IDP_CERT_FINGERPRINT=

  230. # SAML_NAME_IDENTIFIER_FORMAT=

  231. # SAML_CERT=

  232. # SAML_PRIVATE_KEY=

  233. # SAML_SECURITY_WANT_ASSERTION_SIGNED=true

  234. # SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true

  235. # SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true

  236. # SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"

  237. # SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"

  238. # SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"

  239. # SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"

  240. # SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"

  241. # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"

  242. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=

  243. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=

  244. 

  245. # Use HTTP proxy for outgoing request (optional)

  246. # http_proxy=http://gateway.local:8118

  247. # Access control for hidden service.

  248. # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true