From 6c1ec0545821d289b9b9a12b084f11fb680e6efa Mon Sep 17 00:00:00 2001 From: Michael Jerger Date: Fri, 10 Nov 2023 14:37:00 +0100 Subject: [PATCH] extract the relevant app.ini parts --- docs/unsure-where-to-put/app.ini | 776 -------------------------- docs/unsure-where-to-put/dev-notes.md | 25 + 2 files changed, 25 insertions(+), 776 deletions(-) delete mode 100644 docs/unsure-where-to-put/app.ini diff --git a/docs/unsure-where-to-put/app.ini b/docs/unsure-where-to-put/app.ini deleted file mode 100644 index b2f2521991..0000000000 --- a/docs/unsure-where-to-put/app.ini +++ /dev/null @@ -1,776 +0,0 @@ -; This file lists the default values used by Gitea -; ; Copy required sections to your own app.ini (default is custom/conf/app.ini) -; ; and modify as needed. -; ; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes. -; ; If you don't know what a setting is you should not set it. -; ; -; ; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation. -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; Default Configuration (non-`app.ini` configuration) -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; These values are environment-dependent but form the basis of a lot of values. They will be -; ; reported as part of the default configuration when running `gitea help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up. -; ; -; ; - _`AppPath`_: This is the absolute path of the running gitea binary. -; ; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy: -; ; - The "WORK_PATH" option in "app.ini" file -; ; - The `--work-path` flag passed to the binary -; ; - The environment variable `$GITEA_WORK_DIR` -; ; - A built-in value set at build time (see building from source) -; ; - Otherwise it defaults to the directory of the _`AppPath`_ -; ; - If any of the above are relative paths then they are made absolute against the directory of the _`AppPath`_ -; ; - _`CustomPath`_: This is the base directory for custom templates and other options. It is determined by using the first set thing in the following hierarchy: -; ; - The `--custom-path` flag passed to the binary -; ; - The environment variable `$GITEA_CUSTOM` -; ; - A built-in value set at build time (see building from source) -; ; - Otherwise it defaults to _`AppWorkPath`_`/custom` -; ; - If any of the above are relative paths then they are made absolute against the directory of the _`AppWorkPath`_ -; ; - _`CustomConf`_: This is the path to the `app.ini` file. -; ; - The `--config` flag passed to the binary -; ; - A built-in value set at build time (see building from source) -; ; - Otherwise it defaults to _`CustomPath`_`/conf/app.ini` -; ; - If any of the above are relative paths then they are made absolute against the directory of the _`CustomPath`_ -; ; -; ; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_ -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; General Settings -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; App name that shows in every page title -; Gitea: Git with a cup of tea -APP_NAME = Gitea: Git with a cup of tea -; ; -; ; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally -; git -RUN_USER = jem -; ; -; ; Application run mode, affects performance and debugging: "dev" or "prod", default is "prod" -; ; Mode "dev" makes Gitea easier to develop and debug, values other than "dev" are treated as "prod" which is for production use. -RUN_MODE = prod -WORK_PATH = /home/jem/repo/opensource/forgejo - -; ; -; ; The working directory, see the comment of AppWorkPath above -; WORK_PATH = -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[server] -SSH_DOMAIN = localhost -DOMAIN = localhost -HTTP_PORT = 3000 -ROOT_URL = http://localhost:3000/ -APP_DATA_PATH = /home/jem/repo/opensource/forgejo/data -DISABLE_SSH = false -SSH_PORT = 22 -LFS_START_SERVER = true -LFS_JWT_SECRET = Sj_FX-id8L9GFKum0eoEdOAD6IrcpsJ7GK2Xy-MgBCQ -OFFLINE_MODE = false - -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http' -; PROTOCOL = http -; ; -; ; Expect PROXY protocol headers on connections -; USE_PROXY_PROTOCOL = false -; ; -; ; Use PROXY protocol in TLS Bridging mode -; PROXY_PROTOCOL_TLS_BRIDGING = false -; ; -; Timeout to wait for PROXY protocol header (set to 0 to have no timeout) -; PROXY_PROTOCOL_HEADER_TIMEOUT=5s -; ; -; Accept PROXY protocol headers with UNKNOWN type -; PROXY_PROTOCOL_ACCEPT_UNKNOWN=false -; ; -; ; Set the domain for the server -; DOMAIN = localhost -; ; -; ; Overwrite the automatically generated public URL. Necessary for proxies and docker. -; ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ -; ; -; ; when STATIC_URL_PREFIX is empty it will follow ROOT_URL -; STATIC_URL_PREFIX = -; ; -; ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. -; ; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. -; ; Relative paths will be made absolute against the _`AppWorkPath`_. -; HTTP_ADDR = 0.0.0.0 -; ; -; ; The port to listen on. Leave empty when using a unix socket. -; HTTP_PORT = 3000 -; ; -; ; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server -; ; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main -; ; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for -; ; PORT_TO_REDIRECT. -; REDIRECT_OTHER_PORT = false -; PORT_TO_REDIRECT = 80 -; ; -; ; expect PROXY protocol header on connections to https redirector. -; REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s -; ; Minimum and maximum supported TLS versions -; SSL_MIN_VERSION=TLSv1.2 -; SSL_MAX_VERSION= -; ; -; ; SSL Curve Preferences -; SSL_CURVE_PREFERENCES=X25519,P256 -; ; -; ; SSL Cipher Suites -; SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first. -; ; -; ; Timeout for any write to the connection. (Set to -1 to disable all timeouts.) -; PER_WRITE_TIMEOUT = 30s -; ; -; ; Timeout per Kb written to connections. -; PER_WRITE_PER_KB_TIMEOUT = 30s -; ; -; ; Permission for unix socket -; UNIX_SOCKET_PERMISSION = 666 -; ; -; ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In -; ; most cases you do not need to change the default value. Alter it only if -; ; your SSH server node is not the same as HTTP node. For different protocol, the default -; ; values are different. If `PROTOCOL` is `http+unix`, the default value is `http://unix/`. -; ; If `PROTOCOL` is `fcgi` or `fcgi+unix`, the default value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`. -; ; If listen on `0.0.0.0`, the default value is `%(PROTOCOL)s://localhost:%(HTTP_PORT)s/`, Otherwise the default -; ; value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`. -; LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ -; ; -; ; When making local connections pass the PROXY protocol header. -; LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s -; ; -; ; Disable SSH feature when not available -; DISABLE_SSH = false -; ; -; ; Whether to use the builtin SSH server or not. -; START_SSH_SERVER = false -; ; -; ; Expect PROXY protocol header on connections to the built-in SSH server -; SSH_SERVER_USE_PROXY_PROTOCOL = false -; ; -; ; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER. -; BUILTIN_SSH_SERVER_USER = %(RUN_USER)s -; ; -; ; Domain name to be exposed in clone URL -; SSH_DOMAIN = %(DOMAIN)s -; ; -; ; SSH username displayed in clone URLs. -; SSH_USER = %(BUILTIN_SSH_SERVER_USER)s -; ; -; ; The network interface the builtin SSH server should listen on -; SSH_LISTEN_HOST = -; ; -; ; Port number to be exposed in clone URL -; SSH_PORT = 22 -; ; -; ; The port number the builtin SSH server should listen on -; SSH_LISTEN_PORT = %(SSH_PORT)s -; ; -; ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. -; SSH_ROOT_PATH = -; ; -; ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server -; ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. -; SSH_CREATE_AUTHORIZED_KEYS_FILE = true -; ; -; ; Gitea will create a authorized_principals file by default when it is not using the internal ssh server -; ; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off. -; SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true -; ; -; ; For the built-in SSH server, choose the ciphers to support for SSH connections, -; ; for system SSH this setting has no effect -; SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com -; ; -; ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, -; ; for system SSH this setting has no effect -; SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 -; ; -; ; For the built-in SSH server, choose the MACs to support for SSH connections, -; ; for system SSH this setting has no effect -; SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1 -; ; -; ; For the built-in SSH server, choose the keypair to offer as the host key -; ; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub -; ; relative paths are made absolute relative to the %(APP_DATA_PATH)s -; SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa -; ; -; ; Directory to create temporary files in when testing public keys using ssh-keygen, -; ; default is the system temporary directory. -; SSH_KEY_TEST_PATH = -; ; -; ; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself. -; SSH_KEYGEN_PATH = -; ; -; ; Enable SSH Authorized Key Backup when rewriting all keys, default is false -; SSH_AUTHORIZED_KEYS_BACKUP = false -; ; -; ; Determines which principals to allow -; ; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username. -; ; - off: Do not allow authorized principals -; ; - email: the principal must match the user's email -; ; - username: the principal must match the user's username -; ; - anything: there will be no checking on the content of the principal -; SSH_AUTHORIZED_PRINCIPALS_ALLOW = email, username -; ; -; ; Enable SSH Authorized Principals Backup when rewriting all keys, default is true -; SSH_AUTHORIZED_PRINCIPALS_BACKUP = true -; ; -; ; Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. -; ; Multiple keys should be comma separated. -; ; E.g."ssh- ". or "ssh- , ssh- ". -; ; For more information see "TrustedUserCAKeys" in the sshd config manpages. -; SSH_TRUSTED_USER_CA_KEYS = -; ; Absolute path of the `TrustedUserCaKeys` file gitea will manage. -; ; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem -; ; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your -; ; sshd_config to point to this file. The official docker image will automatically work without further configuration. -; SSH_TRUSTED_USER_CA_KEYS_FILENAME = -; ; -; ; Enable exposure of SSH clone URL to anonymous visitors, default is false -; SSH_EXPOSE_ANONYMOUS = false -; ; -; ; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.) -; ; Will default to the PER_WRITE_TIMEOUT. -; SSH_PER_WRITE_TIMEOUT = 30s -; ; -; ; Timeout per Kb written to ssh connections. -; ; Will default to the PER_WRITE_PER_KB_TIMEOUT. -; SSH_PER_WRITE_PER_KB_TIMEOUT = 30s -; ; -; ; Indicate whether to check minimum key size with corresponding type -; MINIMUM_KEY_SIZE_CHECK = false -; ; -; ; Disable CDN even in "prod" mode -; OFFLINE_MODE = false -; ; -; ; TLS Settings: Either ACME or manual -; ; (Other common TLS configuration are found before) -; ENABLE_ACME = false -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; ACME automatic TLS settings -; ; -; ; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory) -; ; Leave empty to default to LetsEncrypt's (production) URL -; ACME_URL = -; ; -; ; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment. -; ACME_ACCEPTTOS = false -; ; -; ; If the ACME CA is not in your system's CA trust chain, it can be manually added here -; ACME_CA_ROOT = -; ; -; ; Email used for the ACME registration service -; ; Can be left blank to initialize at first run and use the cached value -; ACME_EMAIL = -; ; -; ; ACME live directory (not to be confused with ACME directory URL: ACME_URL) -; ; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic) -; ACME_DIRECTORY = https -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Manual TLS settings: (Only applicable if ENABLE_ACME=false) -; ; -; ; Generate steps: -; ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com -; ; -; ; Or from a .pfx file exported from the Windows certificate store (do -; ; not forget to export the private key): -; ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys -; ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes -; ; Paths are relative to CUSTOM_PATH -; CERT_FILE = https/cert.pem -; KEY_FILE = https/key.pem -; ; -; ; Root directory containing templates and static files. -; ; default is the path where Gitea is executed -; STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_ -; ; -; ; Default path for App data -; APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_ -; ; -; ; Enable gzip compression for runtime-generated content, static resources excluded -; ENABLE_GZIP = false -; ; -; ; Application profiling (memory and cpu) -; ; For "web" command it listens on localhost:6060 -; ; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)__ -; ENABLE_PPROF = false -; ; -; ; PPROF_DATA_PATH, use an absolute path when you start gitea as service -; PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_ -; ; -; ; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com" -; ; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in. -; LANDING_PAGE = home -; ; -; ; Enables git-lfs support. true or false, default is false. -; LFS_START_SERVER = false -; ; -; ; -; ; LFS authentication secret, change this yourself -; LFS_JWT_SECRET = -; ; -; ; Alternative location to specify LFS authentication secret. You cannot specify both this and LFS_JWT_SECRET, and must pick one -; LFS_JWT_SECRET_URI = file:/etc/gitea/lfs_jwt_secret -; ; -; ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. -; LFS_HTTP_AUTH_EXPIRY = 24h -; ; -; ; Maximum allowed LFS file size in bytes (Set to 0 for no limit). -; LFS_MAX_FILE_SIZE = 0 -; ; -; ; Maximum number of locks returned per page -; LFS_LOCKS_PAGING_NUM = 50 -; ; -; ; Allow graceful restarts using SIGHUP to fork -; ALLOW_GRACEFUL_RESTARTS = true -; ; -; ; After a restart the parent will finish ongoing requests before -; ; shutting down. Force shutdown if this process takes longer than this delay. -; ; set to a negative value to disable -; GRACEFUL_HAMMER_TIME = 60s -; ; -; ; Allows the setting of a startup timeout and waithint for Windows as SVC service -; ; 0 disables this. -; STARTUP_TIMEOUT = 0 -; ; -; ; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time. Note that this cache is disabled when RUN_MODE is "dev". Default is 6h -; STATIC_CACHE_TIME = 6h -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[database] -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3". -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; MySQL Configuration -; ; -; DB_TYPE = mysql -; HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock -; NAME = gitea -; USER = root -; PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password. -; SSL_MODE = false ; either "false" (default), "true", or "skip-verify" -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Postgres Configuration -; ; -; DB_TYPE = postgres -; HOST = 127.0.0.1:5432 ; can use socket e.g. /var/run/postgresql/ -; NAME = gitea -; USER = root -; PASSWD = -; SCHEMA = -; SSL_MODE=disable ;either "disable" (default), "require", or "verify-full" -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; SQLite Configuration -; ; -DB_TYPE = sqlite3 -; defaults to data/gitea.db -PATH = /home/jem/repo/opensource/forgejo/data/gitea.db -; Query timeout defaults to: 500 -SQLITE_TIMEOUT = -; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode -SQLITE_JOURNAL_MODE = -HOST = -NAME = -USER = -PASSWD = -SCHEMA = -SSL_MODE = disable -LOG_SQL = false - -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; MSSQL Configuration -; ; -; DB_TYPE = mssql -; HOST = 172.17.0.2:1433 -; NAME = gitea -; USER = SA -; PASSWD = MwantsaSecurePassword1 -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Other settings -; ; -; ; For iterate buffer, default is 50 -; ITERATE_BUFFER_SIZE = 50 -; ; -; ; Show the database generated SQL -; LOG_SQL = false -; ; -; ; Maximum number of DB Connect retries -; DB_RETRIES = 10 -; ; -; ; Backoff time per DB retry (time.Duration) -; DB_RETRY_BACKOFF = 3s -; ; -; ; Max idle database connections on connection pool, default is 2 -; MAX_IDLE_CONNS = 2 -; ; -; ; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning) -; CONN_MAX_LIFETIME = 3s -; ; -; ; Database maximum number of open connections, default is 0 meaning no maximum -; MAX_OPEN_CONNS = 0 -; ; -; ; Whether execute database models migrations automatically -; AUTO_MIGRATION = true -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[security] -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Whether the installer is disabled (set to true to disable the installer) -INSTALL_LOCK = true -; ; -; ; Global secret key that will be used -; ; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. -SECRET_KEY = -; ; -; ; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one -; ; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. -; SECRET_KEY_URI = file:/etc/gitea/secret_key -; ; -; ; Secret used to validate communication within Gitea binary. -INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2OTc4MDk0MjJ9.Ef9BkcyWrYTXqPmKyMnJCXrSZeadPeD6Tb8Fc4VnwTA -PASSWORD_HASH_ALGO = pbkdf2_hi - -; ; -; ; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one -; INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token -; ; -; ; How long to remember that a user is logged in before requiring relogin (in days) -; LOGIN_REMEMBER_DAYS = 7 -; ; -; ; Name of the cookie used to store the current username. -; COOKIE_USERNAME = gitea_awesome -; ; -; ; Name of cookie used to store authentication information. -; COOKIE_REMEMBER_NAME = gitea_incredible -; ; -; ; Reverse proxy authentication header name of user name, email, and full name -; REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER -; REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL -; REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME -; ; -; ; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request -; REVERSE_PROXY_LIMIT = 1 -; ; -; ; List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all. -; REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 -; ; -; ; The minimum password length for new Users -; MIN_PASSWORD_LENGTH = 8 -; ; -; ; Set to true to allow users to import local server paths -; IMPORT_LOCAL_PATHS = false -; ; -; ; Set to false to allow users with git hook privileges to create custom git hooks. -; ; Custom git hooks can be used to perform arbitrary code execution on the host operating system. -; ; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service. -; ; By modifying the Gitea database, users can gain Gitea administrator privileges. -; ; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user. -; ; WARNING: This maybe harmful to you website or your operating system. -; ; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary. -; DISABLE_GIT_HOOKS = true -; ; -; ; Set to true to disable webhooks feature. -; DISABLE_WEBHOOKS = false -; ; -; ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED -; ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true -; ; -; ;Comma separated list of character classes required to pass minimum complexity. -; ;If left empty or no valid values are specified, the default is off (no checking) -; ;Classes include "lower,upper,digit,spec" -; PASSWORD_COMPLEXITY = off -; ; -; ; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt" -; PASSWORD_HASH_ALGO = pbkdf2_hi -; ; -; ; Set false to allow JavaScript to read CSRF cookie -; CSRF_COOKIE_HTTP_ONLY = true -; ; -; ; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed -; PASSWORD_CHECK_PWN = false -; ; -; ; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. -; ; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security. -; SUCCESSFUL_TOKENS_CACHE_SIZE = 20 -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[camo] - -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; At the moment we only support images -; ; -; ; if the camo is enabled -; ENABLED = false -; ; url to a camo image proxy, it **is required** if camo is enabled. -; SERVER_URL = -; ; HMAC to encode urls with, it **is required** if camo is enabled. -; HMAC_KEY = -; ; Set to true to use camo for https too lese only non https urls are proxyed -; ALLWAYS = false -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[oauth2] -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Enables OAuth2 provider -ENABLE = true -JWT_SECRET = MJABwVgu85tTqvD6Cf-XNCotzc1ZhDmJrUPUgHQbPfw - -; ; -; ; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA -; JWT_SIGNING_ALGORITHM = RS256 -; ; -; ; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH. -; ; This setting is only needed if JWT_SIGNING_ALGORITHM is set to RS256, RS384, RS512, ES256, ES384 or ES512. -; ; The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you. -; JWT_SIGNING_PRIVATE_KEY_FILE = jwt/private.pem -; ; -; ; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate -; ; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512. -; JWT_SECRET = -; ; -; ; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one -; JWT_SECRET_URI = file:/etc/gitea/oauth2_jwt_secret -; ; -; ; Lifetime of an OAuth2 access token in seconds -; ACCESS_TOKEN_EXPIRATION_TIME = 3600 -; ; -; ; Lifetime of an OAuth2 refresh token in hours -; REFRESH_TOKEN_EXPIRATION_TIME = 730 -; ; -; ; Check if refresh token got already used -; INVALIDATE_REFRESH_TOKENS = false -; ; -; ; Maximum length of oauth2 token/cookie stored on server -; MAX_TOKEN_LENGTH = 32767 -; ; -; ; Pre-register OAuth2 applications for some universally useful services -; ; * https://github.com/hickford/git-credential-oauth -; ; * https://github.com/git-ecosystem/git-credential-manager -; ; * https://gitea.com/gitea/tea -; DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager, tea -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[log] -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log -; ROOT_PATH = -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; Main Logger -; ; -; ; Either "console", "file" or "conn", default is "console" -; ; Use comma to separate multiple modes, e.g. "console, file" -MODE = console -; ; -; ; Either "Trace", "Debug", "Info", "Warn", "Error" or "None", default is "Info" -LEVEL = info -ROOT_PATH = /home/jem/repo/opensource/forgejo/log - -; ; -; ; Print Stacktrace with logs (rarely helpful, do not set) Either "Trace", "Debug", "Info", "Warn", "Error", default is "None" -; STACKTRACE_LEVEL = None -; ; -; ; Buffer length of the channel, keep it as it is if you don't know what it is. -; BUFFER_LEN = 10000 -; ; -; ; Sub logger modes, a single comma means use default MODE above, empty means disable it -; logger.access.MODE= -; logger.router.MODE=, -; logger.xorm.MODE=, -; ; -; ; Collect SSH logs (Creates log from ssh git request) -; ; -; ENABLE_SSH_LOG = false -; ; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Access Logger (Creates log in NCSA common log format) -; ; -; ; Print request id which parsed from request headers in access log, when access log is enabled. -; ; * E.g: -; ; * In request Header: X-Request-ID: test-id-123 -; ; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID -; ; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "test-id-123" -; ; -; ; If you configure more than one in the .ini file, it will match in the order of configuration, -; ; and the first match will be finally printed in the log. -; ; * E.g: -; ; * In request Header: X-Trace-ID: trace-id-1q2w3e4r -; ; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID, X-Trace-ID, X-Req-ID -; ; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "trace-id-1q2w3e4r" -; ; -; REQUEST_ID_HEADERS = -; ; -; ; Sets the template used to create the access log. -; ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}" -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; Log modes (aka log writers) -; ; -; [log.%(WriterMode)] -; MODE=console/file/conn/... -; LEVEL= -; FLAGS = stdflags -; EXPRESSION = -; PREFIX = -; COLORIZE = false -; ; -; [log.console] -; STDERR = false -; ; -; [log.file] -; ; Set the file_name for the logger. If this is a relative path this will be relative to ROOT_PATH -; FILE_NAME = -; ; This enables automated log rotate(switch of following options), default is true -; LOG_ROTATE = true -; ; Max size shift of a single file, default is 28 means 1 << 28, 256MB -; MAX_SIZE_SHIFT = 28 -; ; Segment log daily, default is true -; DAILY_ROTATE = true -; ; delete the log file after n days, default is 7 -; MAX_DAYS = 7 -; ; compress logs with gzip -; COMPRESS = true -; ; compression level see godoc for compress/gzip -; COMPRESSION_LEVEL = -1 -; ; -; [log.conn] -; ; Reconnect host for every single message, default is false -; RECONNECT_ON_MSG = false -; ; Try to reconnect when connection is lost, default is false -; RECONNECT = false -; ; Either "tcp", "unix" or "udp", default is "tcp" -; PROTOCOL = tcp -; ; Host address -; ADDR = -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[git] - -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; -; ; The path of git executable. If empty, Gitea searches through the PATH environment. -; PATH = -; ; -; ; The HOME directory for Git -; HOME_PATH = %(APP_DATA_PATH)s/home -; ; -; ; Disables highlight of added and removed changes -; DISABLE_DIFF_HIGHLIGHT = false -; ; -; ; Max number of lines allowed in a single file in diff view -; MAX_GIT_DIFF_LINES = 1000 -; ; -; ; Max number of allowed characters in a line in diff view -; MAX_GIT_DIFF_LINE_CHARACTERS = 5000 -; ; -; ; Max number of files shown in diff view -; MAX_GIT_DIFF_FILES = 100 -; ; -; ; Set the default commits range size -; COMMITS_RANGE_SIZE = 50 -; ; -; ; Set the default branches range size -; BRANCHES_RANGE_SIZE = 20 -; ; -; ; Arguments for command 'git gc', e.g. "--aggressive --auto" -; ; see more on http://git-scm.com/docs/git-gc/ -; GC_ARGS = -; ; -; ; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 -; ; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file. -; ENABLE_AUTO_GIT_WIRE_PROTOCOL = true -; ; -; ; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled) -; PULL_REQUEST_PUSH_MESSAGE = true -; ; -; ; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.) -; LARGE_OBJECT_THRESHOLD = 1048576 -; ; Set to true to forcibly set core.protectNTFS=false -; DISABLE_CORE_PROTECT_NTFS=false -; ; Disable the usage of using partial clones for git. -; DISABLE_PARTIAL_CLONE = false -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; Git Operation timeout in seconds -; [git.timeout] -; DEFAULT = 360 -; MIGRATE = 600 -; MIRROR = 300 -; CLONE = 300 -; PULL = 300 -; GC = 60 -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ; Git config options -; ; This section only does "set" config, a removed config key from this section won't be removed from git config automatically. The format is `some.configKey = value`. -; [git.config] -; diff.algorithm = histogram -; core.logAllRefUpdates = true -; gc.reflogExpire = 90 -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -[service] -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false -DISABLE_REGISTRATION = false -ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false -REQUIRE_SIGNIN_VIEW = false -DEFAULT_KEEP_EMAIL_PRIVATE = false -DEFAULT_ALLOW_CREATE_ORGANIZATION = true -DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.localhost - -[repository] -ROOT = /home/jem/repo/opensource/forgejo/data/gitea-repositories - -[lfs] -PATH = /home/jem/repo/opensource/forgejo/data/lfs - -[mailer] -ENABLED = false - -[openid] -ENABLE_OPENID_SIGNIN = true -ENABLE_OPENID_SIGNUP = true - -[cron.update_checker] -ENABLED = false - -[session] -PROVIDER = file - -[repository.pull-request] -DEFAULT_MERGE_STYLE = merge - -[repository.signing] -DEFAULT_TRUST_MODEL = committer - -[federation] -ENABLED = true diff --git a/docs/unsure-where-to-put/dev-notes.md b/docs/unsure-where-to-put/dev-notes.md index 4ea7e7023b..c7006fa505 100644 --- a/docs/unsure-where-to-put/dev-notes.md +++ b/docs/unsure-where-to-put/dev-notes.md @@ -3,6 +3,31 @@ copy the app.ini in this folder in custom/conf in the forgejo root directory. Then change the paths in app.ini accordingly to you local environment. +``` +; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; ; +; ; SQLite Configuration +; ; +DB_TYPE = sqlite3 +; defaults to data/gitea.db +PATH = /home/jem/repo/opensource/forgejo/data/gitea.db +; Query timeout defaults to: 500 +SQLITE_TIMEOUT = +; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode +SQLITE_JOURNAL_MODE = +HOST = +NAME = +USER = +PASSWD = +SCHEMA = +SSL_MODE = disable +LOG_SQL = false + + +[federation] +ENABLED = true +``` + # build ```