-
Notifications
You must be signed in to change notification settings - Fork 30
Expand file tree
/
Copy path.env.example_docker
More file actions
220 lines (199 loc) · 8.76 KB
/
.env.example_docker
File metadata and controls
220 lines (199 loc) · 8.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# In all environments, the following files are loaded if they exist,
# the latter taking precedence over the former:
#
# * .env contains default values for the environment variables needed by the app
# * .env.local uncommitted file with local overrides
# * .env.$APP_ENV committed environment-specific defaults
# * .env.$APP_ENV.local uncommitted environment-specific overrides
#
# Real environment variables win over .env files.
#
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
#
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
# Docker specific variables
MBIN_USER=1000:1000
# Possible values: debug, info, notice, warning, error, critical, alert, emergency
PHP_LOG_LEVEL=error
# Mbin variables
SERVER_NAME="mbin.domain.tld, php:80"
KBIN_DOMAIN=mbin.domain.tld
KBIN_TITLE=Mbin
KBIN_DEFAULT_LANG=en
KBIN_FEDERATION_ENABLED=true
KBIN_CONTACT_EMAIL=contact@mbin.domain.tld
KBIN_SENDER_EMAIL=noreply@mbin.domain.tld
KBIN_JS_ENABLED=true
KBIN_REGISTRATIONS_ENABLED=true
KBIN_API_ITEMS_PER_PAGE=25
KBIN_STORAGE_URL=https://mbin.domain.tld/media
KBIN_META_TITLE="Mbin"
KBIN_META_DESCRIPTION="content aggregator, content voting, discussion and micro-blogging platform on the fediverse"
KBIN_META_KEYWORDS="mbin, content aggregator, open source, fediverse"
KBIN_HEADER_LOGO=false
KBIN_FEDERATION_PAGE_ENABLED=true
MBIN_DEFAULT_THEME=default
# Set the max image file size (in bytes)
# This should be set to <= `upload_max_filesize` and `post_max_size` in the server's php.ini file
MBIN_MAX_IMAGE_BYTES=6000000
# Image compression quality, set to -1 to disable. A value between 0.1 and 0.95 should be used
MBIN_IMAGE_COMPRESSION_QUALITY=0.9
# Change the down vote behaviour. Possible values are:
# 'enabled' => default mode downvotes are enabled
# 'hidden' => downvotes are counted and users can downvote, but the number is hidden
# 'disabled' => downvotes are ignored and the downvote button is hidden. They also do not count in the sorting
MBIN_DOWNVOTES_MODE=enabled
# Only let admins generated oauth clients
KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false
# Manually approve every new user
MBIN_NEW_USERS_NEED_APPROVAL=false
# Use an allowlist instead of a ban list
MBIN_USE_FEDERATION_ALLOW_LIST=false
# Show only local users in the active users section
MBIN_SIDEBAR_SECTIONS_RANDOM_LOCAL_ONLY=false
# Show only local users in the active users section
MBIN_SIDEBAR_SECTIONS_USERS_LOCAL_ONLY=false
# Captcha (also enable in admin panel/settings)
KBIN_CAPTCHA_ENABLED=false
### mbin-monitoring: enabling monitoring can give great insights into performance bottlenecks,
### however it is only useful for advanced users.
### Enabling the persistance of queries, twig or curl requests can lead to a significant size increase of the DB.
# Whether requests and messages should be monitored for performance. If enabled this could impact performance.
# If this is set to false the other monitoring settings do not matter.
MBIN_MONITORING_ENABLED=false
# Whether to monitor query execution, defaults to true
MBIN_MONITORING_QUERIES_ENABLED=true
# Whether the monitored queries are persisted to the database. If this is disabled only the total query time will be persisted.
MBIN_MONITORING_QUERY_PERSISTING_ENABLED=false
# Whether the parameter of database queries should be saved. If enabled the spaces used might increase a lot.
MBIN_MONITORING_QUERY_PARAMETERS_ENABLED=false
# Whether to monitor twig rendering, defaults to true
MBIN_MONITORING_TWIG_RENDERS_ENABLED=true
# Whether to persist the monitored twig renders. If this is disabled only the total rendering time will be persisted.
MBIN_MONITORING_TWIG_RENDER_PERSISTING_ENABLED=false
# Whether to monitor curl requests, defaults to true
MBIN_MONITORING_CURL_REQUESTS_ENABLED=true
# Whether to persist the monitored curl requests. If this is disabled only total request time will be persisted.
MBIN_MONITORING_CURL_REQUEST_PERSISTING_ENABLED=false
###> meteo-concept/hcaptcha-bundle ###
HCAPTCHA_SITE_KEY=
HCAPTCHA_SECRET=
###< meteo-concept/hcaptcha-bundle ###
# If you are running Mbin behind a reverse proxy, uncomment the line below and adjust the proxy address/range below
# to your server's IP address if it does not already fall within the private IP spaces specified.
#TRUSTED_PROXIES=::1,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
TRUSTED_PROXIES=
# Valkey
VALKEY_PASSWORD=!ChangeThisValkeyPass!
REDIS_DNS=redis://${VALKEY_PASSWORD}@valkey:6379
# S3 storage (optional)
S3_KEY=
S3_SECRET=
S3_BUCKET=
S3_REGION=
S3_ENDPOINT=
S3_VERSION=
# Only let admins generate oauth clients
KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false
# Manually approve every new user
MBIN_NEW_USERS_NEED_APPROVAL=false
# use an allowlist instead of a ban list
MBIN_USE_FEDERATION_ALLOW_LIST=false
# oAuth (optional)
OAUTH_AZURE_ID=
OAUTH_AZURE_SECRET=
# If you want people from an enterprise to connect your instance, set the tenant id here.
# If you want people from anywhere to connect with either their personnal or professionnal microsoft account, use "common"
OAUTH_AZURE_TENANT=
OAUTH_FACEBOOK_ID=
OAUTH_FACEBOOK_SECRET=
OAUTH_GOOGLE_ID=
OAUTH_GOOGLE_SECRET=
OAUTH_DISCORD_ID=
OAUTH_DISCORD_SECRET=
OAUTH_GITHUB_ID=
OAUTH_GITHUB_SECRET=
OAUTH_PRIVACYPORTAL_ID=
OAUTH_PRIVACYPORTAL_SECRET=
OAUTH_KEYCLOAK_ID=
OAUTH_KEYCLOAK_SECRET=
OAUTH_KEYCLOAK_URI=
OAUTH_KEYCLOAK_REALM=
OAUTH_KEYCLOAK_VERSION=
OAUTH_SIMPLELOGIN_ID=
OAUTH_SIMPLELOGIN_SECRET=
OAUTH_ZITADEL_ID=
OAUTH_ZITADEL_SECRET=
OAUTH_ZITADEL_BASE_URL=
OAUTH_AUTHENTIK_ID=
OAUTH_AUTHENTIK_SECRET=
OAUTH_AUTHENTIK_BASE_URL=
# If true, sign ins and sign ups will only be possible through the OAuth providers configured above
SSO_ONLY_MODE=
# image exif cleaning options
# available value: none, sanitize, scrub
# can be set differently for user uploaded and external media
EXIF_CLEAN_MODE_UPLOADED=sanitize
EXIF_CLEAN_MODE_EXTERNAL=none
# path to exiftool binary, leave blank for auto PATH search
EXIF_EXIFTOOL_PATH=
# max execution time for exiftool in seconds, defaults to 10 seconds
EXIF_EXIFTOOL_TIMEOUT=10
###> symfony/framework-bundle ###
APP_SECRET=!ChangeSecret!
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
POSTGRES_DB=mbin
POSTGRES_USER=mbin
POSTGRES_PASSWORD=!ChangeThisPostgresPass!
# IMPORTANT: You MUST configure your PostgreSQL server version!
POSTGRES_VERSION=17
DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?serverVersion=${POSTGRES_VERSION}&charset=utf8"
###< doctrine/doctrine-bundle ###
###> symfony/messenger ###
RABBITMQ_DEFAULT_USER=mbin
RABBITMQ_DEFAULT_PASS=!ChangeThisRabbitPass!
MESSENGER_TRANSPORT_DSN=amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@amqproxy:5673/%2f/messages
###< symfony/messenger ###
###> symfony/mailer ###
# See https://symfony.com/doc/current/mailer.html#using-built-in-transports
# MAILER_DSN=sendmail://default # Use sendmail when you are using Postfix
MAILER_DSN=smtp://mailserver # Use a SMTP Docker service called 'mailserver'
# Explicitly url encode any character in username and password
# %40 = @
# Gmail:
# MAILER_DSN=gmail+smtp://user%40domain.com:pass@smtp.gmail.com
# Our own SMTP server:
# MAILER_DSN=smtp://username:password@smtpserver.tld:587?encryption=tls&auth_mode=log
# MAILER_DSN=smtp://username:password@smtpserver.tld:465?encryption=ssl&auth_mode=log
###< symfony/mailer ###
###> symfony/mailgun-mailer ###
# MAILER_DSN=mailgun://KEY:DOMAIN@default?region=us
# MAILER_DSN=mailgun+smtp://postmaster@sandboxxx.mailgun.org:key@default?region=us
###< symfony/mailgun-mailer ###
###> symfony/mercure-bundle ###
# See https://symfony.com/doc/current/mercure.html#configuration
# The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
# Assuming you are running Mercure Caddy on port 3000
MERCURE_URL=http://php/.well-known/mercure
# The public URL of the Mercure hub, used by the browser to connect
MERCURE_PUBLIC_URL=https://${KBIN_DOMAIN}/.well-known/mercure
# The secret used to sign the JWTs
MERCURE_JWT_SECRET=!ChangeThisMercureHubJWTSecretKey!
###< symfony/mercure-bundle ###
###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN="^https?://(${KBIN_DOMAIN}|127\.0\.0\.1)(:[0-9]+)?$"
###< nelmio/cors-bundle ###
###> symfony/lock ###
# Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name
LOCK_DSN=flock
###< symfony/lock ###
###> league/oauth2-server-bundle ###
OAUTH_PRIVATE_KEY=%kernel.project_dir%/config/oauth2/private.pem
OAUTH_PUBLIC_KEY=%kernel.project_dir%/config/oauth2/public.pem
OAUTH_PASSPHRASE=!ChangeThisOauthPass!
OAUTH_ENCRYPTION_KEY=
###< league/oauth2-server-bundle ###