mastodon/.env.production.sample

# Service dependencies
# You may set REDIS_URL instead for more advanced options
REDIS_HOST=redis
REDIS_PORT=6379
# You may set DATABASE_URL instead for more advanced options
DB_HOST=db
DB_USER=postgres
DB_NAME=postgres
DB_PASS=
DB_PORT=5432

# Federation
# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.
# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
LOCAL_DOMAIN=example.com 
LOCAL_HTTPS=true

# Use this only if you need to run mastodon on a different domain than the one used for federation.
# You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
# WEB_DOMAIN=mastodon.example.com

# Use this if you want to have several aliases handler@example1.com
# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
# be added. Comma separated values
# ALTERNATE_DOMAINS=example1.com,example2.com

# Application secrets
# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

# VAPID keys (used for push notifications
# You can generate the keys using the following command (first is the private key, second is the public one)
# You should only generate this once per instance. If you later decide to change it, all push subscription will
# be invalidated, requiring the users to access the website again to resubscribe.
#
# Generate with `rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
#
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=

# Registrations
# Single user mode will disable registrations and redirect frontpage to the first profile
# SINGLE_USER_MODE=true
# Prevent registrations with following e-mail domains
# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
# Only allow registrations with the following e-mail domains
# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc

# Optionally change default language
# DEFAULT_LOCALE=de

# E-mail configuration
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
# If you want to use an SMTP server without authentication (e.g local Postfix relay)
# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and 
# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notifications@example.com
#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
#SMTP_AUTH_METHOD=plain
#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
#SMTP_OPENSSL_VERIFY_MODE=peer
#SMTP_ENABLE_STARTTLS_AUTO=true


# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
# PAPERCLIP_ROOT_URL=/system

# Optional asset host for multi-server setups
# CDN_HOST=https://assets.example.com

# S3 (optional)
# S3_ENABLED=true
# S3_BUCKET=
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# S3_REGION=
# S3_PROTOCOL=http
# S3_HOSTNAME=192.168.1.123:9000

# S3 (Minio Config (optional) Please check Minio instance for details)
# S3_ENABLED=true
# S3_BUCKET=
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# S3_REGION=
# S3_PROTOCOL=https
# S3_HOSTNAME=
# S3_ENDPOINT=
# S3_SIGNATURE_VERSION=

# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
# S3_CLOUDFRONT_HOST=

# Streaming API integration
# STREAMING_API_BASE_URL=

# Advanced settings
# If you need to use pgBouncer, you need to disable prepared statements:
# PREPARED_STATEMENTS=false

# Cluster number setting for streaming API server.
# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
STREAMING_CLUSTER_NUM=1

# Docker mastodon user
# If you use Docker, you may want to assign UID/GID manually.
# UID=1000
# GID=1000
Adding e-mail configuration 2016-03-16 11:13:40 +00:00			`# Service dependencies`
Clean up redis configuration. Allow using REDIS_URL to set advanced (#2732) connection options instead of setting REDIS_HOST etc individually Close #1986 2017-05-03 21:18:13 +00:00			`# You may set REDIS_URL instead for more advanced options`
Adding a docker-compose template for running Mastodon easily 2016-03-14 20:39:39 +00:00			`REDIS_HOST=redis`
Fixing the docker container setup (with assets compilation &co) 2016-03-16 11:57:01 +00:00			`REDIS_PORT=6379`
fix DB_URL (#2778) 2017-05-04 13:53:44 +00:00			`# You may set DATABASE_URL instead for more advanced options`
Fixing the docker container setup (with assets compilation &co) 2016-03-16 11:57:01 +00:00			`DB_HOST=db`
			`DB_USER=postgres`
			`DB_NAME=postgres`
			`DB_PASS=`
			`DB_PORT=5432`
Adding e-mail configuration 2016-03-16 11:13:40 +00:00
			`# Federation`
Adds better documentation to LOCAL_DOMAIN and LOCAL_HTTPS (#3149) Fixes #2254 2017-05-19 18:55:15 +00:00			`# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.`
			`# LOCAL_DOMAIN should NOT contain the protocol part of the domain e.g https://example.com.`
			`LOCAL_DOMAIN=example.com`
Adding a docker-compose template for running Mastodon easily 2016-03-14 20:39:39 +00:00			`LOCAL_HTTPS=true`
Adding e-mail configuration 2016-03-16 11:13:40 +00:00
Allow running mastodon on a different domain as the one used for identifying users (#1267) * Allow running mastodon on a different domain as the one used for identifying users * Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing * Compare to web_domain instead of local_domain when dealing with feeds/API * Correctly identify mentions to local accounts Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN. 2017-04-15 00:15:46 +00:00			`# Use this only if you need to run mastodon on a different domain than the one used for federation.`
Add additional documentation and warnings to the WEB_DOMAIN setting. (#2386) * Add additional documentation and warnings to the WEB_DOMAIN setting. This feature is largely undocumented, and quite a number of users have shot them in the feet already despite the warning. Added a bit of documentation and expanded the warning until we have a mechanism for dealing with conflicting user URIs. * Change WEB_DOMAIN comments to point to the extensive online documentation 2017-05-05 02:56:28 +00:00			`# You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md`
			`# DO NOT USE THIS UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.`
Allow running mastodon on a different domain as the one used for identifying users (#1267) * Allow running mastodon on a different domain as the one used for identifying users * Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing * Compare to web_domain instead of local_domain when dealing with feeds/API * Correctly identify mentions to local accounts Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN. 2017-04-15 00:15:46 +00:00			`# WEB_DOMAIN=mastodon.example.com`

Allow alternate domains for mastodon handlers (#3187) 2017-05-22 13:40:04 +00:00			`# Use this if you want to have several aliases handler@example1.com`
			`# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not`
			`# be added. Comma separated values`
			`# ALTERNATE_DOMAINS=example1.com,example2.com`

Adding e-mail configuration 2016-03-16 11:13:40 +00:00			`# Application secrets`
Add docker-compose example about rake secret task 2016-12-29 19:53:18 +00:00			# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
Adding a docker-compose template for running Mastodon easily 2016-03-14 20:39:39 +00:00			`PAPERCLIP_SECRET=`
			`SECRET_KEY_BASE=`
Update sample .env 2017-01-29 12:06:58 +00:00			`OTP_SECRET=`
Adding e-mail configuration 2016-03-16 11:13:40 +00:00
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator 2017-07-13 20:15:32 +00:00			`# VAPID keys (used for push notifications`
			`# You can generate the keys using the following command (first is the private key, second is the public one)`
			`# You should only generate this once per instance. If you later decide to change it, all push subscription will`
			`# be invalidated, requiring the users to access the website again to resubscribe.`
			`#`
Add Rake task for generate VAPID key (#4195) * Add Rake task for generate VAPID key * edit config/initializers/vapid.rb 2017-07-14 10:13:43 +00:00			# Generate with `rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
Web Push Notifications (#3243) * feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator 2017-07-13 20:15:32 +00:00			`#`
			`# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html`
			`VAPID_PRIVATE_KEY=`
			`VAPID_PUBLIC_KEY=`

Add single user mode 2016-12-06 16:19:26 +00:00			`# Registrations`
			`# Single user mode will disable registrations and redirect frontpage to the first profile`
			`# SINGLE_USER_MODE=true`
			`# Prevent registrations with following e-mail domains`
			`# EMAIL_DOMAIN_BLACKLIST=example1.com\|example2.de\|etc`
[#817] Add email whitelist This adds the ability to filter user signup with a whitelist instead of or in addition to a blacklist. Fixes #817 2017-04-04 15:04:44 +00:00			`# Only allow registrations with the following e-mail domains`
			`# EMAIL_DOMAIN_WHITELIST=example1.com\|example2.de\|etc`
Add single user mode 2016-12-06 16:19:26 +00:00
Allow setting of default language through config Setting of locale in controller extracted to Localized concern, the doorkeeper authorized applications controller moved under custom namespace with inclusion of Localized, which resolves the "it sometimes appears in a different random language" bug 2017-04-07 10:40:26 +00:00			`# Optionally change default language`
			`# DEFAULT_LOCALE=de`

Adding e-mail configuration 2016-03-16 11:13:40 +00:00			`# E-mail configuration`
Moved into a comment per feedback 2017-04-07 11:43:44 +00:00			`# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers`
Allow using an SMTP server without authentication (#1597) * Allow using an SMTP server without authentication (e.g Postfix relay on the same host) by setting SMTP_LOGIN and SMTP_AUTH_METHOD to 'none' * Add note in .env.production.sample about SMTP settings for servers where no auth is required * Assume that SMTP_LOGIN and SMTP_PASSWORD will be blank if we set SMTP_AUTH_METHOD to none 2017-04-17 08:41:19 +00:00			`# If you want to use an SMTP server without authentication (e.g local Postfix relay)`
Improve example env file for local Postfix relay (#2892) 2017-05-08 01:34:11 +00:00			`# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and`
			`# comment SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).`
Adding e-mail configuration 2016-03-16 11:13:40 +00:00			`SMTP_SERVER=smtp.mailgun.org`
			`SMTP_PORT=587`
			`SMTP_LOGIN=`
			`SMTP_PASSWORD=`
			`SMTP_FROM_ADDRESS=notifications@example.com`
Add documentation of SMTP_DOMAIN (#1738) Without setting it, exim will reject the mail with a message like: rejected EHLO from [10.20.0.1]: syntactically invalid argument(s): {} 2017-04-17 08:42:29 +00:00			`#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN`
smtp delivery type fix (#1556) * delivery fix # Conflicts: # config/environments/production.rb * added stub in .env file * reordered and added a comment 2017-04-13 17:51:49 +00:00			`#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail`
More SMTP customization (#1372) * Allow SMTP auth method customization * Add SMTP openssl_verify_mode option support Allows one use self-signed certs with their SMTP server. * Add SMTP enable_starttls_auto option support 2017-04-10 19:48:30 +00:00			`#SMTP_AUTH_METHOD=plain`
Allow to set CA file for SMTP (#2713) 2017-05-02 23:03:12 +00:00			`#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt`
More SMTP customization (#1372) * Allow SMTP auth method customization * Add SMTP openssl_verify_mode option support Allows one use self-signed certs with their SMTP server. * Add SMTP enable_starttls_auto option support 2017-04-10 19:48:30 +00:00			`#SMTP_OPENSSL_VERIFY_MODE=peer`
			`#SMTP_ENABLE_STARTTLS_AUTO=true`

Fix CDN_HOST variable requirement 2016-11-26 14:27:05 +00:00
Custom Paperclip path. (#778) * Custom Paperclip path. * Document PAPERCLIP_ROOT. * Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH). 2017-04-15 00:07:21 +00:00			`# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.`
			`# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system`
			`# PAPERCLIP_ROOT_URL=/system`

Fix CDN_HOST variable requirement 2016-11-26 14:27:05 +00:00			`# Optional asset host for multi-server setups`
added 'https://' to CDN_HOST variable example (#3446) 2017-05-30 16:39:28 +00:00			`# CDN_HOST=https://assets.example.com`
Upgrade Paperclip to 5, AWS-SDK to 2, do not generate medium/small versions of avatars 2016-11-29 13:20:15 +00:00
			`# S3 (optional)`
Add single user mode 2016-12-06 16:19:26 +00:00			`# S3_ENABLED=true`
			`# S3_BUCKET=`
			`# AWS_ACCESS_KEY_ID=`
			`# AWS_SECRET_ACCESS_KEY=`
			`# S3_REGION=`
:wrench: S3 protocol from ENV add support for reading S3 protocol from ENV also add S3_HOSTNAME in .env.production.sample 2017-03-23 07:44:55 +00:00			`# S3_PROTOCOL=http`
			`# S3_HOSTNAME=192.168.1.123:9000`
Add single user mode 2016-12-06 16:19:26 +00:00
Update Finnish translations, add sample Minio config (#954) 2017-04-07 10:58:12 +00:00			`# S3 (Minio Config (optional) Please check Minio instance for details)`
			`# S3_ENABLED=true`
			`# S3_BUCKET=`
			`# AWS_ACCESS_KEY_ID=`
			`# AWS_SECRET_ACCESS_KEY=`
			`# S3_REGION=`
			`# S3_PROTOCOL=https`
			`# S3_HOSTNAME=`
			`# S3_ENDPOINT=`
Change to switch signature version for Amazon S3 (#2124) 2017-04-19 12:18:50 +00:00			`# S3_SIGNATURE_VERSION=`
Update Finnish translations, add sample Minio config (#954) 2017-04-07 10:58:12 +00:00
Add single user mode 2016-12-06 16:19:26 +00:00			`# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front`
			`# S3_CLOUDFRONT_HOST=`
Update sample .env 2017-01-29 12:06:58 +00:00
Make the streaming API also handle websockets (because trying to get the browser EventSource interface to work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead of ActionCable like before. This means that if you are upgrading, you should set that up beforehand. 2017-02-03 23:34:31 +00:00			`# Streaming API integration`
			`# STREAMING_API_BASE_URL=`
Add env variable to disable prepared statements (#1293) 2017-04-09 03:46:32 +00:00
			`# Advanced settings`
			`# If you need to use pgBouncer, you need to disable prepared statements:`
			`# PREPARED_STATEMENTS=false`
Improve streaming server with cluster (#1970) 2017-04-17 02:32:30 +00:00
			`# Cluster number setting for streaming API server.`
			# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
			`STREAMING_CLUSTER_NUM=1`
Some Dockerfile improvements (#3182) - improve docker_entrypoint.sh - serve static files with puma by default - sort packages list - use virtual package for build deps - show how to assign UID/GID 2017-05-20 18:01:05 +00:00
			`# Docker mastodon user`
			`# If you use Docker, you may want to assign UID/GID manually.`
			`# UID=1000`
			`# GID=1000`