diff --git a/config b/config index 9d75346..7febd98 160000 --- a/config +++ b/config @@ -1 +1 @@ -Subproject commit 9d75346be36d2a0384ad3be44dc4ebc06dbff5ce +Subproject commit 7febd989d2b8c0e099cd19a40254bb55c8db6d76 diff --git a/templates/gotosocial/config.yaml.gotmpl b/templates/gotosocial/config.yaml.gotmpl index 3716697..efe560f 100644 --- a/templates/gotosocial/config.yaml.gotmpl +++ b/templates/gotosocial/config.yaml.gotmpl @@ -34,6 +34,10 @@ log-db-queries: false # Examples: ["My Application","gotosocial"] # Default: "gotosocial" application-name: "{{ .GoToSocial.Name }}" +# String. The user that will be shown instead of the landing page. if no user is set, the landing page will be shown. +# Examples: "admin" +# Default: "" +landing-page-user: "dan" # String. Hostname that this server will be reachable at. Defaults to localhost for local testing, # but you should *definitely* change this when running for real, or your server won't work at all. @@ -45,11 +49,18 @@ host: "{{ .GoToSocial.Subdomain }}.{{ .RootDomain }}" # String. Domain to use when federating profiles. This is useful when you want your server to be at # eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better # or is just shorter/easier to remember. +# # To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger" # to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly. +# # You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way. # An empty string (ie., not set) means that the same value as 'host' will be used. +# # DO NOT change this after your server has already run once, or you will break things! +# +# Please read the appropriate section of the installation guide before you go messing around with this setting: +# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username +# # Examples: ["example.org","server.com"] # Default: "" account-domain: "" @@ -64,9 +75,11 @@ protocol: "https" # String. Address to bind the GoToSocial server to. # This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. -# Default value will bind to all interfaces. -# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or -# you have specific networking requirements. +# The default value will bind to all interfaces, which makes the server +# accessible by other machines. For most setups there is no need to change this. +# If you are using GoToSocial in a reverse proxy setup with the proxy running on +# the same machine, you will want to set this to "localhost" or an equivalent, +# so that the proxy can't be bypassed. # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Default: "0.0.0.0" bind-address: "{{ .GoToSocial.ContainerIpv4Address }}" @@ -149,6 +162,125 @@ db-tls-mode: "disable" # Default: "" db-tls-ca-cert: "" +# Int. Number to multiply by CPU count to set permitted total of open database connections (in-use and idle). +# You can use this setting to tune your database connection behavior, though most admins won't need to touch it. +# +# Example values for multiplier 8: +# +# 1 cpu = 08 open connections +# 2 cpu = 16 open connections +# 4 cpu = 32 open connections +# +# Example values for multiplier 4: +# +# 1 cpu = 04 open connections +# 2 cpu = 08 open connections +# 4 cpu = 16 open connections +# +# A multiplier of 8 is a sensible default, but you may wish to increase this for instances +# running on very performant hardware, or decrease it for instances using v. slow CPUs. +# +# If you set the multiplier to less than 1, only one open connection will be used regardless of cpu count. +# +# PLEASE NOTE!!: This setting currently only applies for Postgres. SQLite will always use 1 connection regardless +# of what is set here. This behavior will change in future when we implement better SQLITE_BUSY handling. +# See https://github.com/superseriousbusiness/gotosocial/issues/1407 for more details. +# +# Examples: [16, 8, 10, 2] +# Default: 8 +db-max-open-conns-multiplier: 8 + +# String. SQLite journaling mode. +# SQLite only -- unused otherwise. +# If set to empty string, the sqlite default will be used. +# See: https://www.sqlite.org/pragma.html#pragma_journal_mode +# Examples: ["DELETE", "TRUNCATE", "PERSIST", "MEMORY", "WAL", "OFF"] +# Default: "WAL" +db-sqlite-journal-mode: "WAL" + +# String. SQLite synchronous mode. +# SQLite only -- unused otherwise. +# If set to empty string, the sqlite default will be used. +# See: https://www.sqlite.org/pragma.html#pragma_synchronous +# Examples: ["OFF", "NORMAL", "FULL", "EXTRA"] +# Default: "NORMAL" +db-sqlite-synchronous: "NORMAL" + +# Byte size. SQlite cache size. +# SQLite only -- unused otherwise. +# If set to empty string or zero, the sqlite default (2MiB) will be used. +# See: https://www.sqlite.org/pragma.html#pragma_cache_size +# Examples: ["0", "2MiB", "8MiB", "64MiB"] +# Default: "8MiB" +db-sqlite-cache-size: "8MiB" + +# Duration. SQlite busy timeout. +# SQLite only -- unused otherwise. +# If set to empty string or zero, the sqlite default will be used. +# See: https://www.sqlite.org/pragma.html#pragma_busy_timeout +# Examples: ["0s", "1s", "30s", "1m", "5m"] +# Default: "5s" +db-sqlite-busy-timeout: "5m" + +cache: + gts: + ########################### + #### DATABASE CACHES ###### + ########################### + # + # Database cache configuration: + # + # Allows configuration of caches used + # when loading GTS models from the database. + # + # max-size = maximum cached objects count + # ttl = cached object lifetime + # sweep-freq = frequency to look for stale cache objects + + account-max-size: 100 + account-ttl: "5m" + account-sweep-freq: "10s" + + block-max-size: 100 + block-ttl: "5m" + block-sweep-freq: "10s" + + domain-block-max-size: 1000 + domain-block-ttl: "24h" + domain-block-sweep-freq: "1m" + + emoji-max-size: 500 + emoji-ttl: "5m" + emoji-sweep-freq: "10s" + + emoji-category-max-size: 100 + emoji-category-ttl: "5m" + emoji-category-sweep-freq: "10s" + + mention-max-size: 500 + mention-ttl: "5m" + mention-sweep-freq: "10s" + + notification-max-size: 500 + notification-ttl: "5m" + notification-sweep-freq: "10s" + + report-max-size: 100 + report-ttl: "5m" + report-sweep-freq: "10s" + + status-max-size: 500 + status-ttl: "5m" + status-sweep-freq: "10s" + + tombstone-max-size: 100 + tombstone-ttl: "5m" + tombstone-sweep-freq: "10s" + + user-max-size: 100 + user-ttl: "5m" + user-sweep-freq: "10s" + ###################### ##### WEB CONFIG ##### ###################### @@ -186,6 +318,19 @@ instance-expose-peers: false # Default: false instance-expose-suspended: false +# Bool. Allow unauthenticated users to view /about/suspended, +# showing the HTML rendered list of instances that this instance blocks/suspends. +# Options: [true, false] +# Default: false +instance-expose-suspended-web: false + +# Bool. Allow unauthenticated users to make queries to /api/v1/timelines/public in order +# to see a list of public posts on this server. Even if set to 'false', then authenticated +# users (members of the instance) will still be able to query the endpoint. +# Options: [true, false] +# Default: false +instance-expose-public-timeline: false + # Bool. This flag tweaks whether GoToSocial will deliver ActivityPub messages # to the shared inbox of a recipient, if one is available, instead of delivering # each message to each actor who should receive a message individually. @@ -311,9 +456,22 @@ storage-local-base-path: "{{ .GoToSocial.DataContainerDirectory }}/storage" # String. API endpoint of the S3 compatible service. # Only required when running with the s3 storage backend. # Examples: ["minio:9000", "s3.nl-ams.scw.cloud", "s3.us-west-002.backblazeb2.com"] +# GoToSocial uses "DNS-style" when accessing buckets. +# If you are using Scaleways object storage, please remove the "bucket name" from the endpoint address # Default: "" storage-s3-endpoint: "" +# Bool. If data stored in S3 should be proxied through GoToSocial instead of redirecting to a presigned URL. +# +# Default: false +storage-s3-proxy: false +# Bool. Use SSL for S3 connections. +# +# Only set this to 'false' when testing locally. +# +# Default: true +storage-s3-use-ssl: true + # String. Access key part of the S3 credentials. # Consider setting this value using environment variables to avoid leaking it via the config file # Only required when running with the s3 storage backend. @@ -460,10 +618,17 @@ oidc-client-secret: "" # Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes # Default: ["openid", "email", "profile", "groups"] oidc-scopes: -- "openid" -- "email" -- "profile" -- "groups" + - "openid" + - "email" + - "profile" + - "groups" + +# Bool. Link OIDC authenticated users to existing ones based on their email address. +# This is mostly intended for migration purposes if you were running previous versions of GTS +# which only correlated users with their email address. Should be set to false for most usecases. +# Options: [true, false] +# Default: false +oidc-link-existing: false ####################### ##### SMTP CONFIG ##### @@ -525,6 +690,15 @@ syslog-protocol: "udp" # Default: "localhost:514" syslog-address: "localhost:514" +################################## +##### OBSERVABILITY SETTINGS ##### +################################## + +# String. Header name to use to extract a request or trace ID from. Typically set by a +# loadbalancer or proxy. +# Default: "X-Request-Id" +request-id-header: "X-Request-Id" + ############################# ##### ADVANCED SETTINGS ##### ############################# @@ -551,3 +725,54 @@ syslog-address: "localhost:514" # Options: ["lax", "strict"] # Default: "lax" advanced-cookies-samesite: "lax" + +# Int. Amount of requests to permit per router grouping from a single IP address within +# a span of 5 minutes. If this amount is exceeded, a 429 HTTP error code will be returned. +# +# If you find yourself adjusting this limit because it's regularly being exceeded, +# you should first verify that your settings for `trusted-proxies` (above) are correct. +# In many cases, when the rate limit is exceeded it is because your instance sees all +# incoming requests as coming from the *same IP address* (you can verify this by looking +# at the client IPs in your instance logs). If this is the case, try adding that IP +# address to your `trusted-proxies` *BEFORE* you go adjusting this rate limit setting! +# +# If you set this to 0 or less, rate limiting will be disabled entirely. +# +# Examples: [1000, 500, 0] +# Default: 300 +advanced-rate-limit-requests: 300 + +# Int. Amount of open requests to permit per CPU, per router grouping, before applying http +# request throttling. Any requests beyond the calculated limit are held in a backlog queue for +# up to 30 seconds before either being processed or timing out. Requests that don't fit in the backlog +# queue will have status 503 returned to them, and the header 'Retry-After' will be set to 30 seconds. +# +# Open request limit is available CPUs * multiplier; backlog queue limit is limit * multiplier. +# +# Example values for multiplier 8: +# +# 1 cpu = 08 open, 064 backlog +# 2 cpu = 16 open, 128 backlog +# 4 cpu = 32 open, 256 backlog +# +# Example values for multiplier 4: +# +# 1 cpu = 04 open, 016 backlog +# 2 cpu = 08 open, 032 backlog +# 4 cpu = 16 open, 064 backlog +# +# A multiplier of 8 is a sensible default, but you may wish to increase this for instances +# running on very performant hardware, or decrease it for instances using v. slow CPUs. +# +# If you set this to 0 or less, http request throttling will be disabled entirely. +# +# Examples: [8, 4, 9, 0] +# Default: 8 +advanced-throttling-multiplier: 8 + +# Duration. Time period to use as the "retry-after" header value in response to throttled requests. +# Minimum resolution is 1 second. +# +# Examples: [30s, 10s, 5s, 1m] +# Default: 30s +advanced-throttling-retry-after: "30s"