Add documentation for cache buster and hcaptcha

content/en/admin/config.md

@@ -467,9 +467,9 @@ E-mail configuration is based on the *action_mailer* component of the *Ruby on R
 * `SMTP_SERVER`: Specify the server to use. For example `sub.domain.tld`.
 * `SMTP_PORT`: By default, the value is `25` (the usual port for SMTP). If StartTLS is detected, it may be switched to port 587.
 * `SMTP_DOMAIN`: Only required if a HELO domain is needed. Will be set to the `SMTP_SERVER` domain by default.
-* `SMTP_FROM_ADDRESS`: Specify a sender address. 
+* `SMTP_FROM_ADDRESS`: Specify a sender address.
 * `SMTP_DELIVERY_METHOD`: By default, the value is `smtp` (can also be `sendmail`).
-  
+
 ### Authentication for the SMTP server {#smtpauthentication}
 
 * `SMTP_LOGIN`: Login for the SMTP user.
@@ -480,12 +480,12 @@ E-mail configuration is based on the *action_mailer* component of the *Ruby on R
 By default, a StartTLS connection will be attempted to the specified SMTP server.
 
 * `SMTP_ENABLE_STARTTLS_AUTO`: Default `true`.
-* `SMTP_CA_FILE`: A value may be specified, but on many Linux distros (e.g. Debian-based) this will be `/etc/ssl/certs/ca-certificates.crt`. 
-* `SMTP_OPENSSL_VERIFY_MODE`: `none` or `peer`. When using TLS, it may be useful to accept connections with a self-signed certificate. 
+* `SMTP_CA_FILE`: A value may be specified, but on many Linux distros (e.g. Debian-based) this will be `/etc/ssl/certs/ca-certificates.crt`.
+* `SMTP_OPENSSL_VERIFY_MODE`: `none` or `peer`. When using TLS, it may be useful to accept connections with a self-signed certificate.
 * `SMTP_TLS`: `true` or `false` (default `false`)
 * `SMTP_SSL`: `true` or `false` (default `false`)
 
-Note that `TLSv1.3` and `TLSv1.2` are the only SSL/TLS protocols currently considered to be secure. 
+Note that `TLSv1.3` and `TLSv1.2` are the only SSL/TLS protocols currently considered to be secure.
 
 ## File storage {#files}
 
@@ -588,6 +588,34 @@ During batch delete operations, S3 providers may perodically fail or timeout whi
 
 #### `SWIFT_CACHE_TTL`
 
+### HTTP Cache Buster
+
+If configured, the Cache Buster feature will send a request to invalidate the cache for media files when they are deleted or made unavailable from your origin. This allows you to ensure that your caching layer / CDN is purged from any content that is removed from Mastodon.
+
+{{< hint style="info" >}}
+The way to achieve this is very dependent of your proxy/CDN provider and will require configuration. If you are using nginx for HTTP caching, you will want to look at the `proxy_cache_purge` configuration directive.
+{{</ hint >}}
+
+#### `CACHE_BUSTER_ENABLED`
+
+If set to `true`, then Mastodon will send a cache-busting request to the media URL when deleting the file so the file can be purged from the cache.
+
+Defaults to `false`
+
+#### `CACHE_BUSTER_HTTP_METHOD`
+
+Defaults to `GET`
+
+#### `CACHE_BUSTER_SECRET_HEADER`
+
+Name of the header containing the secret defined in `CACHE_BUSTER_SECRET`.
+
+Defaults to an empty value, meaning no header will be added
+
+#### `CACHE_BUSTER_SECRET`
+
+Value of the `CACHE_BUSTER_SECRET_HEADER` header configured above.
+
 ## External authentication {#external-authentication}
 
 ### OmniAuth
@@ -793,12 +821,6 @@ This variable only has any effect when running `rake db:migrate` and it is extre
 
 #### `LIBRE_TRANSLATE_API_KEY`
 
-#### `CACHE_BUSTER_ENABLED`
-
-#### `CACHE_BUSTER_SECRET_HEADER`
-
-#### `CACHE_BUSTER_SECRET`
-
 #### `GITHUB_REPOSITORY`
 
 Defaults to `mastodon/mastodon`
@@ -809,6 +831,12 @@ Defaults to `https://github.com/$GITHUB_REPOSITORY`
 
 #### `FFMPEG_BINARY`
 
+#### `HCAPTCHA_SITE_KEY`
+
+Set this to your hCaptcha site key to enable captchas on the account confirmation page using hCaptcha.
+
+Defaults to empty value (not enabled)
+
 #### `LOCAL_HTTPS`
 
 #### `PATH`
@@ -846,4 +874,3 @@ Defaults to `512`.
 #### `GITHUB_API_TOKEN`
 
 Used in a rake task for generating AUTHORS.md from GitHub commit history.
-