From ae93e4b66d6f4d2a66c4788b83d2e6c66f47c01a Mon Sep 17 00:00:00 2001 From: ThibG Date: Wed, 22 Jan 2020 20:01:37 +0100 Subject: [PATCH] Document AUTHORIZED_FETCH and WHITELIST_MODE (#750) * Document AUTHORIZED_FETCH and WHITELIST_MODE * Make headings out of the documented env variables --- content/en/admin/config.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/content/en/admin/config.md b/content/en/admin/config.md index 8879d180..8435cdb0 100644 --- a/content/en/admin/config.md +++ b/content/en/admin/config.md @@ -23,6 +23,26 @@ For convenience, it can read them from a flat file called `.env.production` in t * `WEB_DOMAIN` * `ALTERNATE_DOMAINS` +#### `AUTHORIZED_FETCH` {#authorized_fetch} + + When set to `true`, Mastodon will stop inline-signing activities, and will require remote servers to authenticate when fetching public and unlisted toots. + + This prevents blocked domains from fetching your public toots, at the cost of possibly increased computations, and broken compatibility with software that does not sign fetch requests (such as Mastodon prior to version 3.0). + + Note that this mode cannot guarantee that bad actors do not access your public and unlisted toots, it merely makes it a bit more difficult. + +#### `WHITELIST_MODE` {#whitelist_mode} + + When set to `true`, Mastodon will restrict federation to whitelisted servers only, as well as disable public pages and some client APIs. + Whitelist mode implies authorized fetch mode. + + When switching an existing instance to whitelist mode, the following command should be used to remove any already existent data on non-whitelisted domains: + ``` + tootctl domain purge --whitelist-mode + ``` + + Note that, while introduced in Mastodon 3.0, `WHITELIST_MODE` is broken on Mastodon 3.0 and 3.0.1. + ### Secrets {#secrets} * `SECRET_KEY_BASE`