zelo72
/
documentation
mirror of https://github.com/mastodon/documentation
1
0
Fork 0
Code Issues 6 Releases Wiki Activity
documentation/content/en/admin/config.md

5.8 KiB
Raw Blame History

title description menu
Configuring your environment Setting environment variables for your Mastodon installation.
docs
weight parent
30 admin

{{< hint style="warning" >}} This page is under construction. {{< /hint >}}

Mastodon uses environment variables as its configuration.

For convenience, it can read them from a flat file called .env.production in the Mastodon directory, but they can always be overridden by a specific process. For example, systemd service files can read environment variables from an EnvironmentFile or from inline definitions with Environment, so you can have different configuration parameters for specific services. They can also be specified when calling Mastodon from the command line.

Basic

Federation

  • LOCAL_DOMAIN = the domain for which your Mastodon instance has authority. Used to generate acct: URIs for Webfinger, which is used to resolve user addresses.
  • WEB_DOMAIN = the domain used for URLs generated by your Mastodon instance. Includes actor and object URIs for ActivityPub. Do not set this variable unless you know what you are doing.
  • ALTERNATE_DOMAINS

AUTHORIZED_FETCH

When set to true, Mastodon will stop inline-signing activities, and will require remote servers to authenticate when fetching public and unlisted toots.

This prevents blocked domains from fetching your public toots, at the cost of possibly increased computations, and broken compatibility with software that does not sign fetch requests (such as Mastodon prior to version 3.0).

Note that this mode cannot guarantee that bad actors do not access your public and unlisted toots, it merely makes it a bit more difficult.

LIMITED_FEDERATION_MODE

When set to true, Mastodon will restrict federation to specific servers only, as well as disable public pages and some client APIs. Limited federation mode mode implies authorized fetch mode.

When switching an existing instance to limited federation mode, the following command should be used to remove any already existent data on non-allowed domains:

tootctl domain purge --limited-federation-mode

WHITELIST_MODE

Equivalent to LIMITED_FEDERATION_MODE, which it was renamed into after 3.1.4.

Note that, while introduced in Mastodon 3.0, WHITELIST_MODE is broken on Mastodon 3.0 and 3.0.1.

Secrets

  • SECRET_KEY_BASE
  • OTP_SECRET
  • VAPID_PRIVATE_KEY
  • VAPID_PUBLIC_KEY

Deployment

  • RAILS_ENV
  • RAILS_SERVE_STATIC_FILES
  • RAILS_LOG_LEVEL
  • TRUSTED_PROXY_IP
  • SOCKET
  • PORT
  • NODE_ENV
  • BIND

Scaling options

  • WEB_CONCURRENCY
  • MAX_THREADS
  • PREPARED_STATEMENTS
  • STREAMING_API_BASE_URL
  • STREAMING_CLUSTER_NUM

Database connections

PostgreSQL

  • DB_HOST
  • DB_USER
  • DB_NAME
  • DB_PASS
  • DB_PORT
  • DATABASE_URL

Redis

  • REDIS_HOST
  • REDIS_PORT
  • REDIS_URL
  • REDIS_NAMESPACE
  • CACHE_REDIS_HOST
  • CACHE_REDIS_PORT
  • CACHE_REDIS_URL
  • CACHE_REDIS_NAMESPACE

ElasticSearch

  • ES_ENABLED
  • ES_HOST
  • ES_PORT
  • ES_PREFIX

StatsD

  • STATSD_ADDR
  • STATSD_NAMESPACE

Limits

  • SINGLE_USER_MODE
  • EMAIL_DOMAIN_ALLOWLIST
  • EMAIL_DOMAIN_DENYLIST
  • DEFAULT_LOCALE
  • MAX_SESSION_ACTIVATIONS
  • USER_ACTIVE_DAYS

E-mail

  • SMTP_SERVER
  • SMTP_PORT
  • SMTP_LOGIN
  • SMTP_PASSWORD
  • SMTP_FROM_ADDRESS
  • SMTP_DOMAIN
  • SMTP_DELIVERY_METHOD
  • SMTP_AUTH_METHOD
  • SMTP_CA_FILE
  • SMTP_OPENSSL_VERIFY_MODE
  • SMTP_ENABLE_STARTTLS_AUTO
  • SMTP_TLS
  • SMTP_SSL

File storage

  • CDN_HOST
  • S3_ALIAS_HOST

Local file storage

  • PAPERCLIP_ROOT_PATH
  • PAPERCLIP_ROOT_URL

Amazon S3 and compatible

  • S3_ENABLED
  • S3_BUCKET
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • S3_REGION
  • S3_PROTOCOL
  • S3_HOSTNAME
  • S3_ENDPOINT
  • S3_SIGNATURE_VERSION
  • S3_OVERRIDE_PATH_STYLE
  • S3_OPEN_TIMEOUT

Swift

  • SWIFT_ENABLED
  • SWIFT_USERNAME
  • SWIFT_TENANT
  • SWIFT_PASSWORD
  • SWIFT_PROJECT_ID
  • SWIFT_AUTH_URL
  • SWIFT_CONTAINER
  • SWIFT_OBJECT_URL
  • SWIFT_REGION
  • SWIFT_DOMAIN_NAME
  • SWIFT_CACHE_TTL

External authentication

  • OAUTH_REDIRECT_AT_SIGN_IN

LDAP

  • LDAP_ENABLED
  • LDAP_HOST
  • LDAP_PORT
  • LDAP_METHOD
  • LDAP_BASE
  • LDAP_BIND_DN
  • LDAP_PASSWORD
  • LDAP_UID
  • LDAP_SEARCH_FILTER
  • LDAP_MAIL
  • LDAP_UID_CONVERSTION_ENABLED

PAM

  • PAM_ENABLED
  • PAM_EMAIL_DOMAIN
  • PAM_DEFAULT_SERVICE
  • PAM_CONTROLLED_SERVICE

CAS

  • CAS_ENABLED
  • CAS_URL
  • CAS_HOST
  • CAS_PORT
  • CAS_SSL
  • CAS_VALIDATE_URL
  • CAS_CALLBACK_URL
  • CAS_LOGOUT_URL
  • CAS_LOGIN_URL
  • CAS_UID_FIELD
  • CAS_CA_PATH
  • CAS_DISABLE_SSL_VERIFICATION
  • CAS_UID_KEY
  • CAS_NAME_KEY
  • CAS_EMAIL_KEY
  • CAS_NICKNAME_KEY
  • CAS_FIRST_NAME_KEY
  • CAS_LAST_NAME_KEY
  • CAS_LOCATION_KEY
  • CAS_IMAGE_KEY
  • CAS_PHONE_KEY

SAML

  • SAML_ENABLED
  • SAML_ACS_URL
  • SAML_ISSUER
  • SAML_IDP_SSO_TARGET_URL
  • SAML_IDP_CERT
  • SAML_IDP_CERT_FINGERPRINT
  • SAML_NAME_IDENTIFIER_FORMAT
  • SAML_CERT
  • SAML_PRIVATE_KEY
  • SAML_SECURITY_WANT_ASSERTION_SIGNED
  • SAML_SECURITY_WANT_ASSERTION_ENCRYPTED
  • SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED
  • SAML_ATTRIBUTES_STATEMENTS_UID
  • SAML_ATTRIBUTES_STATEMENTS_EMAIL
  • SAML_ATTRIBUTES_STATEMENTS_FULL_NAME
  • SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME
  • SAML_ATTRIBUTES_STATEMENTS_LAST_NAME
  • SAML_UID_ATTRIBUTE
  • SAML_ATTRIBUTES_STATEMENTS_VERIFIED
  • SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL

Hidden services

  • http_proxy
  • ALLOW_ACCESS_TO_HIDDEN_SERVICE

Other

  • SKIP_POST_DEPLOYMENT_MIGRATIONS