5.2 KiB
| title | description | menu | ||||||
|---|---|---|---|---|---|---|---|---|
| Configuring your environment | Setting environment variables for your Mastodon installation. |
|
{{< hint style="warning" >}} This page is under construction. {{< /hint >}}
Mastodon uses environment variables as its configuration.
For convenience, it can read them from a flat file called .env.production in the Mastodon directory, but they can always be overridden by a specific process. For example, systemd service files can read environment variables from an EnvironmentFile or from inline definitions with Environment, so you can have different configuration parameters for specific services. They can also be specified when calling Mastodon from the command line.
Basic
Federation
LOCAL_DOMAINWEB_DOMAINALTERNATE_DOMAINS
AUTHORIZED_FETCH
When set to true, Mastodon will stop inline-signing activities, and will require remote servers to authenticate when fetching public and unlisted toots.
This prevents blocked domains from fetching your public toots, at the cost of possibly increased computations, and broken compatibility with software that does not sign fetch requests (such as Mastodon prior to version 3.0).
Note that this mode cannot guarantee that bad actors do not access your public and unlisted toots, it merely makes it a bit more difficult.
WHITELIST_MODE
When set to true, Mastodon will restrict federation to whitelisted servers only, as well as disable public pages and some client APIs.
Whitelist mode implies authorized fetch mode.
When switching an existing instance to whitelist mode, the following command should be used to remove any already existent data on non-whitelisted domains:
tootctl domain purge --whitelist-mode
Note that, while introduced in Mastodon 3.0, WHITELIST_MODE is broken on Mastodon 3.0 and 3.0.1.
Secrets
SECRET_KEY_BASEOTP_SECRETVAPID_PRIVATE_KEYVAPID_PUBLIC_KEY
Deployment
RAILS_ENVRAILS_SERVE_STATIC_FILESRAILS_LOG_LEVELTRUSTED_PROXY_IPSOCKETPORTNODE_ENVBIND
Scaling options
WEB_CONCURRENCYMAX_THREADSPREPARED_STATEMENTSSTREAMING_API_BASE_URLSTREAMING_CLUSTER_NUM
Database connections
PostgreSQL
DB_HOSTDB_USERDB_NAMEDB_PASSDB_PORTDATABASE_URL
Redis
REDIS_HOSTREDIS_PORTREDIS_URLREDIS_NAMESPACECACHE_REDIS_HOSTCACHE_REDIS_PORTCACHE_REDIS_URLCACHE_REDIS_NAMESPACE
ElasticSearch
ES_ENABLEDES_HOSTES_PORTES_PREFIX
StatsD
STATSD_ADDRSTATSD_NAMESPACE
Limits
SINGLE_USER_MODEEMAIL_DOMAIN_WHITELISTDEFAULT_LOCALEMAX_SESSION_ACTIVATIONSUSER_ACTIVE_DAYS
SMTP_SERVERSMTP_PORTSMTP_LOGINSMTP_PASSWORDSMTP_FROM_ADDRESSSMTP_DOMAINSMTP_DELIVERY_METHODSMTP_AUTH_METHODSMTP_CA_FILESMTP_OPENSSL_VERIFY_MODESMTP_ENABLE_STARTTLS_AUTOSMTP_TLS
File storage
CDN_HOSTS3_ALIAS_HOST
Local file storage
PAPERCLIP_ROOT_PATHPAPERCLIP_ROOT_URL
Amazon S3 and compatible
S3_ENABLEDS3_BUCKETAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYS3_REGIONS3_PROTOCOLS3_HOSTNAMES3_ENDPOINTS3_SIGNATURE_VERSION
Swift
SWIFT_ENABLEDSWIFT_USERNAMESWIFT_TENANTSWIFT_PASSWORDSWIFT_PROJECT_IDSWIFT_AUTH_URLSWIFT_CONTAINERSWIFT_OBJECT_URLSWIFT_REGIONSWIFT_DOMAIN_NAMESWIFT_CACHE_TTL
External authentication
OAUTH_REDIRECT_AT_SIGN_IN
LDAP
LDAP_ENABLEDLDAP_HOSTLDAP_PORTLDAP_METHODLDAP_BASELDAP_BIND_DNLDAP_PASSWORDLDAP_UIDLDAP_SEARCH_FILTER
PAM
PAM_ENABLEDPAM_EMAIL_DOMAINPAM_DEFAULT_SERVICEPAM_CONTROLLED_SERVICE
CAS
CAS_ENABLEDCAS_URLCAS_HOSTCAS_PORTCAS_SSLCAS_VALIDATE_URLCAS_CALLBACK_URLCAS_LOGOUT_URLCAS_LOGIN_URLCAS_UID_FIELDCAS_CA_PATHCAS_DISABLE_SSL_VERIFICATIONCAS_UID_KEYCAS_NAME_KEYCAS_EMAIL_KEYCAS_NICKNAME_KEYCAS_FIRST_NAME_KEYCAS_LAST_NAME_KEYCAS_LOCATION_KEYCAS_IMAGE_KEYCAS_PHONE_KEY
SAML
SAML_ENABLEDSAML_ACS_URLSAML_ISSUERSAML_IDP_SSO_TARGET_URLSAML_IDP_CERTSAML_IDP_CERT_FINGERPRINTSAML_NAME_IDENTIFIER_FORMATSAML_CERTSAML_PRIVATE_KEYSAML_SECURITY_WANT_ASSERTION_SIGNEDSAML_SECURITY_WANT_ASSERTION_ENCRYPTEDSAML_SECURITY_ASSUME_EMAIL_IS_VERIFIEDSAML_ATTRIBUTES_STATEMENTS_UIDSAML_ATTRIBUTES_STATEMENTS_EMAILSAML_ATTRIBUTES_STATEMENTS_FULL_NAMESAML_ATTRIBUTES_STATEMENTS_FIRST_NAMESAML_ATTRIBUTES_STATEMENTS_LAST_NAMESAML_UID_ATTRIBUTESAML_ATTRIBUTES_STATEMENTS_VERIFIEDSAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL
Hidden services
http_proxyALLOW_ACCESS_TO_HIDDEN_SERVICE
Other
SKIP_POST_DEPLOYMENT_MIGRATIONS