diff --git a/conf/lstu.conf.template b/conf/lstu.conf.template index 3206286..6796cb0 100644 --- a/conf/lstu.conf.template +++ b/conf/lstu.conf.template @@ -67,9 +67,9 @@ #fixed_domain => 'example.org', # choose what database you want to use - # valid choices are sqlite and postgresql (all lowercase) + # valid choices are sqlite, postgresql and mysql (all lowercase) # optional, default is sqlite - #dbtype => 'sqlite', + dbtype => 'postgresql', # SQLite ONLY - only used if dbtype is set to sqlite # define a path to the SQLite database @@ -81,11 +81,29 @@ # PostgreSQL ONLY - only used if dbtype is set to postgresql # these are the credentials to access the PostgreSQL database # mandatory if you choosed postgresql as dbtype - #pgdb => { + pgdb => { + database => '__DB_NAME__', + host => 'localhost', + # optional, default is 5432 + #port => 5432, + user => '__DB_USER__', + pwd => '__DB_PWD__', + # optional, default is 1 + #max_connections => 1, + }, + + # MySQL ONLY - only used if dbtype is set to mysql + # these are the credentials to access the MySQL database + # mandatory if you choosed mysql as dbtype + #mysqldb => { # database => 'lstu', # host => 'localhost', - # #user => 'DBUSER', - # #pwd => 'DBPASSWORD' + # # optional, default is 3306 + # #port => 3306, + # user => 'DBUSER', + # pwd => 'DBPASSWORD', + # # optional, default is 5 (set to 0 to disable persistent connections) + # #max_connections => 5, #}, # Rate-limiting for the API @@ -104,6 +122,14 @@ # optional, default is an empty array #ban_whitelist => [], + # Ban blacklist + # You can blacklist IP addresses to always ban those IP addresses + # Be careful, the IP addresses are compared as string, not as IP addresses + # a network range will not work + # Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬ + # optional, default is an empty array + #ban_blacklist => [], + # define an URL to the Piwik instance and the ID of a website to track # set if you want to track views in Piwik # optional, Piwik tracking is disabled by default @@ -115,21 +141,50 @@ # use Minion instead of directly increase counters # need to launch a minion worker service if enabled # optional, Minion is disabled by default + # It will use the same DB type as Lstu: sqlite if you choose sqlite for `dbtype`, + # postgresql for postgresql, etc. #minion => { # enabled => 0, - # db_path => 'minion.db' # you can define it relative to lstu directory or set an absolute path + # # SQLite ONLY - only used if if you choose sqlite as DB type, + # # define the path to the minion database + # # you can define it relative to lstu directory or set an absolute path + # # remember that it has to be in a directory writable by Lutim user + # # optional, default is minion.db + # db_path => 'minion.db', + # # PostgreSQL ONLY - only used if you choose postgresql as DB type + # # these are the credentials to access the Minion's PostgreSQL database + # # mandatory if you choosed postgresql as DB type, no default + # pgdb => { + # database => 'lstu_minion', + # host => 'localhost', + # # optional, default is 5432 + # #port => 5432, + # user => 'DBUSER', + # pwd => 'DBPASSWORD' + # }, + # # MySQL ONLY - only used if you choose mysql as DB type + # # these are the credentials to access the Minion's MySQL database + # # mandatory if you choosed mysql as DB type, no default + # mysqldb => { + # database => 'lstu_minion', + # host => 'localhost', + # # optional, default is 3306 + # #port => 3306, + # user => 'DBUSER', + # pwd => 'DBPASSWORD', + # }, #}, # set `ldap` if you want that only authenticated users can shorten URLs # please note that everybody can still use shortend URLs # optional, no default #ldap => { - # uri => 'ldaps://ldap.example.org', - # user_tree => 'ou=users,dc=example,dc=org', - # bind_dn => ',ou=users,dc=example,dc=org', - # bind_user => 'uid=ldap_user', - # bind_pwd => 'secr3t', - # user_filter => '!(uid=ldap_user)' + # uri => 'ldaps://ldap.example.org', # server URI + # user_tree => 'ou=users,dc=example,dc=org', # search base DN + # bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN + # bind_pwd => 'secr3t', # search bind password + # user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) + # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) #}, # set `htpasswd` if you want to use an htpasswd file instead of ldap @@ -142,4 +197,72 @@ # the user needs to reauthenticate # optional, default is 3600 #session_duration => 3600, + + # how many redirections are allowed for the shortened URL before considering it as a spam? + # optional, default is 2. Set to -1 to allow infinite redirections (not recommended) + #max_redir => 2, + + # spam blacklist regex. All URLs (or redirection) whose host part matches this regex are considered as spam + # optional, no default + #spam_blacklist_regex => 'foo|bar', + + # spam path blacklist regex. All URLs (or redirection) whose path part matches this regex are considered as spam + # optional, no default + #spam_path_blacklist_regex => 'foo|bar', + + # spam whitelist regex. All URLs (or redirection) whose host part matches this regex will never be considered as spam + # optional, no default + #spam_whitelist_regex => 'foo|bar', + + # set to 1 to skip SpamHaus check (not recommended) + # optional, default is 0 + #skip_spamhaus => 0, + + # put your Google API key to enable Google safebrowsing check + # This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs. + # Google does not get the URLs that are checked. + # Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started + # TL;DR: https://console.developers.google.com/projectselector/apis/library + # optional, no default + #safebrowsing_api_key => '', + + # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL. + # If set to [], the cache is disabled + # optional, default is [] + #memcached_servers => [], + + # Content-Security-Policy header that will be sent by Lstu + # Set to '' to disable CSP header + # https://content-security-policy.com/ provides a good documentation about CSP. + # https://report-uri.com/home/generate provides a tool to generate a CSP header. + # optional, default is "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'" + # the default value is good for `default` and `milligram` themes + #csp => "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'", + + # X-Frame-Options header that will be sent by Lstu + # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/' + # Set to '' to disable X-Frame-Options header + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly + # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) + # optional, default is 'DENY' + #x_frame_options => 'DENY', + + # X-Content-Type-Options that will be sent by Lstu + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + # Set to '' to disable X-Content-Type-Options header + # optional, default is 'nosniff' + #x_content_type_options => 'nosniff', + + # X-XSS-Protection that will be sent by Lstu + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + # Set to '' to disable X-XSS-Protection header + # optional, default is '1; mode=block' + #x_xss_protection => '1; mode=block', + + # Log creator's IP address + # Set to 1 if you want to register the IP addresses of URL creators + # optional, default is 0 + #log_creator_ip => 0, }; +