# vim:set sw=4 ts=4 sts=4 ft=perl expandtab: { #################### # Hypnotoad settings #################### # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings hypnotoad => { # array of IP addresses and ports you want to listen to listen => ['http://127.0.0.1:__PORT__'], # if you use Lstu behind a reverse proxy like Nginx, you want to set proxy to 1 # if you use Lstu directly, let it commented #proxy => 1, }, # put a way to contact you here and uncomment it # MANDATORY contact => 'webmaster@__DOMAIN__', # array of random strings used to encrypt cookies # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT secrets => ['__SECRET__'], # secret passphrase to access some admin features # If you don't want to have a plain text password in configuration, # use hashed_adminpwd instead # optional, but you won't have access to admin /stats if not set and if hashed_adminpwd is not set either #adminpwd => 's3cr3T', # secret hashed passphrase to access some admin features # Hash your password by issuing `echo -n s3cr3T | sha256sum` on your terminal # optional, but you won't have access to admin /stats if not set and if adminpwd is not set either #hashed_adminpwd => '94b2feede6ea5e2eec62f457ecb7d3f719b24d19c29d4e5466246a31908fc23b', # choose a theme. See the available themes in `themes` directory # optional, default is 'default' theme => 'default', # number of URLs to be displayed per page in /stats # optional, default is 10 page_offset => 10, # length of the random URL # optional, default is 8 length => 8, # how many URLs will be provisioned in a batch ? # optional, default is 5 #provis_step => 5, # max number of URLs to be provisioned # optional, default is 100 #provisioning => 100, # URL sub-directory in which you want Lstu to be accessible # example: you want to have Lstu under https://example.org/lstu/ # => set prefix to '/lstu' or to '/lstu/', it doesn't matter # optional, defaut is / prefix => '__PATH__', # array of authorized domains for API calls. # if you want to authorize everyone to use the API: ['*'] # optional, no domains allowed by default #allowed_domains => ['http://1.example.com', 'http://2.example.com'], # if set, the shortened URLs will use this domain # optional #fixed_domain => 'example.org', # choose what database you want to use # valid choices are sqlite, postgresql and mysql (all lowercase) # optional, default is sqlite dbtype => 'postgresql', # SQLite ONLY - only used if dbtype is set to sqlite # define a path to the SQLite database # you can define it relative to lstu directory or set an absolute path # remember that it has to be in a directory writable by Lstu user # optional, default is lstu.db #db_path => 'lstu.db', # PostgreSQL ONLY - only used if dbtype is set to postgresql # these are the credentials to access the PostgreSQL database # mandatory if you choosed postgresql as dbtype pgdb => { database => '__DB_NAME__', host => 'localhost', # optional, default is 5432 #port => 5432, user => '__DB_USER__', pwd => '__DB_PWD__', # optional, default is 1 #max_connections => 1, }, # MySQL ONLY - only used if dbtype is set to mysql # these are the credentials to access the MySQL database # mandatory if you choosed mysql as dbtype #mysqldb => { # database => 'lstu', # host => 'localhost', # # optional, default is 3306 # #port => 3306, # user => 'DBUSER', # pwd => 'DBPASSWORD', # # optional, default is 5 (set to 0 to disable persistent connections) # #max_connections => 5, #}, # Rate-limiting for the API # After ban_min_strike requests in a second, the IP address will be # banned for one hour. # If it continues to query the API during this ban time at least # ban_min_strike times, it will be banned for a month. # optional, default is 3 ban_min_strike => 3, # Ban whitelist # You can whitelist IP addresses to prevent you from being banned # Be careful, the IP addresses are compared as string, not as IP addresses # a network range will not work # Example of valid input: ban_whitelist => ['198.51.100.42', '2001:0DB8::42'],¬ # optional, default is an empty array #ban_whitelist => [], # Ban blacklist # You can blacklist IP addresses to always ban those IP addresses # Be careful, the IP addresses are compared as string, not as IP addresses # a network range will not work # Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬ # optional, default is an empty array #ban_blacklist => [], # define an URL to the Piwik instance and the ID of a website to track # set if you want to track views in Piwik # optional, Piwik tracking is disabled by default #piwik => { # url => 'http://piwik.example.com', # idsite => '1', #}, # use Minion instead of directly increase counters # need to launch a minion worker service if enabled # optional, Minion is disabled by default # It will use the same DB type as Lstu: sqlite if you choose sqlite for `dbtype`, # postgresql for postgresql, etc. #minion => { # enabled => 0, # # SQLite ONLY - only used if if you choose sqlite as DB type, # # define the path to the minion database # # you can define it relative to lstu directory or set an absolute path # # remember that it has to be in a directory writable by Lutim user # # optional, default is minion.db # db_path => 'minion.db', # # PostgreSQL ONLY - only used if you choose postgresql as DB type # # these are the credentials to access the Minion's PostgreSQL database # # mandatory if you choosed postgresql as DB type, no default # pgdb => { # database => 'lstu_minion', # host => 'localhost', # # optional, default is 5432 # #port => 5432, # user => 'DBUSER', # pwd => 'DBPASSWORD' # }, # # MySQL ONLY - only used if you choose mysql as DB type # # these are the credentials to access the Minion's MySQL database # # mandatory if you choosed mysql as DB type, no default # mysqldb => { # database => 'lstu_minion', # host => 'localhost', # # optional, default is 3306 # #port => 3306, # user => 'DBUSER', # pwd => 'DBPASSWORD', # }, #}, # set `ldap` if you want that only authenticated users can shorten URLs # please note that everybody can still use shortend URLs # optional, no default #ldap => { # uri => 'ldaps://ldap.example.org', # server URI # user_tree => 'ou=users,dc=example,dc=org', # search base DN # bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN # bind_pwd => 'secr3t', # search bind password # user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) #}, # set `htpasswd` if you want to use an htpasswd file instead of ldap # create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2` # make sure that lstu can read the file! # optional, no default #htpasswd => 'lstu.passwd', # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before # the user needs to reauthenticate # optional, default is 3600 #session_duration => 3600, # how many redirections are allowed for the shortened URL before considering it as a spam? # optional, default is 2. Set to -1 to allow infinite redirections (not recommended) #max_redir => 2, # spam blacklist regex. All URLs (or redirection) whose host part matches this regex are considered as spam # optional, no default #spam_blacklist_regex => 'foo|bar', # spam path blacklist regex. All URLs (or redirection) whose path part matches this regex are considered as spam # optional, no default #spam_path_blacklist_regex => 'foo|bar', # spam whitelist regex. All URLs (or redirection) whose host part matches this regex will never be considered as spam # optional, no default #spam_whitelist_regex => 'foo|bar', # set to 1 to skip SpamHaus check (not recommended) # optional, default is 0 #skip_spamhaus => 0, # put your Google API key to enable Google safebrowsing check # This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs. # Google does not get the URLs that are checked. # Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started # TL;DR: https://console.developers.google.com/projectselector/apis/library # optional, no default #safebrowsing_api_key => '', # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL. # If set to [], the cache is disabled # optional, default is [] #memcached_servers => [], # Content-Security-Policy header that will be sent by Lstu # Set to '' to disable CSP header # https://content-security-policy.com/ provides a good documentation about CSP. # https://report-uri.com/home/generate provides a tool to generate a CSP header. # optional, default is "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'" # the default value is good for `default` and `milligram` themes #csp => "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'", # X-Frame-Options header that will be sent by Lstu # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/' # Set to '' to disable X-Frame-Options header # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) # optional, default is 'DENY' #x_frame_options => 'DENY', # X-Content-Type-Options that will be sent by Lstu # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options # Set to '' to disable X-Content-Type-Options header # optional, default is 'nosniff' #x_content_type_options => 'nosniff', # X-XSS-Protection that will be sent by Lstu # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection # Set to '' to disable X-XSS-Protection header # optional, default is '1; mode=block' #x_xss_protection => '1; mode=block', # Log creator's IP address # Set to 1 if you want to register the IP addresses of URL creators # optional, default is 0 #log_creator_ip => 0, };