2017-02-07 22:43:59 +01:00
|
|
|
|
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
|
|
|
|
|
{
|
|
|
|
|
####################
|
|
|
|
|
# Hypnotoad settings
|
|
|
|
|
####################
|
|
|
|
|
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
|
|
|
|
|
hypnotoad => {
|
|
|
|
|
# array of IP addresses and ports you want to listen to
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
|
2017-02-07 22:43:59 +01:00
|
|
|
|
listen => ['http://127.0.0.1:__PORT__'],
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# if you use Lufi directly, let it commented
|
2019-03-03 18:04:44 +01:00
|
|
|
|
proxy => 1,
|
|
|
|
|
|
|
|
|
|
# Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
|
|
|
|
|
# to adjust this to your server
|
|
|
|
|
workers => 30,
|
|
|
|
|
clients => 1,
|
2017-02-07 22:43:59 +01:00
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# put a way to contact you here and uncomment it
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# you can put some HTML in it
|
|
|
|
|
# MANDATORY
|
|
|
|
|
contact => '<a href="mailto:webmaster@__DOMAIN__">Contact page</a>',
|
|
|
|
|
|
|
|
|
|
# put an URL or an email address to receive file reports and uncomment it
|
|
|
|
|
# it's for make reporting illegal files easy for users
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# MANDATORY
|
2019-03-03 18:04:44 +01:00
|
|
|
|
report => 'webmaster@__DOMAIN__',
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
|
|
|
|
# array of random strings used to encrypt cookies
|
|
|
|
|
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
|
2019-03-03 18:04:44 +01:00
|
|
|
|
secrets => ['__SECRET__'],
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# Name of the instance, displayed next to the logo
|
|
|
|
|
# optional, default is Lufi
|
|
|
|
|
#instance_name => 'Lufi',
|
|
|
|
|
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# choose a theme. See the available themes in `themes` directory
|
|
|
|
|
# optional, default is 'default'
|
|
|
|
|
#theme => 'default',
|
|
|
|
|
|
|
|
|
|
# length of the random URL
|
|
|
|
|
# optional, default is 8
|
|
|
|
|
#length => 8,
|
|
|
|
|
|
|
|
|
|
# how many URLs will be provisioned in a batch ?
|
|
|
|
|
# optional, default is 5
|
|
|
|
|
#provis_step => 5,
|
|
|
|
|
|
|
|
|
|
# max number of URLs to be provisioned
|
|
|
|
|
# optional, default is 100
|
|
|
|
|
#provisioning => 100,
|
|
|
|
|
|
|
|
|
|
# length of the modify/delete token
|
|
|
|
|
# optional, default is 32
|
|
|
|
|
#token_length => 32,
|
|
|
|
|
|
|
|
|
|
# max file size, in octets
|
|
|
|
|
# you can write it 100*1024*1024
|
|
|
|
|
# optional, no default
|
2022-01-19 21:01:53 +01:00
|
|
|
|
__MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
|
|
|
|
# if you want to have piwik statistics, provide a piwik image tracker
|
|
|
|
|
# only the image tracker is allowed, no javascript
|
|
|
|
|
# optional, no default
|
|
|
|
|
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
|
|
|
|
|
|
|
|
|
|
# broadcast_message which will displayed on the index page
|
|
|
|
|
# optional, no default
|
|
|
|
|
#broadcast_message => 'Maintenance',
|
|
|
|
|
|
|
|
|
|
# default time limit for files
|
|
|
|
|
# valid values are 0, 1, 7, 30 and 365
|
|
|
|
|
# optional, default is 0 (no limit)
|
|
|
|
|
default_delay => 365,
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# a warning message will be displayed on homepage
|
|
|
|
|
# optional, default is 0 (no limit)
|
|
|
|
|
#max_delay => 0,
|
|
|
|
|
|
|
|
|
|
# size thresholds: if you want to define max delays for different sizes of file
|
|
|
|
|
# the keys are size in Bytes, you can't have 10*1000*10000 as key
|
|
|
|
|
# if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
|
|
|
|
|
# optional, default is using max_delay (see above) for all sizes
|
|
|
|
|
#delay_for_size => {
|
|
|
|
|
# 10000000 => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
|
|
|
|
|
# 50000000 => 60, # between 50MB ans 1GB => max is 60 days
|
|
|
|
|
# 1000000000 => 2, # more than 1GB => max is 2 days
|
|
|
|
|
#},
|
|
|
|
|
|
|
|
|
|
# URL sub-directory in which you want Lufi to be accessible
|
|
|
|
|
# example: you want to have Lufi under https://example.org/lufi/
|
|
|
|
|
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
|
|
|
|
|
# optional, defaut is /
|
2019-03-03 18:04:44 +01:00
|
|
|
|
prefix => '__PATH__',
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
|
|
|
|
# array of authorized domains for API calls.
|
|
|
|
|
# if you want to authorize everyone to use the API: ['*']
|
|
|
|
|
# optional, no domains allowed by default
|
|
|
|
|
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# Define a path to the upload directory, where the uploaded files will be stored
|
|
|
|
|
# You can define it relative to lufi directory or set an absolute path
|
|
|
|
|
# Remember that it has to be in a directory writable by Lufi user
|
|
|
|
|
# DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
|
|
|
|
|
# optional, default is 'files'
|
|
|
|
|
#upload_dir => 'files',
|
|
|
|
|
|
|
|
|
|
# allow to add a password on files, asked before allowing to download files
|
|
|
|
|
# optional, default is 0
|
|
|
|
|
allow_pwd_on_files => 1,
|
|
|
|
|
|
|
|
|
|
# force all files to be in "Burn after reading mode"
|
|
|
|
|
# optional, default is 0
|
|
|
|
|
#force_burn_after_reading => 0,
|
|
|
|
|
|
|
|
|
|
# if set, the files' URLs will always use this domain
|
|
|
|
|
# optional, no default
|
2017-02-07 22:43:59 +01:00
|
|
|
|
#fixed_domain => 'example.org',
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# abuse reasons
|
|
|
|
|
# set an integer in the abuse field of a file in the database and it will not be downloadable anymore
|
|
|
|
|
# the reason will be displayed to the downloader, according to the reasons you will configure here.
|
|
|
|
|
# optional, no default
|
|
|
|
|
#abuse => {
|
|
|
|
|
# 0 => 'Copyright infringment',
|
|
|
|
|
# 1 => 'Illegal content',
|
|
|
|
|
#},
|
|
|
|
|
|
|
|
|
|
###############
|
|
|
|
|
# Mail settings
|
|
|
|
|
###############
|
|
|
|
|
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# Mail configuration
|
|
|
|
|
# See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
|
|
|
|
|
# Optional, default to sendmail method with no arguments
|
|
|
|
|
#mail => {
|
|
|
|
|
# # Valid values are 'sendmail' and 'smtp'
|
|
|
|
|
# how => 'smtp',
|
|
|
|
|
# howargs => ['smtp.example.org']
|
|
|
|
|
#},
|
|
|
|
|
|
|
|
|
|
# Email sender address
|
|
|
|
|
# Optional, default to no-reply@lufi.io
|
|
|
|
|
#mail_sender => 'no-reply@lufi.io',
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
#############
|
|
|
|
|
# DB settings
|
|
|
|
|
#############
|
|
|
|
|
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# choose what database you want to use
|
|
|
|
|
# valid choices are sqlite, postgresql and mysql (all lowercase)
|
|
|
|
|
# optional, default is sqlite
|
2019-03-26 23:14:43 +01:00
|
|
|
|
dbtype => 'postgresql',
|
2019-03-03 18:04:44 +01:00
|
|
|
|
|
|
|
|
|
# SQLite ONLY - only used if dbtype is set to sqlite
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# define a path to the SQLite database
|
|
|
|
|
# you can define it relative to lufi directory or set an absolute path
|
|
|
|
|
# remember that it has to be in a directory writable by Lufi user
|
|
|
|
|
# optional, default is lufi.db
|
|
|
|
|
#db_path => 'lufi.db',
|
|
|
|
|
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# PostgreSQL ONLY - only used if dbtype is set to postgresql
|
|
|
|
|
# these are the credentials to access the PostgreSQL database
|
|
|
|
|
# mandatory if you choosed postgresql as dbtype
|
|
|
|
|
pgdb => {
|
|
|
|
|
database => '__DB_NAME__',
|
|
|
|
|
host => 'localhost',
|
|
|
|
|
# optional, default is 5432
|
|
|
|
|
#port => 5432,
|
|
|
|
|
user => '__DB_USER__',
|
|
|
|
|
pwd => '__DB_PWD__',
|
|
|
|
|
# https://mojolicious.org/perldoc/Mojo/Pg#max_connections
|
|
|
|
|
# optional, default is 1
|
|
|
|
|
#max_connections => 1,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
# MySQL ONLY - only used if dbtype is set to mysql
|
|
|
|
|
# these are the credentials to access the MySQL database
|
|
|
|
|
# mandatory if you choosed mysql as dbtype
|
|
|
|
|
#mysqldb => {
|
|
|
|
|
# database => 'lufi',
|
|
|
|
|
# host => 'localhost',
|
|
|
|
|
# # optional, default is 3306
|
|
|
|
|
# #port => 3306,
|
|
|
|
|
# user => 'DBUSER',
|
|
|
|
|
# pwd => 'DBPASSWORD',
|
|
|
|
|
# # https://metacpan.org/pod/Mojo::mysql#max_connections
|
|
|
|
|
# # optional, default is 5 (set to 0 to disable persistent connections)
|
|
|
|
|
# #max_connections => 5,
|
|
|
|
|
#},
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
#############################################
|
|
|
|
|
# LDAP settings (authentication and features)
|
|
|
|
|
#############################################
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
|
|
|
|
# set `ldap` if you want that only authenticated users can upload files
|
|
|
|
|
# please note that everybody can still download files
|
|
|
|
|
# optional, no default
|
2022-01-19 21:01:53 +01:00
|
|
|
|
__LDAP__ldap => {
|
|
|
|
|
__LDAP__ uri => 'ldap://localhost:389', # server URI
|
|
|
|
|
__LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
|
|
|
|
|
__LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
|
|
|
|
|
__LDAP__ #bind_pwd => 'secr3t', # search bind password
|
|
|
|
|
__LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
|
|
|
|
|
__LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
|
|
|
|
|
__LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
|
|
|
|
|
__LDAP__ # don't set or uncomment if you don't want to configure it
|
|
|
|
|
__LDAP__ #start_tls => {
|
|
|
|
|
__LDAP__ # verify => 'optional',
|
|
|
|
|
__LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
|
|
|
|
|
__LDAP__ #}
|
|
|
|
|
__LDAP__},
|
2019-03-03 18:04:44 +01:00
|
|
|
|
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# if you've set ldap above, the session will last `session_duration` seconds before
|
|
|
|
|
# the user needs to reauthenticate
|
|
|
|
|
# optional, default is 3600
|
|
|
|
|
#session_duration => 3600,
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
|
|
|
|
|
# Those attributes will be accessible with:
|
|
|
|
|
# $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
|
|
|
|
|
# <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
|
|
|
|
|
#
|
|
|
|
|
# Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
|
|
|
|
|
# Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# optional, no default
|
2020-04-20 04:16:40 +02:00
|
|
|
|
#ldap_map_attr => {
|
|
|
|
|
# displayname => 'cn',
|
|
|
|
|
# mail => 'mail'
|
|
|
|
|
#},
|
2019-03-03 18:04:44 +01:00
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
|
|
|
|
|
# being authenticated.
|
|
|
|
|
# This is where you configure the behavior of the invitations.
|
|
|
|
|
# You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# optional, no default
|
2020-04-20 04:16:40 +02:00
|
|
|
|
#invitations => {
|
|
|
|
|
# # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
|
|
|
|
|
# # optional, default is `mail`
|
|
|
|
|
# mail_attr => 'mail',
|
|
|
|
|
# # The `From` header of invitation mail can be the mail of the LDAP user
|
|
|
|
|
# # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
|
|
|
|
|
# # To enable this feature, set it to 1
|
|
|
|
|
# # optional, disabled by default
|
|
|
|
|
# send_invitation_with_ldap_user_mail => 1,
|
|
|
|
|
# # The user is able to set an expiration delay for the invitation.
|
|
|
|
|
# # This expiration delay can’t be more than this setting (in days).
|
|
|
|
|
# # optional, default is 30 days
|
|
|
|
|
# max_invitation_expiration_delay => 30,
|
|
|
|
|
# # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
|
|
|
|
|
# # You can set that additional period of time in minutes here.
|
|
|
|
|
# # To disable that feature, set it to 0 or less
|
|
|
|
|
# # optional, default is 10 minutes
|
|
|
|
|
# max_additional_period => 10,
|
|
|
|
|
# # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
|
|
|
|
|
# # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests’ sent files
|
|
|
|
|
# # from their `invitations` page.
|
|
|
|
|
# # Set to 1 to store guests’ files URLs in database
|
|
|
|
|
# # optional, default is 0 (disabled)
|
|
|
|
|
# save_files_url_in_db => 0,
|
|
|
|
|
# # Users can resend the invitation to their guest. This does not extend the invitation’s expiration delay unless you
|
|
|
|
|
# # set this option to 1.
|
|
|
|
|
# # optional, default is 0 (disabled)
|
|
|
|
|
# extend_invitation_expiration_on_resend => 0,
|
2019-03-03 18:04:44 +01:00
|
|
|
|
#},
|
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
#########################
|
|
|
|
|
# Htpasswd authentication
|
|
|
|
|
#########################
|
|
|
|
|
|
|
|
|
|
# set `htpasswd` if you want to use an htpasswd file instead of ldap
|
|
|
|
|
# see 'man htpasswd' to know how to create such file
|
|
|
|
|
#htpasswd => 'lufi.passwd',
|
|
|
|
|
|
|
|
|
|
#######################
|
|
|
|
|
# HTTP Headers settings
|
|
|
|
|
#######################
|
|
|
|
|
|
2019-03-03 18:04:44 +01:00
|
|
|
|
# Content-Security-Policy header that will be sent by Lufi
|
|
|
|
|
# Set to '' to disable CSP header
|
|
|
|
|
# https://content-security-policy.com/ provides a good documentation about CSP.
|
|
|
|
|
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
|
|
|
|
|
# optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
|
|
|
|
|
#csp => "",
|
|
|
|
|
|
|
|
|
|
# X-Frame-Options header that will be sent by Lufi
|
|
|
|
|
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
|
|
|
|
|
# Set to '' to disable X-Frame-Options header
|
|
|
|
|
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
|
|
|
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
|
|
|
|
|
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
|
|
|
|
|
# optional, default is 'DENY'
|
|
|
|
|
#x_frame_options => 'DENY',
|
|
|
|
|
|
|
|
|
|
# X-Content-Type-Options that will be sent by Lufi
|
|
|
|
|
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
|
|
|
|
# Set to '' to disable X-Content-Type-Options header
|
|
|
|
|
# optional, default is 'nosniff'
|
|
|
|
|
#x_content_type_options => 'nosniff',
|
|
|
|
|
|
|
|
|
|
# X-XSS-Protection that will be sent by Lufi
|
|
|
|
|
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
|
|
|
|
# Set to '' to disable X-XSS-Protection header
|
|
|
|
|
# optional, default is '1; mode=block'
|
|
|
|
|
#x_xss_protection => '1; mode=block',
|
|
|
|
|
|
2017-02-07 22:43:59 +01:00
|
|
|
|
#########################
|
|
|
|
|
# Lufi cron jobs settings
|
|
|
|
|
#########################
|
|
|
|
|
|
|
|
|
|
# number of days senders' IP addresses are kept in database
|
|
|
|
|
# after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
|
|
|
|
|
# optional, default is 365
|
|
|
|
|
#keep_ip_during => 365,
|
|
|
|
|
|
|
|
|
|
# max size of the files directory, in octets
|
|
|
|
|
# used by script/lufi cron watch to trigger an action
|
|
|
|
|
# optional, no default
|
2019-03-03 18:04:44 +01:00
|
|
|
|
#max_total_size => 10*1024*1024*1024,
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
|
|
|
|
# default action when files directory is over max_total_size (used with script/lufi cron watch)
|
|
|
|
|
# valid values are 'warn', 'stop-upload' and 'delete'
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# Please, see README.md
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# optional, default is 'warn'
|
2019-03-03 18:04:44 +01:00
|
|
|
|
#policy_when_full => 'warn',
|
2017-02-07 22:43:59 +01:00
|
|
|
|
|
2020-04-20 04:16:40 +02:00
|
|
|
|
# Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
|
2017-02-07 22:43:59 +01:00
|
|
|
|
# if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
|
|
|
|
|
# optional, no default
|
|
|
|
|
#delete_no_longer_viewed_files => 90,
|
|
|
|
|
};
|