lychee_ynh/conf/.env

APP_NAME=Lychee
APP_ENV=production
APP_KEY=
APP_DEBUG=false
# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
APP_URL=https://__DOMAIN__
APP_FORCE_HTTPS=false

# If using Lychee in a sub folder, specify the path after the tld here.
# For example for https://lychee.test/path/to/lychee
# Set APP_URL=https://lychee.test
# and APP_DIR=/path/to/lychee
# We (LycheeOrg) do not recommend the use of APP_DIR.
APP_DIR=__PATH__/

# enable or disable debug bar. By default it is disabled.
# Do note that this disable CSP!!
DEBUGBAR_ENABLED=true

# enable or disable the v5 layout.
LIVEWIRE_ENABLED=true

# enable or disable log viewer. By default it is enabled.
LOG_VIEWER_ENABLED=true

# enable s3 bucket (required in addition to needing AWS_ACCESS_KEY_ID)
# S3_ENABLED=true

# If you spread old links of to your albums in your Lychee instance starting with
# https://lychee.text/#albumID/PhotoId
# Set this value to true to enable redirection.
LEGACY_V4_REDIRECT=false

##############################################################################
# IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
#            server as v3.                                                   #
##############################################################################

# Table prefix (e.g. lychee_) of a Lychee v3 instance for migration
DB_OLD_LYCHEE_PREFIX=

# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
# not required, but an existing sqlite3 database may be specified if desired. In
# this case, please use an absolute path. DB_DATABASE may be omitted but should
# *not* be left blank.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=__DB_NAME__
DB_USERNAME=__DB_USER__
DB_PASSWORD=__DB_PWD__
DB_LOG_SQL=false

# List foreign keys in diagnostic page
DB_LIST_FOREIGN_KEYS=false

# Application timezone. If not specified, the server's default timezone is used.
# Requires a named timezone identifier.
# See https://www.php.net/manual/en/timezones.php for the list of supported timezones.
# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST)
TIMEZONE=__TIMEZONE__

# Visibility of directories and (media) files in LYCHEE_UPLOADS
# Possible values are:
#
#  - private: world group has neither read nor write access
#  - public: world group has read access but no write access (the default)
#  - world: world group has read and write access
#
# The default should suffice for most installations.
# For improved security, change this setting to "private".
# Some rare setups may require directories and files to be world writeable.
# In this case, use "world" here.
# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
# LYCHEE_IMAGE_VISIBILITY=public

# folders in which the files will be stored
LYCHEE_UPLOADS="__DATA_DIR__/uploads/"
LYCHEE_DIST="__INSTALL_DIR__/public/dist/"
LYCHEE_SYM="__INSTALL_DIR__/public/sym/"
# url to access those files
# LYCHEE_UPLOADS_URL="uploads/"
# LYCHEE_DIST_URL="dist/"
# LYCHEE_SYM_URL="sym/"

# Support for token based authentication used by API requests. Enabled by default.
# ENABLE_TOKEN_AUTH=true

CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
# `sync` if jobs needs to be executed live (default) or `database` if they can be defered.
QUEUE_CONNECTION=sync

SECURITY_HEADER_HSTS_ENABLE=false
SECURITY_HEADER_CSP_CONNECT_SRC=
SECURITY_HEADER_SCRIPT_SRC_ALLOW=
SESSION_SECURE_COOKIE=false

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

#MAIL_DRIVER=smtp
#MAIL_HOST=localhost
#MAIL_PORT=25
#MAIL_USERNAME=__APP__
#MAIL_PASSWORD=
#MAIL_ENCRYPTION=false
#MAIL_FROM_NAME=lychee
#MAIL_FROM_ADDRESS=lychee@__DOMAIN__

# The trusted proxies if Lychee is behind a reverse proxy
# Accepted values:
#  - `null`: no proxy
#  - `*`: any proxy
#  - <ip address>[,<ip address>]: a comma-seperated list of IP addresses
TRUSTED_PROXIES=null

# Comma-separated list of class names of diagnostics checks that should be skipped.
#SKIP_DIAGNOSTICS_CHECKS=

VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

# Oauth token data
# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.

# AMAZON_SIGNIN_CLIENT_ID=
# AMAZON_SIGNIN_SECRET=
# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect

# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
# APPLE_CLIENT_ID=
# APPLE_CLIENT_SECRET=
# APPLE_REDIRECT_URI=/auth/apple/redirect

# FACEBOOK_CLIENT_ID=
# FACEBOOK_CLIENT_SECRET=
# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect

# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
# GITHUB_REDIRECT_URI=/auth/github/redirect

# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=/auth/google/redirect

# MASTODON_DOMAIN=https://mastodon.social
# MASTODON_ID=
# MASTODON_SECRET=
# MASTODON_REDIRECT_URI=/auth/mastodon/redirect

# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect

# NEXTCLOUD_CLIENT_ID=  
# NEXTCLOUD_CLIENT_SECRET=  
# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
# NEXTCLOUD_BASE_URI=

# KEYCLOAK_CLIENT_ID=
# KEYCLOAK_CLIENT_SECRET=
# KEYCLOAK_REDIRECT_URI=/auth/keycloak/redirect
# KEYCLOAK_BASE_URL=
# KEYCLOAK_REALM=

# AWS support data

# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# AWS_DEFAULT_REGION=
# AWS_BUCKET=
# AWS_URL=
# AWS_ENDPOINT=
# AWS_IMAGE_VISIBILITY=
# AWS_USE_PATH_STYLE_ENDPOINT=