mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-12-02 23:06:11 +01:00
12403bdfb0
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in
7ef9a05588
. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.
360 lines
11 KiB
INI
360 lines
11 KiB
INI
# NEVER EVER MODIFY THIS FILE
|
|
# PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE
|
|
|
|
; App name that shows on every page title
|
|
APP_NAME = Gogs: Go Git Service
|
|
; Change it if you run locally
|
|
RUN_USER = git
|
|
; Either "dev", "prod" or "test", default is "dev"
|
|
RUN_MODE = dev
|
|
|
|
[repository]
|
|
ROOT =
|
|
SCRIPT_TYPE = bash
|
|
; Default ANSI charset
|
|
ANSI_CHARSET =
|
|
; Force every new repository to be private
|
|
FORCE_PRIVATE = false
|
|
; Global maximum creation limit of repository per user, -1 means no limit
|
|
MAX_CREATION_LIMIT = -1
|
|
; Patch test queue length, make it as large as possible
|
|
PULL_REQUEST_QUEUE_LENGTH = 10000
|
|
|
|
[ui]
|
|
; Number of repositories that are showed in one explore page
|
|
EXPLORE_PAGING_NUM = 20
|
|
; Number of issues that are showed in one page
|
|
ISSUE_PAGING_NUM = 10
|
|
; Number of maximum commits showed in one activity feed
|
|
FEED_MAX_COMMIT_NUM = 5
|
|
; Value of `theme-color` meta tag, used by Android >= 5.0
|
|
; An invalid color like "none" or "disable" will have the default style
|
|
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
|
|
THEME_COLOR_META_TAG = `#ff5343`
|
|
|
|
[ui.admin]
|
|
; Number of users that are showed in one page
|
|
USER_PAGING_NUM = 50
|
|
; Number of repos that are showed in one page
|
|
REPO_PAGING_NUM = 50
|
|
; Number of notices that are showed in one page
|
|
NOTICE_PAGING_NUM = 25
|
|
; Number of organization that are showed in one page
|
|
ORG_PAGING_NUM = 50
|
|
|
|
[markdown]
|
|
; Enable hard line break extension
|
|
ENABLE_HARD_LINE_BREAK = false
|
|
; List of custom URL-Schemes that are allowed as links when rendering Markdown
|
|
; for example git,magnet
|
|
CUSTOM_URL_SCHEMES =
|
|
|
|
[server]
|
|
PROTOCOL = http
|
|
DOMAIN = localhost
|
|
ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
|
|
HTTP_ADDR =
|
|
HTTP_PORT = 3000
|
|
; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
|
|
; In most cases you do not need to change the default value.
|
|
; Alter it only if your SSH server node is not the same as HTTP node.
|
|
LOCAL_ROOT_URL = http://localhost:%(HTTP_PORT)s/
|
|
; Disable SSH feature when not available
|
|
DISABLE_SSH = false
|
|
; Whether use builtin SSH server or not.
|
|
START_SSH_SERVER = false
|
|
SSH_PORT = 22
|
|
; Root path of SSH directory
|
|
SSH_ROOT_PATH =
|
|
; override engine choice to check public keys (default: 'ssh-keygen' when
|
|
; DISABLE_SSH is set to false else 'native')
|
|
SSH_PUBLICKEY_CHECK =
|
|
; directory to create temporary files when using ssh-keygen (default: /tmp)
|
|
SSH_WORK_PATH =
|
|
; path to ssh-keygen (default: result of `which ssh-keygen`)
|
|
SSH_KEYGEN_PATH =
|
|
; Disable CDN even in "prod" mode
|
|
OFFLINE_MODE = false
|
|
DISABLE_ROUTER_LOG = false
|
|
; Generate steps:
|
|
; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
|
|
;
|
|
; Or from a .pfx file exported from the Windows certificate store (do
|
|
; not forget to export the private key):
|
|
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
|
|
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
|
|
CERT_FILE = custom/https/cert.pem
|
|
KEY_FILE = custom/https/key.pem
|
|
; Upper level of template and static file path
|
|
; default is the path where Gogs is executed
|
|
STATIC_ROOT_PATH =
|
|
; Application level GZIP support
|
|
ENABLE_GZIP = false
|
|
; Landing page for non-logged users, can be "home" or "explore"
|
|
LANDING_PAGE = home
|
|
|
|
[database]
|
|
; Either "mysql", "postgres" or "sqlite3", it's your choice
|
|
DB_TYPE = mysql
|
|
HOST = 127.0.0.1:3306
|
|
NAME = gogs
|
|
USER = root
|
|
PASSWD =
|
|
; For "postgres" only, either "disable", "require" or "verify-full"
|
|
SSL_MODE = disable
|
|
; For "sqlite3" and "tidb", use absolute path when you start as service
|
|
PATH = data/gogs.db
|
|
|
|
[admin]
|
|
|
|
[security]
|
|
INSTALL_LOCK = false
|
|
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
|
|
SECRET_KEY = !#@FDEWREWR&*(
|
|
; Auto-login remember days
|
|
LOGIN_REMEMBER_DAYS = 7
|
|
COOKIE_USERNAME = gogs_awesome
|
|
COOKIE_REMEMBER_NAME = gogs_incredible
|
|
; Reverse proxy authentication header name of user name
|
|
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
|
|
|
|
[service]
|
|
ACTIVE_CODE_LIVE_MINUTES = 180
|
|
RESET_PASSWD_CODE_LIVE_MINUTES = 180
|
|
; User need to confirm e-mail for registration
|
|
REGISTER_EMAIL_CONFIRM = false
|
|
; Does not allow register and admin create account only
|
|
DISABLE_REGISTRATION = false
|
|
; User must sign in to view anything.
|
|
REQUIRE_SIGNIN_VIEW = false
|
|
; Mail notification
|
|
ENABLE_NOTIFY_MAIL = false
|
|
; More detail: https://github.com/gogits/gogs/issues/165
|
|
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
|
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
|
; Enable captcha validation for registration
|
|
ENABLE_CAPTCHA = true
|
|
; Do not check minimum key size with corresponding type
|
|
ENABLE_MINIMUM_KEY_SIZE_CHECK = false
|
|
|
|
; define allowed algorithms and their minimum key length (use -1 to disable a type)
|
|
[service.minimum_key_sizes]
|
|
ED25519 = 256
|
|
ECDSA = 256
|
|
RSA = 2048
|
|
DSA = 1024
|
|
|
|
[webhook]
|
|
; Hook task queue length
|
|
QUEUE_LENGTH = 1000
|
|
; Deliver timeout in seconds
|
|
DELIVER_TIMEOUT = 5
|
|
; Allow insecure certification
|
|
SKIP_TLS_VERIFY = false
|
|
; Number of history information in each page
|
|
PAGING_NUM = 10
|
|
|
|
[mailer]
|
|
ENABLED = false
|
|
; Buffer length of channel, keep it as it is if you don't know what it is.
|
|
SEND_BUFFER_LEN = 100
|
|
; Name displayed in mail title
|
|
SUBJECT = %(APP_NAME)s
|
|
; Mail server
|
|
; Gmail: smtp.gmail.com:587
|
|
; QQ: smtp.qq.com:25
|
|
; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
|
|
HOST =
|
|
; Disable HELO operation when hostname are different.
|
|
DISABLE_HELO =
|
|
; Custom hostname for HELO operation, default is from system.
|
|
HELO_HOSTNAME =
|
|
; Do not verify the certificate of the server. Only use this for self-signed certificates
|
|
SKIP_VERIFY =
|
|
; Use client certificate
|
|
USE_CERTIFICATE = false
|
|
CERT_FILE = custom/mailer/cert.pem
|
|
KEY_FILE = custom/mailer/key.pem
|
|
; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
|
|
FROM =
|
|
; Mailer user name and password
|
|
USER =
|
|
PASSWD =
|
|
|
|
[cache]
|
|
; Either "memory", "redis", or "memcache", default is "memory"
|
|
ADAPTER = memory
|
|
; For "memory" only, GC interval in seconds, default is 60
|
|
INTERVAL = 60
|
|
; For "redis" and "memcache", connection host address
|
|
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
|
; memcache: `127.0.0.1:11211`
|
|
HOST =
|
|
|
|
[session]
|
|
; Either "memory", "file", "redis" or "mysql", default is "memory"
|
|
PROVIDER = memory
|
|
; Provider config options
|
|
; memory: not have any config yet
|
|
; file: session file path, e.g. `data/sessions`
|
|
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
|
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
|
PROVIDER_CONFIG = data/sessions
|
|
; Session cookie name
|
|
COOKIE_NAME = i_like_gogits
|
|
; If you use session in https only, default is false
|
|
COOKIE_SECURE = false
|
|
; Enable set cookie, default is true
|
|
ENABLE_SET_COOKIE = true
|
|
; Session GC time interval, default is 86400
|
|
GC_INTERVAL_TIME = 86400
|
|
; Session life time, default is 86400
|
|
SESSION_LIFE_TIME = 86400
|
|
|
|
[picture]
|
|
; The place to picture data, either "server" or "qiniu", default is "server"
|
|
SERVICE = server
|
|
AVATAR_UPLOAD_PATH = data/avatars
|
|
; Chinese users can choose "duoshuo"
|
|
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
|
GRAVATAR_SOURCE = gravatar
|
|
DISABLE_GRAVATAR = false
|
|
|
|
[attachment]
|
|
; Whether attachments are enabled. Defaults to `true`
|
|
ENABLE = true
|
|
; Path for attachments. Defaults to `data/attachments`
|
|
PATH = data/attachments
|
|
; One or more allowed types, e.g. image/jpeg|image/png
|
|
ALLOWED_TYPES = image/jpeg|image/png
|
|
; Max size of each file. Defaults to 32MB
|
|
MAX_SIZE = 4
|
|
; Max number of files per upload. Defaults to 10
|
|
MAX_FILES = 5
|
|
|
|
[time]
|
|
; Specifies the format for fully outputed dates. Defaults to RFC1123
|
|
; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
|
|
; For more information about the format see http://golang.org/pkg/time/#pkg-constants
|
|
FORMAT =
|
|
|
|
[log]
|
|
ROOT_PATH =
|
|
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
|
; Use comma to separate multiple modes, e.g. "console, file"
|
|
MODE = console
|
|
; Buffer length of channel, keep it as it is if you don't know what it is.
|
|
BUFFER_LEN = 10000
|
|
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
|
LEVEL = Trace
|
|
|
|
; For "console" mode only
|
|
[log.console]
|
|
LEVEL =
|
|
|
|
; For "file" mode only
|
|
[log.file]
|
|
LEVEL =
|
|
; This enables automated log rotate(switch of following options), default is true
|
|
LOG_ROTATE = true
|
|
; Max line number of single file, default is 1000000
|
|
MAX_LINES = 1000000
|
|
; Max size shift of single file, default is 28 means 1 << 28, 256MB
|
|
MAX_SIZE_SHIFT = 28
|
|
; Segment log daily, default is true
|
|
DAILY_ROTATE = true
|
|
; Expired days of log file(delete after max days), default is 7
|
|
MAX_DAYS = 7
|
|
|
|
; For "conn" mode only
|
|
[log.conn]
|
|
LEVEL =
|
|
; Reconnect host for every single message, default is false
|
|
RECONNECT_ON_MSG = false
|
|
; Try to reconnect when connection is lost, default is false
|
|
RECONNECT = false
|
|
; Either "tcp", "unix" or "udp", default is "tcp"
|
|
PROTOCOL = tcp
|
|
; Host address
|
|
ADDR =
|
|
|
|
; For "smtp" mode only
|
|
[log.smtp]
|
|
LEVEL =
|
|
; Name displayed in mail title, default is "Diagnostic message from server"
|
|
SUBJECT = Diagnostic message from server
|
|
; Mail server
|
|
HOST =
|
|
; Mailer user name and password
|
|
USER =
|
|
PASSWD =
|
|
; Receivers, can be one or more, e.g. ["1@example.com","2@example.com"]
|
|
RECEIVERS =
|
|
|
|
; For "database" mode only
|
|
[log.database]
|
|
LEVEL =
|
|
; Either "mysql" or "postgres"
|
|
DRIVER =
|
|
; Based on xorm, e.g.: root:root@localhost/gogs?charset=utf8
|
|
CONN =
|
|
|
|
[cron]
|
|
; Enable running cron tasks periodically.
|
|
ENABLED = true
|
|
; Run cron tasks when Gogs starts.
|
|
RUN_AT_START = false
|
|
|
|
; Update mirrors
|
|
[cron.update_mirrors]
|
|
SCHEDULE = @every 1h
|
|
|
|
; Repository health check
|
|
[cron.repo_health_check]
|
|
SCHEDULE = @every 24h
|
|
TIMEOUT = 60s
|
|
; Arguments for command 'git fsck', e.g. "--unreachable --tags"
|
|
; see more on http://git-scm.com/docs/git-fsck/1.7.5
|
|
ARGS =
|
|
|
|
; Check repository statistics
|
|
[cron.check_repo_stats]
|
|
RUN_AT_START = true
|
|
SCHEDULE = @every 24h
|
|
|
|
[git]
|
|
MAX_GIT_DIFF_LINES = 10000
|
|
; Arguments for command 'git gc', e.g. "--aggressive --auto"
|
|
; see more on http://git-scm.com/docs/git-gc/1.7.5
|
|
GC_ARGS =
|
|
|
|
[i18n]
|
|
LANGS = en-US,zh-CN,zh-HK,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT
|
|
NAMES = English,简体中文,繁體中文,Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano
|
|
|
|
; Used for datetimepicker
|
|
[i18n.datelang]
|
|
en-US = en
|
|
zh-CN = zh
|
|
zh-HK = zh-TW
|
|
de-DE = de
|
|
fr-FR = fr
|
|
nl-NL = nl
|
|
lv-LV = lv
|
|
ru-RU = ru
|
|
ja-JP = ja
|
|
es-ES = es
|
|
pt-BR = pt-BR
|
|
pl-PL = pl
|
|
bg-BG = bg
|
|
it-IT = it
|
|
|
|
; Extension mapping to highlight class
|
|
; e.g. .toml=ini
|
|
[highlight.mapping]
|
|
|
|
[other]
|
|
SHOW_FOOTER_BRANDING = false
|
|
; Show version information about gogs and go in the footer
|
|
SHOW_FOOTER_VERSION = true
|