mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-27 19:06:23 +08:00
98072ba4a9
- Migrated env usages to config. - Removed potentially unneeded config options or auto-set signed options based upon provision of certificate. - Aligned SP certificate env option naming with similar IDP option. Tested via AFDS on windows server 2019. To test on other providers.
332 lines
10 KiB
Plaintext
332 lines
10 KiB
Plaintext
# Full list of environment variables that can be used with BookStack.
|
|
# Selectively copy these to your '.env' file as required.
|
|
# Each option is shown with it's default value.
|
|
# Do not copy this whole file to use as your '.env' file.
|
|
|
|
# Application environment
|
|
# Can be 'production', 'development', 'testing' or 'demo'
|
|
APP_ENV=production
|
|
|
|
# Enable debug mode
|
|
# Shows advanced debug information and errors.
|
|
# CAN EXPOSE OTHER VARIABLES, LEAVE DISABLED
|
|
APP_DEBUG=false
|
|
|
|
# Application key
|
|
# Used for encryption where needed.
|
|
# Run `php artisan key:generate` to generate a valid key.
|
|
APP_KEY=SomeRandomString
|
|
|
|
# Application URL
|
|
# This must be the root URL that you want to host BookStack on.
|
|
# All URL's in BookStack will be generated using this value.
|
|
APP_URL=https://example.com
|
|
|
|
# Application default language
|
|
# The default language choice to show.
|
|
# May be overridden by user-preference or visitor browser settings.
|
|
APP_LANG=en
|
|
|
|
# Auto-detect language for public visitors.
|
|
# Uses browser-sent headers to infer a language.
|
|
# APP_LANG will be used if such a header is not provided.
|
|
APP_AUTO_LANG_PUBLIC=true
|
|
|
|
# Application timezone
|
|
# Used where dates are displayed such as on exported content.
|
|
# Valid timezone values can be found here: https://www.php.net/manual/en/timezones.php
|
|
APP_TIMEZONE=UTC
|
|
|
|
# Application theme
|
|
# Used to specific a themes/<APP_THEME> folder where BookStack UI
|
|
# overrides can be made. Defaults to disabled.
|
|
APP_THEME=false
|
|
|
|
# Trusted Proxies
|
|
# Used to indicate trust of systems that proxy to the application so
|
|
# certain header values (Such as "X-Forwarded-For") can be used from the
|
|
# incoming proxy request to provide origin detail.
|
|
# Set to an IP address, or multiple comma seperated IP addresses.
|
|
# Can alternatively be set to "*" to trust all proxy addresses.
|
|
APP_PROXIES=null
|
|
|
|
# Database details
|
|
# Host can contain a port (localhost:3306) or a separate DB_PORT option can be used.
|
|
DB_HOST=localhost
|
|
DB_PORT=3306
|
|
DB_DATABASE=database_database
|
|
DB_USERNAME=database_username
|
|
DB_PASSWORD=database_user_password
|
|
|
|
# Mail system to use
|
|
# Can be 'smtp' or 'sendmail'
|
|
MAIL_DRIVER=smtp
|
|
|
|
# Mail sending options
|
|
MAIL_FROM=mail@bookstackapp.com
|
|
MAIL_FROM_NAME=BookStack
|
|
|
|
# SMTP mail options
|
|
MAIL_HOST=localhost
|
|
MAIL_PORT=1025
|
|
MAIL_USERNAME=null
|
|
MAIL_PASSWORD=null
|
|
MAIL_ENCRYPTION=null
|
|
|
|
# Cache & Session driver to use
|
|
# Can be 'file', 'database', 'memcached' or 'redis'
|
|
CACHE_DRIVER=file
|
|
SESSION_DRIVER=file
|
|
|
|
# Session configuration
|
|
SESSION_LIFETIME=120
|
|
SESSION_COOKIE_NAME=bookstack_session
|
|
SESSION_SECURE_COOKIE=false
|
|
|
|
# Cache key prefix
|
|
# Can be used to prevent conflicts multiple BookStack instances use the same store.
|
|
CACHE_PREFIX=bookstack
|
|
|
|
# Memcached server configuration
|
|
# If using a UNIX socket path for the host, set the port to 0
|
|
# This follows the following format: HOST:PORT:WEIGHT
|
|
# For multiple servers separate with a comma
|
|
MEMCACHED_SERVERS=127.0.0.1:11211:100
|
|
|
|
# Redis server configuration
|
|
# This follows the following format: HOST:PORT:DATABASE
|
|
# or, if using a password: HOST:PORT:DATABASE:PASSWORD
|
|
# For multiple servers separate with a comma. These will be clustered.
|
|
REDIS_SERVERS=127.0.0.1:6379:0
|
|
|
|
# Queue driver to use
|
|
# Queue not really currently used but may be configurable in the future.
|
|
# Would advise not to change this for now.
|
|
QUEUE_CONNECTION=sync
|
|
|
|
# Storage system to use
|
|
# Can be 'local', 'local_secure' or 's3'
|
|
STORAGE_TYPE=local
|
|
|
|
# Image storage system to use
|
|
# Defaults to the value of STORAGE_TYPE if unset.
|
|
# Accepts the same values as STORAGE_TYPE.
|
|
STORAGE_IMAGE_TYPE=local
|
|
|
|
# Attachment storage system to use
|
|
# Defaults to the value of STORAGE_TYPE if unset.
|
|
# Accepts the same values as STORAGE_TYPE although 'local' will be forced to 'local_secure'.
|
|
STORAGE_ATTACHMENT_TYPE=local_secure
|
|
|
|
# Amazon S3 storage configuration
|
|
STORAGE_S3_KEY=your-s3-key
|
|
STORAGE_S3_SECRET=your-s3-secret
|
|
STORAGE_S3_BUCKET=s3-bucket-name
|
|
STORAGE_S3_REGION=s3-bucket-region
|
|
|
|
# S3 endpoint to use for storage calls
|
|
# Only set this if using a non-Amazon s3-compatible service such as Minio
|
|
STORAGE_S3_ENDPOINT=https://my-custom-s3-compatible.service.com:8001
|
|
|
|
# Storage URL prefix
|
|
# Used as a base for any generated image urls.
|
|
# An s3-format URL will be generated if not set.
|
|
STORAGE_URL=false
|
|
|
|
# Authentication method to use
|
|
# Can be 'standard', 'ldap' or 'saml2'
|
|
AUTH_METHOD=standard
|
|
|
|
# Social authentication configuration
|
|
# All disabled by default.
|
|
# Refer to https://www.bookstackapp.com/docs/admin/third-party-auth/
|
|
|
|
AZURE_APP_ID=false
|
|
AZURE_APP_SECRET=false
|
|
AZURE_TENANT=false
|
|
AZURE_AUTO_REGISTER=false
|
|
AZURE_AUTO_CONFIRM_EMAIL=false
|
|
|
|
DISCORD_APP_ID=false
|
|
DISCORD_APP_SECRET=false
|
|
DISCORD_AUTO_REGISTER=false
|
|
DISCORD_AUTO_CONFIRM_EMAIL=false
|
|
|
|
FACEBOOK_APP_ID=false
|
|
FACEBOOK_APP_SECRET=false
|
|
FACEBOOK_AUTO_REGISTER=false
|
|
FACEBOOK_AUTO_CONFIRM_EMAIL=false
|
|
|
|
GITHUB_APP_ID=false
|
|
GITHUB_APP_SECRET=false
|
|
GITHUB_AUTO_REGISTER=false
|
|
GITHUB_AUTO_CONFIRM_EMAIL=false
|
|
|
|
GITLAB_APP_ID=false
|
|
GITLAB_APP_SECRET=false
|
|
GITLAB_BASE_URI=false
|
|
GITLAB_AUTO_REGISTER=false
|
|
GITLAB_AUTO_CONFIRM_EMAIL=false
|
|
|
|
GOOGLE_APP_ID=false
|
|
GOOGLE_APP_SECRET=false
|
|
GOOGLE_SELECT_ACCOUNT=false
|
|
GOOGLE_AUTO_REGISTER=false
|
|
GOOGLE_AUTO_CONFIRM_EMAIL=false
|
|
|
|
OKTA_BASE_URL=false
|
|
OKTA_APP_ID=false
|
|
OKTA_APP_SECRET=false
|
|
OKTA_AUTO_REGISTER=false
|
|
OKTA_AUTO_CONFIRM_EMAIL=false
|
|
|
|
SLACK_APP_ID=false
|
|
SLACK_APP_SECRET=false
|
|
SLACK_AUTO_REGISTER=false
|
|
SLACK_AUTO_CONFIRM_EMAIL=false
|
|
|
|
TWITCH_APP_ID=false
|
|
TWITCH_APP_SECRET=false
|
|
TWITCH_AUTO_REGISTER=false
|
|
TWITCH_AUTO_CONFIRM_EMAIL=false
|
|
|
|
TWITTER_APP_ID=false
|
|
TWITTER_APP_SECRET=false
|
|
TWITTER_AUTO_REGISTER=false
|
|
TWITTER_AUTO_CONFIRM_EMAIL=false
|
|
|
|
# LDAP authentication configuration
|
|
# Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
|
|
LDAP_SERVER=false
|
|
LDAP_BASE_DN=false
|
|
LDAP_DN=false
|
|
LDAP_PASS=false
|
|
LDAP_USER_FILTER=false
|
|
LDAP_VERSION=false
|
|
LDAP_START_TLS=false
|
|
LDAP_TLS_INSECURE=false
|
|
LDAP_ID_ATTRIBUTE=uid
|
|
LDAP_EMAIL_ATTRIBUTE=mail
|
|
LDAP_DISPLAY_NAME_ATTRIBUTE=cn
|
|
LDAP_THUMBNAIL_ATTRIBUTE=null
|
|
LDAP_FOLLOW_REFERRALS=true
|
|
LDAP_DUMP_USER_DETAILS=false
|
|
|
|
# LDAP group sync configuration
|
|
# Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
|
|
LDAP_USER_TO_GROUPS=false
|
|
LDAP_GROUP_ATTRIBUTE="memberOf"
|
|
LDAP_REMOVE_FROM_GROUPS=false
|
|
|
|
# SAML authentication configuration
|
|
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
|
|
SAML2_NAME=SSO
|
|
SAML2_EMAIL_ATTRIBUTE=email
|
|
SAML2_DISPLAY_NAME_ATTRIBUTES=username
|
|
SAML2_EXTERNAL_ID_ATTRIBUTE=null
|
|
SAML2_IDP_ENTITYID=null
|
|
SAML2_IDP_SSO=null
|
|
SAML2_IDP_SLO=null
|
|
SAML2_IDP_x509=null
|
|
SAML2_ONELOGIN_OVERRIDES=null
|
|
SAML2_DUMP_USER_DETAILS=false
|
|
SAML2_AUTOLOAD_METADATA=false
|
|
SAML2_IDP_AUTHNCONTEXT=true
|
|
SAML2_SP_x509=null
|
|
SAML2_SP_x509_KEY=null
|
|
|
|
# SAML group sync configuration
|
|
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
|
|
SAML2_USER_TO_GROUPS=false
|
|
SAML2_GROUP_ATTRIBUTE=group
|
|
SAML2_REMOVE_FROM_GROUPS=false
|
|
|
|
# OpenID Connect authentication configuration
|
|
OIDC_NAME=SSO
|
|
OIDC_DISPLAY_NAME_CLAIMS=name
|
|
OIDC_CLIENT_ID=null
|
|
OIDC_CLIENT_SECRET=null
|
|
OIDC_ISSUER=null
|
|
OIDC_ISSUER_DISCOVER=false
|
|
OIDC_PUBLIC_KEY=null
|
|
OIDC_AUTH_ENDPOINT=null
|
|
OIDC_TOKEN_ENDPOINT=null
|
|
OIDC_DUMP_USER_DETAILS=false
|
|
|
|
# Disable default third-party services such as Gravatar and Draw.IO
|
|
# Service-specific options will override this option
|
|
DISABLE_EXTERNAL_SERVICES=false
|
|
|
|
# Use custom avatar service, Sets fetch URL
|
|
# Possible placeholders: ${hash} ${size} ${email}
|
|
# If set, Avatars will be fetched regardless of DISABLE_EXTERNAL_SERVICES option.
|
|
# Example: AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon
|
|
AVATAR_URL=
|
|
|
|
# Enable diagrams.net integration
|
|
# Can simply be true/false to enable/disable the integration.
|
|
# Alternatively, It can be URL to the diagrams.net instance you want to use.
|
|
# For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1
|
|
DRAWIO=true
|
|
|
|
# Default item listing view
|
|
# Used for public visitors and user's without a preference.
|
|
# Can be 'list' or 'grid'.
|
|
APP_VIEWS_BOOKS=list
|
|
APP_VIEWS_BOOKSHELVES=grid
|
|
APP_VIEWS_BOOKSHELF=grid
|
|
|
|
# Use dark mode by default
|
|
# Will be overriden by any user/session preference.
|
|
APP_DEFAULT_DARK_MODE=false
|
|
|
|
# Page revision limit
|
|
# Number of page revisions to keep in the system before deleting old revisions.
|
|
# If set to 'false' a limit will not be enforced.
|
|
REVISION_LIMIT=50
|
|
|
|
# Recycle Bin Lifetime
|
|
# The number of days that content will remain in the recycle bin before
|
|
# being considered for auto-removal. It is not a guarantee that content will
|
|
# be removed after this time.
|
|
# Set to 0 for no recycle bin functionality.
|
|
# Set to -1 for unlimited recycle bin lifetime.
|
|
RECYCLE_BIN_LIFETIME=30
|
|
|
|
# Allow <script> tags in page content
|
|
# Note, if set to 'true' the page editor may still escape scripts.
|
|
ALLOW_CONTENT_SCRIPTS=false
|
|
|
|
# Indicate if robots/crawlers should crawl your instance.
|
|
# Can be 'true', 'false' or 'null'.
|
|
# The behaviour of the default 'null' option will depend on the 'app-public' admin setting.
|
|
# Contents of the robots.txt file can be overridden, making this option obsolete.
|
|
ALLOW_ROBOTS=null
|
|
|
|
# Allow server-side fetches to be performed to potentially unknown
|
|
# and user-provided locations. Primarily used in exports when loading
|
|
# in externally referenced assets.
|
|
# Can be 'true' or 'false'.
|
|
ALLOW_UNTRUSTED_SERVER_FETCHING=false
|
|
|
|
# A list of hosts that BookStack can be iframed within.
|
|
# Space separated if multiple. BookStack host domain is auto-inferred.
|
|
# For Example: ALLOWED_IFRAME_HOSTS="https://example.com https://a.example.com"
|
|
# Setting this option will also auto-adjust cookies to be SameSite=None.
|
|
ALLOWED_IFRAME_HOSTS=null
|
|
|
|
# The default and maximum item-counts for listing API requests.
|
|
API_DEFAULT_ITEM_COUNT=100
|
|
API_MAX_ITEM_COUNT=500
|
|
|
|
# The number of API requests that can be made per minute by a single user.
|
|
API_REQUESTS_PER_MIN=180
|
|
|
|
# Enable the logging of failed email+password logins with the given message.
|
|
# The default log channel below uses the php 'error_log' function which commonly
|
|
# results in messages being output to the webserver error logs.
|
|
# The message can contain a %u parameter which will be replaced with the login
|
|
# user identifier (Username or email).
|
|
LOG_FAILED_LOGIN_MESSAGE=false
|
|
LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver
|