# # DO NOT EDIT THIS FILE # If you need to make changes create a file called discourse.conf in this directory with your changes # On import this file will be imported using ERB # # Discourse supports multiple mechanisms for production config. # # 1. You can do nothing and get these defaults (not recommended, you should at least set hostname) # 2. You can copy this file to config/discourse.conf and amend with your settings # 3. You can pass in config from your environment, all the settings below are available. # Append DISCOURSE_ and upper case the setting in ENV. For example: # to pass in db_timeout of 200 you would use DISCOURSE_DB_TIMEOUT=200 # All settings apply to production only # connection pool size, sidekiq is set to 5, allowing an extra 3 for bg threads db_pool = 8 # ActiveRecord connection pool timeout in milliseconds db_timeout = 5000 # Database connection timeout in seconds db_connect_timeout = 5 # socket file used to access db db_socket = # host address for db server # This is set to blank so it tries to use sockets first db_host = # host address for db server when taking a backup via `pg_dump` # Defaults to `db_host` if not configured db_backup_host = # port running db server, no need to set it db_port = # db server port to use when taking a backup via `pg_dump` db_backup_port = 5432 # database name running discourse db_name = discourse # username accessing database db_username = discourse # password used to access the db db_password = # Disallow prepared statements # see: https://github.com/rails/rails/issues/21992 db_prepared_statements = false # host address for db replica server db_replica_host = # port running replica db server, defaults to 5432 if not set db_replica_port = db_advisory_locks = true # hostname running the forum hostname = "www.example.com" # backup hostname mainly for cdn use backup_hostname = # address of smtp server used to send emails smtp_address = # port of smtp server used to send emails smtp_port = 25 # domain passed to smtp server smtp_domain = # username for smtp server smtp_user_name = # password for smtp server smtp_password = # smtp authentication mechanism smtp_authentication = plain # enable TLS encryption for smtp connections smtp_enable_start_tls = true # mode for verifying smtp server certificates # to disable, set to 'none' smtp_openssl_verify_mode = # force implicit TLS as per RFC 8314 3.3 smtp_force_tls = false # number of seconds to wait while attempting to open a SMTP connection smtp_open_timeout = 5 # Number of seconds to wait until timing-out a SMTP read(2) call smtp_read_timeout = 5 # load MiniProfiler in production, to be used by developers load_mini_profiler = true # Every how many requests should MP profile a request (aka take snapshot) # Default is never mini_profiler_snapshots_period = 0 # specify the URL of the destination that MiniProfiler should ship snapshots to # mini_profiler_snapshots_transport_auth_key is required as well mini_profiler_snapshots_transport_url = # authorization key that will be included as a header in requests made by the # snapshots transporter to the URL specified above. The destination should # know this key and only accept requests that have this key in the # `Mini-Profiler-Transport-Auth` header. mini_profiler_snapshots_transport_auth_key = # recommended, cdn used to access assets cdn_url = # The hostname used by the CDN to request assets cdn_origin_hostname = # comma delimited list of emails that have developer level access developer_emails = # redis server address redis_host = localhost # redis server port redis_port = 6379 # redis replica server address redis_replica_host = # redis replica server port redis_replica_port = 6379 # redis database redis_db = 0 # redis password redis_password = # skip configuring client id for cloud providers who support no client commands redis_skip_client_commands = false # uses SSL for all Redis connections if true redis_use_ssl = false # message bus redis server switch message_bus_redis_enabled = false # message bus redis server address message_bus_redis_host = localhost # message bus redis server port message_bus_redis_port = 6379 # message bus redis replica server address message_bus_redis_replica_host = # message bus redis slave server port message_bus_redis_replica_port = 6379 # message bus redis database message_bus_redis_db = 0 # message bus redis password message_bus_redis_password = # skip configuring client id for cloud providers who support no client commands message_bus_redis_skip_client_commands = false # enable Cross-origin Resource Sharing (CORS) directly at the application level enable_cors = false cors_origin = '' # enable if you really need to serve assets in prod serve_static_assets = false # number of sidekiq workers (launched via unicorn master) sidekiq_workers = 5 # connection reaping helps keep connection counts down, postgres # will not work properly with huge numbers of open connections # reap connections from pool that are older than 30 seconds connection_reaper_age = 30 # run reap check every 30 seconds connection_reaper_interval = 30 # set to relative URL (for subdirectory hosting) # IMPORTANT: path must not include a trailing / # EG: /forum relative_url_root = # increasing this number will increase redis memory use # this ensures backlog (ability of channels to catch up are capped) # message bus default cap is 1000, we are winding it down to 100 message_bus_max_backlog_size = 100 # how often the message-bus backlog should be cleared # lower values will make memory usage more consistent, but will # increase redis CPU demands message_bus_clear_every = 50 # must be a 64 byte hex string, anything else will be ignored with a warning secret_key_base = # fallback path for all assets which are served via the application # used by static_controller # in multi host setups this allows you to have old unicorn instances serve # newly compiled assets fallback_assets_path = # S3 settings used for serving ALL public files # be sure to configure a CDN as well per cdn_url s3_bucket = s3_region = s3_access_key_id = s3_secret_access_key = s3_use_iam_profile = s3_cdn_url = s3_endpoint = s3_http_continue_timeout = s3_install_cors_rule = # Optionally, specify a separate CDN to be used for static JS assets stored on S3 s3_asset_cdn_url = ### rate limits apply to all sites max_user_api_reqs_per_minute = 20 max_user_api_reqs_per_day = 2880 max_admin_api_reqs_per_minute = 60 max_reqs_per_ip_per_minute = 200 max_reqs_per_ip_per_10_seconds = 50 # applies to asset type routes (avatars/css and so on) max_asset_reqs_per_ip_per_10_seconds = 200 # global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none max_reqs_per_ip_mode = block # bypass rate limiting any IP resolved as a private IP max_reqs_rate_limit_on_private = false # use per user rate limits vs ip rate limits for users with this trust level or more. skip_per_ip_rate_limit_trust_level = 1 # logged in DoS protection # protection will only trigger for requests that queue longer than this amount force_anonymous_min_queue_seconds = 1 # only trigger anon if we see more than N requests for this path in last 10 seconds force_anonymous_min_per_10_seconds = 3 # Any requests with the headers Discourse-Background = true will not be allowed to queue # longer than this amount of time. # Discourse will rate limit and ask client to try again later. background_requests_max_queue_length = 0.5 # if a message bus request queues for 100ms or longer, we will reject it and ask consumer # to back off reject_message_bus_queue_seconds = 0.1 # disable search if app server is queueing for longer than this (in seconds) disable_search_queue_threshold = 1 # maximum number of posts rebaked across the cluster in the periodical job # rebake process is very expensive, on multisite we have to make sure we never # flood the queue max_old_rebakes_per_15_minutes = 300 # maximum number of log messages in /logs max_logster_logs = 1000 # during precompile update maxmind database if older than N days # set to 0 to disable refresh_maxmind_db_during_precompile_days = 2 # backup path containing maxmind db files maxmind_backup_path = # register an account at: https://www.maxmind.com/en/geolite2/signup # then head to profile and get your license key maxmind_license_key= # when enabled the following headers will be added to every response: # (note, if measurements do not exist for the header they will be omitted) # # X-Redis-Calls: 10 # X-Redis-Time: 1.02 # X-Sql-Calls: 102 # X-Sql-Time: 1.02 # X-Queue-Time: 1.01 enable_performance_http_headers = false # gather JavaScript errors from clients (rate limited to 1 error per IP per minute) enable_js_error_reporting = true # This is probably not a number you want to touch, it controls the number of workers # we allow mini scheduler to run. Prior to 2019 we ran a single worker. # On extremely busy setups this could lead to situations where regular jobs would # starve. Specifically jobs such as "run heartbeat" which keeps sidekiq running. # Having a high number here is very low risk. Regular jobs are limited in scope and scale. mini_scheduler_workers = 5 # enable compression on anonymous cache redis entries # this slightly increases the cost of storing cache entries but can make it much # cheaper to retrieve cache entries when redis is stores on a different machine to the one # running the web compress_anon_cache = false # Only store entries in redis for anonymous cache if they are observed more than N times # for a specific key # # This ensures there are no pathological cases where we keep storing data in anonymous cache # never to use it, set to 1 to store immediately, set to 0 to disable anon cache anon_cache_store_threshold = 2 # EXPERIMENTAL - not yet supported in production # by default admins can install and amend any theme # you may restrict it so only specific themes are approved # in allowlist mode all theme updates must happen via git repos # themes missing from the list are automatically disallowed # list is a comma separated list of git repos eg: # https://github.com/discourse/discourse-custom-header-links.git,https://github.com/discourse/discourse-simple-theme.git allowed_theme_repos = # Demon::EmailSync is used in conjunction with the enable_imap site setting # to sync N IMAP mailboxes with specific groups. It is a process started in # unicorn.conf, and it spawns N threads (one for each multisite connection) and # for each database spans another N threads (one for each configured group). # # We want this off by default so the process is not started when it does not # need to be (e.g. development, test, certain hosting tiers) enable_email_sync_demon = false # we never want to queue more than 10000 digests per 30 minute block # this can easily lead to blocking sidekiq # on multisites we recommend a far lower number max_digests_enqueued_per_30_mins_per_site = 10000 # This cluster name can be passed to the /srv/status route to verify # the application cluster is the same one you are expecting cluster_name = # The YAML file used to configure multisite clusters multisite_config_path = config/multisite.yml # If false, only short (regular) polling will be attempted enable_long_polling = # Length of time to hold open a long polling connection in milliseconds long_polling_interval = # Moves asset preloading from tags in the response document head to response headers preload_link_header = false # When using an external upload store, redirect `user_avatar` requests instead of proxying redirect_avatar_requests = false # Force the entire cluster into postgres readonly mode. Equivalent to running `Discourse.enable_pg_force_readonly_mode` pg_force_readonly_mode = false # default DNS query timeout for FinalDestination (used when not explicitely given programmatically) dns_query_timeout_secs = # Default global regex timeout regex_timeout_seconds = 2 # Allow impersonation function on the cluster to admins allow_impersonation = true # The maximum number of characters allowed in a single log line. log_line_max_chars = 160000