· 5 years ago · Apr 01, 2020, 09:12 PM
1; App name that shows in every page title
2APP_NAME = flipkick.media Ltd - Code
3; Change it if you run locally
4RUN_USER = git
5; Either "dev", "prod" or "test", default is "dev"
6RUN_MODE = prod
7
8[repository]
9ROOT = /home/git
10SCRIPT_TYPE = bash
11; Default ANSI charset
12ANSI_CHARSET =
13; Force every new repository to be private
14FORCE_PRIVATE = false
15; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
16DEFAULT_PRIVATE = last
17; Global limit of repositories per user, applied at creation time. -1 means no limit
18MAX_CREATION_LIMIT = -1
19; Mirror sync queue length, increase if mirror syncing starts hanging
20MIRROR_QUEUE_LENGTH = 1000
21; Patch test queue length, increase if pull request patch testing starts hanging
22PULL_REQUEST_QUEUE_LENGTH = 1000
23; Preferred Licenses to place at the top of the List
24; The name here must match the filename in conf/license or custom/conf/license
25PREFERRED_LICENSES = Apache License 2.0,MIT License
26; Disable the ability to interact with repositories using the HTTP protocol
27DISABLE_HTTP_GIT = true
28; Value for Access-Control-Allow-Origin header, default is not to present
29; WARNING: This maybe harmful to you website if you do not give it a right value.
30ACCESS_CONTROL_ALLOW_ORIGIN =
31; Force ssh:// clone url instead of scp-style uri when default SSH port is used
32USE_COMPAT_SSH_URI = false
33; Close issues as long as a commit on any branch marks it as fixed
34DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
35; Allow users to push local repositories to Gitea and have them automatically created for a user or an org
36ENABLE_PUSH_CREATE_USER = false
37ENABLE_PUSH_CREATE_ORG = false
38; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
39DISABLED_REPO_UNITS =
40; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki.
41; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
42; External wiki and issue tracker can't be enabled by default as it requires additional settings.
43; Disabled repo units will not be added to new repositories regardless if it is in the default list.
44DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki
45; Prefix archive files by placing them in a directory named after the repository
46PREFIX_ARCHIVE_FILES = true
47
48[repository.editor]
49; List of file extensions for which lines should be wrapped in the CodeMirror editor
50; Separate extensions with a comma. To line wrap files without an extension, just put a comma
51LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
52; Valid file modes that have a preview API associated with them, such as api/v1/markdown
53; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
54PREVIEWABLE_FILE_MODES = markdown
55
56[repository.local]
57; Path for local repository copy. Defaults to `tmp/local-repo`
58LOCAL_COPY_PATH = tmp/local-repo
59; Path for local wiki copy. Defaults to `tmp/local-wiki`
60LOCAL_WIKI_PATH = tmp/local-wiki
61
62[repository.upload]
63; Whether repository file uploads are enabled. Defaults to `true`
64ENABLED = true
65; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
66TEMP_PATH = data/tmp/uploads
67; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
68ALLOWED_TYPES =
69; Max size of each file in megabytes. Defaults to 3MB
70FILE_MAX_SIZE = 3
71; Max number of files per upload. Defaults to 5
72MAX_FILES = 5
73
74[repository.pull-request]
75; List of prefixes used in Pull Request title to mark them as Work In Progress
76WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
77; List of keywords used in Pull Request comments to automatically close a related issue
78CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
79; List of keywords used in Pull Request comments to automatically reopen a related issue
80REOPEN_KEYWORDS = reopen,reopens,reopened
81; In the default merge message for squash commits include at most this many commits
82DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
83; In the default merge message for squash commits limit the size of the commit messages to this
84DEFAULT_MERGE_MESSAGE_SIZE = 5120
85; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
86DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = false
87; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
88DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = 10
89; In default merge messages only include approvers who are official
90DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
91
92[repository.issue]
93; List of reasons why a Pull Request or Issue can be locked
94LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
95
96[repository.signing]
97; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
98; run in the context of the RUN_USER
99; Switch to none to stop signing completely
100SIGNING_KEY = default
101; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
102; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
103; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
104; by setting the SIGNING_KEY ID to the correct ID.)
105SIGNING_NAME =
106SIGNING_EMAIL =
107; Determines when gitea should sign the initial commit when creating a repository
108; Either:
109; - never
110; - pubkey: only sign if the user has a pubkey
111; - twofa: only sign if the user has logged in with twofa
112; - always
113; options other than none and always can be combined as comma separated list
114INITIAL_COMMIT = always
115; Determines when to sign for CRUD actions
116; - as above
117; - parentsigned: requires that the parent commit is signed.
118CRUD_ACTIONS = pubkey, twofa, parentsigned
119; Determines when to sign Wiki commits
120; - as above
121WIKI = never
122; Determines when to sign on merges
123; - basesigned: require that the parent of commit on the base repo is signed.
124; - commitssigned: require that all the commits in the head branch are signed.
125; - approved: only sign when merging an approved pr to a protected branch
126MERGES = pubkey, twofa, basesigned, commitssigned
127
128[cors]
129; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
130; enable cors headers (disabled by default)
131ENABLED = false
132; scheme of allowed requests
133SCHEME = http
134; list of requesting domains that are allowed
135ALLOW_DOMAIN = *
136; allow subdomains of headers listed above to request
137ALLOW_SUBDOMAIN = false
138; list of methods allowed to request
139METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
140; max time to cache response
141MAX_AGE = 10m
142; allow request with credentials
143ALLOW_CREDENTIALS = false
144
145[ui]
146; Number of repositories that are displayed on one explore page
147EXPLORE_PAGING_NUM = 20
148; Number of issues that are displayed on one page
149ISSUE_PAGING_NUM = 10
150; Number of maximum commits displayed in one activity feed
151FEED_MAX_COMMIT_NUM = 5
152; Number of maximum commits displayed in commit graph.
153GRAPH_MAX_COMMIT_NUM = 100
154; Number of line of codes shown for a code comment
155CODE_COMMENT_LINES = 4
156; Value of `theme-color` meta tag, used by Android >= 5.0
157; An invalid color like "none" or "disable" will have the default style
158; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
159THEME_COLOR_META_TAG = `#6cc644`
160; Max size of files to be displayed (default is 8MiB)
161MAX_DISPLAY_FILE_SIZE = 8388608
162; Whether the email of the user should be shown in the Explore Users page
163SHOW_USER_EMAIL = true
164; Set the default theme for the Gitea install
165DEFAULT_THEME = gitea
166; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
167THEMES = gitea,arc-green
168; All available reactions. Allow users react with different emoji's
169; For the whole list look at https://gitea.com/gitea/gitea.com/issues/8
170REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
171; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
172DEFAULT_SHOW_FULL_NAME = false
173; Whether to search within description at repository search on explore page.
174SEARCH_REPO_DESCRIPTION = true
175; Whether to enable a Service Worker to cache frontend assets
176USE_SERVICE_WORKER = true
177
178[ui.admin]
179; Number of users that are displayed on one page
180USER_PAGING_NUM = 50
181; Number of repos that are displayed on one page
182REPO_PAGING_NUM = 50
183; Number of notices that are displayed on one page
184NOTICE_PAGING_NUM = 25
185; Number of organizations that are displayed on one page
186ORG_PAGING_NUM = 50
187
188[ui.user]
189; Number of repos that are displayed on one page
190REPO_PAGING_NUM = 15
191
192[ui.meta]
193AUTHOR = Gitea - Git with a cup of tea
194DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
195KEYWORDS = go,git,self-hosted,gitea
196
197[markdown]
198; Enable hard line break extension
199ENABLE_HARD_LINE_BREAK = false
200; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
201; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
202; URLs starting with http and https are always displayed, whatever is put in this entry.
203CUSTOM_URL_SCHEMES =
204; List of file extensions that should be rendered/edited as Markdown
205; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
206FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
207
208[server]
209PROTOCOL = fcgi+unix
210DOMAIN = git.flipkick.media
211HTTP_ADDR = /var/www/git.flipkick.media/services/gitea.sock
212UNIX_SOCKET_PERMISSION = 666
213; Domain name to be exposed in clone URL
214SSH_DOMAIN = git.flipkick.media
215ROOT_URL = fcgi+unix://git.flipkick.media:3000/
216; when STATIC_URL_PREFIX is empty it will follow ROOT_URL
217STATIC_URL_PREFIX =
218; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
219; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
220; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
221; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
222; PORT_TO_REDIRECT.
223REDIRECT_OTHER_PORT = false
224PORT_TO_REDIRECT = 80
225; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
226; In most cases you do not need to change the default value.
227; Alter it only if your SSH server node is not the same as HTTP node.
228; Do not set this variable if PROTOCOL is set to 'unix'.
229LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
230; Disable SSH feature when not available
231DISABLE_SSH = false
232; Whether to use the builtin SSH server or not.
233START_SSH_SERVER = false
234; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
235BUILTIN_SSH_SERVER_USER =
236; The network interface the builtin SSH server should listen on
237SSH_LISTEN_HOST =
238; Port number to be exposed in clone URL
239SSH_PORT = 22
240; The port number the builtin SSH server should listen on
241SSH_LISTEN_PORT = %(SSH_PORT)s
242; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
243SSH_ROOT_PATH =
244; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
245; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
246SSH_CREATE_AUTHORIZED_KEYS_FILE = true
247; For the built-in SSH server, choose the ciphers to support for SSH connections,
248; for system SSH this setting has no effect
249SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
250; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
251; for system SSH this setting has no effect
252SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
253; For the built-in SSH server, choose the MACs to support for SSH connections,
254; for system SSH this setting has no effect
255SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
256; Directory to create temporary files in when testing public keys using ssh-keygen,
257; default is the system temporary directory.
258SSH_KEY_TEST_PATH =
259; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
260SSH_KEYGEN_PATH = ssh-keygen
261; Enable SSH Authorized Key Backup when rewriting all keys, default is true
262SSH_BACKUP_AUTHORIZED_KEYS = true
263; Enable exposure of SSH clone URL to anonymous visitors, default is false
264SSH_EXPOSE_ANONYMOUS = false
265; Indicate whether to check minimum key size with corresponding type
266MINIMUM_KEY_SIZE_CHECK = false
267; Disable CDN even in "prod" mode
268OFFLINE_MODE = false
269DISABLE_ROUTER_LOG = false
270; Generate steps:
271; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
272;
273; Or from a .pfx file exported from the Windows certificate store (do
274; not forget to export the private key):
275; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
276; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
277; Paths are relative to CUSTOM_PATH
278CERT_FILE = https/cert.pem
279KEY_FILE = https/key.pem
280; Root directory containing templates and static files.
281; default is the path where Gitea is executed
282STATIC_ROOT_PATH =
283; Default path for App data
284APP_DATA_PATH = data
285; Application level GZIP support
286ENABLE_GZIP = false
287; Application profiling (memory and cpu)
288; For "web" command it listens on localhost:6060
289; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
290ENABLE_PPROF = false
291; PPROF_DATA_PATH, use an absolute path when you start gitea as service
292PPROF_DATA_PATH = data/tmp/pprof
293; Landing page, can be "home", "explore", "organizations" or "login"
294; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
295LANDING_PAGE = home
296; Enables git-lfs support. true or false, default is false.
297LFS_START_SERVER = true
298; Where your lfs files reside, default is data/lfs.
299LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
300; LFS authentication secret, change this yourself
301LFS_JWT_SECRET = cTmHc9mlY_iRkg10dm-BJA-h4jPjoUVJZkfI5-ygoUA
302; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
303LFS_HTTP_AUTH_EXPIRY = 20m
304; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
305LFS_MAX_FILE_SIZE = 0
306; Maximum number of locks returned per page
307LFS_LOCKS_PAGING_NUM = 50
308; Allow graceful restarts using SIGHUP to fork
309ALLOW_GRACEFUL_RESTARTS = true
310; After a restart the parent will finish ongoing requests before
311; shutting down. Force shutdown if this process takes longer than this delay.
312; set to a negative value to disable
313GRACEFUL_HAMMER_TIME = 60s
314; Allows the setting of a startup timeout and waithint for Windows as SVC service
315; 0 disables this.
316STARTUP_TIMEOUT = 0
317; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h
318STATIC_CACHE_TIME = 6h
319HTTP_PORT = 3000
320
321; Define allowed algorithms and their minimum key length (use -1 to disable a type)
322[ssh.minimum_key_sizes]
323ED25519 = 256
324ECDSA = 256
325RSA = 2048
326DSA = 1024
327
328[database]
329; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
330DB_TYPE = sqlite3
331; Use PASSWD = `your password` for quoting if you use special characters in the password.
332PASSWD =
333; For Postgres, schema to use if different from "public". The schema must exist beforehand,
334; the user must have creation privileges on it, and the user search path must be set
335; to the look into the schema first. e.g.:ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;
336SCHEMA =
337; For Postgres, either "disable" (default), "require", or "verify-full"
338; For MySQL, either "false" (default), "true", or "skip-verify"
339SSL_MODE = disable
340; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
341; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
342CHARSET = utf8
343; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
344PATH = /var/www/git.flipkick.media/data/gitea.db
345; For "sqlite3" only. Query timeout
346SQLITE_TIMEOUT = 500
347; For iterate buffer, default is 50
348ITERATE_BUFFER_SIZE = 50
349; Show the database generated SQL
350LOG_SQL = true
351; Maximum number of DB Connect retries
352DB_RETRIES = 10
353; Backoff time per DB retry (time.Duration)
354DB_RETRY_BACKOFF = 3s
355; Max idle database connections on connnection pool, default is 2
356MAX_IDLE_CONNS = 2
357; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
358CONN_MAX_LIFETIME = 3s
359; Database maximum number of open connections, default is 0 meaning no maximum
360MAX_OPEN_CONNS = 0
361HOST = 127.0.0.1:3306
362NAME = gitea
363USER = gitea
364
365[indexer]
366; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
367ISSUE_INDEXER_TYPE = bleve
368; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
369ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
370; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
371ISSUE_INDEXER_NAME = gitea_issues
372; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
373ISSUE_INDEXER_PATH = indexers/issues.bleve
374; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
375ISSUE_INDEXER_QUEUE_TYPE = levelqueue
376; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
377; default is indexers/issues.queue
378ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
379; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
380ISSUE_INDEXER_QUEUE_CONN_STR = addrs=127.0.0.1:6379 db=0
381; Batch queue number, default is 20
382ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
383; Timeout the indexer if it takes longer than this to start.
384; Set to zero to disable timeout.
385STARTUP_TIMEOUT = 30s
386; repo indexer by default disabled, since it uses a lot of disk space
387REPO_INDEXER_ENABLED = false
388REPO_INDEXER_PATH = indexers/repos.bleve
389UPDATE_BUFFER_LEN = 20
390MAX_FILE_SIZE = 1048576
391; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
392; in the index; default is empty
393REPO_INDEXER_INCLUDE =
394; A comma separated list of glob patterns to exclude from the index; ; default is empty
395REPO_INDEXER_EXCLUDE =
396
397[queue]
398; Specific queues can be individually configured with [queue.name]. [queue] provides defaults
399;
400; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
401; default to persistable-channel
402TYPE = persistable-channel
403; data-dir for storing persistable queues and level queues, individual queues will be named by their type
404DATADIR = queues/
405; Default queue length before a channel queue will block
406LENGTH = 20
407; Batch size to send for batched queues
408BATCH_LENGTH = 20
409; Connection string for redis queues this will store the redis connection string.
410CONN_STR = addrs=127.0.0.1:6379 db=0
411; Provide the suffix of the default redis queue name - specific queues can be overriden within in their [queue.name] sections.
412QUEUE_NAME = _queue
413; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
414WRAP_IF_NECESSARY = true
415; Attempt to create the wrapped queue at max
416MAX_ATTEMPTS = 10
417; Timeout queue creation
418TIMEOUT = 15m30s
419; Create a pool with this many workers
420WORKERS = 1
421; Dynamically scale the worker pool to at this many workers
422MAX_WORKERS = 10
423; Add boost workers when the queue blocks for BLOCK_TIMEOUT
424BLOCK_TIMEOUT = 1s
425; Remove the boost workers after BOOST_TIMEOUT
426BOOST_TIMEOUT = 5m
427; During a boost add BOOST_WORKERS
428BOOST_WORKERS = 5
429
430[admin]
431; Disallow regular (non-admin) users from creating organizations.
432DISABLE_REGULAR_ORG_CREATION = false
433; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
434DEFAULT_EMAIL_NOTIFICATIONS = enabled
435
436[security]
437; Whether the installer is disabled
438INSTALL_LOCK = true
439; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
440# @FDEWREWR&*(
441SECRET_KEY = CshVBrRiepuzusoqgNu4oMtO3eEs6q28eQMxFwG7fd98shMMWyD5PJSYlCeR0RWk
442; How long to remember that a user is logged in before requiring relogin (in days)
443LOGIN_REMEMBER_DAYS = 7
444COOKIE_USERNAME = gitea_awesome
445COOKIE_REMEMBER_NAME = gitea_incredible
446; Reverse proxy authentication header name of user name
447REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
448REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
449; The minimum password length for new Users
450MIN_PASSWORD_LENGTH = 6
451; Set to true to allow users to import local server paths
452IMPORT_LOCAL_PATHS = false
453; Set to true to prevent all users (including admin) from creating custom git hooks
454DISABLE_GIT_HOOKS = false
455; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
456ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
457; Comma separated list of character classes required to pass minimum complexity.
458; If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
459; Use "off" to disable checking.
460PASSWORD_COMPLEXITY = lower,upper,digit,spec
461; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
462PASSWORD_HASH_ALGO = pbkdf2
463; Set false to allow JavaScript to read CSRF cookie
464CSRF_COOKIE_HTTP_ONLY = true
465INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODU0OTUxNzh9.4c7V1bt9dDt4MsNZjyFWT1obpO0O9IRJTEZadW04vr4
466
467[openid]
468;
469; OpenID is an open, standard and decentralized authentication protocol.
470; Your identity is the address of a webpage you provide, which describes
471; how to prove you are in control of that page.
472;
473; For more info: https://en.wikipedia.org/wiki/OpenID
474;
475; Current implementation supports OpenID-2.0
476;
477; Tested to work providers at the time of writing:
478; - Any GNUSocial node (your.hostname.tld/username)
479; - Any SimpleID provider (http://simpleid.koinic.net)
480; - http://openid.org.cn/
481; - openid.stackexchange.com
482; - login.launchpad.net
483; - <username>.livejournal.com
484;
485; Whether to allow signin in via OpenID
486ENABLE_OPENID_SIGNIN = true
487; Whether to allow registering via OpenID
488; Do not include to rely on rhw DISABLE_REGISTRATION setting
489; ENABLE_OPENID_SIGNUP = true
490; Allowed URI patterns (POSIX regexp).
491; Space separated.
492; Only these would be allowed if non-blank.
493; Example value: trusted.domain.org trusted.domain.net
494WHITELISTED_URIS =
495; Forbidden URI patterns (POSIX regexp).
496; Space separated.
497; Only used if WHITELISTED_URIS is blank.
498; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
499BLACKLISTED_URIS =
500ENABLE_OPENID_SIGNUP = true
501
502[service]
503; Time limit to confirm account/email registration
504ACTIVE_CODE_LIVE_MINUTES = 180
505; Time limit to perform the reset of a forgotten password
506RESET_PASSWD_CODE_LIVE_MINUTES = 180
507; Whether a new user needs to confirm their email when registering.
508REGISTER_EMAIL_CONFIRM = false
509; List of domain names that are allowed to be used to register on a Gitea instance
510; gitea.io,example.com
511EMAIL_DOMAIN_WHITELIST =
512; Disallow registration, only allow admins to create accounts.
513DISABLE_REGISTRATION = false
514; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
515ALLOW_ONLY_EXTERNAL_REGISTRATION = false
516; User must sign in to view anything.
517REQUIRE_SIGNIN_VIEW = false
518; Mail notification
519ENABLE_NOTIFY_MAIL = false
520; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
521; If you set this to false you will not be able to access the tokens endpoints on the API with your password
522; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
523ENABLE_BASIC_AUTHENTICATION = true
524; More detail: https://github.com/gogits/gogs/issues/165
525ENABLE_REVERSE_PROXY_AUTHENTICATION = true
526ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
527ENABLE_REVERSE_PROXY_EMAIL = false
528; Enable captcha validation for registration
529ENABLE_CAPTCHA = true
530; Type of captcha you want to use. Options: image, recaptcha
531CAPTCHA_TYPE = image
532; Enable recaptcha to use Google's recaptcha service
533; Go to https://www.google.com/recaptcha/admin to sign up for a key
534RECAPTCHA_SECRET =
535RECAPTCHA_SITEKEY =
536; Change this to use recaptcha.net or other recaptcha service
537RECAPTCHA_URL = https://www.google.com/recaptcha/
538; Default value for KeepEmailPrivate
539; Each new user will get the value of this setting copied into their profile
540DEFAULT_KEEP_EMAIL_PRIVATE = false
541; Default value for AllowCreateOrganization
542; Every new user will have rights set to create organizations depending on this setting
543DEFAULT_ALLOW_CREATE_ORGANIZATION = true
544; Either "public", "limited" or "private", default is "public"
545; Limited is for signed user only
546; Private is only for member of the organization
547; Public is for everyone
548DEFAULT_ORG_VISIBILITY = public
549; Default value for DefaultOrgMemberVisible
550; True will make the membership of the users visible when added to the organisation
551DEFAULT_ORG_MEMBER_VISIBLE = false
552; Default value for EnableDependencies
553; Repositories will use dependencies by default depending on this setting
554DEFAULT_ENABLE_DEPENDENCIES = true
555; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
556ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
557; Enable heatmap on users profiles.
558ENABLE_USER_HEATMAP = true
559; Enable Timetracking
560ENABLE_TIMETRACKING = true
561; Default value for EnableTimetracking
562; Repositories will use timetracking by default depending on this setting
563DEFAULT_ENABLE_TIMETRACKING = true
564; Default value for AllowOnlyContributorsToTrackTime
565; Only users with write permissions can track time if this is true
566DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
567; Default value for the domain part of the user's email address in the git log
568; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
569; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
570NO_REPLY_ADDRESS = noreply.%(DOMAIN)s
571; Show Registration button
572SHOW_REGISTRATION_BUTTON = true
573; Show milestones dashboard page - a view of all the user's milestones
574SHOW_MILESTONES_DASHBOARD_PAGE = true
575; Default value for AutoWatchNewRepos
576; When adding a repo to a team or creating a new repo all team members will watch the
577; repo automatically if enabled
578AUTO_WATCH_NEW_REPOS = true
579; Default value for AutoWatchOnChanges
580; Make the user watch a repository When they commit for the first time
581AUTO_WATCH_ON_CHANGES = false
582
583[webhook]
584; Hook task queue length, increase if webhook shooting starts hanging
585QUEUE_LENGTH = 1000
586; Deliver timeout in seconds
587DELIVER_TIMEOUT = 5
588; Allow insecure certification
589SKIP_TLS_VERIFY = false
590; Number of history information in each page
591PAGING_NUM = 10
592; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
593PROXY_URL =
594; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
595PROXY_HOSTS =
596
597[mailer]
598ENABLED = false
599; Buffer length of channel, keep it as it is if you don't know what it is.
600SEND_BUFFER_LEN = 100
601; Prefix displayed before subject in mail
602SUBJECT_PREFIX =
603; Mail server
604; Gmail: smtp.gmail.com:587
605; QQ: smtp.qq.com:465
606; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
607HOST =
608; Disable HELO operation when hostnames are different.
609DISABLE_HELO =
610; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
611HELO_HOSTNAME =
612; Do not verify the certificate of the server. Only use this for self-signed certificates
613SKIP_VERIFY =
614; Use client certificate
615USE_CERTIFICATE = false
616CERT_FILE = custom/mailer/cert.pem
617KEY_FILE = custom/mailer/key.pem
618; Should SMTP connection use TLS
619IS_TLS_ENABLED = false
620; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
621FROM =
622; Mailer user name and password
623USER =
624; Use PASSWD = `your password` for quoting if you use special characters in the password.
625PASSWD =
626; Send mails as plain text
627SEND_AS_PLAIN_TEXT = false
628; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
629MAILER_TYPE = smtp
630; Specify an alternative sendmail binary
631SENDMAIL_PATH = sendmail
632; Specify any extra sendmail arguments
633SENDMAIL_ARGS =
634
635[cache]
636; if the cache enabled
637ENABLED = true
638; Either "memory", "redis", or "memcache", default is "memory"
639ADAPTER = memory
640; For "memory" only, GC interval in seconds, default is 60
641INTERVAL = 60
642; For "redis" and "memcache", connection host address
643; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
644; memcache: `127.0.0.1:11211`
645HOST =
646; Time to keep items in cache if not used, default is 16 hours.
647; Setting it to 0 disables caching
648ITEM_TTL = 16h
649
650; Last commit cache
651[cache.last_commit]
652; if the cache enabled
653ENABLED = true
654; Time to keep items in cache if not used, default is 8760 hours.
655; Setting it to 0 disables caching
656ITEM_TTL = 8760h
657; Only enable the cache when repository's commits count great than
658COMMITS_COUNT = 1000
659
660[session]
661; Either "memory", "file", or "redis", default is "memory"
662PROVIDER = file
663; Provider config options
664; memory: doesn't have any config yet
665; file: session file path, e.g. `data/sessions`
666; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
667; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
668PROVIDER_CONFIG = data/sessions
669; Session cookie name
670COOKIE_NAME = i_like_gitea
671; If you use session in https only, default is false
672COOKIE_SECURE = false
673; Enable set cookie, default is true
674ENABLE_SET_COOKIE = true
675; Session GC time interval in seconds, default is 86400 (1 day)
676GC_INTERVAL_TIME = 86400
677; Session life time in seconds, default is 86400 (1 day)
678SESSION_LIFE_TIME = 86400
679
680[picture]
681AVATAR_UPLOAD_PATH = data/avatars
682REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
683; How Gitea deals with missing repository avatars
684; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
685REPOSITORY_AVATAR_FALLBACK = none
686REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
687; Max Width and Height of uploaded avatars.
688; This is to limit the amount of RAM used when resizing the image.
689AVATAR_MAX_WIDTH = 4096
690AVATAR_MAX_HEIGHT = 3072
691; Maximum alloved file size for uploaded avatars.
692; This is to limit the amount of RAM used when resizing the image.
693AVATAR_MAX_FILE_SIZE = 1048576
694; Chinese users can choose "duoshuo"
695; or a custom avatar source, like: http://cn.gravatar.com/avatar/
696GRAVATAR_SOURCE = gravatar
697; This value will always be true in offline mode.
698DISABLE_GRAVATAR = false
699; Federated avatar lookup uses DNS to discover avatar associated
700; with emails, see https://www.libravatar.org
701; This value will always be false in offline mode or when Gravatar is disabled.
702ENABLE_FEDERATED_AVATAR = true
703
704[attachment]
705; Whether attachments are enabled. Defaults to `true`
706ENABLED = true
707; Path for attachments. Defaults to `data/attachments`
708PATH = data/attachments
709; One or more allowed types, e.g. image/jpeg|image/png
710ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
711; Max size of each file. Defaults to 4MB
712MAX_SIZE = 4
713; Max number of files per upload. Defaults to 5
714MAX_FILES = 5
715
716[time]
717; Specifies the format for fully outputted dates. Defaults to RFC1123
718; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
719; For more information about the format see http://golang.org/pkg/time/#pkg-constants
720FORMAT =
721; Location the UI time display i.e. Asia/Shanghai
722; Empty means server's location setting
723DEFAULT_UI_LOCATION =
724
725[log]
726ROOT_PATH = /var/www/git.flipkick.media/logs
727; Either "console", "file", "conn", "smtp" or "database", default is "console"
728; Use comma to separate multiple modes, e.g. "console, file"
729MODE = file
730; Buffer length of the channel, keep it as it is if you don't know what it is.
731BUFFER_LEN = 10000
732REDIRECT_MACARON_LOG = false
733MACARON = file
734; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
735ROUTER_LOG_LEVEL = Debug
736ROUTER = file
737ENABLE_ACCESS_LOG = file
738ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
739ACCESS = file
740; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
741LEVEL = Debug
742; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
743STACKTRACE_LEVEL = Debug
744
745; Generic log modes
746[log.x]
747FLAGS = stdflags
748EXPRESSION =
749PREFIX =
750COLORIZE = false
751
752; For "console" mode only
753[log.console]
754LEVEL =
755STDERR = false
756
757; For "file" mode only
758[log.file]
759LEVEL = Debug
760; Set the file_name for the logger. If this is a relative path this
761; will be relative to ROOT_PATH
762FILE_NAME = service-gitea.log
763; This enables automated log rotate(switch of following options), default is true
764LOG_ROTATE = true
765; Max number of lines in a single file, default is 1000000
766MAX_LINES = 1000000
767; Max size shift of a single file, default is 28 means 1 << 28, 256MB
768MAX_SIZE_SHIFT = 28
769; Segment log daily, default is true
770DAILY_ROTATE = true
771; delete the log file after n days, default is 7
772MAX_DAYS = 7
773; compress logs with gzip
774COMPRESS = true
775; compression level see godoc for compress/gzip
776COMPRESSION_LEVEL = 0
777
778; For "conn" mode only
779[log.conn]
780LEVEL = Debug
781; Reconnect host for every single message, default is false
782RECONNECT_ON_MSG = false
783; Try to reconnect when connection is lost, default is false
784RECONNECT = false
785; Either "tcp", "unix" or "udp", default is "tcp"
786PROTOCOL = tcp
787; Host address
788ADDR =
789
790; For "smtp" mode only
791[log.smtp]
792LEVEL =
793; Name displayed in mail title, default is "Diagnostic message from server"
794SUBJECT = Diagnostic message from server
795; Mail server
796HOST =
797; Mailer user name and password
798USER =
799; Use PASSWD = `your password` for quoting if you use special characters in the password.
800PASSWD =
801; Receivers, can be one or more, e.g. 1@example.com,2@example.com
802RECEIVERS =
803
804[cron]
805; Enable running cron tasks periodically.
806ENABLED = true
807; Run cron tasks when Gitea starts.
808RUN_AT_START = false
809
810; Update mirrors
811[cron.update_mirrors]
812SCHEDULE = @every 10m
813
814; Repository health check
815[cron.repo_health_check]
816SCHEDULE = @every 24h
817TIMEOUT = 60s
818; Arguments for command 'git fsck', e.g. "--unreachable --tags"
819; see more on http://git-scm.com/docs/git-fsck
820ARGS =
821
822; Check repository statistics
823[cron.check_repo_stats]
824RUN_AT_START = true
825SCHEDULE = @every 24h
826
827; Clean up old repository archives
828[cron.archive_cleanup]
829; Whether to enable the job
830ENABLED = true
831; Whether to always run at least once at start up time (if ENABLED)
832RUN_AT_START = true
833; Time interval for job to run
834SCHEDULE = @every 24h
835; Archives created more than OLDER_THAN ago are subject to deletion
836OLDER_THAN = 24h
837
838; Synchronize external user data (only LDAP user synchronization is supported)
839[cron.sync_external_users]
840; Synchronize external user data when starting server (default false)
841RUN_AT_START = false
842; Interval as a duration between each synchronization (default every 24h)
843SCHEDULE = @every 24h
844; Create new users, update existing user data and disable users that are not in external source anymore (default)
845; or only create new users if UPDATE_EXISTING is set to false
846UPDATE_EXISTING = true
847
848; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
849[cron.update_migration_post_id]
850; Interval as a duration between each synchronization. (default every 24h)
851SCHEDULE = @every 24h
852
853[git]
854; The path of git executable. If empty, Gitea searches through the PATH environment.
855PATH =
856; Disables highlight of added and removed changes
857DISABLE_DIFF_HIGHLIGHT = false
858; Max number of lines allowed in a single file in diff view
859MAX_GIT_DIFF_LINES = 1000
860; Max number of allowed characters in a line in diff view
861MAX_GIT_DIFF_LINE_CHARACTERS = 5000
862; Max number of files shown in diff view
863MAX_GIT_DIFF_FILES = 100
864; Arguments for command 'git gc', e.g. "--aggressive --auto"
865; see more on http://git-scm.com/docs/git-gc/
866GC_ARGS =
867; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
868ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
869; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
870PULL_REQUEST_PUSH_MESSAGE = true
871
872; Operation timeout in seconds
873[git.timeout]
874DEFAULT = 360
875MIGRATE = 600
876MIRROR = 300
877CLONE = 300
878PULL = 300
879GC = 60
880
881[mirror]
882; Default interval as a duration between each check
883DEFAULT_INTERVAL = 8h
884; Min interval as a duration must be > 1m
885MIN_INTERVAL = 10m
886
887[api]
888; Enables Swagger. True or false; default is true.
889ENABLE_SWAGGER = true
890; Max number of items in a page
891MAX_RESPONSE_ITEMS = 50
892; Default paging number of api
893DEFAULT_PAGING_NUM = 30
894; Default and maximum number of items per page for git trees api
895DEFAULT_GIT_TREES_PER_PAGE = 1000
896; Default size of a blob returned by the blobs API (default is 10MiB)
897DEFAULT_MAX_BLOB_SIZE = 10485760
898
899[oauth2]
900; Enables OAuth2 provider
901ENABLE = true
902; Lifetime of an OAuth2 access token in seconds
903ACCESS_TOKEN_EXPIRATION_TIME = 3600
904; Lifetime of an OAuth2 access token in hours
905REFRESH_TOKEN_EXPIRATION_TIME = 730
906; Check if refresh token got already used
907INVALIDATE_REFRESH_TOKENS = false
908; OAuth2 authentication secret for access and refresh tokens, change this to a unique string.
909JWT_SECRET = Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
910
911[i18n]
912LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
913NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
914
915; Used for datetimepicker
916[i18n.datelang]
917en-US = en
918zh-CN = zh
919zh-HK = zh-HK
920zh-TW = zh-TW
921de-DE = de
922fr-FR = fr
923nl-NL = nl
924lv-LV = lv
925ru-RU = ru
926uk-UA = uk
927ja-JP = ja
928es-ES = es
929pt-BR = pt-BR
930pl-PL = pl
931bg-BG = bg
932it-IT = it
933fi-FI = fi
934tr-TR = tr
935cs-CZ = cs-CZ
936sr-SP = sr
937sv-SE = sv
938ko-KR = ko
939
940[U2F]
941
942; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
943; Two Factor authentication with security keys
944; https://developers.yubico.com/U2F/App_ID.html
945; APP_ID = http://localhost:3000/
946; Comma seperated list of trusted facets
947; TRUSTED_FACETS = http://localhost:3000/
948; Extension mapping to highlight class
949; e.g. .toml=ini
950[highlight.mapping]
951
952[other]
953SHOW_FOOTER_BRANDING = false
954; Show version information about Gitea and Go in the footer
955SHOW_FOOTER_VERSION = true
956; Show template execution time in the footer
957SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
958
959[markup.sanitizer]
960
961; The following keys can be used multiple times to define sanitation policy rules.
962; ELEMENT = span
963; ALLOW_ATTR = class
964; REGEXP = ^(info|warning|error)$
965[markup.asciidoc]
966ENABLED = false
967; List of file extensions that should be rendered by an external command
968FILE_EXTENSIONS = .adoc,.asciidoc
969; External command to render all matching extensions
970RENDER_COMMAND = asciidoc --out-file=- -
971; Don't pass the file on STDIN, pass the filename as argument instead.
972IS_INPUT_FILE = false
973
974[metrics]
975; Enables metrics endpoint. True or false; default is false.
976ENABLED = false
977; If you want to add authorization, specify a token here
978TOKEN =
979
980[task]
981; Task queue type, could be `channel` or `redis`.
982QUEUE_TYPE = channel
983; Task queue length, available only when `QUEUE_TYPE` is `channel`.
984QUEUE_LENGTH = 1000
985; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
986; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
987QUEUE_CONN_STR = addrs=127.0.0.1:6379 db=0
988
989[migrations]
990; Max attempts per http/https request on migrations.
991MAX_ATTEMPTS = 3
992; Backoff time per http/https request retry (seconds)
993RETRY_BACKOFF = 3