-
-
Notifications
You must be signed in to change notification settings - Fork 364
Expand file tree
/
Copy path.env.example
More file actions
329 lines (269 loc) · 11 KB
/
.env.example
File metadata and controls
329 lines (269 loc) · 11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
APP_NAME=Lychee
APP_ENV=production
APP_KEY=
APP_DEBUG=false
# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
APP_URL=http://localhost
APP_FORCE_HTTPS=false
# If using Lychee in a sub folder, specify the path after the tld here.
# For example for https://lychee.test/path/to/lychee
# Set APP_URL=https://lychee.test
# and APP_DIR=/path/to/lychee
# We (LycheeOrg) do not recommend the use of APP_DIR.
# APP_DIR=
# enable or disable debug bar. By default it is disabled.
# Do note that this disable CSP!!
DEBUGBAR_ENABLED=false
# enable or disable log viewer. By default it is disabled
# Unfortunately, it is not possible to enable Log Viewer in production.
# If you wish to enable it, also switch your APP_ENV to 'local'
LOG_VIEWER_ENABLED=false
# disable logging 404 errors
# LOG_404_ERRORS=false
# enable or disable clockwork. By default it is disabled (and not provided on non-dev build).
CLOCKWORK_ENABLE=false
CLOCKWORK_DRIVER=laravel
CLOCKWORK_STORAGE_FILES_PATH=storage/clockwork
# enable or disable latency debug: adds a specific amount of time in milliseconds to wait before processing requests.
# Always disabled on production environment.
# APP_DEBUG_LATENCY=0
# All API requests to have the header "content-type: application/json"
# or "content-type: multipart/form-data" depending on the type.
#
# If you want to disable this requirement, set this to false.
#
# This requirement prevents the use of the API from the API documentation page.
REQUIRE_CONTENT_TYPE_ENABLED=true
# enable s3 bucket (required in addition to needing AWS_ACCESS_KEY_ID)
# S3_ENABLED=true
# If you spread old links of to your albums in your Lychee instance starting with
# https://lychee.text/#albumID/PhotoId
# Set this value to true to enable redirection.
LEGACY_V4_REDIRECT=false
##############################################################################
# IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
# server as v3. #
##############################################################################
# Table prefix (e.g. lychee_) of a Lychee v3 instance for migration
DB_OLD_LYCHEE_PREFIX=
# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
# not required, but an existing sqlite3 database may be specified if desired.
# In this case, please use an absolute path. DB_DATABASE may be omitted but should
# *not* be left blank.
# Note that if DB_PASSWORD includes special characters, it must be enclosed in quotes.
# e.g. DB_PASSWORD="lychee!@#$%^&"
DB_CONNECTION=sqlite
DB_HOST=
DB_PORT=
#DB_DATABASE=
DB_USERNAME=
DB_PASSWORD=
DB_LOG_SQL=false
DB_LOG_SQL_EXPLAIN=false #only for MySQL
# List foreign keys in diagnostic page
DB_LIST_FOREIGN_KEYS=false
# Application timezone. If not specified, the server's default timezone is used.
# Requires a named timezone identifier.
# See https://www.php.net/manual/en/timezones.php for the list of supported timezones.
# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST)
# TIMEZONE=Europe/Paris
# Visibility of directories and (media) files in LYCHEE_UPLOADS
# Possible values are:
#
# - private: world group has neither read nor write access
# - public: world group has read access but no write access (the default)
# - world: world group has read and write access
#
# The default should suffice for most installations.
# For improved security, change this setting to "private".
# Some rare setups may require directories and files to be world writeable.
# In this case, use "world" here.
# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
# LYCHEE_IMAGE_VISIBILITY=public
# folders in which the files will be stored
# LYCHEE_UPLOADS="/var/www/html/Lychee-Laravel/public/uploads/"
# LYCHEE_DIST="/var/www/html/Lychee-Laravel/public/dist/"
# LYCHEE_SYM="/var/www/html/Lychee-Laravel/public/sym/"
# url to access those files
# LYCHEE_UPLOADS_URL="uploads/"
# LYCHEE_DIST_URL="dist/"
# LYCHEE_SYM_URL="sym/"
# Support for token based authentication used by API requests. Enabled by default.
# ENABLE_TOKEN_AUTH=true
# Lychee supports both Redis and file caching.
# To use Redis, set CACHE_DRIVER to redis and configure the Redis connection.
CACHE_DRIVER=file
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
# REDIS_URL=redis://<username>:<password>@<host>:<port>
# If you use Redis as cache driver, we strongly recommend
# to disable it for your Log Viewer.
# Should redis crash, you will no longer be able to access your logs.
LOG_VIEWER_CACHE_DRIVER=file
LOG_STDOUT=false
# Session configuration
SESSION_DRIVER=file
SESSION_LIFETIME=120
# Duration (in minutes) for the "Remember Me" cookie. Default: 40320 (4 weeks)
# REMEMBER_LIFETIME=40320
# `sync` if jobs need to be executed live (default) or `database` if they can be deferred.
QUEUE_CONNECTION=sync
# Choose this mode only if you have set up a queue worker (strongly recommended though).
# QUEUE_CONNECTION=database
SECURITY_HEADER_HSTS_ENABLE=false
SECURITY_HEADER_CSP_CONNECT_SRC=
SECURITY_HEADER_SCRIPT_SRC_ALLOW=
SECURITY_HEADER_CSP_CHILD_SRC=
SECURITY_HEADER_CSP_FONT_SRC=
SECURITY_HEADER_CSP_FORM_ACTION=
SECURITY_HEADER_CSP_FRAME_ANCESTORS=
SECURITY_HEADER_CSP_FRAME_SRC=
SECURITY_HEADER_CSP_IMG_SRC=
SECURITY_HEADER_CSP_MEDIA_SRC=
SESSION_SECURE_COOKIE=false
MAIL_DRIVER=smtp
MAIL_HOST=
MAIL_PORT=
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
MAIL_FROM_NAME=
MAIL_FROM_ADDRESS=
# The trusted proxies if Lychee is behind a reverse proxy
# Accepted values:
# - `null`: no proxy
# - `*`: any proxy
# - <ip address>[,<ip address>]: a comma-seperated list of IP addresses
TRUSTED_PROXIES=null
# Comma-separated list of class names of diagnostics checks that should be skipped.
#SKIP_DIAGNOSTICS_CHECKS=
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
# Disable Basic Auth. This means that the only way to authenticate is via the API token or Oauth.
# This should only be toggled AFTER having set up the admin account and bound the Oauth client.
# DISABLE_BASIC_AUTH=false
# Disable WebAuthn. This means that the only way to authenticate is via the API token, Basic Auth or Oauth.
# DISABLE_WEBAUTHN=false
###################################################################
# LDAP Authentication (enterprise directory integration) #
###################################################################
# Enable LDAP authentication alongside or instead of basic auth
# LDAP_ENABLED=false
# LDAP Server connection settings
# LDAP_HOST=ldap.example.com
# LDAP_PORT=389
# For LDAPS (LDAP over SSL), use port 636
# LDAP_PORT=636
# Base DN for LDAP searches (e.g., dc=example,dc=com or dc=corp,dc=example,dc=com)
# LDAP_BASE_DN=dc=example,dc=com
# Service account credentials for LDAP bind
# This account needs read-only access to user and group attributes
# LDAP_BIND_DN=cn=lychee-service,ou=services,dc=example,dc=com
# LDAP_BIND_PASSWORD=securepassword
# LDAP user search filter (%s is replaced with username)
# For OpenLDAP:
# LDAP_USER_FILTER=(&(objectClass=person)(uid=%s))
# For Active Directory:
# LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountName=%s))
# LDAP attribute mapping (maps LDAP attributes to Lychee user fields)
# OpenLDAP defaults:
# LDAP_ATTR_USERNAME=uid
# LDAP_ATTR_EMAIL=mail
# LDAP_ATTR_DISPLAY_NAME=displayName
# Active Directory alternatives:
# LDAP_ATTR_USERNAME=sAMAccountName
# LDAP_ATTR_EMAIL=userPrincipalName
# LDAP_ATTR_DISPLAY_NAME=displayName
# Admin role mapping via LDAP group
# Users in this group will have may_administrate=true
# LDAP_ADMIN_GROUP_DN=cn=lychee-admins,ou=groups,dc=example,dc=com
# Auto-provision users on first LDAP login
# If false, users must be pre-created in Lychee before they can log in via LDAP
# LDAP_AUTO_PROVISION=true
# TLS/SSL settings for secure LDAP connections
# LDAP_USE_TLS=true
# LDAP_TLS_VERIFY_PEER=true
# Connection timeout in seconds
# LDAP_CONNECTION_TIMEOUT=5
# Oauth token data
# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.
# AMAZON_SIGNIN_CLIENT_ID=
# AMAZON_SIGNIN_SECRET=
# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect
# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
# APPLE_CLIENT_ID=
# APPLE_CLIENT_SECRET=
# APPLE_REDIRECT_URI=/auth/apple/redirect
# FACEBOOK_CLIENT_ID=
# FACEBOOK_CLIENT_SECRET=
# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect
# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
# GITHUB_REDIRECT_URI=/auth/github/redirect
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=/auth/google/redirect
# MASTODON_DOMAIN=https://mastodon.social
# MASTODON_ID=
# MASTODON_SECRET=
# MASTODON_REDIRECT_URI=/auth/mastodon/redirect
# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
# MICROSOFT_TENANT_ID=
# NEXTCLOUD_CLIENT_ID=
# NEXTCLOUD_CLIENT_SECRET=
# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
# NEXTCLOUD_BASE_URI=
# KEYCLOAK_CLIENT_ID=
# KEYCLOAK_CLIENT_SECRET=
# KEYCLOAK_REDIRECT_URI=/auth/keycloak/redirect
# KEYCLOAK_BASE_URL=
# KEYCLOAK_REALM=
# AUTHENTIK_BASE_URL=
# AUTHENTIK_CLIENT_ID=
# AUTHENTIK_CLIENT_SECRET=
# AUTHENTIK_REDIRECT_URI=/auth/authentik/redirect
# AUTHELIA_BASE_URL=
# AUTHELIA_CLIENT_ID=
# AUTHELIA_CLIENT_SECRET=
# AUTHELIA_REDIRECT_URI=/auth/authelia/redirect
# AWS support data
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# AWS_DEFAULT_REGION=
# AWS_BUCKET=
# AWS_URL=
# AWS_ENDPOINT=
# AWS_IMAGE_VISIBILITY=
# AWS_USE_PATH_STYLE_ENDPOINT=
###################################################################
# Vite local development without running a server. #
# set VITE_LOCAL_DEV to true #
# set VITE_HTTP_PROXY_TARGET to the rediction for the API calls. #
###################################################################
# VITE_LOCAL_DEV=true
# VITE_HTTP_PROXY_TARGET=http://localhost:8000
# DISABLE_IMPORT_FROM_SERVER=false
###################################################################
# Payment integration (requires SE) #
###################################################################
# Enable test mode (Sandbox mode) for payment gateways.
# In test mode, no real money transactions are done.
# We set it to true by default for safety. Make sure to set it to false
# when you go live.
# OMNIPAY_TEST_MODE=true
# Configuration values for Mollie integration
# MOLLIE_API_KEY=
# MOLLIE_PROFILE_ID=
# Configuration values for Stripe integration (NOT WORKING YET, MAYBE LATER)
# STRIPE_API_KEY=
# STRIPE_PUBLISHABLE_KEY=
# Configuration values for PayPal integration
# PAYPAL_CLIENT_ID=
# PAYPAL_SECRET=