lufi.conf 14.4 KB
Newer Older
Romain de Laage's avatar
Romain de Laage committed
1
2
3
4
5
6
7
8
9
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
    ####################
    # Hypnotoad settings
    ####################
    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
    hypnotoad => {
        # array of IP addresses and ports you want to listen to
        # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock'
10
        listen => ['http://*:8081'],
Romain de Laage's avatar
Romain de Laage committed
11
12
        # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1
        # if you use Lufi directly, let it commented
13
        proxy  => 1,
Romain de Laage's avatar
Romain de Laage committed
14
15
16

        # Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers
        # to adjust this to your server
17
18
19
        workers => 10,
        clients => 2,
        spare => 4
Romain de Laage's avatar
Romain de Laage committed
20
21
22
23
24
25
26
27
28
29
30
31
32
33
    },

    # Put a way to contact you here and uncomment it
    # You can put some HTML in it
    # MANDATORY
    contact       => '<a href="mailto:picasoft@assos.utc.fr">Contact</a>',

    # Put an URL or an email address to receive file reports and uncomment it
    # It's for make reporting illegal files easy for users
    # MANDATORY
    report => 'picasoft@assos.utc.fr',

    # Array of random strings used to encrypt cookies
    # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
34
    secrets        => [$ENV{'KEY_COOKIE'}],
Romain de Laage's avatar
Romain de Laage committed
35
36
37
38
39
40
41

    # Name of the instance, displayed next to the logo
    # optional, default is Lufi
    instance_name => 'PicaDrop',

    # Choose a theme. See the available themes in `themes` directory
    # Optional, default is 'default'
Romain de Laage's avatar
Romain de Laage committed
42
    theme         => 'picadrop',
Romain de Laage's avatar
Romain de Laage committed
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

    # Length of the random URL
    # optional, default is 8
    length            => 8,

    # How many URLs will be provisioned in a batch ?
    # optional, default is 5
    provis_step       => 5,

    # Max number of URLs to be provisioned
    # optional, default is 100
    provisioning      => 100,

    # Length of the modify/delete token
    # optional, default is 32
    token_length      => 32,

    # Max file size, in octets
    # You can write it 100*1024*1024
    # optional, no default
63
    max_file_size     => 3072*1024*1024,
Romain de Laage's avatar
Romain de Laage committed
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

    # If you want to have piwik statistics, provide a piwik image tracker
    # Only the image tracker is allowed, no javascript
    # optional, no default
    #piwik_img         => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',

    # Broadcast_message which will displayed on the index page
    # optional, no default
    #broadcast_message => 'Maintenance',

    # Default time limit for files
    # Valid values are 0, 1, 7, 30 and 365
    # optional, default is 0 (no limit)
    default_delay     => 0,

    # Number of days after which the files will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
    # A warning message will be displayed on homepage
    # optional, default is 0 (no limit)
    max_delay         => 15,

    # Size thresholds: if you want to define max delays for different sizes of file
    # The keys are size in Bytes, you can't have 10*1000*10000 as key
    # If a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
    # optional, default is using max_delay (see above) for all sizes
    #delay_for_size  => {
    #    10000000   => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
    #    50000000   => 60, # between 50MB ans 1GB  => max is 60 days
    #    1000000000 => 2,  # more than 1GB         => max is 2 days
    #},

    # URL sub-directory in which you want Lufi to be accessible
    # example: you want to have Lufi under https://example.org/lufi/
    # => set prefix to '/lufi' or to '/lufi/', it doesn't matter
    # optional, defaut is /
    prefix        => '/',

    # Array of authorized domains for API calls.
    # If you want to authorize everyone to use the API: ['*']
    # optional, no domains allowed by default
    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],

    # Define a path to the upload directory, where the uploaded files will be stored
    # You can define it relative to lufi directory or set an absolute path
    # Remember that it has to be in a directory writable by Lufi user
    # DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
    # optional, default is 'files'
110
    upload_dir           => '/lufi/files',
Romain de Laage's avatar
Romain de Laage committed
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

    # Allow to add a password on files, asked before allowing to download files
    # optional, default is 0
    allow_pwd_on_files => 1,

    # Force all files to be in "Burn after reading mode"
    # optional, default is 0
    #force_burn_after_reading => 0,

    # If set, the files' URLs will always use this domain
    # optional, no default
    #fixed_domain => 'example.org',

    # Abuse reasons
    # Set an integer in the abuse field of a file in the database and it will not be downloadable anymore
    # The reason will be displayed to the downloader, according to the reasons you will configure here.
    # optional, no default
    abuse => {
       0 => 'Copyright infringment',
       1 => 'Illegal content',
    },

    ###############
    # Mail settings
    ###############

    # Mail configuration
    # See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
    # optional, default to sendmail method with no arguments
    mail => {
        # Valid values are 'sendmail' and 'smtp'
        how => 'smtp',
143
        howargs => { host => 'mail.picasoft.net', ssl => 'starttls', sasl_username => 'drop', sasl_password => $ENV{'EMAIL_PASSWORD'}, helo => 'drop.picasoft.net'}
Romain de Laage's avatar
Romain de Laage committed
144
145
146
147
    },

    # Email sender address
    # optional, default to no-reply@lufi.io
148
    mail_sender => 'drop@picasoft.net',
Romain de Laage's avatar
Romain de Laage committed
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

    #############
    # DB settings
    #############

    # Choose what database you want to use
    # Valid choices are sqlite, postgresql and mysql (all lowercase)
    # optional, default is sqlite
    dbtype => 'postgresql',

    # SQLite ONLY - only used if dbtype is set to sqlite
    # Define a path to the SQLite database
    # You can define it relative to lufi directory or set an absolute path
    # Remember that it has to be in a directory writable by Lufi user
    # optional, default is lufi.db
    #db_path           => 'lufi.db',

    # PostgreSQL ONLY - only used if dbtype is set to postgresql
    # These are the credentials to access the PostgreSQL database
    # mandatory if you choosed postgresql as dbtype
    pgdb => {
170
        database => $ENV{'POSTGRES_DB'},
Romain de Laage's avatar
Romain de Laage committed
171
172
173
        host     => 'lufidb',
        # optional, default is 5432
        port     => 5432,
174
175
        user     => $ENV{'POSTGRES_USER'},
        pwd      => $ENV{'POSTGRES_PASSWORD'},
Romain de Laage's avatar
Romain de Laage committed
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
        # https://mojolicious.org/perldoc/Mojo/Pg#max_connections
        # optional, default is 1
        #max_connections => 1,
    },

    # MySQL ONLY - only used if dbtype is set to mysql
    # These are the credentials to access the MySQL database
    # mandatory if you choosed mysql as dbtype
    #mysqldb => {
    #    database => 'lufi',
    #    host     => 'localhost',
    #    # optional, default is 3306
    #    #port     => 3306,
    #    user     => 'DBUSER',
    #    pwd      => 'DBPASSWORD',
    #    # https://metacpan.org/pod/Mojo::mysql#max_connections
    #    # optional, default is 5 (set to 0 to disable persistent connections)
    #    #max_connections => 5,
    #},

    #############################################
    # LDAP settings (authentication and features)
    #############################################

    # Set `ldap` if you want that only authenticated users can upload files
    # Please note that everybody can still download files
    # optional, no default
    #ldap => {
    #    uri         => 'ldaps://ldap.example.org',                 # server URI
    #    user_tree   => 'ou=users,dc=example,dc=org',               # search base DN
    #    bind_dn     => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
    #    bind_pwd    => 'secr3t',                                   # search bind password
    #    user_attr   => 'uid',                                      # user attribute (uid, mail, sAMAccountName, etc.)
    #    user_filter => '(!(uid=ldap_user))',                       # user filter (to exclude some users, etc.)
    #    # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
    #    # don't set or uncomment if you don't want to configure it
    #    start_tls => {
    #       verify     => 'optional',
    #       clientcert => '/etc/ssl/certs/ca-bundle.pem'
    #    }
    #},

    # If you've set ldap above, the session will last `session_duration` seconds before
    # the user needs to reauthenticate
    # optional, default is 3600
    #session_duration => 3600,

    # If you use `ldap` for authentication, you can map some attributes from LDAP to be able to access them in Lufi
    # Those attributes will be accessible with:
    #   $c->current_user->{lufi_attribute_name} in Lufi backend files (all that is in `lib` directory)
    #   <%= $self->current_user->{lufi_attribute_name} %> in templates files (in `themes` directory)
    #
    # Define the attributes like this: `lufi_attribute_name => 'LDAP_attribute_name'`
    # Note that you can’t use `username` as a Lufi attribute name: this name is reserved and will contain the login of the user
    # optional, no default
    #ldap_map_attr => {
    #    displayname => 'cn',
    #    mail        => 'mail'
    #},

    # When using LDAP authentication, LDAP users can invite people (by mail) to use Lufi to send them files without
    # being authenticated.
    # This is where you configure the behavior of the invitations.
    # You may need to fetch some attributes from LDAP to use some invitations settings. See `ldap_map_attr` above.
    # optional, no default
    #invitations => {
    #   # The name of the key set in `ldap_map_attr` (above) that corresponds to the mail of the LDAP user
    #   # optional, default is `mail`
    #   mail_attr => 'mail',
    #   # The `From` header of invitation mail can be the mail of the LDAP user
    #   # Be sure to have a mail system that will correctly send the mail from your users! (DKIM, SPF…)
    #   # To enable this feature, set it to 1
    #   # optional, disabled by default
    #   send_invitation_with_ldap_user_mail => 1,
    #   # The user is able to set an expiration delay for the invitation.
    #   # This expiration delay can’t be more than this setting (in days).
    #   # optional, default is 30 days
    #   max_invitation_expiration_delay => 30,
    #   # Once the guest has submitted his files, he has an additional period of time to submit forgotten files.
    #   # You can set that additional period of time in minutes here.
    #   # To disable that feature, set it to 0 or less
    #   # optional, default is 10 minutes
    #   max_additional_period => 10,
    #   # Lufi follows privacy-by-design, so, by default, no files URLs (with the decode secret) are stored in database.
    #   # However, the concern is different for this case. Storing files URLs makes users able to retrieve the guests’ sent files
    #   # from their `invitations` page.
    #   # Set to 1 to store guests’ files URLs in database
    #   # optional, default is 0 (disabled)
    #   save_files_url_in_db => 0,
    #   # Users can resend the invitation to their guest. This does not extend the invitation’s expiration delay unless you
    #   # set this option to 1.
    #   # optional, default is 0 (disabled)
    #   extend_invitation_expiration_on_resend => 0,
    #},

    #########################
    # Htpasswd authentication
    #########################

    # Set `htpasswd` if you want to use an htpasswd file instead of ldap
    # See 'man htpasswd' to know how to create such file
    #htpasswd => 'lufi.passwd',

    #######################
    # HTTP Headers settings
    #######################

    # Content-Security-Policy header that will be sent by Lufi
    # Set to '' to disable CSP header
    # https://content-security-policy.com/ provides a good documentation about CSP.
    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
    # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
    #csp => "",

    # X-Frame-Options header that will be sent by Lufi
    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
    # Set to '' to disable X-Frame-Options header
    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
    # optional, default is 'DENY'
    #x_frame_options => 'DENY',

    # X-Content-Type-Options that will be sent by Lufi
    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
    # Set to '' to disable X-Content-Type-Options header
    # optional, default is 'nosniff'
    #x_content_type_options => 'nosniff',

    # X-XSS-Protection that will be sent by Lufi
    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
    # Set to '' to disable X-XSS-Protection header
    # optional, default is '1; mode=block'
    #x_xss_protection => '1; mode=block',

    #########################
    # Lufi cron jobs settings
    #########################

    # Number of days senders' IP addresses are kept in database
    # After that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
    # optional, default is 365
318
    keep_ip_during    => 14,
Romain de Laage's avatar
Romain de Laage committed
319
320
321
322

    # Max size of the files directory, in octets
    # Used by script/lufi cron watch to trigger an action
    # optional, no default
Quentin Duchemin's avatar
Quentin Duchemin committed
323
    # max_total_size    => 10*1024*1024*1024,
Romain de Laage's avatar
Romain de Laage committed
324
325
326
327
328
329
330
331
332
333

    # Default action when files directory is over max_total_size (used with script/lufi cron watch)
    # Valid values are 'warn', 'stop-upload' and 'delete'
    # Please, see README.md
    # optional, default is 'warn'
    policy_when_full  => 'warn',

    # Files which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
    # If delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
    # optional, no default
334
    delete_no_longer_viewed_files => 365,
Romain de Laage's avatar
Romain de Laage committed
335
};