# SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY="7(2w1sedok=aznpq)ta1mc4i%4h=xx@hxwx*o57ctsuml0x%fr" # SECURITY WARNING: don't run with debug turned on in production! DEBUG=false USE_HTTPS=true DOMAIN=your.domain.here EMAIL=your@email.here # Instance default language (see options at bookwyrm/settings.py "LANGUAGES" LANGUAGE_CODE="en-us" # Used for deciding which editions to prefer DEFAULT_LANGUAGE="English" ## Leave unset to allow all hosts # ALLOWED_HOSTS="localhost,127.0.0.1,[::1]" # Specify when the site is served from a port that is not the default # for the protocol (80 for HTTP or 443 for HTTPS). # Probably only necessary in development. # PORT=1333 MEDIA_ROOT=images/ # hCaptcha configuration HCAPTCHA_SITEKEY= HCAPTCHA_SECRET= # Database configuration PGPORT=5432 POSTGRES_PASSWORD=securedbypassword123 POSTGRES_USER=bookwyrm POSTGRES_DB=bookwyrm POSTGRES_HOST=db # Redis activity stream manager MAX_STREAM_LENGTH=200 REDIS_ACTIVITY_HOST=redis_activity REDIS_ACTIVITY_PORT=6379 REDIS_ACTIVITY_PASSWORD=redispassword345 # Optional, use a different redis database (defaults to 0) # REDIS_ACTIVITY_DB_INDEX=0 # Alternatively specify the full redis url, i.e. if you need to use a unix:// socket # REDIS_ACTIVITY_URL= # Redis as celery broker REDIS_BROKER_HOST=redis_broker REDIS_BROKER_PORT=6379 REDIS_BROKER_PASSWORD=redispassword123 # Optional, use a different redis database (defaults to 0) # REDIS_BROKER_DB_INDEX=0 # Alternatively specify the full redis url, i.e. if you need to use a unix:// socket # REDIS_BROKER_URL= # Monitoring for celery FLOWER_PORT=8888 FLOWER_USER=admin FLOWER_PASSWORD=changeme # Email config EMAIL_HOST=smtp.mailgun.org EMAIL_PORT=587 EMAIL_HOST_USER=mail@your.domain.here EMAIL_HOST_PASSWORD=emailpassword123 EMAIL_USE_TLS=true EMAIL_USE_SSL=false EMAIL_SENDER_NAME=admin # defaults to DOMAIN EMAIL_SENDER_DOMAIN= # Query timeouts SEARCH_TIMEOUT=5 QUERY_TIMEOUT=5 # Thumbnails Generation ENABLE_THUMBNAIL_GENERATION=true # S3 configuration USE_S3=false AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= # seconds for signed S3 urls to expire # this is currently only used for user export files S3_SIGNED_URL_EXPIRY=900 # Commented are example values if you use a non-AWS, S3-compatible service # AWS S3 should work with only AWS_STORAGE_BUCKET_NAME and AWS_S3_REGION_NAME # non-AWS S3-compatible services will need AWS_STORAGE_BUCKET_NAME, # along with both AWS_S3_CUSTOM_DOMAIN and AWS_S3_ENDPOINT_URL. # AWS_S3_URL_PROTOCOL must end in ":" and defaults to the same protocol as # the BookWyrm instance ("http:" or "https:", based on USE_SSL). # AWS_STORAGE_BUCKET_NAME= # "example-bucket-name" # AWS_S3_CUSTOM_DOMAIN=None # "example-bucket-name.s3.fr-par.scw.cloud" # AWS_S3_URL_PROTOCOL=None # "http:" # AWS_S3_REGION_NAME=None # "fr-par" # AWS_S3_ENDPOINT_URL=None # "https://s3.fr-par.scw.cloud" # Commented are example values if you use Azure Blob Storage # USE_AZURE=true # AZURE_ACCOUNT_NAME= # "example-account-name" # AZURE_ACCOUNT_KEY= # "base64-encoded-access-key" # AZURE_CONTAINER= # "example-blob-container-name" # AZURE_CUSTOM_DOMAIN= # "example-account-name.blob.core.windows.net" # Preview image generation can be computing and storage intensive ENABLE_PREVIEW_IMAGES=False # Specify RGB tuple or RGB hex strings, # or use_dominant_color_light / use_dominant_color_dark PREVIEW_BG_COLOR=use_dominant_color_light # Change to #FFF if you use use_dominant_color_dark PREVIEW_TEXT_COLOR=#363636 PREVIEW_IMG_WIDTH=1200 PREVIEW_IMG_HEIGHT=630 PREVIEW_DEFAULT_COVER_COLOR=#002549 # Below are example keys if you want to enable automatically # sending telemetry to an OTLP-compatible service. Many of # the main monitoring apps have OLTP collectors, including # NewRelic, DataDog, and Honeycomb.io - consult their # documentation for setup instructions, and what exactly to # put below! # # Service name is an arbitrary tag that is attached to any # data sent, used to distinguish different sources. Useful # for sending prod and dev metrics to the same place and # keeping them separate, for instance! # API endpoint for your provider OTEL_EXPORTER_OTLP_ENDPOINT= # Any headers required, usually authentication info OTEL_EXPORTER_OTLP_HEADERS= # Service name to identify your app OTEL_SERVICE_NAME= # Set HTTP_X_FORWARDED_PROTO ONLY to true if you know what you are doing. # Only use it if your proxy is "swallowing" if the original request was made # via https. Please refer to the Django-Documentation and assess the risks # for your instance: # https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header HTTP_X_FORWARDED_PROTO=false # TOTP settings # TWO_FACTOR_LOGIN_VALIDITY_WINDOW sets the number of codes either side # which will be accepted. TWO_FACTOR_LOGIN_VALIDITY_WINDOW=2 TWO_FACTOR_LOGIN_MAX_SECONDS=60 # Additional hosts to allow in the Content-Security-Policy, "self" (should be # DOMAIN with optionally ":" + PORT) and AWS_S3_CUSTOM_DOMAIN (if used) are # added by default. Value should be a comma-separated list of host names. CSP_ADDITIONAL_HOSTS= # Time before being logged out (in seconds) # SESSION_COOKIE_AGE=2592000 # current default: 30 days # Maximum allowed memory for file uploads (increase if users are having trouble # uploading BookWyrm export files). # DATA_UPLOAD_MAX_MEMORY_MiB=100