discourse/config/discourse_defaults.conf

#
# DO NOT EDIT THIS FILE
# If you need to make changes create a file called discourse.conf in this directory with your changes
# On import this file will be imported using ERB
#

# Discourse supports multiple mechanisms for production config.
#
# 1. You can do nothing and get these defaults (not recommended, you should at least set hostname)
# 2. You can copy this file to config/discourse.conf and amend with your settings
# 3. You can pass in config from your environment, all the settings below are available.
#    Append DISCOURSE_ and upper case the setting in ENV. For example:
#    to pass in db_timeout of 200 you would use DISCOURSE_DB_TIMEOUT=200

# All settings apply to production only

# connection pool size, sidekiq is set to 5, allowing an extra 3 for bg threads
db_pool = 8

# ActiveRecord connection pool timeout in milliseconds
db_timeout = 5000

# Database connection timeout in seconds
db_connect_timeout = 5

# socket file used to access db
db_socket =

# host address for db server
# This is set to blank so it tries to use sockets first
db_host =

# host address for db server when taking a backup via `pg_dump`
# Defaults to `db_host` if not configured
db_backup_host =

# port running db server, no need to set it
db_port =

# db server port to use when taking a backup via `pg_dump`
db_backup_port = 5432

# database name running discourse
db_name = discourse

# username accessing database
db_username = discourse

# password used to access the db
db_password =

# Disallow prepared statements
# see: https://github.com/rails/rails/issues/21992
db_prepared_statements = false

# host address for db replica server
db_replica_host =

# port running replica db server, defaults to 5432 if not set
db_replica_port =

# hostname running the forum
hostname = "www.example.com"

# backup hostname mainly for cdn use
backup_hostname =

# address of smtp server used to send emails
smtp_address =

# port of smtp server used to send emails
smtp_port = 25

# domain passed to smtp server
smtp_domain =

# username for smtp server
smtp_user_name =

# password for smtp server
smtp_password =

# smtp authentication mechanism
smtp_authentication = plain

# enable TLS encryption for smtp connections
smtp_enable_start_tls = true

# mode for verifying smtp server certificates
# to disable, set to 'none'
smtp_openssl_verify_mode =

# load MiniProfiler in production, to be used by developers
load_mini_profiler = true

# recommended, cdn used to access assets
cdn_url =

# comma delimited list of emails that have developer level access
developer_emails =

# redis server address
redis_host = localhost

# redis server port
redis_port = 6379

# redis slave server address
redis_slave_host =

# redis slave server port
redis_slave_port = 6379

# redis database
redis_db = 0

# redis password
redis_password =

# redis sentinels eg
# redis_sentinels = 10.0.0.1:26381,10.0.0.2:26381
redis_sentinels =

# enable Cross-origin Resource Sharing (CORS) directly at the application level
enable_cors = false
cors_origin = ''

# enable if you really need to serve assets in prd
serve_static_assets = false

# number of sidekiq workers (launched via unicorn master)
sidekiq_workers = 5

# adjust stylesheets to rtl (requires "rtlit" gem)
rtl_css = false

# notify admin when a new version of discourse is released
# this is global so it is easier to set in multisites
# TODO allow for global overrides
new_version_emails = true

# connection reaping helps keep connection counts down, postgres
# will not work properly with huge numbers of open connections
# reap connections from pool that are older than 30 seconds
connection_reaper_age = 30

# run reap check every 30 seconds
connection_reaper_interval = 30

# set to relative URL (for subdirectory hosting)
# IMPORTANT: path must not include a trailing /
# EG: /forum
relative_url_root =

# increasing this number will increase redis memory use
# this ensures backlog (ability of channels to catch up are capped)
# message bus default cap is 1000, we are winding it down to 100
message_bus_max_backlog_size = 100

# must be a 64 byte hex string, anything else will be ignored with a warning
secret_key_base =

# fallback path for all assets which are served via the application
# used by static_controller
# in multi host setups this allows you to have old unicorn instances serve
# newly compiled assets
fallback_assets_path =

# S3 settings used for serving ALL public files
# be sure to configre a CDN as well per cdn_url
s3_bucket =
s3_region =
s3_access_key_id =
s3_secret_access_key =
s3_use_iam_profile = false
s3_cdn_url =


### rate limits apply to all sites
max_user_api_reqs_per_minute = 20
max_user_api_reqs_per_day = 2880

max_admin_api_reqs_per_key_per_minute = 60

max_reqs_per_ip_per_minute = 200
max_reqs_per_ip_per_10_seconds = 50

# applies to asset type routes (avatars/css and so on)
max_asset_reqs_per_ip_per_10_seconds = 200

# global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none
max_reqs_per_ip_mode = none

# bypass rate limiting any IP resolved as a private IP
max_reqs_rate_limit_on_private = false

# logged in DoS protection

# protection will only trigger for requests that queue longer than this amount
force_anonymous_min_queue_seconds = 1
# only trigger anon if we see more than N requests for this path in last 10 seconds
force_anonymous_min_per_10_seconds = 3
globals now implemented and documented 2013-12-20 00:17:21 -05:00			`#`
			`# DO NOT EDIT THIS FILE`
			`# If you need to make changes create a file called discourse.conf in this directory with your changes`
spelling in comment 2014-06-03 18:38:10 -04:00			`# On import this file will be imported using ERB`
should be commented out 2013-12-20 02:01:41 -05:00			`#`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
			`# Discourse supports multiple mechanisms for production config.`
			`#`
			`# 1. You can do nothing and get these defaults (not recommended, you should at least set hostname)`
			`# 2. You can copy this file to config/discourse.conf and amend with your settings`
			`# 3. You can pass in config from your environment, all the settings below are available.`
should be commented out 2013-12-20 02:01:41 -05:00			`# Append DISCOURSE_ and upper case the setting in ENV. For example:`
			`# to pass in db_timeout of 200 you would use DISCOURSE_DB_TIMEOUT=200`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
			`# All settings apply to production only`

* Increase pool size to allow for a few extra bg threads in sidekiq 2014-05-21 19:00:24 -04:00			`# connection pool size, sidekiq is set to 5, allowing an extra 3 for bg threads`
			`db_pool = 8`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
FIX: Set PG `connect_timeout` to 5 seconds. * 30 seconds is alittle too long. 2017-10-17 00:32:41 -04:00			`# ActiveRecord connection pool timeout in milliseconds`
globals now implemented and documented 2013-12-20 00:17:21 -05:00			`db_timeout = 5000`

Fix typo. 2017-10-17 00:34:49 -04:00			`# Database connection timeout in seconds`
FIX: Set PG `connect_timeout` to 5 seconds. * 30 seconds is alittle too long. 2017-10-17 00:32:41 -04:00			`db_connect_timeout = 5`

globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# socket file used to access db`
correct defaults 2013-12-20 00:23:01 -05:00			`db_socket =`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
			`# host address for db server`
try to default to sockets, so less people have issues configuring in prd 2014-01-05 20:25:29 -05:00			`# This is set to blank so it tries to use sockets first`
			`db_host =`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
Add new config to ensure backup/restore connects to PG directly. * In `pg_dump` 10.3+ and 9.5.12+, in it does a `SELECT pg_catalog.set_config('search_path', '', false)` which changes the state of the current connection. This is known to be problematic with Pgbouncer which reuses connections. As such, we'll always try to connect directly to PG directly during the backup/restore process. 2018-03-08 21:22:29 -05:00			# host address for db server when taking a backup via `pg_dump`
			# Defaults to `db_host` if not configured
			`db_backup_host =`

try to default to sockets, so less people have issues configuring in prd 2014-01-05 20:25:29 -05:00			`# port running db server, no need to set it`
			`db_port =`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
Add new config to ensure backup/restore connects to PG directly. * In `pg_dump` 10.3+ and 9.5.12+, in it does a `SELECT pg_catalog.set_config('search_path', '', false)` which changes the state of the current connection. This is known to be problematic with Pgbouncer which reuses connections. As such, we'll always try to connect directly to PG directly during the backup/restore process. 2018-03-08 21:22:29 -05:00			# db server port to use when taking a backup via `pg_dump`
			`db_backup_port = 5432`

globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# database name running discourse`
			`db_name = discourse`

			`# username accessing database`
			`db_username = discourse`

			`# password used to access the db`
			`db_password =`

PERF: disable prepared statements see: https://github.com/rails/rails/issues/21992 2015-10-18 23:02:22 -04:00			`# Disallow prepared statements`
			`# see: https://github.com/rails/rails/issues/21992`
			`db_prepared_statements = false`
FEATURE: allow users to specify if prepared statements are allowed (they need to be disabled for pgpool based setups) 2015-02-17 19:16:53 -05:00
FEATURE: AR adapter to failover to a replica DB server. 2016-01-25 01:27:59 -05:00			`# host address for db replica server`
			`db_replica_host =`

			`# port running replica db server, defaults to 5432 if not set`
			`db_replica_port =`

globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# hostname running the forum`
			`hostname = "www.example.com"`

format does not allow numbers 2015-07-23 01:33:38 -04:00			`# backup hostname mainly for cdn use`
			`backup_hostname =`
FEATURE: allow users to specify a second hostname if needed (very rarely needed feature, mostly for multisite and origin pull cdns) 2015-07-23 01:22:54 -04:00
globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# address of smtp server used to send emails`
			`smtp_address =`

			`# port of smtp server used to send emails`
			`smtp_port = 25`

			`# domain passed to smtp server`
			`smtp_domain =`

			`# username for smtp server`
			`smtp_user_name =`

			`# password for smtp server`
			`smtp_password =`

Make SMTP authentication mechanism configurable. 2014-01-06 07:49:42 -05:00			`# smtp authentication mechanism`
			`smtp_authentication = plain`

globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# enable TLS encryption for smtp connections`
			`smtp_enable_start_tls = true`

Added `openssl_verify_mode` parameter for action_mailer. - parameter in `environments/production.rb` - documentation & default value (nil) in `discourse_defaults.conf` 2014-05-07 17:59:05 -04:00			`# mode for verifying smtp server certificates`
			`# to disable, set to 'none'`
			`smtp_openssl_verify_mode =`

CHANGE: Mini Profiler only enabled for developers in prd 2014-07-16 18:34:30 -04:00			`# load MiniProfiler in production, to be used by developers`
			`load_mini_profiler = true`
globals now implemented and documented 2013-12-20 00:17:21 -05:00
			`# recommended, cdn used to access assets`
			`cdn_url =`

Use GlobalSetting to enable CORS at application level 2014-02-10 02:11:52 -05:00			`# comma delimited list of emails that have developer level access`
globals now implemented and documented 2013-12-20 00:17:21 -05:00			`developer_emails =`

			`# redis server address`
			`redis_host = localhost`

			`# redis server port`
			`redis_port = 6379`

FEATURE: Master-Slave Redis configuration with fallback and switch over. 2016-03-02 09:01:48 -05:00			`# redis slave server address`
			`redis_slave_host =`

			`# redis slave server port`
Add default port for redis_slave. 2016-03-11 02:07:07 -05:00			`redis_slave_port = 6379`
FEATURE: Master-Slave Redis configuration with fallback and switch over. 2016-03-02 09:01:48 -05:00
Allow configuration of Redis DB and cache DB Hardcoding the Redis DB and Redis Caching DB to 0 and 2 in `config/database.yml` makes an unsafe assumption that Discourse is the only application using that install of redis-server. Instead of forcing users to undergo yet another form of configuration, allow Discourse admins a nicer way to configure the Redis databases used. Signed-off-by: David Celis <me@davidcel.is> 2013-12-30 16:39:43 -05:00			`# redis database`
			`redis_db = 0`

globals now implemented and documented 2013-12-20 00:17:21 -05:00			`# redis password`
			`redis_password =`
Use GlobalSetting to enable CORS at application level 2014-02-10 02:11:52 -05:00
FEATURE: allow use of redis sentinel via redis_sentinels Use: DISCOURSE_REDIS_SENTINELS and DISCOURSE_REDIS_HOST to configure redis sentinel 2015-06-25 02:51:48 -04:00			`# redis sentinels eg`
			`# redis_sentinels = 10.0.0.1:26381,10.0.0.2:26381`
			`redis_sentinels =`

Use GlobalSetting to enable CORS at application level 2014-02-10 02:11:52 -05:00			`# enable Cross-origin Resource Sharing (CORS) directly at the application level`
			`enable_cors = false`
FEATURE: CORS settings per-site in a multisite env 2011-10-15 14:00:00 -04:00			`cors_origin = ''`
FEATURE: allow overriding server static asset if needed 2014-02-16 18:43:57 -05:00
			`# enable if you really need to serve assets in prd`
			`serve_static_assets = false`
PERF: reduce sidekiq worker count to 5 2014-05-13 20:21:11 -04:00
			`# number of sidekiq workers (launched via unicorn master)`
			`sidekiq_workers = 5`
Add RTL support to Discourse CSS pre-processing using the RTLit gem and configurable via discourse.conf 2014-08-08 02:31:31 -04:00
			`# adjust stylesheets to rtl (requires "rtlit" gem)`
FEATURE: allow version emails to be disabled globally 2014-08-22 20:02:14 -04:00			`rtl_css = false`

			`# notify admin when a new version of discourse is released`
			`# this is global so it is easier to set in multisites`
			`# TODO allow for global overrides`
			`new_version_emails = true`
FEATURE: configurable connection reaping settings 2015-02-16 17:58:23 -05:00
			`# connection reaping helps keep connection counts down, postgres`
			`# will not work properly with huge numbers of open connections`
			`# reap connections from pool that are older than 30 seconds`
			`connection_reaper_age = 30`
FIX: correct pool reaper This removes a freedom patch and replaces with a custom reaper thread it also captures an issue where reaper would fail when connections where empty 2018-06-14 04:22:02 -04:00
FEATURE: configurable connection reaping settings 2015-02-16 17:58:23 -05:00			`# run reap check every 30 seconds`
			`connection_reaper_interval = 30`
FEATURE: add clean support for running Discourse in a subfolder To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish 2015-03-08 20:45:36 -04:00
			`# set to relative URL (for subdirectory hosting)`
			`# IMPORTANT: path must not include a trailing /`
			`# EG: /forum`
remove change from descourse_defaults.conf 2018-04-10 16:27:03 -04:00			`relative_url_root =`
PERF: cut down on memory usage allowed to redis This limits the amount of backlog message bus channels can have. 2016-02-03 21:58:38 -05:00
			`# increasing this number will increase redis memory use`
			`# this ensures backlog (ability of channels to catch up are capped)`
			`# message bus default cap is 1000, we are winding it down to 100`
			`message_bus_max_backlog_size = 100`
FEATURE: per client user tokens Revamped system for managing authentication tokens. - Every user has 1 token per client (web browser) - Tokens are rotated every 10 minutes New system migrates the old tokens to "legacy" tokens, so users still remain logged on. Also introduces weekly job to expire old auth tokens. 2017-01-31 17:21:37 -05:00
			`# must be a 64 byte hex string, anything else will be ignored with a warning`
			`secret_key_base =`
FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:06 -04:00
			`# fallback path for all assets which are served via the application`
			`# used by static_controller`
			`# in multi host setups this allows you to have old unicorn instances serve`
			`# newly compiled assets`
			`fallback_assets_path =`
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3. 2017-10-06 01:20:01 -04:00
			`# S3 settings used for serving ALL public files`
			`# be sure to configre a CDN as well per cdn_url`
			`s3_bucket =`
			`s3_region =`
			`s3_access_key_id =`
			`s3_secret_access_key =`
			`s3_use_iam_profile = false`
			`s3_cdn_url =`
FEATURE: add global rate limiter for admin api 60 per minute Also move configuration of admin and user api rate limiting into global settings. This is not intended to be configurable per site 2017-12-10 19:07:22 -05:00

			`### rate limits apply to all sites`
			`max_user_api_reqs_per_minute = 20`
			`max_user_api_reqs_per_day = 2880`

			`max_admin_api_reqs_per_key_per_minute = 60`
FEATURE: optional default off global per ip rate limiter 2017-12-11 01:21:00 -05:00
FEATURE: Shorten setting name to max_reqs So it is consistent with other settings 2018-01-21 21:18:30 -05:00			`max_reqs_per_ip_per_minute = 200`
			`max_reqs_per_ip_per_10_seconds = 50`
FEATURE: limit assets less that non asset paths By default assets can be requested up to 200 times per 10 seconds from the app, this includes CSS and avatars 2018-03-05 23:20:39 -05:00
			`# applies to asset type routes (avatars/css and so on)`
			`max_asset_reqs_per_ip_per_10_seconds = 200`

FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00			`# global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none`
FEATURE: Shorten setting name to max_reqs So it is consistent with other settings 2018-01-21 21:18:30 -05:00			`max_reqs_per_ip_mode = none`
FEATURE: global rate limiter can bypass local IPs 2018-01-07 16:39:17 -05:00
			`# bypass rate limiting any IP resolved as a private IP`
FEATURE: Shorten setting name to max_reqs So it is consistent with other settings 2018-01-21 21:18:30 -05:00			`max_reqs_rate_limit_on_private = false`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00
			`# logged in DoS protection`

			`# protection will only trigger for requests that queue longer than this amount`
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load 2018-04-22 21:54:58 -04:00			`force_anonymous_min_queue_seconds = 1`
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a single path. This can happen if a URL is shared with the entire forum base and everyone is logged on 2018-04-18 02:58:40 -04:00			`# only trigger anon if we see more than N requests for this path in last 10 seconds`
			`force_anonymous_min_per_10_seconds = 3`