-
Notifications
You must be signed in to change notification settings - Fork 28
/
lstu.conf.template
281 lines (242 loc) · 12.1 KB
/
lstu.conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
####################
# Hypnotoad settings
####################
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
listen => ['http://127.0.0.1:8080'],
# if you use Lstu behind a reverse proxy like Nginx, you want to set proxy to 1
# if you use Lstu directly, let it commented
#proxy => 1,
},
# put a way to contact you here and uncomment it
# MANDATORY
#contact => 'admin[at]example.com',
# array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
#secret => ['fdjsofjoihrei'],
# secret passphrase to access some admin features
# If you don't want to have a plain text password in configuration,
# use hashed_adminpwd instead
# optional, but you won't have access to admin /stats if not set and if hashed_adminpwd is not set either
#adminpwd => 's3cr3T',
# secret hashed passphrase to access some admin features
# Hash your password by issuing `echo -n s3cr3T | sha256sum` on your terminal
# optional, but you won't have access to admin /stats if not set and if adminpwd is not set either
#hashed_adminpwd => '94b2feede6ea5e2eec62f457ecb7d3f719b24d19c29d4e5466246a31908fc23b',
# indicates if you want to really delete URLs from admin page (/stats)
# or just want to deactivate the shorten URL (won’t redirect anymore, can’t be used anymore)
# optional, default to 0 (false)
#really_delete_urls => 0,
# choose a theme. See the available themes in `themes` directory
# optional, default is 'default'
#theme => 'default',
# number of URLs to be displayed per page in /stats
# optional, default is 10
#page_offset => 10,
# length of the random URL
# optional, default is 8
#length => 8,
# how many URLs will be provisioned in a batch ?
# optional, default is 5
#provis_step => 5,
# max number of URLs to be provisioned
# optional, default is 100
#provisioning => 100,
# URL sub-directory in which you want Lstu to be accessible
# example: you want to have Lstu under https://example.org/lstu/
# => set prefix to '/lstu' or to '/lstu/', it doesn't matter
# optional, defaut is /
#prefix => '/',
# array of authorized domains for API calls.
# if you want to authorize everyone to use the API: ['*']
# optional, no domains allowed by default
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
# if set, the shortened URLs will use this domain
# optional
#fixed_domain => 'example.org',
# if set to 1, Lstu will try to prevent its use without using the web interface
# optional, default is 0
#disable_api => 0,
# choose what database you want to use
# valid choices are sqlite, postgresql and mysql (all lowercase)
# optional, default is sqlite
#dbtype => 'sqlite',
# SQLite ONLY - only used if dbtype is set to sqlite
# define a path to the SQLite database
# you can define it relative to lstu directory or set an absolute path
# remember that it has to be in a directory writable by Lstu user
# optional, default is lstu.db
#db_path => 'lstu.db',
# PostgreSQL ONLY - only used if dbtype is set to postgresql
# these are the credentials to access the PostgreSQL database
# mandatory if you choosed postgresql as dbtype
#pgdb => {
# database => 'lstu',
# host => 'localhost',
# # optional, default is 5432
# #port => 5432,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# # optional, default is 1
# #max_connections => 1,
#},
# MySQL ONLY - only used if dbtype is set to mysql
# these are the credentials to access the MySQL database
# mandatory if you choosed mysql as dbtype
#mysqldb => {
# database => 'lstu',
# host => 'localhost',
# # optional, default is 3306
# #port => 3306,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# # optional, default is 5 (set to 0 to disable persistent connections)
# #max_connections => 5,
#},
# Rate-limiting for the API
# After ban_min_strike requests in a second, the IP address will be
# banned for one hour.
# If it continues to query the API during this ban time at least
# ban_min_strike times, it will be banned for a month.
# optional, default is 3
#ban_min_strike => 3,
# Ban whitelist
# You can whitelist IP addresses to prevent you from being banned
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_whitelist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_whitelist => [],
# Ban blacklist
# You can blacklist IP addresses to always ban those IP addresses
# Be careful, the IP addresses are compared as string, not as IP addresses
# a network range will not work
# Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
# optional, default is an empty array
#ban_blacklist => [],
# define an URL to the Piwik instance and the ID of a website to track
# set if you want to track views in Piwik
# optional, Piwik tracking is disabled by default
#piwik => {
# url => 'http://piwik.example.com',
# idsite => '1',
#},
# use Minion instead of directly increase counters
# need to launch a minion worker service if enabled
# optional, Minion is disabled by default
# It will use the same DB type as Lstu: sqlite if you choose sqlite for `dbtype`,
# postgresql for postgresql, etc.
#minion => {
# enabled => 0,
# # SQLite ONLY - only used if if you choose sqlite as DB type,
# # define the path to the minion database
# # you can define it relative to lstu directory or set an absolute path
# # remember that it has to be in a directory writable by Lutim user
# # optional, default is minion.db
# db_path => 'minion.db',
# # PostgreSQL ONLY - only used if you choose postgresql as DB type
# # these are the credentials to access the Minion's PostgreSQL database
# # mandatory if you choosed postgresql as DB type, no default
# pgdb => {
# database => 'lstu_minion',
# host => 'localhost',
# # optional, default is 5432
# #port => 5432,
# user => 'DBUSER',
# pwd => 'DBPASSWORD'
# },
# # MySQL ONLY - only used if you choose mysql as DB type
# # these are the credentials to access the Minion's MySQL database
# # mandatory if you choosed mysql as DB type, no default
# mysqldb => {
# database => 'lstu_minion',
# host => 'localhost',
# # optional, default is 3306
# #port => 3306,
# user => 'DBUSER',
# pwd => 'DBPASSWORD',
# },
#},
# set `ldap` if you want that only authenticated users can shorten URLs
# please note that everybody can still use shortend URLs
# optional, no default
#ldap => {
# uri => 'ldaps://ldap.example.org', # server URI
# user_tree => 'ou=users,dc=example,dc=org', # search base DN
# bind_dn => 'uid=ldap_user,ou=users,dc=example,dc=org', # search bind DN
# bind_pwd => 'secr3t', # search bind password
# user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
# user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
#},
# set `htpasswd` if you want to use an htpasswd file instead of ldap
# create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2`
# make sure that lstu can read the file!
# optional, no default
#htpasswd => 'lstu.passwd',
# if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
# the user needs to reauthenticate
# optional, default is 3600
#session_duration => 3600,
# how many redirections are allowed for the shortened URL before considering it as a spam?
# optional, default is 2. Set to -1 to allow infinite redirections (not recommended)
#max_redir => 2,
# spam blacklist regex. All URLs (or redirection) whose host part matches this regex are considered as spam
# optional, no default
#spam_blacklist_regex => 'foo|bar',
# spam path blacklist regex. All URLs (or redirection) whose path part matches this regex are considered as spam
# optional, no default
#spam_path_blacklist_regex => 'foo|bar',
# spam whitelist regex. All URLs (or redirection) whose host part matches this regex will never be considered as spam
# optional, no default
#spam_whitelist_regex => 'foo|bar',
# set to 1 to skip SpamHaus check (not recommended)
# optional, default is 0
#skip_spamhaus => 0,
# put your Google API key to enable Google safebrowsing check
# This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
# Google does not get the URLs that are checked.
# Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
# TL;DR: https://console.developers.google.com/projectselector/apis/library
# optional, no default
#safebrowsing_api_key => '',
# array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
# If set to [], the cache is disabled
# optional, default is []
#memcached_servers => [],
# Content-Security-Policy header that will be sent by Lstu
# Set to '' to disable CSP header
# https://content-security-policy.com/ provides a good documentation about CSP.
# https://report-uri.com/home/generate provides a tool to generate a CSP header.
# optional, default is "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'"
# the default value is good for `default` and `milligram` themes
#csp => "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'",
# X-Frame-Options header that will be sent by Lstu
# Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
# Set to '' to disable X-Frame-Options header
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
# Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
# to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
# optional, default is 'DENY'
#x_frame_options => 'DENY',
# X-Content-Type-Options that will be sent by Lstu
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
# Set to '' to disable X-Content-Type-Options header
# optional, default is 'nosniff'
#x_content_type_options => 'nosniff',
# X-XSS-Protection that will be sent by Lstu
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Set to '' to disable X-XSS-Protection header
# optional, default is '1; mode=block'
#x_xss_protection => '1; mode=block',
# Log creator's IP address
# Set to 1 if you want to register the IP addresses of URL creators
# optional, default is 0
#log_creator_ip => 0,
# Positive integer which specifies how many pixels one "module" (one block of the QR code) occupies.
# You can't use fractional values. An arbitrary upper limit of 100 is imposed by Image::PNG::QRCode module.
# optional, default is 3
#qrcode_size => 3,
};