X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a709fd04b539c8da466596ad74b962a426e40bfd..refs/pull/3918/head:/.env.example.complete diff --git a/.env.example.complete b/.env.example.complete index 9d24fceeb..03e52d6bb 100644 --- a/.env.example.complete +++ b/.env.example.complete @@ -42,7 +42,7 @@ APP_TIMEZONE=UTC # overrides can be made. Defaults to disabled. APP_THEME=false -# Trusted Proxies +# Trusted proxies # Used to indicate trust of systems that proxy to the application so # certain header values (Such as "X-Forwarded-For") can be used from the # incoming proxy request to provide origin detail. @@ -58,6 +58,13 @@ DB_DATABASE=database_database DB_USERNAME=database_username DB_PASSWORD=database_user_password +# MySQL specific connection options +# Path to Certificate Authority (CA) certificate file for your MySQL instance. +# When this option is used host name identity verification will be performed +# which checks the hostname, used by the client, against names within the +# certificate itself (Common Name or Subject Alternative Name). +MYSQL_ATTR_SSL_CA="/path/to/ca.pem" + # Mail system to use # Can be 'smtp' or 'sendmail' MAIL_DRIVER=smtp @@ -136,6 +143,10 @@ STORAGE_URL=false # Can be 'standard', 'ldap', 'saml2' or 'oidc' AUTH_METHOD=standard +# Automatically initiate login via external auth system if it's the only auth method. +# Works with saml2 or oidc auth methods. +AUTH_AUTO_INITIATE=false + # Social authentication configuration # All disabled by default. # Refer to https://www.bookstackapp.com/docs/admin/third-party-auth/ @@ -216,6 +227,7 @@ LDAP_DUMP_USER_DETAILS=false LDAP_USER_TO_GROUPS=false LDAP_GROUP_ATTRIBUTE="memberOf" LDAP_REMOVE_FROM_GROUPS=false +LDAP_DUMP_USER_GROUPS=false # SAML authentication configuration # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/ @@ -251,7 +263,11 @@ OIDC_ISSUER_DISCOVER=false OIDC_PUBLIC_KEY=null OIDC_AUTH_ENDPOINT=null OIDC_TOKEN_ENDPOINT=null +OIDC_ADDITIONAL_SCOPES=null OIDC_DUMP_USER_DETAILS=false +OIDC_USER_TO_GROUPS=false +OIDC_GROUPS_CLAIM=groups +OIDC_REMOVE_FROM_GROUPS=false # Disable default third-party services such as Gravatar and Draw.IO # Service-specific options will override this option @@ -266,7 +282,7 @@ AVATAR_URL= # Enable diagrams.net integration # Can simply be true/false to enable/disable the integration. # Alternatively, It can be URL to the diagrams.net instance you want to use. -# For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1 +# For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1&configure=1 DRAWIO=true # Default item listing view @@ -283,7 +299,7 @@ APP_DEFAULT_DARK_MODE=false # Page revision limit # Number of page revisions to keep in the system before deleting old revisions. # If set to 'false' a limit will not be enforced. -REVISION_LIMIT=50 +REVISION_LIMIT=100 # Recycle Bin Lifetime # The number of days that content will remain in the recycle bin before @@ -324,6 +340,13 @@ ALLOW_UNTRUSTED_SERVER_FETCHING=false # Setting this option will also auto-adjust cookies to be SameSite=None. ALLOWED_IFRAME_HOSTS=null +# A list of sources/hostnames that can be loaded within iframes within BookStack. +# Space separated if multiple. BookStack host domain is auto-inferred. +# Can be set to a lone "*" to allow all sources for iframe content (Not advised). +# Defaults to a set of common services. +# Current host and source for the "DRAWIO" setting will be auto-appended to the sources configured. +ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com" + # The default and maximum item-counts for listing API requests. API_DEFAULT_ITEM_COUNT=100 API_MAX_ITEM_COUNT=500 @@ -338,3 +361,11 @@ API_REQUESTS_PER_MIN=180 # user identifier (Username or email). LOG_FAILED_LOGIN_MESSAGE=false LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver + +# Alter the precision of IP addresses stored by BookStack. +# Should be a number between 0 and 4, where 4 retains the full IP address +# and 0 completely hides the IP address. As an example, a value of 2 for the +# IP address '146.191.42.4' would result in '146.191.x.x' being logged. +# For the IPv6 address '2001:db8:85a3:8d3:1319:8a2e:370:7348' this would result as: +# '2001:db8:85a3:8d3:x:x:x:x' +IP_ADDRESS_PRECISION=4 \ No newline at end of file