mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 12:13:58 -06:00
7079698cdf
This commit switches `DiscourseIpInfo.mmdb_download` to use the permalinks supplied by MaxMind to download the MaxMind databases as specified in https://dev.maxmind.com/geoip/updating-databases#directly-downloading-databases which states: ``` To directly download databases, follow these steps: 1. In the "Download Links" column, click "Get Permalink(s)" for the desired database. 2. Copy the permalink(s) provided in the modal window. 3. Provide your account ID and your license key using Basic Authentication to authenticate. ``` Previously we are downloading from `https://download.maxmind.com/app/geoip_download` but this is not documented anyway on MaxMind's docs so this URL can in theory break in the future without warning. Therefore, we are taking a proactive approach to download the databases from MaxMind the recommended way instead of relying on a hidden URL. This old way of downloading the databases with only a license key will be deprecated in 3.3 and be removed in 3.4.
405 lines
13 KiB
Plaintext
405 lines
13 KiB
Plaintext
#
|
|
# DO NOT EDIT THIS FILE
|
|
# If you need to make changes create a file called discourse.conf in this directory with your changes
|
|
# On import this file will be imported using ERB
|
|
#
|
|
|
|
# Discourse supports multiple mechanisms for production config.
|
|
#
|
|
# 1. You can do nothing and get these defaults (not recommended, you should at least set hostname)
|
|
# 2. You can copy this file to config/discourse.conf and amend with your settings
|
|
# 3. You can pass in config from your environment, all the settings below are available.
|
|
# Prepend DISCOURSE_ and upper case the setting in ENV. For example:
|
|
# to pass in db_pool of 200 you would use DISCOURSE_DB_POOL=200
|
|
|
|
# All settings apply to production only
|
|
|
|
# connection pool size, sidekiq is set to 5, allowing an extra 3 for bg threads
|
|
db_pool = 8
|
|
|
|
# Database connection timeout in seconds
|
|
db_connect_timeout = 5
|
|
|
|
# socket file used to access db
|
|
db_socket =
|
|
|
|
# host address for db server
|
|
# This is set to blank so it tries to use sockets first
|
|
db_host =
|
|
|
|
# host address for db server when taking a backup via `pg_dump`
|
|
# Defaults to `db_host` if not configured
|
|
db_backup_host =
|
|
|
|
# port running db server, no need to set it
|
|
db_port =
|
|
|
|
# db server port to use when taking a backup via `pg_dump`
|
|
db_backup_port =
|
|
|
|
# database name running discourse
|
|
db_name = discourse
|
|
|
|
# username accessing database
|
|
db_username = discourse
|
|
|
|
# password used to access the db
|
|
db_password =
|
|
|
|
# Disallow prepared statements
|
|
# see: https://github.com/rails/rails/issues/21992
|
|
db_prepared_statements = false
|
|
|
|
# host address for db replica server
|
|
db_replica_host =
|
|
|
|
# port running replica db server, defaults to 5432 if not set
|
|
db_replica_port =
|
|
|
|
db_advisory_locks = true
|
|
|
|
# hostname running the forum
|
|
hostname = "www.example.com"
|
|
|
|
# backup hostname mainly for cdn use
|
|
backup_hostname =
|
|
|
|
# address of smtp server used to send emails
|
|
smtp_address =
|
|
|
|
# port of smtp server used to send emails
|
|
smtp_port = 25
|
|
|
|
# domain passed to smtp server
|
|
smtp_domain =
|
|
|
|
# username for smtp server
|
|
smtp_user_name =
|
|
|
|
# password for smtp server
|
|
smtp_password =
|
|
|
|
# smtp authentication mechanism
|
|
smtp_authentication = plain
|
|
|
|
# enable TLS encryption for smtp connections
|
|
smtp_enable_start_tls = true
|
|
|
|
# mode for verifying smtp server certificates
|
|
# to disable, set to 'none'
|
|
smtp_openssl_verify_mode =
|
|
|
|
# force implicit TLS as per RFC 8314 3.3
|
|
smtp_force_tls = false
|
|
|
|
# number of seconds to wait while attempting to open a SMTP connection
|
|
smtp_open_timeout = 5
|
|
|
|
# Number of seconds to wait until timing-out a SMTP read(2) call
|
|
smtp_read_timeout = 30
|
|
|
|
# number of seconds to wait while attempting to open a SMTP connection only when
|
|
# sending emails via group SMTP
|
|
group_smtp_open_timeout = 30
|
|
|
|
# Number of seconds to wait until timing-out a SMTP read(2) call only when sending
|
|
# emails via group SMTP
|
|
group_smtp_read_timeout = 60
|
|
|
|
# load MiniProfiler in production, to be used by developers
|
|
load_mini_profiler = true
|
|
|
|
# Every how many requests should MP profile a request (aka take snapshot)
|
|
# Default is never
|
|
mini_profiler_snapshots_period = 0
|
|
|
|
# specify the URL of the destination that MiniProfiler should ship snapshots to
|
|
# mini_profiler_snapshots_transport_auth_key is required as well
|
|
mini_profiler_snapshots_transport_url =
|
|
|
|
# authorization key that will be included as a header in requests made by the
|
|
# snapshots transporter to the URL specified above. The destination should
|
|
# know this key and only accept requests that have this key in the
|
|
# `Mini-Profiler-Transport-Auth` header.
|
|
mini_profiler_snapshots_transport_auth_key =
|
|
|
|
# recommended, cdn used to access assets
|
|
cdn_url =
|
|
|
|
# The hostname used by the CDN to request assets
|
|
cdn_origin_hostname =
|
|
|
|
# comma delimited list of emails that have developer level access
|
|
developer_emails =
|
|
|
|
# redis server address
|
|
redis_host = localhost
|
|
|
|
# redis server port
|
|
redis_port = 6379
|
|
|
|
# redis replica server address
|
|
redis_replica_host =
|
|
|
|
# redis replica server port
|
|
redis_replica_port = 6379
|
|
|
|
# redis database
|
|
redis_db = 0
|
|
|
|
# redis password
|
|
redis_password =
|
|
|
|
# skip configuring client id for cloud providers who support no client commands
|
|
redis_skip_client_commands = false
|
|
|
|
# uses SSL for all Redis connections if true
|
|
redis_use_ssl = false
|
|
|
|
# message bus redis server switch
|
|
message_bus_redis_enabled = false
|
|
|
|
# message bus redis server address
|
|
message_bus_redis_host = localhost
|
|
|
|
# message bus redis server port
|
|
message_bus_redis_port = 6379
|
|
|
|
# message bus redis replica server address
|
|
message_bus_redis_replica_host =
|
|
|
|
# message bus redis slave server port
|
|
message_bus_redis_replica_port = 6379
|
|
|
|
# message bus redis database
|
|
message_bus_redis_db = 0
|
|
|
|
# message bus redis password
|
|
message_bus_redis_password =
|
|
|
|
# skip configuring client id for cloud providers who support no client commands
|
|
message_bus_redis_skip_client_commands = false
|
|
|
|
# enable Cross-origin Resource Sharing (CORS) directly at the application level
|
|
enable_cors = false
|
|
cors_origin = ''
|
|
|
|
# enable if you really need to serve assets in prod
|
|
serve_static_assets = false
|
|
|
|
# number of sidekiq workers (launched via unicorn master)
|
|
sidekiq_workers = 5
|
|
|
|
# connection reaping helps keep connection counts down, postgres
|
|
# will not work properly with huge numbers of open connections
|
|
# reap connections from pool that are older than 30 seconds
|
|
connection_reaper_age = 30
|
|
|
|
# run reap check every 30 seconds
|
|
connection_reaper_interval = 30
|
|
|
|
# set to relative URL (for subdirectory/subfolder hosting)
|
|
# IMPORTANT: path must not include a trailing /
|
|
# EG: /forum
|
|
relative_url_root =
|
|
|
|
# increasing this number will increase redis memory use
|
|
# this ensures backlog (ability of channels to catch up are capped)
|
|
# message bus default cap is 1000, we are winding it down to 100
|
|
message_bus_max_backlog_size = 100
|
|
|
|
# how often the message-bus backlog should be cleared
|
|
# lower values will make memory usage more consistent, but will
|
|
# increase redis CPU demands
|
|
message_bus_clear_every = 50
|
|
|
|
# must be a 64 byte hex string, anything else will be ignored with a warning
|
|
secret_key_base =
|
|
|
|
# fallback path for all assets which are served via the application
|
|
# used by static_controller
|
|
# in multi host setups this allows you to have old unicorn instances serve
|
|
# newly compiled assets
|
|
fallback_assets_path =
|
|
|
|
# S3 settings used for serving ALL public files
|
|
# be sure to configure a CDN as well per cdn_url
|
|
s3_bucket =
|
|
s3_region =
|
|
s3_access_key_id =
|
|
s3_secret_access_key =
|
|
s3_use_iam_profile =
|
|
s3_cdn_url =
|
|
s3_endpoint =
|
|
s3_http_continue_timeout =
|
|
s3_install_cors_rule =
|
|
enable_s3_transfer_acceleration =
|
|
|
|
# Optionally, specify a separate CDN to be used for static JS assets stored on S3
|
|
s3_asset_cdn_url =
|
|
|
|
### rate limits apply to all sites
|
|
max_user_api_reqs_per_minute = 20
|
|
max_user_api_reqs_per_day = 2880
|
|
|
|
max_admin_api_reqs_per_minute = 60
|
|
|
|
max_reqs_per_ip_per_minute = 200
|
|
max_reqs_per_ip_per_10_seconds = 50
|
|
|
|
# applies to asset type routes (avatars/css and so on)
|
|
max_asset_reqs_per_ip_per_10_seconds = 200
|
|
|
|
# global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none
|
|
max_reqs_per_ip_mode = block
|
|
|
|
# bypass rate limiting any IP resolved as a private IP
|
|
max_reqs_rate_limit_on_private = false
|
|
|
|
# use per user rate limits vs ip rate limits for users with this trust level or more.
|
|
skip_per_ip_rate_limit_trust_level = 1
|
|
|
|
# logged in DoS protection
|
|
|
|
# protection will only trigger for requests that queue longer than this amount
|
|
force_anonymous_min_queue_seconds = 1
|
|
# only trigger anon if we see more than N requests for this path in last 10 seconds
|
|
force_anonymous_min_per_10_seconds = 3
|
|
|
|
# Any requests with the headers Discourse-Background = true will not be allowed to queue
|
|
# longer than this amount of time.
|
|
# Discourse will rate limit and ask client to try again later.
|
|
background_requests_max_queue_length = 0.5
|
|
|
|
# if a message bus request queues for 100ms or longer, we will reject it and ask consumer
|
|
# to back off
|
|
reject_message_bus_queue_seconds = 0.1
|
|
|
|
# disable search if app server is queueing for longer than this (in seconds)
|
|
disable_search_queue_threshold = 1
|
|
|
|
# maximum number of posts rebaked across the cluster in the periodical job
|
|
# rebake process is very expensive, on multisite we have to make sure we never
|
|
# flood the queue
|
|
max_old_rebakes_per_15_minutes = 300
|
|
|
|
# maximum number of log messages in /logs
|
|
max_logster_logs = 1000
|
|
|
|
# during precompile update maxmind database if older than N days
|
|
# set to 0 to disable
|
|
refresh_maxmind_db_during_precompile_days = 2
|
|
|
|
# backup path containing maxmind db files
|
|
maxmind_backup_path =
|
|
|
|
# register an account at: https://www.maxmind.com/en/geolite2/signup
|
|
# then head to profile and get your account ID and license key
|
|
maxmind_account_id =
|
|
maxmind_license_key =
|
|
|
|
# Configures a URL mirror to download the MaxMind databases from.
|
|
# When set, the file path will be appended to the mirror's URL.
|
|
# If the mirror URL is https://some.url.com/maxmind/mirror for example, the
|
|
# GeoLite2-City database file will be downloaded from https://some.url.com/maxmind/mirror/GeoLite2-City.tar.gz
|
|
maxmind_mirror_url =
|
|
|
|
# when enabled the following headers will be added to every response:
|
|
# (note, if measurements do not exist for the header they will be omitted)
|
|
#
|
|
# X-Redis-Calls: 10
|
|
# X-Redis-Time: 1.02
|
|
# X-Sql-Calls: 102
|
|
# X-Sql-Time: 1.02
|
|
# X-Queue-Time: 1.01
|
|
enable_performance_http_headers = false
|
|
|
|
# gather JavaScript errors from clients (rate limited to 1 error per IP per minute)
|
|
enable_js_error_reporting = true
|
|
|
|
# This is probably not a number you want to touch, it controls the number of workers
|
|
# we allow mini scheduler to run. Prior to 2019 we ran a single worker.
|
|
# On extremely busy setups this could lead to situations where regular jobs would
|
|
# starve. Specifically jobs such as "run heartbeat" which keeps sidekiq running.
|
|
# Having a high number here is very low risk. Regular jobs are limited in scope and scale.
|
|
mini_scheduler_workers = 5
|
|
|
|
# enable compression on anonymous cache redis entries
|
|
# this slightly increases the cost of storing cache entries but can make it much
|
|
# cheaper to retrieve cache entries when redis is stores on a different machine to the one
|
|
# running the web
|
|
compress_anon_cache = false
|
|
|
|
# Only store entries in redis for anonymous cache if they are observed more than N times
|
|
# for a specific key
|
|
#
|
|
# This ensures there are no pathological cases where we keep storing data in anonymous cache
|
|
# never to use it, set to 1 to store immediately, set to 0 to disable anon cache
|
|
anon_cache_store_threshold = 2
|
|
|
|
# EXPERIMENTAL - not yet supported in production
|
|
# by default admins can install and amend any theme
|
|
# you may restrict it so only specific themes are approved
|
|
# in allowlist mode all theme updates must happen via git repos
|
|
# themes missing from the list are automatically disallowed
|
|
# list is a comma separated list of git repos eg:
|
|
# https://github.com/discourse/discourse-custom-header-links.git,https://github.com/discourse/discourse-simple-theme.git
|
|
allowed_theme_repos =
|
|
|
|
# Demon::EmailSync is used in conjunction with the enable_imap site setting
|
|
# to sync N IMAP mailboxes with specific groups. It is a process started in
|
|
# unicorn.conf, and it spawns N threads (one for each multisite connection) and
|
|
# for each database spans another N threads (one for each configured group).
|
|
#
|
|
# We want this off by default so the process is not started when it does not
|
|
# need to be (e.g. development, test, certain hosting tiers)
|
|
enable_email_sync_demon = false
|
|
|
|
# we never want to queue more than 10000 digests per 30 minute block
|
|
# this can easily lead to blocking sidekiq
|
|
# on multisites we recommend a far lower number
|
|
max_digests_enqueued_per_30_mins_per_site = 10000
|
|
|
|
# This cluster name can be passed to the /srv/status route to verify
|
|
# the application cluster is the same one you are expecting
|
|
cluster_name =
|
|
|
|
# The YAML file used to configure multisite clusters
|
|
multisite_config_path = config/multisite.yml
|
|
|
|
# If false, only short (regular) polling will be attempted
|
|
enable_long_polling =
|
|
|
|
# Length of time to hold open a long polling connection in milliseconds
|
|
long_polling_interval =
|
|
|
|
# Specify the mode for the early hint header. Can be nil (disabled), "preconnect" (lists just CDN domains) or "preload" (lists all assets).
|
|
# The 'preload' mode currently serves inconsistent headers for different pages/users, and is not recommended for production use.
|
|
early_hint_header_mode =
|
|
|
|
# Specify which header name to use for the early hint. Defaults to "Link", but can be changed to support different proxy mechanisms.
|
|
early_hint_header_name = "Link"
|
|
|
|
# When using an external upload store, redirect `user_avatar` requests instead of proxying
|
|
redirect_avatar_requests = false
|
|
|
|
# Force the entire cluster into postgres readonly mode. Equivalent to running `Discourse.enable_pg_force_readonly_mode`
|
|
pg_force_readonly_mode = false
|
|
|
|
# default DNS query timeout for FinalDestination (used when not explicitely given programmatically)
|
|
dns_query_timeout_secs =
|
|
|
|
# Default global regex timeout
|
|
regex_timeout_seconds = 2
|
|
|
|
# Allow impersonation function on the cluster to admins
|
|
allow_impersonation = true
|
|
|
|
# The maximum number of characters allowed in a single log line.
|
|
log_line_max_chars = 160000
|
|
|
|
# this value is included when generating static asset URLs.
|
|
# Updating the value will allow site operators to invalidate all asset urls
|
|
# to recover from configuration issues which may have been cached by CDNs/browsers.
|
|
asset_url_salt =
|