-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.example.yaml
More file actions
106 lines (94 loc) · 3.26 KB
/
Copy pathconfig.example.yaml
File metadata and controls
106 lines (94 loc) · 3.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
dev_mode: false
server:
# The address the server should listen on inside the container.
listen: 0.0.0.0:8080
# The external URL used for generating links. REQUIRED for reverse proxies.
public_url: http://localhost:8080
trusted_proxies:
- 127.0.0.1
# Add your Reverse Proxy IP here if needed
security:
# Change these secrets to long, random strings for production!
session_secret: "generate-a-very-long-random-string-here"
token_secret: "generate-another-long-random-string-here"
# Set to TRUE if running behind an HTTPS proxy (Securepoint, Caddy, Nginx).
# This enables 'Secure' cookies which only work over HTTPS.
behind_reverse_proxy: true
storage:
# Path where files are stored (relative to WORKDIR /app)
path: data/storage
cleanup:
# How often the Mark-and-Sweep worker runs
interval: 15m
# Delete unfinished uploads after 24h
delete_incomplete_uploads_after: 24h
# Reserved for future enforcement. Monitor disk space at the filesystem level for now.
limits:
max_files_per_share: 50
max_share_size: 20GiB
max_file_size: 20GiB
database:
# Path to SQLite database file
path: data/db/ferry.db
auth:
# Internal API secret used by CLI commands such as `ferry cleanup`.
# Generate with `ferry init-config` and keep it private.
static_password: "CHANGEME_TO_SOMETHING_VERY_STRONG"
# One-time bootstrap and break-glass secret for setup and recovery flows.
bootstrap_password: "CHANGEME_TO_A_DIFFERENT_STRONG_SECRET"
rate_limit:
enabled: true
# 0.2 means one request every 5 seconds (on average)
rate: 0.2
# Allows a quick burst of attempts before throttling kicks in
burst: 5
upload:
max_size: 20GiB
expiration: 24h
share:
default_expiration: 7d
max_expiration: 30d
ldap:
# LDAP/AD configuration is reserved for a future release.
# These fields document the planned shape, but ldap.enabled=true is rejected
# until the authentication provider is implemented.
enabled: false
# Examples:
# url: ldaps://ad.example.internal:636
# url: ldap://ad.example.internal:389 # with starttls: true
url: ""
# Canonical realm label used for USER@REALM identities.
realm: ""
# Enable StartTLS for ldap:// endpoints. Do not combine with ldaps://.
starttls: false
# Unsafe lab override. Keep false in production.
insecure_skip_verify: false
# Optional bind account for directory searches.
bind_dn: ""
bind_password: ""
# Required when LDAP is enabled.
base_dn: ""
# Optional search filter template. Keep empty for implementation defaults.
user_filter: ""
attributes:
# AD-oriented defaults. Override for other LDAP implementations.
login: "sAMAccountName"
display_name: "displayName"
email: "mail"
external_id: "objectGUID"
tls:
# Optional CA bundle path when the issuing CA is not in the system trust store.
ca_file: ""
ui:
# Optional: Customize the application name shown in title and header.
app_name: ""
# Optional: URL to a logo image.
logo_url: ""
# Optional: URL to a favicon icon.
favicon_url: ""
# The primary brand color (CSS hex format).
primary_color: "#3b82f6"
# Optional: Path to a custom CSS file to further customize the look.
custom_css_path: ""
# Optional: Custom text for the footer (e.g., Company Info or Legal links).
footer_text: ""