|
|
|
@ -51,7 +51,7 @@ RUN_USER = ; git
|
|
|
|
|
RUN_MODE = prod
|
|
|
|
|
;;
|
|
|
|
|
;; The working directory, see the comment of AppWorkPath above
|
|
|
|
|
WORK_PATH = /var/lib/gitea
|
|
|
|
|
;WORK_PATH =
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -81,10 +81,6 @@ DOMAIN = $BASE_URL
|
|
|
|
|
;; Overwrite the automatically generated public URL. Necessary for proxies and docker.
|
|
|
|
|
ROOT_URL = https://%(DOMAIN)s/
|
|
|
|
|
;;
|
|
|
|
|
;; For development purpose only. It makes Gitea handle sub-path ("/sub-path/owner/repo/...") directly when debugging without a reverse proxy.
|
|
|
|
|
;; DO NOT USE IT IN PRODUCTION!!!
|
|
|
|
|
;USE_SUB_URL_PATH = false
|
|
|
|
|
;;
|
|
|
|
|
;; when STATIC_URL_PREFIX is empty it will follow ROOT_URL
|
|
|
|
|
;STATIC_URL_PREFIX =
|
|
|
|
|
;;
|
|
|
|
@ -306,8 +302,6 @@ LANDING_PAGE = explore
|
|
|
|
|
;; Enables git-lfs support. true or false, default is false.
|
|
|
|
|
LFS_START_SERVER = false
|
|
|
|
|
;;
|
|
|
|
|
;; Enables git-lfs SSH protocol support. true or false, default is false.
|
|
|
|
|
;LFS_ALLOW_PURE_SSH = false
|
|
|
|
|
;;
|
|
|
|
|
;; LFS authentication secret, change this yourself
|
|
|
|
|
;LFS_JWT_SECRET =
|
|
|
|
@ -324,10 +318,6 @@ LFS_START_SERVER = false
|
|
|
|
|
;; Maximum number of locks returned per page
|
|
|
|
|
;LFS_LOCKS_PAGING_NUM = 50
|
|
|
|
|
;;
|
|
|
|
|
;; When clients make lfs batch requests, reject them if there are more pointers than this number
|
|
|
|
|
;; zero means 'unlimited'
|
|
|
|
|
;LFS_MAX_BATCH_SIZE = 0
|
|
|
|
|
;;
|
|
|
|
|
;; Allow graceful restarts using SIGHUP to fork
|
|
|
|
|
;ALLOW_GRACEFUL_RESTARTS = true
|
|
|
|
|
;;
|
|
|
|
@ -513,9 +503,6 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
|
|
|
|
|
;; stemming from cached/logged plain-text API tokens.
|
|
|
|
|
;; In future releases, this will become the default behavior
|
|
|
|
|
;DISABLE_QUERY_AUTH_TOKEN = false
|
|
|
|
|
;;
|
|
|
|
|
;; On user registration, record the IP address and user agent of the user to help identify potential abuse.
|
|
|
|
|
;; RECORD_USER_SIGNUP_METADATA = false
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -532,8 +519,7 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
|
|
|
|
|
;; HMAC to encode urls with, it **is required** if camo is enabled.
|
|
|
|
|
;HMAC_KEY =
|
|
|
|
|
;; Set to true to use camo for https too lese only non https urls are proxyed
|
|
|
|
|
;; ALLWAYS is deprecated and will be removed in the future
|
|
|
|
|
;ALWAYS = false
|
|
|
|
|
;ALLWAYS = false
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -554,7 +540,7 @@ ENABLED = false
|
|
|
|
|
;;
|
|
|
|
|
;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
|
|
|
|
|
;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
|
|
|
|
|
;JWT_SECRET =
|
|
|
|
|
JWT_SECRET =
|
|
|
|
|
;;
|
|
|
|
|
;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one
|
|
|
|
|
JWT_SECRET_URI = file:/etc/gitea/secrets/oauth2_jwt_secret
|
|
|
|
@ -583,7 +569,7 @@ JWT_SECRET_URI = file:/etc/gitea/secrets/oauth2_jwt_secret
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log
|
|
|
|
|
ROOT_PATH = data/log
|
|
|
|
|
ROOT_PATH = /var/lib/gitea/data/log
|
|
|
|
|
;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; Main Logger
|
|
|
|
@ -774,10 +760,7 @@ DISABLE_REGISTRATION = true
|
|
|
|
|
;ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
|
|
|
|
;;
|
|
|
|
|
;; User must sign in to view anything.
|
|
|
|
|
;; After 1.23.7, it could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
|
|
|
|
|
;; for example: block anonymous AI crawlers from accessing repo code pages.
|
|
|
|
|
;; The "expensive" mode is experimental and subject to change.
|
|
|
|
|
;REQUIRE_SIGNIN_VIEW = false
|
|
|
|
|
REQUIRE_SIGNIN_VIEW = false
|
|
|
|
|
;;
|
|
|
|
|
;; Mail notification
|
|
|
|
|
;ENABLE_NOTIFY_MAIL = false
|
|
|
|
@ -787,13 +770,6 @@ DISABLE_REGISTRATION = true
|
|
|
|
|
;; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
|
|
|
|
|
;ENABLE_BASIC_AUTHENTICATION = true
|
|
|
|
|
;;
|
|
|
|
|
;; Show the password sign-in form (for password-based login), otherwise, only show OAuth2 or passkey login methods if they are enabled.
|
|
|
|
|
;; If you set it to false, maybe it also needs to set ENABLE_BASIC_AUTHENTICATION to false to completely disable password-based authentication.
|
|
|
|
|
;ENABLE_PASSWORD_SIGNIN_FORM = true
|
|
|
|
|
;;
|
|
|
|
|
;; Allow users to sign-in with a passkey
|
|
|
|
|
;ENABLE_PASSKEY_AUTHENTICATION = true
|
|
|
|
|
;;
|
|
|
|
|
;; More detail: https://github.com/gogits/gogs/issues/165
|
|
|
|
|
;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
|
|
|
|
; Enable this to allow reverse proxy authentication for API requests, the reverse proxy is responsible for ensuring that no CSRF is possible.
|
|
|
|
@ -921,24 +897,6 @@ SHOW_REGISTRATION_BUTTON = false
|
|
|
|
|
;; Valid site url schemes for user profiles
|
|
|
|
|
;VALID_SITE_URL_SCHEMES=http,https
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;[service.explore]
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;
|
|
|
|
|
;; Only allow signed in users to view the explore pages.
|
|
|
|
|
;REQUIRE_SIGNIN_VIEW = false
|
|
|
|
|
;;
|
|
|
|
|
;; Disable the users explore page.
|
|
|
|
|
;DISABLE_USERS_PAGE = false
|
|
|
|
|
;;
|
|
|
|
|
;; Disable the organizations explore page.
|
|
|
|
|
;DISABLE_ORGANIZATIONS_PAGE = false
|
|
|
|
|
;;
|
|
|
|
|
;; Disable the code explore page.
|
|
|
|
|
;DISABLE_CODE_PAGE = false
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -954,7 +912,7 @@ SHOW_REGISTRATION_BUTTON = false
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
|
|
|
|
|
;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
|
|
|
|
|
ROOT = git/repositories
|
|
|
|
|
ROOT = /var/lib/gitea/git/repositories
|
|
|
|
|
;;
|
|
|
|
|
;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
|
|
|
|
|
;SCRIPT_TYPE = bash
|
|
|
|
@ -982,7 +940,7 @@ DEFAULT_PRIVATE = private
|
|
|
|
|
;;
|
|
|
|
|
;; Preferred Licenses to place at the top of the List
|
|
|
|
|
;; The name here must match the filename in options/license or custom/options/license
|
|
|
|
|
;PREFERRED_LICENSES = Apache License 2.0,MIT License
|
|
|
|
|
PREFERRED_LICENSES = GPL-3.0-only
|
|
|
|
|
;;
|
|
|
|
|
;; Disable the ability to interact with repositories using the HTTP protocol
|
|
|
|
|
;DISABLE_HTTP_GIT = false
|
|
|
|
@ -1017,14 +975,6 @@ DEFAULT_PRIVATE = private
|
|
|
|
|
;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
|
|
|
|
|
;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
|
|
|
|
|
;;
|
|
|
|
|
;; Comma separated list of default mirror repo units.
|
|
|
|
|
;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
|
|
|
|
|
;DEFAULT_MIRROR_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.wiki,repo.projects,repo.packages
|
|
|
|
|
;;
|
|
|
|
|
;; Comma separated list of default template repo units.
|
|
|
|
|
;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
|
|
|
|
|
;DEFAULT_TEMPLATE_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
|
|
|
|
|
;;
|
|
|
|
|
;; Prefix archive files by placing them in a directory named after the repository
|
|
|
|
|
;PREFIX_ARCHIVE_FILES = true
|
|
|
|
|
;;
|
|
|
|
@ -1046,13 +996,9 @@ DEFAULT_PRIVATE = private
|
|
|
|
|
;; Don't allow download source archive files from UI
|
|
|
|
|
;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
|
|
|
|
|
|
|
|
|
|
;; Allow to fork repositories without maximum number limit
|
|
|
|
|
;; Allow fork repositories without maximum number limit
|
|
|
|
|
;ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true
|
|
|
|
|
|
|
|
|
|
;; Allow to fork repositories into the same owner (user or organization)
|
|
|
|
|
;; This feature is experimental, not fully tested, and may be changed in the future
|
|
|
|
|
;ALLOW_FORK_INTO_SAME_OWNER = false
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;[repository.editor]
|
|
|
|
@ -1109,7 +1055,7 @@ ENABLED = false
|
|
|
|
|
;REOPEN_KEYWORDS = reopen,reopens,reopened
|
|
|
|
|
;;
|
|
|
|
|
;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash, fast-forward-only
|
|
|
|
|
DEFAULT_MERGE_STYLE = squash
|
|
|
|
|
DEFAULT_MERGE_STYLE = fast-forward-only
|
|
|
|
|
;;
|
|
|
|
|
;; In the default merge message for squash commits include at most this many commits
|
|
|
|
|
;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
|
|
|
|
@ -1388,9 +1334,6 @@ ALLOW_DOMAIN = %(DOMAIN)s
|
|
|
|
|
;;
|
|
|
|
|
;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
|
|
|
|
|
;MAX_FILE_SIZE = 524288
|
|
|
|
|
;;
|
|
|
|
|
;; Maximum allowed rows to render CSV files. (Set to 0 for no limit)
|
|
|
|
|
;MAX_ROWS = 2500
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -1488,10 +1431,6 @@ ISSUE_INDEXER_TYPE = db
|
|
|
|
|
;REPO_INDEXER_EXCLUDE =
|
|
|
|
|
;;
|
|
|
|
|
;MAX_FILE_SIZE = 1048576
|
|
|
|
|
;;
|
|
|
|
|
;; Bleve engine has performance problems with fuzzy search, so we limit the fuzziness to 0 by default to disable it.
|
|
|
|
|
;; If you'd like to enable it, you can set it to a value between 0 and 2.
|
|
|
|
|
;TYPE_BLEVE_MAX_FUZZINESS = 0
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -1517,7 +1456,7 @@ TYPE = redis
|
|
|
|
|
;; Batch size to send for batched queues
|
|
|
|
|
;BATCH_LENGTH = 20
|
|
|
|
|
;;
|
|
|
|
|
;; Connection string for redis queues this will store the redis (or Redis cluster) connection string.
|
|
|
|
|
;; Connection string for redis queues this will store the redis or redis-cluster connection string.
|
|
|
|
|
;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
|
|
|
|
|
;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
|
|
|
|
|
CONN_STR = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
@ -1542,21 +1481,15 @@ CONN_STR = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
|
;;
|
|
|
|
|
;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
|
|
|
|
|
;DEFAULT_EMAIL_NOTIFICATIONS = enabled
|
|
|
|
|
;; Disabled features for users could be "deletion", "manage_ssh_keys", "manage_gpg_keys", "manage_mfa", "manage_credentials" more features can be disabled in future
|
|
|
|
|
;; Disabled features for users, could be "deletion", "manage_ssh_keys","manage_gpg_keys" more features can be disabled in future
|
|
|
|
|
;; - deletion: a user cannot delete their own account
|
|
|
|
|
;; - manage_ssh_keys: a user cannot configure ssh keys
|
|
|
|
|
;; - manage_gpg_keys: a user cannot configure gpg keys
|
|
|
|
|
;; - manage_mfa: a user cannot configure mfa devices
|
|
|
|
|
;; - manage_credentials: a user cannot configure emails, passwords, or openid
|
|
|
|
|
;USER_DISABLED_FEATURES =
|
|
|
|
|
;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be "deletion", "manage_ssh_keys", "manage_gpg_keys", "manage_mfa", "manage_credentials". This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
|
|
|
|
|
;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
|
|
|
|
|
;; - deletion: a user cannot delete their own account
|
|
|
|
|
;; - manage_ssh_keys: a user cannot configure ssh keys
|
|
|
|
|
;; - manage_gpg_keys: a user cannot configure gpg keys
|
|
|
|
|
;; - manage_mfa: a user cannot configure mfa devices
|
|
|
|
|
;; - manage_credentials: a user cannot configure emails, passwords, or openid
|
|
|
|
|
;; - change_username: a user cannot change their username
|
|
|
|
|
;; - change_full_name: a user cannot change their full name
|
|
|
|
|
;;EXTERNAL_USER_DISABLE_FEATURES =
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -1732,10 +1665,6 @@ ENABLE_OPENID_SIGNIN = false
|
|
|
|
|
;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
|
|
|
|
|
;ENVELOPE_FROM =
|
|
|
|
|
;;
|
|
|
|
|
;; If gitea sends mails on behave of users, it will just use the name also displayed in the WebUI. If you want e.g. `Mister X (by CodeIt) <gitea@codeit.net>`,
|
|
|
|
|
;; set it to `{{ .DisplayName }} (by {{ .AppName }})`. Available Variables: `.DisplayName`, `.AppName` and `.Domain`.
|
|
|
|
|
;FROM_DISPLAY_NAME_FORMAT = {{ .DisplayName }}
|
|
|
|
|
;;
|
|
|
|
|
;; Mailer user name and password, if required by provider.
|
|
|
|
|
;USER =
|
|
|
|
|
;;
|
|
|
|
@ -1758,16 +1687,6 @@ ENABLE_OPENID_SIGNIN = false
|
|
|
|
|
;; convert \r\n to \n for Sendmail
|
|
|
|
|
;SENDMAIL_CONVERT_CRLF = true
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;[mailer.override_header]
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; This is empty by default, use it only if you know what you need it for.
|
|
|
|
|
;Reply-To = test@example.com, test2@example.com
|
|
|
|
|
;Content-Type = text/html; charset=utf-8
|
|
|
|
|
;In-Reply-To =
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;[email.incoming]
|
|
|
|
@ -1821,8 +1740,9 @@ ADAPTER = redis
|
|
|
|
|
;; For "memory" only, GC interval in seconds, default is 60
|
|
|
|
|
;INTERVAL = 60
|
|
|
|
|
;;
|
|
|
|
|
;; For "redis" and "memcache", connection host address
|
|
|
|
|
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
|
|
|
|
|
;; For "redis", "redis-cluster" and "memcache", connection host address
|
|
|
|
|
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
|
|
|
|
|
;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
|
|
|
|
|
;; memcache: `127.0.0.1:11211`
|
|
|
|
|
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
|
|
|
|
|
HOST = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
@ -1852,14 +1772,15 @@ HOST = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;
|
|
|
|
|
;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
|
|
|
|
|
;; Either "memory", "file", "redis", "redis-cluster", "db", "mysql", "couchbase", "memcache" or "postgres"
|
|
|
|
|
;; Default is "memory". "db" will reuse the configuration in [database]
|
|
|
|
|
PROVIDER = redis
|
|
|
|
|
;;
|
|
|
|
|
;; Provider config options
|
|
|
|
|
;; memory: doesn't have any config yet
|
|
|
|
|
;; file: session file path, e.g. `data/sessions`
|
|
|
|
|
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
|
|
|
|
|
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
|
|
|
|
|
;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
|
|
|
|
|
;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
|
|
|
|
PROVIDER_CONFIG = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
|
;;
|
|
|
|
@ -1885,7 +1806,7 @@ PROVIDER_CONFIG = redis://$REDIS_HOST:$REDIS_PORT/$REDIS_DB
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;
|
|
|
|
|
AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
|
|
|
|
|
REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
|
|
|
|
|
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
|
|
|
|
|
;;
|
|
|
|
|
;; How Gitea deals with missing repository avatars
|
|
|
|
|
;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
|
|
|
|
@ -1930,7 +1851,7 @@ REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
|
|
|
|
|
;ENABLED = true
|
|
|
|
|
;;
|
|
|
|
|
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
|
|
|
|
|
;ALLOWED_TYPES = .avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip
|
|
|
|
|
;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
|
|
|
|
|
;;
|
|
|
|
|
;; Max size of each file. Defaults to 2048MB
|
|
|
|
|
MAX_SIZE = 16
|
|
|
|
@ -1943,32 +1864,22 @@ MAX_SIZE = 16
|
|
|
|
|
;STORAGE_TYPE = local
|
|
|
|
|
;;
|
|
|
|
|
;; Allows the storage driver to redirect to authenticated URLs to serve files directly
|
|
|
|
|
;; Currently, only `minio` and `azureblob` is supported.
|
|
|
|
|
;; Currently, only `minio` is supported.
|
|
|
|
|
;SERVE_DIRECT = false
|
|
|
|
|
;;
|
|
|
|
|
;; Path for attachments. Defaults to `attachments`. Only available when STORAGE_TYPE is `local`
|
|
|
|
|
;; Relative paths will be resolved to `${AppDataPath}/${attachment.PATH}`
|
|
|
|
|
PATH = data/attachments
|
|
|
|
|
PATH = /var/lib/gitea/data/attachments
|
|
|
|
|
;;
|
|
|
|
|
;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_ENDPOINT = localhost:9000
|
|
|
|
|
;;
|
|
|
|
|
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
|
|
|
|
|
;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
|
|
|
|
|
;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
|
|
|
|
|
;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
|
|
|
|
|
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_ACCESS_KEY_ID =
|
|
|
|
|
;;
|
|
|
|
|
;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_SECRET_ACCESS_KEY =
|
|
|
|
|
;;
|
|
|
|
|
;; Preferred IAM Endpoint to override Minio's default IAM Endpoint resolution only available when STORAGE_TYPE is `minio`.
|
|
|
|
|
;; If not provided and STORAGE_TYPE is `minio`, will search for and derive endpoint from known environment variables
|
|
|
|
|
;; (AWS_CONTAINER_AUTHORIZATION_TOKEN, AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,
|
|
|
|
|
;; AWS_CONTAINER_CREDENTIALS_FULL_URI, AWS_WEB_IDENTITY_TOKEN_FILE, AWS_ROLE_ARN, AWS_ROLE_SESSION_NAME, AWS_REGION),
|
|
|
|
|
;; or the DefaultIAMRoleEndpoint if not provided otherwise.
|
|
|
|
|
;MINIO_IAM_ENDPOINT =
|
|
|
|
|
;;
|
|
|
|
|
;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_BUCKET = gitea
|
|
|
|
|
;;
|
|
|
|
@ -1986,24 +1897,6 @@ PATH = data/attachments
|
|
|
|
|
;;
|
|
|
|
|
;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
|
|
|
|
|
;MINIO_CHECKSUM_ALGORITHM = default
|
|
|
|
|
;;
|
|
|
|
|
;; Minio bucket lookup method defaults to auto mode; set it to `dns` for virtual host style or `path` for path style, only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_BUCKET_LOOKUP_TYPE = auto
|
|
|
|
|
;; Azure Blob endpoint to connect only available when STORAGE_TYPE is `azureblob`,
|
|
|
|
|
;; e.g. https://accountname.blob.core.windows.net or http://127.0.0.1:10000/devstoreaccount1
|
|
|
|
|
;AZURE_BLOB_ENDPOINT =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob account name to connect only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_ACCOUNT_NAME =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob account key to connect only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_ACCOUNT_KEY =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob container to store the attachments only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_CONTAINER = gitea
|
|
|
|
|
;;
|
|
|
|
|
;; override the azure blob base path if storage type is azureblob
|
|
|
|
|
;AZURE_BLOB_BASE_PATH = attachments/
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -2563,11 +2456,6 @@ ENABLED = false
|
|
|
|
|
;STORAGE_TYPE = local
|
|
|
|
|
;; override the minio base path if storage type is minio
|
|
|
|
|
;MINIO_BASE_PATH = packages/
|
|
|
|
|
;; override the azure blob base path if storage type is azureblob
|
|
|
|
|
;AZURE_BLOB_BASE_PATH = packages/
|
|
|
|
|
;; Allows the storage driver to redirect to authenticated URLs to serve files directly
|
|
|
|
|
;; Currently, only `minio` and `azureblob` is supported.
|
|
|
|
|
;SERVE_DIRECT = false
|
|
|
|
|
;;
|
|
|
|
|
;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
|
|
|
|
|
;CHUNKED_UPLOAD_PATH = tmp/package-upload
|
|
|
|
@ -2618,8 +2506,7 @@ ENABLED = false
|
|
|
|
|
;LIMIT_SIZE_SWIFT = -1
|
|
|
|
|
;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
|
|
|
|
|
;LIMIT_SIZE_VAGRANT = -1
|
|
|
|
|
;; Enable RPM re-signing by default. (It will overwrite the old signature ,using v4 format, not compatible with CentOS 6 or older)
|
|
|
|
|
;DEFAULT_RPM_SIGN_ENABLED = false
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; default storage for attachments, lfs and avatars
|
|
|
|
@ -2642,8 +2529,6 @@ ENABLED = false
|
|
|
|
|
;;
|
|
|
|
|
;; override the minio base path if storage type is minio
|
|
|
|
|
;MINIO_BASE_PATH = repo-archive/
|
|
|
|
|
;; override the azure blob base path if storage type is azureblob
|
|
|
|
|
;AZURE_BLOB_BASE_PATH = repo-archive/
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -2665,25 +2550,8 @@ ENABLED = false
|
|
|
|
|
;; Where your lfs files reside, default is data/lfs.
|
|
|
|
|
;PATH = data/lfs
|
|
|
|
|
;;
|
|
|
|
|
;; Allows the storage driver to redirect to authenticated URLs to serve files directly
|
|
|
|
|
;; Currently, only `minio` and `azureblob` is supported.
|
|
|
|
|
;SERVE_DIRECT = false
|
|
|
|
|
;;
|
|
|
|
|
;; override the minio base path if storage type is minio
|
|
|
|
|
;MINIO_BASE_PATH = lfs/
|
|
|
|
|
;;
|
|
|
|
|
;; override the azure blob base path if storage type is azureblob
|
|
|
|
|
;AZURE_BLOB_BASE_PATH = lfs/
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; settings for Gitea's LFS client (eg: mirroring an upstream lfs endpoint)
|
|
|
|
|
;;
|
|
|
|
|
;[lfs_client]
|
|
|
|
|
;; Limit the number of pointers in each batch request to this number
|
|
|
|
|
;BATCH_SIZE = 20
|
|
|
|
|
;; Limit the number of concurrent upload/download operations within a batch
|
|
|
|
|
;BATCH_OPERATION_CONCURRENCY = 8
|
|
|
|
|
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
@ -2698,28 +2566,18 @@ ENABLED = false
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; customize storage
|
|
|
|
|
;[storage.minio]
|
|
|
|
|
;[storage.my_minio]
|
|
|
|
|
;STORAGE_TYPE = minio
|
|
|
|
|
;;
|
|
|
|
|
;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_ENDPOINT = localhost:9000
|
|
|
|
|
;;
|
|
|
|
|
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
|
|
|
|
|
;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
|
|
|
|
|
;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
|
|
|
|
|
;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
|
|
|
|
|
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_ACCESS_KEY_ID =
|
|
|
|
|
;;
|
|
|
|
|
;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_SECRET_ACCESS_KEY =
|
|
|
|
|
;;
|
|
|
|
|
;; Preferred IAM Endpoint to override Minio's default IAM Endpoint resolution only available when STORAGE_TYPE is `minio`.
|
|
|
|
|
;; If not provided and STORAGE_TYPE is `minio`, will search for and derive endpoint from known environment variables
|
|
|
|
|
;; (AWS_CONTAINER_AUTHORIZATION_TOKEN, AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,
|
|
|
|
|
;; AWS_CONTAINER_CREDENTIALS_FULL_URI, AWS_WEB_IDENTITY_TOKEN_FILE, AWS_ROLE_ARN, AWS_ROLE_SESSION_NAME, AWS_REGION),
|
|
|
|
|
;; or the DefaultIAMRoleEndpoint if not provided otherwise.
|
|
|
|
|
;MINIO_IAM_ENDPOINT =
|
|
|
|
|
;;
|
|
|
|
|
;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_BUCKET = gitea
|
|
|
|
|
;;
|
|
|
|
@ -2731,25 +2589,6 @@ ENABLED = false
|
|
|
|
|
;;
|
|
|
|
|
;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_INSECURE_SKIP_VERIFY = false
|
|
|
|
|
;;
|
|
|
|
|
;; Minio bucket lookup method defaults to auto mode; set it to `dns` for virtual host style or `path` for path style, only available when STORAGE_TYPE is `minio`
|
|
|
|
|
;MINIO_BUCKET_LOOKUP_TYPE = auto
|
|
|
|
|
|
|
|
|
|
;[storage.azureblob]
|
|
|
|
|
;STORAGE_TYPE = azureblob
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob endpoint to connect only available when STORAGE_TYPE is `azureblob`,
|
|
|
|
|
;; e.g. https://accountname.blob.core.windows.net or http://127.0.0.1:10000/devstoreaccount1
|
|
|
|
|
;AZURE_BLOB_ENDPOINT =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob account name to connect only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_ACCOUNT_NAME =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob account key to connect only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_ACCOUNT_KEY =
|
|
|
|
|
;;
|
|
|
|
|
;; Azure Blob container to store the attachments only available when STORAGE_TYPE is `azureblob`
|
|
|
|
|
;AZURE_BLOB_CONTAINER = gitea
|
|
|
|
|
|
|
|
|
|
;[proxy]
|
|
|
|
|
;; Enable the proxy, all requests to external via HTTP will be affected
|
|
|
|
@ -2765,14 +2604,6 @@ ENABLED = false
|
|
|
|
|
;;
|
|
|
|
|
;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
|
|
|
|
|
DEFAULT_ACTIONS_URL = self
|
|
|
|
|
;; Logs retention time in days. Old logs will be deleted after this period.
|
|
|
|
|
;LOG_RETENTION_DAYS = 365
|
|
|
|
|
;; Log compression type, `none` for no compression, `zstd` for zstd compression.
|
|
|
|
|
;; Other compression types like `gzip` are NOT supported, since seekable stream is required for log view.
|
|
|
|
|
;; It's always recommended to use compression when using local disk as log storage if CPU or memory is not a bottleneck.
|
|
|
|
|
;; And for object storage services like S3, which is billed for requests, it would cause extra 2 times of get requests for each log view.
|
|
|
|
|
;; But it will save storage space and network bandwidth, so it's still recommended to use compression.
|
|
|
|
|
;LOG_COMPRESSION = zstd
|
|
|
|
|
;; Default artifact retention time in days. Artifacts could have their own retention periods by setting the `retention-days` option in `actions/upload-artifact` step.
|
|
|
|
|
;ARTIFACT_RETENTION_DAYS = 90
|
|
|
|
|
;; Timeout to stop the task which have running status, but haven't been updated for a long time
|
|
|
|
@ -2793,9 +2624,3 @@ DEFAULT_ACTIONS_URL = self
|
|
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
;; storage type
|
|
|
|
|
;STORAGE_TYPE = local
|
|
|
|
|
|
|
|
|
|
;[global_lock]
|
|
|
|
|
;; Lock service type, could be memory or redis
|
|
|
|
|
;SERVICE_TYPE = memory
|
|
|
|
|
;; Ignored for the "memory" type. For "redis" use something like `redis://127.0.0.1:6379/0`
|
|
|
|
|
;SERVICE_CONN_STR =
|
|
|
|
|