@@ 231,8 231,8 @@ db-sqlite-cache-size: "8MiB"
# If set to empty string or zero, the sqlite default will be used.
# See: https://www.sqlite.org/pragma.html#pragma_busy_timeout
# Examples: ["0s", "1s", "30s", "1m", "5m"]
-# Default: "5s"
-db-sqlite-busy-timeout: "5m"
+# Default: "30m"
+db-sqlite-busy-timeout: "30m"
cache:
# Cache configuration options:
@@ 265,7 265,7 @@ cache:
account-ttl: "30m"
account-sweep-freq: "1m"
- block-max-size: 100
+ block-max-size: 1000
block-ttl: "30m"
block-sweep-freq: "1m"
@@ 289,6 289,18 @@ cache:
follow-request-ttl: "30m"
follow-request-sweep-freq: "1m"
+ instance-max-size: 2000
+ instance-ttl: "30m"
+ instance-sweep-freq: "1m"
+
+ list-max-size: 2000
+ list-ttl: "30m"
+ list-sweep-freq: "1m"
+
+ list-entry-max-size: 2000
+ list-entry-ttl: "30m"
+ list-entry-sweep-freq: "1m"
+
media-max-size: 1000
media-ttl: "30m"
media-sweep-freq: "1m"
@@ 323,7 335,7 @@ cache:
webfinger-max-size: 250
webfinger-ttl: "24h"
- webfinger-sweep-freq: "1m"
+ webfinger-sweep-freq: "15m"
######################
##### WEB CONFIG #####
@@ 425,6 437,13 @@ accounts-reason-required: true
# Default: false
accounts-allow-custom-css: false
+# Int. If accounts-allow-custom-css is true, this is the permitted length in characters for
+# CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is false.
+#
+# Examples: [500, 5000, 9999]
+# Default: 10000
+accounts-custom-css-length: 10000
+
########################
##### MEDIA CONFIG #####
########################
@@ 475,7 494,7 @@ media-emoji-local-max-size: 51200
# This strikes a good balance between decent interoperability with instances that have
# higher emoji size limits, and not taking up too much space in storage.
# Examples: [51200, 102400]
-# Default: 51200
+# Default: 102400
media-emoji-remote-max-size: 102400
##########################
@@ 509,6 528,7 @@ storage-s3-endpoint: "minio.xenrox.net"
#
# Default: false
storage-s3-proxy: false
+
# Bool. Use SSL for S3 connections.
#
# Only set this to 'false' when testing locally.
@@ 522,12 542,14 @@ storage-s3-use-ssl: true
# Examples: ["AKIAJSIE27KKMHXI3BJQ","miniouser"]
# Default: ""
storage-s3-access-key: "{{ gotosocial_secrets['s3_access'] }}"
+
# String. Secret key part of the S3 credentials.
# Consider setting this value using environment variables to avoid leaking it via the config file
# Only required when running with the s3 storage backend.
# Examples: ["5bEYu26084qjSFyclM/f2pz4gviSfoOg+mFwBH39","miniopassword"]
# Default: ""
storage-s3-secret-key: "{{ gotosocial_secrets['s3_secret'] }}"
+
# String. Name of the storage bucket.
#
# If you have already encoded your bucket name in the storage-s3-endpoint, this
@@ 761,7 783,7 @@ syslog-enabled: false
# String. Protocol to use when directing logs to syslog. Leave empty to connect to local syslog.
# Options: ["udp", "tcp", ""]
-# Default: "tcp"
+# Default: "udp"
syslog-protocol: "udp"
# String. Address:port to send syslog logs to. Leave empty to connect to local syslog.
@@ 799,6 821,57 @@ tracing-endpoint: ""
# Default: false
tracing-insecure-transport: false
+################################
+##### HTTP CLIENT SETTINGS #####
+################################
+
+# Settings for OUTGOING http client connections used by GoToSocial to make
+# requests to remote resources (status GETs, media GETs, inbox POSTs, etc).
+
+http-client:
+
+ # Duration. Timeout to use for outgoing HTTP requests. If the timeout
+ # is exceeded, the connection to the remote server will be dropped.
+ # A value of 0s indicates no timeout: this is not advised!
+ # Examples: ["5s", "10s", "0s"]
+ # Default: "10s"
+ timeout: "10s"
+
+ ########################################
+ #### RESERVED IP RANGE EXCEPTIONS ######
+ ########################################
+ #
+ # Explicitly allow or block outgoing dialing within the provided IPv4/v6 CIDR ranges.
+ #
+ # By default, as a basic security precaution, GoToSocial blocks outgoing dialing within most "special-purpose"
+ # IP ranges. However, it may be desirable for admins with more exotic setups (proxies, funky NAT, etc) to
+ # explicitly override one or more of these otherwise blocked ranges.
+ #
+ # Each of the below allow/block config options accepts an array of IPv4 and/or IPv6 CIDR strings.
+ # For example, to override the hardcoded block of IPv4 and IPv6 dialing to localhost, set:
+ #
+ # allow-ips: ["127.0.0.1/32", "::1/128"].
+ #
+ # You can also use YAML multi-line arrays to define these, but be diligent with indentation.
+ #
+ # When dialing, GoToSocial will first check if the destination falls within explicitly allowed IP ranges,
+ # then explicitly blocked IP ranges, then the default (hardcoded) blocked IP ranges, returning OK on the
+ # first allowed match, not OK on the first blocked match, or just defaulting to OK if nothing is matched.
+ #
+ # As with all security settings, it is better to start too restrictive and then ease off depending on
+ # your use case, than to start too permissive and try to close the stable door after the horse has
+ # already bolted. With this in mind:
+ # - Don't touch these settings unless you have a good reason to, and only if you know what you're doing.
+ # - When adding explicitly allowed exceptions, use the narrowest possible CIDR for your use case.
+ #
+ # For reserved / special ranges, see:
+ # - https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
+ # - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
+ #
+ # Both allow-ips and block-ips default to an empty array.
+ allow-ips: []
+ block-ips: []
+
#############################
##### ADVANCED SETTINGS #####
#############################
@@ 874,7 947,7 @@ advanced-throttling-multiplier: 8
# Minimum resolution is 1 second.
#
# Examples: [30s, 10s, 5s, 1m]
-# Default: 30s
+# Default: "30s"
advanced-throttling-retry-after: "30s"
# Int. CPU multiplier for the amount of goroutines to spawn in order to send messages via ActivityPub.