lywsvip/server
1
0
Fork 0
mirror of https://github.com/gotify/server.git synced 2026-06-22 03:52:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f67cf94f249cedd2c7d8887431c207c2d2b45810
server/gotify-server.env.example
Jannis Mattheis edfe99ee40 fix: add missing loglevel setting
2026-06-14 12:32:55 +02:00

278 lines
9.1 KiB
Plaintext
Raw Blame History

# Example environment variables for the server.
# Save as `gotify-server.env` (or export the variables) when edited.
#
# If $GOTIFY_CONFIG_FILE is set, that file is loaded exclusively and none of
# the files below are tried. Otherwise the first existing file from the search
# order is loaded. Absent or commented out settings fall back to the default
# (shown after the =). Variables already exported in the process environment
# always take precedence over the loaded file.
#
# Config file search order (used only when $GOTIFY_CONFIG_FILE is unset):
# 1. gotify-server.env (in the working directory)
# 2. $XDG_CONFIG_HOME/gotify/gotify-server.env
# ($XDG_CONFIG_HOME falls back to $HOME/.config when unset)
# 3. /etc/gotify/server.env
#
# Value types used below:
# text a plain string value.
# number an integer value.
# boolean `true` or `false`.
# text-list comma-separated list of strings, parsed as a single CSV line.
# A comma can be escaped by wrapping the value in quotes.
# Example: a,b,c
# Example: "a,b",c -> entries: `a,b` and `c`
# json-map a JSON object mapping string keys to string values.
# Example: {"X-Foo":"bar","X-Baz":"qux"}
#
# Every variable also supports a "_FILE" suffix that reads the value from a
# file at the given path (useful for Docker / Kubernetes secrets), e.g.:
# GOTIFY_DEFAULTUSER_PASS_FILE=/run/secrets/admin_pass
# Minimum severity of log messages to emit.
# Values: trace, debug, info, warn, error, fatal, panic
# GOTIFY_LOGLEVEL=info
# Interval in seconds between TCP keepalive probes on accepted connections. !! Only change this if you know what you are doing.
#
# Example: 0 uses the Go default (15s)
# Example: -1 disables keepalives entirely.
# Type: number
# GOTIFY_SERVER_KEEPALIVEPERIODSECONDS=0
# The network address the HTTP server binds to. Leave empty to listen on all
# interfaces (both IPv4 and IPv6). Prefix with "unix:" to listen on a Unix
# domain socket instead of a TCP port.
#
# Type: text
# Example: 192.168.178.2
# Example: unix:/tmp/gotify.sock
# GOTIFY_SERVER_LISTENADDR=
# Port the HTTP server listens on.
# Type: number
# GOTIFY_SERVER_PORT=80
# Enable the HTTPS listener. Requires either CERTFILE+CERTKEY or LETSENCRYPT_ENABLED=true.
# Type: boolean
# GOTIFY_SERVER_SSL_ENABLED=false
# Redirect plain HTTP requests to HTTPS. Only effective when SSL_ENABLED=true.
# Type: boolean
# GOTIFY_SERVER_SSL_REDIRECTTOHTTPS=true
# The network address the HTTPS server binds to. Leave empty to listen on all
# interfaces (both IPv4 and IPv6). Prefix with "unix:" to listen on a Unix
# domain socket instead of a TCP port.
#
# Type: text
# Example: 192.168.178.2
# Example: unix:/tmp/gotify-ssl.sock
# GOTIFY_SERVER_SSL_LISTENADDR=
# Port the HTTPS server listens on.
# Type: number
# GOTIFY_SERVER_SSL_PORT=443
# Path to the TLS certificate.
# Type: text
# Example: /etc/ssl/certs/gotify.crt
# GOTIFY_SERVER_SSL_CERTFILE=
# Path to the TLS private key.
# Type: text
# Example: /etc/ssl/private/gotify.key
# GOTIFY_SERVER_SSL_CERTKEY=
# Obtain the TLS certificate automatically from Let's Encrypt.
# Requires SSL_ENABLED=true and LETSENCRYPT_ACCEPTTOS=true.
# Type: boolean
# GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED=false
# Accept the Let's Encrypt Terms of Service.
# Type: boolean
# GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS=false
# Directory where issued certificates and ACME account data are persisted. Must
# be writable by the server.
#
# Type: text
# Example: /var/lib/gotify/certs
# GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE=data/certs
# Override the ACME directory URL. Leave empty to use the Let's Encrypt
# production server. The staging server has higher rate limits useful for
# testing but issues certificates that are not publicly trusted.
#
# Type: text
# Example: https://acme-staging-v02.api.letsencrypt.org/directory
# GOTIFY_SERVER_SSL_LETSENCRYPT_DIRECTORYURL=
# Hosts Let's Encrypt should issue certificates for. Each host must resolve
# publicly to this server.
#
# Type: text-list
# Example: mydomain.tld,myotherdomain.tld
# GOTIFY_SERVER_SSL_LETSENCRYPT_HOSTS=
# Extra HTTP headers attached to every response.
# Type: json-map
# Example: {"X-Custom-Header":"custom value"}
# GOTIFY_SERVER_RESPONSEHEADERS=
# IPs or CIDR ranges of proxies whose X-Forwarded-For header is trusted to
# determine the real client IP. Include 127.0.0.1 when terminating TLS in a
# sidecar on the same host.
#
# Type: text-list
# Example: 127.0.0.1/32,::1
# GOTIFY_SERVER_TRUSTEDPROXIES=
# Set the Secure flag on session cookies, restricting them to HTTPS
# connections. Enable when the server is reachable over HTTPS.
#
# Type: boolean
# GOTIFY_SERVER_SECURECOOKIE=false
# Allowed origins (regex) for cross-origin requests. Setting any CORS_* value
# enables CORS handling.
#
# Type: text-list
# Example: .+\.example\.com,otherdomain\.com
# GOTIFY_SERVER_CORS_ALLOWORIGINS=
# HTTP methods permitted in cross-origin requests.
# Type: text-list
# Example: GET,POST
# GOTIFY_SERVER_CORS_ALLOWMETHODS=
# Request headers permitted in cross-origin requests.
# Type: text-list
# Example: Authorization,content-type
# GOTIFY_SERVER_CORS_ALLOWHEADERS=
# Interval in seconds between WebSocket ping frames sent to streaming clients.
# Only change this if you know what you are doing.
#
# Type: number
# GOTIFY_SERVER_STREAM_PINGPERIODSECONDS=45
# Allowed origins (regex) for WebSocket upgrade requests. Same-origin
# connections are always permitted regardless of this setting.
#
# Type: text-list
# Example: .+\.example\.com,otherdomain\.com
# GOTIFY_SERVER_STREAM_ALLOWEDORIGINS=
# Enable OpenID Connect Single Sign-On, allowing users to authenticate via an
# external identity provider (e.g. Authelia, Dex, Keycloak). The provider must
# support PKCE (https://oauth.net/2/pkce/); IdPs without PKCE support are
# currently unsupported.
#
# Type: boolean
# GOTIFY_OIDC_ENABLED=false
# Base URL of the identity provider. It will be used to discover OIDC endpoints
# via /.well-known/openid-configuration.
#
# Type: text
# Example: https://auth.example.com/realms/myrealm
# GOTIFY_OIDC_ISSUER=
# Client ID registered with the identity provider for this application.
# Type: text
# Example: gotify
# GOTIFY_OIDC_CLIENTID=
# Client secret paired with the client ID.
# Type: text
# Example: super-secret
# GOTIFY_OIDC_CLIENTSECRET=
# Callback URL the identity provider redirects to after authentication. Must
# end with `/auth/oidc/callback` and match exactly what is registered at the
# provider. When Gotify is served on a sub-path behind a reverse proxy, include
# it (e.g. https://example.org/gotify/auth/oidc/callback). To support OIDC
# login in the Android app, also register `gotify://oidc/callback` as an
# additional redirect URL at the provider.
#
# Type: text
# Example: https://gotify.example.org/auth/oidc/callback
# GOTIFY_OIDC_REDIRECTURL=
# Automatically create a local user on first OIDC login. When disabled, only
# users that already exist in Gotify can sign in via OIDC.
#
# Type: boolean
# GOTIFY_OIDC_AUTOREGISTER=true
# OIDC ID-token claim used as the local username. Common values are
# preferred_username or email.
#
# Type: text
# Example: email
# GOTIFY_OIDC_USERNAMECLAIM=preferred_username
# OIDC scopes to request from the identity provider.
# Type: text-list
# GOTIFY_OIDC_SCOPES=openid,profile,email
# Database driver to use. For mysql and postgres the target database must
# already exist and the configured user must have sufficient permissions.
#
# Type: one of sqlite3, mysql, postgres
# GOTIFY_DATABASE_DIALECT=sqlite3
# Database connection string. Format depends on the dialect.
# Type: text
# Example:
# sqlite3: path/to/database.db
# mysql: gotify:secret@tcp(localhost:3306)/gotifydb?charset=utf8&parseTime=True&loc=Local
# postgres: host=localhost port=5432 user=gotify dbname=gotifydb password=secret
# When using postgres without SSL, append `sslmode=disable` (see https://github.com/gotify/server/issues/90).
# GOTIFY_DATABASE_CONNECTION=data/gotify.db
# Username for the initial admin account. Only applied when the database is
# first created; later changes must be made through the WebUI.
#
# Type: text
# Example: myadmin
# GOTIFY_DEFAULTUSER_NAME=admin
# Password for the initial admin account. Only applied when the database is
# first created.
#
# Type: text
# Example: super-secret-password
# GOTIFY_DEFAULTUSER_PASS=admin
# Bcrypt cost factor for password hashes. Higher values are more secure but slower.
# Type: number
# GOTIFY_PASSSTRENGTH=10
# Directory where application icons and other uploaded images are stored. Must
# be writable by the server.
#
# Type: text
# Example: /var/lib/gotify/images
# GOTIFY_UPLOADEDIMAGESDIR=data/images
# Directory scanned for plugin shared libraries on startup. Leave empty to
# disable plugin loading.
#
# Type: text
# Example: /var/lib/gotify/plugins
# GOTIFY_PLUGINSDIR=data/plugins
# Allow unauthenticated users to register new user accounts via the public
# registration endpoint.
#
# Type: boolean
# GOTIFY_REGISTRATION=false
# Disable colored log output. Set to "1" to force-disable colors regardless of
# whether stdout is a terminal. When unset, colors are emitted only if stdout
# is a TTY. See https://no-color.org/.
#
# Type: text
# NOCOLOR=
Reference in New Issue View Git Blame Copy Permalink