#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # Misskey configuration #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # ┌────────────────────────┐ #───┘ Initial Setup Password └───────────────────────────────────────────────────── # Password to initiate setting up admin account. # It will not be used after the initial setup is complete. # # Be sure to change this when you set up Misskey via the Internet. # # The provider of the service who sets up Misskey on behalf of the customer should # set this value to something unique when generating the Misskey config file, # and provide it to the customer. setupPassword: example_password_please_change_this_or_you_will_get_hacked # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── # Final accessible URL seen by a user. url: 'http://misskey.local' # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # URL SETTINGS AFTER THAT! # ┌───────────────────────┐ #───┘ Port and TLS settings └─────────────────────────────────── # # Misskey requires a reverse proxy to support HTTPS connections. # # +----- https://example.tld/ ------------+ # +------+ |+-------------+ +----------------+| # | User | ---> || Proxy (443) | ---> | Misskey (3000) || # +------+ |+-------------+ +----------------+| # +---------------------------------------+ # # You need to set up a reverse proxy. (e.g. nginx) # An encrypted connection with HTTPS is highly recommended # because tokens may be transferred in GET requests. # The port that your Misskey server should listen on. port: 61812 # ┌──────────────────────────┐ #───┘ PostgreSQL configuration └──────────────────────────────── db: host: db port: 5432 # Database name db: misskey # Auth user: postgres pass: postgres # Whether disable Caching queries #disableCache: true # Extra Connection options #extra: # ssl: true dbReplications: false # You can configure any number of replicas here #dbSlaves: # - # host: # port: # db: # user: # pass: # - # host: # port: # db: # user: # pass: # ┌─────────────────────┐ #───┘ Redis configuration └───────────────────────────────────── redis: host: redis port: 6379 #family: 0 # 0=Both, 4=IPv4, 6=IPv6 #pass: example-pass #prefix: example-prefix #db: 1 #redisForPubsub: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForJobQueue: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForTimelines: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForReactions: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # ┌───────────────────────────┐ #───┘ MeiliSearch configuration └───────────────────────────── #meilisearch: # host: meilisearch # port: 7700 # apiKey: '' # ssl: true # index: '' # ┌───────────────┐ #───┘ ID generation └─────────────────────────────────────────── # You can select the ID generation method. # You don't usually need to change this setting, but you can # change it according to your preferences. # Available methods: # aid ... Short, Millisecond accuracy # aidx ... Millisecond accuracy # meid ... Similar to ObjectID, Millisecond accuracy # ulid ... Millisecond accuracy # objectid ... This is left for backward compatibility # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # ID SETTINGS AFTER THAT! id: 'aidx' # ┌──────────┐ #───┘ Metrics └────────────────────────────────────────── #prometheusMetrics: # enable: false # scrapeToken: '' # Set non-empty to require a bearer token for scraping # ┌────────────────┐ #───┘ Error tracking └────────────────────────────────────────── # Sentry is available for error tracking. # See the Sentry documentation for more details on options. #sentryForBackend: # enableNodeProfiling: true # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' #sentryForFrontend: # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' # ┌──────────────┐ #──┘ Web Security └────────────────────────────────────── # Whether disable HSTS #disableHsts: true # Whether to enable HSTS preload # Read these before enabling: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security#preloading_strict_transport_security # - https://hstspreload.org/ #hstsPreload: false # Enable additional security headers that reduce the risk of XSS attacks or privacy leaks. # browserSandboxing: # # Do not send the Referrer header to other domains. The default when browserSandboxing is missing is true. # strictOriginReferrer: true # csp: # # Do not send a CSP header. The default is a strict CSP header that prevents any form of external fetching or execution. # disable: false # # Merge additional directives into the CSP header. The default is an empty object. # # You may want to list your CDN or other trusted domains here. # # Media proxies are automatically added to the CSP header. This is an exception, things like Sentry will not be automatically added. # appendDirectives: # 'script-src': # - "'unsafe-eval'" # do not use this ... just an example # - 'https://example.com' # ┌─────────────────────┐ #───┘ Other configuration └───────────────────────────────────── # Number of worker processes #clusterLimit: 1 # Job concurrency per worker # deliverJobConcurrency: 128 # inboxJobConcurrency: 16 # Job rate limiter # deliverJobPerSec: 128 # inboxJobPerSec: 32 # Job attempts # deliverJobMaxAttempts: 12 # inboxJobMaxAttempts: 8 # IP address family used for outgoing request (ipv4, ipv6 or dual) #outgoingAddressFamily: ipv4 # Proxy for HTTP/HTTPS #proxy: http://127.0.0.1:3128 proxyBypassHosts: - api.deepl.com - api-free.deepl.com - www.recaptcha.net - hcaptcha.com - challenges.cloudflare.com # Proxy for SMTP/SMTPS #proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 # Media Proxy #mediaProxy: https://example.com/proxy # Proxy remote files (default: true) proxyRemoteFiles: true # Sign to ActivityPub GET request (default: true) signToActivityPubGet: true allowedPrivateNetworks: [ '127.0.0.1/32' ] # Upload or download file size limits (bytes) #maxFileSize: 262144000