#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # Misskey configuration #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # ┌──────────────────────────────┐ #───┘ a boring but important thing └──────────────────────────── # # First of all, let me tell you a story that may possibly be # boring to you and possibly important to you. # # Misskey is licensed under the AGPLv3 license. This license is # known to be often misunderstood. Please read the following # instructions carefully and select the appropriate option so # that you do not negligently cause a license violation. # # -------- # Option 1: If you host Misskey AS-IS (without any changes to # the source code. forks are not included). # # Step 1: Congratulations! You don't need to do anything. # -------- # Option 2: If you have made changes to the source code (forks # are included) and publish a Git repository of source # code. There should be no access restrictions on # this repository. Strictly speaking, it doesn't have # to be a Git repository, but you'll probably use Git! # # Step 1: Build and run the Misskey server first. # Step 2: Open <https://your.misskey.example/admin/settings> in # your browser with the administrator account. # Step 3: Enter the URL of your Git repository in the # "Repository URL" field. # -------- # Option 3: If neither of the above applies to you. # (In this case, the source code should be published # on the Misskey interface. IT IS NOT ENOUGH TO # DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY # E-MAIL OR OTHER MEANS. If you are not satisfied # with this, it is recommended that you read the # license again carefully. Anyway, enabling this # option will automatically generate and publish a # tarball at build time, protecting you from # inadvertent license violations. (There is no legal # guarantee, of course.) The tarball will generated # from the root directory of your codebase. So it is # also recommended to check <built/tarball> directory # once after building and before activating the server # to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION. # To prevent certain files from being included in the # tarball, add a glob pattern after line 15 in # <scripts/tarball.mjs>. DO NOT FORGET TO BUILD AFTER # ENABLING THIS OPTION!) # # Step 1: Uncomment the following line. # # publishTarballInsteadOfProvideRepositoryUrl: true # ┌────────────────────────┐ #───┘ Initial Setup Password └───────────────────────────────────────────────────── # Password to initiate setting up admin account. # It will not be used after the initial setup is complete. # # Be sure to change this when you set up Misskey via the Internet. # # The provider of the service who sets up Misskey on behalf of the customer should # set this value to something unique when generating the Misskey config file, # and provide it to the customer. # # setupPassword: example_password_please_change_this_or_you_will_get_hacked # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── # Final accessible URL seen by a user. url: https://example.tld/ # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # URL SETTINGS AFTER THAT! # ┌───────────────────────┐ #───┘ Port and TLS settings └─────────────────────────────────── # # Misskey requires a reverse proxy to support HTTPS connections. # # +----- https://example.tld/ ------------+ # +------+ |+-------------+ +----------------+| # | User | ---> || Proxy (443) | ---> | Misskey (3000) || # +------+ |+-------------+ +----------------+| # +---------------------------------------+ # # You need to set up a reverse proxy. (e.g. nginx) # An encrypted connection with HTTPS is highly recommended # because tokens may be transferred in GET requests. # The port that your Misskey server should listen on. port: 3000 # You can also use UNIX domain socket. # socket: /path/to/misskey.sock # chmodSocket: '777' # ┌──────────────────────────┐ #───┘ PostgreSQL configuration └──────────────────────────────── db: host: localhost port: 5432 # Database name db: sharkey # Auth user: sharkey pass: example-misskey-pass # Whether disable Caching queries #disableCache: true # Extra Connection options #extra: # ssl: true dbReplications: false # You can configure any number of replicas here #dbSlaves: # - # host: # port: # db: # user: # pass: # - # host: # port: # db: # user: # pass: # ┌─────────────────────┐ #───┘ Redis configuration └───────────────────────────────────── redis: host: localhost port: 6379 #family: 0 # 0=Both, 4=IPv4, 6=IPv6 #pass: example-pass #prefix: example-prefix #db: 1 # You can specify more ioredis options... #username: example-username #redisForPubsub: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # # You can specify more ioredis options... # #username: example-username #redisForJobQueue: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # # You can specify more ioredis options... # #username: example-username #redisForTimelines: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # # You can specify more ioredis options... # #username: example-username #redisForReactions: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # # You can specify more ioredis options... # #username: example-username # ┌───────────────────────────┐ #───┘ MeiliSearch configuration └───────────────────────────── # You can set scope to local (default value) or global # (include notes from remote). #meilisearch: # host: localhost # port: 7700 # apiKey: '' # ssl: true # index: '' # scope: global # ┌───────────────┐ #───┘ ID generation └─────────────────────────────────────────── # You can select the ID generation method. # You don't usually need to change this setting, but you can # change it according to your preferences. # Available methods: # aid ... Short, Millisecond accuracy # aidx ... Millisecond accuracy # meid ... Similar to ObjectID, Millisecond accuracy # ulid ... Millisecond accuracy # objectid ... This is left for backward compatibility # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # ID SETTINGS AFTER THAT! id: 'aidx' # ┌────────────────┐ #───┘ Error tracking └────────────────────────────────────────── # Sentry is available for error tracking. # See the Sentry documentation for more details on options. #sentryForBackend: # enableNodeProfiling: true # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' #sentryForFrontend: # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' # ┌─────────────────────┐ #───┘ Other configuration └───────────────────────────────────── # Whether disable HSTS #disableHsts: true # Number of worker processes #clusterLimit: 1 # Job concurrency per worker #deliverJobConcurrency: 128 #inboxJobConcurrency: 16 #relationshipJobConcurrency: 16 # What's relationshipJob?: # Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. # Job rate limiter #deliverJobPerSec: 128 #inboxJobPerSec: 32 #relationshipJobPerSec: 64 # Job attempts #deliverJobMaxAttempts: 12 #inboxJobMaxAttempts: 8 # Local address used for outgoing requests #outgoingAddress: 127.0.0.1 # IP address family used for outgoing request (ipv4, ipv6 or dual) #outgoingAddressFamily: ipv4 # Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1) #maxNoteLength: 3000 # Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1) #maxRemoteNoteLength: 100000 # Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1) #maxCwLength: 500 # Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1) #maxRemoteCwLength: 5000 # Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1) #maxAltTextLength: 20000 # Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1) #maxRemoteAltTextLength: 100000 # Proxy for HTTP/HTTPS #proxy: http://127.0.0.1:3128 proxyBypassHosts: - api.deepl.com - api-free.deepl.com - www.recaptcha.net - hcaptcha.com - challenges.cloudflare.com # Proxy for SMTP/SMTPS #proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 # Media Proxy # Reference Implementation: https://github.com/misskey-dev/media-proxy # * Deliver a common cache between instances # * Perform image compression (on a different server resource than the main process) #mediaProxy: https://example.com/proxy # Proxy remote files (default: true) # Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains. proxyRemoteFiles: true # Movie Thumbnail Generation URL # There is no reference implementation. # For example, Misskey will point to the following URL: # https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4 #videoThumbnailGenerator: https://example.com # Sign outgoing ActivityPub GET request (default: true) signToActivityPubGet: true # Sign outgoing ActivityPub Activities (default: true) # Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity. # When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances. # This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests. attachLdSignatureForRelays: true # check that inbound ActivityPub GET requests are signed ("authorized fetch") checkActivityPubGetSignature: false # For security reasons, uploading attachments from the intranet is prohibited, # but exceptions can be made from the following settings. Default value is "undefined". # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)). #allowedPrivateNetworks: [ # '127.0.0.1/32' #] #customMOTD: ['Hello World', 'The sharks rule all', 'Shonks'] # Upload or download file size limits (bytes) #maxFileSize: 262144000 # timeout and maximum size for imports (e.g. note imports) #import: # downloadTimeout: 30 # maxFileSize: 262144000 # PID File of master process #pidFile: /tmp/misskey.pid # CHMod-style permission bits to apply to uploaded files. # Permission bits are specified as a base-8 string representing User/Group/Other permissions. # This setting is only useful for custom deployments, such as using a reverse proxy to serve media. #filePermissionBits: '644'