#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # Misskey configuration #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── # Final accessible URL seen by a user. # url: https://example.tld/ # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # URL SETTINGS AFTER THAT! # ┌───────────────────────┐ #───┘ Port and TLS settings └─────────────────────────────────── # # Misskey supports two deployment options for public. # # Option 1: With Reverse Proxy # # +----- https://example.tld/ ------------+ # +------+ |+-------------+ +----------------+| # | User | ---> || Proxy (443) | ---> | Misskey (3000) || # +------+ |+-------------+ +----------------+| # +---------------------------------------+ # # You need to setup reverse proxy. (eg. nginx) # You do not define 'https' section. # Option 2: Standalone # # +- https://example.tld/ -+ # +------+ | +---------------+ | # | User | ---> | | Misskey (443) | | # +------+ | +---------------+ | # +------------------------+ # # You need to run Misskey as root. # You need to set Certificate in 'https' section. # To use option 1, uncomment below line. port: 3000 # A port that your Misskey server should listen. # To use option 2, uncomment below lines. #port: 443 #https: # # path for certification # key: /etc/letsencrypt/live/example.tld/privkey.pem # cert: /etc/letsencrypt/live/example.tld/fullchain.pem # ┌──────────────────────────┐ #───┘ PostgreSQL configuration └──────────────────────────────── db: host: localhost port: 5432 # Database name db: misskey # Auth user: example-misskey-user pass: example-misskey-pass # Whether disable Caching queries #disableCache: true # Extra Connection options #extra: # ssl: true dbReplications: false # You can configure any number of replicas here #dbSlaves: # - # host: # port: # db: # user: # pass: # - # host: # port: # db: # user: # pass: # ┌─────────────────────┐ #───┘ Redis configuration └───────────────────────────────────── redis: host: localhost port: 6379 #family: 0 # 0=Both, 4=IPv4, 6=IPv6 #pass: example-pass #prefix: example-prefix #db: 1 #redisForPubsub: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForJobQueue: # host: localhost # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForTimelines: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 #redisForReactions: # host: redis # port: 6379 # #family: 0 # 0=Both, 4=IPv4, 6=IPv6 # #pass: example-pass # #prefix: example-prefix # #db: 1 # ┌───────────────────────────┐ #───┘ MeiliSearch configuration └───────────────────────────── #meilisearch: # host: localhost # port: 7700 # apiKey: '' # ssl: true # index: '' # ┌───────────────┐ #───┘ ID generation └─────────────────────────────────────────── # You can select the ID generation method. # You don't usually need to change this setting, but you can # change it according to your preferences. # Available methods: # aid ... Short, Millisecond accuracy # aidx ... Millisecond accuracy # meid ... Similar to ObjectID, Millisecond accuracy # ulid ... Millisecond accuracy # objectid ... This is left for backward compatibility # ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE # ID SETTINGS AFTER THAT! id: "aidx" # ┌────────────────┐ #───┘ Error tracking └────────────────────────────────────────── # Sentry is available for error tracking. # See the Sentry documentation for more details on options. #sentryForBackend: # enableNodeProfiling: true # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' #sentryForFrontend: # options: # dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0' # ┌─────────────────────┐ #───┘ Other configuration └───────────────────────────────────── # Whether disable HSTS #disableHsts: true # Number of worker processes #clusterLimit: 1 # Job concurrency per worker # deliverJobConcurrency: 128 # inboxJobConcurrency: 16 # Job rate limiter # deliverJobPerSec: 128 # inboxJobPerSec: 32 # Job attempts # deliverJobMaxAttempts: 12 # inboxJobMaxAttempts: 8 # IP address family used for outgoing request (ipv4, ipv6 or dual) #outgoingAddressFamily: ipv4 # Proxy for HTTP/HTTPS #proxy: http://127.0.0.1:3128 #proxyBypassHosts: [ # 'example.com', # '192.0.2.8' #] # Proxy for SMTP/SMTPS #proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 # Media Proxy #mediaProxy: https://example.com/proxy # Sign outgoing ActivityPub GET request (default: true) signToActivityPubGet: true # Sign outgoing ActivityPub Activities (default: true) # Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity. # When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances. # This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests. attachLdSignatureForRelays: true # check that inbound ActivityPub GET requests are signed ("authorized fetch") checkActivityPubGetSignature: false #allowedPrivateNetworks: [ # '127.0.0.1/32' #] # Upload or download file size limits (bytes) #maxFileSize: 262144000