[discourse-web/gnome] Synchronize discourse.conf

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [discourse-web/gnome] Synchronize discourse.conf
Date: Wed, 6 Apr 2022 12:39:03 +0000 (UTC)
commit 6d3e018f73cdb9b694dfd627bbbec2fc6686af63
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Tue Apr 5 16:48:24 2022 +0200

    Synchronize discourse.conf

 config/discourse.conf | 62 ++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 49 insertions(+), 13 deletions(-)
---
diff --git a/config/discourse.conf b/config/discourse.conf
index 05ea997..dfd4ca9 100644
--- a/config/discourse.conf
+++ b/config/discourse.conf
@@ -1,7 +1,7 @@
 # connection pool size, sidekiq is set to 1, allowing an extra 3 for bg threads
 db_pool = ${DISCOURSE_CONFIG_DB_POOL}
 
-# database timeout in milliseconds
+# ActiveRecord connection pool timeout in milliseconds
 db_timeout = 5000
 
 # socket file used to access db
@@ -11,6 +11,10 @@ db_socket =
 # This is set to blank so it tries to use sockets first
 db_host = ${DISCOURSE_CONFIG_DB_HOST}
 
+# host address for db server when taking a backup via `pg_dump`
+# Defaults to `db_host` if not configured
+db_backup_host =
+
 # port running db server, no need to set it
 db_port = ${DISCOURSE_CONFIG_DB_PORT}
 
@@ -69,6 +73,9 @@ smtp_enable_start_tls = ${DISCOURSE_SMTP_START_TLS}
 # to disable, set to 'none'
 smtp_openssl_verify_mode = 'none'
 
+# force implicit TLS as per RFC 8314 3.3
+smtp_force_tls = false
+
 # load MiniProfiler in production, to be used by developers
 load_mini_profiler = true
 
@@ -76,9 +83,22 @@ load_mini_profiler = true
 # Default is never
 mini_profiler_snapshots_period = 0
 
+# specify the URL of the destination that MiniProfiler should ship snapshots to
+# mini_profiler_snapshots_transport_auth_key is required as well
+mini_profiler_snapshots_transport_url =
+
+# authorization key that will be included as a header in requests made by the
+# snapshots transporter to the URL specified above. The destination should
+# know this key and only accept requests that have this key in the
+# `Mini-Profiler-Transport-Auth` header.
+mini_profiler_snapshots_transport_auth_key =
+
 # recommended, cdn used to access assets
 cdn_url =
 
+# The hostname used by the CDN to request assets
+cdn_origin_hostname =
+
 # comma delimited list of emails that have developer level access
 developer_emails = ${DISCOURSE_CONFIG_DEVELOPER_EMAILS}
 
@@ -89,10 +109,10 @@ redis_host = redis.${NAMESPACE}.svc.cluster.local
 redis_port = ${REDIS_PORT_6379_TCP_PORT}
 
 # redis slave server address
-redis_slave_host =
+redis_replica_host =
 
 # redis slave server port
-redis_slave_port = ${REDIS_PORT_6379_TCP_PORT}
+redis_replica_port = ${REDIS_PORT_6379_TCP_PORT}
 
 # redis database
 redis_db = 0
@@ -116,10 +136,10 @@ message_bus_redis_host = redis.${NAMESPACE}.svc.cluster.local
 message_bus_redis_port = ${REDIS_PORT_6379_TCP_PORT}
 
 # message bus redis slave server address
-message_bus_redis_slave_host =
+message_bus_redis_replica_host =
 
 # message bus redis slave server port
-message_bus_redis_slave_port = ${REDIS_PORT_6379_TCP_PORT}
+message_bus_redis_replica_port = ${REDIS_PORT_6379_TCP_PORT}
 
 # message bus redis database
 message_bus_redis_db = 0
@@ -132,9 +152,9 @@ message_bus_redis_skip_client_commands = false
 
 # enable Cross-origin Resource Sharing (CORS) directly at the application level
 enable_cors = true
-cors_origin = ${DISCOURSE_CORS_ORIGIN}
+cors_origin = '*'
 
-# enable if you really need to serve assets in prd
+# enable if you really need to serve assets in prod
 serve_static_assets = false
 
 # number of sidekiq workers (launched via unicorn master)
@@ -171,12 +191,12 @@ secret_key_base =
 fallback_assets_path =
 
 # S3 settings used for serving ALL public files
-# be sure to configre a CDN as well per cdn_url
+# be sure to configure a CDN as well per cdn_url
 s3_bucket =
 s3_region =
 s3_access_key_id =
 s3_secret_access_key =
-s3_use_iam_profile = false
+s3_use_iam_profile =
 s3_cdn_url =
 s3_endpoint =
 s3_http_continue_timeout =
@@ -186,7 +206,7 @@ s3_install_cors_rule =
 max_user_api_reqs_per_minute = 20
 max_user_api_reqs_per_day = 2880
 
-max_admin_api_reqs_per_key_per_minute = 60
+max_admin_api_reqs_per_minute = 60
 
 max_reqs_per_ip_per_minute = 200
 max_reqs_per_ip_per_10_seconds = 50
@@ -195,11 +215,14 @@ max_reqs_per_ip_per_10_seconds = 50
 max_asset_reqs_per_ip_per_10_seconds = 200
 
 # global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none
-max_reqs_per_ip_mode = none
+max_reqs_per_ip_mode = block
 
 # bypass rate limiting any IP resolved as a private IP
 max_reqs_rate_limit_on_private = false
 
+# use per user rate limits vs ip rate limits for users with this trust level or more.
+skip_per_ip_rate_limit_trust_level = 1
+
 # logged in DoS protection
 
 # protection will only trigger for requests that queue longer than this amount
@@ -269,7 +292,7 @@ compress_anon_cache = false
 # for a specific key
 #
 # This ensures there are no pathological cases where we keep storing data in anonymous cache
-# never to use it, set to 1 to store
+# never to use it, set to 1 to store immediately, set to 0 to disable anon cache
 anon_cache_store_threshold = 2
 
 # EXPERIMENTAL - not yet supported in production
@@ -277,7 +300,7 @@ anon_cache_store_threshold = 2
 # you may restrict it so only specific themes are approved
 # in allowlist mode all theme updates must happen via git repos
 # themes missing from the list are automatically disallowed
-# list is a comma seperated list of git repos eg:
+# list is a comma separated list of git repos eg:
 # 
https://github.com/discourse/discourse-custom-header-links.git,https://github.com/discourse/discourse-simple-theme.git
 allowed_theme_repos =
 
@@ -295,6 +318,19 @@ enable_email_sync_demon = false
 # on multisites we recommend a far lower number
 max_digests_enqueued_per_30_mins_per_site = 10000
 
+# This cluster name can be passed to the /srv/status route to verify
+# the application cluster is the same one you are expecting
+cluster_name =
+
+# The YAML file used to configure multisite clusters
+multisite_config_path = "config/multisite.yml"
+
+# If false, only short (regular) polling will be attempted
+enable_long_polling =
+
+# Length of time to hold open a long polling connection in milliseconds
+long_polling_interval =
+
 # Set trusted ip's for prometheus.
 # Check standard nodes ips.
 prometheus_trusted_ip_allowlist_regex = '(::ffff:188\.18[4-5])|(::ffff:137\.138)'
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]