references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/stabilize_form_loading
openproject/config/configuration.yml.example
T
Jan Sandbrink 4d305df714 Allow to use API Tokens as Bearer tokens 
We generate those tokens with a prefix, so that we
can decide by looking at a token, whether it's an API Token
or a different kind of token, so that we can decide which
code path to choose for validating the token.

The usage of access tokens as Bearer token has the usability advantage,
that you can paste them as plaintext into tools that expect you
to specify the token as a header.

Also the Basic auth approach for our old tokens usually rather caused
issues, such as browsers prompting for credentials in surprising situations.
If we were to deprecate basic authentication one day, this change today could've
been the first step towards that.
2026-02-05 08:07:04 +01:00

432 lines
15 KiB
Plaintext
Raw Permalink Blame History

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
# = OpenProject configuration file
#
# Each environment has its own configuration options. If you are only
# running in production, only the production block needs to be configured.
# Environment specific configuration options override the default ones.
#
# Note that this file needs to be a valid YAML file.
#
# Instead of using a configuration.yml file, you can configure OpenProject via
# environment variables. See doc/CONFIGURATION.md for more information.
#
#
# == Outgoing email settings (email_delivery setting)
#
# === Common configurations
#
# ==== Sendmail command
#
# production:
# email_delivery_method: :sendmail
#
# ==== Simple SMTP server at localhost
#
# production:
# email_delivery_method: "smtp"
# smtp_address: "localhost"
# smtp_port: 25
#
# ==== SMTP server at example.com using LOGIN authentication and checking HELO for foo.com
#
# production:
# email_delivery_method: "smtp"
# smtp_address: "example.com"
# smtp_port: 25
# smtp_authentication: :login
# smtp_domain: 'foo.com'
# smtp_user_name: 'myaccount'
# smtp_password: 'password'
#
# ==== SMTP server at example.com using PLAIN authentication
#
# production:
# email_delivery_method: "smtp"
# smtp_address: "example.com"
# smtp_port: 25
# smtp_authentication: :plain
# smtp_domain: 'example.com'
# smtp_user_name: 'myaccount'
# smtp_password: 'password'
#
# ==== SMTP server at using TLS (GMail)
#
# This requires some additional configuration. See the article at:
# http://redmineblog.com/articles/setup-redmine-to-send-email-using-gmail/
#
# production:
# email_delivery_method: "smtp"
# smtp_enable_starttls_auto: true
# smtp_address: "smtp.gmail.com"
# smtp_port: 587
# smtp_domain: "smtp.gmail.com" # 'your.domain.com' for GoogleApps
# smtp_authentication: :plain
# smtp_user_name: "your_email@gmail.com"
# smtp_password: "your_password"
#
# ==== SMTP server at using SSL
#
# production:
# email_delivery_method: "smtp"
# smtp_enable_starttls_auto: false
# smtp_ssl: true
# smtp_address: "smtp.gmail.com"
# smtp_port: 587
# smtp_domain: "smtp.gmail.com" # 'your.domain.com' for GoogleApps
# smtp_authentication: :plain
# smtp_user_name: "your_email@gmail.com"
# smtp_password: "your_password"
#
# === More configuration options
#
# See following page:
#
# http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration
#
# Disable default module:
#
# By default user may choose which modules can be disabled,
# they should be listed as an array in yml format more information
# regarding yml format you can find here:
# http://symfony.com/doc/current/components/yaml/yaml_format.html
#
# disabled_modules:
# - module_name_1
# - module_name_2
#
# Hide menu items:
#
# By default user may choose which menu items can be disabled,
# they should be listed as an array in yml format more information
# regarding yml format you can find here:
# http://symfony.com/doc/current/components/yaml/yaml_format.html
#
# production:
# hidden_menu_items:
# admin_menu:
# - roles
# - types
# - statuses
# - workflows
# - enumerations
# - settings
# - ldap_authentication
# - colors
# - plugins
# - info
#
# Also there is a possibility to specify which routes are forbidden,
# they should be listed as an array in yml format more information
# regarding yml format you can find here:
# http://symfony.com/doc/current/components/yaml/yaml_format.html
# You can also use wildcards (*) in your url
#
# production:
# blacklisted_routes:
# - 'admin/info'
# - 'admin/plugins'
# - 'colors'
# - 'settings'
# - 'admin/enumerations'
# - 'workflows/*'
# - 'statuses'
# - 'types'
# - 'admin/roles'
#
# Beta features
#
# Some features are hidden behind a feature flag during development.
# To activate one or more features set the corresponding flag inside the section.
#
# Example:
# production:
# feature_your_module_active: true
# default configuration options for all environments
default:
log_level: info
# web server configuration
# web:
# workers: 2
# timeout: 60
# wait_timeout: 10
# min_threads: 4
# max_threads: 16
# statsd configuration
# statsd:
# host: 127.0.0.1
# port: 8125
# Outgoing emails configuration (see examples above)
email_delivery_method: :smtp
smtp_address: smtp.example.net
smtp_port: 25
smtp_domain: example.net
smtp_authentication: :login
smtp_user_name: "openproject@example.net"
smtp_password: "my_openproject_password"
# Prefix to the url-path. This path is then prepended to all
# the routes and is used to correctly identify the path to the assets.
# Defaults to having no prefix.
# Examples:
# For OpenProject to be reachable as
# https://example.org/open_project
# the setting has o be:
# rails_relative_url_root: "/open_project"
#
# rails_relative_url_root: ""
# Absolute path to the directory where attachments are stored.
# The default is the 'files' directory in your OpenProject instance.
# Your OpenProject instance needs to have write permission on this
# directory.
# Examples:
# attachments_storage_path: /var/openproject/files
# attachments_storage_path:
# Grace period until uploaded but unassigned (i.e. to a container like work packages,
# wiki pages) attachments are deleted (in minutes)
# attachments_grace_period: 180
# Configuration of the autologin cookie.
# autologin_cookie_name: the name of the cookie (default: autologin)
# autologin_cookie_path: the cookie path (default: /)
# autologin_cookie_name:
# autologin_cookie_path:
# Configuration of the session cookie
# session_cookie_name: the name of the OpenProject cookie (default: _open_project_session)
# disable browser cache for security reasons
# see: https://websecuritytool.codeplex.com/wikipage?title=Checks#http-cache-control-header-no-store
# disable_browser_cache: true
# use memcache for performance, memcached must be installed
# rails_cache_store: :memcache
# Default comment sorting for new users
# Note, does not change saved preferences of existing users
# default_comment_sort_order: 'asc'
# Delete old sessions for the same user when logging in
# Disabled by default to allow multiple concurrent sessions.
# drop_old_sessions_on_login: false
# Delete old sessions for the same user when logging out. (Enabled by default)
# drop_old_sessions_on_logout: true
# define your airbrake api key. optionally provide a different host and port
# to connect to a different backend (e.g. a self-hosted errbit)
# airbrake:
# api_key: <your_api_key>
# host: errbit.example.org
# port: 443 (default)
##
# Overriding the appearance of the help menu
#
# You can set a custom help link to appear in stead of the built-in help dropdown.
# Users clicking on the help icon will be referred to the given page.
# To enable, uncomment this line and set your URL.
# force_help_link: https://my-custom-domain.example/my-help-url
##
# Overriding the text formatting help link
# In each WYSIWYG editor, there is a help button that by default shows OpenProject's
# own formatting text help. You can override that to show a custom page.
# force_formatting_help_link: https://my-custom-domain/my-formatting-help-url
##
# Overriding the existence of community back links
# By default, the homescreen will have some links towards our community pages
# To disable it, uncomment this line
# show_community_links: false
# Configuration of Source control vendors
# client_command:
# Use this command to the default SCM vendor command (taken from path).
# Absolute path (e.g. /usr/local/bin/hg) or command name (e.g. hg.exe, bzr.exe)
# On Windows, *.cmd, *.bat (e.g. hg.cmd, bzr.bat) does not work.
# manages:
# Enable managed repositories for this vendor.
# You may either specify a local path on the filesystem or an absolute URL to call when
# repositories are to be created or deleted.
# This allows OpenProject to take control over the given path to create and delete repositories
# directly when created in the frontend.
#
# When entering a URL, OpenProject will POST to this resource when repositories are created
# using the following JSON-encoded payload:
# - action: The action to perform (create, delete, relocate)
# - identifier: The repository identifier name
# - vendor: The SCM vendor of the repository to create
# - project: identifier, name and ID of the associated project
# - old_identifier: The identifier to the old repository (used only during relocate)
#
# NOTE: Disabling :managed repositories using disabled_types takes precedence over this setting.
#
# insecure:
# Only applies when the manages: key is set to a URL
# If the given URL uses SSL, certificate checking will be disabled.
# This key is set for a packaged installation by default, since it communicates locally and
# these installations may often include a snakeoil certificate.
# mode:
# The octal file mode to set the repository folder to (defaults to 0700).
# group:
# The group that should own the repository folder.
# Important: The user running OpenProject must be a member of this group in order to have the
# privilege to set the group ownership.
# Note: The owner is always the user that runs OpenProject!
#
# disabled_types:
# Disable specific repository types for this particular vendor. This allows
# to restrict the available choices a project administrator has for creating repositories
# May be set as a YAML list of types or several types, separated by comma.
# See the example below for available types.
#
# Available types for git:
# - :local (Local repositories, registered using a local path)
# - :managed (Managed repositories, available IF :manages path is set below)
# Available types for subversion:
# - :existing (Existing subversion repositories by URL - local using file:/// or remote
# using one of the supported URL schemes (e.g., https://, svn+ssh:// )
# - :managed (Managed repositories, available IF :manages path is set below)
#
# Exemplary configuration
#
# scm:
# git:
# client_command: /usr/local/bin/git
# disabled_types:
# - :local
# manages: /opt/repositories/git
# subversion:
# client_command: /usr/local/bin/svn
# trustedssl: true
# disabled_types:
# - :existing
# manages: /opt/repositories/svn
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords).
# If you don't want to enable data encryption, just leave it blank.
# WARNING: losing/changing this key will make encrypted data unreadable.
#
# If you want to encrypt existing passwords in your database:
# * set the cipher key here in your configuration file
# * encrypt data using 'rake db:encrypt RAILS_ENV=production'
#
# If you have encrypted data and want to change this key, you have to:
# * decrypt data using 'rake db:decrypt RAILS_ENV=production' first
# * change the cipher key here in your configuration file
# * encrypt data using 'rake db:encrypt RAILS_ENV=production'
# database_cipher_key:
#
# Omniauth direct login:
#
# Per default the user may choose the usual password login as well as several omniauth providers
# on the login page and in the login drop down menu.
#
# With his configuration option you can set a specific omniauth provider to be
# used for direct login. Meaning that the login provider selection is skipped and
# the configured provider is used directly instead.
#
# If this option is active /login will lead directly to the configured omniauth provider
# and so will a click on 'Sign in' (as opposed to opening the drop down menu).
#
# Note that this does not stop a user from manually navigating to any other
# omniauth provider if additional ones are configured.
# omniauth_direct_login_provider: developer
#
# disable_password_login: true
# If enabled a user's password cannot be set to an arbitrary value.
# The respective form elements will be removed from the user edit view.
# Instead, if the password needs to be changed, a random, temporary password can be
# generated and sent to the user who then has to change their password upon login.
disable_password_choice: false
# You can configure a global set of credentials to authenticate towards
# API v3 via basic auth. Note that this will grant admin access. Use with care
# and make sure the password does not leak.
# authentication:
# global_basic_auth:
# user: admin
# password: admin
# By default, the APIv3 allows authentication through basic auth.
# Uncomment the following line to prevent APIv3 access using Basic auth.
# apiv3_enable_basic_auth: false
# You can configure where users should be sent after the login
# after_login_default_redirect_url: '/my/page'
# after_first_login_redirect_url: '/projects/demo'
# For filtering work packages based on their attachments (name, content) it's worth to specify the main language that
# is used in those documents. This improves the full text search features of PostgreSQL. Currently PostgreSQL ships
# with the following languages pre-installed:
#
# danish
# dutch
# english
# finnish
# french
# german
# hungarian
# italian
# norwegian
# portuguese
# romanian
# russian
# simple
# spanish
# swedish
# turkish
#
# main_content_language: 'english'
# specific configuration options for production environment
# that overrides the default ones
production:
log_level: warn
# specific configuration options for development environment
# that overrides the default ones
development:
email_delivery_method: :letter_opener
# Configuration for the test environment
test:
email_delivery_method: :test
Reference in New Issue View Git Blame Copy Permalink