-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.env.example
More file actions
141 lines (108 loc) · 5.8 KB
/
Copy path.env.example
File metadata and controls
141 lines (108 loc) · 5.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
OCMS_DB_PATH=./data/ocms.db
# REQUIRED: Session encryption key (minimum 32 bytes)
# Generate a secure secret with: openssl rand -base64 32
# NEVER use default or example values in production!
OCMS_SESSION_SECRET=
OCMS_SERVER_HOST=localhost
OCMS_SERVER_PORT=8080
OCMS_ENV=development
OCMS_LOG_LEVEL=debug
# Optional: Separate error log file for 5xx/ERROR level messages.
# Errors are ALSO written to stdout (the main log). This provides
# a dedicated file for quick triage without grepping the full log.
# OCMS_ERROR_LOG_PATH=./logs/error.log
# Require captcha for all public form submissions (recommended for production)
# When true, forms without a captcha field will reject submissions.
# OCMS_REQUIRE_FORM_CAPTCHA=false
# Control form.submitted webhook payload data:
# redacted (default) - redact sensitive fields and truncate values
# none - omit submission data from webhook payloads
# full - include full values (still truncated); not recommended in production
# OCMS_WEBHOOK_FORM_DATA_MODE=redacted
# Fail startup in production if webhook form payload mode is set to full.
# OCMS_REQUIRE_WEBHOOK_FORM_DATA_MINIMIZATION=false
# Enable database seeding (creates default admin, config, menus)
# Set to true for fresh installs and development
# Leave unset or false in production to prevent recreation of deleted data
OCMS_DO_SEED=true
# Theme configuration
# Core themes (default, developer) are embedded in the binary.
# Custom themes go in the custom/themes/ directory to override or extend core themes.
OCMS_CUSTOM_DIR=./custom
OCMS_ACTIVE_THEME=default
# =============================================================================
# CACHE CONFIGURATION
# =============================================================================
# By default, OCMS uses in-memory caching. For production deployments with
# multiple instances, configure Redis for distributed caching.
# Redis URL for distributed caching (optional)
# If not set, uses in-memory cache (suitable for single-instance deployments)
# Format: redis://[username:password@]host:port/db
# Examples:
# OCMS_REDIS_URL=redis://localhost:6379/0
# OCMS_REDIS_URL=redis://:password@redis.example.com:6379/0
# OCMS_REDIS_URL=redis://user:password@redis.example.com:6379/1
# OCMS_REDIS_URL=
# Key prefix for Redis cache entries (default: ocms:)
# Useful when sharing Redis instance with other applications
# OCMS_CACHE_PREFIX=ocms:
# Default cache TTL in seconds (default: 3600 = 1 hour)
# OCMS_CACHE_TTL=3600
# Maximum entries for in-memory cache (default: 10000)
# Only applies when using memory cache, ignored for Redis
# OCMS_CACHE_MAX_SIZE=10000
# =============================================================================
# GEOIP CONFIGURATION
# =============================================================================
# Enable country detection in analytics using MaxMind GeoLite2-Country database.
# Download free database from: https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
# If not set, country detection is disabled (analytics still works without it).
# OCMS_GEOIP_DB_PATH=/path/to/GeoLite2-Country.mmdb
# Trusted reverse proxies for client IP extraction (optional, recommended behind LB/CDN)
# Forwarded headers are ignored unless the direct peer matches one of these CIDRs/IPs.
# Example: OCMS_TRUSTED_PROXIES=127.0.0.1/32,10.0.0.0/8,203.0.113.10
# OCMS_TRUSTED_PROXIES=
# Fail startup in production if trusted proxies are not configured.
# OCMS_REQUIRE_TRUSTED_PROXIES=false
# Restrict API key usage to these source CIDRs/IPs (optional)
# Example: OCMS_API_ALLOWED_CIDRS=10.0.0.0/8,203.0.113.10
# OCMS_API_ALLOWED_CIDRS=
# Require global API source CIDR policy to be configured (optional, recommended)
# When true and OCMS_API_ALLOWED_CIDRS is empty, API key auth is denied.
# OCMS_REQUIRE_API_ALLOWED_CIDRS=false
# Require all API keys to have an expiration date (optional, recommended)
# OCMS_REQUIRE_API_KEY_EXPIRY=false
# Require all API keys to have per-key source CIDR restrictions (optional, recommended)
# OCMS_REQUIRE_API_KEY_SOURCE_CIDRS=false
# Deactivate API keys when source IP changes and the key has no per-key CIDRs.
# OCMS_REVOKE_API_KEY_ON_SOURCE_IP_CHANGE=false
# Maximum API key lifetime in days (0 disables, max 365, optional, recommended).
# Example: OCMS_API_KEY_MAX_TTL_DAYS=90
# OCMS_API_KEY_MAX_TTL_DAYS=0
# Restrict public embed proxy routes to trusted browser origins (optional)
# Example: OCMS_EMBED_ALLOWED_ORIGINS=https://example.com,https://app.example.com
# OCMS_EMBED_ALLOWED_ORIGINS=
# Restrict embed provider upstream endpoints to trusted hosts (optional).
# Example: OCMS_EMBED_ALLOWED_UPSTREAM_HOSTS=api.dify.ai,dify.internal.example
# OCMS_EMBED_ALLOWED_UPSTREAM_HOSTS=
# Fail startup in production if embed proxy is active but upstream host
# allowlist is empty.
# OCMS_REQUIRE_EMBED_ALLOWED_UPSTREAM_HOSTS=false
# Fail startup in production if embed proxy is active but origin allowlist is empty.
# OCMS_REQUIRE_EMBED_ALLOWED_ORIGINS=false
# Secret used to mint short-lived signed tokens for embed proxy requests.
# Required in production when embed proxy is active.
# OCMS_EMBED_PROXY_TOKEN=
# Enforce embed proxy token policy in non-production as well.
# OCMS_REQUIRE_EMBED_PROXY_TOKEN=false
# Force-disable hCaptcha regardless of database settings (useful for development/CI)
# OCMS_HCAPTCHA_DISABLED=false
# Sanitize page HTML before rendering to visitors (optional, recommended).
# OCMS_SANITIZE_PAGE_HTML=false
# Fail startup in production if page HTML sanitization is disabled.
# OCMS_REQUIRE_SANITIZE_PAGE_HTML=false
# Reject page create/update requests when suspicious HTML patterns are found.
# OCMS_BLOCK_SUSPICIOUS_PAGE_HTML=false
# Fail startup in production if suspicious page markup blocking is disabled
# or stored pages already contain suspicious HTML markers.
# OCMS_REQUIRE_BLOCK_SUSPICIOUS_PAGE_HTML=false