설명 없음
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

var_www_kanboard_config.j2 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
  1. <?php
  2. /*******************************************************************/
  3. /* Rename this file to config.php if you want to change the values */
  4. /* */
  5. /* Make sure all paths are absolute by using __DIR__ where needed */
  6. /*******************************************************************/
  7. // Data folder (must be writeable by the web server user and absolute)
  8. define('DATA_DIR', __DIR__.DIRECTORY_SEPARATOR.'data');
  9. // Enable/Disable debug
  10. define('DEBUG', false);
  11. // Available log drivers: syslog, stderr, stdout, system or file
  12. define('LOG_DRIVER', 'system');
  13. // Log filename if the log driver is "file"
  14. define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
  15. // Plugins directory
  16. define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
  17. // Plugins directory URL
  18. define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
  19. // Enable/Disable plugin installer (Disabled by default for security reasons)
  20. // There is no code review or any approval process to submit a plugin.
  21. // This is up to the Kanboard instance owner to validate if a plugin is legit.
  22. define('PLUGIN_INSTALLER', true);
  23. // Available cache drivers are "file" and "memory"
  24. define('CACHE_DRIVER', 'memory');
  25. // Cache folder to use if cache driver is "file" (must be writeable by the web server user)
  26. define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache');
  27. // Folder for uploaded files (must be writeable by the web server user)
  28. define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
  29. // Enable/disable email configuration from the user interface
  30. define('MAIL_CONFIGURATION', true);
  31. // E-mail address used for the "From" header (notifications)
  32. define('MAIL_FROM', 'kanboard@{{ domain }}');
  33. // E-mail address used for the "Bcc" header to send a copy of all notifications
  34. define('MAIL_BCC', '');
  35. // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
  36. define('MAIL_TRANSPORT', 'mail');
  37. // SMTP configuration to use when the "smtp" transport is chosen
  38. define('MAIL_SMTP_HOSTNAME', '');
  39. define('MAIL_SMTP_PORT', 25);
  40. define('MAIL_SMTP_USERNAME', '');
  41. define('MAIL_SMTP_PASSWORD', '');
  42. define('MAIL_SMTP_HELO_NAME', null); // valid: null (default), or FQDN
  43. define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
  44. // Sendmail command to use when the transport is "sendmail"
  45. define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
  46. // Run automatically database migrations
  47. // If set to false, you will have to run manually the SQL migrations from the CLI during the next Kanboard upgrade
  48. // Do not run the migrations from multiple processes at the same time (example: web page + background worker)
  49. define('DB_RUN_MIGRATIONS', true);
  50. // Database driver: sqlite, mysql or postgres (sqlite by default)
  51. define('DB_DRIVER', 'postgres');
  52. // Mysql/Postgres username
  53. define('DB_USERNAME', '{{ kanboard_db_username }}');
  54. // Mysql/Postgres password
  55. define('DB_PASSWORD', '{{ kanboard_db_password }}');
  56. // Mysql/Postgres hostname
  57. define('DB_HOSTNAME', 'localhost');
  58. // Mysql/Postgres database name
  59. define('DB_NAME', '{{ kanboard_db_database }}');
  60. // Mysql/Postgres custom port (null = default port)
  61. define('DB_PORT', null);
  62. // Mysql SSL key
  63. define('DB_SSL_KEY', null);
  64. // Mysql SSL certificate
  65. define('DB_SSL_CERT', null);
  66. // Mysql SSL CA
  67. define('DB_SSL_CA', null);
  68. // Mysql SSL server verification, set to false if you don't want the Mysql driver to validate the certificate CN
  69. define('DB_VERIFY_SERVER_CERT', null);
  70. // Timeout value for PDO attribute
  71. define('DB_TIMEOUT', null);
  72. {% if kanboard_enable_ldap == true %}
  73. define('LDAP_AUTH', true);
  74. define('LDAP_SERVER', 'ldap://localhost:389');
  75. define('LDAP_SSL_VERIFY', true);
  76. define('LDAP_START_TLS', false);
  77. define('LDAP_USERNAME_CASE_SENSITIVE', false);
  78. define('LDAP_BIND_TYPE', 'proxy');
  79. define('LDAP_USERNAME', 'uid=admin,ou=people,{{ ldap_domain_string }}');
  80. define('LDAP_PASSWORD', '{{ slapd_admin_password }}');
  81. define('LDAP_USER_BASE_DN', 'ou=people,{{ ldap_domain_string }}');
  82. define('LDAP_USER_FILTER', 'uid=%s');
  83. define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');
  84. define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');
  85. define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
  86. define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
  87. define('LDAP_USER_ATTRIBUTE_PHOTO', '');
  88. define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
  89. define('LDAP_USER_CREATION', true);
  90. define('LDAP_USER_DEFAULT_ROLE_MANAGER', false);
  91. define('LDAP_GROUP_ADMIN_DN', '');
  92. define('LDAP_GROUP_MANAGER_DN', '');
  93. define('LDAP_GROUP_PROVIDER', false);
  94. define('LDAP_GROUP_BASE_DN', '');
  95. define('LDAP_GROUP_FILTER', '');
  96. define('LDAP_GROUP_USER_FILTER', '');
  97. define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
  98. define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
  99. {% else %}
  100. // Enable LDAP authentication (false by default)
  101. define('LDAP_AUTH', false);
  102. // LDAP server protocol, hostname and port URL (ldap[s]://hostname:port)
  103. define('LDAP_SERVER', '');
  104. // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
  105. define('LDAP_SSL_VERIFY', true);
  106. // Enable LDAP START_TLS
  107. define('LDAP_START_TLS', false);
  108. // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
  109. // Set to true if you want to preserve the case
  110. define('LDAP_USERNAME_CASE_SENSITIVE', false);
  111. // LDAP bind type: "anonymous", "user" or "proxy"
  112. define('LDAP_BIND_TYPE', 'anonymous');
  113. // LDAP username to use with proxy mode
  114. // LDAP username pattern to use with user mode
  115. define('LDAP_USERNAME', null);
  116. // LDAP password to use for proxy mode
  117. define('LDAP_PASSWORD', null);
  118. // LDAP DN for users
  119. // Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
  120. // Example for OpenLDAP: ou=People,dc=example,dc=com
  121. define('LDAP_USER_BASE_DN', '');
  122. // LDAP pattern to use when searching for a user account
  123. // Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
  124. // Example for OpenLDAP: 'uid=%s'
  125. define('LDAP_USER_FILTER', '');
  126. // LDAP attribute for username
  127. // Example for ActiveDirectory: 'sAMAccountName'
  128. // Example for OpenLDAP: 'uid'
  129. define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');
  130. // LDAP attribute for user full name
  131. // Example for ActiveDirectory: 'displayname'
  132. // Example for OpenLDAP: 'cn'
  133. define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');
  134. // LDAP attribute for user email
  135. define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
  136. // LDAP attribute to find groups in user profile
  137. define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
  138. // LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
  139. define('LDAP_USER_ATTRIBUTE_PHOTO', '');
  140. // LDAP attribute for user language, example: 'preferredlanguage'
  141. // Put an empty string to disable language sync
  142. define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
  143. // Allow automatic LDAP user creation
  144. define('LDAP_USER_CREATION', true);
  145. // Set new user as Manager
  146. define('LDAP_USER_DEFAULT_ROLE_MANAGER', false);
  147. // LDAP DN for administrators
  148. // Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
  149. define('LDAP_GROUP_ADMIN_DN', '');
  150. // LDAP DN for managers
  151. // Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
  152. define('LDAP_GROUP_MANAGER_DN', '');
  153. // Enable LDAP group provider for project permissions
  154. // The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
  155. define('LDAP_GROUP_PROVIDER', false);
  156. // LDAP Base DN for groups
  157. define('LDAP_GROUP_BASE_DN', '');
  158. // LDAP group filter
  159. // Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
  160. define('LDAP_GROUP_FILTER', '');
  161. // LDAP user group filter
  162. // If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
  163. // Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
  164. define('LDAP_GROUP_USER_FILTER', '');
  165. // LDAP attribute for the user in the group filter
  166. // 'username' or 'dn'
  167. define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
  168. // LDAP attribute for the group name
  169. define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
  170. {% endif %}
  171. // Enable/disable the reverse proxy authentication
  172. define('REVERSE_PROXY_AUTH', false);
  173. // Header name to use for the username
  174. define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
  175. // Username of the admin, by default blank
  176. define('REVERSE_PROXY_DEFAULT_ADMIN', '');
  177. // Header name to use for the username
  178. define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL');
  179. // Default domain to use for setting the email address
  180. define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
  181. // Enable/disable remember me authentication
  182. define('REMEMBER_ME_AUTH', true);
  183. // Enable or disable "Strict-Transport-Security" HTTP header
  184. define('ENABLE_HSTS', true);
  185. // Enable or disable "X-Frame-Options: DENY" HTTP header
  186. define('ENABLE_XFRAME', true);
  187. // Escape html inside markdown text
  188. define('MARKDOWN_ESCAPE_HTML', true);
  189. // API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
  190. define('API_AUTHENTICATION_HEADER', '');
  191. // Enable/disable url rewrite
  192. define('ENABLE_URL_REWRITE', true);
  193. // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
  194. define('HIDE_LOGIN_FORM', false);
  195. // Disabling logout (useful for external SSO authentication)
  196. define('DISABLE_LOGOUT', false);
  197. // Enable captcha after 3 authentication failure
  198. define('BRUTEFORCE_CAPTCHA', 3);
  199. // Lock the account after 6 authentication failure
  200. define('BRUTEFORCE_LOCKDOWN', 6);
  201. // Lock account duration in minute
  202. define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
  203. // Session duration in second (0 = until the browser is closed)
  204. // See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
  205. define('SESSION_DURATION', 0);
  206. // Session handler: db or php
  207. define('SESSION_HANDLER', 'db');
  208. // HTTP client proxy
  209. define('HTTP_PROXY_HOSTNAME', '');
  210. define('HTTP_PROXY_PORT', '3128');
  211. define('HTTP_PROXY_USERNAME', '');
  212. define('HTTP_PROXY_PASSWORD', '');
  213. define('HTTP_PROXY_EXCLUDE', 'localhost');
  214. // Set to false to allow self-signed certificates
  215. define('HTTP_VERIFY_SSL_CERTIFICATE', true);
  216. // TOTP (2FA) issuer name
  217. define('TOTP_ISSUER', 'Kanboard');
  218. // Comma separated list of fields to not synchronize when using external authentication providers
  219. define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username');
  220. // Enable or disable displaying group-memberships in userlist (true by default)
  221. define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST', true);
  222. // Limit number of groups to display in userlist (The full list of group-memberships is always shown, ...
  223. // ... when hovering the mouse over the group-icon of a given user!)
  224. // If set to 0 ALL group-memberships will be listed (7 by default)
  225. define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST_WITH_LIMIT', 7);