diff --git a/conf.php b/conf.php deleted file mode 100644 index bf13ec2..0000000 --- a/conf.php +++ /dev/null @@ -1,267 +0,0 @@ -;project page." - -; (optional) notice to display -; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service." - -; by default PrivateBin will guess the visitors language based on the browsers -; settings. Optionally you can enable the language selection menu, which uses -; a session cookie to store the choice until the browser is closed. -languageselection = false - -; set the language your installs defaults to, defaults to English -; if this is set and language selection is disabled, this will be the only language -; languagedefault = "en" - -; (optional) URL shortener address to offer after a new paste is created. -; It is suggested to only use this with self-hosted shorteners as this will leak -; the pastes encryption key. -; urlshortener = "https://shortener.example.com/api?link=" - -; (optional) Let users create a QR code for sharing the paste URL with one click. -; It works both when a new paste is created and when you view a paste. -; qrcode = true - -; (optional) Let users send an email sharing the paste URL with one click. -; It works both when a new paste is created and when you view a paste. -; email = true - -; (optional) IP based icons are a weak mechanism to detect if a comment was from -; a different user when the same username was used in a comment. It might get -; used to get the IP of a comment poster if the server salt is leaked and a -; SHA512 HMAC rainbow table is generated for all (relevant) IPs. -; Can be set to one these values: -; "none" / "identicon" (default) / "jdenticon" / "vizhash". -; icon = "none" - -; Content Security Policy headers allow a website to restrict what sources are -; allowed to be accessed in its context. You need to change this if you added -; custom scripts from third-party domains to your templates, e.g. tracking -; scripts or run your site behind certain DDoS-protection services. -; Check the documentation at https://content-security-policy.com/ -; Notes: -; - If you use a bootstrap theme, you can remove the allow-popups from the -; sandbox restrictions. -; - By default this disallows to load images from third-party servers, e.g. when -; they are embedded in pastes. If you wish to allow that, you can adjust the -; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images -; for details. -; - The 'unsafe-eval' is used in two cases; to check if the browser supports -; async functions and display an error if not and for Chrome to enable -; webassembly support (used for zlib compression). You can remove it if Chrome -; doesn't need to be supported and old browsers don't need to be warned. -; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads" - -; stay compatible with PrivateBin Alpha 0.19, less secure -; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of -; sha256 in HMAC for the deletion token -; zerobincompatibility = false - -; Enable or disable the warning message when the site is served over an insecure -; connection (insecure HTTP instead of HTTPS), defaults to true. -; Secure transport methods like Tor and I2P domains are automatically whitelisted. -; It is **strongly discouraged** to disable this. -; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information. -; httpwarning = true - -; Pick compression algorithm or disable it. Only applies to pastes/comments -; created after changing the setting. -; Can be set to one these values: "none" / "zlib" (default). -; compression = "zlib" - -[expire] -; expire value that is selected per default -; make sure the value exists in [expire_options] -default = "1week" - -[expire_options] -; Set each one of these to the number of seconds in the expiration period, -; or 0 if it should never expire -5min = 300 -10min = 600 -1hour = 3600 -1day = 86400 -1week = 604800 -; Well this is not *exactly* one month, it's 30 days: -1month = 2592000 -1year = 31536000 -never = 0 - -[formatter_options] -; Set available formatters, their order and their labels -plaintext = "Plain Text" -syntaxhighlighting = "Source Code" -markdown = "Markdown" - -[traffic] -; time limit between calls from the same IP address in seconds -; Set this to 0 to disable rate limiting. -limit = 10 - -; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted -; from the rate-limit. Invalid IPs will be ignored. If multiple values are to -; be exempted, the list needs to be comma separated. Leave unset to disable -; exemptions. -; exempted = "1.2.3.4,10.10.10/24" - -; (optional) If you want only some source IP addresses (v4 or v6) or subnets -; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be -; ignored. If multiple values are to be exempted, the list needs to be comma -; separated. Leave unset to allow anyone to create pastes. -; creators = "1.2.3.4,10.10.10/24" - -; (optional) if your website runs behind a reverse proxy or load balancer, -; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR -; header = "X_FORWARDED_FOR" - -[purge] -; minimum time limit between two purgings of expired pastes, it is only -; triggered when pastes are created -; Set this to 0 to run a purge every time a paste is created. -limit = 300 - -; maximum amount of expired pastes to delete in one purge -; Set this to 0 to disable purging. Set it higher, if you are running a large -; site -batchsize = 10 - -[model] -; name of data model class to load and directory for storage -; the default model "Filesystem" stores everything in the filesystem -class = Filesystem -[model_options] -dir = PATH "data" - -;[model] -; example of a Google Cloud Storage configuration -;class = GoogleCloudStorage -;[model_options] -;bucket = "my-private-bin" -;prefix = "pastes" -;uniformacl = false - -;[model] -; example of DB configuration for MySQL -;class = Database -;[model_options] -;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8" -;tbl = "privatebin_" ; table prefix -;usr = "privatebin" -;pwd = "Z3r0P4ss" -;opt[12] = true ; PDO::ATTR_PERSISTENT - -;[model] -; example of DB configuration for SQLite -;class = Database -;[model_options] -;dsn = "sqlite:" PATH "data/db.sq3" -;usr = null -;pwd = null -;opt[12] = true ; PDO::ATTR_PERSISTENT - -;[model] -; example of DB configuration for PostgreSQL -;class = Database -;[model_options] -;dsn = "pgsql:host=localhost;dbname=privatebin" -;tbl = "privatebin_" ; table prefix -;usr = "privatebin" -;pwd = "Z3r0P4ss" -;opt[12] = true ; PDO::ATTR_PERSISTENT - -;[model] -; example of S3 configuration for Rados gateway / CEPH -;class = S3Storage -;[model_options] -;region = "" -;version = "2006-03-01" -;endpoint = "https://s3.my-ceph.invalid" -;use_path_style_endpoint = true -;bucket = "my-bucket" -;accesskey = "my-rados-user" -;secretkey = "my-rados-pass" - -;[model] -; example of S3 configuration for AWS -;class = S3Storage -;[model_options] -;region = "eu-central-1" -;version = "latest" -;bucket = "my-bucket" -;accesskey = "access key id" -;secretkey = "secret access key" - -;[model] -; example of S3 configuration for AWS using its SDK default credential provider chain -; if relying on environment variables, the AWS SDK will look for the following: -; - AWS_ACCESS_KEY_ID -; - AWS_SECRET_ACCESS_KEY -; - AWS_SESSION_TOKEN (if needed) -; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain -;class = S3Storage -;[model_options] -;region = "eu-central-1" -;version = "latest" -;bucket = "my-bucket" - -[yourls] -; When using YOURLS as a "urlshortener" config item: -; - By default, "urlshortener" will point to the YOURLS API URL, with or without -; credentials, and will be visible in public on the PrivateBin web page. -; Only use this if you allow short URL creation without credentials. -; - Alternatively, using the parameters in this section ("signature" and -; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin -; instance with "?shortenviayourls&link=" appended. For example: -; urlshortener = "${basepath}?shortenviayourls&link=" -; This URL will in turn call YOURLS on the server side, using the URL from -; "apiurl" and the "access signature" from the "signature" parameters below. - -; (optional) the "signature" (access key) issued by YOURLS for the using account -; signature = "" -; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL -; apiurl = "https://yourls.example.com/yourls-api.php" \ No newline at end of file diff --git a/production.yml b/production.yml index 2437ad7..82500e1 100644 --- a/production.yml +++ b/production.yml @@ -101,7 +101,7 @@ services: volumes: - './privatebin-data:/srv/data' # data volume for pastes allows pastes # to persist after container stop or restart - - './conf.php:/srv/cfg/conf.php:ro' # second volume for custom configuration file + - './config/conf.php:/srv/cfg/conf.php:ro' # second volume for custom configuration file expose: - 8080 restart: unless-stopped