From 167d3789a5a334859dfb9bf1612bdfc993032667 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:30:12 +0000 Subject: activitypub: upload: pass through an upload limit if one is provided --- config/config.exs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 2d2cdda45..3abb6e695 100644 --- a/config/config.exs +++ b/config/config.exs @@ -84,6 +84,9 @@ config :pleroma, :instance, description: "A Pleroma instance, an alternative fediverse server", limit: 5000, upload_limit: 16_000_000, + avatar_upload_limit: 2_000_000, + background_upload_limit: 4_000_000, + banner_upload_limit: 4_000_000, registrations_open: true, federating: true, allow_relay: true, -- cgit v1.2.3 From 36825932eb04d9db3e2d24b02368d7dd709dea23 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 18:00:59 +0000 Subject: s3 uploader: add new feature to force public attachment URIs to go through media proxy --- config/config.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 2d2cdda45..a71fedf1c 100644 --- a/config/config.exs +++ b/config/config.exs @@ -20,7 +20,8 @@ config :pleroma, Pleroma.Uploaders.Local, config :pleroma, Pleroma.Uploaders.S3, bucket: nil, - public_endpoint: "https://s3.amazonaws.com" + public_endpoint: "https://s3.amazonaws.com", + force_media_proxy: false config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] -- cgit v1.2.3 From ee41dbeca5e57f013a924625d641801b849f432d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 10:13:29 +0100 Subject: config/config.md: Create --- config/config.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 config/config.md (limited to 'config') diff --git a/config/config.md b/config/config.md new file mode 100644 index 000000000..b75ff2aa8 --- /dev/null +++ b/config/config.md @@ -0,0 +1,32 @@ +# Configuration + +## Pleroma.Upload +* `uploader`: Select which `Pleroma.Uploaders` to use +* `strip_exif`: boolean, uses ImageMagick(!) to strip exif. + +## Pleroma.Uploaders.Local +* `uploads``: Which directory to store the user-uploads in, relative to pleroma’s working directory +* `uploads_url`: The URL to access a user-uploaded file, ``{{base_url}}`` is replaced to the instance URL and ``{{file}}`` to the filename. Useful when you want to proxy the media files via another host. + +## ``:uri_schemes`` +* `valid_schemes`: List of the scheme part that is considered valid to be an URL + +## ``:instance`` +* ``name`` +* ``email``: Email used to reach an Administrator/Moderator of the instance +* ``description`` +* ``limit``: Posts character limit +* ``upload_limit``: File size limit of uploads (except for avatar, background, banner) +* ``avatar_upload_limit``: File size limit of user’s profile avatars +* ``background_upload_limit``: File size limit of user’s profile backgrounds +* ``banner_upload_limit``: File size limit of user’s profile backgrounds +* ``registerations_open`` +* ``federating`` +* ``allow_relay`` +* ``rewrite_policy``: Message Rewrite Policy, either one or a list. +* ``public`` +* ``quarantined_instances``: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. +* ``managed_config``: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` +* ``allowed_post_formats``: MIME-type list of formats allowed to be posted (transformed into HTML) +* ``finmoji_enabled`` +* ``mrf_transparency``: Make the content of your Message Rewrite Facility settings public (via nodeinfo). -- cgit v1.2.3 From 0189ccd4d9651396fcfd7a3959c5353acd0785c6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 10:32:43 +0100 Subject: config/config.md: Complete it [WIP] --- config/config.md | 73 ++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 21 deletions(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index b75ff2aa8..3c3f69282 100644 --- a/config/config.md +++ b/config/config.md @@ -5,28 +5,59 @@ * `strip_exif`: boolean, uses ImageMagick(!) to strip exif. ## Pleroma.Uploaders.Local -* `uploads``: Which directory to store the user-uploads in, relative to pleroma’s working directory +* `uploads`: Which directory to store the user-uploads in, relative to pleroma’s working directory * `uploads_url`: The URL to access a user-uploaded file, ``{{base_url}}`` is replaced to the instance URL and ``{{file}}`` to the filename. Useful when you want to proxy the media files via another host. -## ``:uri_schemes`` +## :uri_schemes * `valid_schemes`: List of the scheme part that is considered valid to be an URL -## ``:instance`` -* ``name`` -* ``email``: Email used to reach an Administrator/Moderator of the instance -* ``description`` -* ``limit``: Posts character limit -* ``upload_limit``: File size limit of uploads (except for avatar, background, banner) -* ``avatar_upload_limit``: File size limit of user’s profile avatars -* ``background_upload_limit``: File size limit of user’s profile backgrounds -* ``banner_upload_limit``: File size limit of user’s profile backgrounds -* ``registerations_open`` -* ``federating`` -* ``allow_relay`` -* ``rewrite_policy``: Message Rewrite Policy, either one or a list. -* ``public`` -* ``quarantined_instances``: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. -* ``managed_config``: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` -* ``allowed_post_formats``: MIME-type list of formats allowed to be posted (transformed into HTML) -* ``finmoji_enabled`` -* ``mrf_transparency``: Make the content of your Message Rewrite Facility settings public (via nodeinfo). +## :instance +* `name` +* `email`: Email used to reach an Administrator/Moderator of the instance +* `description` +* `limit`: Posts character limit +* `upload_limit`: File size limit of uploads (except for avatar, background, banner) +* `avatar_upload_limit`: File size limit of user’s profile avatars +* `background_upload_limit`: File size limit of user’s profile backgrounds +* `banner_upload_limit`: File size limit of user’s profile backgrounds +* `registerations_open` +* `federating` +* `allow_relay` +* `rewrite_policy`: Message Rewrite Policy, either one or a list. +* `public` +* `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. +* `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` +* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML) +* `finmoji_enabled` +* `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). + +## :fe +* `theme` +* `logo` +* `logo_mask` +* `logo_margin` +* `background` +* `redirect_root_no_login` +* `redirect_root_login` +* `show_instance_panel` +* `scope_options_enabled`: Enable setting an notice visibility when posting +* `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` +* `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default +* `hide_post_stats`: Hide notices statistics(repeats, favorites, …) +* `hide_user_stats`: Hide profile statistics(posts, posts per day, followers, followings, …) + +## :mrf_simple +* `media_removal`: List of instances to remove medias from +* `media_nsfw`: List of instances to put medias as NSFW(sensitive) from +* `federated_timeline_removal`: List of instances to remove from Federated (aka The Whole Known Network) Timeline +* `reject`: List of instances to reject any activities from +* `accept`: List of instances to accept any activities from + +## :media_proxy +* `enabled`: Enables proxying of remote media to the instance’s proxy +* `redirect_on_failure`: Use the original URL when Media Proxy fails to get it + +## :gopher +* `enabled`: Enables the gopher interface +* `ip`: IP address to bind to +* `port`: Port to bind to -- cgit v1.2.3 From 79bdc3db1932955314815d57f8c4a40b3744fa0b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:27:21 +0100 Subject: config/config.md: Fill all the blanks --- config/config.md | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 3c3f69282..75cb4f683 100644 --- a/config/config.md +++ b/config/config.md @@ -12,34 +12,36 @@ * `valid_schemes`: List of the scheme part that is considered valid to be an URL ## :instance -* `name` +* `name`: The instance’s name * `email`: Email used to reach an Administrator/Moderator of the instance -* `description` -* `limit`: Posts character limit +* `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance`` +* `limit`: Posts character limit (CW/Subject included in the counter) * `upload_limit`: File size limit of uploads (except for avatar, background, banner) * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds * `banner_upload_limit`: File size limit of user’s profile backgrounds -* `registerations_open` +* `registerations_open`: Enable registerations for anyone, invitations can be used when false. * `federating` -* `allow_relay` +* `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance * `rewrite_policy`: Message Rewrite Policy, either one or a list. -* `public` +* `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML) -* `finmoji_enabled` +* `finmoji_enabled`: Whenether to enable the finmojis in the custom emojis. * `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). ## :fe -* `theme` -* `logo` -* `logo_mask` -* `logo_margin` -* `background` -* `redirect_root_no_login` -* `redirect_root_login` -* `show_instance_panel` +This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:instance`` is set to false. + +* `theme`: Which theme to use, they are defined in ``styles.json`` +* `logo`: URL of the logo, defaults to Pleroma’s logo +* `logo_mask`: Whenether to mask the logo +* `logo_margin`: What margin to use around the logo +* `background`: URL of the background, unless viewing a user profile with a background that is set +* `redirect_root_no_login`: relative URL which indicates where to redirect when a user isn’t logged in. +* `redirect_root_login`: relative URL which indicates where to redirect when a user is logged in. +* `show_instance_panel`: Whenether to show the instance’s specific panel. * `scope_options_enabled`: Enable setting an notice visibility when posting * `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` * `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default -- cgit v1.2.3 From db67c9b118542dc0010cee5589c1e8ba97d61a1b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:33:05 +0100 Subject: config/config.md: scope_options_enabled also addresses subject --- config/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 75cb4f683..bbcea619f 100644 --- a/config/config.md +++ b/config/config.md @@ -42,7 +42,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `redirect_root_no_login`: relative URL which indicates where to redirect when a user isn’t logged in. * `redirect_root_login`: relative URL which indicates where to redirect when a user is logged in. * `show_instance_panel`: Whenether to show the instance’s specific panel. -* `scope_options_enabled`: Enable setting an notice visibility when posting +* `scope_options_enabled`: Enable setting an notice visibility and subject/CW when posting * `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` * `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default * `hide_post_stats`: Hide notices statistics(repeats, favorites, …) -- cgit v1.2.3 From d1a7a9fd24403600851cb541a2021d32b7cc8fc5 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:59:44 +0100 Subject: config/config.md: Add lines inspired/copied from CONFIGURATION.md --- config/config.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index bbcea619f..51172fc4d 100644 --- a/config/config.md +++ b/config/config.md @@ -1,5 +1,8 @@ # Configuration +This file describe the configuration, it is recommended to edit the relevant *.secret.exs file instead of the others founds in the ``config`` directory. +If you run Pleroma with ``MIX_ENV=prod`` the file is ``prod.secret.exs``, otherwise it is ``dev.secret.exs``. + ## Pleroma.Upload * `uploader`: Select which `Pleroma.Uploaders` to use * `strip_exif`: boolean, uses ImageMagick(!) to strip exif. @@ -23,7 +26,11 @@ * `registerations_open`: Enable registerations for anyone, invitations can be used when false. * `federating` * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance -* `rewrite_policy`: Message Rewrite Policy, either one or a list. +* `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default: + * `Pleroma.Web.ActivityPub.MRF.NoOpPolicy`: Doesn’t modify activities (default) + * `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production + * `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See ``:mrf_simple`` section) + * `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See ``:mrf_rejectnonpublic`` section) * `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` @@ -55,6 +62,10 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `reject`: List of instances to reject any activities from * `accept`: List of instances to accept any activities from +## :mrf_rejectnonpublic +* `allow_followersonly`: whether to allow followers-only posts +* `allow_direct`: whether to allow direct messages + ## :media_proxy * `enabled`: Enables proxying of remote media to the instance’s proxy * `redirect_on_failure`: Use the original URL when Media Proxy fails to get it @@ -63,3 +74,9 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `enabled`: Enables the gopher interface * `ip`: IP address to bind to * `port`: Port to bind to + +## :activitypub +* ``accept_blocks``: Whether to accept incoming block activities from other instances +* ``unfollow_blocked``: Whether blocks result in people getting unfollowed +* ``outgoing_blocks``: Whether to federate blocks to other instances +* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question -- cgit v1.2.3 From 234e471289e7556b0a9f70a01ceefc5814396f9f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 05:40:55 +0000 Subject: config: properly configure CORSPlug. --- config/config.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index a6be69620..e82c490e3 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,20 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :cors_plug, + max_age: 86_400, + methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], + expose: [ + "Link", + "X-RateLimit-Reset", + "X-RateLimit-Limit", + "X-RateLimit-Remaining", + "X-Request-Id", + "Idempotency-Key" + ], + credentials: true, + headers: ["Authorization", "Content-Type", "Idempotency-Key"] + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" -- cgit v1.2.3 From 69f5dfcfb3f2b498e1f9957244f0896b6f9d5c2a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:37:18 +0000 Subject: config: add default parameters for CSPPlug --- config/config.exs | 5 +++++ config/config.md | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index e82c490e3..ad8653025 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,11 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :pleroma, :csp, + enabled: true, + sts: false, + sts_max_age: 31_536_000 + config :cors_plug, max_age: 86_400, methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], diff --git a/config/config.md b/config/config.md index 51172fc4d..e08d206b6 100644 --- a/config/config.md +++ b/config/config.md @@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``unfollow_blocked``: Whether blocks result in people getting unfollowed * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question + +## :csp +* ``enabled``: Whether the managed content security policy is enabled +* ``sts``: Whether to additionally send a `Strict-Transport-Security` header +* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From df72978dce3805157537e8fa1a2fec35fcf9a7cd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:53:42 +0000 Subject: csp plug: add support for certificate transparency --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index ad8653025..1d918919d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -179,7 +179,8 @@ config :pleroma, :suggestions, config :pleroma, :csp, enabled: true, sts: false, - sts_max_age: 31_536_000 + sts_max_age: 31_536_000, + ct_max_age: 2_592_000 config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index e08d206b6..34f703560 100644 --- a/config/config.md +++ b/config/config.md @@ -85,3 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent +* ``ct_max_age``: The maximum age for the `Except-CT` header if sent -- cgit v1.2.3 From 5dda13ee5f9302cfef215c8ffaa527e9a572a37b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 07:27:36 +0000 Subject: config docs: typo fix --- config/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 34f703560..446b0ce67 100644 --- a/config/config.md +++ b/config/config.md @@ -85,4 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -* ``ct_max_age``: The maximum age for the `Except-CT` header if sent +* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent -- cgit v1.2.3 From fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:08:02 +0000 Subject: rename CSPPlug to HTTPSecurityPlug. --- config/config.exs | 2 +- config/config.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 1d918919d..be9c03ceb 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,7 +176,7 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" -config :pleroma, :csp, +config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, diff --git a/config/config.md b/config/config.md index 446b0ce67..48af1c236 100644 --- a/config/config.md +++ b/config/config.md @@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question -## :csp +## :http_security * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:14:46 +0000 Subject: http security: allow referrer-policy to be configured --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index be9c03ceb..9cc558564 100644 --- a/config/config.exs +++ b/config/config.exs @@ -180,7 +180,8 @@ config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, - ct_max_age: 2_592_000 + ct_max_age: 2_592_000, + referrer_policy: "same-origin" config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index 48af1c236..5b4110646 100644 --- a/config/config.md +++ b/config/config.md @@ -86,3 +86,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent +* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. -- cgit v1.2.3