Blame
|
1 | # Configuration |
||||||
| 2 | ||||||||
|
3 | The [[Installation Guide|Installation]] can be found [[here|Installation]]. |
||||||
| 4 | ||||||||
|
5 | An Otter Wiki is configured in the application via the <i class="fas fa-cogs"></i> |
||||||
|
6 | **Settings** interface as admin user. Alternatively you configure the variables via the |
||||||
| 7 | `settings.cfg` or via environment variables. |
|||||||
| 8 | ||||||||
| 9 | *Please note:* What is set in the config file `settings.cfg` will be overwritten first |
|||||||
| 10 | by the environment variables if they are set and second by the settings configured |
|||||||
| 11 | via the settings interface, which are stored in the database. In brief: `Settings Interface > Environment Variables > settings.cfg`. |
|||||||
|
12 | |||||||
|
13 | ### Application Preferences |
||||||
|
14 | |||||||
|
15 | | Variable | Example | Description | |
||||||
| 16 | |--------------------|-----------------|----------------------------------------------| |
|||||||
| 17 | | `SITE_NAME` | `'Otterwiki'` | The `SITE_NAME` displayed on every page and email | |
|||||||
|
18 | | `SERVER_NAME` | `'wiki.domain.tld'` | Set this to the domain running the wiki. In general it's advisable to be set, behind a well configured reverse proxy this is optional. Used for generating external URLs. | |
||||||
|
19 | | `SITE_LOGO` | `'/Home/a/logo.png'` | Customize navbar logo url (can be a page attachment) | |
||||||
|
20 | | `SITE_DESCRIPTION` | <code>'A minimalistic wiki powered by<br/> python, markdown and git.'</code> | The default description used in `<meta>` tags | |
||||||
|
21 | | `SITE_ICON` | `'/Home/a/favicon-32x32.png'` | Configure via an url to the image that is displayed as favicon (tab icon, URL icon, bookmark icon). This can be an attachment | |
||||||
| 22 | | `SITE_LANG` | `'en'` | Configures the lang attribute of the `<html>` lang used in the wiki | |
|||||||
| 23 | | `ROBOTS_TXT` | `'allow'` | Configures how the wiki indicates to visiting robots whether they are allowed to crawl the content, could be `allow` or `disallow` | |
|||||||
| 24 | | `HOME_PAGE` | `'My/Page'` | Configures which page is displayed when visiting the root URL (`/`), leave empty for default (`Home`) or define any page path, including special pages that start with `/-/` | |
|||||||
| 25 | | `HIDE_LOGO` | `False` | Hides or shows An Otter Wiki logo in the sidebar | |
|||||||
|
26 | |||||||
|
27 | |||||||
|
28 | ### Permission configuration |
||||||
| 29 | ||||||||
| 30 | | Variable | Example | Description | |
|||||||
| 31 | |------------------|-----------------|----------------------------------------------| |
|||||||
| 32 | | `READ_ACCESS` | `'ANONYMOUS'` | Read access to wiki pages and attachments | |
|||||||
| 33 | | `WRITE_ACCESS` | `'REGISTERED'` | Write access to wiki pages | |
|||||||
| 34 | | `ATTACHMENT_ACCESS` | `'APPROVED'` | Write acccess to attachments | |
|||||||
|
35 | | `DISABLE_REGISTRATION` | `False` | With `DISABLE_REGISTRATION=True` new users can not sign-up for a new account | |
||||||
|
36 | | `AUTO_APPROVAL` | `False` | With `AUTO_APPROVAL=True` users are approved on registration | |
||||||
| 37 | | `EMAIL_NEEDS_CONFIRMATION` | `True` | With `EMAIL_NEEDS_CONFIRMATION=True` users have to confirm their email address | |
|||||||
| 38 | | `NOTIFY_ADMINS_ON_REGISTER` | `True` | Notify admins if a new user is registered | |
|||||||
|
39 | | `NOTIFY_USER_ON_APPROVAL` | `False` | Send a notification mail to users when their account has been approved by an admin | |
||||||
|
40 | |||||||
| 41 | There are four types of users in the Otterwiki: `ANONYMOUS` are non logged in users. |
|||||||
| 42 | Users that registered via email and are logged in are `REGISTERED`, users approved via |
|||||||
| 43 | the settings menu by an admin are `APPROVED`. In addition to the `APPROVED` flag the `ADMIN` |
|||||||
| 44 | flag can be set. Users with the `ADMIN` flag can edit (and approve) other users. The first registered user is flagged as admin. |
|||||||
| 45 | ||||||||
|
46 | |||||||
| 47 | ### Sidebar Preferences |
|||||||
| 48 | ||||||||
| 49 | | Variable | Example | Description | |
|||||||
| 50 | | ----------------------- | ---------- | -------------- | |
|||||||
|
51 | | `SIDEBAR_MENUTREE_MODE` | `'SORTED'` | Mode of the sidebar page index, see below. | |
||||||
| 52 | | `SIDEBAR_MENUTREE_MAXDEPTH` | `''` | Limit the depth of the pages displayed to any number; leave empty for unlimited. | |
|||||||
| 53 | | `SIDEBAR_MENUTREE_FOCUS` | `'SUBTREE'` | Set to `'SUBTREE'` to focus the page index on the current subtree, or `'OFF'` to always display all pages. | |
|||||||
| 54 | | `SIDEBAR_MENUTREE_IGNORE_CASE` | `False` | Set to `True` to sort pages case-insensitively. Only takes effect when `RETAIN_PAGE_NAME_CASE` is enabled. | |
|||||||
| 55 | | `SIDEBAR_SHORTCUTS` | `'home pageindex createpage'` | Space-separated list of shortcuts shown in the sidebar. Available values: `home`, `pageindex`, `changelog`, `createpage`. Shortcuts not listed remain accessible via the `⋮` menu. | |
|||||||
|
56 | |||||||
| 57 | For `SIDEBAR_MENUTREE_MODE` pick one of |
|||||||
| 58 | ||||||||
|
59 | - `''` (empty) page index not displayed |
||||||
| 60 | - `SORTED` directories and pages, sorted |
|||||||
| 61 | - `DIRECTORIES_GROUPED` directories and pages, with directories grouped first |
|||||||
| 62 | - `DIRECTORIES_ONLY` list directories only |
|||||||
|
63 | |||||||
| 64 | ### Content and Editing Preferences |
|||||||
| 65 | ||||||||
| 66 | | Variable | Example | Description | |
|||||||
| 67 | | ----------------------- | ---------- | -------------- | |
|||||||
|
68 | | `COMMIT_MESSAGE` | `'REQUIRED'` | Controls commit message behaviour: `'REQUIRED'` forces the user to enter one, `'OPTIONAL'` allows empty messages, `'DISABLED'` always uses the default commit message without prompting | |
||||||
| 69 | | `DEFAULT_COMMIT_MESSAGE` | `''` | Default commit message used when `COMMIT_MESSAGE` is `'DISABLED'` or left empty when `'OPTIONAL'`. Supports `strftime` [format codes](https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes); additionally `%P` is replaced with the page name. | |
|||||||
|
70 | | `RETAIN_PAGE_NAME_CASE` | `False` | Set to `True` to retain case of the page name in the filename used for storing the page | |
||||||
| 71 | | `TREAT_UNDERSCORE_AS_SPACE_FOR_TITLES` | `False` | Set to `True` to replace underscores (`_`) with spaces in page titles, breadcrumbs, and page index | |
|||||||
| 72 | | `WIKILINK_STYLE` | `'LINKTITLE'` | Set to `'LINKTITLE'` for `[[WikiPage|Text to display]]` format, leave empty for `[[Text to display|WikiPage]]` format (default) | |
|||||||
|
73 | | `MAX_FORM_MEMORY_SIZE` | `1000000` | The maximum size of a submitted form, see the [Flask documentation](https://flask.palletsprojects.com/en/stable/config/#MAX_FORM_MEMORY_SIZE). Increase this if you have really large pages to edit and save. | |
||||||
|
74 | |||||||
|
75 | ### Repository Management |
||||||
| 76 | ||||||||
|
77 | For a detailed guide on **Repository Management** settings, please follow this link: [[Repository Management|Configuration/Repository Management]] |
||||||
| 78 | ||||||||
|
79 | | Variable | Example | Description | |
||||||
| 80 | | ---------------- | ---------- | -------------- | |
|||||||
| 81 | | `GIT_WEB_SERVER` | `False` | Set to to `True` to allow cloning the wiki via git+http(s) | |
|||||||
| 82 | ||||||||
|
83 | ### Security |
||||||
| 84 | ||||||||
| 85 | | Variable | Example | Description | |
|||||||
| 86 | |--------------------|----------|----------------------------------------------| |
|||||||
| 87 | | `SECURITY_HEADERS` | `True` | When enabled (default), the following HTTP response headers are set on every response: `X-Content-Type-Options: nosniff`, `X-Frame-Options: SAMEORIGIN`, `Referrer-Policy: same-origin`. Set to `False` if you need to embed the wiki in an iframe on a different origin or if your reverse proxy already sets these headers. | |
|||||||
|
88 | | `WTF_CSRF_ENABLED` | `True` | When enabled (default), all state-changing (POST) requests are protected with CSRF tokens. This prevents cross-site request forgery attacks. Set to `False` to disable CSRF protection (not recommended). | |
||||||
| 89 | | `WTF_CSRF_TIME_LIMIT` | `86400` | Time limit in seconds for CSRF tokens to be valid. Defaults to `86400` (24 hours). If users report form submission errors after leaving pages open for extended periods, consider increasing this value. | |
|||||||
|
90 | |||||||
|
91 | ### Mail configuration |
||||||
| 92 | ||||||||
|
93 | An Otter Wiki is using [Flask-Mail](https://flask-mail.readthedocs.io/en/latest/). |
||||||
|
94 | |||||||
| 95 | | Variable | Example | Description | |
|||||||
| 96 | |------------------|-----------------|----------------------------------------------| |
|||||||
| 97 | | `MAIL_DEFAULT_SENDER` | `'otterwiki@example.com'` | The sender address of all mails | |
|||||||
| 98 | | `MAIL_SERVER` | `'smtp.googlemail.com'` | The smtp server address | |
|||||||
| 99 | | `MAIL_PORT` | `465` | The smtp server port | |
|||||||
| 100 | | `MAIL_USERNAME` | `'USERNAME'` | Username for the mail account | |
|||||||
| 101 | | `MAIL_PASSWORD` | `'PASSWORD'` | Password for the mail account | |
|||||||
| 102 | | `MAIL_USE_TLS` | `False` | Use TLS encrytion | |
|||||||
| 103 | | `MAIL_USE_SSL` | `True` | Use SSL encryption | |
|||||||
| 104 | ||||||||
|
105 | ### Authentication configuration |
||||||
| 106 | ||||||||
| 107 | | Variable | Example | Description | |
|||||||
| 108 | |------------------|-----------------|----------------------------------------------| |
|||||||
| 109 | | `AUTH_METHOD` | `'SIMPLE'` | See below. | |
|||||||
| 110 | ||||||||
| 111 | Per default an Otter Wiki uses a local database for storing authentication information. |
|||||||
| 112 | ||||||||
| 113 | #### Authentication with `PROXY_HEADER`s |
|||||||
| 114 | ||||||||
| 115 | With `AUTH_METHOD='PROXY_HEADER'` an Otter Wiki expects the headers |
|||||||
| 116 | ||||||||
| 117 | - `x-otterwiki-name` |
|||||||
| 118 | - `x-otterwiki-email` |
|||||||
| 119 | - `x-otterwiki-permissions` |
|||||||
| 120 | ||||||||
| 121 | to be set by the proxy service using forward authentication. |
|||||||
| 122 | ||||||||
|
123 | The headers `x-otterwiki-name` and `x-otterwiki-email` are used for receiving author information and `x-otterwiki-permissions` a comma separated list of permissions `READ`, `WRITE`, `UPLOAD` and `ADMIN`. |
||||||
|
124 | |||||||
|
125 | The header names can be customized via the following variables: |
||||||
| 126 | ||||||||
| 127 | | Variable | Default | Description | |
|||||||
| 128 | |-----------------------------|------------------------------|--------------------------------------------------| |
|||||||
| 129 | | `AUTH_HEADERS_USERNAME` | `'x-otterwiki-name'` | Header carrying the authenticated user's name | |
|||||||
| 130 | | `AUTH_HEADERS_EMAIL` | `'x-otterwiki-email'` | Header carrying the authenticated user's email | |
|||||||
| 131 | | `AUTH_HEADERS_PERMISSIONS` | `'x-otterwiki-permissions'` | Header carrying the authenticated user's permissions | |
|||||||
| 132 | ||||||||
|
133 | A simplified proof of concept can be found on github: [otterwiki/docs/auth_examples/header-auth](https://github.com/redimp/otterwiki/tree/main/docs/auth_examples/header-auth). |
||||||
| 134 | ||||||||
|
135 | ### Advanced configuration |
||||||
| 136 | ||||||||
| 137 | This applies only when you create the `settings.cfg` manually. Create your |
|||||||
| 138 | `settings.cfg` based upon the `settings.cfg.skeleton` and set the |
|||||||
| 139 | variables fitting to your environment. |
|||||||
| 140 | ||||||||
| 141 | | Variable | Example | Description | |
|||||||
| 142 | |------------------|-----------------|----------------------------------------------| |
|||||||
| 143 | | `SECRET_KEY` | `'CHANGE ME'` | Choose a random string that is used to encrypt user session data | |
|||||||
| 144 | | `REPOSITORY` | `'/path/to/the/repository/root'` | The absolute path to the repository storing the wiki pages | |
|||||||
| 145 | | `SQLALCHEMY_DATABASE_URI` | `'sqlite:////path/to/the/sqlite/file'` | The absolute path to the database storing the user credentials | |
|||||||
|
146 | | `LOG_LEVEL` | `'DEBUG'` | Set the log level to one of `'DEBUG'`, `'INFO'`, `'WARNING'`, `'ERROR'`. | |
||||||
|
147 | | `ADMIN_USER_EMAIL` | `'admin@example.com'` | If set, only the user with this email address will be granted admin privileges on sign-up. | |
||||||
| 148 | | `RENDERER_HTML_ALLOWLIST` | `''` | Comma-separated list of additional HTML tags allowed in rendered Markdown. Leave empty to use the default allowlist. | |
|||||||
|
149 | |||||||
| 150 | For the `SQLALCHEMY_DATABASE_URI` see <https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/#connection-uri-format>. |
|||||||
| 151 | ||||||||
|
152 | #### User UID running docker process |
||||||
| 153 | ||||||||
| 154 | Per default in both the default and the `-slim` image the process running An Otter Wiki (and accessing the files in repository) is running with `uid=33`. |
|||||||
| 155 | ||||||||
| 156 | ##### UID in the default image |
|||||||
| 157 | ||||||||
| 158 | To change this when using the default image, please configure the environment variables `PUID` and `PGID`. For example to run as user with `uid=1000 gid=1000` use this `compose.yaml`: |
|||||||
| 159 | ||||||||
| 160 | ```yaml |
|||||||
| 161 | services: |
|||||||
| 162 | otterwiki: |
|||||||
| 163 | image: redimp/otterwiki:2 |
|||||||
| 164 | restart: unless-stopped |
|||||||
|
165 | environment: |
||||||
|
166 | PUID: 1000 |
||||||
|
167 | PGID: 1000 |
||||||
|
168 | ports: |
||||||
| 169 | - 8080:80 |
|||||||
| 170 | volumes: |
|||||||
| 171 | - ./app-data:/app-data |
|||||||
| 172 | ``` |
|||||||
| 173 | ||||||||
| 174 | ##### USER in the `-slim` image |
|||||||
| 175 | ||||||||
| 176 | The `-slim` image is running as unpriviliged user must therefore be configured differently: In the way docker intended, with configuring the [user](https://docs.docker.com/reference/compose-file/services/#user). For example to run as user with `uid=1000 gid=1000` use this `compose.yaml`: |
|||||||
| 177 | ||||||||
| 178 | ```yaml |
|||||||
| 179 | services: |
|||||||
| 180 | otterwiki: |
|||||||
| 181 | image: redimp/otterwiki:2-slim |
|||||||
| 182 | restart: unless-stopped |
|||||||
| 183 | user: 1000:1000 |
|||||||
| 184 | ports: |
|||||||
| 185 | - 8080:8080 |
|||||||
| 186 | volumes: |
|||||||
| 187 | - ./app-data:/app-data |
|||||||
| 188 | ``` |
|||||||
| 189 | ||||||||
| 190 | Make sure that the configured `uid:gid` has read- and write permissions to volume mounted as `/app-data`. |
|||||||
| 191 | ||||||||
|
192 | ### Reverse Proxy and IPs |
||||||
| 193 | ||||||||
|
194 | Running the docker container behind a reverse proxy will show only the IP of the reverse proxy in the log files. With setting `REAL_IP_FROM` to the ip address or network of the reverse proxy, the IPs of the connection clients will be logged. |
||||||
|
195 | |||||||
|
196 | | Variable | Example | Description | |
||||||
| 197 | |------------------|-------------------|----------------------------------------------| |
|||||||
| 198 | | `REAL_IP_FROM` | `'172.20.0.0/24'` | Configure wiki to respect `X-Real-IP` header in the requests coming from this IP or network. | |
|||||||