You've already forked snikket-web-portal
e0cfcc6aaa
snikket_web can now be fully configured via the environment alone, no extra files needed. It is still supported to inject a python file to generate environment variables though, which may be useful for generating and reloading a secret key.
44 lines
1.2 KiB
Bash
44 lines
1.2 KiB
Bash
# REQUIRED SETTINGS
|
||
# =================
|
||
|
||
# Secret key used to guard forms and sessions.
|
||
#
|
||
# This must be both reasonably constant and secret. If the secret gets
|
||
# compromised, you can change it (without having to worry about the "constant"
|
||
# requirement).
|
||
#
|
||
# if not constant:
|
||
# - sessions will be lost on each server restart
|
||
#
|
||
# if not secret:
|
||
# - users may be able to forge sessions
|
||
# - attackers may be able to execute things on a properly authenticated user’s
|
||
# behalf.
|
||
# - other bad things.
|
||
SNIKKET_WEB_SECRET_KEY=
|
||
|
||
# URL (without trailing /) of the prosody HTTP server.
|
||
#
|
||
# This must be set for anything to work correctly.
|
||
#
|
||
# NOTE: If this does not point at localhost, it MUST use https. Otherwise,
|
||
# passwords will be transmitted in plaintext through insecure channels.
|
||
SNIKKET_WEB_PROSODY_ENDPOINT='http://localhost:5280'
|
||
|
||
# The domain name of the Snikket server
|
||
#
|
||
# This must be set for login to work correctly.
|
||
SNIKKET_WEB_DOMAIN='localhost'
|
||
|
||
|
||
# OPTIONAL SETTINGS
|
||
# =================
|
||
|
||
# How long browers may cache avatars
|
||
#
|
||
# Setting this to zero forces browsers to check if their locally cached copy
|
||
# of an avatar is still up-to-date on every request; if it is, the avatar is
|
||
# not re-transferred.
|
||
#
|
||
# SNIKKET_WEB_AVATAR_CACHE_TTL = 1800
|