conduwuit/conduit-example.toml
strawberry d214371423 add option for explicit opt-in allow open registration and make it clear
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00

97 lines
4.7 KiB
TOML

# =============================================================================
# This is the official example config for Conduit.
# If you use it for your server, you will need to adjust it to your own needs.
# At the very least, change the server_name field!
# =============================================================================
[global]
# The server_name is the pretty name of this server. It is used as a suffix for user
# and room ids. Examples: matrix.org, conduit.rs
# The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
# If that's not possible for you, you can create /.well-known files to redirect
# requests. See
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and
# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information
# YOU NEED TO EDIT THIS
#server_name = "your.server.name"
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
# The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port
# 443 and 8448 will be forwarded to the Conduit instance running on this port
# Docker users: Don't change this, you'll need to map an external port to this.
port = 6167
# Max size for uploads
max_request_size = 20_000_000 # in bytes
# Enables open registration. If set to false, no users can register on this
# server (unless a token is configured).
# If set to true, users can register with no form of 2nd step only if you set
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` to
# in your config. If you would like
# registration only via token reg, please set this to *false* and configure the
# `registration_token` key.
allow_registration = false
# A static registration token that new users will have to provide when creating
# an account. If unset and `allow_registration` is true, registration is open
# without any condition. YOU NEED TO EDIT THIS.
registration_token = "change this token for something specific to your server"
allow_federation = true
allow_check_for_updates = true
# Enable the display name lightning bolt on registration.
enable_lightning_bolt = true
# Servers listed here will be used to gather public keys of other servers.
# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
# support batched key requests, so this list should only contain Synapse
# servers.)
trusted_servers = ["matrix.org"]
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
#log = "warn,state_res=warn,rocket=off,_=off,sled=off"
address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
#address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it.
# Set this to true to allow your server's public room directory to be federated.
# Set this to false to protect against /publicRooms spiders, but will forbid external users from viewing your server's public room directory.
# If federation is disabled entirely (`allow_federation`), this is inherently false.
allow_public_room_directory_over_federation = false
# Set this to true to allow your server's public room directory to be queried without client authentication (access token) through the Client APIs.
# Set this to false to protect against /publicRooms spiders.
allow_public_room_directory_without_auth = false
# Set this to true to allow federating device display names / allow external users to see your device display name.
# If federation is disabled entirely (`allow_federation`), this is inherently false.
allow_device_name_federation = false
# Uncomment unix_socket_path to listen on a UNIX socket at the specified path.
# If listening on a UNIX socket, you must remove the 'address' key if defined and add your
# reverse proxy (nginx/Caddy/Apache/etc) to the 'conduit' group, unless world RW
# permissions are specified with unix_socket_perms (666 minimum).
#unix_socket_path = "/run/conduit/conduit.sock"
#unix_socket_perms = 660
# Set this to true for Conduit to compress HTTP response bodies using zstd.
# Please be aware that enabling HTTP compression may introduce compression side-channel attacks and response body tampering to potentially defeat TLS.
# Most users should not need to enable this.
# See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before deciding to enable this.
zstd_compression = false
# Set to true to allow user type "guest" registrations
allow_guest_registration = false