# Create a Secret Key for Rails # # You can generate a secure one through the Greenlight docker image # with the command. # # docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret # SECRET_KEY_BASE= # The endpoint and secret for your BigBlueButton server. # Set these if you are running GreenLight on a single BigBlueButton server. # You can retrive these by running the following command on your BigBlueButton server: # # bbb-conf --secret # BIGBLUEBUTTON_ENDPOINT= BIGBLUEBUTTON_SECRET= # The endpoint and "SECRET_KEY_BASE" for your Greenlight v3 instance. # Set these if you are trying to migrate your resources to v3. # Example: #V3_ENDPOINT=https://v3.greenlight.test/ #V3_SECRET_KEY_BASE= V3_ENDPOINT= V3_SECRET_KEY_BASE= # The hostname that the application is accessible from. # # Used to protect against various HTTP header attacks # Should be in the form of "domain.com" # SAFE_HOSTS= # Google Login Provider (optional) # # For in-depth steps on setting up a Google Login Provider, see: # # https://docs.bigbluebutton.org/greenlight/gl-config.html#google-oauth2 # # The GOOGLE_OAUTH2_HD variable is used to limit sign-ins to a particular set of Google Apps hosted # domains. This can be a string with separating commas such as, 'domain.com, example.com' or # a string that specifies a single domain restriction such as, 'domain.com'. # If left blank, GreenLight will allow sign-in from all Google Apps hosted domains. GOOGLE_OAUTH2_ID= GOOGLE_OAUTH2_SECRET= GOOGLE_OAUTH2_HD= # Twitter Login Provider (optional) # # Twitter Authentication is deprecated and will be phased out in a future release. # Microsoft Office365 Login Provider (optional) # # For in-depth steps on setting up a Office 365 Login Provider, see: # # https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2 # OFFICE365_KEY= OFFICE365_SECRET= OFFICE365_HD= # OpenID Connect Provider (optional) # # For in-depth steps on setting up a OpenID Connect Login Provider, see: # # https://docs.bigbluebutton.org/greenlight/gl-config.html#openid-connect # OPENID_CONNECT_CLIENT_ID= OPENID_CONNECT_CLIENT_SECRET= OPENID_CONNECT_ISSUER= OPENID_CONNECT_HD= OPENID_CONNECT_UID_FIELD= # OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in. # It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy OAUTH2_REDIRECT= # LDAP Login Provider (optional) # # You can enable LDAP authentication by providing values for the variables below. # Configuring LDAP authentication will take precedence over all other providers. # For information about setting up LDAP, see: # # https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth # # LDAP_SERVER=ldap.example.com # LDAP_PORT=389 # LDAP_METHOD=plain # LDAP_UID=uid # LDAP_BASE=dc=example,dc=com # LDAP_AUTH=simple # LDAP_BIND_DN=cn=admin,dc=example,dc=com # LDAP_PASSWORD=password # LDAP_ROLE_FIELD=ou # LDAP_FILTER=(&(attr1=value1)(attr2=value2)) # LDAP_ATTRIBUTE_MAPPING=name=displayName;uid=uid; (See link above for more details) LDAP_SERVER= LDAP_PORT= LDAP_METHOD= LDAP_UID= LDAP_BASE= LDAP_BIND_DN= LDAP_AUTH= LDAP_PASSWORD= LDAP_ROLE_FIELD= LDAP_FILTER= LDAP_ATTRIBUTE_MAPPING= # Set this to true if you want GreenLight to support user signup and login without # Omniauth. For more information, see: # # https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile # ALLOW_GREENLIGHT_ACCOUNTS=true # "hosted domain" part of the Email-Address required for signup for a greenlight account # domain.com matches also mail.domain.com # @domain.com does NOT match @mail.domain.com # multiple domains can be separated by comma (with no whitespace!) #GREENLIGHT_ACCOUNT_HD=@domain.com,subdomain-allowed.net # To enable reCaptcha on the user sign up, define these 2 keys # You can obtain these keys by registering your domain using the following url: # # https://www.google.com/recaptcha/admin # RECAPTCHA_SITE_KEY= RECAPTCHA_SECRET_KEY= # To enable Google Analytics on your site, set this key to the Google Analytics Property Tracking ID # # https://analytics.google.com/analytics/web/ # GOOGLE_ANALYTICS_TRACKING_ID= # Set this to true if you want GreenLight to send verification emails upon # the creation of a new account # # ALLOW_MAIL_NOTIFICATIONS=true # # The notifications are sent using sendmail, unless the SMTP_SERVER variable is set. # In that case, make sure the rest of the variables are properly set. # # SMTP_SERVER=smtp.gmail.com # SMTP_PORT=587 # SMTP_DOMAIN=gmail.com # SMTP_USERNAME= # SMTP_PASSWORD= # SMTP_AUTH=plain # SMTP_STARTTLS_AUTO=true # # enable SMTPS: SMTP over direct TLS connection; usually port 465 # SMTP_TLS=true # # If your mail server has a self-signed certificate, you'll also need to include the line below. # Please note that enable this presents its own security risks and should not be done unless necessary. # SMTP_OPENSSL_VERIFY_MODE=none # SMTP_SERVER= SMTP_PORT= SMTP_DOMAIN= SMTP_USERNAME= SMTP_PASSWORD= SMTP_AUTH= SMTP_STARTTLS_AUTO= # Specify the email address that all mail is sent from SMTP_SENDER= # Specify the recipient for test emails (needed for providers like Microsoft, who are very # strict about RFC 2606) SMTP_TEST_RECIPIENT=notifications@example.com # Prefix for the applications root URL. # Useful for deploying the application to a subdirectory, which is highly recommended # if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll # have to update your authentication callback URL's to reflect this change. # # The recommended prefix is "/b". # RELATIVE_URL_ROOT=/b # Specify which settings you would like the users to configure on room creation # or edit after the room has been created # By default, all settings are turned OFF. # # Current settings available: # mute-on-join: Automatically mute users by default when they join a room # require-moderator-approval: Require moderators to approve new users before they can join the room # anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton # all-join-moderator: All users join as moderators in BigBlueButton # recording: Sessions are recorded ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator,recording # Specify the maximum number of records to be sent to the BigBlueButton API in one call # Default is set to 25 records PAGINATION_NUMBER=25 # Specify the maximum number of rows that should be displayed per page for a paginated table # Default is set to 25 rows NUMBER_OF_ROWS=25 # Specify if you want to display the Google Calendar button # ENABLE_GOOGLE_CALENDAR_BUTTON=true|false ENABLE_GOOGLE_CALENDAR_BUTTON= # Set the application into Maintenance Mode # # Current options supported: # true: Renders an error page that does not allow users to access any of the features in the application # false: Application runs normally MAINTENANCE_MODE=false # Displays a flash that appears to inform the user of a scheduled maintenance window # This variable should contain ONLY the date and time of the scheduled maintenance # # Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST MAINTENANCE_WINDOW= # The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown # # Defaults to the Github Issues Page for Greenlight # Button can be disabled by setting the value to blank # # REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new # The link to the Need help? button that appears on the Account Dropdown # # Defaults to the Greenlight documentation # Button can be disabled by setting the value to blank HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html # Change the default language # # By default, Greenlight will appear in the same language as that specific user's browser. # The user can override this by going into their profile and changing the language. # You can override the default language to a specific language instead of the browser's language by setting # the variable below. To find the correct value, visit: https://github.com/bigbluebutton/greenlight/tree/v2/config/locales # and find the code that matches the language you want. Ex: For Arabic -> DEFAULT_LOCALE=ar, For Italian -> DEFAULT_LOCALE=it # DEFAULT_LOCALE= # Force a redirect to HTTPS and make cookies secure. # WARNING: Only set this to false for a development environment. ENABLE_SSL=true # Comment this out to send logs to STDOUT in production instead of log/production.log . # # RAILS_LOG_TO_STDOUT=true # # When using docker-compose the logs can be sent to an centralized repository like PaperTrail # just by using the built in driver. Make sure to add to docker-compose.yml the next lines: # # logging: # driver: $LOG_DRIVER # options: # syslog-address: $LOG_ADDRESS # tag: $LOG_TAG # # And set this variables up: # # LOG_DRIVER=syslog # LOG_ADDRESS=udp://logs4.papertrailapp.com:[99999] # LOG_TAG=greenlight.example.com:v2 # # Check docker-compose and papertrail documentation for encrypting and # protecting access to the log repository. # https://docs.docker.com/config/containers/logging/syslog/#options # https://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl/ # # For sending logs to a remote aggregator enable these variables: # # RAILS_LOG_REMOTE_NAME=logxx.papertrailapp.com # RAILS_LOG_REMOTE_PORT=9999 # RAILS_LOG_REMOTE_TAG=greenlight # Specify the log level # Allowed values are: debug|info|warn|error|fatal|unknown # For details, see: https://docs.ruby-lang.org/en/master/Logger.html #RAILS_LOG_LEVEL=info # Database settings # # Greenlight may work out of the box with sqlite3, but for production it is recommended to use postgresql. # In such case, these variables must be included: # # DB_ADAPTER=postgresql # DB_HOST=postgres.example.com # DB_PORT=5432 # DB_NAME=greenlight_production # DB_USERNAME=postgres # DB_PASSWORD=password # # The ActionCable-Workers require 4 connections. So, when using postgres as the CABLE_ADAPTER # make sure the Database can handle the overall connection count calculated as follows: # ( RAILS_MAX_THREADS + 4 ) * WEB_CONCURRENCY # So DB_POOL_SIZE should be set to RAILS_MAX_THREADS + 4 # # DB_POOL_SIZE=9 # # Additionally, there may be cases where the database has errors so the old db connections became stale. # In order to overcome the lost of connections, it is recommended to add a timeout. # # DB_CONNECT_TIMEOUT=5 # DB_READ_TIMEOUT=120 # # For deployments based on the docker-compose script also included, the HOST should be set with the Docker container id. # DB_ADAPTER=postgresql DB_HOST=db DB_PORT=5432 DB_NAME=greenlight_production DB_USERNAME=postgres DB_PASSWORD=password # Use postgresql to handle ActionCable connections by default CABLE_ADAPTER=postgresql # Specify the default registration to be used by Greenlight until an administrator sets the # registration method # Allowed values are: # open - For open registration # invite - For invite only registration # approval - For approve/decline registration DEFAULT_REGISTRATION=open # Preupload Presentation Storage # # By default, if Preupload Presentation is enabled for rooms, presentations are uploaded locally to ~/greenlight/storage # If you prefer to use AWS S3 or GCS Storage, you can set the variables below # # For AWS S3: # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= # AWS_REGION= # AWS_BUCKET= # # For S3-compatible API: # S3_ENDPOINT= # S3_ACCESS_KEY_ID= # S3_SECRET_ACCESS_KEY= # S3_REGION= # S3_BUCKET= # # For GCS Storage: # GCS_PROJECT_ID= # GCS_PRIVATE_KEY_ID= # GCS_PRIVATE_KEY= # GCS_CLIENT_EMAIL= # GCS_CLIENT_ID= # GCS_CLIENT_CERT= # GCS_PROJECT= # GCS_BUCKET= # Web server settings # # The size of the thread pool per worker used by Greenlight's web server. # For details, see: https://github.com/puma/puma#thread-pool # Default: 5 # # If you change this value please correct the DB_POOL_SIZE to RAILS_MAX_THREADS + 4 (ActionCable-Workers) #RAILS_MAX_THREADS=5 # The amount of workers (separate processes) used by the web server. # For details, see: https://github.com/puma/puma#clustered-mode # Default: 1 #WEB_CONCURRENCY=1 # Max avatar image size (bytes) # Default: 100000 MAX_AVATAR_SIZE=100000 # Due CCVE-2015-9284, this setting needs to be enabled for omniauth to respond GET requests. # ENABLE_OMNIAUTH_GET=true| ENABLE_OMNIAUTH_GET=false