374 lines
12 KiB
Bash
374 lines
12 KiB
Bash
# Create a Secret Key for Rails
|
|
#
|
|
# You can generate a secure one through the Greenlight docker image
|
|
# with the command.
|
|
#
|
|
# docker run --rm bigbluebutton/greenlight:v2 bundle exec rake secret
|
|
#
|
|
SECRET_KEY_BASE=
|
|
|
|
# The endpoint and secret for your BigBlueButton server.
|
|
# Set these if you are running GreenLight on a single BigBlueButton server.
|
|
# You can retrive these by running the following command on your BigBlueButton server:
|
|
#
|
|
# bbb-conf --secret
|
|
#
|
|
BIGBLUEBUTTON_ENDPOINT=
|
|
BIGBLUEBUTTON_SECRET=
|
|
|
|
# The endpoint and "SECRET_KEY_BASE" for your Greenlight v3 instance.
|
|
# Set these if you are trying to migrate your resources to v3.
|
|
# Example:
|
|
#V3_ENDPOINT=https://v3.greenlight.test/
|
|
#V3_SECRET_KEY_BASE=
|
|
V3_ENDPOINT=
|
|
V3_SECRET_KEY_BASE=
|
|
# The hostname that the application is accessible from.
|
|
#
|
|
# Used to protect against various HTTP header attacks
|
|
# Should be in the form of "domain.com"
|
|
#
|
|
SAFE_HOSTS=
|
|
|
|
# Google Login Provider (optional)
|
|
#
|
|
# For in-depth steps on setting up a Google Login Provider, see:
|
|
#
|
|
# https://docs.bigbluebutton.org/greenlight/gl-config.html#google-oauth2
|
|
#
|
|
# The GOOGLE_OAUTH2_HD variable is used to limit sign-ins to a particular set of Google Apps hosted
|
|
# domains. This can be a string with separating commas such as, 'domain.com, example.com' or
|
|
# a string that specifies a single domain restriction such as, 'domain.com'.
|
|
# If left blank, GreenLight will allow sign-in from all Google Apps hosted domains.
|
|
GOOGLE_OAUTH2_ID=
|
|
GOOGLE_OAUTH2_SECRET=
|
|
GOOGLE_OAUTH2_HD=
|
|
|
|
# Twitter Login Provider (optional)
|
|
#
|
|
# Twitter Authentication is deprecated and will be phased out in a future release.
|
|
|
|
# Microsoft Office365 Login Provider (optional)
|
|
#
|
|
# For in-depth steps on setting up a Office 365 Login Provider, see:
|
|
#
|
|
# https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
|
|
#
|
|
OFFICE365_KEY=
|
|
OFFICE365_SECRET=
|
|
OFFICE365_HD=
|
|
|
|
# OpenID Connect Provider (optional)
|
|
#
|
|
# For in-depth steps on setting up a OpenID Connect Login Provider, see:
|
|
#
|
|
# https://docs.bigbluebutton.org/greenlight/gl-config.html#openid-connect
|
|
#
|
|
OPENID_CONNECT_CLIENT_ID=
|
|
OPENID_CONNECT_CLIENT_SECRET=
|
|
OPENID_CONNECT_ISSUER=
|
|
OPENID_CONNECT_HD=
|
|
OPENID_CONNECT_UID_FIELD=
|
|
|
|
# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
|
|
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
|
|
OAUTH2_REDIRECT=
|
|
|
|
# LDAP Login Provider (optional)
|
|
#
|
|
# You can enable LDAP authentication by providing values for the variables below.
|
|
# Configuring LDAP authentication will take precedence over all other providers.
|
|
# For information about setting up LDAP, see:
|
|
#
|
|
# https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
|
|
#
|
|
# LDAP_SERVER=ldap.example.com
|
|
# LDAP_PORT=389
|
|
# LDAP_METHOD=plain
|
|
# LDAP_UID=uid
|
|
# LDAP_BASE=dc=example,dc=com
|
|
# LDAP_AUTH=simple
|
|
# LDAP_BIND_DN=cn=admin,dc=example,dc=com
|
|
# LDAP_PASSWORD=password
|
|
# LDAP_ROLE_FIELD=ou
|
|
# LDAP_FILTER=(&(attr1=value1)(attr2=value2))
|
|
# LDAP_ATTRIBUTE_MAPPING=name=displayName;uid=uid; (See link above for more details)
|
|
LDAP_SERVER=
|
|
LDAP_PORT=
|
|
LDAP_METHOD=
|
|
LDAP_UID=
|
|
LDAP_BASE=
|
|
LDAP_BIND_DN=
|
|
LDAP_AUTH=
|
|
LDAP_PASSWORD=
|
|
LDAP_ROLE_FIELD=
|
|
LDAP_FILTER=
|
|
LDAP_ATTRIBUTE_MAPPING=
|
|
|
|
# Set this to true if you want GreenLight to support user signup and login without
|
|
# Omniauth. For more information, see:
|
|
#
|
|
# https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
|
|
#
|
|
ALLOW_GREENLIGHT_ACCOUNTS=true
|
|
|
|
# "hosted domain" part of the Email-Address required for signup for a greenlight account
|
|
# domain.com matches also mail.domain.com
|
|
# @domain.com does NOT match @mail.domain.com
|
|
# multiple domains can be separated by comma (with no whitespace!)
|
|
#GREENLIGHT_ACCOUNT_HD=@domain.com,subdomain-allowed.net
|
|
|
|
# To enable reCaptcha on the user sign up, define these 2 keys
|
|
# You can obtain these keys by registering your domain using the following url:
|
|
#
|
|
# https://www.google.com/recaptcha/admin
|
|
#
|
|
RECAPTCHA_SITE_KEY=
|
|
RECAPTCHA_SECRET_KEY=
|
|
|
|
# To enable Google Analytics on your site, set this key to the Google Analytics Property Tracking ID
|
|
#
|
|
# https://analytics.google.com/analytics/web/
|
|
#
|
|
GOOGLE_ANALYTICS_TRACKING_ID=
|
|
|
|
# Set this to true if you want GreenLight to send verification emails upon
|
|
# the creation of a new account
|
|
#
|
|
# ALLOW_MAIL_NOTIFICATIONS=true
|
|
#
|
|
# The notifications are sent using sendmail, unless the SMTP_SERVER variable is set.
|
|
# In that case, make sure the rest of the variables are properly set.
|
|
#
|
|
# SMTP_SERVER=smtp.gmail.com
|
|
# SMTP_PORT=587
|
|
# SMTP_DOMAIN=gmail.com
|
|
# SMTP_USERNAME=<youremail@gmail.com>
|
|
# SMTP_PASSWORD=<yourpassword>
|
|
# SMTP_AUTH=plain
|
|
# SMTP_STARTTLS_AUTO=true
|
|
#
|
|
# enable SMTPS: SMTP over direct TLS connection; usually port 465
|
|
# SMTP_TLS=true
|
|
#
|
|
# If your mail server has a self-signed certificate, you'll also need to include the line below.
|
|
# Please note that enable this presents its own security risks and should not be done unless necessary.
|
|
# SMTP_OPENSSL_VERIFY_MODE=none
|
|
#
|
|
SMTP_SERVER=
|
|
SMTP_PORT=
|
|
SMTP_DOMAIN=
|
|
SMTP_USERNAME=
|
|
SMTP_PASSWORD=
|
|
SMTP_AUTH=
|
|
SMTP_STARTTLS_AUTO=
|
|
|
|
# Specify the email address that all mail is sent from
|
|
SMTP_SENDER=
|
|
|
|
# Specify the recipient for test emails (needed for providers like Microsoft, who are very
|
|
# strict about RFC 2606)
|
|
SMTP_TEST_RECIPIENT=notifications@example.com
|
|
|
|
# Prefix for the applications root URL.
|
|
# Useful for deploying the application to a subdirectory, which is highly recommended
|
|
# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
|
|
# have to update your authentication callback URL's to reflect this change.
|
|
#
|
|
# The recommended prefix is "/b".
|
|
#
|
|
RELATIVE_URL_ROOT=/b
|
|
|
|
# Specify which settings you would like the users to configure on room creation
|
|
# or edit after the room has been created
|
|
# By default, all settings are turned OFF.
|
|
#
|
|
# Current settings available:
|
|
# mute-on-join: Automatically mute users by default when they join a room
|
|
# require-moderator-approval: Require moderators to approve new users before they can join the room
|
|
# anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
|
|
# all-join-moderator: All users join as moderators in BigBlueButton
|
|
# recording: Sessions are recorded
|
|
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator,recording
|
|
|
|
# Specify the maximum number of records to be sent to the BigBlueButton API in one call
|
|
# Default is set to 25 records
|
|
PAGINATION_NUMBER=25
|
|
|
|
# Specify the maximum number of rows that should be displayed per page for a paginated table
|
|
# Default is set to 25 rows
|
|
NUMBER_OF_ROWS=25
|
|
|
|
# Specify if you want to display the Google Calendar button
|
|
# ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
|
|
ENABLE_GOOGLE_CALENDAR_BUTTON=
|
|
|
|
# Set the application into Maintenance Mode
|
|
#
|
|
# Current options supported:
|
|
# true: Renders an error page that does not allow users to access any of the features in the application
|
|
# false: Application runs normally
|
|
MAINTENANCE_MODE=false
|
|
|
|
# Displays a flash that appears to inform the user of a scheduled maintenance window
|
|
# This variable should contain ONLY the date and time of the scheduled maintenance
|
|
#
|
|
# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
|
|
MAINTENANCE_WINDOW=
|
|
|
|
# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
|
|
#
|
|
# Defaults to the Github Issues Page for Greenlight
|
|
# Button can be disabled by setting the value to blank
|
|
#
|
|
# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
|
|
|
|
# The link to the Need help? button that appears on the Account Dropdown
|
|
#
|
|
# Defaults to the Greenlight documentation
|
|
# Button can be disabled by setting the value to blank
|
|
HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
|
|
|
|
# Change the default language
|
|
#
|
|
# By default, Greenlight will appear in the same language as that specific user's browser.
|
|
# The user can override this by going into their profile and changing the language.
|
|
# You can override the default language to a specific language instead of the browser's language by setting
|
|
# the variable below. To find the correct value, visit: https://github.com/bigbluebutton/greenlight/tree/v2/config/locales
|
|
# and find the code that matches the language you want. Ex: For Arabic -> DEFAULT_LOCALE=ar, For Italian -> DEFAULT_LOCALE=it
|
|
# DEFAULT_LOCALE=
|
|
|
|
# Force a redirect to HTTPS and make cookies secure.
|
|
# WARNING: Only set this to false for a development environment.
|
|
ENABLE_SSL=true
|
|
|
|
# Comment this out to send logs to STDOUT in production instead of log/production.log .
|
|
#
|
|
# RAILS_LOG_TO_STDOUT=true
|
|
#
|
|
# When using docker-compose the logs can be sent to an centralized repository like PaperTrail
|
|
# just by using the built in driver. Make sure to add to docker-compose.yml the next lines:
|
|
#
|
|
# logging:
|
|
# driver: $LOG_DRIVER
|
|
# options:
|
|
# syslog-address: $LOG_ADDRESS
|
|
# tag: $LOG_TAG
|
|
#
|
|
# And set this variables up:
|
|
#
|
|
# LOG_DRIVER=syslog
|
|
# LOG_ADDRESS=udp://logs4.papertrailapp.com:[99999]
|
|
# LOG_TAG=greenlight.example.com:v2
|
|
#
|
|
# Check docker-compose and papertrail documentation for encrypting and
|
|
# protecting access to the log repository.
|
|
# https://docs.docker.com/config/containers/logging/syslog/#options
|
|
# https://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl/
|
|
#
|
|
# For sending logs to a remote aggregator enable these variables:
|
|
#
|
|
# RAILS_LOG_REMOTE_NAME=logxx.papertrailapp.com
|
|
# RAILS_LOG_REMOTE_PORT=9999
|
|
# RAILS_LOG_REMOTE_TAG=greenlight
|
|
|
|
# Specify the log level
|
|
# Allowed values are: debug|info|warn|error|fatal|unknown
|
|
# For details, see: https://docs.ruby-lang.org/en/master/Logger.html
|
|
#RAILS_LOG_LEVEL=info
|
|
|
|
# Database settings
|
|
#
|
|
# Greenlight may work out of the box with sqlite3, but for production it is recommended to use postgresql.
|
|
# In such case, these variables must be included:
|
|
#
|
|
# DB_ADAPTER=postgresql
|
|
# DB_HOST=postgres.example.com
|
|
# DB_PORT=5432
|
|
# DB_NAME=greenlight_production
|
|
# DB_USERNAME=postgres
|
|
# DB_PASSWORD=password
|
|
#
|
|
# The ActionCable-Workers require 4 connections. So, when using postgres as the CABLE_ADAPTER
|
|
# make sure the Database can handle the overall connection count calculated as follows:
|
|
# ( RAILS_MAX_THREADS + 4 ) * WEB_CONCURRENCY
|
|
# So DB_POOL_SIZE should be set to RAILS_MAX_THREADS + 4
|
|
#
|
|
# DB_POOL_SIZE=9
|
|
#
|
|
# Additionally, there may be cases where the database has errors so the old db connections became stale.
|
|
# In order to overcome the lost of connections, it is recommended to add a timeout.
|
|
#
|
|
# DB_CONNECT_TIMEOUT=5
|
|
# DB_READ_TIMEOUT=120
|
|
#
|
|
# For deployments based on the docker-compose script also included, the HOST should be set with the Docker container id.
|
|
#
|
|
DB_ADAPTER=postgresql
|
|
DB_HOST=db
|
|
DB_PORT=5432
|
|
DB_NAME=greenlight_production
|
|
DB_USERNAME=postgres
|
|
DB_PASSWORD=password
|
|
|
|
# Use postgresql to handle ActionCable connections by default
|
|
CABLE_ADAPTER=postgresql
|
|
|
|
# Specify the default registration to be used by Greenlight until an administrator sets the
|
|
# registration method
|
|
# Allowed values are:
|
|
# open - For open registration
|
|
# invite - For invite only registration
|
|
# approval - For approve/decline registration
|
|
DEFAULT_REGISTRATION=open
|
|
|
|
# Preupload Presentation Storage
|
|
#
|
|
# By default, if Preupload Presentation is enabled for rooms, presentations are uploaded locally to ~/greenlight/storage
|
|
# If you prefer to use AWS S3 or GCS Storage, you can set the variables below
|
|
#
|
|
# For AWS S3:
|
|
# AWS_ACCESS_KEY_ID=
|
|
# AWS_SECRET_ACCESS_KEY=
|
|
# AWS_REGION=
|
|
# AWS_BUCKET=
|
|
#
|
|
# For S3-compatible API:
|
|
# S3_ENDPOINT=
|
|
# S3_ACCESS_KEY_ID=
|
|
# S3_SECRET_ACCESS_KEY=
|
|
# S3_REGION=
|
|
# S3_BUCKET=
|
|
#
|
|
# For GCS Storage:
|
|
# GCS_PROJECT_ID=
|
|
# GCS_PRIVATE_KEY_ID=
|
|
# GCS_PRIVATE_KEY=
|
|
# GCS_CLIENT_EMAIL=
|
|
# GCS_CLIENT_ID=
|
|
# GCS_CLIENT_CERT=
|
|
# GCS_PROJECT=
|
|
# GCS_BUCKET=
|
|
|
|
# Web server settings
|
|
#
|
|
# The size of the thread pool per worker used by Greenlight's web server.
|
|
# For details, see: https://github.com/puma/puma#thread-pool
|
|
# Default: 5
|
|
#
|
|
# If you change this value please correct the DB_POOL_SIZE to RAILS_MAX_THREADS + 4 (ActionCable-Workers)
|
|
#RAILS_MAX_THREADS=5
|
|
|
|
# The amount of workers (separate processes) used by the web server.
|
|
# For details, see: https://github.com/puma/puma#clustered-mode
|
|
# Default: 1
|
|
#WEB_CONCURRENCY=1
|
|
|
|
# Max avatar image size (bytes)
|
|
# Default: 100000
|
|
MAX_AVATAR_SIZE=100000
|
|
|
|
# Due CCVE-2015-9284, this setting needs to be enabled for omniauth to respond GET requests.
|
|
# ENABLE_OMNIAUTH_GET=true|<false>
|
|
ENABLE_OMNIAUTH_GET=false
|