telemetry_event: [Pleroma.Repo.Instrumenter],
migration_lock: nil
-scheduled_jobs =
- with digest_config <- Application.get_env(:pleroma, :email_notifications)[:digest],
- true <- digest_config[:active] do
- [{digest_config[:schedule], {Pleroma.Daemons.DigestEmailDaemon, :perform, []}}]
- else
- _ -> []
- end
-
-config :pleroma, Pleroma.Scheduler,
- global: true,
- overlap: true,
- timezone: :utc,
- jobs: scheduled_jobs
-
config :pleroma, Pleroma.Captcha,
enabled: true,
seconds_valid: 300,
scheduled_activities: 10,
background: 5,
attachments_cleanup: 5
+ ],
+ crontab: [
+ {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker},
+ {"0 * * * *", Pleroma.Workers.Cron.StatsWorker},
+ {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker},
+ {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}
]
config :pleroma, :workers,
config :pleroma, :email_notifications,
digest: %{
active: false,
- schedule: "0 0 * * 0",
interval: 7,
inactivity_threshold: 7
}
config :pleroma, :oauth2,
token_expires_in: 600,
issue_new_refresh_token: true,
- clean_expired_tokens: false,
- clean_expired_tokens_interval: 86_400_000
+ clean_expired_tokens: false
config :pleroma, :database, rum_enabled: false
config :http_signatures,
adapter: Pleroma.Signature
- config :pleroma, :rate_limit, authentication: {60_000, 15}
+ config :pleroma, :rate_limit,
+ authentication: {60_000, 15},
+ search: [{1000, 10}, {1000, 30}],
+ app_account_creation: {1_800_000, 25},
+ relations_actions: {10_000, 10},
+ relation_id_action: {60_000, 2},
+ statuses_actions: {10_000, 15},
+ status_id_action: {60_000, 3},
+ password_reset: {1_800_000, 5},
+ account_confirmation_resend: {8_640_000, 5},
+ ap_routes: {60_000, 15}
config :pleroma, Pleroma.ActivityExpiration, enabled: true
- config :pleroma, Pleroma.Plugs.RemoteIp, enabled: false
+ config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true
config :pleroma, :static_fe, enabled: false
config :pleroma, configurable_from_database: false
-config :swarm, node_blacklist: [~r/myhtml_.*$/]
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"
Available options:
* `enabled` - Enable/disable the plug. Defaults to `false`.
- * `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`.
+ * `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `["x-forwarded-for"]`.
* `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`.
* `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network).
### :rate_limit
- This is an advanced feature and disabled by default.
-
- If your instance is behind a reverse proxy you must enable and configure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip).
+ !!! note
+ If your instance is behind a reverse proxy ensure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default).
A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.
+ For example:
+
+ ```elixir
+ config :pleroma, :rate_limit,
+ authentication: {60_000, 15},
+ search: [{1000, 10}, {1000, 30}]
+ ```
+
+ Means that:
+
+ 1. In 60 seconds, 15 authentication attempts can be performed from the same IP address.
+ 2. In 1 second, 10 search requests can be performed from the same IP adress by unauthenticated users, while authenticated users can perform 30 search requests per second.
+
Supported rate limiters:
- * `:search` for the search requests (account & status search etc.)
- * `:app_account_creation` for registering user accounts from the same IP address
- * `:relations_actions` for actions on relations with all users (follow, unfollow)
- * `:relation_id_action` for actions on relation with a specific user (follow, unfollow)
- * `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses
- * `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user
+ * `:search` - Account/Status search.
+ * `:app_account_creation` - Account registration from the API.
+ * `:relations_actions` - Following/Unfollowing in general.
+ * `:relation_id_action` - Following/Unfollowing for a specific user.
+ * `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting.
+ * `:status_id_action` - (un)Repeating/(un)Favouriting a particular status.
+ * `:authentication` - Authentication actions, i.e getting an OAuth token.
+ * `:password_reset` - Requesting password reset emails.
+ * `:account_confirmation_resend` - Requesting resending account confirmation emails.
+ * `:ap_routes` - Requesting statuses via ActivityPub.
### :web_cache_ttl
* `verbose` - logs verbosity
* `prune` - non-retryable jobs [pruning settings](https://github.com/sorentwo/oban#pruning) (`:disabled` / `{:maxlen, value}` / `{:maxage, value}`)
* `queues` - job queues (see below)
+* `crontab` - periodic jobs, see [`Oban.Cron`](#obancron)
Pleroma has the following queues:
* `web_push` - Web push notifications
* `scheduled_activities` - Scheduled activities, see [`Pleroma.ScheduledActivity`](#pleromascheduledactivity)
+#### Oban.Cron
+
+Pleroma has these periodic job workers:
+
+`Pleroma.Workers.Cron.ClearOauthTokenWorker` - a job worker to cleanup expired oauth tokens.
+
Example:
```elixir
queues: [
federator_incoming: 50,
federator_outgoing: 50
+ ],
+ crontab: [
+ {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}
]
```
* `token_expires_in` - The lifetime in seconds of the access token.
* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
-* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
-* `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours).
+* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. Interval settings sets in configuration periodic jobs [`Oban.Cron`](#obancron)
## Link parsing
def start(_type, _args) do
Pleroma.HTML.compile_scrubbers()
Pleroma.Config.DeprecationWarnings.warn()
+ Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled()
Pleroma.Repo.check_migrations_applied!()
setup_instrumenters()
load_custom_modules()
children =
[
Pleroma.Repo,
- Pleroma.Scheduler,
Pleroma.Config.TransferTask,
Pleroma.Emoji,
Pleroma.Captcha,
- Pleroma.Daemons.ScheduledActivityDaemon,
- Pleroma.Daemons.ActivityExpirationDaemon,
Pleroma.Plugs.RateLimiter.Supervisor
] ++
cachex_children() ++
{Oban, Pleroma.Config.get(Oban)}
] ++
task_children(@env) ++
- oauth_cleanup_child(oauth_cleanup_enabled?()) ++
streamer_child(@env) ++
chat_child(@env, chat_enabled?()) ++
[
defp chat_enabled?, do: Pleroma.Config.get([:chat, :enabled])
- defp oauth_cleanup_enabled?,
- do: Pleroma.Config.get([:oauth2, :clean_expired_tokens], false)
-
defp streamer_child(:test), do: []
defp streamer_child(_) do
[Pleroma.Web.Streamer.supervisor()]
end
- defp oauth_cleanup_child(true),
- do: [Pleroma.Web.OAuth.Token.CleanWorker]
-
- defp oauth_cleanup_child(_), do: []
-
defp chat_child(_env, true) do
[Pleroma.Web.ChatChannel.ChatChannelState]
end