diff --git a/conf/__init_conf__.php b/conf/__init_conf__.php index d3b946da5f..7dfd59f05d 100644 --- a/conf/__init_conf__.php +++ b/conf/__init_conf__.php @@ -1,46 +1,64 @@ true, + 'darkconsole.enabled' => true, + 'celerity.minify' => false, + ); + } + $files = id(new FileFinder($root.'/conf/')) ->withType('f') ->withSuffix('conf.php') ->withFollowSymlinks(true) ->find(); foreach ($files as $key => $file) { $file = trim($file, './'); $files[$key] = preg_replace('/\.conf\.php$/', '', $file); } $files = " ".implode("\n ", $files); throw new Exception( "CONFIGURATION ERROR\n". "Config file '{$original_config}' does not exist. Valid config files ". "are:\n\n".$files); } throw new Exception("Failed to read config file '{$config}': {$errors}"); } return $conf; } diff --git a/conf/default.conf.php b/conf/default.conf.php deleted file mode 100644 index 663a008b20..0000000000 --- a/conf/default.conf.php +++ /dev/null @@ -1,1090 +0,0 @@ - null, - - // If you have multiple environments, provide the production environment URI - // here so that emails, etc., generated in development/sandbox environments - // contain the right links. - 'phabricator.production-uri' => null, - -// -- IMPORTANT! Security! -------------------------------------------------- // - - // IMPORTANT: By default, Phabricator serves files from the same domain the - // application lives on. This is convenient but not secure: it creates a large - // class of vulnerabilities which can not be generally mitigated. - // - // To avoid this, you should configure a second domain in the same way you - // have the primary domain configured (e.g., point it at the same machine and - // set up the same vhost rules) and provide it here. For instance, if your - // primary install is on "http://www.phabricator-example.com/", you could - // configure "http://www.phabricator-files.com/" and specify the entire - // domain (with protocol) here. This will enforce that files are - // served only from the alternate domain. Ideally, you should use a - // completely separate domain name rather than just a different subdomain. - // - // It is STRONGLY RECOMMENDED that you configure this. Your install is NOT - // SECURE unless you do so. - 'security.alternate-file-domain' => null, - - // Default key for HMAC digests where the key is not important (i.e., the - // hash itself is secret). You can change this if you want (to any other - // string), but doing so will break existing sessions and CSRF tokens. - 'security.hmac-key' => '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw', - - // If the web server responds to both HTTP and HTTPS requests but you want - // users to connect with only HTTPS, you can set this to true to make - // Phabricator redirect HTTP requests to HTTPS. - // - // Normally, you should just configure your server not to accept HTTP traffic, - // but this setting may be useful if you originally used HTTP and have now - // switched to HTTPS but don't want to break old links, or if your webserver - // sits behind a load balancer which terminates HTTPS connections and you - // can not reasonably configure more granular behavior there. - // - // NOTE: Phabricator determines if a request is HTTPS or not by examining the - // PHP $_SERVER['HTTPS'] variable. If you run Apache/mod_php this will - // probably be set correctly for you automatically, but if you run Phabricator - // as CGI/FCGI (e.g., through nginx or lighttpd), you need to configure your - // web server so that it passes the value correctly based on the connection - // type. Alternatively, you can add a PHP snippet to the top of this - // configuration file to directly set $_SERVER['HTTPS'] to the correct value. - 'security.require-https' => false, - - // Is Phabricator permitted to make outbound HTTP requests? - 'security.allow-outbound-http' => true, - - -// -- Internationalization -------------------------------------------------- // - - // This allows customizing texts used in Phabricator. The class must extend - // PhabricatorTranslation. - 'translation.provider' => 'PhabricatorEnglishTranslation', - - // You can use 'translation.override' if you don't want to create a full - // translation to give users an option for switching to it and you just want - // to override some strings in the default translation. - 'translation.override' => array(), - - -// -- Access Policies ------------------------------------------------------- // - - // Phabricator allows you to set the visibility of objects (like repositories - // and source code) to "Public", which means anyone on the internet can see - // them, even without being logged in. This is great for open source, but - // some installs may never want to make anything public, so this policy is - // disabled by default. You can enable it here, which will let you set the - // policy for objects to "Public". With this option disabled, the most open - // policy is "All Users", which means users must be logged in to view things. - 'policy.allow-public' => false, - - -// -- Logging --------------------------------------------------------------- // - - // To enable the Phabricator access log, specify a path here. The Phabricator - // access log can provide more detailed information about Phabricator access - // than normal HTTP access logs (for instance, it can show logged-in users, - // controllers, and other application data). If not set, no log will be - // written. - // - // Make sure the PHP process can write to the log! - 'log.access.path' => null, - - // Format for the access log. If not set, the default format will be used: - // - // "[%D]\t%h\t%u\t%M\t%C\t%m\t%U\t%c\t%T" - // - // Available variables are: - // - // - %c The HTTP response code. - // - %C The controller which handled the request. - // - %D The request date. - // - %e Epoch timestamp. - // - %h The webserver's host name. - // - %p The PID of the server process. - // - %R The HTTP referrer. - // - %r The remote IP. - // - %T The request duration, in microseconds. - // - %U The request path. - // - %u The logged-in username, if one is logged in. - // - %P The logged-in user PHID, if one is logged in. - // - %M The HTTP method. - // - %m For conduit, the Conduit method which was invoked. - // - // If a variable isn't available (for example, %m appears in the file format - // but the request is not a Conduit request), it will be rendered as "-". - // - // Note that the default format is subject to change in the future, so if you - // rely on the log's format, specify it explicitly. - 'log.access.format' => null, - - -// -- DarkConsole ----------------------------------------------------------- // - - // DarkConsole is a administrative debugging/profiling tool built into - // Phabricator. You can leave it disabled unless you're developing against - // Phabricator. - - // Determines whether or not DarkConsole is available. DarkConsole exposes - // some data like queries and stack traces, so you should be careful about - // turning it on in production (although users can not normally see it, even - // if the deployment configuration enables it). - 'darkconsole.enabled' => false, - - // Always enable DarkConsole, even for logged out users. This potentially - // exposes sensitive information to users, so make sure untrusted users can - // not access an install running in this mode. You should definitely leave - // this off in production. It is only really useful for using DarkConsole - // utilities to debug or profile logged-out pages. You must set - // 'darkconsole.enabled' to use this option. - 'darkconsole.always-on' => false, - - // Map of additional configuration values to lock. - 'config.lock' => array(), - - // Map of additional configuration values to hide. - 'config.hide' => array(), - - // Map of additional configuration values to mask. - 'config.mask' => array(), - - // Ignore setup warnings of the following issues. - 'config.ignore-issues' => array(), - -// -- MySQL --------------------------------------------------------------- // - - // Class providing database configuration. It must implement - // DatabaseConfigurationProvider. - 'mysql.configuration-provider' => 'DefaultDatabaseConfigurationProvider', - - // The username to use when connecting to MySQL. - 'mysql.user' => 'root', - - // The password to use when connecting to MySQL. - 'mysql.pass' => '', - - // The MySQL server to connect to. - 'mysql.host' => 'localhost', - - // If you want to connect to a different port than the default (which is 3306) - 'mysql.port' => null, - - // Phabricator supports PHP extensions MySQL and MySQLi. It is possible to - // implement also other access mechanism (e.g. PDO_MySQL). The class must - // extend AphrontMySQLDatabaseConnectionBase. - 'mysql.implementation' => (extension_loaded('mysqli') - ? 'AphrontMySQLiDatabaseConnection' - : 'AphrontMySQLDatabaseConnection'), - - -// -- Notifications --------------------------------------------------------- // - - // Set this to true to enable real-time notifications. You must also run a - // notification server for this to work. Consult the documentation in - // "Notifications User Guide: Setup and Configuration" for instructions. - 'notification.enabled' => false, - - // Client port for the realtime server to listen on, and for realtime clients - // to connect to. Use "localhost" if you are running the notification server - // on the same host as the web server. - 'notification.client-uri' => 'http://localhost:22280/', - - // URI and port for the notification root server. - 'notification.server-uri' => 'http://localhost:22281/', - - // The server must be started as root so it can bind to privileged ports, but - // if you specify a user here it will drop permissions after binding. - 'notification.user' => null, - - // Location where the server should log to. - 'notification.log' => '/var/log/aphlict.log', - - // PID file to use. - 'notification.pidfile' => '/var/run/aphlict.pid', - - // Enable this option to get additional debug output in the browser. - 'notification.debug' => false, - - -// -- Email ----------------------------------------------------------------- // - - // Some Phabricator tools send email notifications, e.g. when Differential - // revisions are updated or Maniphest tasks are changed. These options allow - // you to configure how email is delivered. - - // You can test your mail setup by going to "MetaMTA" in the web interface, - // clicking "Send New Message", and then composing a message. - - // Default address to send mail "From". - 'metamta.default-address' => 'noreply@example.com', - - // Domain used to generate Message-IDs. - 'metamta.domain' => 'example.com', - - // When a message is sent to multiple recipients (for example, several - // reviewers on a code review), Phabricator can either deliver one email to - // everyone (e.g., "To: alincoln, usgrant, htaft") or separate emails to each - // user (e.g., "To: alincoln", "To: usgrant", "To: htaft"). The major - // advantages and disadvantages of each approach are: - // - // - One mail to everyone: - // - Recipients can see To/Cc at a glance. - // - If you use mailing lists, you won't get duplicate mail if you're - // a normal recipient and also Cc'd on a mailing list. - // - Getting threading to work properly is harder, and probably requires - // making mail less useful by turning off options. - // - Sometimes people will "Reply All" and everyone will get two mails, - // one from the user and one from Phabricator turning their mail into - // a comment. - // - Not supported with a private reply-to address. - // - Mails are sent in the server default translation. - // - One mail to each user: - // - Recipients need to look in the mail body to see To/Cc. - // - If you use mailing lists, recipients may sometimes get duplicate - // mail. - // - Getting threading to work properly is easier, and threading settings - // can be customzied by each user. - // - "Reply All" no longer spams all other users. - // - Required if private reply-to addresses are configured. - // - Mails are sent in the language of user preference. - // - // In the code, splitting one outbound email into one-per-recipient is - // sometimes referred to as "multiplexing". - 'metamta.one-mail-per-recipient' => true, - - // When sending a message that has no To recipient (i.e. all recipients - // are CC'd, for example when multiplexing mail), set the To field to the - // following value. If no value is set, messages with no To will have - // their CCs upgraded to To. - 'metamta.placeholder-to-recipient' => null, - - // When a user takes an action which generates an email notification (like - // commenting on a Differential revision), Phabricator can either send that - // mail "From" the user's email address (like "alincoln@logcabin.com") or - // "From" the 'metamta.default-address' address. The user experience is - // generally better if Phabricator uses the user's real address as the "From" - // since the messages are easier to organize when they appear in mail clients, - // but this will only work if the server is authorized to send email on behalf - // of the "From" domain. Practically, this means: - // - If you are doing an install for Example Corp and all the users will - // have corporate @corp.example.com addresses and any hosts Phabricator - // is running on are authorized to send email from corp.example.com, - // you can enable this to make the user experience a little better. - // - If you are doing an install for an open source project and your - // users will be registering via Facebook and using personal email - // addresses, you MUST NOT enable this or virtually all of your outgoing - // email will vanish into SFP blackholes. - // - If your install is anything else, you're much safer leaving this - // off since the risk in turning it on is that your outgoing mail will - // mostly never arrive. - 'metamta.can-send-as-user' => false, - - // Limit the maximum size of the body of an email generated for a diff - // (in bytes). - 'metamta.email-body-limit' => 524288, - - // Adapter class to use to transmit mail to the MTA. The default uses - // PHPMailerLite, which will invoke "sendmail". This is appropriate - // if sendmail actually works on your host, but if you haven't configured mail - // it may not be so great. A number of other mailers are available (e.g., SES, - // SendGrid, SMTP, custom mailers), consult "Configuring Outbound Email" in - // the documentation for details. - 'metamta.mail-adapter' => - 'PhabricatorMailImplementationPHPMailerLiteAdapter', - - // When email is sent, what format should Phabricator use for user's - // email addresses? Valid values are: - // - 'short' - 'gwashington ' - // - 'real' - 'George Washington ' - // - 'full' - 'gwashington (George Washington) ' - // The default is 'full'. - 'metamta.user-address-format' => 'full', - - // If you're using PHPMailer to send email, provide the mailer and options - // here. PHPMailer is much more enormous than PHPMailerLite, and provides more - // mailers and greater enormity. You need it when you want to use SMTP - // instead of sendmail as the mailer. - 'phpmailer.mailer' => 'smtp', - 'phpmailer.smtp-host' => '', - 'phpmailer.smtp-port' => 25, - - // When using PHPMailer with SMTP, you can set this to one of "tls" or "ssl" - // to use TLS or SSL. Leave it blank for vanilla SMTP. If you're sending - // via Gmail, set it to "ssl". - 'phpmailer.smtp-protocol' => '', - - // Set following if your smtp server requires authentication. - 'phpmailer.smtp-user' => null, - 'phpmailer.smtp-password' => null, - - // If you're using Amazon SES to send email, provide your AWS access key - // and AWS secret key here. To set up Amazon SES with Phabricator, you need - // to: - // - Make sure 'metamta.mail-adapter' is set to: - // "PhabricatorMailImplementationAmazonSESAdapter" - // - Make sure 'metamta.can-send-as-user' is false. - // - Make sure 'metamta.default-address' is configured to something sensible. - // - Make sure 'metamta.default-address' is a validated SES "From" address. - 'amazon-ses.access-key' => null, - 'amazon-ses.secret-key' => null, - - // If you're using Sendgrid to send email, provide your access credentials - // here. This will use the REST API. You can also use Sendgrid as a normal - // SMTP service. - 'sendgrid.api-user' => null, - 'sendgrid.api-key' => null, - - // You can configure a reply handler domain so that email sent from Maniphest - // will have a special "Reply To" address like "T123+82+af19f@example.com" - // that allows recipients to reply by email and interact with tasks. For - // instructions on configurating reply handlers, see the article - // "Configuring Inbound Email" in the Phabricator documentation. By default, - // this is set to 'null' and Phabricator will use a generic 'noreply@' address - // or the address of the acting user instead of a special reply handler - // address (see 'metamta.default-address'). If you set a domain here, - // Phabricator will begin generating private reply handler addresses. See - // also 'metamta.maniphest.reply-handler' to further configure behavior. - // This key should be set to the domain part after the @, like "example.com". - 'metamta.maniphest.reply-handler-domain' => null, - - // You can follow the instructions in "Configuring Inbound Email" in the - // Phabricator documentation and set 'metamta.maniphest.reply-handler-domain' - // to support updating Maniphest tasks by email. If you want more advanced - // customization than this provides, you can override the reply handler - // class with an implementation of your own. This will allow you to do things - // like have a single public reply handler or change how private reply - // handlers are generated and validated. - // - // This key should be set to a loadable subclass of - // PhabricatorMailReplyHandler. - 'metamta.maniphest.reply-handler' => 'ManiphestReplyHandler', - - // If you don't want phabricator to take up an entire domain - // (or subdomain for that matter), you can use this and set a common - // prefix for mail sent by phabricator. It will make use of the fact that - // a mail-address such as phabricator+D123+1hjk213h@example.com will be - // delivered to the phabricator users mailbox. - // Set this to the left part of the email address and it well get - // prepended to all outgoing mail. If you want to use e.g. - // 'phabricator@example.com' this should be set to 'phabricator'. - 'metamta.single-reply-handler-prefix' => null, - - // Prefix prepended to mail sent by Maniphest. You can change this to - // distinguish between testing and development installs, for example. - 'metamta.maniphest.subject-prefix' => '[Maniphest]', - - // See 'metamta.maniphest.reply-handler-domain'. This does the same thing, but - // affects Pholio. - 'metamta.pholio.reply-handler-domain' => null, - - // Prefix prepended to mail sent by Pholio. - 'metamta.pholio.subject-prefix' => '[Pholio]', - - // See 'metamta.maniphest.reply-handler-domain'. This does the same thing, but - // affects Macro. - 'metamta.macro.reply-handler-domain' => null, - - // Prefix prepended to mail sent by Macro. - 'metamta.macro.subject-prefix' => '[Macro]', - - // See 'metamta.maniphest.reply-handler-domain'. This does the same thing, - // but allows email replies via Differential. - 'metamta.differential.reply-handler-domain' => null, - - // See 'metamta.maniphest.reply-handler'. This does the same thing, but - // affects Differential. - 'metamta.differential.reply-handler' => 'DifferentialReplyHandler', - - // Prefix prepended to mail sent by Differential. - 'metamta.differential.subject-prefix' => '[Differential]', - - // Set this to true if you want patches to be attached to mail from - // Differential. This won't work if you are using SendGrid as your mail - // adapter. - 'metamta.differential.attach-patches' => false, - - // To include patches in email bodies, set this to a positive integer. Patches - // will be inlined if they are at most that many lines. For instance, a value - // of 100 means "inline patches if they are no longer than 100 lines". By - // default, patches are not inlined. - 'metamta.differential.inline-patches' => 0, - - // If you enable either of the options above, you can choose what format - // patches are sent in. Valid options are 'unified' (like diff -u) or 'git'. - 'metamta.differential.patch-format' => 'unified', - - // Enables a different format for comments in differential emails. - // Differential will create unified diffs around the comment, which - // will give enough context for people who are only viewing the - // reviews in email to understand what is going on. The context will - // be created based on the range of the comment. - 'metamta.differential.unified-comment-context' => false, - - // Prefix prepended to mail sent by Diffusion. - 'metamta.diffusion.subject-prefix' => '[Diffusion]', - - // See 'metamta.maniphest.reply-handler-domain'. This does the same thing, - // but allows email replies via Diffusion. - 'metamta.diffusion.reply-handler-domain' => null, - - // See 'metamta.maniphest.reply-handler'. This does the same thing, but - // affects Diffusion. - 'metamta.diffusion.reply-handler' => 'PhabricatorAuditReplyHandler', - - // Set this to true if you want patches to be attached to commit notifications - // from Diffusion. This won't work with SendGrid. - 'metamta.diffusion.attach-patches' => false, - - // To include patches in Diffusion email bodies, set this to a positive - // integer. Patches will be inlined if they are at most that many lines. - // By default, patches are not inlined. - 'metamta.diffusion.inline-patches' => 0, - - // If you've enabled attached patches or inline patches for commit emails, you - // can establish a hard byte limit on their size. You should generally set - // reasonable byte and time limits (defaults are 1MB and 60 seconds) to avoid - // sending ridiculously enormous email for changes like "importing an external - // library" or "accidentally committed this full-length movie as text". - 'metamta.diffusion.byte-limit' => 1024 * 1024, - - // If you've enabled attached patches or inline patches for commit emails, you - // can establish a hard time limit on generating them. - 'metamta.diffusion.time-limit' => 60, - - // Prefix prepended to mail sent by Package. - 'metamta.package.subject-prefix' => '[Package]', - - // See 'metamta.maniphest.reply-handler'. This does similar thing for package - // except that it only supports sending out mail and doesn't handle incoming - // email. - 'metamta.package.reply-handler' => 'OwnersPackageReplyHandler', - - // By default, Phabricator generates unique reply-to addresses and sends a - // separate email to each recipient when you enable reply handling. This is - // more secure than using "From" to establish user identity, but can mean - // users may receive multiple emails when they are on mailing lists. Instead, - // you can use a single, non-unique reply to address and authenticate users - // based on the "From" address by setting this to 'true'. This trades away - // a little bit of security for convenience, but it's reasonable in many - // installs. Object interactions are still protected using hashes in the - // single public email address, so objects can not be replied to blindly. - 'metamta.public-replies' => false, - - // You can configure an email address like "bugs@phabricator.example.com" - // which will automatically create Maniphest tasks when users send email - // to it. This relies on the "From" address to authenticate users, so it is - // is not completely secure. To set this up, enter a complete email - // address like "bugs@phabricator.example.com" and then configure mail to - // that address so it routed to Phabricator (if you've already configured - // reply handlers, you're probably already done). See "Configuring Inbound - // Email" in the documentation for more information. - 'metamta.maniphest.public-create-email' => null, - - // If you enable 'metamta.public-replies', Phabricator uses "From" to - // authenticate users. You can additionally enable this setting to try to - // authenticate with 'Reply-To'. Note that this is completely spoofable and - // insecure (any user can set any 'Reply-To' address) but depending on the - // nature of your install or other deliverability conditions this might be - // okay. Generally, you can't do much more by spoofing Reply-To than be - // annoying (you can write but not read content). But, you know, this is - // still **COMPLETELY INSECURE**. - 'metamta.insecure-auth-with-reply-to' => false, - - // If you enable 'metamta.maniphest.public-create-email' and create an - // email address like "bugs@phabricator.example.com", it will default to - // rejecting mail which doesn't come from a known user. However, you might - // want to let anyone send email to this address; to do so, set a default - // author here (a Phabricator username). A typical use of this might be to - // create a "System Agent" user called "bugs" and use that name here. If you - // specify a valid username, mail will always be accepted and used to create - // a task, even if the sender is not a system user. The original email - // address will be stored in an 'From Email' field on the task. - 'metamta.maniphest.default-public-author' => null, - - 'metamta.herald.show-hints' => true, - - // You can disable the hints under "REPLY HANDLER ACTIONS" if users prefer - // smaller messages. The actions themselves will still work properly. - 'metamta.reply.show-hints' => true, - - // You can disable the "To:" and "Cc:" footers in mail if users prefer - // smaller messages. - 'metamta.recipients.show-hints' => true, - - // If this option is enabled, Phabricator will add a "Precedence: bulk" - // header to transactional mail (e.g., Differential, Maniphest and Herald - // notifications). This may improve the behavior of some auto-responder - // software and prevent it from replying. However, it may also cause - // deliverability issues -- notably, you currently can not send this header - // via Amazon SES, and enabling this option with SES will prevent delivery - // of any affected mail. - 'metamta.precedence-bulk' => false, - - // Mail.app on OS X Lion won't respect threading headers unless the subject - // is prefixed with "Re:". If you enable this option, Phabricator will add - // "Re:" to the subject line of all mail which is expected to thread. If - // you've set 'metamta.one-mail-per-recipient', users can override this - // setting in their preferences. - 'metamta.re-prefix' => false, - - // If true, allow MetaMTA to change mail subjects to put text like - // '[Accepted]' and '[Commented]' in them. This makes subjects more useful, - // but might break threading on some clients. If you've set - // 'metamta.one-mail-per-recipient', users can override this setting in their - // preferences. - 'metamta.vary-subjects' => true, - -// -- Auth ------------------------------------------------------------------ // - - // If true, email addresses must be verified (by clicking a link in an - // email) before a user can login. By default, verification is optional - // unless 'auth.email-domains' is nonempty (see below). - 'auth.require-email-verification' => false, - - // You can restrict allowed email addresses to certain domains (like - // "yourcompany.com") by setting a list of allowed domains here. Users will - // only be allowed to register using email addresses at one of the domains, - // and will only be able to add new email addresses for these domains. If - // you configure this, it implies 'auth.require-email-verification'. - // - // To configure email domains, set a list of domains like this: - // - // array( - // 'yourcompany.com', - // 'yourcompany.co.uk', - // ) - // - // You should omit the "@" from domains. Note that the domain must match - // exactly. If you allow "yourcompany.com", that permits "joe@yourcompany.com" - // but rejects "joe@mail.yourcompany.com". - 'auth.email-domains' => array(), - - // You can provide an arbitrary block of HTML here, which will appear on the - // login screen. Normally, you'd use this to provide login or registration - // instructions to users. - 'auth.login-message' => null, - - -// -- Accounts -------------------------------------------------------------- // - - // Is basic account information (email, real name, profile picture) editable? - // If you set up Phabricator to automatically synchronize account information - // from some other authoritative system, you can disable this to ensure - // information remains consistent across both systems. - 'account.editable' => true, - - // When users set or reset a password, it must have at least this many - // characters. - 'account.minimum-password-length' => 8, - - -// -- Recaptcha ------------------------------------------------------------- // - - // Is Recaptcha enabled? If disabled, captchas will not appear. You should - // enable Recaptcha if your install is public-facing, as it hinders - // brute-force attacks. - 'recaptcha.enabled' => false, - - // Your Recaptcha public key, obtained from Recaptcha. - 'recaptcha.public-key' => null, - - // Your Recaptcha private key, obtained from Recaptcha. - 'recaptcha.private-key' => null, - - -// -- Misc ------------------------------------------------------------------ // - - // This is hashed with other inputs to generate CSRF tokens. If you want, you - // can change it to some other string which is unique to your install. This - // will make your install more secure in a vague, mostly theoretical way. But - // it will take you like 3 seconds of mashing on your keyboard to set it up so - // you might as well. - 'phabricator.csrf-key' => '0b7ec0592e0a2829d8b71df2fa269b2c6172eca3', - - // This is hashed with other inputs to generate mail tokens. If you want, you - // can change it to some other string which is unique to your install. In - // particular, you will want to do this if you accidentally send a bunch of - // mail somewhere you shouldn't have, to invalidate all old reply-to - // addresses. - 'phabricator.mail-key' => '5ce3e7e8787f6e40dfae861da315a5cdf1018f12', - - - // PHP requires that you set a timezone in your php.ini before using date - // functions, or it will emit a warning. If this isn't possible (for instance, - // because you are using HPHP) you can set some valid constant for - // date_default_timezone_set() here and Phabricator will set it on your - // behalf, silencing the warning. - 'phabricator.timezone' => null, - - // Show stack traces when unhandled exceptions occur, force reloading of - // static resources (skipping the cache), show an error callout if a page - // generated PHP errors, warnings, or notices, force disk reads when - // reloading, and generally make development easier. This option should not - // be enabled in production. - 'phabricator.developer-mode' => false, - - // Contains a list of uninstalled applications - 'phabricator.uninstalled-applications' => array(), - - // Allowing non-members to interact with tasks over email. - 'phabricator.allow-email-users' => false, - -// -- Welcome Screen -------------------------------------------------------- // - - // The custom HTML content for the Phabricator welcome screen. - 'welcome.html' => null, - -// -- Files ----------------------------------------------------------------- // - - // Lists which uploaded file types may be viewed in the browser. If a file - // has a mime type which does not appear in this list, it will always be - // downloaded instead of displayed. This is mainly a usability - // consideration, since browsers tend to freak out when viewing enormous - // binary files. - // - // The keys in this array are viewable mime types; the values are the mime - // types they will be delivered as when they are viewed in the browser. - // - // IMPORTANT: Configure 'security.alternate-file-domain' above! Your install - // is NOT safe if it is left unconfigured. - 'files.viewable-mime-types' => array( - 'image/jpeg' => 'image/jpeg', - 'image/jpg' => 'image/jpg', - 'image/png' => 'image/png', - 'image/gif' => 'image/gif', - 'text/plain' => 'text/plain; charset=utf-8', - 'text/x-diff' => 'text/plain; charset=utf-8', - - // ".ico" favicon files, which have mime type diversity. See: - // http://en.wikipedia.org/wiki/ICO_(file_format)#MIME_type - 'image/x-ico' => 'image/x-icon', - 'image/x-icon' => 'image/x-icon', - 'image/vnd.microsoft.icon' => 'image/x-icon', - ), - - // List of mime types which can be used as the source for an tag. - // This should be a subset of 'files.viewable-mime-types' and exclude files - // like text. - 'files.image-mime-types' => array( - 'image/jpeg' => true, - 'image/jpg' => true, - 'image/png' => true, - 'image/gif' => true, - 'image/x-ico' => true, - 'image/x-icon' => true, - 'image/vnd.microsoft.icon' => true, - ), - - // Configuration option for enabling imagemagick - // to resize animated profile pictures (gif) - 'files.enable-imagemagick' => false, - -// -- Storage --------------------------------------------------------------- // - - // Phabricator allows users to upload files, and can keep them in various - // storage engines. This section allows you to configure which engines - // Phabricator will use, and how it will use them. - - // The largest filesize Phabricator will store in the MySQL BLOB storage - // engine, which just uses a database table to store files. While this isn't a - // best practice, it's really easy to set up. Set this to 0 to disable use of - // the MySQL blob engine. - 'storage.mysql-engine.max-size' => 1000000, - - // Phabricator provides a local disk storage engine, which just writes files - // to some directory on local disk. The webserver must have read/write - // permissions on this directory. This is straightforward and suitable for - // most installs, but will not scale past one web frontend unless the path - // is actually an NFS mount, since you'll end up with some of the files - // written to each web frontend and no way for them to share. To use the - // local disk storage engine, specify the path to a directory here. To - // disable it, specify null. - 'storage.local-disk.path' => null, - - // If you want to store files in Amazon S3, specify an AWS access and secret - // key here and a bucket name below. - 'amazon-s3.access-key' => null, - 'amazon-s3.secret-key' => null, - - // To use a custom endpoint, specify it here. Normally, you do not need to - // configure this. - 'amazon-s3.endpoint' => null, - - // Set this to a valid Amazon S3 bucket to store files there. You must also - // configure S3 access keys above. - 'storage.s3.bucket' => null, - - // Phabricator uses a storage engine selector to choose which storage engine - // to use when writing file data. If you add new storage engines or want to - // provide very custom rules (e.g., write images to one storage engine and - // other files to a different one), you can provide an alternate - // implementation here. The default engine will use choose MySQL, Local Disk, - // and S3, in that order, if they have valid configurations above and a file - // fits within configured limits. - 'storage.engine-selector' => 'PhabricatorDefaultFileStorageEngineSelector', - - // Set the size of the largest file a user may upload. This is used to render - // text like "Maximum file size: 10MB" on interfaces where users can upload - // files, and files larger than this size will be rejected. - // - // Specify this limit in bytes, or using a "K", "M", or "G" suffix. - // - // NOTE: Setting this to a large size is NOT sufficient to allow users to - // upload large files. You must also configure a number of other settings. To - // configure file upload limits, consult the article "Configuring File Upload - // Limits" in the documentation. Once you've configured some limit across all - // levels of the server, you can set this limit to an appropriate value and - // the UI will then reflect the actual configured limit. - 'storage.upload-size-limit' => null, - - // Phabricator puts databases in a namespace, which defualts to "phabricator" - // -- for instance, the Differential database is named - // "phabricator_differential" by default. You can change this namespace if you - // want. Normally, you should not do this unless you are developing - // Phabricator and using namespaces to separate multiple sandbox datasets. - 'storage.default-namespace' => 'phabricator', - - -// -- Search ---------------------------------------------------------------- // - - // Phabricator supports Elastic Search; to use it, specify a host like - // 'http://elastic.example.com:9200/' here. - 'search.elastic.host' => null, - - // Phabricator uses a search engine selector to choose which search engine - // to use when indexing and reconstructing documents, and when executing - // queries. You can override the engine selector to provide a new selector - // class which can select some custom engine you implement, if you want to - // store your documents in some search engine which does not have default - // support. - 'search.engine-selector' => 'PhabricatorDefaultSearchEngineSelector', - - -// -- Differential ---------------------------------------------------------- // - - // List of file regexps where whitespace is meaningful and should not - // use 'ignore-all' by default - 'differential.whitespace-matters' => array( - '/\.py$/', - '/\.l?hs$/', - ), - - // Differential has a required "Test Plan" field by default. You can make it - // optional by setting this to false. You can also completely remove it above, - // if you prefer. - 'differential.require-test-plan-field' => true, - - // If you set this to true, users can "!accept" revisions via email (normally, - // they can take other actions but can not "!accept"). This action is disabled - // by default because email authentication can be configured to be very weak, - // and, socially, email "!accept" is kind of sketchy and implies revisions may - // not actually be receiving thorough review. - 'differential.enable-email-accept' => false, - - // List of file regexps that should be treated as if they are generated by - // an automatic process, and thus get hidden by default in differential. - 'differential.generated-paths' => array( - // '/config\.h$/', - // '#/autobuilt/#', - ), - - // If you set this to true, users can accept their own revisions. This action - // is disabled by default because it's most likely not a behavior you want, - // but it proves useful if you are working alone on a project and want to make - // use of all of differential's features. - 'differential.allow-self-accept' => false, - - // If you set this to true, any user can close any revision so long as it has - // been accepted. This can be useful depending on your development model. For - // example, github-style pull requests where the reviewer is often the - // actual committer can benefit from turning this option to true. If false, - // only the submitter can close a revision. - 'differential.always-allow-close' => false, - - // If you set this to true, any user can abandon any revision. If false, only - // the submitter can abandon a revision. - 'differential.always-allow-abandon' => false, - - // If you set this to true, any user can reopen a revision so long as it has - // been closed. This can be useful if a revision is accidentally closed or - // if a developer changes his or her mind after closing a revision. If it is - // false, reopening is not allowed. - 'differential.allow-reopen' => false, - - // Revisions newer than this number of days are marked as fresh in Action - // Required and Revisions Waiting on You views. Only work days (not weekends - // and holidays) are included. Set to 0 to disable this feature. - 'differential.days-fresh' => 1, - - // Similar to 'differential.days-fresh' but marks stale revisions. If the - // revision is even older than it is marked as old. - 'differential.days-stale' => 3, - -// -- Repositories ---------------------------------------------------------- // - - // The default location in which to store local copies of repositories. - // Anything stored in this directory will be assumed to be under the - // control of phabricator, which means that Phabricator will try to do some - // maintenance on working copies if there are problems (such as a change - // to the remote origin url). This maintenance may include completely - // removing (and recloning) anything in this directory. - // - // When set to null, this option is ignored (i.e. Phabricator will not fully - // control any working copies). - 'repository.default-local-path' => null, - -// -- Maniphest ------------------------------------------------------------- // - - // What should the default task priority be in create flows? - // See the constants in @{class:ManiphestTaskPriority} for valid values. - // Defaults to "needs triage". - 'maniphest.default-priority' => 90, - -// -- Phame ----------------------------------------------------------------- // - - // Should Phame users have Disqus comment widget, and if so what's the - // website shortname to use? For example, secure.phabricator.org uses - // "phabricator", which we registered with Disqus. If you aren't familiar - // with Disqus, see: - // Disqus quick start guide - http://docs.disqus.com/help/4/ - // Information on shortnames - http://docs.disqus.com/help/68/ - 'disqus.shortname' => null, - - // Directories to look for Phame skins inside of. - 'phame.skins' => array( - 'externals/skins/', - ), - -// -- Remarkup -------------------------------------------------------------- // - - // If you enable this, linked YouTube videos will be embeded inline. This has - // mild security implications (you'll leak referrers to YouTube) and is pretty - // silly (but sort of awesome). - 'remarkup.enable-embedded-youtube' => false, - - -// -- Cache ----------------------------------------------------------------- // - - // Set this to false to disable the use of gzdeflate()-based compression in - // some caches. This may give you less performant (but more debuggable) - // caching. - 'cache.enable-deflate' => true, - -// -- Garbage Collection ---------------------------------------------------- // - - // Phabricator generates various logs and caches in the database which can - // be garbage collected after a while to make the total data size more - // manageable. To run garbage collection, launch a - // PhabricatorGarbageCollector daemon. - - // These 'ttl' keys configure how much old data the GC daemon keeps around. - // Objects older than the ttl will be collected. Set any value to 0 to store - // data indefinitely. - - 'gcdaemon.ttl.herald-transcripts' => 30 * (24 * 60 * 60), - 'gcdaemon.ttl.daemon-logs' => 7 * (24 * 60 * 60), - 'gcdaemon.ttl.differential-parse-cache' => 14 * (24 * 60 * 60), - 'gcdaemon.ttl.markup-cache' => 30 * (24 * 60 * 60), - 'gcdaemon.ttl.task-archive' => 14 * (24 * 60 * 60), - 'gcdaemon.ttl.general-cache' => 30 * (24 * 60 * 60), - - -// -- Feed ------------------------------------------------------------------ // - - // If you set this to true, you can embed Phabricator activity feeds in other - // pages using iframes. These feeds are completely public, and a login is not - // required to view them! This is intended for things like open source - // projects that want to expose an activity feed on the project homepage. - // - // NOTE: You must also set `policy.allow-public` to true for this setting - // to work properly. - 'feed.public' => false, - - // If you set this to a list of http URIs, when a feed story is published a - // task will be created for each uri that posts the story data to the uri. - // Daemons automagically retry failures 100 times, waiting $fail_count * 60s - // between each subsequent failure. Be sure to keep the daemon console - // (/daemon/) open while developing and testing your end points. You may need - // to restart your daemons to start sending http requests. - // - // NOTE: URIs are not validated, the URI must return http status 200 within - // 30 seconds, and no permission checks are performed. - 'feed.http-hooks' => array(), - -// -- Drydock --------------------------------------------------------------- // - - // If you want to use Drydock's builtin EC2 Blueprints, configure your AWS - // EC2 credentials here. - 'amazon-ec2.access-key' => null, - 'amazon-ec2.secret-key' => null, - - -// -- Customization --------------------------------------------------------- // - - // Paths to additional phutil libraries to load. - 'load-libraries' => array(), - - 'aphront.default-application-configuration-class' => - 'AphrontDefaultApplicationConfiguration', - - // Directory that phd (the Phabricator daemon control script) should use to - // track running daemons. - 'phd.pid-directory' => '/var/tmp/phd/pid', - - // Directory that the Phabricator daemons should use to store the log file - 'phd.log-directory' => '/var/tmp/phd/log', - - // Number of "TaskMaster" daemons that "phd start" should start. You can - // raise this if you have a task backlog, or explicitly launch more with - // "phd launch taskmaster". - 'phd.start-taskmasters' => 4, - - // Launch daemons in "verbose" mode by default. This creates a lot of output, - // but can help debug issues. Daemons launched in debug mode with "phd debug" - // are always launched in verbose mode. See also 'phd.trace'. - 'phd.verbose' => false, - - // Launch daemons in "trace" mode by default. This creates an ENORMOUS amount - // of output, but can help debug issues. Daemons launched in debug mode with - // "phd debug" are always launched in trace mdoe. See also 'phd.verbose'. - 'phd.trace' => false, - - // This value is an input to the hash function when building resource hashes. - // It has no security value, but if you accidentally poison user caches (by - // pushing a bad patch or having something go wrong with a CDN, e.g.) you can - // change this to something else and rebuild the Celerity map to break user - // caches. Unless you are doing Celerity development, it is exceptionally - // unlikely that you need to modify this. - 'celerity.resource-hash' => 'd9455ea150622ee044f7931dabfa52aa', - - // Minify static resources by removing whitespace and comments. You should - // enable this in production, but disable it in development. - 'celerity.minify' => true, - - // You can respond to various application events by installing listeners, - // which will receive callbacks when interesting things occur. Specify a list - // of classes which extend PhabricatorEventListener here. - 'events.listeners' => array(), - -// -- Syntax Highlighting --------------------------------------------------- // - - // Phabricator can highlight PHP by default and use Pygments for other - // languages if enabled. You can provide a custom highlighter engine by - // extending class PhutilSyntaxHighlighterEngine. - 'syntax-highlighter.engine' => 'PhutilDefaultSyntaxHighlighterEngine', - - // If you want syntax highlighting for other languages than PHP then you can - // install the python package 'Pygments', make sure the 'pygmentize' script is - // available in the $PATH of the webserver, and then enable this. - 'pygments.enabled' => false, - - // In places that we display a dropdown to syntax-highlight code, - // this is where that list is defined. - // Syntax is 'lexer-name' => 'Display Name', - 'pygments.dropdown-choices' => array( - 'apacheconf' => 'Apache Configuration', - 'bash' => 'Bash Scripting', - 'brainfuck' => 'Brainf*ck', - 'c' => 'C', - 'coffee-script' => 'CoffeeScript', - 'cpp' => 'C++', - 'css' => 'CSS', - 'd' => 'D', - 'diff' => 'Diff', - 'django' => 'Django Templating', - 'erb' => 'Embedded Ruby/ERB', - 'erlang' => 'Erlang', - 'go' => 'Golang', - 'groovy' => 'Groovy', - 'haskell' => 'Haskell', - 'html' => 'HTML', - 'java' => 'Java', - 'js' => 'Javascript', - 'json' => 'JSON', - 'mysql' => 'MySQL', - 'objc' => 'Objective-C', - 'perl' => 'Perl', - 'php' => 'PHP', - 'puppet' => 'Puppet', - 'rest' => 'reStructuredText', - 'text' => 'Plain Text', - 'python' => 'Python', - 'rainbow' => 'Rainbow', - 'remarkup' => 'Remarkup', - 'ruby' => 'Ruby', - 'xml' => 'XML', - 'yaml' => 'YAML', - ), - - // This is an override list of regular expressions which allows you to choose - // what language files are highlighted as. If your projects have certain rules - // about filenames or use unusual or ambiguous language extensions, you can - // create a mapping here. This is an ordered dictionary of regular expressions - // which will be tested against the filename. They should map to either an - // explicit language as a string value, or a numeric index into the captured - // groups as an integer. - 'syntax.filemap' => array( - // Example: Treat all '*.xyz' files as PHP. - // '@\\.xyz$@' => 'php', - - // Example: Treat 'httpd.conf' as 'apacheconf'. - // '@/httpd\\.conf$@' => 'apacheconf', - - // Example: Treat all '*.x.bak' file as '.x'. NOTE: we map to capturing - // group 1 by specifying the mapping as "1". - // '@\\.([^.]+)\\.bak$@' => 1, - - '@\.arcconfig$@' => 'js', - '@\.arclint$@' => 'js', - '@\.divinerconfig$@' => 'js', - ), - - // Set the default monospaced font style for users who haven't set a custom - // style. - 'style.monospace' => '10px "Menlo", "Consolas", "Monaco", monospace', - 'style.monospace.windows' => '11px "Menlo", "Consolas", "Monaco", monospace', - - -// -- Debugging ------------------------------------------------------------- // - - // Enable this to change HTTP redirects into normal pages with a link to the - // redirection target. For example, after you submit a form you'll get a page - // saying "normally, you'd be redirected...". This is useful to examine - // service or profiler information on write pathways, or debug redirects. It - // also makes the UX horrible for normal use, so you should enable it only - // when debugging. - // - // NOTE: This does not currently work for forms with Javascript "workflow", - // since the redirect happens in Javascript. - 'debug.stop-on-redirect' => false, - - // Set the rate for how often to do sampled profiling. On average, one - // request for every number of requests specified here will be sampled. - // Set this value to 0 to completely disable profiling. In a production - // environment, this value should either be set to 0 (to disable) or to - // a large number (to sample only a few requests). - 'debug.profile-rate' => 0, - -// -- Environment ---------------------------------------------------------- // - - // Phabricator occasionally shells out to other binaries on the server. - // An example of this is the "pygmentize" command, used to syntax-highlight - // code written in languages other than PHP. By default, it is assumed that - // these binaries are in the $PATH of the user running Phabricator (normally - // 'apache', 'httpd', or 'nobody'). Here you can add extra directories to - // the $PATH environment variable, for when these binaries are in non-standard - // locations. - 'environment.append-paths' => array(), - -// -- Audit ---------------------------------------------------------- // - - // Controls whether or not task creator can Close Audits - 'audit.can-author-close-audit' => false, -); diff --git a/conf/development.conf.php b/conf/development.conf.php deleted file mode 100644 index e4b1311b9f..0000000000 --- a/conf/development.conf.php +++ /dev/null @@ -1,9 +0,0 @@ - true, - 'darkconsole.enabled' => true, - 'celerity.minify' => false, - -) + phabricator_read_config_file('default'); diff --git a/conf/production.conf.php b/conf/production.conf.php deleted file mode 100644 index c0a7bc2448..0000000000 --- a/conf/production.conf.php +++ /dev/null @@ -1,5 +0,0 @@ -