5f88d56d96
* 1. ed25519キーペアを発行・Personとして公開鍵を送受信 * validate additionalPublicKeys * getAuthUserFromApIdはmainを選ぶ * ✌️ * fix * signatureAlgorithm * set publicKeyCache lifetime * refresh * httpMessageSignatureAcceptable * ED25519_SIGNED_ALGORITHM * ED25519_PUBLIC_KEY_SIGNATURE_ALGORITHM * remove sign additionalPublicKeys signature requirements * httpMessageSignaturesSupported * httpMessageSignaturesImplementationLevel * httpMessageSignaturesImplementationLevel: '01' * perf(federation): Use hint for getAuthUserFromApId (#13470) * Hint for getAuthUserFromApId * とどのつまりこれでいいのか? * use @misskey-dev/node-http-message-signatures * fix * signedPost, signedGet * ap-request.tsを復活させる * remove digest prerender * fix test? * fix test * add httpMessageSignaturesImplementationLevel to FederationInstance * ManyToOne * fetchPersonWithRenewal * exactKey * ✌️ * use const * use gen-key-pair fn. from '@misskey-dev/node-http-message-signatures' * update node-http-message-signatures * fix * @misskey-dev/node-http-message-signatures@0.0.0-alpha.11 * getAuthUserFromApIdでupdatePersonの頻度を増やす * cacheRaw.date * use requiredInputs https://github.com/misskey-dev/misskey/pull/13464#discussion_r1509964359 * update @misskey-dev/node-http-message-signatures * clean up * err msg * fix(backend): fetchInstanceMetadataのLockが永遠に解除されない問題を修正 Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com> * fix httpMessageSignaturesImplementationLevel validation * fix test * fix * comment * comment * improve test * fix * use Promise.all in genRSAAndEd25519KeyPair * refreshAndprepareEd25519KeyPair * refreshAndfindKey * commetn * refactor public keys add * digestプリレンダを復活させる RFC実装時にどうするか考える * fix, async * fix * !== true * use save * Deliver update person when new key generated (not tested) https://github.com/misskey-dev/misskey/pull/13464#issuecomment-1977049061 * 循環参照で落ちるのを解消? * fix? * Revert "fix?" This reverts commit 0082f6f8e8c5d5febd14933ba9a1ac643f70ca92. * a * logger * log * change logger * 秘密鍵の変更は、フラグではなく鍵を引き回すようにする * addAllKnowingSharedInboxRecipe * nanka meccha kaeta * delivre * キャッシュ有効チェックはロック取得前に行う * @misskey-dev/node-http-message-signatures@0.0.3 * PrivateKeyPem * getLocalUserPrivateKey * fix test * if * fix ap-request * update node-http-message-signatures * fix type error * update package * fix type * update package * retry no key * @misskey-dev/node-http-message-signatures@0.0.8 * fix type error * log keyid * logger * db-resolver * JSON.stringify * HTTP Signatureがなかったり使えなかったりしそうな場合にLD Signatureを活用するように * inbox-delayed use actor if no signature * ユーザーとキーの同一性チェックはhostの一致にする * log signature parse err * save array * とりあえずtryで囲っておく * fetchPersonWithRenewalでエラーが起きたら古いデータを返す * use transactionalEntityManager * fix spdx * @misskey-dev/node-http-message-signatures@0.0.10 * add comment * fix * publicKeyに配列が入ってもいいようにする https://github.com/misskey-dev/misskey/pull/13950 * define additionalPublicKeys * fix * merge fix * refreshAndprepareEd25519KeyPair → refreshAndPrepareEd25519KeyPair * remove gen-key-pair.ts * defaultMaxListeners = 512 * Revert "defaultMaxListeners = 512" This reverts commit f2c412c18057a9300540794ccbe4dfbf6d259ed6. * genRSAAndEd25519KeyPairではキーを直列に生成する? * maxConcurrency: 8 * maxConcurrency: 16 * maxConcurrency: 8 * Revert "genRSAAndEd25519KeyPairではキーを直列に生成する?" This reverts commit d0aada55c1ed5aa98f18731ec82f3ac5eb5a6c16. * maxWorkers: '90%' * Revert "maxWorkers: '90%'" This reverts commit 9e0a93f110456320d6485a871f014f7cdab29b33. * e2e/timelines.tsで個々のテストに対するtimeoutを削除, maxConcurrency: 32 * better error handling of this.userPublickeysRepository.delete * better comment * set result to keypairEntityCache * deliverJobConcurrency: 16, deliverJobPerSec: 1024, inboxJobConcurrency: 4 * inboxJobPerSec: 64 * delete request.headers['host']; * fix * // node-fetch will generate this for us. if we keep 'Host', it won't change with redirects! * move delete host * modify comment * modify comment * fix correct → collect * refreshAndfindKey → refreshAndFindKey * modify comment * modify attachLdSignature * getApId, InboxProcessorService * TODO * [skip ci] add CHANGELOG --------- Co-authored-by: MeiMei <30769358+mei23@users.noreply.github.com> Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
300 lines
10 KiB
YAML
300 lines
10 KiB
YAML
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
# Misskey configuration
|
|
#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
|
|
# ┌──────────────────────────────┐
|
|
#───┘ a boring but important thing └────────────────────────────
|
|
|
|
#
|
|
# First of all, let me tell you a story that may possibly be
|
|
# boring to you and possibly important to you.
|
|
#
|
|
# Misskey is licensed under the AGPLv3 license. This license is
|
|
# known to be often misunderstood. Please read the following
|
|
# instructions carefully and select the appropriate option so
|
|
# that you do not negligently cause a license violation.
|
|
#
|
|
|
|
# --------
|
|
# Option 1: If you host Misskey AS-IS (without any changes to
|
|
# the source code. forks are not included).
|
|
#
|
|
# Step 1: Congratulations! You don't need to do anything.
|
|
|
|
# --------
|
|
# Option 2: If you have made changes to the source code (forks
|
|
# are included) and publish a Git repository of source
|
|
# code. There should be no access restrictions on
|
|
# this repository. Strictly speaking, it doesn't have
|
|
# to be a Git repository, but you'll probably use Git!
|
|
#
|
|
# Step 1: Build and run the Misskey server first.
|
|
# Step 2: Open <https://your.misskey.example/admin/settings> in
|
|
# your browser with the administrator account.
|
|
# Step 3: Enter the URL of your Git repository in the
|
|
# "Repository URL" field.
|
|
|
|
# --------
|
|
# Option 3: If neither of the above applies to you.
|
|
# (In this case, the source code should be published
|
|
# on the Misskey interface. IT IS NOT ENOUGH TO
|
|
# DISCLOSE THE SOURCE CODE WHEN A USER REQUESTS IT BY
|
|
# E-MAIL OR OTHER MEANS. If you are not satisfied
|
|
# with this, it is recommended that you read the
|
|
# license again carefully. Anyway, enabling this
|
|
# option will automatically generate and publish a
|
|
# tarball at build time, protecting you from
|
|
# inadvertent license violations. (There is no legal
|
|
# guarantee, of course.) The tarball will generated
|
|
# from the root directory of your codebase. So it is
|
|
# also recommended to check <built/tarball> directory
|
|
# once after building and before activating the server
|
|
# to avoid ACCIDENTAL LEAKING OF SENSITIVE INFORMATION.
|
|
# To prevent certain files from being included in the
|
|
# tarball, add a glob pattern after line 15 in
|
|
# <scripts/tarball.mjs>. DO NOT FORGET TO BUILD AFTER
|
|
# ENABLING THIS OPTION!)
|
|
#
|
|
# Step 1: Uncomment the following line.
|
|
#
|
|
# publishTarballInsteadOfProvideRepositoryUrl: true
|
|
|
|
# ┌─────┐
|
|
#───┘ URL └─────────────────────────────────────────────────────
|
|
|
|
# Final accessible URL seen by a user.
|
|
url: https://example.tld/
|
|
|
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
# URL SETTINGS AFTER THAT!
|
|
|
|
# ┌───────────────────────┐
|
|
#───┘ Port and TLS settings └───────────────────────────────────
|
|
|
|
#
|
|
# Misskey requires a reverse proxy to support HTTPS connections.
|
|
#
|
|
# +----- https://example.tld/ ------------+
|
|
# +------+ |+-------------+ +----------------+|
|
|
# | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
|
|
# +------+ |+-------------+ +----------------+|
|
|
# +---------------------------------------+
|
|
#
|
|
# You need to set up a reverse proxy. (e.g. nginx)
|
|
# An encrypted connection with HTTPS is highly recommended
|
|
# because tokens may be transferred in GET requests.
|
|
|
|
# The port that your Misskey server should listen on.
|
|
port: 3000
|
|
|
|
# You can also use UNIX domain socket.
|
|
# socket: /path/to/misskey.sock
|
|
# chmodSocket: '777'
|
|
|
|
# ┌──────────────────────────┐
|
|
#───┘ PostgreSQL configuration └────────────────────────────────
|
|
|
|
db:
|
|
host: localhost
|
|
port: 5432
|
|
|
|
# Database name
|
|
db: misskey
|
|
|
|
# Auth
|
|
user: example-misskey-user
|
|
pass: example-misskey-pass
|
|
|
|
# Whether disable Caching queries
|
|
#disableCache: true
|
|
|
|
# Extra Connection options
|
|
#extra:
|
|
# ssl: true
|
|
|
|
dbReplications: false
|
|
|
|
# You can configure any number of replicas here
|
|
#dbSlaves:
|
|
# -
|
|
# host:
|
|
# port:
|
|
# db:
|
|
# user:
|
|
# pass:
|
|
# -
|
|
# host:
|
|
# port:
|
|
# db:
|
|
# user:
|
|
# pass:
|
|
|
|
# ┌─────────────────────┐
|
|
#───┘ Redis configuration └─────────────────────────────────────
|
|
|
|
redis:
|
|
host: localhost
|
|
port: 6379
|
|
#family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
#pass: example-pass
|
|
#prefix: example-prefix
|
|
#db: 1
|
|
# You can specify more ioredis options...
|
|
#username: example-username
|
|
|
|
#redisForPubsub:
|
|
# host: localhost
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
# # You can specify more ioredis options...
|
|
# #username: example-username
|
|
|
|
#redisForJobQueue:
|
|
# host: localhost
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
# # You can specify more ioredis options...
|
|
# #username: example-username
|
|
|
|
#redisForTimelines:
|
|
# host: localhost
|
|
# port: 6379
|
|
# #family: 0 # 0=Both, 4=IPv4, 6=IPv6
|
|
# #pass: example-pass
|
|
# #prefix: example-prefix
|
|
# #db: 1
|
|
# # You can specify more ioredis options...
|
|
# #username: example-username
|
|
|
|
# ┌───────────────────────────┐
|
|
#───┘ MeiliSearch configuration └─────────────────────────────
|
|
|
|
# You can set scope to local (default value) or global
|
|
# (include notes from remote).
|
|
|
|
#meilisearch:
|
|
# host: localhost
|
|
# port: 7700
|
|
# apiKey: ''
|
|
# ssl: true
|
|
# index: ''
|
|
# scope: local
|
|
|
|
# ┌───────────────┐
|
|
#───┘ ID generation └───────────────────────────────────────────
|
|
|
|
# You can select the ID generation method.
|
|
# You don't usually need to change this setting, but you can
|
|
# change it according to your preferences.
|
|
|
|
# Available methods:
|
|
# aid ... Short, Millisecond accuracy
|
|
# aidx ... Millisecond accuracy
|
|
# meid ... Similar to ObjectID, Millisecond accuracy
|
|
# ulid ... Millisecond accuracy
|
|
# objectid ... This is left for backward compatibility
|
|
|
|
# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
|
|
# ID SETTINGS AFTER THAT!
|
|
|
|
id: 'aidx'
|
|
|
|
# ┌────────────────┐
|
|
#───┘ Error tracking └──────────────────────────────────────────
|
|
|
|
# Sentry is available for error tracking.
|
|
# See the Sentry documentation for more details on options.
|
|
|
|
#sentryForBackend:
|
|
# enableNodeProfiling: true
|
|
# options:
|
|
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
|
|
|
|
#sentryForFrontend:
|
|
# options:
|
|
# dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
|
|
|
|
# ┌─────────────────────┐
|
|
#───┘ Other configuration └─────────────────────────────────────
|
|
|
|
# Whether disable HSTS
|
|
#disableHsts: true
|
|
|
|
# Number of worker processes
|
|
#clusterLimit: 1
|
|
|
|
# Job concurrency per worker
|
|
#deliverJobConcurrency: 16
|
|
#inboxJobConcurrency: 4
|
|
#relationshipJobConcurrency: 16
|
|
# What's relationshipJob?:
|
|
# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
|
|
|
|
# Job rate limiter
|
|
#deliverJobPerSec: 1024
|
|
#inboxJobPerSec: 64
|
|
#relationshipJobPerSec: 64
|
|
|
|
# Job attempts
|
|
#deliverJobMaxAttempts: 12
|
|
#inboxJobMaxAttempts: 8
|
|
|
|
# Local address used for outgoing requests
|
|
#outgoingAddress: 127.0.0.1
|
|
|
|
# IP address family used for outgoing request (ipv4, ipv6 or dual)
|
|
#outgoingAddressFamily: ipv4
|
|
|
|
# Proxy for HTTP/HTTPS
|
|
#proxy: http://127.0.0.1:3128
|
|
|
|
proxyBypassHosts:
|
|
- api.deepl.com
|
|
- api-free.deepl.com
|
|
- www.recaptcha.net
|
|
- hcaptcha.com
|
|
- challenges.cloudflare.com
|
|
|
|
# Proxy for SMTP/SMTPS
|
|
#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT
|
|
#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
|
|
#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
|
|
|
|
# Media Proxy
|
|
# Reference Implementation: https://github.com/misskey-dev/media-proxy
|
|
# * Deliver a common cache between instances
|
|
# * Perform image compression (on a different server resource than the main process)
|
|
#mediaProxy: https://example.com/proxy
|
|
|
|
# Proxy remote files (default: true)
|
|
# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
|
|
proxyRemoteFiles: true
|
|
|
|
# Movie Thumbnail Generation URL
|
|
# There is no reference implementation.
|
|
# For example, Misskey will point to the following URL:
|
|
# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
|
|
#videoThumbnailGenerator: https://example.com
|
|
|
|
# Sign to ActivityPub GET request (default: true)
|
|
signToActivityPubGet: true
|
|
|
|
# For security reasons, uploading attachments from the intranet is prohibited,
|
|
# but exceptions can be made from the following settings. Default value is "undefined".
|
|
# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
|
|
#allowedPrivateNetworks: [
|
|
# '127.0.0.1/32'
|
|
#]
|
|
|
|
# Upload or download file size limits (bytes)
|
|
#maxFileSize: 262144000
|
|
|
|
# PID File of master process
|
|
#pidFile: /tmp/misskey.pid
|