supernote/config-example.yaml at main · ddulic/supernote · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Supernote Server Configuration Example
#
# This file serves as a reference for configuring the Supernote Server.
# Copy this file to `config.yaml` and adjust the values as needed.
---
# Host and port to bind the server to.
host: 0.0.0.0
port: 8000

# Directory where uploaded files and databases will be stored.
storage_dir: storage

# Optional: Path to trace log file for debugging (default: storage/system/trace.log)
# trace_log_file: storage/system/trace.log

# Proxy header handling mode (optional, defaults to 'relaxed')
# - 'relaxed': Trust the immediate upstream proxy (suitable for Docker/local setups)
# - 'strict': Only trust specific proxy IPs (configured in trusted_proxies)
# Use 'strict' for production deployments behind known proxies.
proxy_mode: strict

# List of trusted proxy IPs/networks (used when proxy_mode is 'strict')
# Supports CIDR notation for network ranges.
trusted_proxies:
  - 127.0.0.1
  - ::1
  - 172.17.0.0/16 # Docker bridge network
  # Add your reverse proxy IP here, e.g.:
  # - 10.0.1.5

# Authentication settings
auth:
  # Secret key used for signing session tokens.
  # IMPORTANT: Change this to a random secure string for production use.
  # You can generate one using `openssl rand -hex 32` or similar tools.
  secret_key: "CHANGE_ME_TO_A_SECURE_RANDOM_STRING"

  # Token expiration time in hours.
  expiration_hours: 168 # 7 days

  # Whether to allow public registration.
  # If false, users must be created via the admin CLI.
  # The first user created (or added via the admin CLI) will be an admin.
  enable_registration: false

  # Whether to allow remote password reset via email.
  # When disabled, the public password reset endpoint returns 403.
  enable_remote_password_reset: false