[github/shaarli/Shaarli.git] / doc / md / Shaarli-configuration.md

## Foreword

**Do not edit configuration options in index.php! Your changes would be lost.** 

Once your Shaarli instance is installed, the file `data/config.json.php` is generated:
* it contains all settings in JSON format, and can be edited to customize values
* it defines which [plugins](Plugin-System) are enabled[](.html)
* its values override those defined in `index.php`
* it is wrap in a PHP comment to prevent anyone accessing it, regardless of server configuration

## File and directory permissions

The server process running Shaarli must have:

- `read` access to the following resources:
    - PHP scripts: `index.php`, `application/*.php`, `plugins/*.php`
    - 3rd party PHP and Javascript libraries: `inc/*.php`, `inc/*.js`
    - static assets:
        - CSS stylesheets: `inc/*.css`
        - `images/*`
    - RainTPL templates: `tpl/*.html`
- `read`, `write` and `execution` access to the following directories:
    - `cache` - thumbnail cache
    - `data` - link data store, configuration options
    - `pagecache` - Atom/RSS feed cache
    - `tmp` - RainTPL page cache

On a Linux distribution:

- the web server user will likely be `www` or `http` (for Apache2)
- it will be a member of a group of the same name: `www:www`, `http:http`
- to give it access to Shaarli, either:
    - unzip Shaarli in the default web server location (usually `/var/www/`) and set the web server user as the owner
    - put users in the same group as the web server, and set the appropriate access rights
- if you have a domain / subdomain to serve Shaarli, [configure the server](Server-configuration) accordingly[](.html)

## Configuration

In `data/config.json.php`.

See also [Plugin System](Plugin-System.html).

### Credentials
 
_These settings should not be edited_

- **login**: Login username.  
- **hash**: Generated password hash.  
- **salt**: Password salt.

### General

- **title**: Shaarli's instance title.  
- **header_link**: Link to the homepage.  
- **links_per_page**: Number of shaares displayed per page.  
- **timezone**: See [the list of supported timezones](http://php.net/manual/en/timezones.php).  
- **enabled_plugins**: List of enabled plugins.

### Security

- **session_protection_disabled**: Disable session cookie hijacking protection (not recommended). 
  It might be useful if your IP adress often changes.  
- **ban_after**: Failed login attempts before being IP banned.  
- **ban_duration**: IP ban duration in seconds.  
- **open_shaarli**: Anyone can add a new link while logged out if enabled.  
- **trusted_proxies**: List of trusted IP which won't be banned after failed login attemps. Useful if Shaarli is behind a reverse proxy.  
- **allowed_protocols**: List of allowed protocols in shaare URLs or markdown-rendered descriptions. Useful if you want to store `javascript:` links (bookmarklets) in Shaarli (default: `["ftp", "ftps", "magnet"]`).

### Resources

- **data_dir**: Data directory.  
- **datastore**: Shaarli's links database file path.  
- **history**: Shaarli's operation history file path.
- **updates**: File path for the ran updates file.  
- **log**: Log file path.  
- **update_check**: Last update check file path.  
- **raintpl_tpl**: Templates directory.  
- **raintpl_tmp**: Template engine cache directory.  
- **thumbnails_cache**: Thumbnails cache directory.  
- **page_cache**: Shaarli's internal cache directory.  
- **ban_file**: Banned IP file path.

### Updates

- **check_updates**: Enable or disable update check to the git repository.  
- **check_updates_branch**: Git branch used to check updates (e.g. `stable` or `master`).  
- **check_updates_interval**: Look for new version every N seconds (default: every day).

### Privacy

- **default_private_links**: Check the private checkbox by default for every new link.  
- **hide_public_links**: All links are hidden while logged out.  
- **force_login**: if **hide_public_links** and this are set to `true`, all anonymous users are redirected to the login page.
- **hide_timestamps**: Timestamps are hidden.
- **remember_user_default**: Default state of the login page's *remember me* checkbox
    - `true`: checked by default, `false`: unchecked by default

### Feed

- **rss_permalinks**: Enable this to redirect RSS links to Shaarli's permalinks instead of shaared URL.  
- **show_atom**: Display ATOM feed button.

### Thumbnail

- **enable_thumbnails**: Enable or disable thumbnail display.  
- **enable_localcache**: Enable or disable local cache.

### Redirector

- **url**: Redirector URL, such as `anonym.to`.  
- **encode_url**: Enable this if the redirector needs encoded URL to work properly.

## Configuration file example

```json
<?php /*
{
    "credentials": {
        "login": "<login>",
        "hash": "<password hash>",
        "salt": "<password salt>"
    },
    "security": {
        "ban_after": 4,
        "session_protection_disabled": false,
        "ban_duration": 1800,
        "trusted_proxies": [
            "1.2.3.4",
            "5.6.7.8"
        ],
        "allowed_protocols": [
            "ftp",
            "ftps",
            "magnet"
        ]
    },
    "resources": {
        "data_dir": "data",
        "config": "data\/config.php",
        "datastore": "data\/datastore.php",
        "ban_file": "data\/ipbans.php",
        "updates": "data\/updates.txt",
        "log": "data\/log.txt",
        "update_check": "data\/lastupdatecheck.txt",
        "raintpl_tmp": "tmp\/",
        "raintpl_tpl": "tpl\/",
        "thumbnails_cache": "cache",
        "page_cache": "pagecache"
    },
    "general": {
        "check_updates": true,
        "rss_permalinks": true,
        "links_per_page": 20,
        "default_private_links": true,
        "enable_thumbnails": true,
        "enable_localcache": true,
        "check_updates_branch": "stable",
        "check_updates_interval": 86400,
        "enabled_plugins": [
            "markdown",
            "wallabag",
            "archiveorg"
        ],
        "timezone": "Europe\/Paris",
        "title": "My Shaarli",
        "header_link": "?"
    },
    "extras": {
        "show_atom": false,
        "hide_public_links": false,
        "hide_timestamps": false,
        "open_shaarli": false,
        "redirector": "http://anonym.to/?",
        "redirector_encode_url": false
    },
    "general": {
        "header_link": "?",
        "links_per_page": 20,
        "enabled_plugins": [
            "markdown",
            "wallabag"
        ],
        "timezone": "Europe\/Paris",
        "title": "My Shaarli"
    },
    "updates": {
        "check_updates": true,
        "check_updates_branch": "stable",
        "check_updates_interval": 86400
    },
    "feed": {
        "rss_permalinks": true,
        "show_atom": false
    },
    "privacy": {
        "default_private_links": true,
        "hide_public_links": false,
        "force_login": false,
        "hide_timestamps": false,
        "remember_user_default": true
    },
    "thumbnail": {
        "enable_thumbnails": true,
        "enable_localcache": true
    },
    "redirector": {
        "url": "http://anonym.to/?",
        "encode_url": false
    },
    "plugins": {
        "WALLABAG_URL": "http://demo.wallabag.org",
        "WALLABAG_VERSION": "1"
    }
} ?>
```

## Additional configuration

The `playvideos` plugin may require that you adapt your server's 
[Content Security Policy](https://github.com/shaarli/Shaarli/blob/master/plugins/playvideos/README.md#troubleshooting) 
configuration to work properly.
Commit	Line	Data
992af0b9 V	1	## Foreword
	2
	3	Do not edit configuration options in index.php! Your changes would be lost.
	4
fdf88d19 A	5	Once your Shaarli instance is installed, the file `data/config.json.php` is generated:
fdf88d19 A	6	* it contains all settings in JSON format, and can be edited to customize values
53ed6d7d	7	* it defines which [plugins](Plugin-System) are enabled[](.html)
992af0b9	8	* its values override those defined in `index.php`
fdf88d19	9	* it is wrap in a PHP comment to prevent anyone accessing it, regardless of server configuration
992af0b9 V	10
992af0b9 V	11	## File and directory permissions
fdf88d19	12
992af0b9	13	The server process running Shaarli must have:
6d074b4c	14
992af0b9	15	- `read` access to the following resources:
5409ade2 A	16	- PHP scripts: `index.php`, `application/.php`, `plugins/.php`
5409ade2 A	17	- 3rd party PHP and Javascript libraries: `inc/.php`, `inc/.js`
992af0b9	18	- static assets:
5409ade2 A	19	- CSS stylesheets: `inc/*.css`
	20	- `images/*`
	21	- RainTPL templates: `tpl/*.html`
992af0b9 V	22	- `read`, `write` and `execution` access to the following directories:
	23	- `cache` - thumbnail cache
	24	- `data` - link data store, configuration options
	25	- `pagecache` - Atom/RSS feed cache
	26	- `tmp` - RainTPL page cache
	27
	28	On a Linux distribution:
6d074b4c	29
992af0b9 V	30	- the web server user will likely be `www` or `http` (for Apache2)
	31	- it will be a member of a group of the same name: `www:www`, `http:http`
	32	- to give it access to Shaarli, either:
	33	- unzip Shaarli in the default web server location (usually `/var/www/`) and set the web server user as the owner
	34	- put users in the same group as the web server, and set the appropriate access rights
53ed6d7d	35	- if you have a domain / subdomain to serve Shaarli, [configure the server](Server-configuration) accordingly[](.html)
fdf88d19 A	36
	37	## Configuration
	38
	39	In `data/config.json.php`.
	40
53ed6d7d	41	See also [Plugin System](Plugin-System.html).
fdf88d19 A	42
	43	### Credentials
	44
43ad7c8e	45	_These settings should not be edited_
fdf88d19	46
43ad7c8e V	47	- login: Login username.
	48	- hash: Generated password hash.
	49	- salt: Password salt.
fdf88d19 A	50
	51	### General
	52
43ad7c8e V	53	- title: Shaarli's instance title.
	54	- header_link: Link to the homepage.
	55	- links_per_page: Number of shaares displayed per page.
	56	- timezone: See [the list of supported timezones](http://php.net/manual/en/timezones.php).
	57	- enabled_plugins: List of enabled plugins.
fdf88d19 A	58
	59	### Security
	60
43ad7c8e V	61	- session_protection_disabled: Disable session cookie hijacking protection (not recommended).
	62	It might be useful if your IP adress often changes.
	63	- ban_after: Failed login attempts before being IP banned.
	64	- ban_duration: IP ban duration in seconds.
	65	- open_shaarli: Anyone can add a new link while logged out if enabled.
	66	- trusted_proxies: List of trusted IP which won't be banned after failed login attemps. Useful if Shaarli is behind a reverse proxy.
	67	- allowed_protocols: List of allowed protocols in shaare URLs or markdown-rendered descriptions. Useful if you want to store `javascript:` links (bookmarklets) in Shaarli (default: `["ftp", "ftps", "magnet"]`).
fdf88d19 A	68
	69	### Resources
	70
43ad7c8e V	71	- data_dir: Data directory.
	72	- datastore: Shaarli's links database file path.
	73	- history: Shaarli's operation history file path.
	74	- updates: File path for the ran updates file.
	75	- log: Log file path.
	76	- update_check: Last update check file path.
	77	- raintpl_tpl: Templates directory.
	78	- raintpl_tmp: Template engine cache directory.
	79	- thumbnails_cache: Thumbnails cache directory.
	80	- page_cache: Shaarli's internal cache directory.
	81	- ban_file: Banned IP file path.
fdf88d19 A	82
	83	### Updates
	84
43ad7c8e V	85	- check_updates: Enable or disable update check to the git repository.
	86	- check_updates_branch: Git branch used to check updates (e.g. `stable` or `master`).
	87	- check_updates_interval: Look for new version every N seconds (default: every day).
fdf88d19 A	88
	89	### Privacy
	90
43ad7c8e V	91	- default_private_links: Check the private checkbox by default for every new link.
43ad7c8e V	92	- hide_public_links: All links are hidden while logged out.
27e21231	93	- force_login: if hide_public_links and this are set to `true`, all anonymous users are redirected to the login page.
43ad7c8e	94	- hide_timestamps: Timestamps are hidden.
2e07e775 WE	95	- remember_user_default: Default state of the login page's remember me checkbox
2e07e775 WE	96	- `true`: checked by default, `false`: unchecked by default
fdf88d19 A	97
	98	### Feed
	99
43ad7c8e V	100	- rss_permalinks: Enable this to redirect RSS links to Shaarli's permalinks instead of shaared URL.
43ad7c8e V	101	- show_atom: Display ATOM feed button.
fdf88d19 A	102
	103	### Thumbnail
	104
43ad7c8e V	105	- enable_thumbnails: Enable or disable thumbnail display.
43ad7c8e V	106	- enable_localcache: Enable or disable local cache.
fdf88d19 A	107
	108	### Redirector
	109
43ad7c8e V	110	- url: Redirector URL, such as `anonym.to`.
43ad7c8e V	111	- encode_url: Enable this if the redirector needs encoded URL to work properly.
fdf88d19 A	112
	113	## Configuration file example
	114
	115	```json
	116	<?php /*
	117	{
	118	"credentials": {
	119	"login": "<login>",
	120	"hash": "<password hash>",
	121	"salt": "<password salt>"
	122	},
	123	"security": {
	124	"ban_after": 4,
	125	"session_protection_disabled": false,
	126	"ban_duration": 1800,
53ed6d7d	127	"trusted_proxies": [
fdf88d19 A	128	"1.2.3.4",
fdf88d19 A	129	"5.6.7.8"
53ed6d7d	130	],
	131	"allowed_protocols": [
	132	"ftp",
	133	"ftps",
	134	"magnet"
fdf88d19 A	135	]
	136	},
	137	"resources": {
	138	"data_dir": "data",
	139	"config": "data\/config.php",
	140	"datastore": "data\/datastore.php",
	141	"ban_file": "data\/ipbans.php",
	142	"updates": "data\/updates.txt",
	143	"log": "data\/log.txt",
	144	"update_check": "data\/lastupdatecheck.txt",
	145	"raintpl_tmp": "tmp\/",
	146	"raintpl_tpl": "tpl\/",
	147	"thumbnails_cache": "cache",
	148	"page_cache": "pagecache"
	149	},
	150	"general": {
	151	"check_updates": true,
	152	"rss_permalinks": true,
	153	"links_per_page": 20,
	154	"default_private_links": true,
	155	"enable_thumbnails": true,
	156	"enable_localcache": true,
	157	"check_updates_branch": "stable",
	158	"check_updates_interval": 86400,
53ed6d7d	159	"enabled_plugins": [
fdf88d19 A	160	"markdown",
	161	"wallabag",
	162	"archiveorg"
	163	],
	164	"timezone": "Europe\/Paris",
	165	"title": "My Shaarli",
	166	"header_link": "?"
	167	},
	168	"extras": {
	169	"show_atom": false,
	170	"hide_public_links": false,
	171	"hide_timestamps": false,
	172	"open_shaarli": false,
	173	"redirector": "http://anonym.to/?",
	174	"redirector_encode_url": false
	175	},
	176	"general": {
	177	"header_link": "?",
	178	"links_per_page": 20,
53ed6d7d	179	"enabled_plugins": [
fdf88d19 A	180	"markdown",
	181	"wallabag"
	182	],
	183	"timezone": "Europe\/Paris",
	184	"title": "My Shaarli"
	185	},
	186	"updates": {
	187	"check_updates": true,
	188	"check_updates_branch": "stable",
	189	"check_updates_interval": 86400
	190	},
	191	"feed": {
	192	"rss_permalinks": true,
	193	"show_atom": false
	194	},
	195	"privacy": {
	196	"default_private_links": true,
	197	"hide_public_links": false,
27e21231	198	"force_login": false,
2e07e775 WE	199	"hide_timestamps": false,
2e07e775 WE	200	"remember_user_default": true
fdf88d19 A	201	},
	202	"thumbnail": {
	203	"enable_thumbnails": true,
	204	"enable_localcache": true
	205	},
	206	"redirector": {
	207	"url": "http://anonym.to/?",
	208	"encode_url": false
	209	},
	210	"plugins": {
	211	"WALLABAG_URL": "http://demo.wallabag.org",
	212	"WALLABAG_VERSION": "1"
	213	}
	214	} ?>
992af0b9	215	```
5409ade2 A	216
	217	## Additional configuration
	218
43ad7c8e	219	The `playvideos` plugin may require that you adapt your server's
53ed6d7d	220	[Content Security Policy](https://github.com/shaarli/Shaarli/blob/master/plugins/playvideos/README.md#troubleshooting)
43ad7c8e	221	configuration to work properly.
fdf88d19	222