From 88268529665a3007829b8caeae37c4ae97c7323b Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 29 Mar 2022 09:27:37 +0100 Subject: [PATCH] Provide configuration to allow camo-media proxying (#12802) * Provide configuration to allow camo-media proxying Fix #916 Signed-off-by: Andrew Thornton Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang --- doc/advanced/config-cheat-sheet.en-us.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md index d9018f98..ae40e095 100644 --- a/doc/advanced/config-cheat-sheet.en-us.md +++ b/doc/advanced/config-cheat-sheet.en-us.md @@ -513,7 +513,14 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~`` - off - do not check password complexity - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed. -- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security. +- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security. + +## Camo (`camo`) + +- `ENABLED`: **false**: Enable media proxy, we support images only at the moment. +- `SERVER_URL`: ****: url of camo server, it **is required** if camo is enabled. +- `HMAC_KEY`: ****: Provide the HMAC key for encoding urls, it **is required** if camo is enabled. +- `ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed ## OpenID (`openid`)