2023-07-07 16:17:39 +02:00
|
|
|
# HTTP Client
|
|
|
|
|
|
|
|
|
|
## Settings
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
################################
|
|
|
|
|
##### HTTP CLIENT SETTINGS #####
|
|
|
|
|
################################
|
|
|
|
|
|
|
|
|
|
# Settings for OUTGOING http client connections used by GoToSocial to make
|
|
|
|
|
# requests to remote resources (status GETs, media GETs, inbox POSTs, etc).
|
|
|
|
|
|
|
|
|
|
http-client:
|
|
|
|
|
|
|
|
|
|
# Duration. Timeout to use for outgoing HTTP requests. If the timeout
|
|
|
|
|
# is exceeded, the connection to the remote server will be dropped.
|
|
|
|
|
# A value of 0s indicates no timeout: this is not advised!
|
|
|
|
|
# Examples: ["5s", "10s", "0s"]
|
|
|
|
|
# Default: "10s"
|
|
|
|
|
timeout: "10s"
|
|
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
#### RESERVED IP RANGE EXCEPTIONS ######
|
|
|
|
|
########################################
|
|
|
|
|
#
|
|
|
|
|
# Explicitly allow or block outgoing dialing within the provided IPv4/v6 CIDR ranges.
|
|
|
|
|
#
|
|
|
|
|
# By default, as a basic security precaution, GoToSocial blocks outgoing dialing within most "special-purpose"
|
|
|
|
|
# IP ranges. However, it may be desirable for admins with more exotic setups (proxies, funky NAT, etc) to
|
|
|
|
|
# explicitly override one or more of these otherwise blocked ranges.
|
|
|
|
|
#
|
|
|
|
|
# Each of the below allow/block config options accepts an array of IPv4 and/or IPv6 CIDR strings.
|
|
|
|
|
# For example, to override the hardcoded block of IPv4 and IPv6 dialing to localhost, set:
|
|
|
|
|
#
|
|
|
|
|
# allow-ips: ["127.0.0.1/32", "::1/128"].
|
|
|
|
|
#
|
|
|
|
|
# You can also use YAML multi-line arrays to define these, but be diligent with indentation.
|
|
|
|
|
#
|
|
|
|
|
# When dialing, GoToSocial will first check if the destination falls within explicitly allowed IP ranges,
|
|
|
|
|
# then explicitly blocked IP ranges, then the default (hardcoded) blocked IP ranges, returning OK on the
|
|
|
|
|
# first allowed match, not OK on the first blocked match, or just defaulting to OK if nothing is matched.
|
|
|
|
|
#
|
|
|
|
|
# As with all security settings, it is better to start too restrictive and then ease off depending on
|
|
|
|
|
# your use case, than to start too permissive and try to close the stable door after the horse has
|
|
|
|
|
# already bolted. With this in mind:
|
|
|
|
|
# - Don't touch these settings unless you have a good reason to, and only if you know what you're doing.
|
|
|
|
|
# - When adding explicitly allowed exceptions, use the narrowest possible CIDR for your use case.
|
|
|
|
|
#
|
|
|
|
|
# For reserved / special ranges, see:
|
|
|
|
|
# - https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
|
|
|
|
|
# - https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
|
|
|
|
|
#
|
|
|
|
|
# Both allow-ips and block-ips default to an empty array.
|
|
|
|
|
allow-ips: []
|
|
|
|
|
block-ips: []
|
2023-08-01 19:50:17 +02:00
|
|
|
|
|
|
|
|
# Bool. Disable verification of TLS certificates of remote servers.
|
|
|
|
|
# With this set to 'true', GoToSocial will not error when a remote
|
|
|
|
|
# server presents an invalid or self-signed certificate.
|
|
|
|
|
#
|
|
|
|
|
# THIS SETTING SHOULD BE USED FOR TESTING ONLY! IF YOU TURN THIS
|
|
|
|
|
# ON WHILE RUNNING IN PRODUCTION YOU ARE LEAVING YOUR SERVER WIDE
|
|
|
|
|
# OPEN TO MAN IN THE MIDDLE ATTACKS! DO NOT CHANGE THIS SETTING
|
|
|
|
|
# UNLESS YOU KNOW EXACTLY WHAT YOU'RE DOING AND WHY YOU'RE DOING IT.
|
|
|
|
|
#
|
|
|
|
|
# Default: false
|
|
|
|
|
tls-insecure-skip-verify: false
|
2023-07-07 16:17:39 +02:00
|
|
|
```
|
