1 | ;
|
2 |
|
3 | module.exports = {
|
4 | // ## Server settings
|
5 |
|
6 | // ### `public`
|
7 | //
|
8 | // When set to `true`, The Lounge starts in public mode. When set to `false`,
|
9 | // it starts in private mode.
|
10 | //
|
11 | // - A **public server** does not require authentication. Anyone can connect
|
12 | // to IRC networks in this mode. All IRC connections and channel
|
13 | // scrollbacks are lost when a user leaves the client.
|
14 | // - A **private server** requires users to log in. Their IRC connections are
|
15 | // kept even when they are not using or logged in to the client. All joined
|
16 | // channels and scrollbacks are available when they come back.
|
17 | //
|
18 | // This value is set to `false` by default.
|
19 | public: false,
|
20 |
|
21 | // ### `host`
|
22 | //
|
23 | // IP address or hostname for the web server to listen to. For example, set it
|
24 | // to `"127.0.0.1"` to accept connections from localhost only.
|
25 | //
|
26 | // For UNIX domain sockets, use `"unix:/absolute/path/to/file.sock"`.
|
27 | //
|
28 | // This value is set to `undefined` by default to listen on all interfaces.
|
29 | host: undefined,
|
30 |
|
31 | // ### `port`
|
32 | //
|
33 | // Set the port to listen to.
|
34 | //
|
35 | // This value is set to `9000` by default.
|
36 | port: 9000,
|
37 |
|
38 | // ### `bind`
|
39 | //
|
40 | // Set the local IP to bind to for outgoing connections.
|
41 | //
|
42 | // This value is set to `undefined` by default to let the operating system
|
43 | // pick its preferred one.
|
44 | bind: undefined,
|
45 |
|
46 | // ### `reverseProxy`
|
47 | //
|
48 | // When set to `true`, The Lounge is marked as served behind a reverse proxy
|
49 | // and will honor the `X-Forwarded-For` header.
|
50 | //
|
51 | // This value is set to `false` by default.
|
52 | reverseProxy: false,
|
53 |
|
54 | // ### `maxHistory`
|
55 | //
|
56 | // Defines the maximum number of history lines that will be kept in memory per
|
57 | // channel/query, in order to reduce the memory usage of the server. Setting
|
58 | // this to `-1` will keep unlimited amount.
|
59 | //
|
60 | // This value is set to `10000` by default.
|
61 | maxHistory: 10000,
|
62 |
|
63 | // ### `https`
|
64 | //
|
65 | // These settings are used to run The Lounge's web server using encrypted TLS.
|
66 | //
|
67 | // If you want more control over the webserver,
|
68 | // [use a reverse proxy instead](https://thelounge.chat/docs/guides/reverse-proxies).
|
69 | //
|
70 | // The available keys for the `https` object are:
|
71 | //
|
72 | // - `enable`: when set to `false`, HTTPS support is disabled
|
73 | // and all other values are ignored.
|
74 | // - `key`: Path to the private key file.
|
75 | // - `certificate`: Path to the certificate.
|
76 | // - `ca`: Path to the CA bundle.
|
77 | //
|
78 | // The value of `enable` is set to `false` to disable HTTPS by default, in
|
79 | // which case the other two string settings are ignored.
|
80 | https: {
|
81 | enable: false,
|
82 | key: "",
|
83 | certificate: "",
|
84 | ca: "",
|
85 | },
|
86 |
|
87 | // ## Client settings
|
88 |
|
89 | // ### `theme`
|
90 | //
|
91 | // Set the default theme to serve to new users. They will be able to select a
|
92 | // different one in their client settings among those available.
|
93 | //
|
94 | // The Lounge ships with two themes (`default` and `morning`) and can be
|
95 | // extended by installing more themes. Read more about how to manage them
|
96 | // [here](https://thelounge.chat/docs/guides/theme-creation).
|
97 | //
|
98 | // This value needs to be the package name and not the display name. For
|
99 | // example, the value for Morning would be `morning`, and the value for
|
100 | // Solarized would be `thelounge-theme-solarized`.
|
101 | //
|
102 | // This value is set to `"default"` by default.
|
103 | theme: "default",
|
104 |
|
105 | // ### `prefetch`
|
106 | //
|
107 | // When set to `true`, The Lounge will load thumbnails and site descriptions
|
108 | // from URLs posted in channels and private messages.
|
109 | //
|
110 | // This value is set to `false` by default.
|
111 | prefetch: false,
|
112 |
|
113 | // ### `prefetchStorage`
|
114 |
|
115 | // When set to `true`, The Lounge will store and proxy prefetched images and
|
116 | // thumbnails on the filesystem rather than directly display the content at
|
117 | // the original URLs.
|
118 | //
|
119 | // This improves security and privacy by not exposing the client IP address,
|
120 | // always loading images from The Lounge and making all assets secure, which
|
121 | // resolves mixed content warnings.
|
122 | //
|
123 | // If storage is enabled, The Lounge will fetch and store images and thumbnails
|
124 | // in the `${THELOUNGE_HOME}/storage` folder.
|
125 | //
|
126 | // Images are deleted when they are no longer referenced by any message
|
127 | // (controlled by `maxHistory`), and the folder is cleaned up when The Lounge
|
128 | // restarts.
|
129 | //
|
130 | // This value is set to `false` by default.
|
131 | prefetchStorage: false,
|
132 |
|
133 | // ### `prefetchMaxImageSize`
|
134 | //
|
135 | // When `prefetch` is enabled, images will only be displayed if their file
|
136 | // size does not exceed this limit.
|
137 | //
|
138 | // This value is set to `2048` kilobytes by default.
|
139 | prefetchMaxImageSize: 2048,
|
140 |
|
141 | // ### `fileUpload`
|
142 | //
|
143 | // Allow uploading files to the server hosting The Lounge.
|
144 | //
|
145 | // Files are stored in the `${THELOUNGE_HOME}/uploads` folder, do not expire,
|
146 | // and are not removed by The Lounge. This may cause issues depending on your
|
147 | // hardware, for example in terms of disk usage.
|
148 | //
|
149 | // The available keys for the `fileUpload` object are:
|
150 | //
|
151 | // - `enable`: When set to `true`, files can be uploaded on the client with a
|
152 | // drag-and-drop or using the upload dialog.
|
153 | // - `maxFileSize`: When file upload is enabled, users sending files above
|
154 | // this limit will be prompted with an error message in their browser. A value of
|
155 | // `-1` disables the file size limit and allows files of any size. **Use at
|
156 | // your own risk.** This value is set to `10240` kilobytes by default.
|
157 | // - `baseUrl`: If you want change the URL where uploaded files are accessed,
|
158 | // you can set this option to `"https://example.com/folder/"` and the final URL
|
159 | // would look like `"https://example.com/folder/aabbccddeeff1234/name.png"`.
|
160 | // If you use this option, you must have a reverse proxy configured,
|
161 | // to correctly proxy the uploads URLs back to The Lounge.
|
162 | // This value is set to `null` by default.
|
163 | fileUpload: {
|
164 | enable: false,
|
165 | maxFileSize: 10240,
|
166 | baseUrl: null,
|
167 | },
|
168 |
|
169 | // ### `transports`
|
170 | //
|
171 | // Set `socket.io` transports.
|
172 | //
|
173 | // This value is set to `["polling", "websocket"]` by default.
|
174 | transports: ["polling", "websocket"],
|
175 |
|
176 | // ### `leaveMessage`
|
177 | //
|
178 | // Set users' default `quit` and `part` messages if they are not providing
|
179 | // one.
|
180 | //
|
181 | // This value is set to `"The Lounge - https://thelounge.chat"` by
|
182 | // default.
|
183 | leaveMessage: "The Lounge - https://thelounge.chat",
|
184 |
|
185 | // ## Default network
|
186 |
|
187 | // ### `defaults`
|
188 | //
|
189 | // Specifies default network information that will be used as placeholder
|
190 | // values in the *Connect* window.
|
191 | //
|
192 | // The available keys for the `defaults` object are:
|
193 | //
|
194 | // - `name`: Name to display in the channel list of The Lounge. This value is
|
195 | // not forwarded to the IRC network.
|
196 | // - `host`: IP address or hostname of the IRC server.
|
197 | // - `port`: Usually 6667 for unencrypted connections and 6697 for
|
198 | // connections encrypted with TLS.
|
199 | // - `password`: Connection password. If the server supports SASL capability,
|
200 | // then this password will be used in SASL authentication.
|
201 | // - `tls`: Enable TLS connections
|
202 | // - `rejectUnauthorized`: Whether the server certificate should be verified
|
203 | // against the list of supplied Certificate Authorities (CAs) by your
|
204 | // Node.js installation.
|
205 | // - `nick`: Nick name. Percent signs (`%`) will be replaced by random
|
206 | // numbers from 0 to 9. For example, `Guest%%%` may become `Guest123`.
|
207 | // - `username`: User name.
|
208 | // - `realname`: Real name.
|
209 | // - `join`: Comma-separated list of channels to auto-join once connected.
|
210 | //
|
211 | // This value is set to connect to the official channel of The Lounge on
|
212 | // Freenode by default:
|
213 | //
|
214 | // ```js
|
215 | // defaults: {
|
216 | // name: "Freenode",
|
217 | // host: "chat.freenode.net",
|
218 | // port: 6697,
|
219 | // password: "",
|
220 | // tls: true,
|
221 | // rejectUnauthorized: true,
|
222 | // nick: "thelounge%%",
|
223 | // username: "thelounge",
|
224 | // realname: "The Lounge User",
|
225 | // join: "#thelounge"
|
226 | // }
|
227 | // ```
|
228 | defaults: {
|
229 | name: "Freenode",
|
230 | host: "chat.freenode.net",
|
231 | port: 6697,
|
232 | password: "",
|
233 | tls: true,
|
234 | rejectUnauthorized: true,
|
235 | nick: "thelounge%%",
|
236 | username: "thelounge",
|
237 | realname: "The Lounge User",
|
238 | join: "#thelounge",
|
239 | },
|
240 |
|
241 | // ### `displayNetwork`
|
242 | //
|
243 | // When set to `false`, network fields will not be shown in the "Connect"
|
244 | // window.
|
245 | //
|
246 | // Note that even though users cannot access and set these fields, they can
|
247 | // still connect to other networks using the `/connect` command. See the
|
248 | // `lockNetwork` setting to restrict users from connecting to other networks.
|
249 | //
|
250 | // This value is set to `true` by default.
|
251 | displayNetwork: true,
|
252 |
|
253 | // ### `lockNetwork`
|
254 | //
|
255 | // When set to `true`, users will not be able to modify host, port and TLS
|
256 | // settings and will be limited to the configured network.
|
257 | //
|
258 | // It is often useful to use it with `displayNetwork` when setting The
|
259 | // Lounge as a public web client for a specific IRC network.
|
260 | //
|
261 | // This value is set to `false` by default.
|
262 | lockNetwork: false,
|
263 |
|
264 | // ## User management
|
265 |
|
266 | // ### `messageStorage`
|
267 |
|
268 | // The Lounge can log user messages, for example to access them later or to
|
269 | // reload messages on server restart.
|
270 |
|
271 | // Set this array with one or multiple values to enable logging:
|
272 | // - `text`: Messages per network and channel will be stored as text files.
|
273 | // **Messages will not be reloaded on restart.**
|
274 | // - `sqlite`: Messages are stored in SQLite database files, one per user.
|
275 | //
|
276 | // Logging can be disabled globally by setting this value to an empty array
|
277 | // `[]`. Logging is also controlled per user individually in the `log` key of
|
278 | // their JSON configuration file.
|
279 | //
|
280 | // This value is set to `["sqlite", "text"]` by default.
|
281 | messageStorage: ["sqlite", "text"],
|
282 |
|
283 | // ### `useHexIp`
|
284 | //
|
285 | // When set to `true`, users' IP addresses will be encoded as hex.
|
286 | //
|
287 | // This is done to share the real user IP address with the server for host
|
288 | // masking purposes. This is encoded in the `username` field and only supports
|
289 | // IPv4.
|
290 | //
|
291 | // This value is set to `false` by default.
|
292 | useHexIp: false,
|
293 |
|
294 | // ## WEBIRC support
|
295 | //
|
296 | // When enabled, The Lounge will pass the connecting user's host and IP to the
|
297 | // IRC server. Note that this requires to obtain a password from the IRC
|
298 | // network that The Lounge will be connecting to and generally involves a lot
|
299 | // of trust from the network you are connecting to.
|
300 | //
|
301 | // There are 2 ways to configure the `webirc` setting:
|
302 | //
|
303 | // - **Basic**: an object where keys are IRC hosts and values are passwords.
|
304 | // For example:
|
305 | //
|
306 | // ```json
|
307 | // webirc: {
|
308 | // "irc.example.net": "thisiswebircpassword1",
|
309 | // "irc.example.org": "thisiswebircpassword2",
|
310 | // },
|
311 | // ```
|
312 | //
|
313 | // - **Advanced**: an object where keys are IRC hosts and values are functions
|
314 | // that take two arguments (`webircObj`, `network`) and return an
|
315 | // object to be directly passed to `irc-framework`. `webircObj` contains the
|
316 | // generated object which you can modify. For example:
|
317 | //
|
318 | // ```js
|
319 | // webirc: {
|
320 | // "irc.example.com": (webircObj, network) => {
|
321 | // webircObj.password = "thisiswebircpassword";
|
322 | // webircObj.hostname = `webirc/${webircObj.hostname}`;
|
323 | // return webircObj;
|
324 | // },
|
325 | // },
|
326 | // ```
|
327 | //
|
328 | // This value is set to `null` to disable WEBIRC by default.
|
329 | webirc: null,
|
330 |
|
331 | // ## identd and oidentd support
|
332 |
|
333 | // ### `identd`
|
334 | //
|
335 | // Run The Lounge with `identd` support.
|
336 | //
|
337 | // The available keys for the `identd` object are:
|
338 | //
|
339 | // - `enable`: When `true`, the identd daemon runs on server start.
|
340 | // - `port`: Port to listen for ident requests.
|
341 | //
|
342 | // The value of `enable` is set to `false` to disable `identd` support by
|
343 | // default, in which case the value of `port` is ignored. The default value of
|
344 | // `port` is 113.
|
345 | identd: {
|
346 | enable: false,
|
347 | port: 113,
|
348 | },
|
349 |
|
350 | // ### `oidentd`
|
351 | //
|
352 | // When this setting is a string, this enables `oidentd` support using the
|
353 | // configuration file located at the given path.
|
354 | //
|
355 | // This is set to `null` by default to disable `oidentd` support.
|
356 | oidentd: null,
|
357 |
|
358 | // ## LDAP support
|
359 |
|
360 | // These settings enable and configure LDAP authentication.
|
361 | //
|
362 | // They are only being used in private mode. To know more about private mode,
|
363 | // see the `public` setting above.
|
364 |
|
365 | //
|
366 | // The authentication process works as follows:
|
367 | //
|
368 | // 1. The Lounge connects to the LDAP server with its system credentials.
|
369 | // 2. It performs an LDAP search query to find the full DN associated to the
|
370 | // user requesting to log in.
|
371 | // 3. The Lounge tries to connect a second time, but this time using the
|
372 | // user's DN and password. Authentication is validated if and only if this
|
373 | // connection is successful.
|
374 | //
|
375 | // The search query takes a couple of parameters in `searchDN`:
|
376 | //
|
377 | // - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
378 | // be returned;
|
379 | // - a search scope `searchDN/scope` (see LDAP documentation);
|
380 | // - the query itself, built as `(&(<primaryKey>=<username>) <filter>)`
|
381 | // where `<username>` is the user name provided in the log in request,
|
382 | // `<primaryKey>` is provided by the config and `<filter>` is a filtering
|
383 | // complement also given in the config, to filter for instance only for
|
384 | // nodes of type `inetOrgPerson`, or whatever LDAP search allows.
|
385 | //
|
386 | // Alternatively, you can specify the `bindDN` parameter. This will make The
|
387 | // Lounge ignore `searchDN` options and assume that the user DN is always
|
388 | // `<bindDN>,<primaryKey>=<username>`, where `<username>` is the user name
|
389 | // provided in the log in request, and `<bindDN>` and `<primaryKey>` are
|
390 | // provided by the configuration.
|
391 | //
|
392 | // The available keys for the `ldap` object are:
|
393 | ldap: {
|
394 | // - `enable`: when set to `false`, LDAP support is disabled and all other
|
395 | // values are ignored.
|
396 | enable: false,
|
397 |
|
398 | // - `url`: A url of the form `ldaps://<ip>:<port>`.
|
399 | // For plain connections, use the `ldap` scheme.
|
400 | url: "ldaps://example.com",
|
401 |
|
402 | // - `tlsOptions`: LDAP connection TLS options (only used if scheme is
|
403 | // `ldaps://`). It is an object whose values are Node.js' `tls.connect()`
|
404 | // options. It is set to `{}` by default.
|
405 | // For example, this option can be used in order to force the use of IPv6:
|
406 | // ```js
|
407 | // {
|
408 | // host: 'my::ip::v6',
|
409 | // servername: 'example.com'
|
410 | // }
|
411 | // ```
|
412 | tlsOptions: {},
|
413 |
|
414 | // - `primaryKey`: LDAP primary key. It is set to `"uid"` by default.
|
415 | primaryKey: "uid",
|
416 |
|
417 | // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it
|
418 | // to `"ou=accounts,dc=example,dc=com"`.
|
419 | // When unset, the LDAP auth logic with use `searchDN` instead to locate users.
|
420 |
|
421 | // - `searchDN`: LDAP search DN settings. This defines the procedure by
|
422 | // which The Lounge first looks for the user DN before authenticating them.
|
423 | // It is ignored if `baseDN` is specified. It is an object with the
|
424 | // following keys:
|
425 | searchDN: {
|
426 | // - `rootDN`: This bind DN is used to query the server for the DN of
|
427 | // the user. This is supposed to be a system user that has access in
|
428 | // read-only to the DNs of the people that are allowed to log in.
|
429 | // It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by
|
430 | // default.
|
431 | rootDN: "cn=thelounge,ou=system-users,dc=example,dc=com",
|
432 |
|
433 | // - `rootPassword`: Password of The Lounge LDAP system user.
|
434 | rootPassword: "1234",
|
435 |
|
436 | // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"`
|
437 | // by default.
|
438 | filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)",
|
439 |
|
440 | // - `base`: LDAP search base (search only within this node). It is set
|
441 | // to `"dc=example,dc=com"` by default.
|
442 | base: "dc=example,dc=com",
|
443 |
|
444 | // - `scope`: LDAP search scope. It is set to `"sub"` by default.
|
445 | scope: "sub",
|
446 | },
|
447 | },
|
448 |
|
449 | // ## Debugging settings
|
450 |
|
451 | // The `debug` object contains several settings to enable debugging in The
|
452 | // Lounge. Use them to learn more about an issue you are noticing but be aware
|
453 | // this may produce more logging or may affect connection performance so it is
|
454 | // not recommended to use them by default.
|
455 | //
|
456 | // All values in the `debug` object are set to `false`.
|
457 | debug: {
|
458 | // ### `debug.ircFramework`
|
459 | //
|
460 | // When set to true, this enables extra debugging output provided by
|
461 | // [`irc-framework`](https://github.com/kiwiirc/irc-framework), the
|
462 | // underlying IRC library for Node.js used by The Lounge.
|
463 | ircFramework: false,
|
464 |
|
465 | // ### `debug.raw`
|
466 | //
|
467 | // When set to `true`, this enables logging of raw IRC messages into each
|
468 | // server window, displayed on the client.
|
469 | raw: false,
|
470 | },
|
471 | };
|