1
0

production.rb 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. Rails.application.configure do
  2. # Settings specified here will take precedence over those in config/application.rb.
  3. # Code is not reloaded between requests.
  4. config.cache_classes = true
  5. # Eager load code on boot. This eager loads most of Rails and
  6. # your application in memory, allowing both threaded web servers
  7. # and those relying on copy on write to perform better.
  8. # Rake tasks automatically ignore this option for performance.
  9. config.eager_load = true
  10. # Full error reports are disabled and caching is turned on.
  11. config.consider_all_requests_local = false
  12. config.action_controller.perform_caching = true
  13. config.action_controller.asset_host = ENV['CDN_HOST'] if ENV['CDN_HOST'].present?
  14. # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
  15. # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
  16. # config.require_master_key = true
  17. ActiveSupport::Logger.new(STDOUT).tap do |logger|
  18. logger.formatter = config.log_formatter
  19. config.logger = ActiveSupport::TaggedLogging.new(logger)
  20. end
  21. # Do not fallback to assets pipeline if a precompiled asset is missed.
  22. config.assets.compile = false
  23. # Specifies the header that your server uses for sending files.
  24. config.action_dispatch.x_sendfile_header = ENV['SENDFILE_HEADER'] if ENV['SENDFILE_HEADER'].present?
  25. # Allow to specify public IP of reverse proxy if it's needed
  26. config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split(/(?:\s*,\s*|\s+)/).map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present?
  27. config.force_ssl = true
  28. config.ssl_options = {
  29. redirect: {
  30. exclude: -> request { request.path.start_with?('/health') || request.headers["Host"].end_with?('.onion') || request.headers["Host"].end_with?('.i2p') }
  31. }
  32. }
  33. # Use the lowest log level to ensure availability of diagnostic information
  34. # when problems arise.
  35. config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym
  36. # Prepend all log lines with the following tags.
  37. config.log_tags = [:request_id]
  38. # Use a different cache store in production.
  39. config.cache_store = :redis_cache_store, REDIS_CACHE_PARAMS
  40. # Ignore bad email addresses and do not raise email delivery errors.
  41. # Set this to true and configure the email server for immediate delivery to raise delivery errors.
  42. # config.action_mailer.raise_delivery_errors = false
  43. # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
  44. # English when a translation cannot be found).
  45. config.i18n.fallbacks = true
  46. # Send deprecation notices to registered listeners.
  47. config.active_support.deprecation = :notify
  48. # Use default logging formatter so that PID and timestamp are not suppressed.
  49. config.log_formatter = ::Logger::Formatter.new
  50. # Better log formatting
  51. config.lograge.enabled = true
  52. config.lograge.custom_payload do |controller|
  53. if controller.respond_to?(:signed_request?) && controller.signed_request?
  54. { key: controller.signature_key_id }
  55. end
  56. end
  57. # Do not dump schema after migrations.
  58. config.active_record.dump_schema_after_migration = false
  59. config.action_mailer.perform_caching = false
  60. # E-mails
  61. outgoing_email_address = ENV.fetch('SMTP_FROM_ADDRESS', 'notifications@localhost')
  62. outgoing_email_domain = Mail::Address.new(outgoing_email_address).domain
  63. config.action_mailer.default_options = {
  64. from: outgoing_email_address,
  65. message_id: -> { "<#{Mail.random_tag}@#{outgoing_email_domain}>" },
  66. }
  67. config.action_mailer.default_options[:reply_to] = ENV['SMTP_REPLY_TO'] if ENV['SMTP_REPLY_TO'].present?
  68. config.action_mailer.default_options[:return_path] = ENV['SMTP_RETURN_PATH'] if ENV['SMTP_RETURN_PATH'].present?
  69. enable_starttls = nil
  70. enable_starttls_auto = nil
  71. case ENV['SMTP_ENABLE_STARTTLS']
  72. when 'always'
  73. enable_starttls = true
  74. when 'never'
  75. enable_starttls = false
  76. when 'auto'
  77. enable_starttls_auto = true
  78. else
  79. enable_starttls_auto = ENV['SMTP_ENABLE_STARTTLS_AUTO'] != 'false'
  80. end
  81. config.action_mailer.smtp_settings = {
  82. port: ENV['SMTP_PORT'],
  83. address: ENV['SMTP_SERVER'],
  84. user_name: ENV['SMTP_LOGIN'].presence,
  85. password: ENV['SMTP_PASSWORD'].presence,
  86. domain: ENV['SMTP_DOMAIN'] || ENV['LOCAL_DOMAIN'],
  87. authentication: ENV['SMTP_AUTH_METHOD'] == 'none' ? nil : ENV['SMTP_AUTH_METHOD'] || :plain,
  88. ca_file: ENV['SMTP_CA_FILE'].presence || '/etc/ssl/certs/ca-certificates.crt',
  89. openssl_verify_mode: ENV['SMTP_OPENSSL_VERIFY_MODE'],
  90. enable_starttls: enable_starttls,
  91. enable_starttls_auto: enable_starttls_auto,
  92. tls: ENV['SMTP_TLS'].presence && ENV['SMTP_TLS'] == 'true',
  93. ssl: ENV['SMTP_SSL'].presence && ENV['SMTP_SSL'] == 'true',
  94. read_timeout: 20,
  95. }
  96. config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
  97. config.action_dispatch.default_headers = {
  98. 'Server' => 'Mastodon',
  99. 'X-Frame-Options' => 'DENY',
  100. 'X-Content-Type-Options' => 'nosniff',
  101. 'X-XSS-Protection' => '0',
  102. 'Permissions-Policy' => 'interest-cohort=()',
  103. 'Referrer-Policy' => 'same-origin',
  104. }
  105. config.x.otp_secret = ENV.fetch('OTP_SECRET')
  106. end