nahakubuilder/gowebmail
1
0
Fork 0
mirror of https://github.com/ghostersk/gowebmail.git synced 2026-04-17 08:36:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b29949e042b9152af6cf5afebcec47c353f09353
gowebmail/data/gowebmail.conf.example

91 lines
3.7 KiB
Plaintext
Raw Blame History

# GoMail Configuration
# =====================
# Auto-generated and updated on each startup.
# Edit freely — your values are always preserved.
# Environment variables (or GOMAIL_<KEY>) override values here.
#
# --- Server ---
# Public hostname of this GoMail instance (no port, no protocol).
# Examples: localhost | mail.example.com | 192.168.1.10
# Used to build BASE_URL and OAuth redirect URIs automatically.
# Also used in security checks to reject requests with unexpected Host headers.
HOSTNAME = localhost
# Address and port to listen on. Format: [host]:port
# :8080 — all interfaces, port 8080
# 0.0.0.0:8080 — all interfaces (explicit)
# 127.0.0.1:8080 — localhost only
LISTEN_ADDR = :8080
# Public URL of this instance (no trailing slash). Leave blank to auto-build
# from HOSTNAME and LISTEN_ADDR port (recommended).
# Auto-build examples:
# HOSTNAME=localhost + :8080 → http://localhost:8080
# HOSTNAME=mail.example.com + :443 → https://mail.example.com
# HOSTNAME=mail.example.com + :8080 → http://mail.example.com:8080
# Override here only if you need a custom path prefix or your proxy rewrites the URL.
BASE_URL =
# Set to true when GoMail is served over HTTPS (directly or via proxy).
# Marks session cookies as Secure so browsers only send them over TLS.
SECURE_COOKIE = false
# How long a login session lasts, in seconds. Default: 604800 (7 days).
SESSION_MAX_AGE = 604800
# Comma-separated list of IP addresses or CIDR ranges of trusted reverse proxies.
# Requests from these IPs may set X-Forwarded-For and X-Forwarded-Proto headers,
# which GoMail uses to determine the real client IP and whether TLS is in use.
# Examples:
# 127.0.0.1 (loopback only — Nginx/Traefik on same host)
# 10.0.0.0/8,172.16.0.0/12 (private networks)
# 192.168.1.50,192.168.1.51 (specific IPs)
# Leave blank to disable proxy trust (requests are taken at face value).
# NOTE: Do not add untrusted IPs — clients could spoof their source address.
TRUSTED_PROXIES =
# --- Storage ---
# Path to the SQLite database file.
DB_PATH = ./data/gowebmail.db
# AES-256 key protecting all sensitive data at rest (emails, tokens, MFA secrets).
# Must be exactly 64 hex characters (= 32 bytes). Auto-generated on first run.
# NOTE: Back this up. Losing it makes the entire database permanently unreadable.
# openssl rand -hex 32
ENCRYPTION_KEY = 2cf005ce1ed023ad59da92523bc437ec70fb0d2520f977711216fbb5f356fa97
# Secret used to sign session cookies. Auto-generated on first run.
# Changing this invalidates all active sessions (everyone gets logged out).
SESSION_SECRET = c6502e203937358815053f7849e6da8c376253a4f9a38def54d750219c65660e
# --- Gmail / Google OAuth2 ---
# Create at: https://console.cloud.google.com/apis/credentials
# Application type : Web application
# Required scope : https://mail.google.com/
# Redirect URI : <BASE_URL>/auth/gmail/callback
GOOGLE_CLIENT_ID =
GOOGLE_CLIENT_SECRET =
# Override the Gmail OAuth redirect URL. Leave blank to auto-derive from BASE_URL.
# Must exactly match what is registered in Google Cloud Console.
GOOGLE_REDIRECT_URL =
# --- Outlook / Microsoft 365 OAuth2 ---
# Register at: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps
# Required API permissions : IMAP.AccessAsUser.All, SMTP.Send, offline_access, openid, email
# Redirect URI : <BASE_URL>/auth/outlook/callback
MICROSOFT_CLIENT_ID =
MICROSOFT_CLIENT_SECRET =
# Use 'common' to allow any Microsoft account,
# or your Azure tenant ID to restrict to one organisation.
MICROSOFT_TENANT_ID = common
# Override the Outlook OAuth redirect URL. Leave blank to auto-derive from BASE_URL.
# Must exactly match what is registered in Azure.
MICROSOFT_REDIRECT_URL =
Reference in New Issue View Git Blame Copy Permalink