APP_NAME=Lychee
APP_ENV=production
APP_KEY=base64:[[APP_KEY]]
APP_DEBUG=false
# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
APP_URL=[[app_url]]
APP_FORCE_HTTPS=false

# If using Lychee in a sub folder, specify the path after the tld here.
# For example for https://lychee.test/path/to/lychee
# Set APP_URL=https://lychee.test
# and APP_DIR=/path/to/lychee
# We (LycheeOrg) do not recommend the use of APP_DIR.
APP_DIR=[[relativeurl]]/public

# enable or disable debug bar. By default it is disabled.
# Do note that this disable CSP!!
DEBUGBAR_ENABLED=false

# enable or disable the v6 layout.
VUEJS_ENABLED=true

# enable or disable log viewer. By default it is enabled.
LOG_VIEWER_ENABLED=true

# enable or disable clockwork. By default it is disabled (and not provided on non-dev build).
CLOCKWORK_ENABLE=false

# enable s3 bucket (required in addition to needing AWS_ACCESS_KEY_ID)
# S3_ENABLED=true

# If you spread old links of to your albums in your Lychee instance starting with
# https://lychee.text/#albumID/PhotoId
# Set this value to true to enable redirection.
LEGACY_V4_REDIRECT=false

##############################################################################
# IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
#            server as v3.                                                   #
##############################################################################

# Table prefix (e.g. lychee_) of a Lychee v3 instance for migration
DB_OLD_LYCHEE_PREFIX=

# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
# not required, but an existing sqlite3 database may be specified if desired. In
# this case, please use an absolute path. DB_DATABASE may be omitted but should
# *not* be left blank.
DB_CONNECTION=mysql
DB_HOST=[[softdbhost]]
DB_PORT=
DB_DATABASE=[[softdb]]
DB_USERNAME=[[softdbuser]]
DB_PASSWORD=[[softdbpass]]
DB_LOG_SQL=false
DB_LOG_SQL_EXPLAIN=false #only for MySQL

# List foreign keys in diagnostic page
DB_LIST_FOREIGN_KEYS=false

# Application timezone. If not specified, the server's default timezone is used.
# Requires a named timezone identifier.
# See https://www.php.net/manual/en/timezones.php for the list of supported timezones.
# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST)
# TIMEZONE=Europe/Paris

# Visibility of directories and (media) files in LYCHEE_UPLOADS
# Possible values are:
#
#  - private: world group has neither read nor write access
#  - public: world group has read access but no write access (the default)
#  - world: world group has read and write access
#
# The default should suffice for most installations.
# For improved security, change this setting to "private".
# Some rare setups may require directories and files to be world writeable.
# In this case, use "world" here.
# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
# LYCHEE_IMAGE_VISIBILITY=public

# folders in which the files will be stored
# LYCHEE_UPLOADS="/var/www/html/Lychee-Laravel/public/uploads/"
# LYCHEE_DIST="/var/www/html/Lychee-Laravel/public/dist/"
# LYCHEE_SYM="/var/www/html/Lychee-Laravel/public/sym/"
# url to access those files
# LYCHEE_UPLOADS_URL="uploads/"
# LYCHEE_DIST_URL="dist/"
# LYCHEE_SYM_URL="sym/"

# Support for token based authentication used by API requests. Enabled by default.
# ENABLE_TOKEN_AUTH=true

CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
# `sync` if jobs needs to be executed live (default) or `database` if they can be defered.
QUEUE_CONNECTION=sync

SECURITY_HEADER_HSTS_ENABLE=false
SECURITY_HEADER_CSP_CONNECT_SRC=
SECURITY_HEADER_SCRIPT_SRC_ALLOW=
SESSION_SECURE_COOKIE=false

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=
MAIL_PORT=
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
MAIL_FROM_NAME=
MAIL_FROM_ADDRESS=

# The trusted proxies if Lychee is behind a reverse proxy
# Accepted values:
#  - `null`: no proxy
#  - `*`: any proxy
#  - <ip address>[,<ip address>]: a comma-seperated list of IP addresses
TRUSTED_PROXIES=null

# Comma-separated list of class names of diagnostics checks that should be skipped.
#SKIP_DIAGNOSTICS_CHECKS=

VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

# Oauth token data
# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.

# AMAZON_SIGNIN_CLIENT_ID=
# AMAZON_SIGNIN_SECRET=
# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect

# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
# APPLE_CLIENT_ID=
# APPLE_CLIENT_SECRET=
# APPLE_REDIRECT_URI=/auth/apple/redirect

# FACEBOOK_CLIENT_ID=
# FACEBOOK_CLIENT_SECRET=
# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect

# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
# GITHUB_REDIRECT_URI=/auth/github/redirect

# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=/auth/google/redirect

# MASTODON_DOMAIN=https://mastodon.social
# MASTODON_ID=
# MASTODON_SECRET=
# MASTODON_REDIRECT_URI=/auth/mastodon/redirect

# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect

# NEXTCLOUD_CLIENT_ID=  
# NEXTCLOUD_CLIENT_SECRET=  
# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
# NEXTCLOUD_BASE_URI=

# KEYCLOAK_CLIENT_ID=
# KEYCLOAK_CLIENT_SECRET=
# KEYCLOAK_REDIRECT_URI=/auth/keycloak/redirect
# KEYCLOAK_BASE_URL=
# KEYCLOAK_REALM=

# AWS support data

# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# AWS_DEFAULT_REGION=
# AWS_BUCKET=
# AWS_URL=
# AWS_ENDPOINT=
# AWS_IMAGE_VISIBILITY=
# AWS_USE_PATH_STYLE_ENDPOINT=