Configuration value reference


If you’re connecting your site with other software (such as federated servers or using Web clients), please note that most of them save OAuth keys based on your hostname and listening port. The following changes may make your relationships stop working.

  • Change of hostname
  • Change of port (from 8000 to 80 or even from HTTP to HTTPS)
  • Clearing your database or clearing some tables
  • Changing user nicknames

We realize that these kind of changes are normal when someone’s experimenting with new software, and there are (early, tentative) plans to make the software more robust in the face of this kind of change without sacrificing security, but for now it’s a good idea to decide on your “real” domain name first before making connections to other sites.

The default config values are stored in the source file lib/defaults.js.

Here are the main configuration keys.

  • driver The databank driver you’re using. Defaults to “memory”, which is probably going to be terrible.
  • params Databank driver params; see the databank driver README for details on what to put here.
  • hostname The hostname of the server. Defaults to “” which doesn’t do much for you.
  • address The address to listen on. Defaults to hostname, which is OK for most systems. Use this if you’ve got some kind of load-balancer or NAS or whatever and your local IP doesn’t map to the IP of the hostname.
  • port Port to listen on. Defaults to 31337, which is no good. You should listen on 80 or 443 if you’re going to have anyone use this.
  • urlPort Port to use for generating URLs. Defaults to the same as port, but if you’re insisting on proxying behind Apache or whatever despite warnings not to, you can use this.
  • bounce If true, set up a mini-server on port 80 that redirects to HTTPS
  • secret A session-generating secret, server-wide password.
  • noweb Hide the Web interface. Defaults to false. Set this to something truthy to disable the Web interface.
  • site Name of the server, like “My great social service”. Defaults to “”.
  • owner Name of owning entity, if you want to link to it.
  • ownerURL URL of owning entity, if you want to link to it.
  • appendFooter a bit of custom HTML you want appended to the footer text.
  • nologger If you’re debugging or whatever, turn off logging. Defaults to false (leave logging on).
  • logfile Full path to the logfile. Logs are JSON in bunyan format.
  • logLevel: Log level used by bunyan (see bunyan loglevels documentation); default is “info”
  • serverUser If you’re listening on a port lower than 1024, you need to be root. Set this to the name of a user to change to after the server is listening. daemon or nobody are good choices, or you can create a user like pump and use that.
  • key If you’re using SSL, the path to the server key, like “/etc/ssl/private/myserver.key”.
  • cert If you’re using SSL, the path to the server cert, like “/etc/ssl/private/myserver.crt”.
  • hsts Controls the HTTP Strict-Transport-Security header. It’s passed directly to the hsts module, so you can set true to use the defaults (180 days, includeSubdomains is on) or set an object to use a longer time, enable preloading, etc. The default is false.
  • uploaddir Obsolete; see issue #1261
  • datadir Directory for the server to store data in (mostly uploads). Should be the full path of a local directory that’s readable and writeable by the serverUser. Optional unless you have uploads turned on.
  • enableUploads If you want to enable file uploads, set this to true. Make sure that datadir is set and that the directory it’s set to contains a subdirectory named uploads.
  • debugClient For developers, if you’re debugging the Web interface and you want to use the non-minified version of the JavaScript libraries, set this to true. Defaults to false, which is what people should use in production.
  • firehose Firehose host running the ofirehose software. Defaults to “”. Public notices will ping this firehose server and from there go out to search engines and the world. If you want to disconnect from the public web, set this to something falsy.
  • spamhost Host running activityspam software to use to test updates for spam.
  • spamclientid oauth pair for spam server.
  • spamclientsecret oauth pair for spam server.
  • disableRegistration default false. Disables registering new users on the site through the Web or the API.
  • noCDN Use local copies of the JavaScript libraries instead of the ones on the CDN. Good for debugging. Defaults to false, meaning “use the CDN”.
  • requireEmail Require an email address to register. Should be ignored if email server isn’t configured. Default false.
  • smtpserver Server to use for sending transactional email. If it’s not set up, no email is sent and features like password recovery and email notification won’t work. Defaults to null.
  • smtpport Port to connect to on SMTP server. Defaults to 25 which is really the only sane value.
  • smtpuser Username to use to connect to SMTP server. Might not be necessary for some servers. Defaults to null.
  • smtppass Password to use to connect to SMTP server. Might not be necessary for some servers. Defaults to null.
  • smtpusetls Try to negotiate using SSL with the SMTP server. Defaults to true, because it’s a smart idea.
  • smtpusessl Only use SSL with the SMTP server. Defaults to false. You may need to change the smtpport value if you set this.
  • smtptimeout Timeout for connecting to the SMTP server in milliseconds. Defaults to 30000. Change this if… I dunno. I see no reason to change this.
  • smtpfrom Email address to use in the “From:” header of outgoing notifications. Defaults to ‘no-reply@’ plus the site hostname.
  • compress Use gzip or deflate to compress text output. This can cut down on network transfers considerably at the expense of memory and CPU on the server. Defaults to true.
  • children Number of children to run. Defaults to 1 for some kinds of DBs, number of CPUS - 1 for others.
  • clients. You can pre-configure some OAuth credentials if you want to have a replicable configuration (say, for test scripts or development environments). This setting is an array of objects, each of which has a ‘client_id’ and ‘client_secret’ property, and an optional ‘title’ and ‘description’ object. Most people don’t need this. Default is an empty list.
  • sockjs Use SockJS-node to provide a realtime connection. Defaults to true.
  • cleanupSession Time interval to clean up sessions (in ms). These are staggered a bit if you have more than one child process running, to spread them out a bit. Defaults to 1200000, or 20 minutes.
  • cleanupNonce Time interval to clean up OAuth nonces (in ms). Staggered. Defaults to 1200000, or 20 minutes.
  • favicon Local filesystem path to the favicon.ico file to use. This will be served as “/favicon.ico” by the server. By default, uses public/images/favicon.ico.
These values can be set via CLI flags, environment variables, or a JSON configuration file. See the individual documentation for each of these methods for details.