Configuration value reference


If you’re connecting your site with other software (such as federated servers or using Web clients), please note that most of them save OAuth keys based on your hostname and listening port. The following changes may make your relationships stop working.

  • Change of hostname
  • Change of port (from 8000 to 80 or even from HTTP to HTTPS)
  • Clearing your database or clearing some tables
  • Changing user nicknames

We realize that these kind of changes are normal when someone’s experimenting with new software, and there are (early, tentative) plans to make the software more robust in the face of this kind of change without sacrificing security, but for now it’s a good idea to decide on your “real” domain name first before making connections to other sites.

The default config values are stored in the source file lib/defaults.js.

Here are the main configuration keys.

Name Type Description Default Availability
driver String The databank driver you’re using. Defaults to “memory”, which is probably going to be terrible. “memory”  
params Object Databank driver params; see the databank driver README for details on what to put here. {}  
hostname String The (sub)domain will run on. Defaults to “” which doesn’t do much for you. “”  
address String The address to listen on. Defaults to hostname, which is OK for most systems. Use this if you’ve got some kind of load-balancer or NAS or whatever and your local IP doesn’t map to the IP of the hostname. The value of hostname  
port Number Port to listen on. Defaults to 31337, which is no good. You should listen on 80 or 443 if you’re going to have anyone use this. 31337  
urlPort Number Port to use for generating URLs. Defaults to the same as port, but if you’re insisting on proxying behind Apache or whatever despite warnings not to, you can use this. The value of port  
bounce Boolean If true, set up a mini-server on port 80 that redirects to HTTPS false  
secret String A session-generating secret, server-wide password.    
noweb Boolean Hide the Web interface. Set this to something truthy to disable the Web interface. false  
site String Name of the server, like “My great social service”. “”  
owner String Name of owning entity, if you want to link to it.    
ownerURL String URL of owning entity, if you want to link to it.    
appendFooter String A bit of custom HTML you want appended to the footer text.   4.0+
mainImage String An image/icon for the main page; could be an external URL or an image in the “public/” folder “images/somefriends.jpg” 6.0+
nologger Boolean Turn off logging, if you’re debugging or whatever. false  
logfile String Full path to the logfile. Logs are JSON in bunyan format.    
logLevel String Log level used by bunyan (see bunyan loglevels documentation) “info”  
serverUser String If you’re listening on a port lower than 1024, you need to be root. Set this to the name of a user to change to after the server is listening. daemon` or ``nobody are good choices, or you can create a user like pump and use that.    
key String If you’re using SSL, the path to the server key, like “/etc/ssl/private/myserver.key”.    
cert String If you’re using SSL, the path to the server cert, like “/etc/ssl/private/myserver.crt”.    
hsts Boolean | Object Controls the HTTP Strict-Transport-Security header. It’s passed directly to the hsts module, so you can set true to use the defaults (180 days, includeSubdomains is on) or set an object to use a longer time, enable preloading, etc. false 3.0+
datadir String Directory for the server to store data in (mostly uploads). Should be the full path of a local directory that’s readable and writeable by the serverUser. Optional unless you have uploads turned on.   3.0+
enableUploads Boolean If you want to enable file uploads, set this to true. Make sure that datadir is set and that the directory it’s set to contains a subdirectory named uploads. false 3.0+
controlSocket String Path to a Unix domain socket that can be used to control and query the master process. /var/run/pump.socket when running as root on Unix; /tmp/pump.socket otherwise 6.0+
debugClient Boolean For developers, if you’re debugging the Web interface and you want to use the non-minified version of the JavaScript libraries, set this to true. false is what people should use in production. false  
firehose String Firehose host running the ofirehose software. Public notices will ping this firehose server and from there go out to search engines and the world. If you want to disconnect from the public web, set this to something falsy. “”  
spamhost String Host running activityspam software to use to test updates for spam.    
spamclientid String OAuth pair for spam server.    
spamclientsecret String OAuth pair for spam server.    
disableRegistration Boolean Disables registering new users on the site through the Web or the API. false  
noCDN Boolean Use local copies of the JavaScript libraries instead of the ones on the CDN. Good for debugging. Defaults to false, meaning “use the CDN”. false  
requireEmail Boolean Require an email address to register. Should be ignored if email server isn’t configured. false  
smtpserver String Server to use for sending transactional email. If it’s not set up, no email is sent and features like password recovery and email notification won’t work. null  
smtpport Number Port to connect to on SMTP server. Defaults to 25 which is really the only sane value. 25  
smtpuser String Username to use to connect to SMTP server. Might not be necessary for some servers. null  
smtppass String Password to use to connect to SMTP server. Might not be necessary for some servers. null  
smtpusetls Boolean Try to negotiate using SSL with the SMTP server. Defaults to true, because it’s a smart idea. true  
smtpusessl Boolean Only use SSL with the SMTP server. You may need to change the smtpport value if you set this. false  
smtptimeout Number Timeout for connecting to the SMTP server in milliseconds. Change this if… I dunno. I see no reason to change this. 30000  
smtpfrom String Email address to use in the “From:” header of outgoing notifications “no-reply@” plus the site hostname  
compress Boolean Use gzip or deflate to compress text output. This can cut down on network transfers considerably at the expense of memory and CPU on the server. true  
children Number Number of children worker processes to run 1 for some kinds of DBs, number of CPUs - 1 for others  
clients Array of Objects You can pre-configure some OAuth credentials if you want to have a replicable configuration (say, for test scripts or development environments). This setting is an array of objects, each of which has a client_id and client_secret property, and an optional title and description object. Most people don’t need this. []  
sockjs Boolean Use SockJS-node to provide a realtime connection true  
cleanupSession Number Time interval to clean up sessions (in ms). These are staggered a bit if you have more than one child process running, to spread them out a bit. 1200000 (20 minutes)  
cleanupNonce Number Time interval to clean up OAuth nonces (in ms). Staggered. 1200000 (20 minutes)  
favicon String Local filesystem path to the favicon.ico file to use. This will be served as “/favicon.ico” by the server. “public/images/favicon.ico”  

And here are all obsolete configuration keys.

Name Type Description Removed in Removal issue
uploaddir String If you want to enable file uploads, set this to the full path of a local directory. It should be writeable and readable by the serverUser. 3.0 #1261

These values can be set via CLI flags, environment variables, or a JSON configuration file. See the individual documentation for each of these methods for details.