# Isso configuration file # vim: set filetype=ini [general] # file location to the SQLite3 database, highly recommended to change this # location to a non-temporary location! dbpath = /tmp/comments.db # required to dispatch multiple websites, not used otherwise. name = # Your website(s). If Isso is unable to connect to at least on site, you'll # get a warning during startup and comments are most likely non-functional. # # You'll need at least one host/website to run Isso. This is due to security # reasons: Isso uses CORS_ to embed comments and to restrict comments only to # your website, you have to "whitelist" your website(s). # # I recommend the first value to be a non-SSL website that is used as fallback # if Firefox users (and only those) supress their HTTP referer completely: # # host = # http://example.tld/ # https://example.tld/ # host = # time range that allows users to edit/remove their own comments. # It supports years, weeks, days, hours, minutes, seconds. # 3h45m12s equals to 3 hours, 45 minutes and 12 seconds. max-age = 15m # Select notification backend for new comments. Currently, only SMTP is # available. # Select notification backend(s) for new comments, separated by comma. # Available backends: # # stdout # Log to standard output. Default, if none selected. # smtp # Send notifications via SMTP on new comments with activation (if # moderated) and deletion links. notify = stdout # Log console messages to file instead of standard out. log-file = [moderation] # enable comment moderation queue. This option only affects new comments. # Comments in modertion queue are not visible to other users until you activate # them. enabled = false # remove unprocessed comments in moderation queue after given time. purge-after = 30d [server] # interface to listen on. Isso supports TCP/IP and unix domain sockets: UNIX # domain socket listen = unix:///tmp/isso.sock TCP/IP listen = # http:///localhost:1234/ # # When gevent is available, it is automatically used for http:// Currently, # gevent can not handle http requests on unix domain socket (see #295 and #299 # for details). Does not apply for uWSGI. listen = http://localhost:8080 # reload application, when the source code has changed. Useful for development. # Only works with the internal webserver. reload = off # show 10 most time consuming function in Isso after each request. Do not use # in production. profile = off [smtp] # Isso can notify you on new comments via SMTP. In the email notification, you # also can moderate (=activate or delete) comments. # self-explanatory, optional username = # self-explanatory (yes, plain text, create a dedicated account for # notifications), optional. password = # SMTP server host = localhost # SMTP port port = 587 # use a secure connection to the server, possible values: none, starttls or # ssl. Note, that there is no easy way for Python 2.7 and 3.3 to implement # certification validation and thus the connection is vulnerable to # Man-in-the-Middle attacks. You should definitely use a dedicated SMTP account # for Isso in that case. security = starttls # recipient address, e.g. your email address to = # ender address, e.g. "Foo Bar" from = # specify a timeout in seconds for blocking operations like the # connection attempt. timeout = 10 [guard] # Enable basic spam protection features, e.g. rate-limit per IP address (/24 # for IPv4, /48 for IPv6). # enable guard, recommended in production. Not useful for debugging purposes. enabled = true # limit to N new comments per minute. ratelimit = 2 # how many comments directly to the thread (prevent a simple while true; do # curl ...; done. direct-reply = 3 # allow commenters to reply to their own comments when they could still edit # the comment. After the editing timeframe is gone, commenters can reply to # their own comments anyways. Do not forget to configure the client. reply-to-self = false # force commenters to enter a value into the author field. No validation is # performed on the provided value. Do not forget to configure the client # accordingly. require-author = false # require the commenter to enter an email address (note: no validation is # done on the provided address). Do not forget to configure the client. require-email = false [markup] # Customize markup and sanitized HTML. Currently, only Markdown (via Misaka) is # supported, but new languages are relatively easy to add. # Misaka-specific Markdown extensions, all flags starting with EXT_ can be used # there, separated by comma. options = strikethrough, autolink, fenced_code, no_intra_emphasis # Additional HTML tags to allow in the generated output, comma-separated. By # default, only a, blockquote, br, code, del, em, h1, h2, h3, h4, h5, h6, hr, # ins, li, ol, p, pre, strong, table, tbody, td, th, thead and ul are allowed. allowed-elements = # Additional HTML attributes (independent from elements) to allow in the # generated output, comma-separated. By default, only align and href are # allowed. allowed-attributes = [hash] # Customize used hash functions to hide the actual email addresses from # commenters but still be able to generate an identicon. # A salt is used to protect against rainbow tables. Isso does not make use of # pepper (yet). The default value has been in use since the release of Isso and # generates the same identicons for same addresses across installations. salt = Eech7co8Ohloopo9Ol6baimi # Hash algorithm to use -- either from Python's hashlib or PBKDF2 (a # computational expensive hash function). # # The actual identifier for PBKDF2 is pbkdf2:1000:6:sha1, which means 1000 # iterations, 6 bytes to generate and SHA1 as pseudo-random family used for key # strengthening. Arguments have to be in that order, but can be reduced to # pbkdf2:4096 for example to override the iterations only. algorithm = pbkdf2