Cypht Config Generator
Click any of the options below to configure Cypht!
app
SESSION_TYPE
------------
Session Type
------------
Sessions are how the server maintains your logged in state. Cypht supports
standard PHP sessions, as well as its own completely independent session
system that uses memcached or a database for storage. In order to use
database sessions, the database must be correctly configured in the "DB
Support" section and the hm_user_session table must be created (see
config/database.php for more information). In order to use Memcached
sessions, the memcached server must be correctly configured in the
"Memcached Support" section. In order to use Redis session, the Redis
server must be configured in the "Redis Support" section.
Valid values for this setting:
PHP Standard PHP session handlers
DB Custom database based sessions
MEM Custom Memcached based sessions
REDIS Custom Redis based sessions
custom Create your own session class. See the modules/site/lib.php file for
more info
Default: PHP
PHP - Standard PHP session handlers
DB - Custom database based sessions
MEM - Custom Memcached based sessions
REDIS - Custom Redis based sessions
custom - Create your own session class. See the modules/site/lib.php file for more info
Reset
AUTH_TYPE
-------------------
Authentication Type
-------------------
This setting defines how Cypht will authenticate your username and password
when you login. If you want to use a database it must be correctly configured
in the "DB Support" section and the hm_user table must be created (see
config/database.php for more information). There are 3 PHP cli scripts to
help manage database users in the scripts/ directory (create_account.php,
delete_account.php, and update_password.php). If you want to authenticate
against an IMAP server, you must setup the imap_auth_* settings below. If
you want to authenticate against an LDAP server, you must setup the ldap_auth_*
settings. Finally, if you want to let users pick from a list of popular mail
services or try to auto-discover a mail system, set this to dynamic and make
sure the dynamic_login module set is enabled in the "Module Sets" section of
this file.
Valid values for this setting:
DB Authenticate against the database
LDAP Authenticate against an LDAP server
IMAP Authenticate using an IMAP server
dynamic Let the user choose from a list, or try to auto discover the mail
services based on the email domain
custom Create your own auth class. See the modules/site/lib.php file for
more info
Default: DB
DB - Authenticate against the database
LDAP - Authenticate against an LDAP server
IMAP - Authenticate using an IMAP server
dynamic - Let the user choose from a list, or try to auto discover the mail
services - based on the email domain
custom - Create your own auth class. See the modules/site/lib.php file for more info
Reset
LDAP_AUTH_SERVER
-------------------
LDAP Authentication
-------------------
If auth_type is set to LDAP, configure the LDAP server to authenticate against
with the following settings, otherwise these are ignored.
The hostname or IP address of the LDAP server to authenticate to
Default: localhost
Reset
LDAP_AUTH_PORT
The port the LDAP server is listening on.
Default: 389
Reset
LDAP_AUTH_TLS
Enable TLS/SSL connections. Leave blank or set to false to disable. Set to
true to enable TLS connections.
Reset
LDAP_AUTH_BASE_DN
The "base dn" of the LDAP server
Default: example,dc=com
Reset
IMAP_AUTH_NAME
-------------------
IMAP Authentication
-------------------
If auth_type is set to IMAP, configure the IMAP server to authenticate against
with the following settings, otherwise these are ignored.
This is just a label used in the UI. It can be set to anything
Default: Gandi
Reset
IMAP_AUTH_SERVER
The hostname or IP address of the IMAP server to authenticate to
Default: mail.gandi.net
Reset
IMAP_AUTH_PORT
The hostname or IP address of the IMAP server to authenticate to
Default: 993
Reset
IMAP_AUTH_TLS
Enable TLS/SSL connections. Leave blank or set to false to disable. Set to
true to enable TLS connections. If you want to use IMAP STARTTLS, do NOT
enable this. This is only for TLS enabled sockets (typically on port 993).
Default: true
Reset
IMAP_AUTH_SIEVE_CONF_HOST
The hostname/IP address and port sieve is listening on. Example: example.org:4190
Keep this blank to disable sieve filter support on login
Reset
IMAP_AUTH_SIEVE_TLS_MODE
this will add the tls:
to make this work make sure you set DEFAULT_SETTING_ENABLE_SIEVE_FILTER to true
Default: true
Reset
DEFAULT_SMTP_NAME
-------------------
Default SMTP Server
-------------------
You can set a default SMTP server for all Cypht users. Authentication will be
done with the users login credentials, so this only makes sense if you are
using IMAP for authentication. Leave these values blank to disable a
default SMTP server, otherwise fill in the required values below
This is just a label used in the UI. It can be set to anything
Reset
DEFAULT_SMTP_SERVER
The hostname or IP address of the SMTP server
Reset
DEFAULT_SMTP_PORT
The port the SMTP server is listening on.
Reset
DEFAULT_SMTP_TLS
Enable TLS/SSL connections. Leave blank or set to false to disable. Set to
true to enable TLS connections.
Reset
DEFAULT_SMTP_NO_AUTH
If your SMTP service does not require authentication, you can disable it
by setting the following to true.
Reset
USER_CONFIG_TYPE
----------------
Settings Storage
----------------
Cypht supports 3 methods for saving user settings between logins. File based
settings, database table or custom implementation. To store settings in a
database, it must be configured in the "DB Support" section and the
hm_user_settings table must be created (see config/database.php for more
information). To store settings on the filesystem, the user_settings_dir must
be created and the webserver software must be able to write to it. For custom
implementations, see Hm_User_Config_File.
Valid values for this setting:
file Store user settings in the filesystem
DB Store user settings in a database
custom Store user settings via custom implementation. Specify class name
after colon, e.g. custom:Custom_User_Config
Default: file
file - Store user settings in the filesystem
DB - Store user settings in a database
custom - Store user settings via custom implementation. Specify class name after colon, e.g. custom:Custom_User_Config
Reset
USER_SETTINGS_DIR
-----------------
Settings Location
-----------------
If user_config_type is set to file, this must be set to an existing directory
that the webserver software can read and write to. If settings storage is set
to DB, this is ignored. It should not be inside the webserver document root.
Default: /var/lib/hm3/users
Reset
ATTACHMENT_DIR
-------------------
Attachment Location
-------------------
This must be set to an existing directory that the webserver software
can read and write to. It should not be inside the webserver document root.
Default: /var/lib/hm3/attachments
Reset
DISABLE_ORIGIN_CHECK
--------------------
Disable origin check
--------------------
To help protect against CSRF attacks, Cypht checks origin headers to confirm
that the source and target origin domains match. If you are using proxies this
could create a problem making it impossible to login. Change this to true to
disable the origin check.
Default: false
Reset
ADMIN_USERS
-----------
Admin Users
-----------
You can define a comma delimited list of admin users that Cypht will grant
special rights to. Currently this only enables the "create account" link in
the account module set that provides a form to create a new account. This is
only used if the auth_type is set to DB. Leave this blank if you don't want
to define any admin users, or are using IMAP authentication.
Reset
COOKIE_DOMAIN
-------------
Cookie Domain
-------------
By default Cypht uses the server name used in the request to determine
the domain name to set the cookie for. Configurations that use a reverse
proxy might need to define the domain name used for cookies. Leave this
blank to let Cypht automatically determine the domain. You can also use
the special value of "none" to force Cypht to NOT set the cookie domain
property at all. This is not recommended unless you know what you are
doing!
Reset
COOKIE_PATH
-----------
Cookie Path
-----------
By default Cypht uses the request URI to determine the cookie path to set
the cookie for. Configurations that use mod_rewrite might need to define
the path used for cookies. E.g. /cypht/embedded?page=compose will set path
to /cypht/embedded/ which won't send the cookies back to the server. In that
case set cookie_path=/cypht/. Leave this blank to let Cypht automatically
determine the path. You can also use the special value of "none" to force
Cypht to NOT set the cookie path property at all. This is not recommended
unless you know what you are doing!
Reset
DEFAULT_EMAIL_DOMAIN
---------------------
Outbound Email Domain
---------------------
Default domain used for outbound email addresses when using IMAP auth and
users don't login with a full email address. Users can customize this with
the profiles module which will override this default
Reset
AUTO_CREATE_PROFILE
-------------------
Auto-Create Profile
-------------------
When a user logs in and they have only 1 IMAP server and 1 SMTP server, and
no configured profiles - enabling this option will auto-create a profile for
them. Email and reply-to addresses will use the default_email_domain if
set, otherwise it will fallback to the domain Cypht is hosted on.
Reset
REDIRECT_AFTER_LOGIN
--------------------
Redirect After Login
--------------------
You can login directly to any page in Cypht by going to the correct url before
logging in, but that is not very user-friendly. To redirect users to a url
after login, add the url arguments below (everything in the url after, but
including, the question mark). You must use double quotes around the value
otherwise it will cause an ini parsing error. To redirect users after login
to the combined unread view you would use:
redirect_after_login="?page=message_list&list_path=unread"
Reset
APP_NAME
----------------
Application Name
----------------
This label is used in the UI to reference the program - you can change it to
"Your awesome webmail" to replace the Cypht name used in various places.
Default: Cypht
Reset
ALWAYS_MOBILE_UI
---------------
Force Mobile UI
---------------
Cypht will detect mobile devices and display a mobile optimized UI. If you want
to aways use this UI regardless of device, set this to true
Reset
DEFAULT_LANGUAGE
----------------
Default Language
----------------
Users can select from available interface languages on the site settings page.
This sets the default for a user who has not done so. Valid values are the
langauge codes that have matching language definitions in the language/ folder.
Default: en
Reset
JS_COMPRESS
----------------------
JavaScript Compression
----------------------
When the configuration script is run, all JavaScript files are concatenated
and optionally compressed. To compress the content, define a command and its
options below. Cypht does not come with compresson software, so you must
install and configure that separately. Leave blank or set to false to disable
external compression. Compression software must be able to handle ES6.
Example:
js_compress='uglifyjs.terser -c -m --verbose --warn'
Default: false
Reset
CSS_COMPRESS
---------------
CSS Compression
---------------
When the configuration script is run, all CSS files are concatenated and
optionally compressed. To compress the content, define a command and its
options below. Cypht does not come with compresson software, so you must
install and configure that separately. Leave blank or set to false to disable
external compression.
Example:
css_compress='java -jar /usr/local/lib/yuicompressor-2.4.8.jar --type css'
Default: false
Reset
ENABLE_REDIS
----------------------
Caching Server Support
----------------------
Cypht can use Redis or Memcache to improve performance, as well as to store
user sessions. Configure Redis or Memcached below and Cypht will
automatically use them for caching. All data cached for a user in either
system is encrypted. Currently, the feeds, and IMAP modules will use
the configured cache. If both Redis and Memcached are configured, Redis will
be used for the cache.
If you want to use the user session as a cache, uncomment the line below and
set to true. THIS IS NOT RECOMMENDED. Cypht uses parallel requests to the
server, and using the session as a cache is likely to cause race conditions
and integrity issues. If you are running Cypht in an "embedded" mode with
only one email source, this option is less likely to be a problem.
'allow_session_cache' => env('ALLOW_SESSION_CACHE', false),
'cache_class' => env('CACHE_CLASS')
Default: true
Reset
REDIS_SERVER
Default: 127.0.0.1
Reset
REDIS_PORT
Default: 6379
Reset
REDIS_INDEX
Default: 1
Reset
REDIS_PASS
Reset
REDIS_SOCKET
Default: /var/run/redis/redis-server.sock
Reset
ENABLE_MEMCACHED
-----------------
Memcached Support
-----------------
Configure Memcached details below to use it for caching
Default: true
Reset
MEMCACHED_SERVER
Default: 127.0.0.1
Reset
MEMCACHED_PORT
Default: 11211
Reset
MEMCACHED_AUTH
If you need SASL authentication for memcached, set the following to true
and add the username and password to authenticate with
Default: false
Reset
MEMCACHED_USER
Reset
MEMCACHED_PASS
Reset
ALLOW_LONG_SESSION
-------------------
Allow Long Sessions
-------------------
Cypht logins only last as long as the browser is open. Closing the browser,
or moving to a new network, will cause you to be logged out. This setting
provides users with a "stay logged in" option during login that will set the
sesison lifetime to a default of 30 days, and disable the IP address check.
USE WITH CAUTION SINCE THIS DISABLES SOME SESSION PROTECTIONS.
Specifically:
- Session cookies stay active after a browser restart making them more
susceptible to snooping
- The browser "fingerprint" was use to help protect against session hijacking
includes the client's IP. With this option enabled a client IP can change
mid-session and it won't log them out
Default: false
Reset
LONG_SESSION_LIFETIME
Set the session lifetime in days. Only applies if allow_long_session is set to
true, and a user checks the box to "stay logged in" during login.
Default: 30
Reset
ENCRYPT_AJAX_REQUESTS
--------------------------
Browser Encryption Options
--------------------------
Cypht can use the Forge JavaScript encryption library to encrypt AJAX
responses and data stored in browser local storage. Enabling either one of
these options causes the Forge JavaScript library to be included. This adds
about 70KB to the page size (when gzipped).
Use AES encryption for AJAX responses. Set to true to enable, leave blank or
set to false to disable.
Reset
ENCRYPT_LOCAL_STORAGE
Use AES encryption for data stored in the browser local storage. Set to true
to enable, or leave blank or set to false to disable.
Reset
DISABLE_IP_CHECK
-----------------------
Allow client IP changes
-----------------------
By default Cypht will log you out if your client IP address changes. This is
an extra layer of protection against session hijacking, but it's not uncommon
for your client IP to change. Change this to true if you want to disable this
check
Default: false
Reset
ALLOW_EXTERNAL_IMAGE_SOURCES
--------------------------
Allow remote image sources
--------------------------
WARNING: Using this feature could leak information to external sources.
By default, Cypht will not allow external images to be loaded when viewing an
HTML formatted email message. A Content Security Policy header limits images
sources to "self" only and the message content is filtered to remove any external
resource. If you really want the ability to view external images in an email,
you first need to change the following setting to true. When viewing an HTML
formatted message, you will now have a link before the message body called "Allow
Images" that will reload the message part with external images visible.
Default: true
Reset
SINGLE_SERVER_MODE
------------------
Single server mode
------------------
This setting restricts Cypht to only using a single email source (
IMAP) and the default SMTP server defined in this file. It modifies the UI to
remove the ability to add other email sources, and removes the password
restriction when saving data between logins. You must use either IMAP
authentication for this setting to be enforced, and auth server will be the
single email source users have access to. If you enable this after users
have saved any settings, they will be lost (or if you disable it after they
have saved any settings). WARNING: USER SETTINGS SAVED TO THE SERVER WILL NOT
BE ENCRYPTED WITH THIS ENABLED
Default: false
Reset
DISABLE_EMPTY_SUPERGLOBALS
-------------------
Integration options
-------------------
Cypht does a few things to make it more secure by default, but these features
can make it difficult to integrate Cypht into 3rd party software. Specifically,
Cypht disables PHP "super globals", and sets a restrictive PHP "open basedir"
setting, tweaks PHP ini settings to increase security, and uses a browser
"fingerprint" to improve session security. You can disable each with the
following options:
Don't empty PHP super globals
Default: false
Reset
DISABLE_OPEN_BASE_DIR
Don't apply open basedir restrictions
Default: false
Reset
DISABLE_INI_SETTINGS
Don't tweak ini settings
Default: false
Reset
DISABLE_FINGERPRINT
Don't use a browser fingerprint
Default: false
Reset
AUTH_CLASS
You can create your own custom authentication and session classes using the
site module set, however you might want those classes located somewhere else
outside of the Cypht code base. By setting session_type and auth_type to custom,
you can control what class is used with the following settings
Reset
SESSION_CLASS
Reset
CYPHT_MODULES
-----------------------------------------------------------------------------
Modules
-----------------------------------------------------------------------------
-----------
Module Sets
-----------
Cypht uses module sets to separate functionality in the program. Module sets
can be enabled and disabled independently by commenting out or uncommenting
the assignments below. Add a new assignment to enable your own module sets.
----
Core
----
Handles page layout, login/logout, and the default settings pages. This set
is required.
Default: core,contacts,local_contacts,feeds,imap,smtp,account,idle_timer,calendar,themes,nux,developer,history,saved_searches,advanced_search,highlights,profiles,inline_message,imap_folders,keyboard_shortcuts,tags
Reset
DEFAULT_SETTING_NO_PASSWORD_SAVE
----------
API login
----------
Default: false
Reset
DEFAULT_SETTING_IMAP_PER_PAGE
Number of messages per page when viewing IMAP folders
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_SIMPLE_MSG_PARTS
Amount of IMAP message structure detail on the message view page
Defaults to full structure
Default: false
Reset
DEFAULT_SETTING_PAGINATE_LINKS
Next and Previous emails on the message view page
Defaults to full structure
Default: true
Reset
DEFAULT_SETTING_MSG_PART_ICONS
Show icons for each IMAP message part type
Defaults to true
Default: true
Reset
DEFAULT_SETTING_REVIEW_SENT_EMAIL
Show the message after sending
Defaults to true
Default: true
Reset
DEFAULT_SETTING_TEXT_ONLY
Prefer text parts when viewing a message
Defaults to false
Default: false
Reset
DEFAULT_SETTING_SENT_PER_SOURCE
Per source max for the combined sent view
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_SENT_SINCE
Per source time limit for the combined sent view
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_JUNK_SINCE
Per source time limit for junk page
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_JUNK_PER_SOURCE
Per source number limit for junk page
Defaults 20
Default: 20
Reset
DEFAULT_SETTING_TAGS_SINCE
Per source time limit for tags page
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_TAGS_PER_SOURCE
Per source number limit for tags page
Defaults 20
Default: 20
Reset
DEFAULT_SETTING_TRASH_SINCE
Per source time limit for trash page
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_TRASH_PER_SOURCE
Per source number limit for trash page
Defaults 20
Default: 20
Reset
DEFAULT_SETTING_DRAFT_SINCE
Per source time limit for draft page
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_DRAFT_PER_SOURCE
Per source number limit for draft page
Defaults 20
Default: 20
Reset
DEFAULT_SETTING_SHOW_LIST_ICONS
Display source icons in message lists
Defaults to true
Default: true
Reset
DEFAULT_SETTING_START_PAGE
Redirect to this page on login
Defaults to none
Default: none
Reset
DEFAULT_SETTING_DISABLE_DELETE_PROMPT
Don't prompt when deleting something
Defaults to false
Default: false
Reset
DEFAULT_SETTING_NO_FOLDER_ICONS
Hide icons in the folder list
Defaults to false
Default: false
Reset
DEFAULT_SETTING_ALL_EMAIL_PER_SOURCE
Source max for the all email combined view
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_ALL_EMAIL_SINCE
Per source time limit for the all email combined view
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_ALL_SINCE
Per source time limit for the everything combined view
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_ALL_PER_SOURCE
Per source max for the everything combined view
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_UNREAD_PER_SOURCE
Per source max for the unread combined view
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_FLAGGED_PER_SOURCE
Per source max for the flagged combined view
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_FLAGGED_SINCE
Per source time limit for the flagged combined view
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_UNREAD_SINCE
Per source time limit for the unread combined view
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_SEARCH_SINCE
Per source time limit for IMAP SEARCH to find matching messages
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_TIMEZONE
Timezone for date displays
Defaults to UTC
Default: UTC
Reset
DEFAULT_SETTING_LIST_STYLE
Message list format style
Defaults to email client style
Default: email_style
Reset
DEFAULT_SETTING_LANGUAGE
Interface language
Defaults to en (English)
Default: en
Reset
DEFAULT_SETTING_UNREAD_EXCLUDE_FEEDS
Hide new news feed items from the unread combined view
Defaults to false
Default: false
Reset
DEFAULT_SETTING_FEED_LIMIT
Per source max for news feeds
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_FEED_SINCE
Per source time limit for news feeds
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_SMTP_COMPOSE_TYPE
Toggle between plain text or HTML formatted mail on the compose page
Defaults to 0 (plain text)
Reset
DEFAULT_SETTING_SMTP_AUTO_BCC
BCC a copy of outbound mail to the sender
Defaults to false
Default: false
Reset
DEFAULT_SETTING_THEME
UI theme
Defaults to the default white one ("White Bread")
Default: default
Reset
DEFAULT_SETTING_UNREAD_EXCLUDE_WORDPRESS
Hide WordPress notifications from the unread combined view
Defaults to false
Default: false
Reset
DEFAULT_SETTING_WORDPRESS_SINCE
Time limit for WordPress notifications
Defaults to 1 week
Default: -1 week
Reset
DEFAULT_SETTING_UNREAD_EXCLUDE_GITHUB
Hide Github notifications from the unread combined view
Defaults to false
Default: false
Reset
DEFAULT_SETTING_GITHUB_LIMIT
Max per source for Github notifications
Defaults to 20
Default: 20
Reset
DEFAULT_SETTING_GITHUB_SINCE
Max per source for Github notifications
Defaults to 20
Default: -1 week
Reset
DEFAULT_SETTING_INLINE_MESSAGE
Display message details inline from the message list
Defaults to false
Default: false
Reset
DEFAULT_SETTING_INLINE_MESSAGE
Display message style inline from the message list
Defaults to right
Default: right
Reset
DEFAULT_SETTING_ENABLE_KEYBOARD_SHORTCUTS
Enable keyboard shortcuts
Defaults to false
Default: false
Reset
DEFAULT_SETTING_ENABLE_SIEVE_FILTER
Enable sieve filter
Defaults to false
Default: false
Reset
FANCY_LOGIN
Fancy Login page
Use this setting switch between the legacy login page and the fancy one
Default: false
Reset
JS_EXCLUDE_DEPS
Reset
database
DB_CONNECTION_TYPE
-----------------------------------------------------------------------------
DB Support
-----------------------------------------------------------------------------
----------------
Database Support
----------------
Cypht can use a database for 3 different purposes: authentication, sessions,
and user settings. Each requires the following settings to be configured and
the correct table to be created. CREATE TABLE SQL statements for MySQL and
Postgresql are below.
Connection type. Can be "host" to connect to a hostname, or "socket" to
connect to a unix socket.
Default: host
Reset
DB_HOST
Database host name or ip address. If db_connection_type is set to "socket",
this value is ignored
Default: 127.0.0.1
Reset
DB_PORT
Database port. Only needed if your database is running on a non-standard
port
Default: 3306
Reset
DB_SOCKET
If db_connection_type is set to "socket", this should be the filesystem
location of the unix socket file. If db_connection_type is set to "host"
this value is ignored.
Default: /var/lib/mysqld/mysqld.sock
Reset
DB_NAME
Name of the database with the required tables
Default: cypht_db
Reset
DB_USER
User to connect to the database with
Default: root
Reset
DB_PASS
Password to connect to the database with
Reset
DB_DRIVER
Database type. can be any supported PDO driver ; (http://php.net/manual/en/pdo.drivers.php)
Default: mysql
Reset
2fa
APP_2FA_SECRET
--------------------------------------------------------------------
Constants used for 2 factor authentication with Google Authenticator
--------------------------------------------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
Enter the raw secret value (minimum 10 characters) to be used with the Google
Authenticator Application (or any TOTP app providing 6 digit pins). Users
must opt-in for 2fa on the site settings page which provides a QR barcode
to configure Google Authenticator.
In order for 2fa to work, your server MUST have an accurate date and time,
otherwise the codes won't match up. NTP is the standard way to keep a server's
time synced: http://www.ntp.org/
Reset
APP_2FA_SIMPLE
By default the generated secret will be 64 characters before being base32
encoded. To use a shorter secret that is easier to manually enter, set the
following to true. Note that if you change this setting after users have
enabled 2fa, they will have to use a backup code to login, then reset there
account in the authenticator app.
Default: false
Reset
carddav
CARD_DAV_SERVER
----------------------------------------
Constants used for CardDav communication
----------------------------------------
Default: http://localhost:5232
Reset
dynamic_login
DYNAMIC_HOST
----------------------------------------------
Constants used for dynamic login configuration
----------------------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
The dynamic login module set tries to autodetect mail server configurations,
but you can configure it to act specifically with the following settings.
Set this to true to use the hostname in the URL used to access Cypht to
determine the domain for mail services (IMAP/SMTP). If this is set to
true, the mail service selection dropdown is not displayed on the login page.
Default: true
Reset
DYNAMIC_HOST_SUBDOMAIN
If dynamic_host is true, you can strip the subdomain on the url with this
setting. Leave empty for no subdomain. For example, if a user accesses Cypht
at webmail.example.com, set this to "webmail" to use just example.com for the
IMAP/SMTP services.
Reset
DYNAMIC_USER
Set this to true to use the domain portion of an E-mail address used as a
username during login for mail services. Even if this is set to false, it
will still by attempted if dynamic_host is disabled and "other" is selected
from the mail service dropdown. If set to true, the mail service selection
dropdown is not displayed on the login page.
Default: false
Reset
DYNAMIC_SMTP_SUBDOMAIN
Subdomain to prepend to the mail service domain for SMTP. If the mail service
domain is example.com, but the SMTP server is at smtp.example.com, you would
set this to "smtp". Leave blank for no subdomain.
Reset
DYNAMIC_MAIL_SUBDOMAIN
Subdomain to prepend to the mail service domain for IMAP. If the mail
service is example.com, but the IMAP service is at "mail", you would
set this to "mail". Leave blank for no subdomain.
Reset
github
GITHUB_CLIENT_ID
[github.com]
-------------------------------------------------------
Constants used for oauth2 communication with github.com
-------------------------------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
Reset
GITHUB_CLIENT_SECRET
Reset
GITHUB_REDIRECT_URI
Default: http://localhost/?page=home
Reset
GITHUB_AUTH_URL
Default: https://github.com/login/oauth/authorize
Reset
GITHUB_TOKEN_URL
Default: https://github.com/login/oauth/access_token
Reset
ldap
LDAP_SERVER
-------------------------------------
Constants used for LDAP communication
-------------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
Create one section for each LDAP backend you want to support. The section name
will be used in the UI for the name of this addressbook
Default: localhost
Reset
LDAP_ENABLE_TLS
| Flag to enable or disable TLS connections
Default: true
Reset
LDAP_PORT
| Port to connect to
Default: 389
Reset
LDAP_BASE_DN
| Base DN
Default: dc=example,dc=com
Reset
LDAP_SEARCH_TERM
| Base DN
Default: objectclass=inetOrgPerson
Reset
LDAP_AUTH
| Flag to enable user binding. Anonymous binding is used when set to false
Default: false
Reset
LDAP_USER
| Global username and password to bind with if auth is set to true. If left
| blank, users will have a setting on the Settings -> Site page for this
| connection to enter their own
Reset
LDAP_PASS
Reset
LDAP_OBJECT_CLASS
| Object classes for the addressbook entries
Default: top,person,organizationalperson,inetorgperson
Reset
LDAP_READ_WRITE
| Flag to allow editing of the addressbook contents
Default: true
Reset
oauth2
GMAIL_CLIENT_ID
-------------------------------------------------
Constants used for oauth2 authentication over IMAP
-------------------------------------------------
Currently there are only two popular E-mail providers supporting IMAP/oauth2,
Outlook and Gmail. In order to use oauth2 you must create a web application
that generates a client id, client secret and a redirect URI, then define them
in this file.
An OAuth2 app can connect multiple accounts by using the user's authorization
to request unique access tokens for each account during the OAuth2 flow.
Each token corresponds to a specific user's permissions and account data.
Outlook.com https://account.live.com/developers/applications/
Gmail: https://console.developers.google.com/project
Reset
GMAIL_CLIENT_SECRET
Reset
GMAIL_CLIENT_URI
Default: http://localhost/?page=home
Reset
GMAIL_AUTH_URI
Default: https://accounts.google.com/o/oauth2/auth
Reset
GMAIL_TOKEN_URI
Default: https://www.googleapis.com/oauth2/v3/token
Reset
GMAIL_REFRESH_URI
Default: https://www.googleapis.com/oauth2/v3/token
Reset
OUTLOOK_CLIENT_ID
Reset
OUTLOOK_CLIENT_SECRET
Reset
OUTLOOK_CLIENT_URI
Default: http://localhost/?page=home
Reset
OUTLOOK_AUTH_URI
Default: https://login.live.com/oauth20_authorize.srf
Reset
OUTLOOK_TOKEN_URI
Default: https://login.live.com/oauth20_token.srf
Reset
OUTLOOK_REFRESH_URI
Default: https://login.live.com/oauth20_token.srf
Reset
OFFICE365_CLIENT_ID
Reset
OFFICE365_CLIENT_SECRET
Reset
OFFICE365_CLIENT_URI
Default: http://localhost/?page=home
Reset
OFFICE365_AUTH_URI
Default: https://login.live.com/oauth20_authorize.srf
Reset
OFFICE365_TOKEN_URI
Default: https://login.live.com/oauth20_token.srf
Reset
OFFICE365_REFRESH_URI
Default: https://login.live.com/oauth20_token.srf
Reset
recaptcha
RECAPTCHA_SECRET
-----------------------------------
Constants used for google recaptcha
-----------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
Reset
RECAPTCHA_SITE_KEY
Site key from the recaptcha admin
Reset
wordpress
WORDPRESS_CLIENT_ID
[wordpress.com]
----------------------------------------------------------
Constants used for oauth2 communication with WordPress.com
----------------------------------------------------------
SECURITY ALERT ! MAKE SURE THAT THIS FILE IS NOT ACCESSIBLE BY THE BROWSER !
Reset
WORDPRESS_CLIENT_SECRET
Reset
WORDPRESS_CLIENT_URI
Reset
Generate .env file
Reset all
Please note that neither allow_session_cache & cache_class are configurable
through here,
as it is not recommended and as such quite advanced usage.
Check
app.php (@github:cypht-org/cypht)
for more info