Weblate/weblate
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/WeblateOrg/weblate.git synced 2026-04-26 03:07:05 +08:00
Code Issues Projects Releases Packages Activity Actions 4
weblate/docs/admin/config.rst
Michal Čihař 08f702aa2e fix(utils): reject non-resolving URLs in validation
2026-04-24 11:22:21 +02:00

2724 lines
64 KiB
ReStructuredText
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. _config:
Configuration
=============
All settings are stored in :file:`settings.py` (as is usual for Django).
.. note::
After changing any of these settings, you need to restart Weblate — both
WSGI and Celery processes.
In case it is run as ``mod_wsgi``, you need to restart Apache to reload the
configuration.
.. seealso::
Please also check :doc:`Django's documentation <django:ref/settings>` for
parameters configuring Django itself.
.. setting:: ADMINS_CONTACT
ADMINS_CONTACT
--------------
Configures where contact form sends e-mails. If not configured,
e-mail addresses from :setting:`ADMINS` are used.
Configure this as a list of e-mail addresses:
.. code-block:: python
ADMINS_CONTACT = ["admin@example.com", "support@example.com"]
.. seealso::
* :setting:`CONTACT_FORM`
* :setting:`ADMINS`
.. setting:: ALLOWED_ASSET_DOMAINS
ALLOWED_ASSET_DOMAINS
---------------------
.. versionadded:: 5.14
Configures which domains are allowed for fetching assets in Weblate.
This enhances security by preventing loading assets from untrusted sources.
Assets are downloaded once by the Weblate server and stored locally, rather than
being served directly from external domains to users.
The allowlist is applied to the initial URL and to every HTTP redirect target
before Weblate follows it. Redirects to hosts outside of this allowlist are
rejected.
It expects a list of host/domain names. You can use fully qualified names
(e.g ``www.example.com``) or prepend with a period as a wildcard to match
all subdomains (e.g ``.example.com`` will match ``cdn.example.com`` or ``static.example.com``).
Defaults to ``["*"]``, which allows all domains.
**Example**
.. code-block:: python
ALLOWED_ASSET_DOMAINS = [
# Allows only cdn.anotherdomain.org
"cdn.anotherdomain.org",
# Allows example.com and all its subdomains
".example.com",
]
This is currently used in the following places:
* Screenshot uploads, see :ref:`screenshots`
* Remote HTML downloads for the :ref:`addon-weblate.cdn.cdnjs` add-on
.. seealso::
* :setting:`ALLOWED_ASSET_SIZE`
.. setting:: ALLOWED_MACHINERY_DOMAINS
ALLOWED_MACHINERY_DOMAINS
-------------------------
Configures which custom machinery domains are explicitly allowed in project-level
machine translation configuration.
This setting applies only to machinery services and does not affect
:setting:`ALLOWED_ASSET_DOMAINS`.
It expects a list of host/domain names. You can use fully qualified names or
prepend with a period as a wildcard to match all subdomains.
Defaults to ``[]``.
The allowlist affects project-managed machinery in two ways: it permits the
configured endpoint during outbound validation, and it marks matching hosts as
trusted when deciding whether remote provider error details or response bodies
can be shown to the user. For direct connections, runtime checks still reject
destinations that resolve to private or otherwise non-public addresses. When an
HTTP(S) proxy is used, runtime validation falls back to hostname validation and
does not perform the same local DNS or peer-IP checks.
.. setting:: ALLOWED_ASSET_SIZE
ALLOWED_ASSET_SIZE
------------------
.. versionadded:: 5.14
Configures size limit for fetching assets in Weblate. Defaults to 10 MB.
.. seealso::
* :setting:`ALLOWED_ASSET_DOMAINS`
.. setting:: ALTCHA_MAX_NUMBER
ALTCHA_MAX_NUMBER
-----------------
.. versionadded:: 5.9
Configures a maximal number for ALTCHA proof-of-work mechanism.
.. seealso::
`ALTCHA Proof of Work Mechanism <https://altcha.org/docs/proof-of-work/>`_
.. setting:: ANONYMOUS_USER_NAME
ANONYMOUS_USER_NAME
-------------------
Username of users that are not signed in.
.. seealso::
:ref:`access-control`
.. setting:: AUDITLOG_EXPIRY
AUDITLOG_EXPIRY
---------------
The maximum number of days Weblate will keep audit logs containing information
about the account activity.
Defaults to 180 days.
.. setting:: AUTH_LOCK_ATTEMPTS
AUTH_LOCK_ATTEMPTS
------------------
Maximum number of failed authentication attempts before rate limiting is applied.
This is currently applied in the following locations:
* Sign in. Deletes the account password, preventing the user from signing in
without requesting a new password.
* Password reset. Prevents new e-mails from being sent, avoiding spamming
users with too many password-reset attempts.
Defaults to 10.
.. seealso::
:ref:`rate-limit`
.. setting:: AUTO_UPDATE
AUTO_UPDATE
-----------
Updates all repositories on a daily basis.
.. hint::
Useful if you are not using :ref:`hooks` to update Weblate repositories automatically.
.. note::
On/off options exist in addition to string selection for backward compatibility.
The options are:
``"none"``
No daily updates.
``"remote"`` also ``False``
Only update remotes.
``"full"`` also ``True``
Update remotes and merge working copy.
.. note::
This requires that :ref:`celery` is working, and will take effect after it is restarted.
.. setting:: AVATAR_URL_PREFIX
AVATAR_URL_PREFIX
-----------------
Prefix for constructing avatar URLs as:
``${AVATAR_URL_PREFIX}/avatar/${MAIL_HASH}?${PARAMS}``.
The following services are known to work:
Gravatar (default), as per https://gravatar.com/
``AVATAR_URL_PREFIX = 'https://www.gravatar.com/'``
Libravatar, as per https://www.libravatar.org/
``AVATAR_URL_PREFIX = 'https://www.libravatar.org/'``
.. seealso::
* :ref:`production-cache-avatar`
* :setting:`ENABLE_AVATARS`
* :ref:`avatars`
.. setting:: AUTH_TOKEN_VALID
AUTH_TOKEN_VALID
----------------
How long the authentication token and temporary password from password reset e-mails is valid for.
Set in number of seconds, defaulting to 172800 (2 days).
AUTH_PASSWORD_DAYS
------------------
How many days Weblate rejects reusing a previously used password for a user.
The checking is based on the audit log, :setting:`AUDITLOG_EXPIRY` needs to be
at least same as this.
.. note::
Password changes made prior to Weblate 2.15 will not be accounted for in this policy.
Defaults to 180 days.
.. setting:: AUTOFIX_LIST
AUTOFIX_LIST
------------
List of automatic fixes to apply when saving a string.
.. note::
Provide a fully-qualified path to the Python class that implements the
autofixer interface.
Available fixes are described at :ref:`autofix`.
You can select which ones to use:
.. code-block:: python
AUTOFIX_LIST = (
"weblate.trans.autofixes.whitespace.SameBookendingWhitespace",
"weblate.trans.autofixes.chars.ReplaceTrailingDotsWithEllipsis",
)
.. seealso::
* :ref:`autofix`
* :ref:`custom-autofix`
* :ref:`custom-modules`
.. setting:: BACKGROUND_TASKS
BACKGROUND_TASKS
----------------
.. versionadded:: 4.5.2
Defines how often lengthy maintenance tasks should be triggered for a
component.
Right now this controls:
* :ref:`addon-weblate.autotranslate.autotranslate` add-on
* :doc:`checks` recalculation
Possible choices:
* ``monthly`` (this is the default)
* ``weekly``
* ``daily``
* ``never``
.. note::
Increasing the frequency is not recommended when Weblate contains thousands
of components.
.. setting:: BASIC_LANGUAGES
BASIC_LANGUAGES
---------------
.. versionadded:: 4.4
List of languages to offer users for starting a new translation. When not
specified, a built-in list is used (which includes all commonly used languages, but
without country specific variants).
This only limits non privileged users to add unwanted languages. Project
admins are still presented with the full selection of languages defined in Weblate.
.. note::
This does not define new languages for Weblate — it only filters existing ones
in the database.
**Example:**
.. code-block:: python
BASIC_LANGUAGES = {"cs", "it", "ja", "en"}
.. seealso::
:ref:`languages`
.. setting:: BORG_EXTRA_ARGS
BORG_EXTRA_ARGS
---------------
.. versionadded:: 4.9
You can pass additional arguments to :command:`borg create` when built-in backups are triggered.
**Example:**
.. code-block:: python
BORG_EXTRA_ARGS = ["--exclude", "vcs/"]
.. seealso::
* :ref:`backup`
* :doc:`borg:usage/create`
.. setting:: CACHE_DIR
CACHE_DIR
---------
.. versionadded:: 4.16
Directory where Weblate stores cache files. Defaults to :file:`cache` subfolder
in :setting:`DATA_DIR`.
Change this to local or temporary filesystem if :setting:`DATA_DIR` is on a
network filesystem.
Weblate also stores generated SSH wrapper scripts here, so :setting:`CACHE_DIR`
needs to be on an executable filesystem if :setting:`DATA_DIR` is mounted with
``noexec``.
The Docker container uses a separate volume for this, see :ref:`docker-volume`.
The following subdirectories usually exist:
:file:`ssh`
Generated SSH wrapper scripts used for VCS access.
:file:`fonts`
:program:`font-config` cache for :ref:`fonts`.
:file:`avatar`
Cached user avatars, see :ref:`avatars`.
:file:`static`
Default location for static Django files, specified by :setting:`django:STATIC_ROOT`. See :ref:`static-files`.
:file:`tesseract`
OCR trained data for :ref:`screenshots`.
.. setting:: CSP_SCRIPT_SRC
.. setting:: CSP_IMG_SRC
.. setting:: CSP_CONNECT_SRC
.. setting:: CSP_STYLE_SRC
.. setting:: CSP_FONT_SRC
.. setting:: CSP_FORM_SRC
CSP_SCRIPT_SRC, CSP_IMG_SRC, CSP_CONNECT_SRC, CSP_STYLE_SRC, CSP_FONT_SRC, CSP_FORM_SRC
---------------------------------------------------------------------------------------
Customize the :http:header:`Content-Security-Policy` header for Weblate. The header is
automatically generated based on enabled integrations with third-party services
(Matomo, Google Analytics, Sentry, …).
All these default to an empty list.
**Example:**
.. code-block:: python
# Enable Cloudflare Javascript optimizations
CSP_SCRIPT_SRC = ["ajax.cloudflare.com"]
.. seealso::
* :ref:`csp`
* `Content Security Policy (CSP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP>`_
.. setting:: CHECK_LIST
CHECK_LIST
----------
List of quality checks to perform on a translation.
.. note::
Provide a fully-qualified path to the Python class implementing the check
interface.
Adjust the list of checks to include ones relevant to you.
All built-in :ref:`checks` are turned on by default, from
where you can change these settings. By default they are commented out in :ref:`sample-configuration`
so that default values are used. New checks are then carried out for each new Weblate version.
You can turn off all checks:
.. code-block:: python
CHECK_LIST = ()
You can turn on only a few:
.. code-block:: python
CHECK_LIST = (
"weblate.checks.chars.BeginNewlineCheck",
"weblate.checks.chars.EndNewlineCheck",
"weblate.checks.chars.MaxLengthCheck",
)
.. note::
Changing this setting only affects newly changed translations. Existing checks
will still be stored in the database. To also apply changes to the stored translations, run
:wladmin:`updatechecks`.
.. seealso::
* :ref:`checks`
* :ref:`own-checks`
* :ref:`custom-modules`
.. setting:: COMMENT_CLEANUP_DAYS
COMMENT_CLEANUP_DAYS
--------------------
Delete comments after a given number of days.
Defaults to ``None``, meaning no deletion at all.
.. setting:: COMMIT_PENDING_HOURS
COMMIT_PENDING_HOURS
--------------------
Number of hours between committing pending changes by way of the background task.
.. seealso::
* :ref:`component`
* :ref:`component-commit_pending_age`
* :ref:`production-cron`
* :wladmin:`commit_pending`
.. setting:: COMPONENT_ZIP_UPLOAD_MAX_SIZE
COMPONENT_ZIP_UPLOAD_MAX_SIZE
-----------------------------
.. versionadded:: 5.17.1
Configures the maximum size, in bytes, for uploaded component ZIP files.
Defaults to 50 MB.
In Docker, configure this using the ``WEBLATE_COMPONENT_ZIP_UPLOAD_MAX_SIZE``
environment variable.
.. seealso::
* :ref:`component`
.. setting:: CONTACT_FORM
CONTACT_FORM
------------
.. versionadded:: 4.6
Configures how e-mail from the contact form is being sent.
Choose a configuration that matches the configuration of your mail server.
``"reply-to"``
The sender is used in as :mailheader:`Reply-To`, this is the default behaviour.
``"from"``
The sender is used in as :mailheader:`From`. Your mail server needs to allow
sending such e-mails.
``"disabled"``
Disables the contact form entirely.
.. versionadded:: 5.15
.. seealso::
:setting:`ADMINS_CONTACT`
.. setting:: DATA_DIR
DATA_DIR
--------
The folder Weblate stores all data in. It contains links to VCS repositories,
a fulltext index and various configuration files for external tools.
The following subdirectories usually exist:
:file:`home`
Home directory used for invoking scripts.
:file:`ssh`
SSH keys and configuration.
:file:`media`
Default location for Django media files, specified by :setting:`django:MEDIA_ROOT`. Contains uploaded screenshots, see :ref:`screenshots`.
:file:`vcs`
Version-control repositories for translations.
:file:`backups`
Daily backup data. Please check :ref:`backup-dumps` for details.
:file:`fonts`:
User-uploaded fonts, see :ref:`fonts`.
:file:`cache`
Various caches. Can be placed elsewhere using :setting:`CACHE_DIR`.
The Docker container uses a separate volume for this, see :ref:`docker-volume`.
.. note::
This directory has to be writable by Weblate. Running it as WSGI means
the ``www-data`` user should have write access to it.
The easiest way to achieve this is to make the user the owner of the directory:
.. code-block:: sh
sudo chown www-data:www-data -R $DATA_DIR
Defaults to ``/home/weblate/data``, but it is expected to be configured.
.. seealso::
* :ref:`file-permissions`
* :doc:`backup`
* :setting:`CACHE_DIR`
.. setting:: DATABASE_BACKUP
DATABASE_BACKUP
---------------
Whether the database backups should be stored as plain text, compressed or skipped.
The authorized values are:
* ``"plain"``
* ``"compressed"``
* ``"none"``
.. seealso::
:ref:`backup`
.. setting:: DEFAULT_ACCESS_CONTROL
DEFAULT_ACCESS_CONTROL
----------------------
The default access-control setting for new projects:
``0``
:guilabel:`Public`
``1``
:guilabel:`Protected`
``100``
:guilabel:`Private`
``200``
:guilabel:`Custom`
Use :guilabel:`Custom` if you are managing ACL manually, which means not relying
on the internal Weblate management.
.. seealso::
* :ref:`acl`
* :ref:`project-access_control`
.. setting:: DEFAULT_AUTO_WATCH
DEFAULT_AUTO_WATCH
------------------
.. versionadded:: 4.5
Configures whether :guilabel:`Automatically watch projects on contribution`
should be turned on for new users. Defaults to ``True``.
.. seealso::
:ref:`notifications`
.. setting:: DEFAULT_RESTRICTED_COMPONENT
DEFAULT_RESTRICTED_COMPONENT
----------------------------
.. versionadded:: 4.1
The default value for component restriction.
.. seealso::
* :ref:`component-restricted`
* :ref:`perm-check`
.. setting:: DEFAULT_COMMIT_MESSAGE
.. setting:: DEFAULT_ADD_MESSAGE
.. setting:: DEFAULT_DELETE_MESSAGE
.. setting:: DEFAULT_MERGE_MESSAGE
.. setting:: DEFAULT_ADDON_MESSAGE
DEFAULT_ADD_MESSAGE, DEFAULT_ADDON_MESSAGE, DEFAULT_COMMIT_MESSAGE, DEFAULT_DELETE_MESSAGE, DEFAULT_MERGE_MESSAGE
-----------------------------------------------------------------------------------------------------------------
Default commit messages for different operations, please check :ref:`component` for details.
.. seealso::
* :ref:`markup`
* :ref:`component`
* :ref:`component-commit_message`
.. setting:: DEFAULT_ADDONS
DEFAULT_ADDONS
--------------
Default add-ons to install for every created component.
.. note::
This setting affects only newly created components.
Example:
.. code-block:: python
DEFAULT_ADDONS = {
# Add-on with no parameters
"weblate.flags.target_edit": {},
# Add-on with parameters
"weblate.autotranslate.autotranslate": {
"mode": "suggest",
"filter_type": "todo",
"auto_source": "mt",
"component": "",
"engines": ["weblate-translation-memory"],
"threshold": "80",
},
}
.. seealso::
* :wladmin:`install_addon`
* :doc:`addons`
* :setting:`WEBLATE_ADDONS`
.. setting:: DEFAULT_COMMITER_EMAIL
DEFAULT_COMMITER_EMAIL
----------------------
Committer e-mail address, defaulting to ``noreply@weblate.org``.
.. seealso::
:setting:`DEFAULT_COMMITER_NAME`
.. setting:: DEFAULT_COMMITER_NAME
DEFAULT_COMMITER_NAME
---------------------
Committer name, defaulting to ``Weblate``.
.. seealso::
:setting:`DEFAULT_COMMITER_EMAIL`
.. setting:: DEFAULT_LANGUAGE
DEFAULT_LANGUAGE
----------------
.. versionadded:: 4.3.2
:ref:`component-source_language` for any new components.
Defaults to `en`. The matching language object needs to exist in the database.
.. seealso::
* :ref:`languages`
* :ref:`component-source_language`
.. setting:: DEFAULT_MERGE_STYLE
DEFAULT_MERGE_STYLE
-------------------
:ref:`component-merge_style` for any new components.
* `rebase` - default
* `merge`
.. seealso::
* :ref:`component`
* :ref:`component-merge_style`
.. setting:: DEFAULT_SHARED_TM
DEFAULT_SHARED_TM
-----------------
Configures the default value of :ref:`project-use_shared_tm` and :ref:`project-contribute_shared_tm`.
.. setting:: DEFAULT_TRANSLATION_REVIEW
DEFAULT_TRANSLATION_REVIEW
--------------------------
.. versionadded:: 5.16
Configures the default value for :ref:`project-translation_review`, turned off by default.
.. setting:: DEFAULT_SOURCE_REVIEW
DEFAULT_SOURCE_REVIEW
---------------------
.. versionadded:: 5.16
Configures the default value for :ref:`project-source_review`, turned off by default.
.. setting:: DEFAULT_AUTOCLEAN_TM
DEFAULT_AUTOCLEAN_TM
--------------------
.. versionadded:: 5.13
Configures the default value of :ref:`project-autoclean_tm`.
.. setting:: DEFAULT_TRANSLATION_PROPAGATION
DEFAULT_TRANSLATION_PROPAGATION
-------------------------------
Default setting for translation propagation, defaults to ``True``.
.. seealso::
* :ref:`component`
* :ref:`component-allow_translation_propagation`
.. setting:: DEFAULT_PULL_MESSAGE
.. _config-pull-message:
DEFAULT_PULL_MESSAGE
--------------------
Configures the default title and message for pull requests.
.. setting:: ENABLE_AVATARS
ENABLE_AVATARS
--------------
Whether to turn on Gravatar-based avatars for users. On by default.
Avatars are fetched and cached on the server, lowering the risk of
leaking private info, speeding up the user experience.
.. seealso::
* :ref:`production-cache-avatar`
* :setting:`AVATAR_URL_PREFIX`
* :ref:`avatars`
.. setting:: ENABLE_HOOKS
ENABLE_HOOKS
------------
Whether to turn on anonymous remote hooks.
.. seealso::
:ref:`hooks`
.. setting:: ENABLE_HTTPS
ENABLE_HTTPS
------------
.. versionchanged:: 5.7
Weblate now requires https for WebAuthn support.
Whether to send links to Weblate as HTTPS or HTTP. This setting affects sent
e-mails and generated absolute URLs.
In the default configuration this is also used for several Django settings
related to HTTPS — it enables secure cookies, toggles HSTS or enables
redirection to a HTTPS URL.
The HTTPS redirection might be problematic in some cases and you might hit
an issue with infinite redirection in case you are using a reverse proxy doing
an SSL termination which does not correctly pass protocol headers to Django.
Please tweak your reverse proxy configuration to emit :http:header:`X-Forwarded-Proto` or
:http:header:`Forwarded` headers or configure :setting:`django:SECURE_PROXY_SSL_HEADER` to
let Django correctly detect the SSL status.
In case this is disabled, Weblate will fail to start with an
``otp_webauthn.E031`` error. You can silence this error by adding it to
:setting:`django:SILENCED_SYSTEM_CHECKS`, but still WebAuthn will not work for
sites without HTTPS.
.. seealso::
* :setting:`django:SESSION_COOKIE_SECURE`
* :setting:`django:CSRF_COOKIE_SECURE`
* :setting:`django:SECURE_SSL_REDIRECT`
* :setting:`django:SECURE_PROXY_SSL_HEADER`
* :ref:`production-site`
.. setting:: ENABLE_SHARING
ENABLE_SHARING
--------------
Turn on/off the :guilabel:`Community` menu so users can share translation progress on social networks.
.. seealso::
:ref:`promotion`
.. setting:: EXTRA_HTML_HEAD
EXTRA_HTML_HEAD
---------------
.. versionadded:: 4.15
Insert additional markup into the HTML header. Can be used for verification of site ownership, for example:
.. code-block:: python
EXTRA_HTML_HEAD = '<link href="https://fosstodon.org/@weblate" rel="me">'
.. warning::
No sanitization is performed on the string. It is inserted as-is into the HTML header.
.. setting:: GET_HELP_URL
GET_HELP_URL
------------
.. versionadded:: 4.5.2
URL where support for your Weblate instance can be found.
.. setting:: GITEA_CREDENTIALS
GITEA_CREDENTIALS
-----------------
.. versionadded:: 4.12
List for credentials for Gitea servers.
.. code-block:: python
GITEA_CREDENTIALS = {
"try.gitea.io": {
"username": "weblate",
"token": "your-api-token",
},
}
.. include:: /snippets/vcs-credentials.rst
.. seealso::
* :ref:`vcs-gitea`
* `Creating a Gitea personal access token`_
.. _Creating a Gitea personal access token: https://docs.gitea.io/en-us/api-usage
.. setting:: GITLAB_CREDENTIALS
GITLAB_CREDENTIALS
------------------
.. versionadded:: 4.3
List for credentials for GitLab servers.
.. code-block:: python
GITLAB_CREDENTIALS = {
"gitlab.com": {
"username": "weblate",
"token": "your-api-token",
},
}
.. note::
The personal access token needs the :guilabel:`api` scope to be able to use the API.
.. include:: /snippets/vcs-credentials.rst
.. seealso::
* :ref:`vcs-gitlab`
* `GitLab: Personal access token <https://docs.gitlab.com/user/profile/personal_access_tokens/>`_
.. setting:: GITHUB_CREDENTIALS
GITHUB_CREDENTIALS
------------------
.. versionadded:: 4.3
List for credentials for GitHub servers.
.. code-block:: python
GITHUB_CREDENTIALS = {
"api.github.com": {
"username": "weblate",
"token": "your-api-token",
},
}
.. note::
It is possible to use both fine-grained personal access tokens and classic
personal access tokens. The fine-grained tokens are limited to a single
organization, so it won't work if you want Weblate to fork a repository
outside the organization (typically to the user namespace).
To clone, push and create pull requests, the read and write access to
:guilabel:`Contents` and :guilabel:`Pull requests` is required.
:guilabel:`Administration` might also be necessary for forking a repository
if you intend to use forking and the original repository is not public.
.. hint::
Use ``api.github.com`` as a API host for https://github.com/.
.. include:: /snippets/vcs-credentials.rst
.. seealso::
* :ref:`vcs-github`
* `Creating a GitHub personal access token`_
.. _Creating a GitHub personal access token: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
.. setting:: BITBUCKETSERVER_CREDENTIALS
BITBUCKETSERVER_CREDENTIALS
---------------------------
.. versionadded:: 4.16
List for credentials for Bitbucket Data Center.
.. code-block:: python
BITBUCKETSERVER_CREDENTIALS = {
"git.self-hosted.com": {
"username": "weblate",
"token": "http-access-token",
},
}
.. include:: /snippets/vcs-credentials.rst
.. seealso::
* :ref:`vcs-bitbucket-data-center`
* `Bitbucket: HTTP access token <https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html>`_
.. setting:: BITBUCKETCLOUD_CREDENTIALS
BITBUCKETCLOUD_CREDENTIALS
---------------------------
.. versionadded:: 5.8
List for credentials for Bitbucket Cloud servers.
.. code-block:: python
BITBUCKETCLOUD_CREDENTIALS = {
"bitbucket.org": {
"username": "your-email",
"workspace": "your-workspace-slug",
"token": "your-api-token",
},
}
The configuration dictionary consists of credentials defined for each API host.
The API host might be different from what you use in the web browser, for
example GitHub API is accessed as ``api.github.com``.
The following configuration is available for each host:
``username``
API user.
``workspace``
The user workspace slug.
``token``
The API token with `pullrequest:write` permission.
Additional settings not described here can be found at :ref:`settings-credentials`.
.. seealso::
* :ref:`vcs-bitbucket-cloud`
* `Create an API token <https://support.atlassian.com/bitbucket-cloud/docs/create-an-api-token/>`_
* `API token permissions <https://support.atlassian.com/bitbucket-cloud/docs/api-token-permissions/>`_
.. setting:: AZURE_DEVOPS_CREDENTIALS
AZURE_DEVOPS_CREDENTIALS
------------------------
.. versionadded:: 5.2
List for credentials for Azure DevOps servers.
.. code-block:: python
AZURE_DEVOPS_CREDENTIALS = {
"dev.azure.com": {
"username": "project-name",
"token": "your-api-token",
"organization": "organization-name",
},
}
The configuration dictionary consists of credentials defined for each API host.
The API host might be different from what you use in the web browser, for
example GitHub API is accessed as ``api.github.com``.
The following configuration is available for each host:
``username``
The name of the Azure DevOps project. This is not the repository name.
``organization``
The name of the organization of the project.
``workItemIds``
An optional list of work items IDs from your organization. When provided
new pull requests will have these attached.
``token``
API token for the API user, required.
Additional settings not described here can be found at :ref:`settings-credentials`.
.. seealso::
* :ref:`vcs-azure-devops`
* `Azure DevOps: Personal access token <https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows>`_
.. setting:: GOOGLE_ANALYTICS_ID
GOOGLE_ANALYTICS_ID
-------------------
Google Analytics ID to turn on monitoring of Weblate using Google Universal Analytics.
.. note::
Google Analytics 4 integration is currently not available for Weblate,
please see https://github.com/WeblateOrg/weblate/issues/14015.
.. setting:: HIDE_REPO_CREDENTIALS
HIDE_REPO_CREDENTIALS
---------------------
Hide repository credentials from the web interface. In case you have repository
URL with user and password, Weblate will hide it when related info is shown to
users.
For example instead of ``https://user:password@git.example.com/repo.git`` it
will show just ``https://git.example.com/repo.git``. It tries to clean up VCS
error messages too in a similar manner.
.. note::
On by default.
.. setting:: VERSION_DISPLAY
VERSION_DISPLAY
---------------
.. versionadded:: 5.17
Controls how prominently Weblate exposes its own version.
Supported values are:
``show``
Show the version in shared UI such as the footer and expose it in
:http:get:`/api/metrics/`.
``soft``
Hide the version from prominent shared UI, while keeping it discoverable on
the :guilabel:`About` page and in :http:get:`/api/metrics/`.
``hide``
Hide the version from shared UI and :http:get:`/api/metrics/`. This also
makes anonymous documentation links point to the latest documentation
instead of the version matching the installed release.
Hiding the version is a recommended security practice in some corporations,
but it does not prevent an attacker from inferring the version by probing
behavior.
.. note::
The default is ``show``.
.. setting:: HIDE_VERSION
HIDE_VERSION
------------
.. versionadded:: 4.3.1
.. deprecated:: 5.17
Compatibility alias for :setting:`VERSION_DISPLAY`. Set this to ``True`` to
get the same behavior as ``VERSION_DISPLAY = "hide"``.
.. setting:: IP_BEHIND_REVERSE_PROXY
IP_BEHIND_REVERSE_PROXY
-----------------------
Indicates whether Weblate is running behind a reverse proxy.
If set to ``True``, Weblate gets IP address from a header defined by
:setting:`IP_PROXY_HEADER`.
.. warning::
Ensure you are actually using a reverse proxy and that it sets this header,
otherwise users will be able to fake the IP address.
.. note::
This is not on by default.
.. seealso::
* :ref:`reverse-proxy`
* :ref:`rate-limit`
* :setting:`IP_PROXY_HEADER`
* :setting:`IP_PROXY_OFFSET`
.. setting:: IP_PROXY_HEADER
IP_PROXY_HEADER
---------------
Indicates which header Weblate should obtain the IP address from when
:setting:`IP_BEHIND_REVERSE_PROXY` is turned on.
Defaults to ``HTTP_X_FORWARDED_FOR``.
.. seealso::
* :ref:`reverse-proxy`
* :ref:`rate-limit`
* :setting:`django:SECURE_PROXY_SSL_HEADER`
* :setting:`IP_BEHIND_REVERSE_PROXY`
* :setting:`IP_PROXY_OFFSET`
.. setting:: IP_PROXY_OFFSET
IP_PROXY_OFFSET
---------------
.. versionchanged:: 5.0.1
The default changed from 1 to -1.
Indicates which part of :setting:`IP_PROXY_HEADER` is used as client IP
address.
Depending on your setup, this header might consist of several IP addresses,
(for example ``X-Forwarded-For: client-ip, proxy-a, proxy-b``) and you can configure
which address from the header is used as client IP address here.
.. warning::
Setting this affects the security of your installation. You should only
configure it to use trusted proxies for determining the IP address.
Please check <https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For#security_and_privacy_concerns> for more details.
Defaults to -1.
.. seealso::
* :ref:`reverse-proxy`
* :ref:`rate-limit`
* :setting:`django:SECURE_PROXY_SSL_HEADER`
* :setting:`IP_BEHIND_REVERSE_PROXY`
* :setting:`IP_PROXY_HEADER`
.. setting:: LEGAL_TOS_DATE
LEGAL_TOS_DATE
--------------
.. versionadded:: 4.15
.. note::
You need :ref:`legal` installed to make this work.
Date of last update of terms of service documents. Whenever the date changes,
users are required to agree with the updated terms of service.
.. code-block:: python
from datetime import date
LEGAL_TOS_DATE = date(2022, 2, 2)
.. setting:: LEGAL_URL
LEGAL_URL
---------
URL where your Weblate instance shows its legal documents.
.. hint::
Useful if you host your legal documents outside Weblate for embedding them inside Weblate.
Please check :ref:`legal` for details.
Example:
.. code-block:: python
LEGAL_URL = "https://weblate.org/terms/"
.. seealso::
:setting:`PRIVACY_URL`
.. setting:: LICENSE_EXTRA
LICENSE_EXTRA
-------------
Additional licenses to include in the license choices.
.. note::
Each license definition should be tuple of its short name, a long name, a URL and a boolean, indication with it is a libre license.
For example:
.. code-block:: python
LICENSE_EXTRA = [
(
"AGPL-3.0",
"GNU Affero General Public License v3.0",
"https://www.gnu.org/licenses/agpl-3.0-standalone.html",
True,
),
]
.. setting:: LICENSE_FILTER
LICENSE_FILTER
--------------
.. versionchanged:: 4.3
Setting this to blank value now disables license alert.
Filter list of licenses to show. This also disables the license alert when set
to empty.
.. note::
This filter uses the short license names.
For example:
.. code-block:: python
LICENSE_FILTER = {"AGPL-3.0", "GPL-3.0-or-later"}
Following disables the license alert:
.. code-block:: python
LICENSE_FILTER = set()
.. seealso::
:ref:`alerts`
.. setting:: LICENSE_REQUIRED
LICENSE_REQUIRED
----------------
Defines whether the license attribute in :ref:`component` is required.
.. note::
This is off by default.
.. setting:: LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH
LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH
-----------------------------------------
Whether the length of a given translation should be limited.
The restriction is the length of the source string × 10 characters.
.. hint::
Set this to ``False`` to allow longer translations (up to 10,000 characters) irrespective of source string length.
.. note::
Defaults to ``True``.
.. setting:: LOCALIZE_CDN_URL
.. setting:: LOCALIZE_CDN_PATH
LOCALIZE_CDN_URL and LOCALIZE_CDN_PATH
--------------------------------------
These settings configure the :ref:`addon-weblate.cdn.cdnjs` add-on.
:setting:`LOCALIZE_CDN_URL` defines root URL where the localization CDN is
available and :setting:`LOCALIZE_CDN_PATH` defines path where Weblate should
store generated files which will be served at the :setting:`LOCALIZE_CDN_URL`.
.. hint::
On Hosted Weblate, this uses ``https://weblate-cdn.com/``.
.. seealso::
:ref:`addon-weblate.cdn.cdnjs`
.. setting:: PIWIK_SITE_ID
.. setting:: MATOMO_SITE_ID
MATOMO_SITE_ID
--------------
ID of the site in Matomo (formerly Piwik) you want to use for tracking Weblate.
.. note::
This integration does not support the Matomo Tag Manager.
.. seealso::
:setting:`MATOMO_URL`
.. setting:: PIWIK_URL
.. setting:: MATOMO_URL
MATOMO_URL
----------
Full URL (including trailing slash) of a Matomo (formerly Piwik) installation you want
to use to track Weblate use. Please check <https://matomo.org/> for more details.
.. hint::
This integration does not support the Matomo Tag Manager.
For example:
.. code-block:: python
MATOMO_SITE_ID = 1
MATOMO_URL = "https://example.matomo.cloud/"
.. seealso::
:setting:`MATOMO_SITE_ID`
.. setting:: NEARBY_MESSAGES
NEARBY_MESSAGES
---------------
Number of nearby strings to show in each direction in the full editor.
This is just a default value, users can adjust this in :ref:`user-profile`.
.. setting:: DEFAULT_PAGE_LIMIT
DEFAULT_PAGE_LIMIT
------------------
.. versionadded:: 4.7
Default number of elements to display when pagination is active.
.. setting:: PAGURE_CREDENTIALS
PAGURE_CREDENTIALS
------------------
.. versionadded:: 4.3.2
List for credentials for Pagure servers.
.. code-block:: python
PAGURE_CREDENTIALS = {
"pagure.io": {
"username": "weblate",
"token": "your-api-token",
},
}
.. include:: /snippets/vcs-credentials.rst
.. seealso::
* :ref:`vcs-pagure`
* `Pagure API <https://pagure.io/api/0/>`_
.. setting:: PASSWORD_MINIMAL_STRENGTH
PASSWORD_MINIMAL_STRENGTH
-------------------------
.. versionadded:: 5.10.2
Minimal password score as evaluated by the `zxcvbn
<https://github.com/dwolfhub/zxcvbn-python>`_ password strength estimator.
Defaults to 0, which means strength checking is disabled.
.. seealso::
* :ref:`password-authentication`
* :envvar:`WEBLATE_MIN_PASSWORD_SCORE`
.. setting:: PASSWORD_RESET_URL
PASSWORD_RESET_URL
------------------
.. versionadded:: 5.17
URL for password reset when authentication is handled by an external identity provider, such as LDAP, SAML, or OAuth.
When set, :guilabel:`Forgot your password?` on the sign-in page links to this URL
instead of Weblate's built-in password reset page.
.. setting:: PRIVACY_URL
PRIVACY_URL
-----------
.. versionadded:: 4.8.1
URL where your Weblate instance shows its privacy policy.
.. hint::
Useful if you host your legal documents outside Weblate for embedding them inside Weblate,
please check :ref:`legal` for details.
Example:
.. code-block:: python
PRIVACY_URL = "https://weblate.org/terms/"
.. seealso::
:setting:`LEGAL_URL`
.. setting:: PRIVATE_COMMIT_EMAIL_OPT_IN
PRIVATE_COMMIT_EMAIL_OPT_IN
---------------------------
.. versionadded:: 4.15
Configures whether the private commit e-mail is opt-in or opt-out (by default it is opt-in).
.. hint::
This setting only applies to users which have not explicitly chosen a commit e-mail.
.. seealso::
* :ref:`profile`
* :setting:`PRIVATE_COMMIT_EMAIL_TEMPLATE`
.. setting:: PRIVATE_COMMIT_EMAIL_TEMPLATE
PRIVATE_COMMIT_EMAIL_TEMPLATE
-----------------------------
.. versionadded:: 4.15
Template to generate a private commit e-mail for a user. Defaults to ``"{username}@users.noreply.{site_domain}"``.
It can contain ``{user_id}``, ``{username}``, ``{site_title}``, and ``{site_domain}``.
Set to blank string to disable.
.. note::
Using a different commit e-mail is opt-in for users unless configured by
:setting:`PRIVATE_COMMIT_EMAIL_OPT_IN`. Users can configure their commit e-mail in
the :ref:`profile`.
.. setting:: PRIVATE_COMMIT_NAME_OPT_IN
PRIVATE_COMMIT_NAME_OPT_IN
--------------------------
.. versionadded:: 5.16
Configures whether the private commit name is opt-in or opt-out (by default it is opt-in).
.. hint::
This setting only applies to users which have not explicitly chosen a commit name.
.. seealso::
* :ref:`profile`
* :setting:`PRIVATE_COMMIT_NAME_TEMPLATE`
.. setting:: PRIVATE_COMMIT_NAME_TEMPLATE
PRIVATE_COMMIT_NAME_TEMPLATE
----------------------------
.. versionadded:: 5.16
Template to generate a private commit name for a user. Defaults to ``"{site_title} user {user_id}"``.
It can contain ``{user_id}``, ``{username}``, ``{site_title}``, and ``{site_domain}``.
Set to blank string to disable.
.. note::
Using a different commit name is opt-in for users unless configured by
:setting:`PRIVATE_COMMIT_NAME_OPT_IN`. Users can configure their commit name in
the :ref:`profile`.
.. setting:: PROJECT_BACKUP_KEEP_COUNT
PROJECT_BACKUP_KEEP_COUNT
-------------------------
.. versionadded:: 4.14
Defines how many backups per project are kept on the server. Defaults to 3.
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_BACKUP_KEEP_DAYS
PROJECT_BACKUP_KEEP_DAYS
------------------------
.. versionadded:: 4.14
Defines how long the project backups will be kept on the server. Defaults to 30 days.
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_BACKUP_IMPORT_MAX_MEMBERS
PROJECT_BACKUP_IMPORT_MAX_MEMBERS
---------------------------------
.. versionadded:: 5.17
Defines the maximum number of ZIP entries allowed when importing a project
backup.
This is a safeguard against malformed or intentionally fragmented archives.
Defaults to 100000 entries.
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE
PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE
-----------------------------------------------
.. versionadded:: 5.17
Defines the maximum uncompressed size, in bytes, for a single highly
compressed ZIP entry in an imported project backup.
This limit is only applied to entries that are large enough and compress
enough to look suspicious. Large low-compression files are intentionally
allowed here and are expected to be constrained by the HTTP upload limit.
Defaults to 262144000 bytes (250 MiB).
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE
PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE
------------------------------------
.. versionadded:: 5.17
Defines the minimum uncompressed size, in bytes, at which Weblate starts
considering the ZIP compression ratio during project backup import.
Smaller files are ignored for the compression-ratio-based validation to avoid
rejecting reasonably sized files that compress well. Defaults to 1048576 bytes
(1 MiB).
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO
PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO
------------------------------------------------
.. versionadded:: 5.17
Defines the maximum allowed ratio between the uncompressed and compressed size
for a large ZIP entry during project backup import.
This is used together with
:setting:`PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE` and
:setting:`PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE` to detect suspiciously
compressed entries while still allowing large repository pack files and other
low-compression content. Defaults to 250.
.. seealso::
:ref:`projectbackup`
.. setting:: PROJECT_NAME_RESTRICT_RE
PROJECT_NAME_RESTRICT_RE
------------------------
.. versionadded:: 4.15
Defines a regular expression to restrict project naming. Any matching names will be rejected.
.. seealso::
:ref:`project-name`
.. setting:: PROJECT_WEB_RESTRICT_HOST
PROJECT_WEB_RESTRICT_HOST
-------------------------
.. versionadded:: 4.16.2
Reject using certain hosts in project website. Any subdomain is matched, so
including ``example.com`` will block ``test.example.com`` as well. The list
should contain lower case strings only, the parsed domain is lower cased before
matching.
Default configuration:
.. code-block:: python
PROJECT_WEB_RESTRICT_HOST = {"localhost"}
.. seealso::
* :ref:`project-web`
* :setting:`PROJECT_WEB_RESTRICT_NUMERIC`
* :setting:`PROJECT_WEB_RESTRICT_PRIVATE`
* :setting:`PROJECT_WEB_RESTRICT_RE`
* :setting:`PROJECT_WEB_RESTRICT_ALLOWLIST`
.. setting:: PROJECT_WEB_RESTRICT_ALLOWLIST
PROJECT_WEB_RESTRICT_ALLOWLIST
------------------------------
.. versionadded:: 5.17
Defines a set of project slugs exempt from
:setting:`PROJECT_WEB_RESTRICT_HOST`, :setting:`PROJECT_WEB_RESTRICT_NUMERIC`,
:setting:`PROJECT_WEB_RESTRICT_PRIVATE`, and
:setting:`PROJECT_WEB_RESTRICT_RE` when validating the project website.
Project slugs are matched case-insensitively.
.. caution::
This exemption weakens outbound URL protections for matching projects,
including the private-target restriction enforced by
:setting:`PROJECT_WEB_RESTRICT_PRIVATE`. Use it only for trusted,
administrator-managed projects where bypassing these checks is intentional.
Default configuration:
.. code-block:: python
PROJECT_WEB_RESTRICT_ALLOWLIST = set()
.. seealso::
* :ref:`project-web`
* :setting:`PROJECT_WEB_RESTRICT_HOST`
* :setting:`PROJECT_WEB_RESTRICT_NUMERIC`
* :setting:`PROJECT_WEB_RESTRICT_PRIVATE`
* :setting:`PROJECT_WEB_RESTRICT_RE`
.. setting:: PROJECT_WEB_RESTRICT_NUMERIC
PROJECT_WEB_RESTRICT_NUMERIC
----------------------------
.. versionadded:: 4.16.2
Reject using numeric IP address in project website. On by default.
.. seealso::
* :ref:`project-web`
* :setting:`PROJECT_WEB_RESTRICT_HOST`
* :setting:`PROJECT_WEB_RESTRICT_PRIVATE`
* :setting:`PROJECT_WEB_RESTRICT_RE`
.. setting:: PROJECT_WEB_RESTRICT_PRIVATE
PROJECT_WEB_RESTRICT_PRIVATE
----------------------------
.. versionadded:: 5.17
Reject using project website and repository browser URLs pointing to internal or
non-public addresses. On by default.
.. seealso::
* :ref:`project-web`
* :ref:`component-repoweb`
* :setting:`PROJECT_WEB_RESTRICT_HOST`
* :setting:`PROJECT_WEB_RESTRICT_NUMERIC`
* :setting:`PROJECT_WEB_RESTRICT_RE`
.. setting:: PROJECT_WEB_RESTRICT_RE
PROJECT_WEB_RESTRICT_RE
-----------------------
.. versionadded:: 4.15
Defines a regular expression to limit what can be entered as :ref:`project-web`. Any matching URLs will be rejected.
.. seealso::
* :ref:`project-web`
* :setting:`PROJECT_WEB_RESTRICT_HOST`
* :setting:`PROJECT_WEB_RESTRICT_NUMERIC`
* :setting:`PROJECT_WEB_RESTRICT_PRIVATE`
.. setting:: WEBHOOK_PRIVATE_ALLOWLIST
WEBHOOK_PRIVATE_ALLOWLIST
-------------------------
.. versionadded:: 5.17
Defines hostnames or domains exempt from :setting:`WEBHOOK_RESTRICT_PRIVATE`
for outbound webhook delivery. Entries follow Django host matching semantics,
so values such as ``hooks.internal.example`` or ``.internal.example`` can be
used.
Default configuration:
.. code-block:: python
WEBHOOK_PRIVATE_ALLOWLIST = []
.. seealso::
* :setting:`WEBHOOK_RESTRICT_PRIVATE`
.. setting:: WEBHOOK_RESTRICT_PRIVATE
WEBHOOK_RESTRICT_PRIVATE
------------------------
.. versionadded:: 5.17
Reject webhook URLs pointing to internal or non-public addresses unless the
target host is included in :setting:`WEBHOOK_PRIVATE_ALLOWLIST`. On by default.
When enabled, hostnames that cannot be resolved during validation are rejected
unless they are explicitly included in :setting:`WEBHOOK_PRIVATE_ALLOWLIST`.
.. seealso::
* :ref:`addon-weblate.webhook.webhook`
* :setting:`WEBHOOK_PRIVATE_ALLOWLIST`
.. setting:: PUBLIC_ENGAGE
PUBLIC_ENGAGE
-------------
.. versionadded:: 5.16.2
Allows public engage page even with :setting:`REQUIRE_LOGIN`.
.. seealso::
* :ref:`promotion`
.. setting:: RATELIMIT_NOTIFICATION_LIMITS
RATELIMIT_NOTIFICATION_LIMITS
-----------------------------
.. versionadded:: 5.14
Limits how many notifications for a single user will be sent out.
The default setting is:
.. code-block:: python
# Multi-level rate limiting for email notifications
# Each tuple contains (max_emails, time_window_seconds)
RATELIMIT_NOTIFICATION_LIMITS = [
# Prevent burst sends - 3 emails per 2 minutes
(3, 120),
# Equalize to avoid getting blocked for too long - 10 emails per hour
(10, 3600),
# Daily limit: 50 emails per day
(50, 86400),
]
.. setting:: RATELIMIT_ATTEMPTS
RATELIMIT_ATTEMPTS
------------------
Maximum number of authentication attempts before rate limiting is applied.
Defaults to 5.
.. seealso::
* :ref:`rate-limit`
* :setting:`RATELIMIT_WINDOW`
* :setting:`RATELIMIT_LOCKOUT`
.. setting:: RATELIMIT_WINDOW
RATELIMIT_WINDOW
----------------
How long authentication is accepted after rate limiting applies.
An amount of seconds, defaulting to 300 (5 minutes).
.. seealso::
* :ref:`rate-limit`
* :setting:`RATELIMIT_ATTEMPTS`
* :setting:`RATELIMIT_LOCKOUT`
.. setting:: RATELIMIT_LOCKOUT
RATELIMIT_LOCKOUT
-----------------
How long authentication is locked after rate limiting applies.
An amount of seconds defaulting to 600 (10 minutes).
.. seealso::
* :ref:`rate-limit`
* :setting:`RATELIMIT_ATTEMPTS`
* :setting:`RATELIMIT_WINDOW`
.. setting:: REGISTRATION_ALLOW_BACKENDS
REGISTRATION_ALLOW_BACKENDS
---------------------------
.. versionadded:: 4.1
List of authentication backends to allow registration from. This only limits
new registrations, users can still authenticate and add authentication using
all configured authentication backends.
It is recommended to keep :setting:`REGISTRATION_OPEN` on while limiting
registration backends, otherwise users will be able to register, but Weblate
will not show links to register in the user interface.
Example:
.. code-block:: python
REGISTRATION_ALLOW_BACKENDS = ["azuread-oauth2", "azuread-tenant-oauth2"]
.. hint::
The backend names match names used in the URL for authentication.
.. seealso::
* :setting:`REGISTRATION_OPEN`
* :doc:`auth`
.. setting:: REGISTRATION_CAPTCHA
REGISTRATION_CAPTCHA
--------------------
Whether registration of new accounts is protected by a CAPTCHA. Defaults to enabled.
If turned on, a CAPTCHA is added to all pages where a users enters their e-mail address:
* New account registration.
* Password recovery.
* Adding e-mail to an account.
* Contact form for users that are not signed in.
The protection currently consists of following steps:
* Mathematical captcha to be solved by the user.
* Proof of work challenge calculated by the browser. The difficulty can be adjusted using :setting:`ALTCHA_MAX_NUMBER`.
.. setting:: REGISTRATION_EMAIL_MATCH
REGISTRATION_EMAIL_MATCH
------------------------
Allows you to filter which e-mail addresses can register.
Defaults to ``.*``, which allows any e-mail address to be registered.
You can use it to restrict registration to a single e-mail domain:
.. code-block:: python
REGISTRATION_EMAIL_MATCH = r"^.*@weblate\.org$"
.. setting:: REGISTRATION_ALLOW_DISPOSABLE_EMAILS
REGISTRATION_ALLOW_DISPOSABLE_EMAILS
-------------------------------------
.. versionadded:: 5.16.1
Allow registration with disposable e-mail domains. When enabled, the
disposable domain blocklist is bypassed. Default is ``False``.
.. seealso::
- :setting:`REGISTRATION_EMAIL_MATCH`
- :envvar:`WEBLATE_REGISTRATION_ALLOW_DISPOSABLE_EMAILS`
.. setting:: REGISTRATION_OPEN
REGISTRATION_OPEN
-----------------
Whether registration of new accounts is currently permitted.
Defaults to enabled.
This setting affects built-in authentication by e-mail address or through the
Python Social Auth (you can allow certain back-ends using
:setting:`REGISTRATION_ALLOW_BACKENDS`).
.. note::
If using third-party authentication methods such as :ref:`ldap-auth`, it
just hides the registration form, but new users might still be able to sign
in and create accounts.
.. seealso::
* :setting:`REGISTRATION_ALLOW_BACKENDS`
* :setting:`REGISTRATION_EMAIL_MATCH`
* :doc:`auth`
.. setting:: REGISTRATION_REBIND
REGISTRATION_REBIND
-------------------
.. versionadded:: 4.16
Allow rebinding authentication backends for existing users. Turn this on when
migrating between authentication providers.
.. note::
Off by default to not allow adding other authentication backends to
an existing account. Rebinding can lead to account compromise when using
more third-party authentication backends.
.. setting:: REPOSITORY_ALERT_THRESHOLD
REPOSITORY_ALERT_THRESHOLD
--------------------------
.. versionadded:: 4.0.2
Threshold for triggering an alert for outdated repositories, or ones that
contain too many changes. Defaults to 25.
.. seealso::
:ref:`alerts`
.. setting:: REQUIRE_LOGIN
REQUIRE_LOGIN
-------------
.. versionadded:: 4.1
This enables :class:`django:django.contrib.auth.middleware.LoginRequiredMiddleware`
and configures REST framework to require authentication for all API endpoints.
.. versionchanged:: 5.15
Weblate now relies on Django built-in middleware.
.. note::
This is implemented in the :ref:`sample-configuration`. For Docker, use
:envvar:`WEBLATE_REQUIRE_LOGIN`.
.. setting:: SENTRY_DSN
SENTRY_DSN
----------
Sentry DSN to use for :ref:`collecting-errors`.
.. seealso::
`Django integration for Sentry <https://docs.sentry.io/platforms/python/integrations/django/>`_
.. setting:: SENTRY_ENVIRONMENT
SENTRY_ENVIRONMENT
------------------
Configures environment for Sentry. Defaults to ``devel``.
.. setting:: SENTRY_MONITOR_BEAT_TASKS
SENTRY_MONITOR_BEAT_TASKS
-------------------------
.. versionadded:: 5.13
Configure whether to monitor Celery Beat tasks with Sentry. Defaults to ``True``.
.. setting:: SENTRY_PROFILES_SAMPLE_RATE
SENTRY_PROFILES_SAMPLE_RATE
---------------------------
Configure sampling rate for performance monitoring. Set to 1 to trace all events, 0 (the default) disables tracing.
.. seealso::
`Sentry Performance Monitoring <https://docs.sentry.io/product/sentry-basics/performance-monitoring/>`_
.. setting:: SENTRY_SEND_PII
SENTRY_SEND_PII
---------------
Allow Sentry to collect certain personally identifiable information. Turned off by default.
.. versionchanged:: 5.7
This is turned off by default now, used to be turned on by default.
.. setting:: SENTRY_TRACES_SAMPLE_RATE
SENTRY_TRACES_SAMPLE_RATE
-------------------------
Configure sampling rate for profiling monitoring. Set to 1 to trace all events, 0 (the default) disables tracing.
.. seealso::
`Sentry Profiling <https://docs.sentry.io/product/explore/profiling/>`_
.. setting:: SESSION_COOKIE_AGE_2FA
SESSION_COOKIE_AGE_2FA
----------------------
.. versionadded:: 5.13.1
Set session expiry while in :ref:`2fa`. This complements
:setting:`django:SESSION_COOKIE_AGE` which is used for unauthenticated users.
.. setting:: SESSION_COOKIE_AGE_AUTHENTICATED
SESSION_COOKIE_AGE_AUTHENTICATED
--------------------------------
.. versionadded:: 4.3
Set session expiry for authenticated users. This complements
:setting:`django:SESSION_COOKIE_AGE` which is used for unauthenticated users.
.. seealso::
:setting:`django:SESSION_COOKIE_AGE`
.. setting:: SIMPLIFY_LANGUAGES
SIMPLIFY_LANGUAGES
------------------
Use simple language codes for default language/country combinations.
For example an ``fr_FR`` translation will use the ``fr`` language code.
This is usually the desired behavior, as it simplifies listing languages
for these default combinations.
Turn this off if you want to different translations for each variant.
.. setting:: HIDE_SHARED_GLOSSARY_COMPONENTS
HIDE_SHARED_GLOSSARY_COMPONENTS
-------------------------------
.. versionadded:: 5.16
Glossary components are typically shared into other projects to make them
available for translation work. When these are visible in the component list of
projects that are using them, it can cause confusion or distract translators
from the actual components that are meant to be translated.
This is turned off by default, making shared glossary components visible.
.. setting:: SITE_DOMAIN
SITE_DOMAIN
-----------
Configures site domain. Necessary to produce correct absolute links in
many scopes (for example activation e-mails, notifications or RSS feeds).
If Weblate is running on a non-standard port, include it here as well.
**Examples:**
.. code-block:: python
# Production site with domain name
SITE_DOMAIN = "weblate.example.com"
# Local development with IP address and port
SITE_DOMAIN = "127.0.0.1:8000"
.. note::
This setting should only contain the domain name. For configuring protocol,
(turning on and enforcing HTTPS) use :setting:`ENABLE_HTTPS` and for changing
the URL, use :setting:`URL_PREFIX`.
.. hint::
On a Docker container, the site domain is configured through
:envvar:`WEBLATE_ALLOWED_HOSTS`.
.. seealso::
* :ref:`production-site`
* :ref:`production-hosts`
* :ref:`production-ssl`
* :envvar:`WEBLATE_SITE_DOMAIN`
* :setting:`ENABLE_HTTPS`
.. setting:: SITE_TITLE
SITE_TITLE
----------
Site title to be used for the website and sent e-mails.
.. setting:: SPECIAL_CHARS
SPECIAL_CHARS
-------------
Additional characters to include in the visual keyboard, :ref:`visual-keyboard`.
The default value is:
.. code-block:: python
SPECIAL_CHARS = ("\t", "\n", "\u00a0", "")
.. setting:: SINGLE_PROJECT
SINGLE_PROJECT
--------------
Redirects users directly to a project or component instead of showing
the dashboard. You can either set it to ``True`` so it only works
if there is actually only single project in Weblate. Alternatively, set
the project slug, and it will redirect unconditionally to this project.
Example:
.. code-block:: python
SINGLE_PROJECT = "test"
.. setting:: SSH_EXTRA_ARGS
SSH_EXTRA_ARGS
--------------
.. versionadded:: 4.9
Allows adding custom parameters when Weblate is invoking SSH.
Useful when connecting to servers using legacy encryption or other non-standard features.
For example when SSH connection in Weblate fails with `Unable to negotiate with legacyhost: no matching key exchange method found.
Their offer: diffie-hellman-group1-sha1`, you can turn that on using:
.. code-block:: python
SSH_EXTRA_ARGS = "-oKexAlgorithms=+diffie-hellman-group1-sha1"
.. hint::
The string is evaluated by the shell, so ensure any whitespace and
special characters is quoted.
.. seealso::
`OpenSSH Legacy Options <https://www.openssh.org/legacy.html>`_
.. setting:: STATUS_URL
STATUS_URL
----------
The URL where your Weblate instance reports its status.
.. setting:: SUGGESTION_CLEANUP_DAYS
SUGGESTION_CLEANUP_DAYS
-----------------------
Automatically deletes suggestions after a given number of days.
Defaults to ``None``, meaning no deletions.
.. setting:: SUPPORT_STATUS_CHECK
SUPPORT_STATUS_CHECK
--------------------
.. versionadded:: 5.5
Disables semiannual support status check and redirecting superusers upon login
to the donation page in case there is no active support subscription.
.. hint::
Improve your Weblate experience by purchasing a support subscription and boosting Weblate progress instead of turning this off.
.. setting:: TRANSLATION_UPLOAD_MAX_SIZE
TRANSLATION_UPLOAD_MAX_SIZE
---------------------------
.. versionadded:: 5.17.1
Configures the maximum size, in bytes, for uploaded translation files. Defaults
to 50 MB.
In Docker, configure this using the ``WEBLATE_TRANSLATION_UPLOAD_MAX_SIZE``
environment variable.
.. setting:: UNUSED_ALERT_DAYS
UNUSED_ALERT_DAYS
-----------------
.. versionadded:: 4.17
Configures when the :guilabel:`Component seems unused` alert is triggered.
Defaults to 365 days, set to 0 to turn it off.
.. setting:: UPDATE_LANGUAGES
UPDATE_LANGUAGES
----------------
.. versionadded:: 4.3.2
Controls whether languages database should be updated when running database
migration and is on by default. This setting has no effect on invocation
of :wladmin:`setuplang`.
.. warning::
The languages display might become inconsistent with this. Weblate language
definitions expand over time and it will not display language code for
the defined languages.
.. seealso::
:ref:`included-languages`
.. setting:: URL_PREFIX
URL_PREFIX
----------
This setting allows you to run Weblate under some path (otherwise it relies on
being run from the webserver root).
.. note::
To use this setting, you also need to configure your server to strip this prefix.
For example with WSGI, this can be achieved by setting ``WSGIScriptAlias``.
.. hint::
The prefix should start with a ``/``.
Example:
.. code-block:: python
URL_PREFIX = "/translations"
.. note::
This setting does not work with Django's built-in server, you would have to
adjust :file:`urls.py` to contain this prefix.
.. setting:: VCS_ALLOW_HOSTS
VCS_ALLOW_HOSTS
---------------
.. versionadded:: 5.15
A set of hosts to allow when configuring VCS URL. Defaults to an empty set,
which does no filtering at all.
When :setting:`VCS_RESTRICT_PRIVATE` is enabled, matching hosts are also exempt
from the private-target restriction.
.. setting:: VCS_ALLOW_SCHEMES
VCS_ALLOW_SCHEMES
-----------------
.. versionadded:: 5.15
A set of URL schemes to allow when configuring VCS URL. Only ``https`` and
``ssh`` are allowed by default.
.. setting:: VCS_RESTRICT_PRIVATE
VCS_RESTRICT_PRIVATE
--------------------
.. versionadded:: 5.17
Reject VCS repository URLs pointing to internal or non-public addresses unless
the target host is included in :setting:`VCS_ALLOW_HOSTS`. On by default.
When enabled, hostnames that cannot be resolved during validation are rejected
unless they are explicitly included in :setting:`VCS_ALLOW_HOSTS`.
.. setting:: VCS_API_DELAY
VCS_API_DELAY
-------------
.. versionadded:: 4.15.1
Configures minimal delay in seconds between third-party API calls in
:ref:`vcs-github`, :ref:`vcs-gitlab`, :ref:`vcs-gitea`, :ref:`vcs-pagure`, and
:ref:`vcs-azure-devops`.
This rate-limits API calls from Weblate to these services to avoid overloading them.
If you are being limited by secondary rate-limiter at GitHub, increasing this might help.
The default value is 10.
.. setting:: VCS_API_TIMEOUT
VCS_API_TIMEOUT
---------------
.. versionadded:: 5.15
Configures timeout in seconds for third-party API calls such as forking or
creating merge requests in :ref:`vcs-github`, :ref:`vcs-gitlab`,
:ref:`vcs-gitea`, :ref:`vcs-pagure`, and :ref:`vcs-azure-devops`.
The default value is 10.
.. setting:: VCS_BACKENDS
VCS_BACKENDS
------------
Configuration of available VCS backends.
.. note::
Weblate tries to use all supported back-ends you have the tools for.
.. hint::
You can limit choices or add custom VCS back-ends by using this.
.. code-block:: python
VCS_BACKENDS = ("weblate.vcs.git.GitRepository",)
.. seealso::
:ref:`vcs`
.. setting:: VCS_CLONE_DEPTH
VCS_CLONE_DEPTH
---------------
Configures how deep cloning of repositories Weblate should do.
.. note::
Currently this is only supported in :ref:`vcs-git`. By default Weblate does shallow clones of the
repositories to make cloning faster and save disk space. Depending on your usage
(for example when using custom :ref:`addons`), you might want to increase
the depth or turn off shallow clones completely by setting this to 0.
.. hint::
In case you get ``fatal: protocol error: expected old/new/ref, got 'shallow
<commit hash>'`` error when pushing from Weblate, turn off shallow clones completely by setting:
.. code-block:: python
VCS_CLONE_DEPTH = 0
.. setting:: WEBLATE_ADDONS
WEBLATE_ADDONS
--------------
List of add-ons available for use. To use them, they have to be enabled for
a given translation component. By default this includes all built-in add-ons, when
extending the list you will probably want to keep existing ones enabled, for
example:
.. code-block:: python
WEBLATE_ADDONS = (
# Built-in add-ons
"weblate.addons.gettext.GenerateMoAddon",
"weblate.addons.gettext.UpdateLinguasAddon",
"weblate.addons.gettext.UpdateConfigureAddon",
"weblate.addons.gettext.MsgmergeAddon",
"weblate.addons.gettext.GettextAuthorComments",
"weblate.addons.cleanup.CleanupAddon",
"weblate.addons.consistency.LanguageConsistencyAddon",
"weblate.addons.discovery.DiscoveryAddon",
"weblate.addons.flags.SourceEditAddon",
"weblate.addons.flags.TargetEditAddon",
"weblate.addons.flags.SameEditAddon",
"weblate.addons.flags.BulkEditAddon",
"weblate.addons.generate.GenerateFileAddon",
"weblate.addons.properties.PropertiesSortAddon",
"weblate.addons.git.GitSquashAddon",
"weblate.addons.removal.RemoveComments",
"weblate.addons.removal.RemoveSuggestions",
"weblate.addons.resx.ResxUpdateAddon",
"weblate.addons.autotranslate.AutoTranslateAddon",
"weblate.addons.cdn.CDNJSAddon",
# Add-on you want to include
"weblate.addons.example.ExampleAddon",
)
.. note::
Removing the add-on from the list does not uninstall it from the components.
Weblate will crash in that case. Please uninstall the add-on from all components
prior to removing it from this list.
.. seealso::
* :ref:`addons`
* :ref:`custom-modules`
* :setting:`DEFAULT_ADDONS`
* :setting:`ADDON_ACTIVITY_LOG_EXPIRY`
.. setting:: ADDON_ACTIVITY_LOG_EXPIRY
ADDON_ACTIVITY_LOG_EXPIRY
-------------------------
.. versionadded:: 5.6
Configures how long activity logs for add-ons are kept. Defaults to 180 days.
.. setting:: WEBLATE_EXPORTERS
WEBLATE_EXPORTERS
-----------------
.. versionadded:: 4.2
List of a available exporters offering downloading translations
or glossaries in various file formats.
.. seealso::
:ref:`formats`
.. setting:: WEBLATE_FORMATS
WEBLATE_FORMATS
---------------
List of file formats available for use.
.. note::
The default list already has the common formats.
.. seealso::
:ref:`formats`
.. setting:: WEBLATE_MACHINERY
WEBLATE_MACHINERY
-----------------
.. versionadded:: 4.13
List of machinery services available for use.
.. seealso::
* :doc:`/admin/machine`
* :ref:`custom-machinery`
* :ref:`custom-modules`
.. setting:: WEBLATE_GPG_IDENTITY
WEBLATE_GPG_IDENTITY
--------------------
Identity used by Weblate to sign Git commits, for example:
.. code-block:: python
WEBLATE_GPG_IDENTITY = "Weblate <weblate@example.com>"
The Weblate GPG keyring is searched for a matching key (:file:`home/.gnupg` under
:setting:`DATA_DIR`). If not found, a key is generated, please check
:ref:`gpg-sign` for more details.
.. seealso::
:ref:`gpg-sign`
.. setting:: WEBSITE_REQUIRED
WEBSITE_REQUIRED
----------------
Defines whether :ref:`project-web` has to be specified when creating a project.
On by default, as that suits public server setups.
.. setting:: WEBSITE_ALERTS_ENABLED
WEBSITE_ALERTS_ENABLED
----------------------
.. versionadded:: 5.17
Default: ``True``
Defines whether Weblate should check project website availability and show
alerts for unreachable project websites.
When set to ``False``, Weblate will skip website availability checks and
will not generate project website alerts. This is useful when:
- Your websites are behind firewalls that block Weblate's requests
- You want to avoid 403/503-type errors from bot protection
- Project website availability is not a concern for your installation
.. seealso::
:setting:`WEBSITE_REQUIRED`
.. _settings-credentials:
Configuring version control credentials
---------------------------------------
.. hint::
This section describes VCS credential variables as
:setting:`GITHUB_CREDENTIALS`, :setting:`GITLAB_CREDENTIALS`,
:setting:`GITEA_CREDENTIALS`, :setting:`PAGURE_CREDENTIALS`,
:setting:`BITBUCKETSERVER_CREDENTIALS`.
The configuration dictionary consists of credentials defined for each API host.
The API host might be different from what you use in the web browser, for
example GitHub API is accessed as ``api.github.com``.
The credentials can also be overridden in :ref:`component-push` or
:ref:`component-repo` (if push URL is not configured), these take precedence
over the ones specified in the configuration file.
The following configuration is available for each host:
``username``
API user, required.
``token``
API token for the API user, required.
``scheme``
.. versionadded:: 4.18
Scheme override. Weblate attempts to parse scheme from the repository URL
and falls backs to ``https``. If you are running the API server internally,
you might want to use ``http`` instead, but consider security.
.. hint::
In the Docker container, the credentials can be configured using environment variables,
see :ref:`docker-vcs-config`.
Reference in a new issue View git blame Copy permalink