# All settings below are optional — sensible defaults are built in. # For production use, configure authentication (BasicAuth or BearerToken). # See appsettings.json for actual default values. # Host directory to mount into the container (used by docker-compose.yml only, not read by the app). HOST_PATH=/srv/share # Overrides the RootPath in docker-compose.yml (default: /data). RootPath=/data Port=8091 # IP address to bind to. ListenIp=0.0.0.0 BasicAuthUser= BasicAuthPass= # Bearer token for API/MCP clients. Can be used instead of or alongside Basic Auth. BearerToken= # Header to read the bearer token from. Default accepts "Bearer " or raw token. # Use a custom header (e.g. X-API-Key) for raw-token auth. BearerTokenHeaderName=Authorization DefaultTheme=dark # Page title shown in the header. SiteTitle=DirForge # Calculate subdirectory sizes (slow on large trees). CalculateDirectorySizes=false # Browse ZIP/TAR archives inline. OpenArchivesInline=true # Enable recursive search. EnableSearch=true # Max recursive search depth (0 = current folder only). SearchMaxDepth=32 # Timeout in ms for slow operations: directory sizing, search, ZIP/archive parsing, S3/WebDAV listings (0 = off). OperationTimeBudgetMs=30000 # Allow direct file downloads. AllowFileDownload=true # Allow folder ZIP downloads. AllowFolderDownload=true # Enable signed share links. EnableSharing=true # HMAC secret for share links. Use a long random value in production. ShareSecret= # Hide dotfiles (files and folders starting with a dot). HideDotfiles=false # Glob patterns to hide (comma-separated). Example: **/.git/**,**/node_modules/**,private/** HidePathPatterns= # File extensions to deny for downloads (comma-separated). Blank uses appsettings defaults. DenyDownloadExtensions= # Max uncompressed ZIP size in bytes (0 = unlimited). MaxZipSize=2147483648 # Max file size in bytes for inline preview. MaxPreviewFileSize=2097152 # Max file size in bytes for hash generation. MaxFileSizeForHashing=7516192768 # Enable X-Forwarded-* header support for reverse proxy setups. ForwardedHeadersEnabled=true # Trusted proxy IPs (comma-separated). Blank trusts RFC 1918 ranges and loopback. # Example: 10.0.0.2,192.168.1.10 ForwardedHeadersKnownProxies= # Max hops to read from the X-Forwarded-* chain. ForwardedHeadersForwardLimit=1 # Trust identity from a reverse proxy header; bypasses built-in auth. ExternalAuthEnabled=false # Header carrying the authenticated user identity (used when ExternalAuthEnabled=true). ExternalAuthIdentityHeader=X-Forwarded-User # Enable per-IP and global rate limiting. EnableDefaultRateLimiter=true # Max requests per minute per client IP. RateLimitPerIp=1000 # Max requests per minute across all clients. RateLimitGlobal=4200 # Enable read-only WebDAV endpoint at /webdav. EnableWebDav=true # Enable read-only S3-compatible endpoint at /s3. EnableS3Endpoint=false S3BucketName=dirforge S3Region=us-east-1 S3AccessKeyId= S3SecretAccessKey= # Enable RESTful JSON API at /api. EnableJsonApi=true # Enable MCP endpoint at /mcp. EnableMcpEndpoint=true # Max file size in bytes for the MCP read_file tool (default: 1 MB). McpReadFileSizeLimit=1048576 # Directory listing cache TTL in seconds (1–2592000). Higher values reduce filesystem reads on slow storage. ListingCacheTtlSeconds=2 # Directory size cache TTL in seconds (0–2592000; 0 disables). Only relevant when sizes are calculated. DirectorySizeCacheTtlSeconds=300 # Enable in-memory metrics dashboard at /dashboard. DashboardEnabled=true # Expose /metrics endpoint (requires DashboardEnabled=true). EnableMetricsEndpoint=true # Credentials to protect /dashboard and /metrics separately from the main auth. DashboardAuthUser= DashboardAuthPass=