conf: overhaul security settings

1 files changed, 21 insertions, 15 deletions

diff --git a/conf/app.ini b/conf/app.ini
index a8c1264f..baec9d32 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -146,6 +146,27 @@ SSL_MODE = disable
 ; For "sqlite3" only, make sure to use absolute path.
 PATH = data/gogs.db
 
+[security]
+; Whether to show the install page, set this to "true" to bypass it.
+INSTALL_LOCK = false
+; The secret to encrypt cookie values, 2FA code, etc.
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; The days remembered for auto-login.
+LOGIN_REMEMBER_DAYS = 7
+; The cookie name to stoed auto-login information.
+COOKIE_REMEMBER_NAME = gogs_incredible
+; The cookie name to stored logged in username.
+COOKIE_USERNAME = gogs_awesome
+; Whether to set secure cookie.
+COOKIE_SECURE = false
+; The HTTP header for reverse proxy authentication via username.
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Whether to set cookie to indicate user login status.
+ENABLE_LOGIN_STATUS_COOKIE = false
+; The cookie name to store user login status.
+LOGIN_STATUS_COOKIE_NAME = login_status
+
 ; Attachment settings for releases
 [release.attachment]
 ; Whether attachments are enabled. Defaults to `true`
@@ -184,21 +205,6 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Disable regular (non-admin) users to create organizations
 DISABLE_REGULAR_ORG_CREATION = false
 
-[security]
-INSTALL_LOCK = false
-; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-SECRET_KEY = !#@FDEWREWR&*(
-; Auto-login remember days
-LOGIN_REMEMBER_DAYS = 7
-COOKIE_USERNAME = gogs_awesome
-COOKIE_REMEMBER_NAME = gogs_incredible
-COOKIE_SECURE = false
-; Reverse proxy authentication header name of user name
-REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
-; Enable to set cookie to indicate user login status
-ENABLE_LOGIN_STATUS_COOKIE = false
-LOGIN_STATUS_COOKIE_NAME = login_status
-
 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180
 RESET_PASSWD_CODE_LIVE_MINUTES = 180