conf: overhaul server settings (#5928)

* conf: rename package

* Requires Go 1.12

* Fix lint

* Fix lint

* Overhaul

* db: fix tests

* Save my work

* Fix tests

* Server.UnixSocketPermission

* Server.LocalRootURL

* SSH settings

* Server.OfflineMode

* Save my work

* App.Version

* Remove [server] STATIC_ROOT_PATH

* Server.LandingURL

1 files changed, 66 insertions, 57 deletions

diff --git a/conf/app.ini b/conf/app.ini
index abd39959..03ef20da 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -2,75 +2,91 @@
 # !!! PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE !!!
 # !!! IF YOU ARE PACKAGING PROVIDER, PLEASE MAKE OWN COPY OF IT !!!
 
-; App name that shows on every page title
-APP_NAME = Gogs
-; The name of the system user that runs Gogs
+; The brand name of the application.
+BRAND_NAME = Gogs
+; The system user who should be running the applications. It has no effect on Windows,
+; otherwise, it should match the value of $USER environment variable.
 RUN_USER = git
-; Either "dev", "prod" or "test"
+; The running mode of the application, can be either "dev", "prod" or "test".
 RUN_MODE = dev
 
 [server]
-PROTOCOL = http
+; The public-facing URL for the application.
+EXTERNAL_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The public-facing domain name for the application.
 DOMAIN = localhost
-ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The protocol that is used to serve direct traffic to the application.
+; Currently supports "http", "https", "fcgi" and "unix".
+PROTOCOL = http
+; The address to be listened by the application.
 HTTP_ADDR = 0.0.0.0
+; The port number to be listened by the application.
 HTTP_PORT = 3000
-; Permission for unix socket
+; Generate steps:
+; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+CERT_FILE = custom/https/cert.pem
+KEY_FILE = custom/https/key.pem
+; The minimum allowed TLS version, currently supports "TLS10", "TLS11", "TLS12", and "TLS13".
+TLS_MIN_VERSION = TLS12
+; File permission when serve traffic via Unix domain socket.
 UNIX_SOCKET_PERMISSION = 666
-; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
+; Local (DMZ) URL for workers (e.g. SSH update) accessing web service.
 ; In most cases you do not need to change the default value.
 ; Alter it only if your SSH server node is not the same as HTTP node.
 LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-; Disable SSH feature when not available
+
+; Whether to disable SSH access to the application entirely.
 DISABLE_SSH = false
-; Whether use builtin SSH server or not.
-START_SSH_SERVER = false
-; Domain name to be exposed in SSH clone URL
+; The domain name to be exposed in SSH clone URL.
 SSH_DOMAIN = %(DOMAIN)s
-; Port number to be exposed in SSH clone URL
+; The port number to be exposed in SSH clone URL.
 SSH_PORT = 22
-; Network interface builtin SSH server listens on
+; The path of SSH root directory, default is "$HOME/.ssh".
+SSH_ROOT_PATH =
+; The path to ssh-keygen, default is "ssh-keygen" and let shell find out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; The directory to create temporary files when test a public key using ssh-keygen,
+; default is the system temporary directory.
+SSH_KEY_TEST_PATH =
+; Whether to start a builtin SSH server.
+START_SSH_SERVER = false
+; The network interface for builtin SSH server to listen on.
 SSH_LISTEN_HOST = 0.0.0.0
-; Port number builtin SSH server listens on
+; The port number for builtin SSH server to listen on.
 SSH_LISTEN_PORT = %(SSH_PORT)s
-; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-SSH_ROOT_PATH =
-; Indicate whether to rewrite authorized_keys at start, ignored when use builtin SSH server
-REWRITE_AUTHORIZED_KEYS_AT_START = false
-; Choose the ciphers to support for SSH connections
+; The list of accepted ciphers for connections to builtin SSH server.
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
-; Directory to create temporary files when test publick key using ssh-keygen,
-; default is system temporary directory.
-SSH_KEY_TEST_PATH =
-; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
-SSH_KEYGEN_PATH = ssh-keygen
-; Indicate whether to check minimum key size with corresponding type
+; Whether to check minimum public key size with corresponding type.
 MINIMUM_KEY_SIZE_CHECK = false
-; Disable CDN even in "prod" mode
+; Whether to rewrite "~/.ssh/authorized_keys" file at start, ignored when use builtin SSH server.
+REWRITE_AUTHORIZED_KEYS_AT_START = false
+
+; Whether to disable using CDN for static files regardless.
 OFFLINE_MODE = false
-DISABLE_ROUTER_LOG = false
-; Generate steps:
-; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
-;
-; Or from a .pfx file exported from the Windows certificate store (do
-; not forget to export the private key):
-; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
-; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
-CERT_FILE = custom/https/cert.pem
-KEY_FILE = custom/https/key.pem
-; Allowed TLS version values: SSL30, TLS10, TLS11, TLS12
-TLS_MIN_VERSION = TLS10
+; Whether to disable logging in router.
+DISABLE_ROUTER_LOG = true
+; Whether to enable application level GZIP compression.
+ENABLE_GZIP = false
 
-; Enable to load assets (i.e. "conf", "templates", "public") from disk instead of embedded bindata.
-LOAD_ASSETS_FROM_DISK = false
-; The directory that contains "templates" and "public". By default, it is the working directory.
-STATIC_ROOT_PATH =
-; Default path for App data
+; The path for storing application specific data.
 APP_DATA_PATH = data
-; Application level GZIP support
-ENABLE_GZIP = false
-; Landing page for non-logged users, can be "home" or "explore"
-LANDING_PAGE = home
+; Whether to enable to load assets (i.e. "conf", "templates", "public") from disk instead of embedded bindata.
+LOAD_ASSETS_FROM_DISK = false
+
+; The landing page URL for anonymous users, can be a link to a external site.
+LANDING_URL = /
+
+; Define allowed algorithms and their minimum key length (use -1 to disable a type).
+[ssh.minimum_key_sizes]
+ED25519 = 256
+ECDSA   = 256
+RSA     = 2048
+DSA     = 1024
 
 [repository]
 ; Root path for storing repositories's data, default is "~/gogs-repositories"
@@ -156,13 +172,6 @@ ANGLED_QUOTES = true
 ; Value for Access-Control-Allow-Origin header, default is not to present
 ACCESS_CONTROL_ALLOW_ORIGIN =
 
-; Define allowed algorithms and their minimum key length (use -1 to disable a type)
-[ssh.minimum_key_sizes]
-ED25519 = 256
-ECDSA   = 256
-RSA     = 2048
-DSA     = 1024
-
 [database]
 ; Either "mysql", "postgres" or "sqlite3", you can connect to TiDB with MySQL protocol
 DB_TYPE = mysql
@@ -228,7 +237,7 @@ ENABLED = false
 ; Buffer length of channel, keep it as it is if you don't know what it is.
 SEND_BUFFER_LEN = 100
 ; Prefix prepended to the subject line
-SUBJECT_PREFIX = `[%(APP_NAME)s] `
+SUBJECT_PREFIX = `[%(BRAND_NAME)s] `
 ; Mail server
 ; Gmail: smtp.gmail.com:587
 ; QQ: smtp.qq.com:465
@@ -364,7 +373,7 @@ URL =
 ; Webhook URL
 URL =
 ; Username displayed in webhook
-USERNAME = %(APP_NAME)s
+USERNAME = %(BRAND_NAME)s
 
 [log.xorm]
 ; Enable file rotation