Configuration file for Tryton¶

The configuration file controls some aspects of the behavior of Tryton. The file uses a simple ini-file format. It consists of sections, led by a [section] header and followed by name = value entries:

[database]
uri = postgresql://user:password@localhost/
path = /var/lib/trytond

For more information see ConfigParser.

The default value of any option can be changed using environment variables with names using this syntax: TRYTOND_<SECTION>__<NAME>.

Sections¶

This section describes the different main sections that may appear in a Tryton configuration file, the purpose of each section, its possible keys, and their possible values. Some modules could request the usage of other sections for which the guideline asks them to be named like their module.

web ¶

Defines the behavior of the web interface.

listen ¶

Defines the couple of host (or IP address) and port number separated by a colon to listen on.

Default localhost:8000

Note

To listen on all IPv4 interfaces use the value 0.0.0.0:8000 and for all IPv6 interfaces use [::]:8000.

hostname ¶

Defines the hostname to use when generating a URL when there is no request context available, for example during a cron job.

root ¶

Defines the root path served by GET requests.

Default: Under the www directory of user’s home running trytond.

num_proxies ¶

The number of proxy servers in front of trytond.

Default: 0

cache_timeout ¶

The cache timeout in seconds.

Default: 12h

cors ¶

The list (one per line) of origins allowed for Cross-Origin Resource sharing. For example:

cors =
   http://example.com
   https://example.com

avatar_base ¶

The base URL without a path for avatar URL.

Default: ''

Note

It can be used to setup a CDN.

avatar_timeout ¶

The time in seconds that the avatar can be stored in cache.

Default: 7 days

database ¶

Defines how the database is managed.

uri ¶

Contains the URI to connect to the SQL database. The URI follows the RFC 3986. The typical form is:

database://username:password@host:port/?param1=value1&param2=value2

The parameters are database dependent, check the database documentation for a list of valid parameters.

Default: The value of the environment variable TRYTOND_DATABASE_URI or sqlite:// if not set.

The available databases are:

PostgreSQL¶

psycopg2 supports two type of connections:

TCP/IP connection: postgresql://user:password@localhost:5432/

Unix domain connection: postgresql://username:password@/

Please refer to psycopg2 for the complete specification of the URI.

A list of parameters supported by PostgreSQL can be found in the documentation.

Note

fallback_application_name parameter from aforementioned documentation can be set directly thanks to the TRYTOND_APPNAME environment variable.

SQLite¶

The URI is defined as sqlite://

If the name of the database is :memory:, the parameter mode will be set to memory thus using a pure in-memory database.

The recognized query parameters can be found in SQLite’s documentation.

path ¶

The directory where Tryton stores files and so the user running trytond must have write access on this directory.

Default: The db folder under the user home directory running trytond.

list ¶

A boolean value to list available databases.

Default: True

retry ¶

The number of retries when a database operational error occurs during a request.

Default: 5

subquery_threshold ¶

The number of records in the target relation under which a sub-query is used.

Default: 1000

language ¶

The main language of the database that will be used for storage in the main table for translations.

Default: en

avatar_filestore ¶

This configuration value indicates whether the avatars should be stored in the trytond.filestore (True) or the database (False).

Default: False

avatar_prefix ¶

The prefix to use with the FileStore to store avatars.

Default: None

default_name ¶

The name of the database to use for operations without a database name. Default: template1 for PostgreSQL, :memory: for SQLite.

timeout ¶

The timeout duration in seconds after which the connections to unused databases are closed. Default: 1800 (30 minutes)

minconn ¶

The minimum number of connections to keep in the pool (if the backend supports pool) per process. Default: 1

maxconn ¶

The maximum number of simultaneous connections to the database per process. Default: 64

unaccent_function ¶

The name of the unaccent function.

Default: unaccent

similarity_function ¶

The name of the similarity function.

Default: similarity

request ¶

max_size ¶

The maximum size in bytes of unauthenticated request (zero means no limit).

Default: 2MB

max_size_authenticated ¶

The maximum size in bytes of an authenticated request (zero means no limit).

Default: 2GB

cache ¶

Defines size of various cache.

transaction ¶

The number of contextual caches kept per transaction.

Default: 10

model ¶

The number of different model kept in the cache per transaction.

Default: 200

record ¶

The number of record loaded kept in the cache of the list. It can be changed locally using the _record_cache_size key in Transaction.context.

Default: 2000

field ¶

The number of field to load with an eager Field.loading.

Default: 100

default ¶

The default size_limit of Cache.

Default: 1024

clean_timeout ¶

The minimum number of seconds between two cleanings of the cache. If the value is 0, the notification between processes will be done using channels if the back-end supports them.

Default: 300

count_timeout ¶

The cache timeout duration in seconds of the estimation of records.

Default: 86400 (1 day)

count_clear ¶

The number of operations after which the counting estimation of records is cleared.

Default: 1000

queue ¶

worker ¶

Activate asynchronous processing of the tasks. Otherwise they are performed at the end of the requests.

Default: False

clean_days ¶

The number of days after which processed tasks are removed.

Default: 30

batch_size ¶

The default number of the instances to process in a batch.

Default: 20

error ¶

clean_days ¶

The number of days after which reported errors are removed.

Default: 90

table ¶

This section allows to override the default generated table name for a ModelSQL. The main goal is to bypass limitation on the name length of the database backend. For example:

[table]
account.invoice.line = acc_inv_line
account.invoice.tax = acc_inv_tax

ssl ¶

Activates SSL on the web interface.

Note

It is recommended to delegate the SSL support to a proxy.

privatekey ¶

The path to the private key.

certificate ¶

The path to the certificate.

Tip

Set only one of privatekey or certificate to true if the SSL is delegated.

email ¶

Note

Email settings can be tested with the trytond-admin command

uri ¶

The SMTP-URL to connect to the SMTP server which is extended to support SSL and STARTTLS. The available protocols are:

smtp: simple SMTP

smtp+tls: SMTP with STARTTLS

smtps: SMTP with SSL

The uri accepts the following additional parameters:

local_hostname: used as FQDN of the local host in the HELO/EHLO commands, if omited it will use the value of socket.getfqdn().
timeout: A number of seconds used as timeout for blocking operations. A socket.timeout will be raised when exceeded. If omited the default timeout will be used.

Default: smtp://localhost:25

from ¶

Defines the default From address (using RFC 5322) for emails sent by Tryton.

For example:

from: "Company Inc" <info@example.com>

Default: The login name of the OS user.

retry ¶

The number of retries when the SMTP server returns a temporary error.

Default: 5

session ¶

authentications ¶

A comma separated list of the authentication methods to try when attempting to verify a user’s identity. Each method is tried in turn, following the order of the list, until one succeeds. In order to allow multi-factor authentication, individual methods can be combined together using a plus (+) symbol.

Example:

authentications = password+sms,ldap

Each combined method can have options to skip them if they are met except for the first method. They are defined by appending their name to the method name after a question mark (?) and separated by colons (:).

Example:

authentications = password+sms?ip_address:device_cookie

By default, Tryton only supports the password method. This method compares the password entered by the user against a stored hash of the user’s password. By default, Tryton supports the ip_address and device_cookie options. The ip_address compares the client IP address with the known network list defined in authentication_ip_network. The device_cookie checks the client device is a known device of the user. Other modules can define additional authentication methods and options, please refer to their documentation for more information.

Default: password

authentication_ip_network ¶

A comma separated list of known IP networks used to check for ip_address authentication method option.

Default: ''

max_age ¶

The time in seconds that a session stay valid.

Default: 2592000 (30 days)

timeout ¶

The time in seconds without activity before the session is no more fresh.

Default: 300 (5 minutes)

max_attempt ¶

The maximum authentication attempt before the server answers unconditionally Too Many Requests for any other attempts. The counting is done on all attempts over a period of timeout.

Default: 5

max_attempt_ip_network ¶

The maximum authentication attempt from the same network before the server answers unconditionally Too Many Requests for any other attempts. The counting is done on all attempts over a period of timeout.

Default: 300

ip_network_4 ¶

The network prefix to apply on IPv4 address for counting the authentication attempts.

Default: 32

ip_network_6 ¶

The network prefix to apply on IPv6 address for counting the authentication attempts.

Default: 56

password ¶

length ¶

The minimal length required for the user password.

Default: 8

forbidden ¶

The path to a file containing one forbidden password per line.

reset_timeout ¶

The time in seconds until the reset password expires.

Default: 86400 (24h)

passlib ¶

The path to the INI file to load as CryptContext. If no path is set, Tryton will use the schemes argon2, scrypt, bcrypt or pbkdf2_sha512.

Default: None

attachment ¶

Defines how to store the attachments

filestore ¶

A boolean value to store attachment in the FileStore.

Default: True

store_prefix ¶

The prefix to use with the FileStore.

Default: None

bus ¶

url_host ¶

If set redirects bus requests to the host URL.

long_polling_timeout ¶

The time in seconds to keep the connection to the client opened when using long polling for bus messages

Default: 300

cache_timeout ¶

The number of seconds a message should be kept by the queue before being discarded.

Default: 300

select_timeout ¶

The timeout duration of the select call when listening on a channel.

Default: 5

html ¶

src ¶

The URL pointing to TinyMCE editor.

Default: https://cloud.tinymce.com/stable/tinymce.min.js

plugins ¶

The space separated list of TinyMCE plugins to load. It can be overridden for specific models and fields using the names: plugins-<model>-<field> or plugins-<model>.

Default: ''

css ¶

The JSON list of CSS files to load. It can be overridden for specific models and fields using the names: css-<model>-<field> or css-<model>.

Default: []

class ¶

The class to add on the body. It can be overridden for specific models and fields using the names: class-<model>-<field> or class-<model>.

Default: ''

wsgi middleware ¶

The section lists the WSGI middleware class to load. Each middleware can be configured with a section named wsgi <middleware> containing args and kwargs options.

Example:

[wsgi middleware]
ie = werkzeug.contrib.fixers.InternetExplorerFix

[wsgi ie]
kwargs={'fix_attach': False}

Note

The options can be set using environment variables with names like: TRYTOND_WSGI_<MIDDLEWARE>__<NAME>.