Configuration file for Tryton
The configuration file controls some aspects of the behavior of Tryton.
The file uses a simple ini-file format. It consists of sections, led by a
[section]
header and followed by name = value
entries:
[database]
uri = postgresql://user:password@localhost/
path = /var/lib/trytond
For more information see ConfigParser.
The default value of any option can be changed using environment variables
with names using this syntax: TRYTOND_<SECTION>__<NAME>
.
Sections
This section describes the different main sections that may appear in a Tryton configuration file, the purpose of each section, its possible keys, and their possible values. Some modules could request the usage of other sections for which the guideline asks them to be named like their module.
web
Defines the behavior of the web interface.
listen
Defines the couple of host (or IP address) and port number separated by a colon to listen on.
Default localhost:8000
Note
To listen on all IPv4 interfaces use the value 0.0.0.0:8000
and for all
IPv6 interfaces use [::]:8000
.
hostname
Defines the hostname to use when generating a URL when there is no request context available, for example during a cron job.
root
Defines the root path served by GET
requests.
Default: Under the www
directory of user’s home running trytond
.
num_proxies
The number of proxy servers in front of trytond
.
Default: 0
cache_timeout
The cache timeout in seconds.
Default: 12h
cors
The list (one per line) of origins allowed for Cross-Origin Resource sharing. For example:
cors =
http://example.com
https://example.com
avatar_base
The base URL without a path for avatar URL.
Default: ''
Note
It can be used to setup a CDN.
avatar_timeout
The time in seconds that the avatar can be stored in cache.
Default: 7 days
database
Defines how the database is managed.
uri
Contains the URI to connect to the SQL database. The URI follows the RFC 3986. The typical form is:
database://username:password@host:port/?param1=value1¶m2=value2
The parameters are database dependent, check the database documentation for a list of valid parameters.
Default: The value of the environment variable TRYTOND_DATABASE_URI
or
sqlite://
if not set.
The available databases are:
PostgreSQL
psycopg2
supports two type of connections:
TCP/IP connection:
postgresql://user:password@localhost:5432/
Unix domain connection:
postgresql://username:password@/
Please refer to psycopg2 for the complete specification of the URI.
A list of parameters supported by PostgreSQL can be found in the documentation.
Note
fallback_application_name
parameter from aforementioned documentation can
be set directly thanks to the TRYTOND_APPNAME
environment variable.
SQLite
The URI is defined as sqlite://
If the name of the database is :memory:
, the parameter mode
will be set
to memory
thus using a pure in-memory database.
The recognized query parameters can be found in SQLite’s documentation.
path
The directory where Tryton stores files and so the user running trytond must have write access on this directory.
Default: The db
folder under the user home directory running
trytond.
list
A boolean value to list available databases.
Default: True
retry
The number of retries when a database operational error occurs during a request.
Default: 5
subquery_threshold
The number of records in the target relation under which a sub-query is used.
Default: 1000
language
The main language of the database that will be used for storage in the main table for translations.
Default: en
avatar_filestore
This configuration value indicates whether the avatars should be stored in the
trytond.filestore
(True
) or the database (False
).
Default: False
avatar_prefix
The prefix to use with the FileStore to store avatars.
Default: None
default_name
The name of the database to use for operations without a database name.
Default: template1
for PostgreSQL, :memory:
for SQLite.
timeout
The timeout duration in seconds after which the connections to unused databases
are closed.
Default: 1800
(30 minutes)
minconn
The minimum number of connections to keep in the pool (if the backend supports
pool) per process.
Default: 1
maxconn
The maximum number of simultaneous connections to the database per process.
Default: 64
unaccent_function
The name of the unaccent function.
Default: unaccent
similarity_function
The name of the similarity function.
Default: similarity
request
max_size
The maximum size in bytes of unauthenticated request (zero means no limit).
Default: 2MB
max_size_authenticated
The maximum size in bytes of an authenticated request (zero means no limit).
Default: 2GB
cache
Defines size of various cache.
transaction
The number of contextual caches kept per transaction.
Default: 10
model
The number of different model kept in the cache per transaction.
Default: 200
record
The number of record loaded kept in the cache of the list.
It can be changed locally using the _record_cache_size
key in
Transaction.context
.
Default: 2000
field
The number of field to load with an eager
Field.loading
.
Default: 100
default
The default size_limit
of Cache
.
Default: 1024
clean_timeout
The minimum number of seconds between two cleanings of the cache. If the value is 0, the notification between processes will be done using channels if the back-end supports them.
Default: 300
count_timeout
The cache timeout duration in seconds of the estimation of records.
Default: 86400
(1 day)
count_clear
The number of operations after which the counting estimation of records is cleared.
Default: 1000
queue
worker
Activate asynchronous processing of the tasks. Otherwise they are performed at the end of the requests.
Default: False
clean_days
The number of days after which processed tasks are removed.
Default: 30
batch_size
The default number of the instances to process in a batch.
Default: 20
error
clean_days
The number of days after which reported errors are removed.
Default: 90
table
This section allows to override the default generated table name for a
ModelSQL
.
The main goal is to bypass limitation on the name length of the database
backend.
For example:
[table]
account.invoice.line = acc_inv_line
account.invoice.tax = acc_inv_tax
ssl
Activates SSL on the web interface.
Note
It is recommended to delegate the SSL support to a proxy.
privatekey
The path to the private key.
certificate
The path to the certificate.
Tip
Set only one of privatekey
or certificate
to true
if the SSL is
delegated.
email
Note
Email settings can be tested with the trytond-admin
command
uri
The SMTP-URL to connect to the SMTP server which is extended to support SSL and STARTTLS. The available protocols are:
smtp
: simple SMTP
smtp+tls
: SMTP with STARTTLS
smtps
: SMTP with SSL
The uri accepts the following additional parameters:
local_hostname
: used as FQDN of the local host in the HELO/EHLO commands, if omited it will use the value ofsocket.getfqdn()
.timeout
: A number of seconds used as timeout for blocking operations. Asocket.timeout
will be raised when exceeded. If omited the default timeout will be used.
Default: smtp://localhost:25
from
Defines the default From
address (using RFC 5322) for emails sent by
Tryton.
For example:
from: "Company Inc" <info@example.com>
Default: The login name of the OS user.
retry
The number of retries when the SMTP server returns a temporary error.
Default: 5
session
authentications
A comma separated list of the authentication methods to try when attempting to
verify a user’s identity. Each method is tried in turn, following the order of
the list, until one succeeds. In order to allow multi-factor authentication,
individual methods can be combined together using a plus (+
) symbol.
Example:
authentications = password+sms,ldap
Each combined method can have options to skip them if they are met except for
the first method.
They are defined by appending their name to the method name after a question
mark (?
) and separated by colons (:
).
Example:
authentications = password+sms?ip_address:device_cookie
By default, Tryton only supports the password
method. This method compares
the password entered by the user against a stored hash of the user’s password.
By default, Tryton supports the ip_address
and device_cookie
options.
The ip_address
compares the client IP address with the known network list
defined in authentication_ip_network.
The device_cookie
checks the client device is a known device of the user.
Other modules can define additional authentication methods and options, please
refer to their documentation for more information.
Default: password
authentication_ip_network
A comma separated list of known IP networks used to check for ip_address
authentication method option.
Default: ''
max_age
The time in seconds that a session stay valid.
Default: 2592000
(30 days)
timeout
The time in seconds without activity before the session is no more fresh.
Default: 300
(5 minutes)
max_attempt
The maximum authentication attempt before the server answers unconditionally
Too Many Requests
for any other attempts. The counting is done on all
attempts over a period of timeout
.
Default: 5
max_attempt_ip_network
The maximum authentication attempt from the same network before the server
answers unconditionally Too Many Requests
for any other attempts. The
counting is done on all attempts over a period of timeout
.
Default: 300
ip_network_4
The network prefix to apply on IPv4 address for counting the authentication attempts.
Default: 32
ip_network_6
The network prefix to apply on IPv6 address for counting the authentication attempts.
Default: 56
password
length
The minimal length required for the user password.
Default: 8
forbidden
The path to a file containing one forbidden password per line.
reset_timeout
The time in seconds until the reset password expires.
Default: 86400
(24h)
passlib
The path to the INI file to load as CryptContext.
If no path is set, Tryton will use the schemes argon2
, scrypt
,
bcrypt
or pbkdf2_sha512
.
Default: None
attachment
Defines how to store the attachments
filestore
A boolean value to store attachment in the FileStore.
Default: True
store_prefix
The prefix to use with the FileStore
.
Default: None
bus
allow_subscribe
A boolean value to allow clients to subscribe to bus channels.
Default: False
url_host
If set redirects bus requests to the host URL.
long_polling_timeout
The time in seconds to keep the connection to the client opened when using long polling for bus messages
Default: 300
cache_timeout
The number of seconds a message should be kept by the queue before being discarded.
Default: 300
select_timeout
The timeout duration of the select call when listening on a channel.
Default: 5
html
src
The URL pointing to TinyMCE editor.
Default: https://cloud.tinymce.com/stable/tinymce.min.js
plugins
The space separated list of TinyMCE plugins to load.
It can be overridden for specific models and fields using the names:
plugins-<model>-<field>
or plugins-<model>
.
Default: ''
css
The JSON list of CSS files to load.
It can be overridden for specific models and fields using the names:
css-<model>-<field>
or css-<model>
.
Default: []
class
The class to add on the body.
It can be overridden for specific models and fields using the names:
class-<model>-<field>
or class-<model>
.
Default: ''
wsgi middleware
The section lists the WSGI middleware class to load.
Each middleware can be configured with a section named wsgi <middleware>
containing args
and kwargs
options.
Example:
[wsgi middleware]
ie = werkzeug.contrib.fixers.InternetExplorerFix
[wsgi ie]
kwargs={'fix_attach': False}
Note
The options can be set using environment variables with names like:
TRYTOND_WSGI_<MIDDLEWARE>__<NAME>
.