canasta config
canasta > config
canasta config
View and modify Canasta configuration
Synopsis
View and modify the .env configuration for a Canasta instance.
Use canasta config get to view current settings and canasta config set to change them. The set command handles side effects automatically (e.g., updating wikis.yaml when changing HTTPS_PORT) and restarts the instance. Editing .env by hand may leave the instance in an inconsistent state.
Key names are case-insensitive and hyphens are treated as underscores, so https-port, HTTPS_PORT, and Https_Port all work.
Settings safe to change on a running instance:
Network
HTTP_PORT HTTP port (default: 80)
HTTPS_PORT HTTPS port (default: 443)
PHP
PHP_UPLOAD_MAX_FILESIZE Upload file size limit (default: 10M)
PHP_POST_MAX_SIZE POST data size limit (default: 10M)
PHP_MAX_INPUT_VARS Max input variables (default: 1000)
Sitemaps
MW_SITEMAP_PAUSE_DAYS Days between sitemap refreshes (default: 1)
Features
CANASTA_ENABLE_CROWDSEC Enable CrowdSec behavioral threat detection (Compose only) (default: false)
CANASTA_ENABLE_ELASTICSEARCH Enable Elasticsearch (default: false)
CANASTA_ENABLE_OBSERVABILITY Enable observability stack (default: false)
CANASTA_ENABLE_VARNISH Enable Varnish caching (default: true)
CANASTA_ENABLE_WIKI_DIRECTORY Show wiki directory on 404 pages (default: false)
CANASTA_ENABLE_VERY_SHORT_URLS Use /wiki/Page (no /w/) URLs (default: false)
MediaWiki site
MW_SITE_SERVER Site URL (e.g., https://example.com)
MW_SITE_FQDN Domain name (e.g., example.com)
Caddy / TLS
CADDY_AUTO_HTTPS Set to "off" behind a reverse proxy
CANASTA_STAGING_CERTS Use Let's Encrypt staging CA (untrusted, but avoids rate limits) (default: false)
CADDY_TRUSTED_PROXIES Recover real client IPs when Caddy is behind a proxy/CDN. Set to "cloudflare" or "imperva", or a comma-separated CIDR list. Unset = Caddy is the edge (default).
CADDY_TRUSTED_PROXY_CIDRS Kubernetes only. Comma-separated CIDRs of the in-cluster ingress to trust so Caddy reads the real client IP. Defaults to the standard private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16); override only for a non-default pod/service CIDR. Ignored on Compose.
Docker Image
CANASTA_IMAGE Override the default Canasta image
CANASTA_ELASTICSEARCH_IMAGE Override the Elasticsearch image (e.g. a build with an extra analysis plugin). Takes effect only while Elasticsearch is enabled (CANASTA_ENABLE_ELASTICSEARCH=true). On Kubernetes the image must be pullable by the cluster (push it to a reachable registry first).
Security (CrowdSec)
CROWDSEC_BOUNCER_API_KEY Caddy bouncer API key from 'cscli bouncers add'. Optional; the bouncer stays dormant (blocks nothing) until it is set.
Backup (Restic)
RESTIC_REPOSITORY Restic repo URL or local path
RESTIC_PASSWORD Restic repo password
Restic backups also accept any backend-specific credentials whose keys start with AWS_, AZURE_, B2_, GOOGLE_, OS_, ST_, or RCLONE_ (e.g. AWS_ACCESS_KEY_ID for S3, AZURE_ACCOUNT_NAME for Azure, B2_ACCOUNT_ID for Backblaze). The entire .env is passed to the Restic container, so any variable Restic recognizes will work — see https://restic.readthedocs.io/en/stable/040_backup.html . SMTP credentials (SMTP_*) are also accepted.
Other settings (database passwords, secret keys, etc.) are generated by canasta create and should not be changed directly. To change the domain, first edit config/wikis.yaml, then use canasta config set to update MW_SITE_SERVER and MW_SITE_FQDN.
Subcommands
This command requires a subcommand:
- get — Show configuration settings
- refresh-template — List, diff, or adopt template versions of seeded config files
- regenerate — Regenerate rendered config files (e.g. Caddyfile) from current sources
- set — Change configuration values
- unset — Remove a configuration setting
Global flags
| Flag | Shorthand | Description | Default | Required | Orchestrator |
|---|---|---|---|---|---|
--help |
-h |
Show help message and exit | Both | ||
--verbose |
-v |
Enable verbose output | Both |
