Configuring Alaveteli

You can control much of how Alaveteli looks and behaves just by changing the config settings.

The general configuration file

The Alaveteli code ships with an example configuration file: config/general.yml-example.

As part of the installation process, the example file gets copied to config/general.yml. You must edit this file to suit your needs.

Note that the default settings for frontpage examples are designed to work with the dummy data shipped with Alaveteli. Once you have real data, you should certainly edit these.

Note that there are other configuration settings and files too, for specific aspects of Alaveteli.

Config settings by topic

The following are all the configuration settings that you can change in config/general.yml. When you edit this file, remember it must be in the YAML syntax. It’s not complicated but — especially if you’re editing a list — be careful to get the indentation correct. If in doubt, look at the examples already in the file, and don’t use tabs.

Appearance and overall behaviour of the site:

SITE_NAME
DOMAIN
FORCE_SSL
FORCE_REGISTRATION_ON_NEW_REQUEST
THEME_URLS
THEME_BRANCH
FRONTPAGE_PUBLICBODY_EXAMPLES
PUBLIC_BODY_STATISTICS_PAGE
MINIMUM_REQUESTS_FOR_STATISTICS
RESPONSIVE_STYLING

Site status:

READ_ONLY
STAGING_SITE

Locale and internationalisation:

ISO_COUNTRY_CODE
TIME_ZONE
AVAILABLE_LOCALES
DEFAULT_LOCALE
USE_DEFAULT_BROWSER_LANGUAGE
INCLUDE_DEFAULT_LOCALE_IN_URLS

Definition of “late”:

REPLY_LATE_AFTER_DAYS
REPLY_VERY_LATE_AFTER_DAYS
WORKING_OR_CALENDAR_DAYS

Admin access:

ADMIN_USERNAME
ADMIN_PASSWORD
DISABLE_EMERGENCY_USER
SKIP_ADMIN_AUTH

Email management:

INCOMING_EMAIL_DOMAIN
INCOMING_EMAIL_PREFIX
INCOMING_EMAIL_SECRET
INCOMING_EMAIL_SPAM_ACTION
INCOMING_EMAIL_SPAM_HEADER
INCOMING_EMAIL_SPAM_THRESHOLD
BLACKHOLE_PREFIX
CONTACT_EMAIL
CONTACT_NAME
TRACK_SENDER_EMAIL
TRACK_SENDER_NAME
RAW_EMAILS_LOCATION
EXCEPTION_NOTIFICATIONS_FROM
EXCEPTION_NOTIFICATIONS_TO
FORWARD_NONBOUNCE_RESPONSES_TO
MTA_LOG_PATH
MTA_LOG_TYPE
PRODUCTION_MAILER_DELIVERY_METHOD
SMTP_MAILER_ADDRESS
SMTP_MAILER_PORT
SMTP_MAILER_DOMAIN
SMTP_MAILER_USER_NAME
SMTP_MAILER_PASSWORD
SMTP_MAILER_AUTHENTICATION
SMTP_MAILER_ENABLE_STARTTLS_AUTO
PRODUCTION_MAILER_RETRIEVER_METHOD
POP_MAILER_ADDRESS
POP_MAILER_PORT
POP_MAILER_USER_NAME
POP_MAILER_PASSWORD
POP_MAILER_ENABLE_SSL
RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS

General admin (keys, paths, back-end services):

COOKIE_STORE_SESSION_SECRET
RECAPTCHA_SITE_KEY
RECAPTCHA_SECRET_KEY
GEOIP_DATABASE
GAZE_URL
GA_CODE (GA=Google Analytics)
UTILITY_SEARCH_PATH
SHARED_FILES_PATH
SHARED_FILES
SHARED_DIRECTORIES

Behaviour settings and switches:

NEW_RESPONSE_REMINDER_AFTER_DAYS
AUTHORITY_MUST_RESPOND
MAX_REQUESTS_PER_USER_PER_DAY
OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS
ALLOW_BATCH_REQUESTS
PUBLIC_BODY_LIST_FALLBACK_TO_DEFAULT_LOCALE
ENABLE_WIDGETS
ENABLE_TWO_FACTOR_AUTH
ENABLE_ANNOTATIONS

External public services:

BLOG_FEED
FACEBOOK_USERNAME
TWITTER_USERNAME
TWITTER_WIDGET_ID
DONATION_URL

Development work or special cases:

DEBUG_RECORD_MEMORY
VARNISH_HOST
USE_MAILCATCHER_IN_DEVELOPMENT
USE_GHOSTSCRIPT_COMPRESSION
HTML_TO_PDF_COMMAND
CACHE_FRAGMENTS


All the general settings

SITE_NAME
SITE_NAME appears in various places throughout the site.

Examples:

  • SITE_NAME: 'Alaveteli'
  • SITE_NAME: 'WhatDoTheyKnow'
DOMAIN
Domain used in URLs generated by scripts (e.g. for going in some emails)

Examples:

  • DOMAIN: '127.0.0.1:3000'
  • DOMAIN: 'www.example.com'
FORCE_SSL
If true forces everyone (in the production environment) to use encrypted connections (via https) by redirecting unencrypted connections. This is highly recommended so that logins can't be intercepted by naughty people.

Example:

  • FORCE_SSL: true
FORCE_REGISTRATION_ON_NEW_REQUEST
Does a user need to sign in to start the New Request process?

Alaveteli will not send a request on behalf of a user until they have confirmed their email address. This setting controls when in the process such confirmation is required.

If FORCE_REGISTRATION_ON_NEW_REQUEST is false, a user who is not logged in can create a new request, but when they finally submit it they'll be invited to sign in or register; the request will not be sent until they have done so. That is, Alaveteli puts the confirmation of email address (by registering or signing in) at the end of the process. We recommend this because demanding registration right at the start may subtly discourage new users from making requests. If you don't want your site to behave in this way, set this to true.

This setting does not affect the way the site behaves if the user is already logged in.

Example:

  • We recommend you don't force registration at the start of the process:
    FORCE_REGISTRATION_ON_NEW_REQUEST: false
THEME_URLS
URLs of themes to download and use (when running the rails-post-deploy script). The earlier in the list means the templates have a higher priority.

Example:

  • THEME_URLS:
     - 'git://github.com/mysociety/alavetelitheme.git'
    
THEME_BRANCH
When rails-post-deploy installs the themes, it will try the theme branch first, but only if you've set THEME_BRANCH to be true. If the branch doesn't exist it will fall back to using a tagged version specific to your installed Alaveteli version, and if that doesn't exist it will back to master.

The default theme is the "Alaveteli" theme. This gets installed automatically when rails-post-deploy runs.

Example:

  • THEME_BRANCH: false
FRONTPAGE_PUBLICBODY_EXAMPLES
Specify which public bodies you want to be listed as examples on the home page, using their short_names. If you want more than one, separate them with semicolons. Comment this out if you want this to be auto-generated.

Warning: this is slow — don't use in production!

Examples:

  • FRONTPAGE_PUBLICBODY_EXAMPLES: 'tgq'
  • FRONTPAGE_PUBLICBODY_EXAMPLES: 'tgq;foo;bar'
  • # FRONTPAGE_PUBLICBODY_EXAMPLES:
PUBLIC_BODY_STATISTICS_PAGE & MINIMUM_REQUESTS_FOR_STATISTICS
If PUBLIC_BODY_STATISTICS_PAGE is set to true, Alaveteli will make a page of statistics on the performance of public bodies (which you can see at /body_statistics). The page will only consider public bodies that have had at least the number of requests set by MINIMUM_REQUESTS_FOR_STATISTICS.

Example:

  • PUBLIC_BODY_STATISTICS_PAGE: false
  • MINIMUM_REQUESTS_FOR_STATISTICS: 50
RESPONSIVE_STYLING
Use the responsive base stylesheets and templates, rather than those that only render the site at a fixed width. These stylesheets are currently experimental but will become the default in the future. They allow the site to render nicely on mobile devices as well as larger screens. Currently the fixed width stylesheets are used by default.

Example:

  • RESPONSIVE_STYLING: true
READ_ONLY
If present, READ_ONLY puts the site in read-only mode, and uses the text as reason (whole paragraph). Please use a read-only database user as well, as it only checks in a few obvious places.

Examples:

  • Typically, you do not want to run your site in read-only mode — so set READ_ONLY to be an empty string.
    READ_ONLY: ''
  • READ_ONLY: 'The site is not currently accepting requests while we move the server.'
STAGING_SITE
Is this a staging or development site? If not, it's a live production site. This setting controls whether or not the rails-post-deploy script will create the file config/rails_env.rb file to force Rails into production environment.

Examples:

  • For staging or development:

    STAGING_SITE: 1

  • For production:

    STAGING_SITE: 0

ISO_COUNTRY_CODE
The ISO country code of the country in which your Alaveteli site is deployed.

Example:

  • ISO_COUNTRY_CODE: GB
TIME_ZONE
This is the timezone that Alaveteli usese to display times and dates. If not set, defaults to UTC.

Example:

  • TIME_ZONE: Australia/Sydney
AVAILABLE_LOCALES & DEFAULT_LOCALE
AVAILABLE_LOCALES lists all the locales you want your site to support. If there is more than one, use spaces betwween the entries. Nominate one of these locales as the default with DEFAULT_LOCALE.

Examples:

  • AVAILABLE_LOCALES: 'en es'
  • DEFAULT_LOCALE: 'en'
USE_DEFAULT_BROWSER_LANGUAGE
Should Alaveteli try to use the default language of the user's browser?

Example:

  • USE_DEFAULT_BROWSER_LANGUAGE: true
INCLUDE_DEFAULT_LOCALE_IN_URLS
Normally, Alaveteli will put the locale into its URLs, like this www.example.com/en/body/list/all. If you don't want this behaviour whenever the locale is the default one, set INCLUDE_DEFAULT_LOCALE_IN_URLS to false.

Example:

  • INCLUDE_DEFAULT_LOCALE_IN_URLS: true
REPLY_LATE_AFTER_DAYS
REPLY_VERY_LATE_AFTER_DAYS
WORKING_OR_CALENDAR_DAYS
The REPLY...AFTER_DAYS settings define how many days must have passed before an answer to a request is officially late. The WORKING_OR_CALENDAR_DAYS setting can be either "working" (the default) or "calendar", and determines which days are counted.

Examples:

  • REPLY_LATE_AFTER_DAYS: 20
  • REPLY_VERY_LATE_AFTER_DAYS: 40
  • WORKING_OR_CALENDAR_DAYS: working
ADMIN_USERNAME & ADMIN_PASSWORD
DISABLE_EMERGENCY_USER
Details for the emergency user.

This is useful for creating the initial admin users for your site:

  • Create a new user (using regular sign up on the site)
  • Log in as the emergency user
  • Promote the new account
  • Disable the emergency user

For details of this process, see creating a admin account.

Examples:

  • ADMIN_USERNAME: 'adminxxxx'
  • ADMIN_PASSWORD: 'passwordx'
  • DISABLE_EMERGENCY_USER: false
SKIP_ADMIN_AUTH
Set this to true, and the admin interface will be available to anonymous users. Obviously, you should not set this to be true in production environments.

Example:

  • SKIP_ADMIN_AUTH: false
INCOMING_EMAIL_DOMAIN
Your email domain for incoming mail. See also How Alaveteli handles email.

Example:

  • INCOMING_EMAIL_DOMAIN: 'localhost'
  • INCOMING_EMAIL_DOMAIN: 'foifa.com'
INCOMING_EMAIL_PREFIX
An optional prefix to help you distinguish FOI requests. See also How Alaveteli handles email.

Example:

  • INCOMING_EMAIL_PREFIX: ''
  • INCOMING_EMAIL_PREFIX: 'foi+'
INCOMING_EMAIL_SECRET
Used for hash in request email address.

Example:

  • INCOMING_EMAIL_SECRET: '11ae 4e3b 70ff c001 3682 4a51 e86d ef5f'
INCOMING_EMAIL_SPAM_ACTION INCOMING_EMAIL_SPAM_HEADER & INCOMING_EMAIL_SPAM_THRESHOLD

Introduced in Alaveteli 0.22.2.0

Filter incoming mail that looks like spam. Spam can be redirected to the holding pen or discarded.

If you filter incoming emails through a spam detector like SpamAssassin, you can configure Alaveteli to filter messages with a high spam score.

This feature requires the messages to contain a header with a numeric spam score, and INCOMING_EMAIL_SPAM_ACTION, INCOMING_EMAIL_SPAM_HEADER and INCOMING_EMAIL_SPAM_THRESHOLD to be configured before the filtering will take effect.

Examples:

  • INCOMING_EMAIL_SPAM_ACTION: 'discard'
  • INCOMING_EMAIL_SPAM_ACTION: 'holding_pen'
  • INCOMING_EMAIL_SPAM_ACTION: 'false'
  • INCOMING_EMAIL_SPAM_HEADER: 'X-mySociety-Spam-Score'
  • INCOMING_EMAIL_SPAM_THRESHOLD: 20
BLACKHOLE_PREFIX
Used as envelope from at the incoming email domain for cases where you don't care about failure.

Example:

  • BLACKHOLE_PREFIX: 'do-not-reply-to-this-address'
CONTACT_EMAIL & CONTACT_NAME
Email "from" details. See also How Alaveteli handles email.

Examples:

  • CONTACT_EMAIL: 'team@example.com'
  • CONTACT_NAME: 'Alaveteli Webmaster'
TRACK_SENDER_EMAIL & TRACK_SENDER_NAME
Email "from" details for track messages. See also How Alaveteli handles email.

Examples:

  • TRACK_SENDER_EMAIL: 'alaveteli@example.com'
  • TRACK_SENDER_NAME: 'Alaveteli Webmaster'
RAW_EMAILS_LOCATION
Where the raw incoming email data gets stored. Make sure you back this up!

Example:

  • RAW_EMAILS_LOCATION: 'files/raw_emails'
EXCEPTION_NOTIFICATIONS_FROM & EXCEPTION_NOTIFICATIONS_TO
Email address(es) used for sending exception notifications.

Examples:

  • EXCEPTION_NOTIFICATIONS_FROM: do-not-reply-to-this-address@example.com
    
    EXCEPTION_NOTIFICATIONS_TO:
     - robin@example.com
     - seb@example.com
    
FORWARD_NONBOUNCE_RESPONSES_TO
The email address to which non-bounce responses should be forwarded. See also How Alaveteli handles email.

Example:

  • FORWARD_NONBOUNCE_RESPONSES_TO: user-support@example.com
MTA_LOG_PATH
Path to your exim or postfix log files that will get sucked up by script/load-mail-server-logs.

Example:

  • MTA_LOG_PATH: '/var/log/exim4/exim-mainlog-*'
MTA_LOG_TYPE
Are you using "exim" or "postfix" for your Mail Transfer Agent (MTA)?

Example:

  • MTA_LOG_TYPE: "exim"
PRODUCTION_MAILER _DELIVERY_METHOD
What delivery method is being used for outgoing emails in production? The default value is sendmail, but there is experimental support for smtp. If you want to use an external SMTP server to send email, then you will also need to include SMTP configuration settings: SMTP_MAILER_ADDRESS, SMTP_MAILER_PORT, SMTP_MAILER_DOMAIN, SMTP_MAILER_USER_NAME, SMTP_MAILER_PASSWORD, SMTP_MAILER_AUTHENTICATION and SMTP_MAILER_ENABLE_STARTTLS_AUTO.

Example:

  • PRODUCTION_MAILER_DELIVERY_METHOD: "sendmail"
SMTP_MAILER_ADDRESS
Set this to localhost to use a local SMTP server, or the remote address of your SMTP server. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_ADDRESS: "smtp.gmail.com"
SMTP_MAILER_PORT
On the off chance that your mail server doesn't run on port 25, you can change it. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_PORT: 25
SMTP_MAILER_DOMAIN
If you need to specify a HELO domain, you can do it here. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_DOMAIN: gmail.com
SMTP_MAILER_USER_NAME
If your mail server requires authentication, set the username in this setting. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_USER_NAME: alaveteli
SMTP_MAILER_PASSWORD
If your mail server requires authentication, set the password in this setting. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_PASSWORD: supersecretpassword
SMTP_MAILER_AUTHENTICATION
If your mail server requires authentication, you need to specify the authentication type here. This is one of plain, login, cram_md5. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_AUTHENTICATION: plain
SMTP_MAILER_ENABLE_STARTTLS_AUTO
Set this to false if there is a problem with your server certificate that you cannot resolve. Only required if PRODUCTION_MAILER_DELIVERY_METHOD is set to smtp.

Example:

  • SMTP_MAILER_ENABLE_STARTTLS_AUTO: true
PRODUCTION_MAILER_RETRIEVER_METHOD

Introduced in Alaveteli 0.30.0.0

What retrieval method is being used for incoming emails in production?

The default value is passive - incoming emails must be piped into the application via the mailin script. There is experimental support for polling a POP3 server for messages, if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

For some guidance on considerations and setup for running a POP service, see how Alaveteli handles email.

If you want to use an external POP3 server to receive email, then you will also need to include POP configuration settings: POP_MAILER_ADDRESS, POP_MAILER_PORT, POP_MAILER_USER_NAME, POP_MAILER_PASSWORD and POP_MAILER_ENABLE_SSL.

Example:

  • PRODUCTION_MAILER_RETRIEVER_METHOD: "passive"
POP_MAILER_ADDRESS

Introduced in Alaveteli 0.30.0.0

Set this to the address of the POP3 server you want to poll for incoming messages. Only required if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

Example:

  • POP_MAILER_ADDRESS: 'localhost'
POP_MAILER_PORT

Introduced in Alaveteli 0.30.0.0

The port that your POP3 server accepts connections on. Only required if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

Example:

  • POP_MAILER_PORT: 995
POP_MAILER_USER_NAME

Introduced in Alaveteli 0.30.0.0

Set the username of the account user to connect to the POP server. Only required if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

Example:

  • POP_MAILER_USER_NAME: 'jane322'
POP_MAILER_PASSWORD

Introduced in Alaveteli 0.30.0.0

Set the password of the account user to connect to the POP server. Only required if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

Example:

  • POP_MAILER_PASSWORD: 'supersecretpassword'
POP_MAILER_ENABLE_SSL

Introduced in Alaveteli 0.30.0.0

Should Alaveteli use SSL when connecting to the POP3 server used? Only required if PRODUCTION_MAILER_RETRIEVER_METHOD is set to pop.

Example:

  • POP_MAILER_ENABLE_SSL: true
RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS

Introduced in Alaveteli 0.23.0.0

Number of months after which to start restricting new responses to requests. When a request has not been updated after RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS, allow_new_responses_from is set to 'authority_only'. After RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS × 4 , allow_new_responses_from is set to 'nobody'.

For details of this process, see old requests.

Examples:

  • RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS: 3
COOKIE_STORE_SESSION_SECRET
Secret key for signing cookie_store sessions. Make it long and random.

Example:

  • COOKIE_STORE_SESSION_SECRET: 'uIngVC238Jn9NsaQizMNf89pliYmDBFugPjHS2JJmzOp8'
RECAPTCHA_SITE_KEY & RECAPTCHA_SECRET_KEY
Recaptcha, for detecting humans. Get keys here: https://www.google.com/recaptcha

Examples:

  • RECAPTCHA_SITE_KEY: '7HoPjGBBBBBBBBBkmj78HF9PjjaisQ893'
    (Called RECAPTCHA_PUBLIC_KEY before release 0.32)
  • RECAPTCHA_SECRET_KEY: '7HjPjGBBBBBCBBBpuTy8a33sgnGG7A'
    (Called RECAPTCHA_PRIVATE_KEY before release 0.32)
GEOIP_DATABASE
Alaveteli uses a GeoIP database to determine the country from the IP address of an HTTP request to the site (this lets us suggest an Alaveteli in the user's country if one exists). You shouldn't need to change this if you have the geoip-database package installed as specified in the config/packages files.

Example:

  • GEOIP_DATABASE: /usr/share/GeoIP/GeoIP.dat
GAZE_URL
In the absence of a GeoIP database, Alaveteli can use Gaze, mySociety's gazeteer, to determine the country from the IP address of an HTTP request to the site. You shouldn't normally need to change this.

Example:

  • GAZE_URL: http://gaze.mysociety.org
GA_CODE (GA=Google Analytics)
Adding a value here will enable Google Analytics on all non-admin pages for non-admin users.

Examples:

  • GA_CODE: ''
  • GA_CODE: 'AB-8222142-14'
UTILITY_SEARCH_PATH
Search path for external command-line utilities (such as pdftohtml, pdftk, unrtf).

Example:

  • UTILITY_SEARCH_PATH: ["/usr/bin", "/usr/local/bin"]
SHARED_FILES_PATH
In some deployments of Alaveteli you may wish to install each newly deployed version alongside the previous ones, in which case certain files and resources should be shared between these installations. For example, the files directory, the cache directory and the generated graphs such as public/foi-live-creation.png. If you're installing Alaveteli in such a setup then set SHARED_FILES_PATH to the directory you're keeping these files under. Otherwise, leave it blank.

Example:

  • SHARED_FILES_PATH: ''
SHARED_FILES & SHARED_DIRECTORIES
If you have SHARED_FILES_PATH set, then these options list the files and directories that are shared; i.e. those to which the deploy scripts should create symlinks from the repository.

Examples:

  • SHARED_FILES:
     - config/database.yml
     - config/general.yml
     - config/rails_env.rb
     - config/httpd.conf
     - public/foi-live-creation.png
     - public/foi-user-use.png
     - config/aliases
                
  • SHARED_DIRECTORIES:
     - files/
     - cache/
     - lib/acts_as_xapian/xapiandbs/
     - vendor/bundle
     - public/assets
                
NEW_RESPONSE_REMINDER_AFTER_DAYS
Number of days after which to send a 'new response reminder'.

Example:

  • NEW_RESPONSE_REMINDER_AFTER_DAYS: [3, 10, 24]
AUTHORITY_MUST_RESPOND
Introduced in Alaveteli version 0.21
Set this to true if authorities must respond by law. Set to false otherwise. It defaults to true. At the moment this just controls the display of some UI text telling users that the authority must respond to them by law.

Example:

  • AUTHORITY_MUST_RESPOND: true
MAX_REQUESTS_PER_USER_PER_DAY
This rate limiting can be turned off per-user via the admin interface.

Example:

  • MAX_REQUESTS_PER_USER_PER_DAY: 6
OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS
If you want to override all the public body request emails with your own email address so that request emails that would normally go to the public body go to you, use this setting. This is useful for a staging server, so you can play with the whole process of sending requests without inadvertently sending an email to a real authority.

Examples:

  • OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS: test-email@foo.com
  • If you don't want this behaviour, comment the setting out
    # OVERRIDE_ALL_PUBLIC_BODY_REQUEST_EMAILS:
ALLOW_BATCH_REQUESTS
Allow some users to make batch requests to multiple authorities. Once this is set to true, you can enable batch requests for an individual user via the user admin page. The admin manual has more about batch requests including why you should be cautious about enabling this feature.

Example:

  • ALLOW_BATCH_REQUESTS: false
PUBLIC_BODY_LIST_FALLBACK_TO_DEFAULT_LOCALE
If you would like the public body list page to include bodies that have no translation in the current locale (but which do have a translation in the default locale), set this to true.

Example:

  • PUBLIC_BODY_LIST_FALLBACK_TO_DEFAULT_LOCALE: false
ENABLE_WIDGETS
If you would like to give users the opportunity to insert HTML 'widgets' into their other websites, advertising the requests they've made in Alaveteli, set this to true. A link to add a widget will appear in the sidebar of each request page. Users following the link can preview the widget for that request, and cut and paste the HTML to produce the widget into their own site.

Example:

  • ENABLE_WIDGETS: false
ENABLE_TWO_FACTOR_AUTH

Introduced in Alaveteli 0.23.0.0

Enable a second step of authentication for dangerous account actions. Currently only active for changing password. Two factor auth is opt-in per user.

Example:

  • ENABLE_TWO_FACTOR_AUTH: true
ENABLE_ANNOTATIONS

Introduced in Alaveteli 0.25.0.0

Enable the annotations (comments on requests) feature. Annotations are on by default as they've been a standard feature for some time, but this setting allows new sites to turn them off if they're not desired.

Example:

  • ENABLE_ANNOTATIONS: true
BLOG_FEED

These feeds are displayed accordingly on the Alaveteli "blog" page.

Currently WordPress is the only "officially supported" external blog feed, but other feeds may work if they use the same data format.

Example:

  • BLOG_FEED: 'https://www.mysociety.org/category/projects/whatdotheyknow/feed/'
FACEBOOK_USERNAME
Makes your Facebook page URL available to the application. Also adds a Facebook link to the footer.

Examples:

  • FACEBOOK_USERNAME: whatdotheyknowcom
TWITTER_USERNAME TWITTER_WIDGET_ID
If you want a twitter feed displayed on the "blog" page, provide the widget ID and username.

Examples:

  • TWITTER_USERNAME: WhatDoTheyKnow
  • TWITTER_WIDGET_ID: '833549204689320031'
DONATION_URL
URL where people can donate to the organisation running the site. If set, this will be included in the message people see when their request is successful.

Example:

  • DONATION_URL: "https://www.mysociety.org/donate/"
DEBUG_RECORD_MEMORY
For debugging memory problems. If true, Alaveteli logs the memory use increase of the Ruby process due to the request (Linux only). Since Ruby never returns memory to the OS, if the existing process previously served a larger request, this won't show any consumption for the later request.

Example:

  • DEBUG_RECORD_MEMORY: false
VARNISH_HOST
If you're running behind Varnish, it might help to set this to work out where to send purge requests. Otherwise, don't set it.

Examples:

  • VARNISH_HOST: null
  • VARNISH_HOST: localhost
USE_MAILCATCHER_IN_DEVELOPMENT
If true, while in development mode, try to send mail by SMTP to port 1025 (the port the mailcatcher listens on by default):

Example:

  • USE_MAILCATCHER_IN_DEVELOPMENT: true
USE_GHOSTSCRIPT_COMPRESSION
Currently we default to using pdftk to compress PDFs. You can optionally try Ghostscript, which should do a better job of compression. Some versions of pdftk are buggy with respect to compression, in which case Alaveteli doesn't recompress the PDFs at all and logs a warning message "Unable to compress PDF" — which would be another reason to try this setting.

Example:

  • USE_GHOSTSCRIPT_COMPRESSION: true
HTML_TO_PDF_COMMAND
Path to a program that converts an HTML page in a file to PDF. It should take two arguments: the URL, and a path to an output file. A static binary of wkhtmltopdf is recommended. If the command is not present, a text-only version will be rendered instead.

Example:

  • HTML_TO_PDF_COMMAND: /usr/local/bin/wkhtmltopdf-amd64
CACHE_FRAGMENTS
Use memcached to cache HTML fragments for better performance. This will only have an effect in environments where config.action_controller.perform_caching is set to true

Example:

  • CACHE_FRAGMENTS: true

Other configuration settings and files

There are more configuration settings for Alaveteli Professional and Alaveteli Pro Pricing.

Note that there are other configuration files for Alaveteli — you’ll find them all in the config directory. These are presented in the git repository as *-example files which you can copy into place.

database.yml
database settings (as per Rails)
deploy.yml
deployment specifications used by Capistrano
httpd.conf, nginx.conf
Apache and Nginx configuration suggestions