# Database setup. The driver can be either 'sqlite', 'mysql' or 'postgres'.## For SQLite, only the databasename is required. However, MySQL and PostgreSQL# also require 'username', 'password', and optionally 'host' ( and 'port' ) if the database# server is not on the same host as the web server.## If you're trying out Bolt, just keep it set to SQLite for now.database: driver: sqlite databasename: bolt username: bolt password: I_love_java# The name of the websitesitename: A sample sitepayoff: The amazing payoff goes here# The theme to use.## Don't edit the provided templates directly, because they _will_ get updated# in next releases. If you wish to modify a default theme, copy its folder, and# change the name here accordingly.theme: base-2018# The locale that'll be used by the application. If no locale is set the# fallback locale is 'en_GB'. For available options, see:# https://docs.bolt.cm/other/locales## In some cases it may be needed to specify (non-standard) variations of the# locale to get everything to work as desired.## This can be done as [nl_NL, Dutch_Netherlands] when specifying multiple# locales, ensure the first is a standard locale.locale: en_GB# Set the timezone to be used on the website. For a list of valid timezone# settings, see: http://php.net/manual/en/timezones.php# timezone: UTC# Set maintenance mode on or off.## While in maintenance mode, only users that are logged in to the Bolt backend # can access the site.## All other visitors are presented with a notice that the site is currently# offline.## The default template file can be found in /app/theme_defaults/ and overridden# with this option using your own theme.## Note: If you've changed the filename, and your changes do not show up on the# website, be sure to check for a config.yml file in your theme's folder.# If a template is set there, it will override the setting here.maintenance_mode: falsemaintenance_template: maintenance_default.twig# The hour of the day for the internal cron task scheduler to run daily, weekly,# monthly and yearly jobs.## Default: 3 (3 am)cron_hour: 3# If your site is reachable under different urls (say, both blog.example.org/# as well as example.org/), it's a good idea to set one of these as the# canonical, so it's clear which is the primary address of the site.## If you include `https://`, it will be included in the canonical urls.#canonical: example.org# Bolt can insert a <link rel="shortcut icon"> for all pages on the site.# Note: The location given is relative to the currently selected theme. If# you want to set the icon yourself, just don't enable the following line.#favicon: images/favicon-bolt.ico# The default content to use for the homepage, and the template to render it# with. This can either be a specific record (like `page/1`) or a listing of# records (like `entries`). In the chosen 'homepage_template', you will have# `record` or `records` at your disposal, depending on the 'homepage' setting.## Note: If you've changed the filename, and your changes do not show up on# the website, be sure to check for a theme.yml file in your theme's# folder. If a template is set there, it will override the setting here.homepage: homepage/1homepage_template: index.twig# The default content for the 404 page. Can be an (array of) template names or# identifiers for records, which will be tried until a match is found.## Note: The record specified in this parameter must be set to 'published'.notfound: [ not-found.twig, block/404-not-found ]# The default template for single record pages on the# site.## Can be overridden for each contenttype and for each record, if it has a# 'templateselect' field.## Note: If you've changed the filename, and your changes do not show up on the# website, be sure to check for a config.yml file in your theme's folder.# If a template is set there, it will override the setting here.record_template: record.twig# The default template and amount of records to use for listing-pages on the# site.## Can be overridden for each contenttype.## Note 1: Sorting on TAXONOMY-pages will give unexpected results, if it has a# pager.# If you need sorting on those, make sure you display all the records on one# page.## Note 2: If you've changed the filename, and your changes do not show up on the# website, be sure to check for a config.yml file in your theme's# folder. If a template is set there, it will override the setting here.listing_template: listing.twiglisting_records: 6listing_sort: datepublish DESC# Because of limitations on how the underlying database queries work, there are# only two options for sorting on taxonomies. 'ASC' for roughly "oldest first"# and 'DESC' for roughly 'newest first'.taxonomy_sort: DESC# Template for showing the search results. If not defined, uses the settings for# listing_template and listing_records.## Note: If you've changed the filename, and your changes do not show up on the# website, be sure to check for a config.yml file in your theme's folder.# If a template is set there, it will override the setting here.search_results_template: search.twigsearch_results_records: 10# Add jQuery to the rendered HTML, whether or not it's added by an extension.add_jquery: false# The default amount of records to show on overview pages. Can be overridden# for each contenttype.recordsperpage: 10# Settings for caching in parts of Bolt.# - config: Caches the parsed .yml files from /app/config. It's updated# immediately when one of the files changes on disk. There# should be no good reason to turn this off.## - templates: Caches rendered templates.## - request: Caches rendered pages in the configured HTTP reverse proxy# cache, on GET & HEAD requests.# By default this is handled by Syfmony HTTP Cache.## - duration: The duration (in minutes) for the 'templates' and 'request'# options. default is 10 minutes. Note that the duration is set# on storing the cache. By lowering this value you will not# invalidate currently cached items.## - authenticated: Cache 'templates' and 'request' for logged-on users. In most# cases you should *NOT* enable this, because it will cause# side-effects if the website shows different content to# authenticated users.## - thumbnails: Caches thumbnail generation.## - translations: Caches translation files. It is recommend to leave this# enabled. Only if you develop extensions and work with# translation files you should turn this off.caching: config: true templates: true request: false duration: 10 authenticated: false thumbnails: true translations: true# Set 'enabled' to 'true' to log all content changes in the database.## Unless you need to rigorously monitor every change to your site's content, it# is recommended to keep this disabled.changelog: enabled: false# Default settings for thumbnails.## Quality should be between 0 (horrible, small file) and 100 (best, huge file).## cropping: One of either crop, fit, borders, resize.# default_thumbnail: The default size of images, when using# {{ record.image|thumbnail() }}# default_image: The default size of images, when using# {{ record.image|image() }}# allow_upscale: Determines whether small images will be enlarged to fit# the requested dimensions.# browser_cache_time: Sets the amount of seconds that the browser will cache# images for. Set it to activate browser caching.## Note: If you change these values, you might need to clear the cache before# they show up.thumbnails: default_thumbnail: [ 160, 120 ] default_image: [ 1000, 750 ] quality: 80 cropping: crop notfound_image: bolt_assets://img/default_notfound.png error_image: bolt_assets://img/default_error.png save_files: false allow_upscale: false exif_orientation: true only_aliases: false# browser_cache_time: 2592000# Define the HTML tags and attributes that are allowed in 'cleaned' HTML. This# is used for sanitizing HTML, to make sure there are no undesirable elements# left in the content that is shown to users. For example, tags like `<script>`# or `onclick`-attributes.# Note: enabling options in the `wysiwyg` settings will implicitly add items to# the allowed tags. For example, if you set `images: true`, the `<img>` tag# will be allowed, regardless of it being in the `allowed_tags` setting.htmlcleaner: allowed_tags: [ div, span, p, br, hr, s, u, strong, em, i, b, li, ul, ol, mark, blockquote, pre, code, tt, h1, h2, h3, h4, h5, h6, dd, dl, dt, table, tbody, thead, tfoot, th, td, tr, a, img, address, abbr, iframe, caption, sub, sup, figure, figcaption ] allowed_attributes: [ id, class, style, name, value, href, src, alt, title, width, height, frameborder, allowfullscreen, scrolling, target, colspan, rowspan, download, hreflang ]# Uploaded file handling## You can change the pattern match and replacement on uploaded files and if the# resulting filename should be transformed to lower case.## Setting 'autoconfirm: true' prevents the creation of temporary lock files# while uploading.## upload:# pattern: '[^A-Za-z0-9\.]+'# replacement: '-'# lowercase: true# autoconfirm: false# Define the file types (extensions to be exact) that are acceptable for upload# in either 'file' fields or through the 'files' screen. Note that certain file-# types are never acceptable, even if they are in this list. These types are# never allowed: sh, asp, cgi, php, php3, ph3, php4, ph4, php5, ph5, phtm, phtmlaccept_file_types: [ twig, html, js, css, scss, gif, jpg, jpeg, png, ico, zip, tgz, txt, md, doc, docx, pdf, epub, xls, xlsx, ppt, pptx, mp3, ogg, wav, m4a, mp4, m4v, ogv, wmv, avi, webm, svg]# Alternatively, if you wish to limit these, uncomment the following list# instead. It just includes file types / extensions that are harder to exploit.# accept_file_types: [ gif, jpg, jpeg, png, txt, md, pdf, epub, mp3, svg ]# If you want to 'brand' the Bolt backend for a client, you can change some key# variables here, that determine the name of the backend, and adds a primary# support/contact link to the footer. Add a scheme, like `mailto:` or# `https://` to the email or URL.## Additionally you can change the mount point for the backend, either for# convenience or to obscure it from prying eyes.## The Bolt backend is accessible as `/bolt/` by default. If you change it here,# it will only be accessible through the value set in 'path'.# Keep the path simple: lowercase only, no extra slashes or other special# characters.# branding:# name: SuperCMS# path: /admin# provided_by: [ supercool@example.org, "Supercool Webdesign Co." ]# news_source: http://news.example.org# news_variable: news# Show the 'debug' nut in the lower right corner for logged-in user. By default,# the debugbar is only shown to logged-in users. Use the 'debug_show_loggedoff'# option to show it to all users. You probably do not want to use this in a# production environment.debug: truedebug_show_loggedoff: truedebug_permission_audit_mode: falsedebug_error_level: 8181 # equivalent to E_ALL &~ E_NOTICE &~ E_DEPRECATED &~ E_USER_DEPRECATED &~ E_WARNING# debug_error_level: -1 # equivalent to E_ALLdebug_error_use_symfony: false # When set to true, Symfony Profiler will be used for exception display when possibledebug_trace_argument_limit: 4 # Determine how many steps in the backtrace will show (dump) arguments.# error level when debug is disabledproduction_error_level: 8181 # = E_ALL &~ E_NOTICE &~ E_WARNING &~ E_DEPRECATED &~ E_USER_DEPRECATED# System debug logging# This will enable intensive logging of Silex functions and will be very hard on# performance and log file size. The log file will be created in your cache# directory.## Enable this for short time periods only when diagnosing system issues.# The level can be either: DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCYdebuglog: enabled: false filename: bolt-debug.log level: DEBUG# Use strict variables. This will make Bolt complain if you use {{ foo }},# when foo doesn't exist.strict_variables: false# There are several options for giving editors more options to insert images,# video, etc in the WYSIWYG areas. But, as you give them more options, that# means they also have more ways of breaking the preciously designed layout.## By default the most 'dangerous' options are set to 'false'. If you choose to# enable them for your editors, please instruct them thoroughly on their# responsibility not to break the layout.wysiwyg: images: false # Allow users to insert images in the content. styles: false # Allow users to use the custom styles you have defined (you need to set the "stylesSet" param in the ck section bellow) anchor: false # Adds a button to create internal anchors to link to. tables: false # Adds a button to insert and modify tables in the content. fontcolor: false # Allow users to mess around with font coloring. align: false # Adds buttons for 'align left', 'align right', etc. subsuper: false # Adds buttons for subscript and superscript, using `<sub>` and `<sup>`. embed: false # Allows the user to insert embedded video's from Youtube, Vimeo, etc. underline: false # Adds a button to underline text, using the `<u>`-tag. ruler: false # Adds a button to add a horizontal ruler, using the `<hr>`-tag. strike: false # Adds a button to add stikethrough, using the `<s>`-tag. blockquote: false # Allows the user to insert blockquotes using the `<blockquote>`-tag. codesnippet: false # Allows the user to insert code snippets using `<pre><code>`-tags. specialchar: false # Adds a button to insert special chars like '€' or '™'. clipboard: false # Adds buttons to 'undo' and 'redo'. copypaste: false # Adds buttons to 'cut', 'copy' and 'paste'. abbr: true # Adds button to insert abbreviations using the `<abbr>`-tag ck: autoParagraph: true # If set to 'true', any pasted content is wrapped in `<p>`-tags for multiple line-breaks disableNativeSpellChecker: true # If set to 'true' it will stop browsers from underlining spelling mistakes allowNbsp: false # If set to 'false', the editor will strip out ` ` characters. If set to 'true', it will allow them. ¯\_(ツ)_/¯ #stylesSet: "custom:/path/to/your/custom/styles.js" see https://ckeditor.com/docs/ckeditor4/latest/guide/dev_styles.html for more informations# Bolt uses the Google maps API for it's geolocation field and Google now# requires that it be loaded with an API key on new domains. You can generate# a key at https://developers.google.com/maps/documentation/javascript/get-api-key# and enter it here to make sure that the geolocation field works.# google_api_key:# Global option to enable/disable the live editorliveeditor: false# Use the 'mailoptions' setting to configure how Bolt sends email: using 'smtp'# or PHP's built-in `mail()`-function.# Note that the latter might _seem_ easier, but it's been disabled by a lot of# webhosts, in order to prevent spam from wrongly configured scripts. If you use# it, your mail might disappear into a black hole, without producing any errors.# Generally speaking, using 'smtp' is the better option, so use that if possible.## Protip: If your webhost does not support SMTP, sign up for a (free) Sparkpost# account at https://www.sparkpost.com/pricing/ for sending emails reliably.## The mail defaults use bolt@yourhostname with the site title as a default.# Override this with the senderName and senderMail fields# mailoptions:# transport: smtp# spool: true# host: localhost# port: 25# username: username# password: password# encryption: null# auth_mode: null# senderMail: null# senderName: null# mailoptions:# transport: mail# spool: false# Bolt allows some modifications to how 'strict' login sessions are. For every# option that is set to true, it becomes harder for a bad-willing person to# spoof your login session. However, it also requires you to re-authenticate# more often if you change location(ip-address) or your browser has frequent# upgrades. Only change these if you know what you're doing, and you're having# issues with the default settings.## Note: If you change any of these, all current users will automatically be# logged off.cookies_use_remoteaddr: truecookies_use_browseragent: falsecookies_use_httphost: true# The length of time a user stays 'logged in'. Change to 0 to end the session# when the browser is closed.## The default is 1209600 (two weeks, in seconds).cookies_lifetime: 1209600# Set the session cookie to a specific domain. Leave blank, unless you know what# you're doing.## When set incorrectly, you might not be able to log on at all.## If you'd like it to be valid for all subdomains of 'www.example.org', set this# to '.example.org'.cookies_domain:# The hash_strength determines the amount of iterations for encrypting# passwords.## A higher number means a harder to decrypt password, but takes longer to# compute. '8' is the minimum, '10' is the default, '12' is better.hash_strength: 10# Bolt sets the `X-Frame-Options` and `Frame-Options` to `SAMEORIGIN` by# default, to prevent the web browser from rendering an iframe if origin# mismatch (i.e. iframe source refers to a different domain).## Setting this to 'false', will prevent the setting of these headers.# headers:# x_frame_options: true# Bolt uses market.bolt.cm to fetch it's extensions by default. You can# change that URL here.## Do not change this, unless you know what you're doing, and understand the# associated risks. If you use 'http://market.bolt.cm', Bolt will not use# SSL, increasing the risk for a MITM attacks.# extensions:# site: 'https://market.bolt.cm/'# enabled: true# composer:# minimum-stability: stable # Either 'stable', 'beta', or 'dev'. Setting 'dev' will allow you to install dev-master versions of extensions.# prefer-stable: true # Prefer stable releases over development ones# prefer-dist: true # Forces installation from package dist even for dev versions.# prefer-source: false # Forces installation from package sources when possible, including VCS information.# config:# optimize-autoloader: false # Optimize autoloader during autoloader dump.# classmap-authoritative: false # Autoload classes from the classmap only. Implicitly enables `optimize-autoloader`.# Enforcing the use of SSL. If set, all pages will enforce an SSL connection,# and redirect to HTTPS if you attempt to visit plain HTTP pages.# enforce_ssl: true# If configured, Bolt will trust X-Forwarded-XXX headers from the listed IP# addresses and ranges when determining whether the current request is# 'secure'.## This is required to correctly determine the current hostname and protocol# (HTTP vs. HTTPS) when running behind some proxy, e.g. a load balancer, cache,# or SSL proxy.## List the IP addresses or subnets that you know are such proxies.## Note: Allowing hosts here that may not be trusted proxies is a security risk.# If you do not understand what this does, it is probably best to not# touch it.# trustProxies:# - 127.0.0.1 # Required. Otherwise internal subrequests break.# - 10.0.0.0/8# If you want Bolt installation get news through a proxy# httpProxy:# host: scheme://my.proxy.server:port# user: [usr]# password: [pwd]# Options for backend user interface# backend:# news:# disable: true # Disable news panel. Defaults to false. "Alerts" will still be shown.# stack:# disable: true # Disable stack usage. Defaults to false.# Options that will be forced in next major versioncompatibility: # Whether to return TemplateView instead of TemplateResponse from Controller\Base::render() # Response methods cannot be used on TemplateView objects. # Setting this value to false is deprecated. template_view: true # Set to 'false' to enable using a newer version of the setcontent parser. setcontent_legacy: true