Site configuration

Site configuration defines how various Sourcegraph features behave. See the full reference below for a comprehensive list of site configuration options.

View and edit site configuration

Site admins can view and edit site configuration on a Sourcegraph instance:

  1. Go to User menu > Site admin.
  2. Open the Configuration page. (The URL is https://sourcegraph.example.com/site-admin/configuration.)

Reference

All site configuration options and their default values are shown below.

admin/config/site.schema.json

{
	// Customize Sourcegraph homepage logo and search icon.
	//
	// Only available in Sourcegraph Enterprise.
	"branding": null,
	// Other example values:
	// - {
	//     "dark": {
	//       "logo": "https://example.com/logo_dark.png",
	//       "symbol": "https://example.com/search_symbol_dark_24x24.png"
	//     },
	//     "disableSymbolSpin": true,
	//     "favicon": "https://example.com/favicon.ico",
	//     "light": {
	//       "logo": "https://example.com/logo_light.png",
	//       "symbol": "https://example.com/search_symbol_light_24x24.png"
	//     }
	//   }

	// The externally accessible URL for Sourcegraph (i.e., what you type into your browser). Previously called `appURL`. Only root URLs are allowed.
	"externalURL": null,
	// Other example values:
	// - "https://sourcegraph.example.com"

	// Controls the settings for distributed tracing.
	"observability.tracing": null,

//////////////////////////////////////////////////////////////
// Authentication
//////////////////////////////////////////////////////////////

	// Enables users to change their username after account creation. Warning: setting this to be true has security implications if you have enabled (or will at any point in the future enable) repository permissions with an option that relies on username equivalency between Sourcegraph and an external service or authentication provider. Do NOT set this to true if you are using non-built-in authentication OR rely on username equivalency for repository permissions.
	"auth.enableUsernameChanges": false,

	// The minimum number of Unicode code points that a password must contain.
	"auth.minPasswordLength": 12,

	// The authentication providers to use for identifying and signing in users. See instructions below for configuring SAML, OpenID Connect (including G Suite), and HTTP authentication proxies. Multiple authentication providers are supported (by specifying multiple elements in this array).
	"auth.providers": [
		{
			"allowSignup": true,
			"type": "builtin"
		}
	],

	// WARNING: This option has been removed as of 3.8.
	"auth.public": false,

	// The duration of a user session, after which it expires and the user is required to re-authenticate. The default is 90 days. There is typically no need to set this, but some users may have specific internal security requirements.
	//
	// The string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). E.g., "720h", "43200m", "2592000s" all indicate a timespan of 30 days.
	//
	// Note: changing this field does not affect the expiration of existing sessions. If you would like to enforce this limit for existing sessions, you must log out currently signed-in users. You can force this by removing all keys beginning with "session_" from the Redis store:
	//
	// * For deployments using `sourcegraph/server`: `docker exec $CONTAINER_ID redis-cli --raw keys 'session_*' | xargs docker exec $CONTAINER_ID redis-cli del`
	// * For cluster deployments: 
	//   ```
	//   REDIS_POD="$(kubectl get pods -l app=redis-store -o jsonpath={.items[0].metadata.name})";
	//   kubectl exec "$REDIS_POD" -- redis-cli --raw keys 'session_*' | xargs kubectl exec "$REDIS_POD" -- redis-cli --raw del;
	//   ```
	"auth.sessionExpiry": "2160h",
	// Other example values:
	// - "168h"

//////////////////////////////////////////////////////////////
// Campaigns
//////////////////////////////////////////////////////////////

	// DEPRECATED: The automation feature was renamed to campaigns. Use `campaigns.readAccess.enabled` instead.
	"automation.readAccess.enabled": null,

	// Enables read-only access to campaigns for non-site-admin users. This is a setting for the experimental campaigns feature. These will only have an effect when campaigns is enabled with `{"experimentalFeatures": {"automation": "enabled"}}`.
	"campaigns.readAccess.enabled": null,

//////////////////////////////////////////////////////////////
// Debug
//////////////////////////////////////////////////////////////

	// (debug) controls the amount of symbol search parallelism. Defaults to 20. It is not recommended to change this outside of debugging scenarios. This option will be removed in a future version.
	"debug.search.symbolsParallelism": null,
	// Other example values:
	// - ["20"]

	// (debug) logs all GraphQL requests slower than the specified number of milliseconds.
	"observability.logSlowGraphQLRequests": null,
	// Other example values:
	// - ["10000"]

	// (debug) logs all search queries (issued by users, code intelligence, or API requests) slower than the specified number of milliseconds.
	"observability.logSlowSearches": null,
	// Other example values:
	// - ["10000"]

//////////////////////////////////////////////////////////////
// Email
//////////////////////////////////////////////////////////////

	// The "from" address for emails sent by this server.
	"email.address": "[email protected]",

	// The SMTP server used to send transactional emails (such as email verifications, reset-password emails, and notifications).
	"email.smtp": null,
	// Other example values:
	// - {
	//     "authentication": "PLAIN",
	//     "host": "smtp.example.com",
	//     "password": "mypassword",
	//     "port": 465,
	//     "username": "alice"
	//   }

//////////////////////////////////////////////////////////////
// Experimental
//////////////////////////////////////////////////////////////

	// Experimental features to enable or disable. Features that are now enabled by default are marked as deprecated.
	"experimentalFeatures": null,
	// Other example values:
	// - {
	//     "customGitFetch": [
	//       {
	//         "domainPath": "somecodehost.com/path/to/repo",
	//         "fetch": "customgitbinary someflag"
	//       },
	//       {
	//         "domainPath": "somecodehost.com/path/to/anotherrepo",
	//         "fetch": "customgitbinary someflag anotherflag"
	//       }
	//     ]
	//   }

//////////////////////////////////////////////////////////////
// Extensions
//////////////////////////////////////////////////////////////

	// Configures Sourcegraph extensions.
	"extensions": {
		"remoteRegistry": "https://sourcegraph.com/.api/registry"
	},
	// Other example values:
	// - {
	//     "allowRemoteExtensions": [
	//       "sourcegraph/java"
	//     ],
	//     "remoteRegistry": "https://sourcegraph.com/.api/registry"
	//   }

//////////////////////////////////////////////////////////////
// External services
//////////////////////////////////////////////////////////////

	// Disable periodically fetching git contents for existing repositories.
	"disableAutoGitUpdates": false,

	// Disable redirects to sourcegraph.com when visiting public repositories that can't exist on this server.
	"disablePublicRepoRedirects": null,

	// JSON array of configuration that maps from Git clone URL to repository name. Sourcegraph automatically resolves remote clone URLs to their proper code host. However, there may be non-remote clone URLs (e.g., in submodule declarations) that Sourcegraph cannot automatically map to a code host. In this case, use this field to specify the mapping. The mappings are tried in the order they are specified and take precedence over automatic mappings.
	"git.cloneURLToRepositoryName": null,

	// Maximum number of git clone processes that will be run concurrently to update repositories.
	"gitMaxConcurrentClones": 5,

	// URL to fetch unreachable repository details from. Defaults to "https://sourcegraph.com"
	"parentSourcegraph": null,

	// Interval (in minutes) for checking code hosts (such as GitHub, Gitolite, etc.) for new repositories.
	"repoListUpdateInterval": 1,

//////////////////////////////////////////////////////////////
// Misc.
//////////////////////////////////////////////////////////////

	// Disable aggregated event counts from being sent to Sourcegraph.com via pings.
	"disableNonCriticalTelemetry": false,

	// HTML to inject at the bottom of the `<body>` element on each page, for analytics scripts
	"htmlBodyBottom": null,

	// HTML to inject at the top of the `<body>` element on each page, for analytics scripts
	"htmlBodyTop": null,

	// HTML to inject at the bottom of the `<head>` element on each page, for analytics scripts
	"htmlHeadBottom": null,

	// HTML to inject at the top of the `<head>` element on each page, for analytics scripts
	"htmlHeadTop": null,

	// DEPRECATED. Use Jaeger (`"observability.tracing": { "sampling": "selective" }`), instead.
	"lightstepAccessToken": null,

	// DEPRECATED. Use Jaeger (`"observability.tracing": { "sampling": "selective" }`), instead.
	"lightstepProject": null,
	// Other example values:
	// - "myproject"

	// Configuration for logging and alerting, including to external services.
	"log": null,
	// Other example values:
	// - {
	//     "sentry": {
	//       "dsn": "https://[email protected]/myproject"
	//     }
	//   }

	// The channel on which to automatically check for Sourcegraph updates.
	"update.channel": "release",
	// Other example values:
	// - "none"

	// DEPRECATED. Use `"observability.tracing": { "sampling": "all" }`, instead. Enables Jaeger tracing.
	"useJaeger": null,

//////////////////////////////////////////////////////////////
// Search
//////////////////////////////////////////////////////////////

	// Whether built-in searches should be hidden on the Searches page.
	"disableBuiltInSearches": null,

	// Set to `true` to not include symbol results if no `type:` filter was given
	"dontIncludeSymbolResultsByDefault": null,

	// The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.
	"maxReposToSearch": -1,

	// Whether indexed search is enabled. If unset Sourcegraph detects the environment to decide if indexed search is enabled. Indexed search is RAM heavy, and is disabled by default in the single docker image. All other environments will have it enabled by default. The size of all your repository working copies is the amount of additional RAM required.
	"search.index.enabled": null,

	// Whether indexed symbol search is enabled. This is contingent on the indexed search configuration, and is true by default for instances with indexed search enabled. Enabling this will cause every repository to re-index, which is a time consuming (several hours) operation. Additionally, it requires more storage and ram to accommodate the added symbols information in the search index.
	"search.index.symbols.enabled": null,

	// A list of file glob patterns where matching files will be indexed and searched regardless of their size. The glob pattern syntax can be found here: https://golang.org/pkg/path/filepath/#Match.
	"search.largeFiles": null,
	// Other example values:
	// - [
	//     "go.sum",
	//     "package-lock.json",
	//     "*.thrift"
	//   ]

//////////////////////////////////////////////////////////////
// Security
//////////////////////////////////////////////////////////////

	// Settings for access tokens, which enable external tools to access the Sourcegraph API with the privileges of the user.
	"auth.accessTokens": {
		"allow": "all-users-create"
	},
	// Other example values:
	// - {"allow":"site-admin-create"}
	// - {"allow":"none"}

	// Required when using any of the native code host integrations for Phabricator, GitLab, or Bitbucket Server. It is a space-separated list of allowed origins for cross-origin HTTP requests which should be the base URL for your Phabricator, GitLab, or Bitbucket Server instance.
	"corsOrigin": null,
	// Other example values:
	// - "https://my-phabricator.example.com https://my-bitbucket.example.com https://my-gitlab.example.com"

	// Whether or not LSIF uploads will be blocked unless a valid LSIF upload token is provided.
	"lsifEnforceAuth": false,

	// Sync code host repository and user permissions in the background.
	"permissions.backgroundSync": {
		"enabled": true
	},
	// Other example values:
	// - {"enabled":true}

	// Settings for Sourcegraph permissions, which allow the site admin to explicitly manage repository permissions via the GraphQL API. This setting cannot be enabled if repository permissions for any specific external service are enabled (i.e., when the external service's `authorization` field is set).
	"permissions.userMapping": {
		"bindID": "email",
		"enabled": true
	},
	// Other example values:
	// - {"bindID":"email"}
	// - {"bindID":"username"}

//////////////////////////////////////////////////////////////
// Sourcegraph Enterprise license
//////////////////////////////////////////////////////////////

	// The license key associated with a Sourcegraph product subscription, which is necessary to activate Sourcegraph Enterprise functionality. To obtain this value, contact Sourcegraph to purchase a subscription. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.
	"licenseKey": null
}

Known bugs

The following site configuration options require the server to be restarted for the changes to take effect:

auth.accessTokens
auth.sessionExpiry
git.cloneURLToRepositoryName
searchScopes
extensions
disablePublicRepoRedirects

Editing your site configuration if you cannot access the web UI

If you are having trouble accessing the web UI, you can make edits to your site configuration by editing a file in the Docker container using the following commands:

Single-container Docker instances

For Sourcegraph v3.12.1+ use:

docker exec -it $CONTAINER sh -c 'apk add --no-cache nano && nano ~/site-config.json'

Or if you prefer using a Vim editor:

docker exec -it $CONTAINER sh -c 'vi ~/site-config.json'

Note: Not running Sourcegraph v3.12.1+? Use the following:

docker exec -it $CONTAINER sh -c 'apk add --no-cache nano && nano /site-config.json'

Or if you prefer using a Vim editor:

docker exec -it $CONTAINER sh -c 'vi /site-config.json'

Kubernetes cluster instances

kubectl exec -it $FRONTEND_POD -- sh -c 'apk add --no-cache nano && nano ~/site-config.json'

Or if you prefer using a Vim editor:

kubectl exec -it $FRONTEND_POD -- sh -c 'vi ~/site-config.json'

Note: Not running Sourcegraph v3.12.1+? Use the following:

kubectl exec -it $FRONTEND_POD -- sh -c 'apk add --no-cache nano && nano /site-config.json'

Or if you prefer using a Vim editor:

kubectl exec -it $FRONTEND_POD -- sh -c 'vi /site-config.json'

Then simply save your changes (type ctrl+x and y to exit nano and save your changes). Your changes will be applied immediately in the same was as if you had made them through the web UI.

If you are still encountering issues

You can check the container logs to see if you have made any typos or mistakes in editing the configuration file. If you are still encountering problems, you can save the default site configuration that comes with Sourcegraph (below) or contact [email protected] with any questions you have.

{
	// The externally accessible URL for Sourcegraph (i.e., what you type into your browser)
	// This is required to be configured for Sourcegraph to work correctly.
	// "externalURL": "https://sourcegraph.example.com",

	// The authentication provider to use for identifying and signing in users.
	// Only one entry is supported.
	//
	// The builtin auth provider with signup disallowed (shown below) means that
	// after the initial site admin signs in, all other users must be invited.
	//
	// Other providers are documented at https://docs.sourcegraph.com/admin/auth.
	"auth.providers": [
		{
			"type": "builtin",
			"allowSignup": false
		}
	],

	"search.index.enabled": true
}