Zou uses environment variables for configuration. All configuration is defined inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/cgwire/zou/llms.txt
Use this file to discover all available pages before exploring further.
zou/app/config.py.
Core Settings
Enable debug mode. Shows detailed error messages and enables auto-reload.
Host address for debug server.
Port for debug server.
Secret key for session encryption and JWT tokens.
Database Configuration
SQLAlchemy database driver. Uses psycopg (version 3) by default.
PostgreSQL database host address.
PostgreSQL database port.
Database username for authentication.
Database password for authentication.
Name of the PostgreSQL database.
Connection Pool Settings
Number of database connections to maintain in the pool.
Maximum number of connections that can be created beyond pool_size.
Verify connections before using them. Prevents using stale connections.
Recycle connections after this many seconds (prevents long-lived connections).
Reset connections when returning to pool. Options:
commit, rollback, none.Cleans up transaction state to prevent issues between requests.Redis / Key-Value Store
Redis server host for caching, event streams, and job queues.
Redis server port.
Redis password for authentication (if required).
Cache backend type. Set to enable caching.
Authentication & Security
Authentication strategy. Options:
auth_local_classic- Standard username/password authentication- LDAP authentication (requires additional LDAP configuration)
- SAML authentication (requires additional SAML configuration)
Bcrypt password hashing rounds. Higher values increase security but slow down authentication.
Minimum password length requirement.
Require two-factor authentication for all users.
Comma-separated list of user emails exempt from mandatory 2FA requirement.Example:
user1@example.com,user2@example.comSemicolon-separated list of protected account emails that cannot be modified.
Maximum number of users allowed in the system.
JWT Token Configuration
JWT tokens are managed automatically. The following are configured in code:- Access token expires: 7 days
- Refresh token expires: 15 days
- Token locations: cookies and headers
- Cookie SameSite: Lax
Client-side cache max age in seconds (default: 7 days).
File Storage
Local folder path for storing preview files and thumbnails.Falls back to
THUMBNAIL_FOLDER if set, otherwise uses ./previews.Save original source files alongside generated previews.
Temporary directory for file processing.
File storage backend. Options:
local- Local filesystem storageswift- OpenStack Swift object storages3- Amazon S3 or S3-compatible storage
Prefix for storage bucket names.
Swift Storage Configuration
OpenStack Swift authentication URL.
Swift username for authentication.
Swift tenant/project name.
Swift authentication key/password.
Swift region name.
Automatically create containers if they don’t exist.
Swift authentication version.
Enable AES-256 encryption for stored files.
AES-256 encryption key for Swift storage.
S3 Storage Configuration
AWS region for S3 storage.
S3-compatible endpoint URL (for MinIO, Wasabi, etc.).
S3 access key ID.
S3 secret access key.
Automatically create S3 buckets if they don’t exist.
Enable AES-256 encryption for stored files.
AES-256 encryption key for S3 storage.
Enable file deletion functionality.
Event Stream
Host address for the event stream WebSocket server.
Port for the event stream WebSocket server.
Folder containing custom event handler scripts.
Mail Configuration
Enable email notifications.
SMTP server address.
SMTP server port.
SMTP username for authentication.
SMTP password for authentication.
Enable mail debugging output.
Include email body in debug output.
Use TLS for SMTP connection.
Use SSL for SMTP connection.
Default sender email address.
Check email address deliverability before sending.
Domain name for email links.
Protocol for email links (http or https).
LDAP Authentication
LDAP server host address.
LDAP server port.
LDAP base distinguished name.
LDAP group to restrict access.
LDAP domain name.
Fall back to local authentication if LDAP fails.
Use Active Directory authentication mode.
Use simplified Active Directory authentication.
Use SSL/TLS for LDAP connection.
SAML Authentication
Enable SAML single sign-on authentication.
SAML identity provider name.
URL to SAML identity provider metadata.
Search Indexer
Meilisearch indexer host address.
Meilisearch indexer port.
Protocol for indexer connection (http or https).
Meilisearch API key for authentication.
Indexer request timeout in milliseconds.
Job Queue
Enable background job queue processing.
Use remote job queue (Nomad) instead of local processing.
Nomad job name for playlist processing.
Nomad job name for video normalization.
Nomad server host address.
Job queue timeout in seconds.
Logging & Monitoring
Logging mode configuration.
Remote logging server host.
Remote logging server port.
Authentication token for remote logging.
Log 404 file not found errors.
Sentry Error Tracking
Enable Sentry error tracking for API.
Sentry DSN (Data Source Name) for API.
Sentry sample rate for API (0.0 to 1.0).
Sentry debug URL configuration.
Enable Sentry error tracking for Kitsu frontend.
Sentry DSN for Kitsu frontend.
Sentry sample rate for Kitsu frontend (0.0 to 1.0).
Prometheus Metrics
Enable Prometheus metrics endpoint.
Localization
Default timezone for the application.
Default locale for the application.
Pagination
Number of records per page for paginated API endpoints.
Plugins
Folder containing custom plugins.
Telemetry
Indicate if this is a self-hosted instance.
URL for sending anonymized telemetry data (user and preview counts).Helps size the Kitsu community. Set by default based on DEBUG mode.
Crisp chat widget token.
Deprecated Variables
Default file tree template.
Legacy preview folder path.