# Configuration Options Windshift is configured via command-line flags. All settings have sensible defaults. ## Server Options | Flag | Default | Description | |------|---------|-------------| | `-port`, `-p` | `8080` | Port to run the HTTP server on | | `-db` | `windshift.db` | Database file path (SQLite) | ## Database Options ### SQLite (Default) SQLite is the default database. No setup required. ```bash ./windshift -db /path/to/windshift.db ``` | Flag | Default | Description | |------|---------|-------------| | `-db` | `windshift.db` | SQLite database file path | | `-max-read-conns` | `120` | Maximum read connections | | `-max-write-conns` | `1` | Maximum write connections | ### PostgreSQL For larger deployments, PostgreSQL is supported: ```bash ./windshift -postgres-connection-string "postgresql://user:password@localhost:5432/windshift" ``` | Flag | Default | Description | |------|---------|-------------| | `-postgres-connection-string`, `-pg-conn` | - | PostgreSQL connection string | ## TLS/HTTPS Enable HTTPS by providing certificate files: ```bash ./windshift -tls-cert /path/to/cert.pem -tls-key /path/to/key.pem ``` | Flag | Default | Description | |------|---------|-------------| | `-tls-cert` | - | Path to TLS certificate file | | `-tls-key` | - | Path to TLS key file | ## Attachments Enable file attachments by specifying a storage path: ```bash ./windshift -attachment-path /var/lib/windshift/attachments ``` | Flag | Default | Description | |------|---------|-------------| | `-attachment-path` | - | Path to store attachments (enables feature if specified) | ## Reverse Proxy When running behind a reverse proxy (nginx, Caddy, etc.): ```bash ./windshift -use-proxy -allowed-hosts "myserver.local,192.168.1.30" ``` | Flag | Default | Description | |------|---------|-------------| | `-use-proxy` | `false` | Trust X-Forwarded-Proto from private IPs | | `-additional-proxies` | - | Additional proxy IPs to trust beyond private ranges | | `-allowed-hosts` | - | Comma-separated list of allowed hostnames for CSRF | | `-allowed-port` | - | Port for CSRF trusted origins (defaults to server port) | | `-no-csrf` | `false` | Disable CSRF protection (development only) | **Warning**: Only enable `-use-proxy` when Windshift is behind a reverse proxy that terminates TLS. The server must NOT be directly accessible from the internet. ## SSH TUI Server Windshift includes an optional SSH-based terminal UI: ```bash ./windshift -ssh -ssh-port 23234 ``` | Flag | Default | Description | |------|---------|-------------| | `-ssh` | `false` | Enable SSH TUI server | | `-ssh-host` | `localhost` | Host for SSH server | | `-ssh-port` | `23234` | Port for SSH server | | `-ssh-key` | `.ssh/windshift_host_key` | Path to SSH host key file | ## Logging Configure log output: ```bash ./windshift -log-level debug -log-format json ``` | Flag | Default | Description | |------|---------|-------------| | `-log-level` | `info` | Log level: `debug`, `info`, `warn`, `error` | | `-log-format` | `text` | Log format: `text`, `json`, `logfmt` | ## Example Configurations ### Development ```bash ./windshift -log-level debug -no-csrf ``` ### Production (with reverse proxy) ```bash ./windshift \ -db /var/lib/windshift/windshift.db \ -attachment-path /var/lib/windshift/attachments \ -use-proxy \ -allowed-hosts "windshift.example.com" \ -log-format json ``` ### Production (direct HTTPS) ```bash ./windshift \ -port 443 \ -db /var/lib/windshift/windshift.db \ -tls-cert /etc/ssl/windshift.crt \ -tls-key /etc/ssl/windshift.key ```