[global] # Either "production", "development" mode = production [server] # Protocol (http, https, socket) protocol = http # The ip address to bind to, "0.0.0.0" will bind to all interfaces http_addr = 0.0.0.0 # The http port to bind to http_port = 8080 # The domain name used to access ezBookkeeping domain = localhost # The full url used to access ezBookkeeping in browser, supports placeholders: %(protocol)s, %(domain)s, %(http_port)s root_url = %(protocol)s://%(domain)s:%(http_port)s/ # https certification and its key file cert_file = cert_key_file = # Unix socket path, for "socket" protocol only unix_socket = # Static file root path (relative or absolute path) static_root_path = public # Enable GZip enable_gzip = false # Set to true to log each request and execution time log_request = true # Add X-Request-Id header to response to track user request or error, default is true request_id_header = true [mcp] # Set to true to enable MCP (Model Context Protocol) server (via http / https web server) for AI/LLM access enable_mcp = false # MCP server allowed remote IPs, a comma-separated list of allowed remote IPs (asterisk * for any addresses, e.g. 192.168.1.* means any IPs in the 192.168.1.x subnet), leave blank to allow all remote IPs mcp_allowed_remote_ips = [database] # Either "mysql", "postgres" or "sqlite3" type = sqlite3 # Database connection configuration, for "mysql" and "postgres" host = 127.0.0.1:3306 name = ezbookkeeping user = root passwd = # For "postgres" database only, Either "disable", "require" or "verify-full" ssl_mode = disable # For "sqlite3" database only, database file path (relative or absolute path) db_path = data/ezbookkeeping.db # Max idle connection number (0 - 65535, 0 means no idle connections are retained), default is 2 max_idle_conn = 2 # Max opened connection number (0 - 65535), default is 0 (unlimited) max_open_conn = 0 # Max connection lifetime (0 - 4294967295 seconds), default is 14400 (4 hours) conn_max_lifetime = 14400 # Set to true to log each sql statement and execution time log_query = false # Set to true to automatically update database structure when starting web server auto_update_database = true [mail] # Set to true to enable sending mail by SMTP server enable_smtp = false # SMTP Server connection configuration smtp_host = 127.0.0.1:25 smtp_user = smtp_passwd = smtp_skip_tls_verify = false # Mail from address. This can be just an email address, or the "Name" format. from_address = [log] # Either "console", "file", default is "console" # Use space to separate multiple modes, e.g. "console file" mode = console file # Either "debug", "info", "warn", "error", default is "info" level = info # For "file" mode only, log file path (relative or absolute path) log_path = log/ezbookkeeping.log # For "file" only, request log file path (relative or absolute path). Leave blank if you want to write request log in default log file request_log_path = # For "file" only, query log file path (relative or absolute path). Leave blank if you want to write query log in default log file query_log_path = # For "file" only, whether rotate the log files log_file_rotate = false # For "file" only, maximum size (1 - 4294967295 bytes) of the log file before it gets rotated log_file_max_size = 104857600 # For "file" only, maximum number of days to retain old log files. Set to 0 to retain all logs log_file_max_days = 7 [storage] # Object storage type, supports "local_filesystem", "minio" and "webdav" currently type = local_filesystem # For "local_filesystem" storage only, the storage root path (relative or absolute path) local_filesystem_path = storage/ # For "minio" storage only, the minio connection configuration minio_endpoint = 127.0.0.1:9000 minio_location = minio_access_key_id = minio_secret_access_key = # For "minio" storage only, whether enable ssl for minio connection minio_use_ssl = false # For "minio" storage only, set to true to skip tls verification when connect minio minio_skip_tls_verify = false # For "minio" storage only, the minio bucket minio_bucket = ezbookkeeping # For "minio" storage only, the root path to store files in minio minio_root_path = / # For "webdav" storage only, the webdav url webdav_url = # For "webdav" storage only, the webdav username webdav_username = # For "webdav" storage only, the webdav password webdav_password = # For "webdav" storage only, the webdav root path to store files webdav_root_path = / # For "webdav" storage only, requesting webdav url timeout (0 - 4294967295 milliseconds) # Set to 0 to disable timeout for requesting webdav url, default is 10000 (10 seconds) webdav_request_timeout = 10000 # For "webdav" storage only, proxy for requesting webdav url, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system" webdav_proxy = system # For "webdav" storage only, set to true to skip tls verification when connect webdav webdav_skip_tls_verify = false [llm] # Set to true to enable creating transactions from AI image recognition results, requires "llm_provider" and its related model id to be configured properly in "llm_image_recognition" section transaction_from_ai_image_recognition = false # Maximum allowed AI recognition picture file size (1 - 4294967295 bytes) max_ai_recognition_picture_size = 10485760 [llm_image_recognition] # Large Language Model (LLM) provider for receipt image recognition, supports the following types: "openai", "openai_compatible", "openrouter", "ollama", "google_ai" llm_provider = # For "openai" llm provider only, OpenAI API secret key, please visit https://platform.openai.com/api-keys for more information openai_api_key = # For "openai" llm provider only, receipt image recognition model for creating transactions from images openai_model_id = # For "openai_compatible" llm provider only, OpenAI compatible API base url, e.g. "https://api.openai.com/v1/" openai_compatible_base_url = # For "openai_compatible" llm provider only, OpenAI compatible API secret key openai_compatible_api_key = # For "openai_compatible" llm provider only, receipt image recognition model for creating transactions from images openai_compatible_model_id = # For "openrouter" llm provider only, OpenRouter API key, please visit https://openrouter.ai/settings/keys for more information openrouter_api_key = # For "openrouter" llm provider only, receipt image recognition model for creating transactions from images openrouter_model_id = # For "ollama" llm provider only, Ollama server url, e.g. "http://127.0.0.1:11434/" ollama_server_url = # For "ollama" llm provider only, receipt image recognition model for creating transactions from images ollama_model_id = # For "google_ai" llm provider only, Google AI Studio API key, please visit https://aistudio.google.com/apikey for more information google_ai_api_key = # For "google_ai" llm provider only, receipt image recognition model for creating transactions from images google_ai_model_id = # Requesting large language model api timeout (0 - 4294967295 milliseconds) # Set to 0 to disable timeout for requesting large language model api, default is 60000 (60 seconds) request_timeout = 60000 # Proxy for ezbookkeeping server requesting large language model api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system" proxy = system # Set to true to skip tls verification when request large language model api skip_tls_verify = false [uuid] # Uuid generator type, supports "internal" currently generator_type = internal # For "internal" uuid generator only, each server must have unique id (0 - 255) server_id = 0 [duplicate_checker] # Duplicate checker type, supports "in_memory" currently checker_type = in_memory # For "in_memory" duplicate checker only, cleanup expired data interval seconds (1 - 4294967295), default is 60 (1 minutes) cleanup_interval = 60 # The minimum interval seconds (0 - 4294967295) between duplicate submissions on the same page (exiting and re-entering the edit page / edit dialog is considered as a new session) # Set to 0 to disable duplicate checker for new data submissions, default is 300 (5 minutes) duplicate_submissions_interval = 300 [cron] # Set to true to clean up expired tokens periodically enable_remove_expired_tokens = true # Set to true to create scheduled transactions based on the user's templates enable_create_scheduled_transaction = true [security] # Used for signing, you must change it to keep your user data safe before you first run ezBookkeeping secret_key = # Token expired seconds (60 - 4294967295), default is 2592000 (30 days) token_expired_time = 2592000 # Token minimum refresh interval (0 - 4294967295), the value should be less than token expired time # Set to 0 to refresh the token every time when refreshing the front end, default is 86400 (1 day) token_min_refresh_interval = 86400 # Temporary token expired seconds (60 - 4294967295), default is 300 (5 minutes) temporary_token_expired_time = 300 # Email verify token expired seconds (60 - 4294967295), default is 3600 (60 minutes) email_verify_token_expired_time = 3600 # Password reset token expired seconds (60 - 4294967295), default is 3600 (60 minutes) password_reset_token_expired_time = 3600 # Set to true to enable API token generation enable_api_token = false # Maximum count of password / token check failures (0 - 4294967295) per IP per minute (use the above duplicate checker), default is 5, set to 0 to disable max_failures_per_ip_per_minute = 5 # Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable max_failures_per_user_per_minute = 5 [auth] # Set to true to enable internal authentication enable_internal_auth = true # Set to true to enable OAuth 2.0 authentication enable_oauth2_auth = false # For "internal" authentication only, set to true to enable two-factor authorization enable_two_factor = true # For "internal" authentication only, set to true to allow users to reset password enable_forget_password = true # For "internal" authentication only, set to true to require email must be verified when use forget password forget_password_require_email_verify = false # For "oauth2" authentication only, OAuth 2.0 provider, supports "oidc", "nextcloud", "gitea" and "github" currently oauth2_provider = # For "oauth2" authentication only, OAuth 2.0 client ID oauth2_client_id = # For "oauth2" authentication only, OAuth 2.0 client secret oauth2_client_secret = # For "oauth2" authentication only, OAuth 2.0 provider user identifier claim name, supports "email" and "username", default is "email" oauth2_user_identifier = email # For "oauth2" authentication only, set to true to use PKCE oauth2_use_pkce = false # For "oauth2" authentication only, if the user returned by OAuth 2.0 is not registered, automatically create a new user (requires "enable_register" to be set to true) oauth2_auto_register = true # For "oauth2" authentication only, OAuth 2.0 state expired seconds (60 - 4294967295), default is 300 (5 minutes) oauth2_state_expired_time = 300 # For "oauth2" authentication only, requesting OAuth 2.0 api timeout (0 - 4294967295 milliseconds) # Set to 0 to disable timeout for requesting OAuth 2.0 api, default is 10000 (10 seconds) oauth2_request_timeout = 10000 # For "oauth2" authentication only, proxy for ezbookkeeping server requesting OAuth 2.0 api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system" oauth2_proxy = system # For "oauth2" authentication only, set to true to skip tls verification when request OAuth 2.0 api oauth2_skip_tls_verify = false # For "oauth2" authentication and "oidc" OAuth 2.0 provider only, OIDC provider issuer url. Make sure the ".well-known" directory is available under this path. For example, if it's set to "https://auth.example.com", the discovery URL should be "https://auth.example.com/.well-known/openid-configuration". oidc_provider_base_url = # For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to check whether the issuer url in the discovery response matches the above "oidc_provider_base_url" oidc_provider_check_issuer_url = true # For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to replace the text "Connect ID" in the "Log in with Connect ID" button with the below custom provider name enable_oidc_display_name = false # For "oauth2" authentication and "oidc" OAuth 2.0 provider only, the custom provider name to replace the text in the "Log in with Connect ID" button, it supports multi-language configuration # Add an underscore and a language tag after the setting key to configure the display name in that language # For example, oidc_custom_display_name_zh_hans means the display name in Chinese (Simplified) oidc_custom_display_name = # For "oauth2" authentication and "nextcloud" OAuth 2.0 provider only, Nextcloud base url, e.g. "https://cloud.example.org/" nextcloud_base_url = # For "oauth2" authentication and "gitea" OAuth 2.0 provider only, Gitea base url, e.g. "https://git.example.com/" gitea_base_url = [user] # Set to true to allow users to register account by themselves enable_register = true # Set to true to allow users to verify email address enable_email_verify = false # Set to true to require email must be verified when login enable_force_email_verify = false # Set to true to allow users to upload transaction pictures enable_transaction_picture = true # Maximum allowed transaction picture file size (1 - 4294967295 bytes) max_transaction_picture_size = 10485760 # Set to true to allow users to create scheduled transaction enable_scheduled_transaction = true # User avatar provider, supports the following types: # "internal": Use the internal object storage to store user avatar (refer to "storage" settings), supports updating avatar by user self # "gravatar": https://gravatar.com # Leave blank if you want to disable user avatar avatar_provider = internal # For "internal" avatar provider only, maximum allowed user avatar file size (1 - 4294967295 bytes) max_user_avatar_size = 1048576 # The default feature restrictions after user registration (feature types separated by commas), leave blank for no restrictions # Supports the following feature types: # 1: Update Password # 2: Update Email # 3: Update Profile Basic Info # 4: Update Avatar # 5: Logout Other Session # 6: Enable Two-Factor Authentication # 7: Disable Enable Two-Factor Authentication # 8: Forget Password # 9: Import Transactions # 10: Export Transactions # 11: Clear All Data # 12: Sync Application Settings # 13: MCP (Model Context Protocol) Access # 14: Create Transactions from AI Image Recognition # 15: OAuth 2.0 Login # 16: Unlink Third-party Login # 17: Generate API Token default_feature_restrictions = [data] # Set to true to allow users to export their data enable_export = true # Set to true to allow users to import their data enable_import = true # Maximum allowed import file size (1 - 4294967295 bytes) max_import_file_size = 10485760 [tip] # Set to true to display custom tips in login page enable_tips_in_login_page = false # The custom tips displayed in login page, it supports multi-language configuration # Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below # For example, login_page_tips_content_zh_hans means the notification content in Chinese (Simplified) login_page_tips_content = [notification] # Set to true to display custom notification in home page every time users register enable_notification_after_register = false # The notification content displayed each time users register, it supports multi-language configuration # Add an underscore and a language tag after the setting key to configure the notification content in that language, the same below # For example, after_login_notification_content_zh_hans means the notification content in Chinese (Simplified) after_register_notification_content = # Set to true to display custom notification in home page every time users login enable_notification_after_login = false # The notification content displayed each time users log in, it supports multi-language configuration after_login_notification_content = # Set to true to display custom notification in home page every time users open the app enable_notification_after_open = false # The notification content displayed each time users open the app, it supports multi-language configuration after_open_notification_content = [map] # Map provider, supports the following types: # "openstreetmap": https://www.openstreetmap.org # "openstreetmap_humanitarian": http://map.hotosm.org # "opentopomap": https://opentopomap.org # "opnvkarte": https://publictransportmap.org # "cyclosm": https://www.cyclosm.org # "cartodb": https://carto.com/basemaps # "tomtom": https://www.tomtom.com # "tianditu": https://www.tianditu.gov.cn # "googlemap": https://map.google.com # "baidumap": https://map.baidu.com # "amap": https://amap.com # "custom": custom map tile server url # Leave blank if you want to disable map map_provider = openstreetmap # Set to true to use the ezbookkeeping server to forward map data requests, for "openstreetmap", "openstreetmap_humanitarian", "opentopomap", "opnvkarte", "cyclosm", "cartodb", "tomtom", "tianditu" or "custom" map_data_fetch_proxy = false # Proxy for ezbookkeeping server requesting original map data when map_data_fetch_proxy is set to true, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system" proxy = system # For "tomtom" map provider only, TomTom map API key, please visit https://developer.tomtom.com/how-to-get-tomtom-api-key for more information tomtom_map_api_key = # For "tianditu" map provider only, TianDiTu map application key, please visit https://console.tianditu.gov.cn/api/register for more information tianditu_map_app_key = # For "googlemap" map provider only, Google map JavaScript API key, please visit https://developers.google.com/maps/get-started for more information google_map_api_key = # For "baidumap" map provider only, Baidu map JavaScript API application key, please visit https://lbsyun.baidu.com/index.php?title=jspopular3.0/guide/getkey for more information baidu_map_ak = # For "amap" map provider only, Amap JavaScript API application key, please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information amap_application_key = # For "amap" map provider only, Amap JavaScript API security verification method, supports the following methods: # "internal_proxy": use the internal proxy to request amap api with amap application secret (default) # "external_proxy": use an external proxy to request amap api (amap application secret should be set by external proxy) # "plain_text": append amap application secret to frontend request directly (insecurity for public network) # Please visit https://developer.amap.com/api/jsapi-v2/guide/abc/load for more information amap_security_verification_method = internal_proxy # For "amap" map provider only, Amap JavaScript API application secret, this setting must be provided when "amap_security_verification_method" is set to "internal_proxy" or "plain_text", please visit https://lbs.amap.com/api/javascript-api/guide/abc/prepare for more information amap_application_secret = # For "amap" map provider only, Amap JavaScript API external proxy url, this setting must be provided when "amap_security_verification_method" is set to "external_proxy" amap_api_external_proxy_url = # For "custom" map provider only, the tile layer url of custom map tile server, supports {x}, {y} (coordinates) and {z} (zoom level) placeholders, like "https://tile.openstreetmap.org/{z}/{x}/{y}.png" custom_map_tile_server_url = # For "custom" map provider only, the optional annotation layer url of custom map tile server, supports {x}, {y} (coordinates) and {z} (zoom level) placeholders custom_map_tile_server_annotation_url = # For "custom" map provider only, the min zoom level (0 - 255) for custom map tile server, default is 1 custom_map_tile_server_min_zoom_level = 1 # For "custom" map provider only, the max zoom level (0 - 255) for custom map tile server, default is 18 custom_map_tile_server_max_zoom_level = 18 # For "custom" map provider only, the default zoom level (0 - 255) for custom map tile server, default is 14 custom_map_tile_server_default_zoom_level = 14 [exchange_rates] # Exchange rates data source, supports the following types: # "reserve_bank_of_australia": https://www.rba.gov.au/statistics/frequency/exchange-rates.html # "bank_of_canada": https://www.bankofcanada.ca/rates/exchange/daily-exchange-rates/ # "czech_national_bank": https://www.cnb.cz/en/financial-markets/foreign-exchange-market/central-bank-exchange-rate-fixing/central-bank-exchange-rate-fixing/ # "danmarks_national_bank": https://www.nationalbanken.dk/en/what-we-do/stable-prices-monetary-policy-and-the-danish-economy/exchange-rates # "euro_central_bank": https://www.ecb.europa.eu/stats/policy_and_exchange_rates/euro_reference_exchange_rates/html/index.en.html # "national_bank_of_georgia": https://nbg.gov.ge/en/monetary-policy/currency # "central_bank_of_hungary": https://www.mnb.hu/en/arfolyamok # "bank_of_israel": https://www.boi.org.il/en/economic-roles/financial-markets/exchange-rates/ # "central_bank_of_myanmar": https://forex.cbm.gov.mm/index.php/fxrate # "norges_bank": https://www.norges-bank.no/en/topics/Statistics/exchange_rates/ # "national_bank_of_poland": https://nbp.pl/en/statistic-and-financial-reporting/rates/ # "national_bank_of_romania": https://www.bnr.ro/Exchange-rates-1224.aspx # "bank_of_russia": https://www.cbr.ru/eng/currency_base/daily/ # "swiss_national_bank": https://www.snb.ch/en/the-snb/mandates-goals/statistics/statistics-pub/current_interest_exchange_rates # "national_bank_of_ukraine": https://bank.gov.ua/ua/markets/exchangerates # "central_bank_of_uzbekistan": https://cbu.uz/en/arkhiv-kursov-valyut/ # "international_monetary_fund": https://www.imf.org/external/np/fin/data/param_rms_mth.aspx # "user_custom": users set their own exchange rates data in the UI data_source = euro_central_bank # Requesting exchange rates data timeout (0 - 4294967295 milliseconds) # Set to 0 to disable timeout for requesting exchange rates data, default is 10000 (10 seconds) request_timeout = 10000 # Proxy for ezbookkeeping server requesting exchange rates data, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system" proxy = system # Set to true to skip tls verification when request exchange rates data skip_tls_verify = false