Site configuration

Site configuration defines how various Sourcegraph features behave. See the full reference below for a comprehensive list of site configuration options.

Configuration overview

Go here for an overview of configuring Sourcegraph.

View and edit site configuration

Site admins can view and edit site configuration on a Sourcegraph instance:

  1. Go to User menu > Site admin.
  2. Open the Configuration page. (The URL is https://sourcegraph.example.com/site-admin/configuration.)

Reference

All site configuration options and their default values are shown below.

admin/config/site.schema.json

{
	// Prompts user to install new browser for non es5
	"RedirectUnsupportedBrowser": false,

	// Enable/Disable attribution search for Cody-generated snippets
	"attribution.enabled": null,

	// Use this gateway parameters for customers that bring their own key. Otherwise gateway endpoint is used.
	"attribution.gateway": null,

	// Enables and configures password policy. This will allow admins to enforce password complexity and length requirements.
	"auth.passwordPolicy": null,
	// Other example values:
	// - {
	//     "enabled": true,
	//     "numberOfSpecialCharacters": 1,
	//     "requireAtLeastOneNumber": true,
	//     "requireUpperandLowerCase": true
	//   }

	// When true, site admins will only be able to see private code they have access to via our authz system.
	"authz.enforceForSiteAdmins": false,

	// Time interval (in seconds) of how often each component picks up authorization changes in external services.
	"authz.refreshInterval": 5,

	// Reject unverified commits when creating a Batch Change
	"batchChanges.rejectUnverifiedCommit": false,

	// Customize Sourcegraph homepage logo and search icon.
	"branding": null,
	// Other example values:
	// - {
	//     "dark": {
	//       "logo": "https://example.com/logo_dark.png",
	//       "symbol": "https://example.com/search_symbol_dark_24x24.png"
	//     },
	//     "disableSymbolSpin": true,
	//     "favicon": "https://example.com/favicon.ico",
	//     "light": {
	//       "logo": "https://example.com/logo_light.png",
	//       "symbol": "https://example.com/search_symbol_light_24x24.png"
	//     }
	//   }

	// Whether clone progress should be logged to a file. If enabled, logs are written to files in the OS default path for temporary files.
	"cloneProgress.log": false,

	// Configuration for the completions service.
	"completions": null,
	// Other example values:
	// - {
	//     "accessToken": "abc123",
	//     "chatModel": "chat",
	//     "completionModel": "code-completion",
	//     "enabled": true,
	//     "perUserDailyLimit": 100,
	//     "provider": "openai"
	//   }

	// Configuration for the completions service.
	"configFeatures": null,
	// Other example values:
	// - {"chat":true}

	// The rate limit (in requests per hour) for the default rate limiter in the rate limiters registry. By default this is disabled and the default rate limit is infinity.
	"defaultRateLimit": -1,

	// Configuration for embeddings service.
	"embeddings": null,
	// Other example values:
	// - {
	//     "accessToken": "your-access-token",
	//     "dimensions": 1536,
	//     "enabled": true,
	//     "excludedFilePathPatterns": [
	//       "*.svg",
	//       "**/__mocks__/**",
	//       "**/test/**"
	//     ],
	//     "model": "text-embedding-ada-002",
	//     "url": "https://api.openai.com/v1/embeddings"
	//   }

	// Configuration for encryption keys used to encrypt data at rest in the database.
	"encryption.keys": null,
	// Other example values:
	// - {
	//     "externalServiceKey": {
	//       "filePath": "/path/to/external_service.key",
	//       "type": "mounted"
	//     }
	//   }
	// - {
	//     "userExternalAccountKey": {
	//       "keyname": "projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key",
	//       "type": "cloudkms"
	//     }
	//   }

	// The shared secret between Sourcegraph and executors. The value must contain at least 20 characters.
	"executors.accessToken": null,
	// Other example values:
	// - "my-super-secret-access-token"

	// The image to use for batch changes in executors. Use this value to pull from a custom image registry.
	"executors.batcheshelperImage": "sourcegraph/batcheshelper",

	// The tag to use for the batcheshelper image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.
	"executors.batcheshelperImageTag": null,
	// Other example values:
	// - "4.1.0"

	// The URL where Sourcegraph executors can reach the Sourcegraph instance. If not set, defaults to externalURL. URLs with a path (other than `/`) are not allowed. For Docker executors, the special hostname `host.docker.internal` can be used to refer to the Docker container's host.
	"executors.frontendURL": null,
	// Other example values:
	// - "https://sourcegraph.example.com"

	// The tag to use for the lsif-go image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.
	"executors.lsifGoImage": null,
	// Other example values:
	// - "sourcegraph/lsif-go"

	// The configuration for multiqueue executors.
	"executors.multiqueue": null,

	// The image to use for src-cli in executors. Use this value to pull from a custom image registry.
	"executors.srcCLIImage": "sourcegraph/src-cli",

	// The tag to use for the src-cli image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.
	"executors.srcCLIImageTag": null,
	// Other example values:
	// - "4.1.0"

	"exportUsageTelemetry": null,
	// Other example values:
	// - {
	//     "batchSize": 1000,
	//     "enabled": true,
	//     "topicName": "usage-data",
	//     "topicProjectName": "my-project"
	//   }
	// - {"enabled":false}

	// The externally accessible URL for Sourcegraph (i.e., what you type into your browser). Previously called `appURL`. Only root URLs are allowed.
	"externalURL": null,
	// Other example values:
	// - "https://sourcegraph.example.com"

	// DEPRECATED: The config options for Sourcegraph GitHub App.
	"gitHubApp": null,
	// Other example values:
	// - {
	//     "appID": "1234",
	//     "clientID": "client-id",
	//     "clientSecret": "client-secret",
	//     "privateKey": "base64-encoded-private-key",
	//     "slug": "sourcegraph"
	//   }

	// Record git operations that are executed on configured repositories.
	"gitRecorder": null,
	// Other example values:
	// - {
	//     "ignoredGitCommands": [
	//       "show",
	//       "rev-parse",
	//       "log",
	//       "diff",
	//       "ls-tree"
	//     ],
	//     "repos": [
	//       "github.com/sourcegraph/sourcegraph",
	//       "github.com/gorilla/mux"
	//     ],
	//     "size": 1000
	//   }

	// Disk usage threshold at which to display warning notification. Value is a percentage.
	"gitserver.diskUsageWarningThreshold": 90,

	// Configuration for logging and alerting, including to external services.
	"log": null,

	// Notifications recieved from Sourcegraph.com to display in Sourcegraph.
	"notifications": null,
	// Other example values:
	// - {
	//     "key": "2023-03-10-my-key",
	//     "message": "This is a test notification message."
	//   }

	// Configure notifications for Sourcegraph's built-in alerts.
	"observability.alerts": null,
	// Other example values:
	// - {
	//     "level": "critical",
	//     "notifier": {
	//       "channel": "#alerts",
	//       "type": "slack",
	//       "url": "https://hooks.slack.com/services/..."
	//     }
	//   }
	// - {
	//     "level": "warning",
	//     "notifier": {
	//       "addresses": [
	//         "[email protected]"
	//       ],
	//       "type": "email"
	//     }
	//   }

	// EXPERIMENTAL: Configuration for client observability
	"observability.client": null,
	// Other example values:
	// - {
	//     "openTelemetry": {
	//       "endpoint": "/-/debug/otlp"
	//     }
	//   }
	// - {
	//     "openTelemetry": {
	//       "endpoint": "https://opentelemetry.example.com"
	//     }
	//   }

	// Silence individual Sourcegraph alerts by identifier.
	"observability.silenceAlerts": null,
	// Other example values:
	// - [
	//     "warning_gitserver_disk_space_remaining"
	//   ]
	// - [
	//     "critical_frontend_down",
	//     "warning_high_load"
	//   ]

	// Configures distributed tracing within Sourcegraph. To learn more, refer to https://sourcegraph.com/docs/admin/observability/tracing
	"observability.tracing": null,
	// Other example values:
	// - {
	//     "debug": false,
	//     "sampling": "selective",
	//     "type": "opentelemetry",
	//     "urlTemplate": "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}"
	//   }
	// - {
	//     "debug": true,
	//     "sampling": "all",
	//     "type": "jaeger",
	//     "urlTemplate": "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}"
	//   }

	// Configuration for organization invitations.
	"organizationInvitations": null,
	// Other example values:
	// - {
	//     "expiryTime": 48,
	//     "signingKey": "your-signing-key"
	//   }

	// The maximum number of outbound requests to retain. This is a global limit across all outbound requests. If the limit is exceeded, older items will be deleted. If the limit is 0, no outbound requests are logged.
	"outboundRequestLogLimit": 50,

	// Time interval (in seconds) of how often cleanup worker should remove old jobs from permissions sync jobs table.
	"permissions.syncJobCleanupInterval": 60,

	// The number of last repo/user permission jobs to keep for history.
	"permissions.syncJobsHistorySize": 5,

	// Number of repo permissions to schedule for syncing in single scheduler iteration.
	"permissions.syncOldestRepos": 10,

	// Number of user permissions to schedule for syncing in single scheduler iteration.
	"permissions.syncOldestUsers": 10,

	// Don't sync a repo's permissions if it has synced within the last n seconds.
	"permissions.syncReposBackoffSeconds": 60,

	// Time interval (in seconds) of how often each component picks up authorization changes in external services.
	"permissions.syncScheduleInterval": 15,

	// Don't sync a user's permissions if they have synced within the last n seconds.
	"permissions.syncUsersBackoffSeconds": 60,

	// The maximum number of user-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes.
	"permissions.syncUsersMaxConcurrency": 1,

	"rateLimits": null,

	// Enables redacting sensitive information from outbound requests. Important: We only respect this setting in development environments. In production, we always redact outbound requests.
	"redactOutboundRequestHeaders": null,
	// Other example values:
	// - true

	// The base URL of the Self-Serve Cody API.
	"ssc.apiBaseUrl": "https://accounts.sourcegraph.com/cody/api",

	// The hostname of SAMS instance to connect.
	"ssc.samsHostName": "accounts.sourcegraph.com",

	// Syntax highlighting configuration
	"syntaxHighlighting": null,
	// Other example values:
	// - {
	//     "engine": {
	//       "default": "tree-sitter",
	//       "overrides": {
	//         "go": "syntect"
	//       }
	//     },
	//     "languages": {
	//       "extensions": {
	//         "go": "go",
	//         "ts": "typescript"
	//       },
	//       "patterns": [
	//         {
	//           "language": "cobol",
	//           "match": "cobol_.*\\.txt"
	//         }
	//       ]
	//     }
	//   }

	// Configuration for logging incoming webhooks.
	"webhook.logging": null,
	// Other example values:
	// - {
	//     "enabled": true,
	//     "retention": "7d"
	//   }

//////////////////////////////////////////////////////////////
// Authentication
//////////////////////////////////////////////////////////////

	// The config options for access requests
	"auth.accessRequest": null,
	// Other example values:
	// - {"enabled":true}
	// - {"enabled":false}

	// Enables users to change their username after account creation. Warning: setting this to be true has security implications if you have enabled (or will at any point in the future enable) repository permissions with an option that relies on username equivalency between Sourcegraph and an external service or authentication provider. Do NOT set this to true if you are using non-built-in authentication OR rely on username equivalency for repository permissions.
	"auth.enableUsernameChanges": false,

	// The config options for account lockout
	"auth.lockout": null,
	// Other example values:
	// - {
	//     "consecutivePeriod": 300,
	//     "failedAttemptThreshold": 3,
	//     "lockoutPeriod": 600
	//   }

	// The minimum number of Unicode code points that a password must contain.
	"auth.minPasswordLength": 12,

	// The duration (in seconds) that a password reset link is considered valid.
	"auth.passwordResetLinkExpiry": 14400,

	// The number of auth providers that will be shown to the user on the login screen. Other providers are shown under `Other login methods` section.
	"auth.primaryLoginProvidersCount": 3,

	// The authentication providers to use for identifying and signing in users. See instructions below for configuring SAML, OpenID Connect (including Google Workspace), and HTTP authentication proxies. Multiple authentication providers are supported (by specifying multiple elements in this array).
	"auth.providers": [
		{
			"allowSignup": true,
			"type": "builtin"
		}
	],

	// WARNING: This option has been removed as of 3.8.
	"auth.public": false,

	// The duration of a user session, after which it expires and the user is required to re-authenticate. The default is 90 days. There is typically no need to set this, but some users may have specific internal security requirements.
	//
	// The string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). E.g., "720h", "43200m", "2592000s" all indicate a timespan of 30 days.
	//
	// Note: changing this field does not affect the expiration of existing sessions. If you would like to enforce this limit for existing sessions, you must log out currently signed-in users. You can force this by removing all keys beginning with "session_" from the Redis store:
	//
	// * For deployments using `sourcegraph/server`: `docker exec $CONTAINER_ID redis-cli --raw keys 'session_*' | xargs docker exec $CONTAINER_ID redis-cli del`
	// * For cluster deployments: 
	//   ```
	//   REDIS_POD="$(kubectl get pods -l app=redis-store -o jsonpath={.items[0].metadata.name})";
	//   kubectl exec "$REDIS_POD" -- redis-cli --raw keys 'session_*' | xargs kubectl exec "$REDIS_POD" -- redis-cli --raw del;
	//   ```
	"auth.sessionExpiry": "2160h",
	// Other example values:
	// - "168h"

	// Validity expressed in minutes of the unlock account token
	"auth.unlockAccountLinkExpiry": 5,

	// Base64-encoded HMAC signing key to sign the JWT token for account unlock URLs
	"auth.unlockAccountLinkSigningKey": null,
	// Other example values:
	// - "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUJGZ0FBQUhVQkFBQQ"

//////////////////////////////////////////////////////////////
// BatchChanges
//////////////////////////////////////////////////////////////

	// Automatically delete branches created for Batch Changes changesets when the changeset is merged or closed, for supported code hosts. Overrides any setting on the repository on the code host itself.
	"batchChanges.autoDeleteBranch": false,

	// How long changesets will be retained after they have been detached from a batch change.
	"batchChanges.changesetsRetention": null,
	// Other example values:
	// - "336h"
	// - "48h"
	// - "5h30m40s"

	// Hides Batch Changes warnings about webhooks not being configured.
	"batchChanges.disableWebhooksWarning": false,

	// Enables/disables the Batch Changes feature.
	"batchChanges.enabled": true,

	// When enabled, all branches created by batch changes will be pushed to forks of the original repository.
	"batchChanges.enforceForks": false,

	// When enabled, only site admins can create and apply batch changes.
	"batchChanges.restrictToAdmins": false,

	// Specifies specific windows, which can have associated rate limits, to be used when reconciling published changesets (creating or updating). All days and times are handled in UTC.
	"batchChanges.rolloutWindows": null,
	// Other example values:
	// - {
	//     "days": [
	//       "saturday",
	//       "sunday"
	//     ],
	//     "end": "20:00",
	//     "rate": "10/hour",
	//     "start": "06:00"
	//   }

//////////////////////////////////////////////////////////////
// Code intelligence
//////////////////////////////////////////////////////////////

	// Whether auto-indexing policies may apply to all repositories on the Sourcegraph instance. Default is false. The policyRepositoryMatchLimit setting still applies to such auto-indexing policies.
	"codeIntelAutoIndexing.allowGlobalPolicies": false,

	// Enables/disables the code intel auto-indexing feature. Currently experimental.
	"codeIntelAutoIndexing.enabled": false,

	// Overrides the default Docker images used by auto-indexing.
	"codeIntelAutoIndexing.indexerMap": null,
	// Other example values:
	// - {
	//     "go": "sourcegraph/lsif-go:latest",
	//     "java": "sourcegraph/lsif-java:latest"
	//   }

	// The maximum number of repositories to which a single auto-indexing policy can apply. Default is -1, which is unlimited.
	"codeIntelAutoIndexing.policyRepositoryMatchLimit": -1,

	// A cron expression indicating when to run the document reference counts graph reduction job.
	"codeIntelRanking.documentReferenceCountsCronExpression": "@weekly",

	// An arbitrary identifier used to group calculated rankings from SCIP data (excluding the SCIP export).
	"codeIntelRanking.documentReferenceCountsDerivativeGraphKeyPrefix": null,
	// Other example values:
	// - ""

	// Enables/disables the document reference counts feature. Currently experimental.
	"codeIntelRanking.documentReferenceCountsEnabled": false,

	// An arbitrary identifier used to group calculated rankings from SCIP data (including the SCIP export).
	"codeIntelRanking.documentReferenceCountsGraphKey": null,
	// Other example values:
	// - "dev"

	// The interval at which to run the reduce job that computes document reference counts. Default is 24hrs.
	"codeIntelRanking.staleResultsAge": 24,

//////////////////////////////////////////////////////////////
// CodeInsights
//////////////////////////////////////////////////////////////

	// The size of the buffer for aggregations ran in-memory. A higher limit might strain memory for the frontend
	"insights.aggregations.bufferSize": 500,

	// The maximum number of results a proactive search aggregation can accept before stopping
	"insights.aggregations.proactiveResultLimit": 50000,

	// Set the number of seconds an insight series will spend backfilling before being interrupted. Series are interrupted to prevent long running insights from exhausting all of the available workers. Interrupted series will be placed back in the queue and retried based on their priority.
	"insights.backfill.interruptAfter": 60,

	// Number of repositories within the batch to backfill concurrently.
	"insights.backfill.repositoryConcurrency": 3,

	// Set the number of repositories to batch in a group during backfilling.
	"insights.backfill.repositoryGroupSize": 10,

	// Maximum number of historical Code Insights data frames that may be analyzed per second.
	"insights.historical.worker.rateLimit": 20,
	// Other example values:
	// - 50
	// - 0.5

	// The allowed burst rate for the Code Insights historical worker rate limiter.
	"insights.historical.worker.rateLimitBurst": 20,
	// Other example values:
	// - 10
	// - 20

	// The maximum number of data points that will be available to view for a series on a code insight. Points beyond that will be stored in a separate table and available for data export.
	"insights.maximumSampleSize": 30,
	// Other example values:
	// - 12
	// - 24
	// - 50

	// Number of concurrent executions of a code insight query on a worker node
	"insights.query.worker.concurrency": 1,
	// Other example values:
	// - 10

	// Maximum number of Code Insights queries initiated per second on a worker node.
	"insights.query.worker.rateLimit": 20,
	// Other example values:
	// - 10
	// - 0.5

	// The allowed burst rate for the Code Insights queries per second rate limiter.
	"insights.query.worker.rateLimitBurst": 20,
	// Other example values:
	// - 10
	// - 20

//////////////////////////////////////////////////////////////
// Cody
//////////////////////////////////////////////////////////////

	// Enable or disable Cody instance-wide. When Cody is disabled, all Cody endpoints and GraphQL queries will return errors, Cody will not show up in the site-admin sidebar, and Cody in the global navbar will only show a call-to-action for site-admins to enable Cody.
	"cody.enabled": false,

	// Whether to enable Cody role-based access controls. Only respected if cody.restrictUsersFeatureFlag is not set. See https://sourcegraph.com/docs/admin/access_control
	"cody.permissions": true,

	// DEPRECATED; see cody.permissions instead. PRIOR DESCRIPTION: Cody to only be enabled for users that have a feature flag labeled "cody" set to true. You must create a feature flag with this ID after enabling this setting: https://sourcegraph.com/docs/dev/how-to/use_feature_flags#create-a-feature-flag. This setting only has an effect if cody.enabled is true.
	"cody.restrictUsersFeatureFlag": false,

//////////////////////////////////////////////////////////////
// Debug
//////////////////////////////////////////////////////////////

	// (debug) controls the amount of symbol search parallelism. Defaults to 20. It is not recommended to change this outside of debugging scenarios. This option will be removed in a future version.
	"debug.search.symbolsParallelism": null,
	// Other example values:
	// - "20"

	// (debug) Set a limit to the amount of captured slow GraphQL requests being stored for visualization. For defining the threshold for a slow GraphQL request, see observability.logSlowGraphQLRequests.
	"observability.captureSlowGraphQLRequestsLimit": null,
	// Other example values:
	// - 2000

	// (debug) logs all GraphQL requests slower than the specified number of milliseconds.
	"observability.logSlowGraphQLRequests": null,
	// Other example values:
	// - 10000

	// (debug) logs all search queries (issued by users, code intelligence, or API requests) slower than the specified number of milliseconds.
	"observability.logSlowSearches": null,
	// Other example values:
	// - 10000

//////////////////////////////////////////////////////////////
// Email
//////////////////////////////////////////////////////////////

	// The "from" address for emails sent by this server.
	// Please see https://sourcegraph.com/docs/admin/config/email
	"email.address": null,
	// Other example values:
	// - "[email protected]"

	// The name to use in the "from" address for emails sent by this server.
	"email.senderName": "Sourcegraph",
	// Other example values:
	// - "Our Company Sourcegraph"
	// - "Example Inc Sourcegraph"

	// The SMTP server used to send transactional emails.
	// Please see https://sourcegraph.com/docs/admin/config/email
	"email.smtp": null,
	// Other example values:
	// - {
	//     "authentication": "PLAIN",
	//     "host": "smtp.example.com",
	//     "password": "mypassword",
	//     "port": 465,
	//     "username": "alice"
	//   }

	// Configurable templates for some email types sent by Sourcegraph.
	"email.templates": null,
	// Other example values:
	// - {
	//     "resetPassword": {
	//       "body": "To reset your password on {{.Host}}, please click the link below:\n\n{{.URL}}\n\nIf you did not request a password reset, please ignore this email. Your password will not change until you click the link and set a new password.",
	//       "subject": "Reset your password on {{.Host}}"
	//     },
	//     "setPassword": {
	//       "body": "To set your password on {{.Host}} and complete your account registration, please click the link below:\n\n{{.URL}}\n\nYour username is: {{.Username}}\n\nIf you did not sign up for an account on {{.Host}}, please ignore this email.",
	//       "subject": "Set your password on {{.Host}}"
	//     }
	//   }

//////////////////////////////////////////////////////////////
// Experimental
//////////////////////////////////////////////////////////////

	// Experimental features and settings.
	"experimentalFeatures": null,
	// Other example values:
	// - {
	//     "customGitFetch": [
	//       {
	//         "domainPath": "somecodehost.com/path/to/repo",
	//         "fetch": "customgitbinary someflag"
	//       },
	//       {
	//         "domainPath": "somecodehost.com/path/to/anotherrepo",
	//         "fetch": "customgitbinary someflag anotherflag"
	//       }
	//     ]
	//   }
	// - {
	//     "tls.external": {
	//       "certificates": [
	//         "-----BEGIN CERTIFICATE-----\n..."
	//       ],
	//       "insecureSkipVerify": true
	//     }
	//   }

//////////////////////////////////////////////////////////////
// External services
//////////////////////////////////////////////////////////////

	// Disable periodic syncs of configured code host connections (repository metadata, permissions, batch changes changesets, etc)
	"disableAutoCodeHostSyncs": false,

	// Disable periodically fetching git contents for existing repositories.
	"disableAutoGitUpdates": false,

	// DEPRECATED! Disable redirects to sourcegraph.com when visiting public repositories that can't exist on this server.
	"disablePublicRepoRedirects": null,
	// Other example values:
	// - true

	// JSON array of configuration that maps from Git clone URL to repository name. Sourcegraph automatically resolves remote clone URLs to their proper code host. However, there may be non-remote clone URLs (e.g., in submodule declarations) that Sourcegraph cannot automatically map to a code host. In this case, use this field to specify the mapping. The mappings are tried in the order they are specified and take precedence over automatic mappings.
	"git.cloneURLToRepositoryName": null,
	// Other example values:
	// - [
	//     {
	//       "from": "^../(?P\u003cname\u003e\\w+)$",
	//       "to": "github.com/user/{name}"
	//     }
	//   ]

	// Maximum number of seconds that a long Git command (e.g. clone or remote update) is allowed to execute. The default is 3600 seconds, or 1 hour.
	"gitLongCommandTimeout": 3600,

	// Maximum number of remote code host git operations (e.g. clone or ls-remote) to be run per second per gitserver. Default is -1, which is unlimited.
	"gitMaxCodehostRequestsPerSecond": -1,

	// Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. Note: the global git update scheduler respects gitMaxConcurrentClones. However, we allow each gitserver to run upto gitMaxConcurrentClones to allow for urgent fetches. Urgent fetches are used when a user is browsing a PR and we do not have the commit yet.
	"gitMaxConcurrentClones": 5,

	// JSON array of repo name patterns and update intervals. If a repo matches a pattern, the associated interval will be used. If it matches no patterns a default backoff heuristic will be used. Pattern matches are attempted in the order they are provided.
	"gitUpdateInterval": null,
	// Other example values:
	// - [
	//     {
	//       "interval": 5,
	//       "pattern": "^github.com/sourcegraph/.*"
	//     },
	//     {
	//       "interval": 10,
	//       "pattern": "^bitbucket.org/.*"
	//     }
	//   ]

	// URL to fetch unreachable repository details from. Defaults to "https://sourcegraph.com"
	"parentSourcegraph": null,
	// Other example values:
	// - {
	//     "url": "https://sourcegraph.example.com"
	//   }

	// The number of concurrent external service syncers that can run.
	"repoConcurrentExternalServiceSyncers": 3,

	// Interval (in minutes) for checking code hosts (such as GitHub, Gitolite, etc.) for new repositories.
	"repoListUpdateInterval": 1,

	// Configuration for repository purge worker.
	"repoPurgeWorker": {
		"deletedTTLMinutes": 60,
		"intervalMinutes": 15
	},

	// The SCIM auth token is used to authenticate SCIM requests. If not set, SCIM is disabled.
	"scim.authToken": "",

	// Identity provider used for SCIM support.  "STANDARD" should be used unless a more specific value is available
	"scim.identityProvider": "STANDARD",

//////////////////////////////////////////////////////////////
// Misc.
//////////////////////////////////////////////////////////////

	// Disable the feedback survey
	"disableFeedbackSurvey": false,

	// DEPRECATED. Has no effect.
	"disableNonCriticalTelemetry": false,

	// HTML to inject at the bottom of the `<body>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.
	"htmlBodyBottom": null,

	// HTML to inject at the top of the `<body>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.
	"htmlBodyTop": null,

	// HTML to inject at the bottom of the `<head>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.
	"htmlHeadBottom": null,

	// HTML to inject at the top of the `<head>` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.
	"htmlHeadTop": null,

	// Enables users access to the product research page in their settings.
	"productResearchPage.enabled": true,

	// The channel on which to automatically check for Sourcegraph updates.
	"update.channel": "release",
	// Other example values:
	// - "none"

//////////////////////////////////////////////////////////////
// Own
//////////////////////////////////////////////////////////////

	// The max number of concurrent Own jobs that will run per worker node.
	"own.background.repoIndexConcurrencyLimit": 5,

	// The maximum per second burst of repositories for Own jobs per worker node. Generally this value should not be less than the max concurrency.
	"own.background.repoIndexRateBurstLimit": 5,

	// The maximum per second rate of repositories for Own jobs per worker node.
	"own.background.repoIndexRateLimit": 20,

	// The Own service will attempt to match a Team by the last part of its handle if it contains a slash and no match is found for its full handle.
	"own.bestEffortTeamMatching": true,

//////////////////////////////////////////////////////////////
// Search
//////////////////////////////////////////////////////////////

	// DEPRECATED: Configure maxRepos in search.limits. The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.
	"maxReposToSearch": -1,

	// The number of threads each indexserver should use to index shards. If not set, indexserver will use the number of available CPUs. This is exposed as a safeguard and should usually not require being set.
	"search.index.shardConcurrency": null,
	// Other example values:
	// - "10"

	// Whether indexed symbol search is enabled. This is contingent on the indexed search configuration, and is true by default for instances with indexed search enabled. Enabling this will cause every repository to re-index, which is a time consuming (several hours) operation. Additionally, it requires more storage and ram to accommodate the added symbols information in the search index.
	"search.index.symbols.enabled": null,
	// Other example values:
	// - true

	// A list of file glob patterns where matching files will be indexed and searched regardless of their size. Files still need to be valid utf-8 to be indexed. The glob pattern syntax can be found here: https://github.com/bmatcuk/doublestar#patterns.
	"search.largeFiles": null,
	// Other example values:
	// - [
	//     "go.sum",
	//     "package-lock.json",
	//     "**/*.thrift"
	//   ]

	// Limits that search applies for number of repositories searched and timeouts.
	"search.limits": null,
	// Other example values:
	// - {
	//     "commitDiffMaxRepos": 50,
	//     "commitDiffWithTimeFilterMaxRepos": 5000,
	//     "maxRepos": 200,
	//     "maxTimeoutSeconds": 60
	//   }

//////////////////////////////////////////////////////////////
// Security
//////////////////////////////////////////////////////////////

	// Settings for access tokens, which enable external tools to access the Sourcegraph API with the privileges of the user.
	"auth.accessTokens": {
		"allow": "all-users-create",
		"allowNoExpiration": false,
		"defaultExpirationDays": 90,
		"expirationOptionDays": [
			7,
			14,
			30,
			60,
			90
		]
	},
	// Other example values:
	// - {
	//     "allow": "site-admin-create",
	//     "allowNoExpiration": true,
	//     "defaultExpirationDays": 90,
	//     "expirationOptionDays": [
	//       7,
	//       14,
	//       30,
	//       60,
	//       90
	//     ]
	//   }
	// - {
	//     "allow": "none",
	//     "allowNoExpiration": false,
	//     "defaultExpirationDays": 45,
	//     "expirationOptionDays": [
	//       7,
	//       14,
	//       30,
	//       60,
	//       90
	//     ]
	//   }

	// IP allowlist for access to the Sourcegraph instance. If set, only requests from these IP addresses will be allowed. By default client IP is infered connected client IP address, and you may configure to use a request header to determine the user IP.
	"auth.allowedIpAddress": null,

	// Required when using any of the native code host integrations for Phabricator, GitLab, or Bitbucket Server. It is a space-separated list of allowed origins for cross-origin HTTP requests which should be the base URL for your Phabricator, GitLab, or Bitbucket Server instance.
	"corsOrigin": null,
	// Other example values:
	// - "https://my-phabricator.example.com https://my-bitbucket.example.com https://my-gitlab.example.com"

	// Whether or not LSIF uploads will be blocked unless a valid LSIF upload token is provided.
	"lsifEnforceAuth": false,

	// Settings for Sourcegraph explicit permissions, which allow the site admin to explicitly manage repository permissions via the GraphQL API. This will mark repositories as restricted by default.
	"permissions.userMapping": {
		"bindID": "email",
		"enabled": true
	},
	// Other example values:
	// - {"bindID":"email"}
	// - {"bindID":"username"}

//////////////////////////////////////////////////////////////
// Sourcegraph Enterprise license
//////////////////////////////////////////////////////////////

	// The license key associated with a Sourcegraph product subscription, which is necessary to activate Sourcegraph Enterprise functionality. To obtain this value, contact Sourcegraph to purchase a subscription. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.
	"licenseKey": null,

//////////////////////////////////////////////////////////////
// Sourcegraph.com
//////////////////////////////////////////////////////////////

	// Configuration options for Sourcegraph.com only.
	"dotcom": null
}

Known bugs

The following site configuration options require the server to be restarted for the changes to take effect:

auth.providers
externalURL
insights.query.worker.concurrency
insights.commit.indexer.interval
permissions.syncUsersMaxConcurrency

Editing your site configuration if you cannot access the web UI

If you are having trouble accessing the web UI, you can make edits to your site configuration by editing the configuration directly.

Sourcegraph with Docker Compose and single-server Sourcegraph with Docker

Set FRONTEND_CONTAINER to:

docker exec -it --user=root $FRONTEND_CONTAINER sh -c 'apk add --no-cache && nano /home/sourcegraph/site-config.json'

Or if you prefer using a Vim editor:

docker exec -it $FRONTEND_CONTAINER sh -c 'vi ~/site-config.json'

Sourcegraph with Kubernetes

For Kubernetes deployments:

kubectl exec -it $FRONTEND_POD -- sh -c 'apk add --no-cache nano && nano ~/site-config.json'

Or if you prefer using a Vim editor:

kubectl exec -it $FRONTEND_POD -- sh -c 'vi ~/site-config.json'

Then simply save your changes (type ctrl+x and y to exit nano and save your changes). Your changes will be applied immediately in the same way as if you had made them through the web UI.

If you are still encountering issues

You can check the container logs to see if you have made any typos or mistakes in editing the configuration file. If you are still encountering problems, you can save the default site configuration that comes with Sourcegraph (below) or contact [email protected] with any questions you have.

{
	// The externally accessible URL for Sourcegraph (i.e., what you type into your browser)
	// This is required to be configured for Sourcegraph to work correctly.
	// "externalURL": "https://sourcegraph.example.com",

	// The authentication provider to use for identifying and signing in users.
	// Only one entry is supported.
	//
	// The builtin auth provider with signup disallowed (shown below) means that
	// after the initial site admin signs in, all other users must be invited.
	//
	// Other providers are documented at https://docs.sourcegraph.com/admin/auth.
	"auth.providers": [
		{
			"type": "builtin",
			"allowSignup": false
		}
	],
}