配置

All settings are stored in settings.py (as is usual for Django).

備註

After changing any of these settings, you need to restart Weblate — both WSGI and Celery processes.

在它作為 mod_wsgi 執行的情況下,需要重新啟動 Apache,來重新載入配置。

也參考

還要請檢視 Django's documentation 中關於配置 Django 自身的參數。

ADMINS_CONTACT

Configures where contact form sends e-mails. If not configured, e-mail addresses from ADMINS are used.

Configure this as a list of e-mail addresses:

ADMINS_CONTACT = ["admin@example.com", "support@example.com"]

也參考

ALLOWED_ASSET_DOMAINS

在 5.14 版被加入.

Configures which domains are allowed for fetching assets in Weblate.

This enhances security by preventing loading assets from untrusted sources. Assets are downloaded once by the Weblate server and stored locally, rather than being served directly from external domains to users.

The allowlist is applied to the initial URL and to every HTTP redirect target before Weblate follows it. Redirects to hosts outside of this allowlist are rejected.

It expects a list of host/domain names. You can use fully qualified names (e.g www.example.com) or prepend with a period as a wildcard to match all subdomains (e.g .example.com will match cdn.example.com or static.example.com).

Defaults to ["*"], which allows all domains.

範例

ALLOWED_ASSET_DOMAINS = [
    # Allows only cdn.anotherdomain.org
    "cdn.anotherdomain.org",
    # Allows example.com and all its subdomains
    ".example.com",
]

This is currently used in the following places:

也參考

ALLOWED_MACHINERY_DOMAINS

Configures which custom machinery domains are explicitly allowed in project-level machine translation configuration.

This setting applies only to machinery services and does not affect ALLOWED_ASSET_DOMAINS.

It expects a list of host/domain names. You can use fully qualified names or prepend with a period as a wildcard to match all subdomains.

預設為 []

The allowlist affects project-managed machinery in two ways: it permits the configured endpoint during outbound validation, and it marks matching hosts as trusted when deciding whether remote provider error details or response bodies can be shown to the user. For direct connections, runtime checks still reject destinations that resolve to private or otherwise non-public addresses. When an HTTP(S) proxy is used, runtime validation falls back to hostname validation and does not perform the same local DNS or peer-IP checks.

ALLOWED_ASSET_SIZE

在 5.14 版被加入.

Configures size limit in bytes for fetching or uploading assets into Weblate. Defaults to 10 MB.

也參考

ASSET_PRIVATE_ALLOWLIST

在 2025.5 版被加入.

Defines hostnames or domains exempt from ASSET_RESTRICT_PRIVATE for remote asset downloads that enforce private-target checks. Entries follow Django host matching semantics, so values such as assets.internal.example or .internal.example can be used.

This does not replace ALLOWED_ASSET_DOMAINS; remote assets must still match the asset domain allowlist.

預設配置:

ASSET_PRIVATE_ALLOWLIST = []

也參考

ASSET_RESTRICT_PRIVATE

在 2025.5 版被加入.

Reject remote asset URLs pointing to internal or non-public addresses unless the target host is included in ASSET_PRIVATE_ALLOWLIST. On by default.

When enabled, hostnames that cannot be resolved during validation are rejected unless they are explicitly included in ASSET_PRIVATE_ALLOWLIST. This currently applies to screenshot URL uploads and remote HTML downloads for the JavaScript 在地化 CDN add-on.

也參考

ALTCHA_COST

在 2025.5 版被加入.

Argon2id time cost for the ALTCHA proof-of-work challenge. Defaults to 3.

Replaces ALTCHA_MAX_NUMBER, which applied to the removed ALTCHA widget v2.

ALTCHA_MEMORY_COST

在 2025.5 版被加入.

Argon2id memory cost in KiB. Defaults to 65536.

ALTCHA_PARALLELISM

在 2025.5 版被加入.

Argon2id 平行係數。預設為 1

也參考

ALTCHA 工作量證明機制

ANONYMOUS_USER_NAME

未登入使用者的使用者名稱。

也參考

存取控制

AUDITLOG_EXPIRY

The maximum number of days Weblate will keep audit logs containing information about the account activity.

預設為 180 天。

AUTH_LOCK_ATTEMPTS

在rate限制應用前,授權嘗試失敗的最多次數。

目前,這應用在後面的位置:

  • 登入。刪除帳號密碼,防止使用者不請求新的密碼而登入。

  • Password reset. Prevents new e-mails from being sent, avoiding spamming users with too many password-reset attempts.

預設為 10。

也參考

速率限制

AUTO_UPDATE

以每天的頻率更新所有儲存庫。

提示

在不使用 Notification hooks 來自動更新 Weblate 儲存庫的情況下有用。

備註

On/off options exist in addition to string selection for backward compatibility.

選項有:

"none"

無每日更新。

"remote" also False

只更新遠端儲存庫。

"full" 也為 True

更新遠端,並合併工作副本。

備註

這需要 使用 Celery 的背景工作 工作,並在重啟後生效。

AVATAR_URL_PREFIX

Prefix for constructing avatar URLs as: ${AVATAR_URL_PREFIX}/avatar/${MAIL_HASH}?${PARAMS}. The following services are known to work:

Gravatar (default), as per https://gravatar.com/

AVATAR_URL_PREFIX = 'https://www.gravatar.com/'

Libravatar, as per https://www.libravatar.org/

AVATAR_URL_PREFIX = 'https://www.libravatar.org/'

也參考

AUTH_TOKEN_VALID

身分驗證權杖和密碼重設電子郵件中臨時密碼的有效時間。以秒為單位,預設為 172800( 2 天)。

AUTH_PASSWORD_DAYS

How many days Weblate rejects reusing a previously used password for a user.

The checking is based on the audit log, AUDITLOG_EXPIRY needs to be at least same as this.

備註

自動修復很強大,但可能導致損壞;寫指令碼的時候要小心。

預設為 180 天。

AUTOFIX_LIST

當儲存字串時應用自動修復清單。

備註

Provide a fully-qualified path to the Python class that implements the autofixer interface.

Available fixes are described at 自動修正.

可以選取使用哪一個:

AUTOFIX_LIST = (
    "weblate.trans.autofixes.whitespace.SameBookendingWhitespace",
    "weblate.trans.autofixes.chars.ReplaceTrailingDotsWithEllipsis",
)

也參考

BACKGROUND_TASKS

在 4.5.2 版被加入.

定義應為組件觸發冗長的維護工作的頻率。

此刻的控制項:

可能的選項:

  • 每月 (這是預設值)

  • weekly

  • daily

  • never

備註

當WebLate包含數千個組件時,不建議不要增加頻率。

BASIC_LANGUAGES

在 4.4 版被加入.

List of languages to offer users for starting a new translation. When not specified, a built-in list is used (which includes all commonly used languages, but without country specific variants).

This only limits non privileged users to add unwanted languages. Project admins are still presented with the full selection of languages defined in Weblate.

備註

This does not define new languages for Weblate — it only filters existing ones in the database.

範例:

BASIC_LANGUAGES = {"cs", "it", "ja", "en"}

也參考

語言定義

BORG_EXTRA_ARGS

在 4.9 版被加入.

您可以帶入額外的參數在 borg create 中使用,當觸發內建的備份機制時。

範例:

BORG_EXTRA_ARGS = ["--exclude", "vcs/"]

也參考

CACHE_DIR

在 4.16 版被加入.

Directory where Weblate stores cache files. Defaults to cache subfolder in DATA_DIR.

Change this to local or temporary filesystem if DATA_DIR is on a network filesystem.

Weblate stores generated helper files here and executes some of them, so CACHE_DIR has to be writable and mounted on a filesystem that allows execution. Avoid using noexec mount options for this directory.

Docker 容器為此使用單獨的儲存區,請參閱 Docker 容器儲存區

後面的子目錄通常存在:

ssh

Generated helper files used for VCS access.

fonts

font-config cache for 管理字型.

avatar

快取的使用者頭像,請參閱 頭像

static

靜態 Django 檔案的預設位置,由 STATIC_ROOT 指定。見 提供靜態檔案

tesseract

OCR trained data for Screenshots and visual context.

CSP_SCRIPT_SRC, CSP_IMG_SRC, CSP_CONNECT_SRC, CSP_STYLE_SRC, CSP_FONT_SRC, CSP_FORM_SRC

Customize the Content-Security-Policy header for Weblate. The header is automatically generated based on enabled integrations with third-party services (Matomo, Google Analytics, Sentry, …).

All these default to an empty list.

範例:

# Enable Cloudflare Javascript optimizations
CSP_SCRIPT_SRC = ["ajax.cloudflare.com"]

也參考

CHECK_LIST

翻譯時執行的品質檢查清單。

備註

為實施檢查介面的 Python 類提供完全合規的路徑。

調整檢查清單,來包括與您相關的那些檢查。

All built-in 品質檢查 are turned on by default, from where you can change these settings. By default they are commented out in 範例配置 so that default values are used. New checks are then carried out for each new Weblate version.

可以關閉所有檢查:

CHECK_LIST = ()

可以只打開一部分檢查:

CHECK_LIST = (
    "weblate.checks.chars.BeginNewlineCheck",
    "weblate.checks.chars.EndNewlineCheck",
    "weblate.checks.chars.MaxLengthCheck",
)

備註

Changing this setting only affects newly changed translations. Existing checks will still be stored in the database. To also apply changes to the stored translations, run updatechecks.

也參考

COMMIT_PENDING_HOURS

通過背景工作方式提交待定的變更之間的小時數。

也參考

COMPONENT_ZIP_UPLOAD_MAX_SIZE

在 5.17.1 版被加入.

Configures the maximum size, in bytes, for uploaded component ZIP files. Defaults to 50 MB.

在 Docker 中,使用 WEBLATE_COMPONENT_ZIP_UPLOAD_MAX_SIZE 環境變數配置這個。

也參考

CONTACT_FORM

在 4.6 版被加入.

Configures how e-mail from the contact form is being sent. Choose a configuration that matches the configuration of your mail server.

"reply-to"

The sender is used as Reply-To, this is the default behaviour.

"from"

The sender is used as From. Your mail server needs to allow sending such e-mails.

"disabled"

Disables the contact form entirely.

在 5.15 版被加入.

也參考

ADMINS_CONTACT

DATA_DIR

The folder Weblate stores all data in. It contains links to VCS repositories, a fulltext index and various configuration files for external tools.

後面的子目錄通常存在:

home

Home 目錄用於呼叫指令碼。

ssh

SSH 金鑰和配置。

media

Django 媒體檔案的預設位置,由 MEDIA_ROOT 指定。包含已上傳的螢幕擷圖,見 Screenshots and visual context

vcs

用於翻譯的版本控制儲存庫。

backups

Daily backup data. Please check 下載的資料用於備份 for details.

fonts

使用者已上傳的字型,參閱: 管理字型

cache

Various caches. Can be placed elsewhere using CACHE_DIR.

Docker 容器為此使用單獨的儲存區,請參閱 Docker 容器儲存區

備註

This directory has to be writable by Weblate. Running it as WSGI means the www-data user should have write access to it.

實現這個的最簡單方式是讓使用者作為目錄的所有者:

sudo chown www-data:www-data -R $DATA_DIR

預設為 /home/weblate/data,但預期需要被設定。

也參考

DATABASE_BACKUP

資料庫備份應該儲存為純文字,壓縮還是略過。授權值為:

  • "plain"

  • "compressed"

  • "none"

也參考

備份和移動 Weblate

DEFAULT_ACCESS_CONTROL

新專案的預設存取控制設定:

0

公開

1

保護

100

私人

200

自訂

如果手動管理 ACL 則使用 Custom,這意味著不依賴於 Weblate 內部管理。

也參考

DEFAULT_AUTO_WATCH

在 4.5 版被加入.

Configures whether Automatically watch projects on contribution should be turned on for new users. Defaults to True.

也參考

通知

DEFAULT_RESTRICTED_COMPONENT

在 4.1 版被加入.

組件限制的預設值。

也參考

default_add_message,default_addon_message,default_commit_message,default_delete_message,default_merge_message

不同操作的預設執行資訊,細節請查閱 組件配置

The built-in defaults follow Conventional Commits and include Weblate links where available. Changing these settings affects newly created defaults; existing message templates can be reset in the settings forms with Restore site default. For inherited values, restoring the site default also disables inheritance for that message.

也參考

DEFAULT_ADDONS

Default add-ons to install for every created component.

備註

此設定只影響新建立的組件。

範例:

DEFAULT_ADDONS = {
    # Add-on with no parameters
    "weblate.flags.target_edit": {},
    # Add-on with parameters
    "weblate.autotranslate.autotranslate": {
        "mode": "suggest",
        "filter_type": "todo",
        "auto_source": "mt",
        "component": "",
        "engines": ["weblate-translation-memory"],
        "threshold": "80",
    },
}

也參考

DEFAULT_COMMITER_EMAIL

提交者電子郵件位址,預設為 noreply@weblate.org

也參考

DEFAULT_COMMITER_NAME

DEFAULT_COMMITER_NAME

Committer name, defaulting to Weblate.

也參考

DEFAULT_COMMITER_EMAIL

DEFAULT_LANGUAGE

在 4.3.2 版被加入.

來源語言 for any new components.

預設為 en。匹配的語言物件需要存在於資料庫中。

也參考

DEFAULT_MERGE_STYLE

合併類型 for any new components.

  • rebase - 預設

  • merge

也參考

DEFAULT_SHARED_TM

配置 使用共享的翻譯記憶貢獻至共享翻譯記憶 的預設值。

DEFAULT_TRANSLATION_REVIEW

在 5.16 版被加入.

配置 啟用檢閱 的預設值,預設關閉。

DEFAULT_SOURCE_REVIEW

在 5.16 版被加入.

配置 啟用來源檢閱 的預設值,預設關閉。

DEFAULT_AUTOCLEAN_TM

在 5.13 版被加入.

配置 自動清理翻譯記憶 的預設值。

DEFAULT_TRANSLATION_PROPAGATION

翻譯傳播的預設設定,預設為 True

也參考

DEFAULT_PULL_MESSAGE

配置拉取請求的預設標題與訊息。

The built-in default follows Conventional Commits and includes Weblate links and translation status.

ENABLE_AVATARS

Whether to turn on Gravatar-based avatars for users. On by default.

Avatars are fetched and cached on the server, lowering the risk of leaking private info, speeding up the user experience.

也參考

ENABLE_HOOKS

Whether to turn on anonymous remote hooks.

也參考

Notification hooks

ENABLE_HTTPS

在 5.7 版的變更: Weblate now requires https for WebAuthn support.

將連結作為 HTTPS 還是 HTTP 傳送給 Weblate。這個設定影響傳送電子郵件,並產生絕對 URL。

In the default configuration this is also used for several Django settings related to HTTPS — it enables secure cookies, toggles HSTS or enables redirection to a HTTPS URL.

The HTTPS redirection might be problematic in some cases and you might hit an issue with infinite redirection in case you are using a reverse proxy doing an SSL termination which does not correctly pass protocol headers to Django. Please tweak your reverse proxy configuration to emit X-Forwarded-Proto or Forwarded headers or configure SECURE_PROXY_SSL_HEADER to let Django correctly detect the SSL status.

In case this is disabled, Weblate will fail to start with an otp_webauthn.E031 error. You can silence this error by adding it to SILENCED_SYSTEM_CHECKS, but still WebAuthn will not work for sites without HTTPS.

也參考

ENABLE_SHARING

Turn on/off the Community menu so users can share translation progress on social networks.

也參考

建立翻譯社群

EXTRA_HTML_HEAD

在 4.15 版被加入.

Insert additional markup into the HTML header. Can be used for verification of site ownership, for example:

EXTRA_HTML_HEAD = '<link href="https://fosstodon.org/@weblate" rel="me">'

警告

No sanitization is performed on the string. It is inserted as-is into the HTML header.

GET_HELP_URL

在 4.5.2 版被加入.

可以找到您的 Weblate 實例支援的 URL。

GITEA_CREDENTIALS

在 4.12 版被加入.

用於 Gitea 伺服器的憑證清單。

GITEA_CREDENTIALS = {
    "try.gitea.io": {
        "username": "weblate",
        "token": "your-api-token",
    },
}

The configuration dictionary consists of credentials defined for each API host. The layout is same for almost all version control integrations and is described at 配置版本控制憑證.

也參考

GITLAB_CREDENTIALS

在 4.3 版被加入.

用於 GitLab 伺服器的證明清單。

GITLAB_CREDENTIALS = {
    "gitlab.com": {
        "username": "weblate",
        "token": "your-api-token",
    },
}

備註

The personal access token needs the api scope to be able to use the API.

The configuration dictionary consists of credentials defined for each API host. The layout is same for almost all version control integrations and is described at 配置版本控制憑證.

也參考

GITHUB_CREDENTIALS

在 4.3 版被加入.

用於 GitHub 伺服器的證明清單。

GITHUB_CREDENTIALS = {
    "api.github.com": {
        "username": "weblate",
        "token": "your-api-token",
    },
}

備註

It is possible to use both fine-grained personal access tokens and classic personal access tokens. The fine-grained tokens are limited to a single organization, so it won't work if you want Weblate to fork a repository outside the organization (typically to the user namespace).

To clone, push and create pull requests, the read and write access to Contents and Pull requests is required.

Administration might also be necessary for forking a repository if you intend to use forking and the original repository is not public.

提示

Use api.github.com as an API host for https://github.com/.

The configuration dictionary consists of credentials defined for each API host. The layout is same for almost all version control integrations and is described at 配置版本控制憑證.

也參考

BITBUCKETSERVER_CREDENTIALS

在 4.16 版被加入.

Bitbucket 資料中心憑證清單。

BITBUCKETSERVER_CREDENTIALS = {
    "git.self-hosted.com": {
        "username": "weblate",
        "token": "http-access-token",
    },
}

The configuration dictionary consists of credentials defined for each API host. The layout is same for almost all version control integrations and is described at 配置版本控制憑證.

也參考

BITBUCKETCLOUD_CREDENTIALS

在 5.8 版被加入.

Bitbucket Cloud 伺服器憑證清單。

BITBUCKETCLOUD_CREDENTIALS = {
    "bitbucket.org": {
        "username": "your-email",
        "workspace": "your-workspace-slug",
        "token": "your-api-token",
    },
}

The configuration dictionary consists of credentials defined for each API host. The API host might be different from what you use in the web browser, for example GitHub API is accessed as api.github.com.

The following configuration is available for each host:

username

API 使用者。

workspace

The user workspace slug.

token

The API token with pullrequest:write permission.

Additional settings not described here can be found at 配置版本控制憑證.

也參考

AZURE_DEVOPS_CREDENTIALS

在 5.2 版被加入.

Azure DevOps 伺服器憑證清單。

AZURE_DEVOPS_CREDENTIALS = {
    "dev.azure.com": {
        "username": "project-name",
        "token": "your-api-token",
        "organization": "organization-name",
    },
}

The configuration dictionary consists of credentials defined for each API host. The API host might be different from what you use in the web browser, for example GitHub API is accessed as api.github.com.

The following configuration is available for each host:

username

The name of the Azure DevOps project. This is not the repository name.

organization

專案的組織名稱。

workItemIds

An optional list of work items IDs from your organization. When provided new pull requests will have these attached.

token

API token for the API user, required.

Additional settings not described here can be found at 配置版本控制憑證.

也參考

GOOGLE_ANALYTICS_ID

Google Analytics ID to turn on monitoring of Weblate using Google Universal Analytics.

備註

Google Analytics 4 整合目前對 Weblate 不可用,請參閱 https://github.com/WeblateOrg/weblate/issues/14015

HIDE_REPO_CREDENTIALS

隱藏儲存庫憑證避免出現在 web 介面中。在儲存庫網址帶有使用者名稱和密碼的情況下, Weblate 會在相關資訊顯示給使用者時將其隱藏起來。

For example instead of https://user:password@git.example.com/repo.git it will show just https://git.example.com/repo.git. It tries to clean up VCS error messages too in a similar manner.

備註

預設啟用。

VERSION_DISPLAY

在 5.17 版被加入.

Controls how prominently Weblate exposes its own version.

支援的值有:

show

Show the version in shared UI such as the footer and expose it in GET /api/metrics/.

soft

Hide the version from prominent shared UI, while keeping it discoverable on the About page and in GET /api/metrics/.

hide

Hide the version from shared UI and GET /api/metrics/. This also makes anonymous documentation links point to the latest documentation instead of the version matching the installed release.

Hiding the version is a recommended security practice in some corporations, but it does not prevent an attacker from inferring the version by probing behavior.

備註

The default is show.

HIDE_VERSION

在 4.3.1 版被加入.

在 5.17 版之後被棄用.

Compatibility alias for VERSION_DISPLAY. Set this to True to get the same behavior as VERSION_DISPLAY = "hide".

IP_BEHIND_REVERSE_PROXY

指示 Weblate 是否在反向代理後面執行。

如果設定為 True, Weblate 會從 IP_PROXY_HEADER 定義的標頭中得到 IP 位址。

警告

確保真正使用反向代理,並且設定了這個標頭,否則使用者將能夠假冒 IP 位址。

備註

這並非預設啟用。

也參考

IP_PROXY_HEADER

指示當 IP_BEHIND_REVERSE_PROXY 開啟時,Weblate應該從那個標頭得到 IP 位址。

預設為 HTTP_X_FORWARDED_FOR

也參考

IP_PROXY_OFFSET

在 5.0.1 版的變更: 預設已從 1 變更為 -1。

指示 IP_PROXY_HEADER 的哪部分用作用戶端 IP 位址。

Depending on your setup, this header might consist of several IP addresses, (for example X-Forwarded-For: client-ip, proxy-a, proxy-b) and you can configure which address from the header is used as client IP address here.

警告

Setting this affects the security of your installation. You should only configure it to use trusted proxies for determining the IP address. Please check <https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For#security_and_privacy_concerns> for more details.

預設為 -1。

也參考

LICENSE_EXTRA

包括在授權選擇中的其他授權。

備註

Each license definition should be a tuple of its short name, a long name, a URL and a boolean, indicating whether it is a libre license.

例如:

LICENSE_EXTRA = [
    (
        "AGPL-3.0",
        "GNU Affero General Public License v3.0",
        "https://www.gnu.org/licenses/agpl-3.0-standalone.html",
        True,
    ),
]

LICENSE_FILTER

在 4.3 版的變更: 設定此值為空現在會關閉授權警示。

要顯示的被篩選的授權清單。在設定為空時還關閉了授權警示。

備註

這個過濾器使用了短授權名稱。

例如:

LICENSE_FILTER = {"AGPL-3.0", "GPL-3.0-or-later"}

Following disables the license alert:

LICENSE_FILTER = set()

也參考

Translation component diagnostics

LICENSE_REQUIRED

定義了是否需要 組件配置 中的授權屬性。

備註

預設這是關閉的。

LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH

Whether the length of a given translation should be limited. The restriction is the length of the source string × 10 characters.

提示

Set this to False to allow longer translations (up to 10,000 characters) irrespective of source string length.

備註

預設為 True.

LOCALIZE_CDN_URL 和 LOCALIZE_CDN_PATH

These settings configure the CDN add-ons, including JavaScript 在地化 CDN and 翻譯檔案 CDN. LOCALIZE_CDN_URL defines root URL where the localization CDN is available and LOCALIZE_CDN_PATH defines path where Weblate should store generated files which will be served at the LOCALIZE_CDN_URL. The files are served by your web server or CDN, not by Weblate; see 在地化 CDN for secure serving guidance.

提示

在 Hosted Weblate 中,這使用 https://weblate-cdn.com/

也參考

MATOMO_SITE_ID

ID of the site in Matomo (formerly Piwik) you want to use for tracking Weblate.

備註

此整合不支援 Matomo Tag Manager。

也參考

MATOMO_URL

MATOMO_URL

Full URL (including trailing slash) of a Matomo (formerly Piwik) installation you want to use to track Weblate use. Please check <https://matomo.org/> for more details.

提示

此整合不支援 Matomo Tag Manager。

例如:

MATOMO_SITE_ID = 1
MATOMO_URL = "https://example.matomo.cloud/"

也參考

MATOMO_SITE_ID

NEARBY_MESSAGES

在完整編輯器中要在各方向顯示的相鄰字串數。

這只是預設值,使用者可以在 使用者設定檔 中調整。

DEFAULT_PAGE_LIMIT

在 4.7 版被加入.

Default number of elements to display when pagination is active.

PAGURE_CREDENTIALS

在 4.3.2 版被加入.

Pagure 伺服器憑證清單。

PAGURE_CREDENTIALS = {
    "pagure.io": {
        "username": "weblate",
        "token": "your-api-token",
    },
}

The configuration dictionary consists of credentials defined for each API host. The layout is same for almost all version control integrations and is described at 配置版本控制憑證.

也參考

PASSWORD_MINIMAL_STRENGTH

在 5.10.2 版被加入.

Minimal password score as evaluated by the zxcvbn password strength estimator.

Defaults to 0, which means strength checking is disabled.

也參考

PASSWORD_RESET_URL

在 5.17 版被加入.

URL for password reset when authentication is handled by an external identity provider, such as LDAP, SAML, or OAuth.

When set, Forgot your password? on the sign-in page links to this URL instead of Weblate's built-in password reset page.

PRIVACY_URL

在 4.8.1 版被加入.

您的 Weblate 實例顯示其隱私政策的 URL。

提示

Useful if you host your privacy policy outside Weblate instead of using the 法律模組 module. When the legal module is enabled, Weblate links to the internal legal pages by default.

範例:

PRIVACY_URL = "https://weblate.org/terms/"

也參考

LEGAL_URL

PRIVATE_COMMIT_EMAIL_OPT_IN

在 4.15 版被加入.

Configures whether the private commit e-mail is opt-in or opt-out (by default it is opt-in).

提示

This setting only applies to users which have not explicitly chosen a commit e-mail.

也參考

PRIVATE_COMMIT_EMAIL_TEMPLATE

在 4.15 版被加入.

Template to generate a private commit e-mail for a user. Defaults to "{username}@users.noreply.{site_domain}".

其可以包含 {user_id}{username}{site_title}{site_domain}

設為空白字串以停用。

備註

Using a different commit e-mail is opt-in for users unless configured by PRIVATE_COMMIT_EMAIL_OPT_IN. Users can configure their commit e-mail in the 個人檔案.

PRIVATE_COMMIT_NAME_OPT_IN

在 5.16 版被加入.

Configures whether the private commit name is opt-in or opt-out (by default it is opt-in).

提示

This setting only applies to users which have not explicitly chosen a commit name.

也參考

PRIVATE_COMMIT_NAME_TEMPLATE

在 5.16 版被加入.

Template to generate a private commit name for a user. Defaults to "{site_title} user {user_id}".

其可以包含 {user_id}{username}{site_title}{site_domain}

設為空白字串以停用。

備註

Using a different commit name is opt-in for users unless configured by PRIVATE_COMMIT_NAME_OPT_IN. Users can configure their commit name in the 個人檔案.

PROJECT_BACKUP_KEEP_COUNT

在 4.14 版被加入.

Defines how many backups per project are kept on the server. Defaults to 3.

也參考

專案層級備份

PROJECT_BACKUP_KEEP_DAYS

在 4.14 版被加入.

定義每個專案的備份將存放多久在伺服器上。預設為 30 天。

也參考

專案層級備份

PROJECT_BACKUP_UPLOAD_MAX_SIZE

在 5.17.1 版被加入.

Configures the maximum size, in bytes, for uploaded project backup ZIP files. Defaults to 536870912 bytes (512 MiB).

In Docker, configure this using the WEBLATE_PROJECT_BACKUP_UPLOAD_MAX_SIZE environment variable. Docker setups can also be constrained by CLIENT_MAX_BODY_SIZE; other deployments can be constrained by their reverse proxy request body-size limit.

也參考

專案層級備份

PROJECT_BACKUP_IMPORT_MAX_MEMBERS

在 5.17 版被加入.

Defines the maximum number of ZIP entries allowed when importing a project backup.

This is a safeguard against malformed or intentionally fragmented archives. Defaults to 100000 entries.

在 Docker 中,使用 WEBLATE_PROJECT_BACKUP_IMPORT_MAX_MEMBERS 環境變數配置這個。

也參考

專案層級備份

PROJECT_BACKUP_IMPORT_MAX_TOTAL_UNCOMPRESSED_SIZE

在 5.17.1 版被加入.

Defines the maximum total uncompressed size, in bytes, for ZIP entries in an imported project backup. Defaults to 536870912 bytes (512 MiB).

This limits archives that are small when uploaded but expand to much more data during validation or restore.

在 Docker 中,使用 WEBLATE_PROJECT_BACKUP_IMPORT_MAX_TOTAL_UNCOMPRESSED_SIZE 環境變數配置這個。

也參考

專案層級備份

PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE

在 5.17 版被加入.

Defines the maximum uncompressed size, in bytes, for a single highly compressed ZIP entry in an imported project backup.

This limit is only applied to entries that are large enough and compress enough to look suspicious. Large low-compression files are intentionally allowed here and are expected to be constrained by the HTTP upload limit. Defaults to 262144000 bytes (250 MiB).

在 Docker 中,使用 WEBLATE_PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE 環境變數配置這個。

也參考

專案層級備份

PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE

在 5.17 版被加入.

Defines the minimum uncompressed size, in bytes, at which Weblate starts considering the ZIP compression ratio during project backup import.

Smaller files are ignored for the compression-ratio-based validation to avoid rejecting reasonably sized files that compress well. Defaults to 1048576 bytes (1 MiB).

在 Docker 中,使用 WEBLATE_PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE 環境變數配置這個。

也參考

專案層級備份

PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO

在 5.17 版被加入.

Defines the maximum allowed ratio between the uncompressed and compressed size for a large ZIP entry during project backup import.

This is used together with PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE and PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE to detect suspiciously compressed entries while still allowing large repository pack files and other low-compression content. Defaults to 250.

在 Docker 中,使用 WEBLATE_PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO 環境變數配置這個。

也參考

專案層級備份

PROJECT_NAME_RESTRICT_RE

在 4.15 版被加入.

Defines a regular expression to restrict project naming. Any matching names will be rejected.

也參考

專案名稱

PROJECT_WEB_RESTRICT_HOST

在 4.16.2 版被加入.

Reject using certain hosts in project website. Any subdomain is matched, so including example.com will block test.example.com as well. The list should contain lower case strings only, the parsed domain is lower cased before matching.

預設配置:

PROJECT_WEB_RESTRICT_HOST = {"localhost"}

也參考

PROJECT_WEB_RESTRICT_ALLOWLIST

在 5.17 版被加入.

Defines a set of project slugs exempt from PROJECT_WEB_RESTRICT_HOST, PROJECT_WEB_RESTRICT_NUMERIC, PROJECT_WEB_RESTRICT_PRIVATE, and PROJECT_WEB_RESTRICT_RE when validating the project website. Project slugs are matched case-insensitively.

警示

This exemption weakens outbound URL protections for matching projects, including the private-target restriction enforced by PROJECT_WEB_RESTRICT_PRIVATE. Use it only for trusted, administrator-managed projects where bypassing these checks is intentional.

預設配置:

PROJECT_WEB_RESTRICT_ALLOWLIST = set()

也參考

PROJECT_WEB_RESTRICT_NUMERIC

在 4.16.2 版被加入.

拒絕在專案網站中使用數字 IP 位址。預設啟用。

也參考

PROJECT_WEB_RESTRICT_PRIVATE

在 5.17 版被加入.

Reject using project website and repository browser URLs pointing to internal or non-public addresses. On by default.

也參考

PROJECT_WEB_RESTRICT_RE

在 4.15 版被加入.

Defines a regular expression to limit what can be entered as 專案網站. Any matching URLs will be rejected.

也參考

WEBHOOK_PRIVATE_ALLOWLIST

在 5.17 版被加入.

Defines hostnames or domains exempt from WEBHOOK_RESTRICT_PRIVATE for outbound webhook delivery. Entries follow Django host matching semantics, so values such as hooks.internal.example or .internal.example can be used.

預設配置:

WEBHOOK_PRIVATE_ALLOWLIST = []

也參考

WEBHOOK_RESTRICT_PRIVATE

在 5.17 版被加入.

Reject webhook URLs pointing to internal or non-public addresses unless the target host is included in WEBHOOK_PRIVATE_ALLOWLIST. On by default.

When enabled, hostnames that cannot be resolved during validation are rejected unless they are explicitly included in WEBHOOK_PRIVATE_ALLOWLIST.

也參考

PUBLIC_ENGAGE

在 5.16.2 版被加入.

Allows public engage page even with REQUIRE_LOGIN.

也參考

RATELIMIT_NOTIFICATION_LIMITS

在 5.14 版被加入.

Limits how many notifications for a single user will be sent out.

預設設定為:

# Multi-level rate limiting for email notifications
# Each tuple contains (max_emails, time_window_seconds)
RATELIMIT_NOTIFICATION_LIMITS = [
    # Prevent burst sends - 3 emails per 2 minutes
    (3, 120),
    # Equalize to avoid getting blocked for too long - 10 emails per hour
    (10, 3600),
    # Daily limit: 50 emails per day
    (50, 86400),
]

RATELIMIT_ATTEMPTS

在應用次數限制前,身分認證嘗試的最多次數。

預設為 5。

也參考

RATELIMIT_WINDOW

How long authentication is accepted after rate limiting applies.

An amount of seconds, defaulting to 300 (5 minutes).

也參考

RATELIMIT_LOCKOUT

在應用次數限制後,身分認證鎖定多久。

秒數預設為 600 ( 10 分鐘)。

也參考

REGISTRATION_ALLOW_BACKENDS

在 4.1 版被加入.

身分驗證後端的清單,允許從中註冊。這只限制新的註冊,使用者可以使用配置的身分驗證後端,來進行身分驗證和新增身分驗證。

It is recommended to keep REGISTRATION_OPEN on while limiting registration backends, otherwise users will be able to register, but Weblate will not show links to register in the user interface.

範例:

REGISTRATION_ALLOW_BACKENDS = ["azuread-oauth2", "azuread-tenant-oauth2"]

提示

The backend names match names used in the URL for authentication.

也參考

REGISTRATION_CAPTCHA

Whether registration of new accounts is protected by a CAPTCHA. Defaults to enabled.

If turned on, a CAPTCHA is added to all pages where a user enters their e-mail address:

  • 新帳號註冊。

  • 找回密碼。

  • 將電子郵箱地址新增到帳號中。

  • 供未登入使用者使用的聯絡表單。

The protection currently consists of following steps:

REGISTRATION_EMAIL_MATCH

允許您篩選哪個電子郵箱地址可以註冊。

預設為 .*,允許使用任何電子郵箱地址註冊。

可以用它限制註冊到單一的電子郵箱域名:

REGISTRATION_EMAIL_MATCH = r"^.*@weblate\.org$"

REGISTRATION_ALLOW_DISPOSABLE_EMAILS

在 5.16.1 版被加入.

Allow registration with disposable e-mail domains. When enabled, the disposable domain blocklist is bypassed. Default is False.

也參考

REGISTRATION_OPEN

Whether registration of new accounts is currently permitted. Defaults to enabled.

This setting affects built-in authentication by e-mail address or through the Python Social Auth (you can allow certain back-ends using REGISTRATION_ALLOW_BACKENDS).

備註

如果使用第三方身分驗證方法,如 LDAP 身分驗證,只是隱藏註冊表單,而新使用者仍然能夠登入並建立帳號。

也參考

REGISTRATION_REBIND

在 4.16 版被加入.

Allow rebinding authentication backends for existing users. Turn this on when migrating between authentication providers.

備註

Off by default to not allow adding other authentication backends to an existing account. Rebinding can lead to account compromise when using more third-party authentication backends.

REPOSITORY_ALERT_THRESHOLD

在 4.0.2 版被加入.

觸發儲存庫過期警告的閾值,或者包含了太多變更的閾值。預設為 25。

也參考

Translation component diagnostics

REQUIRE_LOGIN

在 4.1 版被加入.

This enables django.contrib.auth.middleware.LoginRequiredMiddleware and configures REST framework to require authentication for all API endpoints.

在 5.15 版的變更: Weblate 現在依賴於 Django 內建中介層。

備註

這被實作於 範例配置 中。對於 Docker,使用 WEBLATE_REQUIRE_LOGIN

GOOGLE_CLOUD_ERROR_REPORTING

Configuration for 收集錯誤報告與監測效能 using Google Cloud Error Reporting. Set to None to disable the integration, or set to a dictionary of keyword arguments for the Google Cloud Error Reporting client.

Weblate automatically supplies service as weblate and version as the current Weblate version or Git revision. Explicit values in the dictionary override these defaults.

OPENTELEMETRY_ENABLED

在 2026.6 版被加入.

Enable backend tracing using OpenTelemetry. Disabled by default.

Traces are exported only when this is enabled and OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT is configured.

OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT

OTLP HTTP traces endpoint for OpenTelemetry, for example https://collector.example.com/v1/traces.

OPENTELEMETRY_EXPORTER_OTLP_HEADERS

Additional HTTP headers for the OpenTelemetry OTLP exporter. Defaults to an empty dictionary.

OPENTELEMETRY_EXTRA_RESOURCE_ATTRIBUTES

Additional OpenTelemetry resource attributes. Defaults to an empty dictionary.

OPENTELEMETRY_SERVICE_NAME

OpenTelemetry 服務名稱。預設為 weblate

OPENTELEMETRY_TRACES_SAMPLE_RATE

Configure sampling rate for OpenTelemetry traces. Set to 1 to trace all events, 0 (the default) disables tracing.

SENTRY_DSN

Sentry DSN to use for 收集錯誤報告與監測效能.

也參考

Django integration for Sentry

SENTRY_ENVIRONMENT

配置 Sentry 的環境。預設為 devel

SENTRY_MONITOR_BEAT_TASKS

在 5.13 版被加入.

Configure whether to monitor Celery Beat tasks with Sentry. Defaults to True.

SENTRY_PROFILES_SAMPLE_RATE

Configure sampling rate for performance monitoring. Set to 1 to profile all traced events (the default), 0 disables profiling.

也參考

Sentry Performance Monitoring

SENTRY_SEND_PII

Allow Sentry to collect certain personally identifiable information. Turned off by default.

在 5.7 版的變更: This is turned off by default now, used to be turned on by default.

SENTRY_TRACES_SAMPLE_RATE

Configure sampling rate for profiling monitoring. Set to 1 to trace all events, 0 (the default) disables tracing.

也參考

Sentry 效能分析

SIMPLIFY_LANGUAGES

Use simple language codes for default language/country combinations. For example an fr_FR translation will use the fr language code. This is usually the desired behavior, as it simplifies listing languages for these default combinations.

Turn this off if you want to different translations for each variant.

HIDE_SHARED_GLOSSARY_COMPONENTS

在 5.16 版被加入.

Glossary components are typically shared into other projects to make them available for translation work. When these are visible in the component list of projects that are using them, it can cause confusion or distract translators from the actual components that are meant to be translated.

This is turned off by default, making shared glossary components visible.

SITE_DOMAIN

Configures site domain. Necessary to produce correct absolute links in many scopes (for example activation e-mails, notifications or RSS feeds).

If Weblate is running on a non-standard port, include it here as well.

範例:

# Production site with domain name
SITE_DOMAIN = "weblate.example.com"

# Local development with IP address and port
SITE_DOMAIN = "127.0.0.1:8000"

備註

This setting should only contain the domain name. For configuring protocol, (turning on and enforcing HTTPS) use ENABLE_HTTPS and for changing the URL, use URL_PREFIX.

提示

對於 Docker 容器,站點網域是透過 WEBLATE_ALLOWED_HOSTS 配置的。

也參考

SITE_TITLE

被用於網站和發送電子郵件的站點標題。

SPECIAL_CHARS

要包含在螢幕鍵盤的額外字元,模擬鍵盤

預設值為:

SPECIAL_CHARS = ("\t", "\n", "\u00a0", "…")

SINGLE_PROJECT

Redirects users directly to a project or component instead of showing the dashboard. You can either set it to True so it only works if there is actually only single project in Weblate. Alternatively, set the project slug, and it will redirect unconditionally to this project.

範例:

SINGLE_PROJECT = "test"

SSH_EXTRA_ARGS

在 4.9 版被加入.

Allows adding custom parameters when Weblate is invoking SSH. Useful when connecting to servers using legacy encryption or other non-standard features.

For example when SSH connection in Weblate fails with Unable to negotiate with legacyhost: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1, you can turn that on using:

SSH_EXTRA_ARGS = "-oKexAlgorithms=+diffie-hellman-group1-sha1"

提示

The string is evaluated by the shell, so ensure any whitespace and special characters is quoted.

也參考

OpenSSH 舊有選項

STATUS_URL

Weblate 事例報告其狀態的 URL。

SUPPORT_STATUS_CHECK

在 5.5 版被加入.

Disables semiannual support status check and redirecting superusers upon login to the donation page in case there is no active support subscription.

提示

Improve your Weblate experience by purchasing a support subscription and boosting Weblate progress instead of turning this off.

TRANSLATION_UPLOAD_MAX_SIZE

在 5.17.1 版被加入.

Configures the maximum size, in bytes, for uploaded translation files. Defaults to 50 MB.

在 Docker 中,使用 WEBLATE_TRANSLATION_UPLOAD_MAX_SIZE 環境變數配置這個。

UNUSED_ALERT_DAYS

在 4.17 版被加入.

Configures when the Component seems unused alert is triggered.

預設為 365 天,設為 0 以關閉它。

UPDATE_LANGUAGES

在 4.3.2 版被加入.

Controls whether languages database should be updated when running database migration and is on by default. This setting has no effect on invocation of setuplang.

警告

The languages display might become inconsistent with this. Weblate language definitions expand over time and it will not display language code for the defined languages.

也參考

內建語言定義

URL_PREFIX

This setting allows you to run Weblate under some path (otherwise it relies on being run from the webserver root).

備註

To use this setting, you also need to configure your server to strip this prefix. For example with WSGI, this can be achieved by setting WSGIScriptAlias.

提示

The prefix should start with a /.

範例:

URL_PREFIX = "/translations"

備註

This setting does not work with Django's built-in server, you would have to adjust urls.py to contain this prefix.

VCS_ALLOW_HOSTS

在 5.15 版被加入.

A set of hosts to allow when configuring VCS URL. Defaults to an empty set, which does no filtering at all.

When VCS_RESTRICT_PRIVATE is enabled, matching hosts are also exempt from the private-target restriction.

VCS_ALLOW_SCHEMES

在 5.15 版被加入.

A set of URL schemes to allow when configuring VCS URL. Only https and ssh are allowed by default.

VCS_RESTRICT_PRIVATE

在 5.17 版被加入.

Reject VCS repository URLs pointing to internal or non-public addresses unless the target host is included in VCS_ALLOW_HOSTS. On by default.

When enabled, hostnames that cannot be resolved during validation are rejected unless they are explicitly included in VCS_ALLOW_HOSTS.

VCS_API_DELAY

在 4.15.1 版被加入.

Configures minimal delay in seconds between third-party API calls in GitHub 拉取請求, GitLab 合併請求, Gitea 拉取請求, Pagure 合併請求, and Azure DevOps 拉取請求.

從 Weblate 到服務 API 呼叫速率限制可避免過載使用。

If you are being limited by secondary rate-limiter at GitHub, increasing this might help.

預設值為 10。

VCS_API_TIMEOUT

在 5.15 版被加入.

Configures timeout in seconds for third-party API calls such as forking or creating merge requests in GitHub 拉取請求, GitLab 合併請求, Gitea 拉取請求, Pagure 合併請求, and Azure DevOps 拉取請求.

預設值為 10。

VCS_BACKENDS

Configuration of available VCS backends.

備註

Weblate 嘗試使用您所有工具支援的後端。

提示

You can limit choices or add custom VCS back-ends by using this.

VCS_BACKENDS = ("weblate.vcs.git.GitRepository",)

也參考

版本控制整合

VCS_CLONE_DEPTH

Configures how deep cloning of repositories Weblate should do.

備註

目前這只在 Git 中支援。預設 Weblate 進行儲存庫的淺複製,使複製更快並節省磁碟空間。根據應用(例如當使用自訂的 附加元件 時),您可能想要增加深度,或通過設定為 0 來完全關閉淺複製。

提示

在從 Weblate 推送而得到 fatal: protocol error: expected old/new/ref, got 'shallow <commit hash>' 錯誤的情況下,通過設定來完全關閉淺複製:

VCS_CLONE_DEPTH = 0

WEBLATE_ADDONS

附加元件可供使用的附加元件清單。為了使用,必須對給定的翻譯元件允許它們。預設包括了所有內建附加元件,當擴充清單時您可能希望保持現有的附加元件處於啟用狀態,例如:

WEBLATE_ADDONS = (
    # Built-in add-ons
    "weblate.addons.gettext.GenerateMoAddon",
    "weblate.addons.gettext.UpdateLinguasAddon",
    "weblate.addons.gettext.UpdateConfigureAddon",
    "weblate.addons.gettext.MsgmergeAddon",
    "weblate.addons.gettext.GettextAuthorComments",
    "weblate.addons.cleanup.CleanupAddon",
    "weblate.addons.consistency.LanguageConsistencyAddon",
    "weblate.addons.discovery.DiscoveryAddon",
    "weblate.addons.flags.SourceEditAddon",
    "weblate.addons.flags.TargetEditAddon",
    "weblate.addons.flags.SameEditAddon",
    "weblate.addons.flags.BulkEditAddon",
    "weblate.addons.generate.GenerateFileAddon",
    "weblate.addons.properties.PropertiesSortAddon",
    "weblate.addons.git.GitSquashAddon",
    "weblate.addons.removal.RemoveComments",
    "weblate.addons.removal.RemoveSuggestions",
    "weblate.addons.resx.ResxUpdateAddon",
    "weblate.addons.autotranslate.AutoTranslateAddon",
    "weblate.addons.cdn.CDNJSAddon",
    # Add-on you want to include
    "weblate.addons.example.ExampleAddon",
)

備註

Removing the add-on from the list does not uninstall it from the components. Weblate will crash in that case. Please uninstall the add-on from all components prior to removing it from this list.

也參考

ADDON_ACTIVITY_LOG_EXPIRY

在 5.6 版被加入.

Configures how long activity logs for add-ons are kept. Defaults to 180 days.

WEBLATE_EXPORTERS

在 4.2 版被加入.

可用的匯出程式清單,提供下載各種檔案格式的翻譯或詞彙表。

也參考

在地化檔案格式

WEBLATE_FORMATS

可供使用的檔案格式清單。

備註

預設清單已經具有了常見格式。

也參考

在地化檔案格式

WEBLATE_MACHINERY

在 4.13 版被加入.

可供使用的檔案格式清單。

也參考

WEBLATE_GPG_IDENTITY

Identity used by Weblate to sign Git commits, for example:

WEBLATE_GPG_IDENTITY = "Weblate <weblate@example.com>"

The Weblate GPG keyring is searched for a matching key (home/.gnupg under DATA_DIR). If not found, a key is generated, please check Signing Git commits with GnuPG for more details.

也參考

Signing Git commits with GnuPG

WEBSITE_REQUIRED

Defines whether 專案網站 has to be specified when creating a project. On by default, as that suits public server setups.

WEBSITE_ALERTS_ENABLED

在 5.17 版被加入.

預設:True

Defines whether Weblate should check project website availability and show alerts for unreachable project websites.

When set to False, Weblate will skip website availability checks and will not generate project website alerts. This is useful when:

  • Your websites are behind firewalls that block Weblate's requests

  • You want to avoid 403/503-type errors from bot protection

  • Project website availability is not a concern for your installation

也參考

WEBSITE_REQUIRED

配置版本控制憑證

提示

This section describes VCS credential variables as GITHUB_CREDENTIALS, GITLAB_CREDENTIALS, GITEA_CREDENTIALS, PAGURE_CREDENTIALS, BITBUCKETSERVER_CREDENTIALS.

The configuration dictionary consists of credentials defined for each API host. The API host might be different from what you use in the web browser, for example GitHub API is accessed as api.github.com.

The credentials can also be overridden in 儲存庫推送 URL or 原始碼儲存庫 (if push URL is not configured), these take precedence over the ones specified in the configuration file.

The following configuration is available for each host:

username

API user, required.

token

API token for the API user, required.

scheme

在 4.18 版被加入.

Scheme override. Weblate attempts to parse scheme from the repository URL and falls backs to https. If you are running the API server internally, you might want to use http instead, but consider security.

提示

In the Docker container, the credentials can be configured using environment variables, see Code hosting sites credentials.