conf: overhaul server settings (#5928)

* conf: rename package * Requires Go 1.12 * Fix lint * Fix lint * Overhaul * db: fix tests * Save my work * Fix tests * Server.UnixSocketPermission * Server.LocalRootURL * SSH settings * Server.OfflineMode * Save my work * App.Version * Remove [server] STATIC_ROOT_PATH * Server.LandingURL
2020-02-22 09:05:26 +08:00 · 2020-02-22 09:05:26 +08:00 · 648d9e253c
parent 5b14cc6f0b
commit 648d9e253c
102 changed files with 1464 additions and 1329 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,7 +1,6 @@
 os: linux
 language: go
 go:
  - 1.11.x
  - 1.12.x
  - 1.13.x
 go_import_path: gogs.io/gogs
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -17,6 +17,9 @@ All notable changes to Gogs are documented in this file.
 - All assets are now embedded into binary and served from memory by default. Set `[server] LOAD_ASSETS_FROM_DISK = true` to load them from disk. [#5920](https://github.com/gogs/gogs/pull/5920)
 - Application and Go versions are removed from page footer and only show in the admin dashboard.
 - Build tag for running as Windows Service has been changed from `miniwinsvc` to `minwinsvc`.
 - Configuration option `APP_NAME` is deprecated and will end support in 0.13.0, please start using `BRAND_NAME`.
 - Configuration option `[server] ROOT_URL` is deprecated and will end support in 0.13.0, please start using `[server] EXTERNAL_URL`.
 - Configuration option `[server] LANDING_PAGE` is deprecated and will end support in 0.13.0, please start using `[server] LANDING_URL`.
 ### Fixed
@ -33,6 +36,7 @@ All notable changes to Gogs are documented in this file.
 ### Removed
 - Configuration option `[other] SHOW_FOOTER_VERSION`
 - Configuration option `[server] STATIC_ROOT_PATH`
 ---
--- a/10
+++ b/10
@ -1,5 +1,5 @@
-LDFLAGS += -X "gogs.io/gogs/internal/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
+LDFLAGS += -X "gogs.io/gogs/internal/conf.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
-LDFLAGS += -X "gogs.io/gogs/internal/setting.BuildCommit=$(shell git rev-parse HEAD)"
+LDFLAGS += -X "gogs.io/gogs/internal/conf.BuildCommit=$(shell git rev-parse HEAD)"
 CONF_FILES := $(shell find conf | sed 's/ /\\ /g')
 TEMPLATES_FILES := $(shell find templates | sed 's/ /\\ /g')
@ -81,11 +81,11 @@ test:
 	go test -cover -race ./...
 fixme:
-	grep -rnw "FIXME" cmd routers models pkg
+	grep -rnw "FIXME" internal
 todo:
-	grep -rnw "TODO" cmd routers models pkg
+	grep -rnw "TODO" internal
 # Legacy code should be remove by the time of release
 legacy:
-	grep -rnw "LEGACY" cmd routes models pkg
+	grep -rnw "\(LEGACY\|DEPRECATED\)" internal
--- a/conf/app.ini
+++ b/conf/app.ini
@ -2,53 +2,26 @@
 # !!! PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE !!!
 # !!! IF YOU ARE PACKAGING PROVIDER, PLEASE MAKE OWN COPY OF IT !!!
-; App name that shows on every page title
+; The brand name of the application.
-APP_NAME = Gogs
+BRAND_NAME = Gogs
-; The name of the system user that runs Gogs
+; The system user who should be running the applications. It has no effect on Windows,
 ; otherwise, it should match the value of $USER environment variable.
 RUN_USER = git
-; Either "dev", "prod" or "test"
+; The running mode of the application, can be either "dev", "prod" or "test".
 RUN_MODE = dev
 [server]
-PROTOCOL = http
+; The public-facing URL for the application.
 EXTERNAL_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 ; The public-facing domain name for the application.
 DOMAIN = localhost
-ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The protocol that is used to serve direct traffic to the application.
 ; Currently supports "http", "https", "fcgi" and "unix".
 PROTOCOL = http
 ; The address to be listened by the application.
 HTTP_ADDR = 0.0.0.0
 ; The port number to be listened by the application.
 HTTP_PORT = 3000
 ; Permission for unix socket
 UNIX_SOCKET_PERMISSION = 666
 ; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
 ; In most cases you do not need to change the default value.
 ; Alter it only if your SSH server node is not the same as HTTP node.
 LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ; Disable SSH feature when not available
 DISABLE_SSH = false
 ; Whether use builtin SSH server or not.
 START_SSH_SERVER = false
 ; Domain name to be exposed in SSH clone URL
 SSH_DOMAIN = %(DOMAIN)s
 ; Port number to be exposed in SSH clone URL
 SSH_PORT = 22
 ; Network interface builtin SSH server listens on
 SSH_LISTEN_HOST = 0.0.0.0
 ; Port number builtin SSH server listens on
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 SSH_ROOT_PATH =
 ; Indicate whether to rewrite authorized_keys at start, ignored when use builtin SSH server
 REWRITE_AUTHORIZED_KEYS_AT_START = false
 ; Choose the ciphers to support for SSH connections
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ; Directory to create temporary files when test publick key using ssh-keygen,
 ; default is system temporary directory.
 SSH_KEY_TEST_PATH =
 ; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
 SSH_KEYGEN_PATH = ssh-keygen
 ; Indicate whether to check minimum key size with corresponding type
 MINIMUM_KEY_SIZE_CHECK = false
 ; Disable CDN even in "prod" mode
 OFFLINE_MODE = false
 DISABLE_ROUTER_LOG = false
 ; Generate steps:
 ; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;
@ -58,19 +31,62 @@ DISABLE_ROUTER_LOG = false
 ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
 CERT_FILE = custom/https/cert.pem
 KEY_FILE = custom/https/key.pem
-; Allowed TLS version values: SSL30, TLS10, TLS11, TLS12
+; The minimum allowed TLS version, currently supports "TLS10", "TLS11", "TLS12", and "TLS13".
-TLS_MIN_VERSION = TLS10
+TLS_MIN_VERSION = TLS12
 ; File permission when serve traffic via Unix domain socket.
 UNIX_SOCKET_PERMISSION = 666
 ; Local (DMZ) URL for workers (e.g. SSH update) accessing web service.
 ; In most cases you do not need to change the default value.
 ; Alter it only if your SSH server node is not the same as HTTP node.
 LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-; Enable to load assets (i.e. "conf", "templates", "public") from disk instead of embedded bindata.
+; Whether to disable SSH access to the application entirely.
-LOAD_ASSETS_FROM_DISK = false
+DISABLE_SSH = false
-; The directory that contains "templates" and "public". By default, it is the working directory.
+; The domain name to be exposed in SSH clone URL.
-STATIC_ROOT_PATH =
+SSH_DOMAIN = %(DOMAIN)s
-; Default path for App data
+; The port number to be exposed in SSH clone URL.
-APP_DATA_PATH = data
+SSH_PORT = 22
-; Application level GZIP support
+; The path of SSH root directory, default is "$HOME/.ssh".
 SSH_ROOT_PATH =
 ; The path to ssh-keygen, default is "ssh-keygen" and let shell find out which one to call.
 SSH_KEYGEN_PATH = ssh-keygen
 ; The directory to create temporary files when test a public key using ssh-keygen,
 ; default is the system temporary directory.
 SSH_KEY_TEST_PATH =
 ; Whether to start a builtin SSH server.
 START_SSH_SERVER = false
 ; The network interface for builtin SSH server to listen on.
 SSH_LISTEN_HOST = 0.0.0.0
 ; The port number for builtin SSH server to listen on.
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; The list of accepted ciphers for connections to builtin SSH server.
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ; Whether to check minimum public key size with corresponding type.
 MINIMUM_KEY_SIZE_CHECK = false
 ; Whether to rewrite "~/.ssh/authorized_keys" file at start, ignored when use builtin SSH server.
 REWRITE_AUTHORIZED_KEYS_AT_START = false
 ; Whether to disable using CDN for static files regardless.
 OFFLINE_MODE = false
 ; Whether to disable logging in router.
 DISABLE_ROUTER_LOG = true
 ; Whether to enable application level GZIP compression.
 ENABLE_GZIP = false
-; Landing page for non-logged users, can be "home" or "explore"
+
-LANDING_PAGE = home
+; The path for storing application specific data.
 APP_DATA_PATH = data
 ; Whether to enable to load assets (i.e. "conf", "templates", "public") from disk instead of embedded bindata.
 LOAD_ASSETS_FROM_DISK = false
 ; The landing page URL for anonymous users, can be a link to a external site.
 LANDING_URL = /
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type).
 [ssh.minimum_key_sizes]
 ED25519 = 256
 ECDSA   = 256
 RSA     = 2048
 DSA     = 1024
 [repository]
 ; Root path for storing repositories's data, default is "~/gogs-repositories"
@ -156,13 +172,6 @@ ANGLED_QUOTES = true
 ; Value for Access-Control-Allow-Origin header, default is not to present
 ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 [ssh.minimum_key_sizes]
 ED25519 = 256
 ECDSA   = 256
 RSA     = 2048
 DSA     = 1024
 [database]
 ; Either "mysql", "postgres" or "sqlite3", you can connect to TiDB with MySQL protocol
 DB_TYPE = mysql
@ -228,7 +237,7 @@ ENABLED = false
 ; Buffer length of channel, keep it as it is if you don't know what it is.
 SEND_BUFFER_LEN = 100
 ; Prefix prepended to the subject line
-SUBJECT_PREFIX = `[%(APP_NAME)s] `
+SUBJECT_PREFIX = `[%(BRAND_NAME)s] `
 ; Mail server
 ; Gmail: smtp.gmail.com:587
 ; QQ: smtp.qq.com:465
@ -364,7 +373,7 @@ URL =
 ; Webhook URL
 URL =
 ; Username displayed in webhook
-USERNAME = %(APP_NAME)s
+USERNAME = %(BRAND_NAME)s
 [log.xorm]
 ; Enable file rotation
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@ -121,6 +121,7 @@ run_user_not_match = Run user isn't the current user: %s -> %s
 smtp_host_missing_port = SMTP Host port missing from address.
 invalid_smtp_from = SMTP From field is invalid: %v
 save_config_failed = Failed to save configuration: %v
 init_failed = Failed to initialize application: %v
 invalid_admin_setting = Admin account setting is invalid: %v
 install_success = Welcome! We're glad that you chose Gogs, have fun and take care.
 invalid_log_root_path = Log root path is invalid: %v
@ -1168,7 +1169,6 @@ config.offline_mode = Offline Mode
 config.disable_router_log = Disable Router Log
 config.run_user = Run User
 config.run_mode = Run Mode
 config.static_file_root_path = Static File Root Path
 config.log_file_root_path = Log File Root Path
 config.reverse_auth_user = Reverse Authentication User
--- a/docs/local_development.md
+++ b/docs/local_development.md
@ -23,7 +23,7 @@ Gogs is built and runs as a single binary and meant to be cross platform. Theref
 Gogs has the following dependencies:
 - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) (v1.8.3 or higher)
- [Go](https://golang.org/doc/install) (v1.11 or higher)
+- [Go](https://golang.org/doc/install) (v1.12 or higher)
 - [Less.js](http://lesscss.org/usage/#command-line-usage-installing)
 - [GNU Make](https://www.gnu.org/software/make/)
 - Database upon your choice (pick one, we choose PostgreSQL in this document):
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module gogs.io/gogs
-go 1.13
+go 1.12
 require (
 	github.com/bgentry/speakeasy v0.1.0 // indirect
@ -39,6 +39,7 @@ require (
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/niklasfasching/go-org v0.1.6
 	github.com/olekukonko/tablewriter v0.0.1 // indirect
 	github.com/pkg/errors v0.8.1
 	github.com/pquerna/otp v1.2.0
 	github.com/prometheus/client_golang v1.2.1
 	github.com/russross/blackfriday v1.5.2
--- a/go.sum
+++ b/go.sum
@ -194,6 +194,7 @@ github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJ
 github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
--- a/gogs.go
+++ b/gogs.go
@ -1,4 +1,4 @@
-// +build go1.11
+// +build go1.12
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
@ -14,20 +14,18 @@ import (
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/cmd"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 const Version = "0.12.0+dev"
 func init() {
-	setting.AppVersion = Version
+	conf.App.Version = "0.12.0+dev"
 }
 func main() {
 	app := cli.NewApp()
 	app.Name = "Gogs"
 	app.Usage = "A painless self-hosted Git service"
-	app.Version = Version
+	app.Version = conf.App.Version
 	app.Commands = []cli.Command{
 		cmd.Web,
 		cmd.Serv,
--- a/internal/assets/conf/conf_gen.go
+++ b/internal/assets/conf/conf_gen.go
--- a/internal/assets/templates/templates_gen.go
+++ b/internal/assets/templates/templates_gen.go
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -15,7 +15,7 @@ import (
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -90,8 +90,8 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasic
 	uid, isTokenAuth := SignedInID(ctx, sess)
 	if uid <= 0 {
-		if setting.Service.EnableReverseProxyAuth {
+		if conf.Service.EnableReverseProxyAuth {
-			webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
+			webAuthUser := ctx.Req.Header.Get(conf.ReverseProxyAuthUser)
 			if len(webAuthUser) > 0 {
 				u, err := db.GetUserByName(webAuthUser)
 				if err != nil {
@ -101,7 +101,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasic
 					}
 					// Check if enabled auto-registration.
-					if setting.Service.EnableReverseProxyAutoRegister {
+					if conf.Service.EnableReverseProxyAutoRegister {
 						u := &db.User{
 							Name:     webAuthUser,
 							Email:    gouuid.NewV4().String() + "@localhost",
--- a/internal/cmd/admin.go
+++ b/internal/cmd/admin.go
@ -9,10 +9,11 @@ import (
 	"reflect"
 	"runtime"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 var (
@ -133,18 +134,18 @@ to make automatic initialization process more smoothly`,
 func runCreateUser(c *cli.Context) error {
 	if !c.IsSet("name") {
-		return fmt.Errorf("Username is not specified")
+		return errors.New("Username is not specified")
 	} else if !c.IsSet("password") {
-		return fmt.Errorf("Password is not specified")
+		return errors.New("Password is not specified")
 	} else if !c.IsSet("email") {
-		return fmt.Errorf("Email is not specified")
+		return errors.New("Email is not specified")
 	}
-	if c.IsSet("config") {
+	err := conf.Init(c.String("config"))
-		setting.CustomConf = c.String("config")
+	if err != nil {
 		return errors.Wrap(err, "init configuration")
 	}
 	setting.Init()
 	db.LoadConfigs()
 	db.SetEngine()
@ -164,11 +165,11 @@ func runCreateUser(c *cli.Context) error {
 func adminDashboardOperation(operation func() error, successMessage string) func(*cli.Context) error {
 	return func(c *cli.Context) error {
-		if c.IsSet("config") {
+		err := conf.Init(c.String("config"))
-			setting.CustomConf = c.String("config")
+		if err != nil {
 			return errors.Wrap(err, "init configuration")
 		}
 		setting.Init()
 		db.LoadConfigs()
 		db.SetEngine()
--- a/internal/cmd/backup.go
+++ b/internal/cmd/backup.go
@ -9,16 +9,18 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"time"
 	"github.com/pkg/errors"
 	"github.com/unknwon/cae/zip"
 	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	"gopkg.in/ini.v1"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 var Backup = cli.Command{
@ -44,10 +46,12 @@ const _ARCHIVE_ROOT_DIR = "gogs-backup"
 func runBackup(c *cli.Context) error {
 	zip.Verbose = c.Bool("verbose")
-	if c.IsSet("config") {
+
-		setting.CustomConf = c.String("config")
+	err := conf.Init(c.String("config"))
 	if err != nil {
 		return errors.Wrap(err, "init configuration")
 	}
-	setting.Init()
+
 	db.LoadConfigs()
 	db.SetEngine()
@ -66,12 +70,12 @@ func runBackup(c *cli.Context) error {
 	metadata := ini.Empty()
 	metadata.Section("").Key("VERSION").SetValue(com.ToStr(_CURRENT_BACKUP_FORMAT_VERSION))
 	metadata.Section("").Key("DATE_TIME").SetValue(time.Now().String())
-	metadata.Section("").Key("GOGS_VERSION").SetValue(setting.AppVersion)
+	metadata.Section("").Key("GOGS_VERSION").SetValue(conf.App.Version)
 	if err = metadata.SaveTo(metaFile); err != nil {
 		log.Fatal("Failed to save metadata '%s': %v", metaFile, err)
 	}
-	archiveName := path.Join(c.String("target"), c.String("archive-name"))
+	archiveName := filepath.Join(c.String("target"), c.String("archive-name"))
 	log.Info("Packing backup files to: %s", archiveName)
 	z, err := zip.Create(archiveName)
@ -83,7 +87,7 @@ func runBackup(c *cli.Context) error {
 	}
 	// Database
-	dbDir := path.Join(rootDir, "db")
+	dbDir := filepath.Join(rootDir, "db")
 	if err = db.DumpDatabase(dbDir); err != nil {
 		log.Fatal("Failed to dump database: %v", err)
 	}
@ -93,7 +97,7 @@ func runBackup(c *cli.Context) error {
 	// Custom files
 	if !c.Bool("database-only") {
-		if err = z.AddDir(_ARCHIVE_ROOT_DIR+"/custom", setting.CustomPath); err != nil {
+		if err = z.AddDir(_ARCHIVE_ROOT_DIR+"/custom", conf.CustomDir()); err != nil {
 			log.Fatal("Failed to include 'custom': %v", err)
 		}
 	}
@ -101,7 +105,7 @@ func runBackup(c *cli.Context) error {
 	// Data files
 	if !c.Bool("database-only") {
 		for _, dir := range []string{"attachments", "avatars", "repo-avatars"} {
-			dirPath := path.Join(setting.AppDataPath, dir)
+			dirPath := filepath.Join(conf.Server.AppDataPath, dir)
 			if !com.IsDir(dirPath) {
 				continue
 			}
@ -114,9 +118,9 @@ func runBackup(c *cli.Context) error {
 	// Repositories
 	if !c.Bool("exclude-repos") && !c.Bool("database-only") {
-		reposDump := path.Join(rootDir, "repositories.zip")
+		reposDump := filepath.Join(rootDir, "repositories.zip")
-		log.Info("Dumping repositories in '%s'", setting.RepoRootPath)
+		log.Info("Dumping repositories in '%s'", conf.RepoRootPath)
-		if err = zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+		if err = zip.PackTo(conf.RepoRootPath, reposDump, true); err != nil {
 			log.Fatal("Failed to dump repositories: %v", err)
 		}
 		log.Info("Repositories dumped to: %s", reposDump)
--- a/internal/cmd/hook.go
+++ b/internal/cmd/hook.go
@ -20,11 +20,11 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/httplib"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/template"
 )
@ -141,7 +141,7 @@ func runHookPreReceive(c *cli.Context) error {
 	}
 	var hookCmd *exec.Cmd
-	if setting.IsWindows {
+	if conf.IsWindowsRuntime() {
 		hookCmd = exec.Command("bash.exe", "custom_hooks/pre-receive")
 	} else {
 		hookCmd = exec.Command(customHooksPath)
@ -175,7 +175,7 @@ func runHookUpdate(c *cli.Context) error {
 	}
 	var hookCmd *exec.Cmd
-	if setting.IsWindows {
+	if conf.IsWindowsRuntime() {
 		hookCmd = exec.Command("bash.exe", append([]string{"custom_hooks/update"}, args...)...)
 	} else {
 		hookCmd = exec.Command(customHooksPath, args...)
@ -198,7 +198,7 @@ func runHookPostReceive(c *cli.Context) error {
 	// Post-receive hook does more than just gather Git information,
 	// so we need to setup additional services for email notifications.
-	setting.NewPostReceiveHookServices()
+	conf.NewPostReceiveHookServices()
 	mailer.NewContext()
 	isWiki := strings.Contains(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")
@ -233,7 +233,7 @@ func runHookPostReceive(c *cli.Context) error {
 		}
 		// Ask for running deliver hook and test pull request tasks
-		reqURL := setting.LocalURL + options.RepoUserName + "/" + options.RepoName + "/tasks/trigger?branch=" +
+		reqURL := conf.Server.LocalRootURL + options.RepoUserName + "/" + options.RepoName + "/tasks/trigger?branch=" +
 			template.EscapePound(strings.TrimPrefix(options.RefFullName, git.BRANCH_PREFIX)) +
 			"&secret=" + os.Getenv(db.ENV_REPO_OWNER_SALT_MD5) +
 			"&pusher=" + os.Getenv(db.ENV_AUTH_USER_ID)
@ -258,7 +258,7 @@ func runHookPostReceive(c *cli.Context) error {
 	}
 	var hookCmd *exec.Cmd
-	if setting.IsWindows {
+	if conf.IsWindowsRuntime() {
 		hookCmd = exec.Command("bash.exe", "custom_hooks/post-receive")
 	} else {
 		hookCmd = exec.Command(customHooksPath)
--- a/internal/cmd/import.go
+++ b/internal/cmd/import.go
@ -7,16 +7,16 @@ package cmd
 import (
 	"bufio"
 	"bytes"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"time"
 	"github.com/pkg/errors"
 	"github.com/unknwon/com"
 	"github.com/urfave/cli"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 var (
@ -54,12 +54,11 @@ func runImportLocale(c *cli.Context) error {
 		return fmt.Errorf("target directory %q does not exist or is not a directory", c.String("target"))
 	}
-	if c.IsSet("config") {
+	err := conf.Init(c.String("config"))
-		setting.CustomConf = c.String("config")
+	if err != nil {
 		return errors.Wrap(err, "init configuration")
 	}
 	setting.Init()
 	now := time.Now()
 	line := make([]byte, 0, 100)
@ -67,7 +66,7 @@ func runImportLocale(c *cli.Context) error {
 	escapedQuotes := []byte(`\"`)
 	regularQuotes := []byte(`"`)
 	// Cut out en-US.
-	for _, lang := range setting.Langs[1:] {
+	for _, lang := range conf.Langs[1:] {
 		name := fmt.Sprintf("locale_%s.ini", lang)
 		source := filepath.Join(c.String("source"), name)
 		target := filepath.Join(c.String("target"), name)
--- a/internal/cmd/restore.go
+++ b/internal/cmd/restore.go
@ -7,16 +7,18 @@ package cmd
 import (
 	"os"
 	"path"
 	"path/filepath"
 	"github.com/mcuadros/go-version"
 	"github.com/pkg/errors"
 	"github.com/unknwon/cae/zip"
 	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	"gopkg.in/ini.v1"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 var Restore = cli.Command{
@ -59,7 +61,7 @@ func runRestore(c *cli.Context) error {
 	defer os.RemoveAll(archivePath)
 	// Check backup version
-	metaFile := path.Join(archivePath, "metadata.ini")
+	metaFile := filepath.Join(archivePath, "metadata.ini")
 	if !com.IsExist(metaFile) {
 		log.Fatal("File 'metadata.ini' is missing")
 	}
@ -68,8 +70,8 @@ func runRestore(c *cli.Context) error {
 		log.Fatal("Failed to load metadata '%s': %v", metaFile, err)
 	}
 	backupVersion := metadata.Section("").Key("GOGS_VERSION").MustString("999.0")
-	if version.Compare(setting.AppVersion, backupVersion, "<") {
+	if version.Compare(conf.App.Version, backupVersion, "<") {
-		log.Fatal("Current Gogs version is lower than backup version: %s < %s", setting.AppVersion, backupVersion)
+		log.Fatal("Current Gogs version is lower than backup version: %s < %s", conf.App.Version, backupVersion)
 	}
 	formatVersion := metadata.Section("").Key("VERSION").MustInt()
 	if formatVersion == 0 {
@ -82,15 +84,21 @@ func runRestore(c *cli.Context) error {
 	// If config file is not present in backup, user must set this file via flag.
 	// Otherwise, it's optional to set config file flag.
-	configFile := path.Join(archivePath, "custom/conf/app.ini")
+	configFile := filepath.Join(archivePath, "custom", "conf", "app.ini")
 	var customConf string
 	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
+		customConf = c.String("config")
 	} else if !com.IsExist(configFile) {
 		log.Fatal("'--config' is not specified and custom config file is not found in backup")
 	} else {
-		setting.CustomConf = configFile
+		customConf = configFile
 	}
-	setting.Init()
+
 	err = conf.Init(customConf)
 	if err != nil {
 		return errors.Wrap(err, "init configuration")
 	}
 	db.LoadConfigs()
 	db.SetEngine()
@ -102,27 +110,27 @@ func runRestore(c *cli.Context) error {
 	// Custom files
 	if !c.Bool("database-only") {
-		if com.IsExist(setting.CustomPath) {
+		if com.IsExist(conf.CustomDir()) {
-			if err = os.Rename(setting.CustomPath, setting.CustomPath+".bak"); err != nil {
+			if err = os.Rename(conf.CustomDir(), conf.CustomDir()+".bak"); err != nil {
 				log.Fatal("Failed to backup current 'custom': %v", err)
 			}
 		}
-		if err = os.Rename(path.Join(archivePath, "custom"), setting.CustomPath); err != nil {
+		if err = os.Rename(filepath.Join(archivePath, "custom"), conf.CustomDir()); err != nil {
 			log.Fatal("Failed to import 'custom': %v", err)
 		}
 	}
 	// Data files
 	if !c.Bool("database-only") {
-		os.MkdirAll(setting.AppDataPath, os.ModePerm)
+		_ = os.MkdirAll(conf.Server.AppDataPath, os.ModePerm)
 		for _, dir := range []string{"attachments", "avatars", "repo-avatars"} {
 			// Skip if backup archive does not have corresponding data
-			srcPath := path.Join(archivePath, "data", dir)
+			srcPath := filepath.Join(archivePath, "data", dir)
 			if !com.IsDir(srcPath) {
 				continue
 			}
-			dirPath := path.Join(setting.AppDataPath, dir)
+			dirPath := filepath.Join(conf.Server.AppDataPath, dir)
 			if com.IsExist(dirPath) {
 				if err = os.Rename(dirPath, dirPath+".bak"); err != nil {
 					log.Fatal("Failed to backup current 'data': %v", err)
@ -135,9 +143,9 @@ func runRestore(c *cli.Context) error {
 	}
 	// Repositories
-	reposPath := path.Join(archivePath, "repositories.zip")
+	reposPath := filepath.Join(archivePath, "repositories.zip")
 	if !c.Bool("exclude-repos") && !c.Bool("database-only") && com.IsExist(reposPath) {
-		if err := zip.ExtractTo(reposPath, path.Dir(setting.RepoRootPath)); err != nil {
+		if err := zip.ExtractTo(reposPath, filepath.Dir(conf.RepoRootPath)); err != nil {
 			log.Fatal("Failed to extract 'repositories.zip': %v", err)
 		}
 	}
--- a/internal/cmd/serv.go
+++ b/internal/cmd/serv.go
@ -16,9 +16,9 @@ import (
 	"github.com/urfave/cli"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -39,7 +39,7 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
 	if len(logMessage) > 0 {
-		if !setting.ProdMode {
+		if !conf.IsProdMode() {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 		log.Fatal(logMessage, args...)
@ -49,22 +49,26 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 }
 func setup(c *cli.Context, logPath string, connectDB bool) {
 	var customConf string
 	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
+		customConf = c.String("config")
 	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
+		customConf = c.GlobalString("config")
 	}
-	setting.Init()
+	err := conf.Init(customConf)
 	if err != nil {
 		fail("Internal error", "Failed to init configuration: %v", err)
 	}
 	level := log.LevelTrace
-	if setting.ProdMode {
+	if conf.IsProdMode() {
 		level = log.LevelError
 	}
-	err := log.NewFile(log.FileConfig{
+	err = log.NewFile(log.FileConfig{
 		Level:    level,
-		Filename: filepath.Join(setting.LogRootPath, logPath),
+		Filename: filepath.Join(conf.LogRootPath, logPath),
 		FileRotationConfig: log.FileRotationConfig{
 			Rotate:  true,
 			Daily:   true,
@ -72,8 +76,7 @@ func setup(c *cli.Context, logPath string, connectDB bool) {
 		},
 	})
 	if err != nil {
-		log.Fatal("Failed to init file logger: %v", err)
+		fail("Internal error", "Failed to init file logger: %v", err)
 		return
 	}
 	log.Remove(log.DefaultConsoleName) // Remove the primary logger
@ -83,13 +86,12 @@ func setup(c *cli.Context, logPath string, connectDB bool) {
 	db.LoadConfigs()
-	if setting.UseSQLite3 {
+	if conf.UseSQLite3 {
-		workDir, _ := setting.WorkDir()
+		_ = os.Chdir(conf.WorkDir())
 		os.Chdir(workDir)
 	}
 	if err := db.SetEngine(); err != nil {
-		fail("Internal error", "SetEngine: %v", err)
+		fail("Internal error", "Failed to set database engine: %v", err)
 	}
 }
@ -130,7 +132,7 @@ var (
 func runServ(c *cli.Context) error {
 	setup(c, "serv.log", true)
-	if setting.SSH.Disabled {
+	if conf.SSH.Disabled {
 		println("Gogs: SSH has been disabled")
 		return nil
 	}
@ -220,12 +222,12 @@ func runServ(c *cli.Context) error {
 			}
 		}
 	} else {
-		setting.NewService()
+		conf.NewService()
 		// Check if the key can access to the repository in case of it is a deploy key (a deploy keys != user key).
 		// A deploy key doesn't represent a signed in user, so in a site with Service.RequireSignInView activated
 		// we should give read access only in repositories where this deploy key is in use. In other case, a server
 		// or system using an active deploy key can get read access to all the repositories in a Gogs service.
-		if key.IsDeployKey() && setting.Service.RequireSignInView {
+		if key.IsDeployKey() && conf.Service.RequireSignInView {
 			checkDeployKey(key, repo)
 		}
 	}
@ -244,7 +246,7 @@ func runServ(c *cli.Context) error {
 	}
 	// Special handle for Windows.
-	if setting.IsWindows {
+	if conf.IsWindowsRuntime() {
 		verb = strings.Replace(verb, "-", " ", 1)
 	}
@ -265,7 +267,7 @@ func runServ(c *cli.Context) error {
 			RepoPath:  repo.RepoPath(),
 		})...)
 	}
-	gitCmd.Dir = setting.RepoRootPath
+	gitCmd.Dir = conf.RepoRootPath
 	gitCmd.Stdout = os.Stdout
 	gitCmd.Stdin = os.Stdin
 	gitCmd.Stderr = os.Stderr
--- a/internal/cmd/web.go
+++ b/internal/cmd/web.go
@ -12,7 +12,7 @@ import (
 	"net/http"
 	"net/http/fcgi"
 	"os"
-	"path"
+	"path/filepath"
 	"strings"
 	"github.com/go-macaron/binding"
@ -29,9 +29,9 @@ import (
 	"gopkg.in/macaron.v1"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/assets/conf"
 	"gogs.io/gogs/internal/assets/public"
 	"gogs.io/gogs/internal/assets/templates"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
@ -42,7 +42,6 @@ import (
 	"gogs.io/gogs/internal/route/org"
 	"gogs.io/gogs/internal/route/repo"
 	"gogs.io/gogs/internal/route/user"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/template"
 )
@ -61,58 +60,58 @@ and it takes care of all the other things for you`,
 // newMacaron initializes Macaron instance.
 func newMacaron() *macaron.Macaron {
 	m := macaron.New()
-	if !setting.DisableRouterLog {
+	if !conf.Server.DisableRouterLog {
 		m.Use(macaron.Logger())
 	}
 	m.Use(macaron.Recovery())
-	if setting.EnableGzip {
+	if conf.Server.EnableGzip {
 		m.Use(gzip.Gziper())
 	}
-	if setting.Protocol == setting.SCHEME_FCGI {
+	if conf.Server.Protocol == "fcgi" {
-		m.SetURLPrefix(setting.AppSubURL)
+		m.SetURLPrefix(conf.Server.Subpath)
 	}
 	// Register custom middleware first to make it possible to override files under "public".
 	m.Use(macaron.Static(
-		path.Join(setting.CustomPath, "public"),
+		filepath.Join(conf.CustomDir(), "public"),
 		macaron.StaticOptions{
-			SkipLogging: setting.DisableRouterLog,
+			SkipLogging: conf.Server.DisableRouterLog,
 		},
 	))
 	var publicFs http.FileSystem
-	if !setting.LoadAssetsFromDisk {
+	if !conf.Server.LoadAssetsFromDisk {
 		publicFs = public.NewFileSystem()
 	}
 	m.Use(macaron.Static(
-		path.Join(setting.StaticRootPath, "public"),
+		filepath.Join(conf.WorkDir(), "public"),
 		macaron.StaticOptions{
-			SkipLogging: setting.DisableRouterLog,
+			SkipLogging: conf.Server.DisableRouterLog,
 			FileSystem:  publicFs,
 		},
 	))
 	m.Use(macaron.Static(
-		setting.AvatarUploadPath,
+		conf.AvatarUploadPath,
 		macaron.StaticOptions{
 			Prefix:      db.USER_AVATAR_URL_PREFIX,
-			SkipLogging: setting.DisableRouterLog,
+			SkipLogging: conf.Server.DisableRouterLog,
 		},
 	))
 	m.Use(macaron.Static(
-		setting.RepositoryAvatarUploadPath,
+		conf.RepositoryAvatarUploadPath,
 		macaron.StaticOptions{
 			Prefix:      db.REPO_AVATAR_URL_PREFIX,
-			SkipLogging: setting.DisableRouterLog,
+			SkipLogging: conf.Server.DisableRouterLog,
 		},
 	))
 	renderOpt := macaron.RenderOptions{
-		Directory:         path.Join(setting.StaticRootPath, "templates"),
+		Directory:         filepath.Join(conf.WorkDir(), "templates"),
-		AppendDirectories: []string{path.Join(setting.CustomPath, "templates")},
+		AppendDirectories: []string{filepath.Join(conf.CustomDir(), "templates")},
 		Funcs:             template.FuncMap(),
 		IndentJSON:        macaron.Env != macaron.PROD,
 	}
-	if !setting.LoadAssetsFromDisk {
+	if !conf.Server.LoadAssetsFromDisk {
 		renderOpt.TemplateFileSystem = templates.NewTemplateFileSystem("", renderOpt.AppendDirectories[0])
 	}
 	m.Use(macaron.Renderer(renderOpt))
@ -121,34 +120,34 @@ func newMacaron() *macaron.Macaron {
 	if err != nil {
 		log.Fatal("Failed to list locale files: %v", err)
 	}
-	localFiles := make(map[string][]byte)
+	localeFiles := make(map[string][]byte)
 	for _, name := range localeNames {
-		localFiles[name] = conf.MustAsset("conf/locale/" + name)
+		localeFiles[name] = conf.MustAsset("conf/locale/" + name)
 	}
 	m.Use(i18n.I18n(i18n.Options{
-		SubURL:          setting.AppSubURL,
+		SubURL:          conf.Server.Subpath,
-		Files:           localFiles,
+		Files:           localeFiles,
-		CustomDirectory: path.Join(setting.CustomPath, "conf/locale"),
+		CustomDirectory: filepath.Join(conf.CustomDir(), "conf", "locale"),
-		Langs:           setting.Langs,
+		Langs:           conf.Langs,
-		Names:           setting.Names,
+		Names:           conf.Names,
 		DefaultLang:     "en-US",
 		Redirect:        true,
 	}))
 	m.Use(cache.Cacher(cache.Options{
-		Adapter:       setting.CacheAdapter,
+		Adapter:       conf.CacheAdapter,
-		AdapterConfig: setting.CacheConn,
+		AdapterConfig: conf.CacheConn,
-		Interval:      setting.CacheInterval,
+		Interval:      conf.CacheInterval,
 	}))
 	m.Use(captcha.Captchaer(captcha.Options{
-		SubURL: setting.AppSubURL,
+		SubURL: conf.Server.Subpath,
 	}))
-	m.Use(session.Sessioner(setting.SessionConfig))
+	m.Use(session.Sessioner(conf.SessionConfig))
 	m.Use(csrf.Csrfer(csrf.Options{
-		Secret:     setting.SecretKey,
+		Secret:     conf.SecretKey,
-		Cookie:     setting.CSRFCookieName,
+		Cookie:     conf.CSRFCookieName,
 		SetCookie:  true,
 		Header:     "X-Csrf-Token",
-		CookiePath: setting.AppSubURL,
+		CookiePath: conf.Server.Subpath,
 	}))
 	m.Use(toolbox.Toolboxer(m, toolbox.Options{
 		HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
@ -163,15 +162,15 @@ func newMacaron() *macaron.Macaron {
 }
 func runWeb(c *cli.Context) error {
-	if c.IsSet("config") {
+	err := route.GlobalInit(c.String("config"))
-		setting.CustomConf = c.String("config")
+	if err != nil {
 		log.Fatal("Failed to initialize application: %v", err)
 	}
 	route.GlobalInit()
 	m := newMacaron()
 	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
-	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
+	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: conf.Service.RequireSignInView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
@ -185,7 +184,7 @@ func runWeb(c *cli.Context) error {
 	m.Get("/", ignSignIn, route.Home)
 	m.Group("/explore", func() {
 		m.Get("", func(c *context.Context) {
-			c.Redirect(setting.AppSubURL + "/explore/repos")
+			c.Redirect(conf.Server.Subpath + "/explore/repos")
 		})
 		m.Get("/repos", route.ExploreRepos)
 		m.Get("/users", route.ExploreUsers)
@ -570,7 +569,7 @@ func runWeb(c *cli.Context) error {
 				m.Post("/upload-file", repo.UploadFileToServer)
 				m.Post("/upload-remove", bindIgnErr(form.RemoveUploadFile{}), repo.RemoveUploadFileFromServer)
 			}, func(c *context.Context) {
-				if !setting.Repository.Upload.Enabled {
+				if !conf.Repository.Upload.Enabled {
 					c.NotFound()
 					return
 				}
@ -658,21 +657,21 @@ func runWeb(c *cli.Context) error {
 	}, ignSignIn)
 	m.Group("/-", func() {
-		if setting.Prometheus.Enabled {
+		if conf.Prometheus.Enabled {
 			m.Get("/metrics", func(c *context.Context) {
-				if !setting.Prometheus.EnableBasicAuth {
+				if !conf.Prometheus.EnableBasicAuth {
 					return
 				}
-				c.RequireBasicAuth(setting.Prometheus.BasicAuthUsername, setting.Prometheus.BasicAuthPassword)
+				c.RequireBasicAuth(conf.Prometheus.BasicAuthUsername, conf.Prometheus.BasicAuthPassword)
 			}, promhttp.Handler())
 		}
 	})
 	// robots.txt
 	m.Get("/robots.txt", func(c *context.Context) {
-		if setting.HasRobotsTxt {
+		if conf.HasRobotsTxt {
-			c.ServeFileContent(path.Join(setting.CustomPath, "robots.txt"))
+			c.ServeFileContent(filepath.Join(conf.CustomDir(), "robots.txt"))
 		} else {
 			c.NotFound()
 		}
@ -683,38 +682,39 @@ func runWeb(c *cli.Context) error {
 	// Flag for port number in case first time run conflict.
 	if c.IsSet("port") {
-		setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, c.String("port"), 1)
+		conf.Server.URL.Host = strings.Replace(conf.Server.URL.Host, conf.Server.URL.Port(), c.String("port"), 1)
-		setting.HTTPPort = c.String("port")
+		conf.Server.ExternalURL = conf.Server.URL.String()
 		conf.Server.HTTPPort = c.String("port")
 	}
 	var listenAddr string
-	if setting.Protocol == setting.SCHEME_UNIX_SOCKET {
+	if conf.Server.Protocol == "unix" {
-		listenAddr = fmt.Sprintf("%s", setting.HTTPAddr)
+		listenAddr = conf.Server.HTTPAddr
 	} else {
-		listenAddr = fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.HTTPPort)
+		listenAddr = fmt.Sprintf("%s:%s", conf.Server.HTTPAddr, conf.Server.HTTPPort)
 	}
-	log.Info("Listen on %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+	log.Info("Listen on %v://%s%s", conf.Server.Protocol, listenAddr, conf.Server.Subpath)
-	var err error
+	switch conf.Server.Protocol {
-	switch setting.Protocol {
+	case "http":
 	case setting.SCHEME_HTTP:
 		err = http.ListenAndServe(listenAddr, m)
-	case setting.SCHEME_HTTPS:
+
-		var tlsMinVersion uint16
+	case "https":
-		switch setting.TLSMinVersion {
+		tlsMinVersion := tls.VersionTLS12
-		case "SSL30":
+		switch conf.Server.TLSMinVersion {
-			tlsMinVersion = tls.VersionSSL30
+		case "TLS13":
 			tlsMinVersion = tls.VersionTLS13
 		case "TLS12":
 			tlsMinVersion = tls.VersionTLS12
 		case "TLS11":
 			tlsMinVersion = tls.VersionTLS11
 		case "TLS10":
 			fallthrough
 		default:
 			tlsMinVersion = tls.VersionTLS10
 		}
-		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
+		server := &http.Server{
-			MinVersion:               tlsMinVersion,
+			Addr: listenAddr,
 			TLSConfig: &tls.Config{
 				MinVersion:               uint16(tlsMinVersion),
 				CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521},
 				PreferServerCipherSuites: true,
 				CipherSuites: []uint16{
@ -726,26 +726,32 @@ func runWeb(c *cli.Context) error {
 					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 				},
 			}, Handler: m}
-		err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
+		err = server.ListenAndServeTLS(conf.Server.CertFile, conf.Server.KeyFile)
-	case setting.SCHEME_FCGI:
+
 	case "fcgi":
 		err = fcgi.Serve(nil, m)
-	case setting.SCHEME_UNIX_SOCKET:
+
-		os.Remove(listenAddr)
+	case "unix":
 		err = os.Remove(listenAddr)
 		if err != nil {
 			log.Fatal("Failed to remove existing Unix domain socket: %v", err)
 		}
 		var listener *net.UnixListener
-		listener, err = net.ListenUnix("unix", &net.UnixAddr{listenAddr, "unix"})
+		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
 		if err != nil {
-			break // Handle error after switch
+			log.Fatal("Failed to listen on Unix networks: %v", err)
 		}
 		// FIXME: add proper implementation of signal capture on all protocols
 		// execute this on SIGTERM or SIGINT: listener.Close()
-		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
+		if err = os.Chmod(listenAddr, conf.Server.UnixSocketMode); err != nil {
-			log.Fatal("Failed to set permission of unix socket: %v", err)
+			log.Fatal("Failed to change permission of Unix domain socket: %v", err)
 		}
 		err = http.Serve(listener, m)
 	default:
-		log.Fatal("Invalid protocol: %s", setting.Protocol)
+		log.Fatal("Unexpected server protocol: %s", conf.Server.Protocol)
 	}
 	if err != nil {
--- a/internal/conf/computed.go
+++ b/internal/conf/computed.go
@ -0,0 +1,116 @@
 // Copyright 2020 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package conf
 import (
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 	"sync"
 )
 // ℹ️ README: This file contains configuration values that require computation to be useful.
 // IsWindowsRuntime returns true if the current runtime in Windows.
 func IsWindowsRuntime() bool {
 	return runtime.GOOS == "windows"
 }
 // IsProdMode returns true if the application is running in production mode.
 func IsProdMode() bool {
 	return strings.EqualFold(App.RunMode, "prod")
 }
 var (
 	appPath     string
 	appPathOnce sync.Once
 )
 // AppPath returns the absolute path of the application's binary.
 func AppPath() string {
 	appPathOnce.Do(func() {
 		var err error
 		appPath, err = exec.LookPath(os.Args[0])
 		if err != nil {
 			panic("look executable path: " + err.Error())
 		}
 		appPath, err = filepath.Abs(appPath)
 		if err != nil {
 			panic("get absolute executable path: " + err.Error())
 		}
 	})
 	return appPath
 }
 var (
 	workDir     string
 	workDirOnce sync.Once
 )
 // WorkDir returns the absolute path of work directory. It reads the value of envrionment
 // variable GOGS_WORK_DIR. When not set, it uses the directory where the application's
 // binary is located.
 func WorkDir() string {
 	workDirOnce.Do(func() {
 		workDir = os.Getenv("GOGS_WORK_DIR")
 		if workDir != "" {
 			return
 		}
 		workDir = filepath.Dir(AppPath())
 	})
 	return workDir
 }
 var (
 	customDir     string
 	customDirOnce sync.Once
 )
 // CustomDir returns the absolute path of the custom directory that contains local overrides.
 // It reads the value of envrionment variable GOGS_CUSTOM. When not set, it uses the work
 // directory returned by WorkDir fucntion.
 func CustomDir() string {
 	customDirOnce.Do(func() {
 		customDir = os.Getenv("GOGS_CUSTOM")
 		if customDir != "" {
 			return
 		}
 		customDir = filepath.Join(WorkDir(), "custom")
 	})
 	return customDir
 }
 var (
 	homeDir     string
 	homeDirOnce sync.Once
 )
 // HomeDir returns the home directory by reading environment variables. It may return empty
 // string when environment variables are not set.
 func HomeDir() string {
 	homeDirOnce.Do(func() {
 		if !IsWindowsRuntime() {
 			homeDir = os.Getenv("HOME")
 			return
 		}
 		homeDir = os.Getenv("USERPROFILE")
 		if homeDir != "" {
 			return
 		}
 		homeDir = os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
 	})
 	return homeDir
 }
--- a/internal/setting/setting.go
+++ b/internal/setting/setting.go
@ -2,16 +2,14 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
-package setting
+package conf
 import (
 	"net/mail"
 	"net/url"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
 	"time"
@ -21,83 +19,325 @@ import (
 	"github.com/go-macaron/session"
 	_ "github.com/go-macaron/session/redis"
 	"github.com/mcuadros/go-version"
-	"github.com/unknwon/com"
+	"github.com/pkg/errors"
 	"gopkg.in/ini.v1"
 	log "unknwon.dev/clog/v2"
 	"github.com/gogs/go-libravatar"
 	"gogs.io/gogs/internal/assets/conf"
-	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/user"
 )
-type Scheme string
+func init() {
-
+	// Initialize the primary logger until logging service is up.
-const (
+	err := log.NewConsole()
-	SCHEME_HTTP        Scheme = "http"
+	if err != nil {
-	SCHEME_HTTPS       Scheme = "https"
+		panic("init console logger: " + err.Error())
-	SCHEME_FCGI        Scheme = "fcgi"
+	}
 	SCHEME_UNIX_SOCKET Scheme = "unix"
 )
 type LandingPage string
 const (
 	LANDING_PAGE_HOME    LandingPage = "/"
 	LANDING_PAGE_EXPLORE LandingPage = "/explore"
 )
 var (
 	// Build information should only be set by -ldflags.
 	BuildTime   string
 	BuildCommit string
 	// App settings
 	AppVersion     string
 	AppName        string
 	AppURL         string
 	AppSubURL      string
 	AppSubURLDepth int // Number of slashes
 	AppPath        string
 	AppDataPath    string
 	HostAddress    string // AppURL without protocol and slashes
 	// Server settings
 	Protocol             Scheme
 	Domain               string
 	HTTPAddr             string
 	HTTPPort             string
 	LocalURL             string
 	OfflineMode          bool
 	DisableRouterLog     bool
 	CertFile             string
 	KeyFile              string
 	TLSMinVersion        string
 	LoadAssetsFromDisk   bool
 	StaticRootPath       string
 	EnableGzip           bool
 	LandingPageURL       LandingPage
 	UnixSocketPermission uint32
 	HTTP struct {
 		AccessControlAllowOrigin string
 }
-	SSH struct {
+// Asset is a wrapper for getting conf assets.
-		Disabled                     bool           `ini:"DISABLE_SSH"`
+func Asset(name string) ([]byte, error) {
-		StartBuiltinServer           bool           `ini:"START_SSH_SERVER"`
+	return conf.Asset(name)
-		Domain                       string         `ini:"SSH_DOMAIN"`
+}
-		Port                         int            `ini:"SSH_PORT"`
+
-		ListenHost                   string         `ini:"SSH_LISTEN_HOST"`
+// AssetDir is a wrapper for getting conf assets.
-		ListenPort                   int            `ini:"SSH_LISTEN_PORT"`
+func AssetDir(name string) ([]string, error) {
-		RootPath                     string         `ini:"SSH_ROOT_PATH"`
+	return conf.AssetDir(name)
-		RewriteAuthorizedKeysAtStart bool           `ini:"REWRITE_AUTHORIZED_KEYS_AT_START"`
+}
-		ServerCiphers                []string       `ini:"SSH_SERVER_CIPHERS"`
+
-		KeyTestPath                  string         `ini:"SSH_KEY_TEST_PATH"`
+// MustAsset is a wrapper for getting conf assets.
-		KeygenPath                   string         `ini:"SSH_KEYGEN_PATH"`
+func MustAsset(name string) []byte {
-		MinimumKeySizeCheck          bool           `ini:"MINIMUM_KEY_SIZE_CHECK"`
+	return conf.MustAsset(name)
-		MinimumKeySizes              map[string]int `ini:"-"`
+}
 // File is the configuration object.
 var File *ini.File
 // Init initializes configuration from conf assets and given custom configuration file.
 // If `customConf` is empty, it falls back to default location, i.e. "<WORK DIR>/custom".
 // It is safe to call this function multiple times with desired `customConf`, but it is
 // not concurrent safe.
 //
 // ⚠️ WARNING: Do not print anything in this function other than wanrings.
 func Init(customConf string) error {
 	var err error
 	File, err = ini.LoadSources(ini.LoadOptions{
 		IgnoreInlineComment: true,
 	}, conf.MustAsset("conf/app.ini"))
 	if err != nil {
 		return errors.Wrap(err, "parse 'conf/app.ini'")
 	}
 	File.NameMapper = ini.SnackCase
 	customConf, err = filepath.Abs(customConf)
 	if err != nil {
 		return errors.Wrap(err, "get absolute path")
 	}
 	if customConf == "" {
 		customConf = filepath.Join(CustomDir(), "conf/app.ini")
 	}
 	CustomConf = customConf
 	if osutil.IsFile(customConf) {
 		if err = File.Append(customConf); err != nil {
 			return errors.Wrapf(err, "append %q", customConf)
 		}
 	} else {
 		log.Warn("Custom config %q not found. Ignore this warning if you're running for the first time", customConf)
 	}
 	if err = File.Section(ini.DefaultSection).MapTo(&App); err != nil {
 		return errors.Wrap(err, "mapping default section")
 	}
 	// ***************************
 	// ----- Server settings -----
 	// ***************************
 	if err = File.Section("server").MapTo(&Server); err != nil {
 		return errors.Wrap(err, "mapping [server] section")
 	}
 	if !strings.HasSuffix(Server.ExternalURL, "/") {
 		Server.ExternalURL += "/"
 	}
 	Server.URL, err = url.Parse(Server.ExternalURL)
 	if err != nil {
 		return errors.Wrapf(err, "parse '[server] EXTERNAL_URL' %q", err)
 	}
 	// Subpath should start with '/' and end without '/', i.e. '/{subpath}'.
 	Server.Subpath = strings.TrimRight(Server.URL.Path, "/")
 	Server.SubpathDepth = strings.Count(Server.Subpath, "/")
 	unixSocketMode, err := strconv.ParseUint(Server.UnixSocketPermission, 8, 32)
 	if err != nil {
 		return errors.Wrapf(err, "parse '[server] UNIX_SOCKET_PERMISSION' %q", Server.UnixSocketPermission)
 	}
 	if unixSocketMode > 0777 {
 		unixSocketMode = 0666
 	}
 	Server.UnixSocketMode = os.FileMode(unixSocketMode)
 	// ************************
 	// ----- SSH settings -----
 	// ************************
 	if err = File.Section("server").MapTo(&SSH); err != nil {
 		return errors.Wrap(err, "mapping SSH settings from [server] section")
 	}
 	if !SSH.Disabled {
 		if !SSH.StartBuiltinServer {
 			SSH.RootPath = filepath.Join(HomeDir(), ".ssh")
 			SSH.KeyTestPath = os.TempDir()
 			if err := os.MkdirAll(SSH.RootPath, 0700); err != nil {
 				return errors.Wrap(err, "create SSH root directory")
 			} else if err = os.MkdirAll(SSH.KeyTestPath, 0644); err != nil {
 				return errors.Wrap(err, "create SSH key test directory")
 			}
 		} else {
 			SSH.RewriteAuthorizedKeysAtStart = false
 		}
 		// Check if server is eligible for minimum key size check when user choose to enable.
 		// Windows server and OpenSSH version lower than 5.1 are forced to be disabled because
 		// the "ssh-keygen" in Windows does not print key type.
 		// See https://github.com/gogs/gogs/issues/4507.
 		if SSH.MinimumKeySizeCheck {
 			sshVersion, err := openSSHVersion()
 			if err != nil {
 				return errors.Wrap(err, "get OpenSSH version")
 			}
 			if IsWindowsRuntime() || version.Compare(sshVersion, "5.1", "<") {
 				log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible:
 	1. Windows server
 	2. OpenSSH version is lower than 5.1`)
 			} else {
 				SSH.MinimumKeySizes = map[string]int{}
 				for _, key := range File.Section("ssh.minimum_key_sizes").Keys() {
 					if key.MustInt() != -1 {
 						SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
 					}
 				}
 			}
 		}
 	}
 	transferDeprecated()
 	// TODO
 	sec := File.Section("security")
 	InstallLock = sec.Key("INSTALL_LOCK").MustBool()
 	SecretKey = sec.Key("SECRET_KEY").String()
 	LoginRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
 	CookieUserName = sec.Key("COOKIE_USERNAME").String()
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
 	CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
 	EnableLoginStatusCookie = sec.Key("ENABLE_LOGIN_STATUS_COOKIE").MustBool(false)
 	LoginStatusCookieName = sec.Key("LOGIN_STATUS_COOKIE_NAME").MustString("login_status")
 	// Does not check run user when the install lock is off.
 	if InstallLock {
 		currentUser, match := IsRunUserMatchCurrentUser(App.RunUser)
 		if !match {
 			log.Fatal("The user configured to run Gogs is %q, but the current user is %q", App.RunUser, currentUser)
 		}
 	}
 	sec = File.Section("attachment")
 	AttachmentPath = sec.Key("PATH").MustString(filepath.Join(Server.AppDataPath, "attachments"))
 	if !filepath.IsAbs(AttachmentPath) {
 		AttachmentPath = path.Join(workDir, AttachmentPath)
 	}
 	AttachmentAllowedTypes = strings.Replace(sec.Key("ALLOWED_TYPES").MustString("image/jpeg,image/png"), "|", ",", -1)
 	AttachmentMaxSize = sec.Key("MAX_SIZE").MustInt64(4)
 	AttachmentMaxFiles = sec.Key("MAX_FILES").MustInt(5)
 	AttachmentEnabled = sec.Key("ENABLED").MustBool(true)
 	TimeFormat = map[string]string{
 		"ANSIC":       time.ANSIC,
 		"UnixDate":    time.UnixDate,
 		"RubyDate":    time.RubyDate,
 		"RFC822":      time.RFC822,
 		"RFC822Z":     time.RFC822Z,
 		"RFC850":      time.RFC850,
 		"RFC1123":     time.RFC1123,
 		"RFC1123Z":    time.RFC1123Z,
 		"RFC3339":     time.RFC3339,
 		"RFC3339Nano": time.RFC3339Nano,
 		"Kitchen":     time.Kitchen,
 		"Stamp":       time.Stamp,
 		"StampMilli":  time.StampMilli,
 		"StampMicro":  time.StampMicro,
 		"StampNano":   time.StampNano,
 	}[File.Section("time").Key("FORMAT").MustString("RFC1123")]
 	// Determine and create root git repository path.
 	sec = File.Section("repository")
 	RepoRootPath = sec.Key("ROOT").MustString(filepath.Join(HomeDir(), "gogs-repositories"))
 	if !filepath.IsAbs(RepoRootPath) {
 		RepoRootPath = path.Join(workDir, RepoRootPath)
 	} else {
 		RepoRootPath = path.Clean(RepoRootPath)
 	}
 	ScriptType = sec.Key("SCRIPT_TYPE").MustString("bash")
 	if err = File.Section("repository").MapTo(&Repository); err != nil {
 		log.Fatal("Failed to map Repository settings: %v", err)
 	} else if err = File.Section("repository.editor").MapTo(&Repository.Editor); err != nil {
 		log.Fatal("Failed to map Repository.Editor settings: %v", err)
 	} else if err = File.Section("repository.upload").MapTo(&Repository.Upload); err != nil {
 		log.Fatal("Failed to map Repository.Upload settings: %v", err)
 	}
 	if !filepath.IsAbs(Repository.Upload.TempPath) {
 		Repository.Upload.TempPath = path.Join(workDir, Repository.Upload.TempPath)
 	}
 	sec = File.Section("picture")
 	AvatarUploadPath = sec.Key("AVATAR_UPLOAD_PATH").MustString(filepath.Join(Server.AppDataPath, "avatars"))
 	if !filepath.IsAbs(AvatarUploadPath) {
 		AvatarUploadPath = path.Join(workDir, AvatarUploadPath)
 	}
 	RepositoryAvatarUploadPath = sec.Key("REPOSITORY_AVATAR_UPLOAD_PATH").MustString(filepath.Join(Server.AppDataPath, "repo-avatars"))
 	if !filepath.IsAbs(RepositoryAvatarUploadPath) {
 		RepositoryAvatarUploadPath = path.Join(workDir, RepositoryAvatarUploadPath)
 	}
 	switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
 	case "duoshuo":
 		GravatarSource = "http://gravatar.duoshuo.com/avatar/"
 	case "gravatar":
 		GravatarSource = "https://secure.gravatar.com/avatar/"
 	case "libravatar":
 		GravatarSource = "https://seccdn.libravatar.org/avatar/"
 	default:
 		GravatarSource = source
 	}
 	DisableGravatar = sec.Key("DISABLE_GRAVATAR").MustBool()
 	EnableFederatedAvatar = sec.Key("ENABLE_FEDERATED_AVATAR").MustBool(true)
 	if Server.OfflineMode {
 		DisableGravatar = true
 		EnableFederatedAvatar = false
 	}
 	if DisableGravatar {
 		EnableFederatedAvatar = false
 	}
 	if EnableFederatedAvatar {
 		LibravatarService = libravatar.New()
 		parts := strings.Split(GravatarSource, "/")
 		if len(parts) >= 3 {
 			if parts[0] == "https:" {
 				LibravatarService.SetUseHTTPS(true)
 				LibravatarService.SetSecureFallbackHost(parts[2])
 			} else {
 				LibravatarService.SetUseHTTPS(false)
 				LibravatarService.SetFallbackHost(parts[2])
 			}
 		}
 	}
 	if err = File.Section("http").MapTo(&HTTP); err != nil {
 		log.Fatal("Failed to map HTTP settings: %v", err)
 	} else if err = File.Section("webhook").MapTo(&Webhook); err != nil {
 		log.Fatal("Failed to map Webhook settings: %v", err)
 	} else if err = File.Section("release.attachment").MapTo(&Release.Attachment); err != nil {
 		log.Fatal("Failed to map Release.Attachment settings: %v", err)
 	} else if err = File.Section("markdown").MapTo(&Markdown); err != nil {
 		log.Fatal("Failed to map Markdown settings: %v", err)
 	} else if err = File.Section("smartypants").MapTo(&Smartypants); err != nil {
 		log.Fatal("Failed to map Smartypants settings: %v", err)
 	} else if err = File.Section("admin").MapTo(&Admin); err != nil {
 		log.Fatal("Failed to map Admin settings: %v", err)
 	} else if err = File.Section("cron").MapTo(&Cron); err != nil {
 		log.Fatal("Failed to map Cron settings: %v", err)
 	} else if err = File.Section("git").MapTo(&Git); err != nil {
 		log.Fatal("Failed to map Git settings: %v", err)
 	} else if err = File.Section("mirror").MapTo(&Mirror); err != nil {
 		log.Fatal("Failed to map Mirror settings: %v", err)
 	} else if err = File.Section("api").MapTo(&API); err != nil {
 		log.Fatal("Failed to map API settings: %v", err)
 	} else if err = File.Section("ui").MapTo(&UI); err != nil {
 		log.Fatal("Failed to map UI settings: %v", err)
 	} else if err = File.Section("prometheus").MapTo(&Prometheus); err != nil {
 		log.Fatal("Failed to map Prometheus settings: %v", err)
 	}
 	if Mirror.DefaultInterval <= 0 {
 		Mirror.DefaultInterval = 24
 	}
 	Langs = File.Section("i18n").Key("LANGS").Strings(",")
 	Names = File.Section("i18n").Key("NAMES").Strings(",")
 	dateLangs = File.Section("i18n.datelang").KeysHash()
 	ShowFooterBranding = File.Section("other").Key("SHOW_FOOTER_BRANDING").MustBool()
 	ShowFooterTemplateLoadTime = File.Section("other").Key("SHOW_FOOTER_TEMPLATE_LOAD_TIME").MustBool()
 	HasRobotsTxt = osutil.IsFile(path.Join(CustomDir(), "robots.txt"))
 	return nil
 }
 // MustInit panics if configuration initialization failed.
 func MustInit(customConf string) {
 	err := Init(customConf)
 	if err != nil {
 		panic(err)
 	}
 }
 // TODO
 var (
 	HTTP struct {
 		AccessControlAllowOrigin string
 	}
 	// Security settings
@ -316,12 +556,6 @@ var (
 	ShowFooterTemplateLoadTime bool
 	// Global setting objects
 	Cfg          *ini.File
 	CustomPath   string // Custom directory path
 	CustomConf   string
 	ProdMode     bool
 	RunUser      string
 	IsWindows    bool
 	HasRobotsTxt bool
 )
@ -334,59 +568,12 @@ func DateLang(lang string) string {
 	return "en"
 }
 // execPath returns the executable path.
 func execPath() (string, error) {
 	file, err := exec.LookPath(os.Args[0])
 	if err != nil {
 		return "", err
 	}
 	return filepath.Abs(file)
 }
 func init() {
 	IsWindows = runtime.GOOS == "windows"
 	err := log.NewConsole()
 	if err != nil {
 		panic("init console logger: " + err.Error())
 	}
 	AppPath, err = execPath()
 	if err != nil {
 		log.Fatal("Failed to get executable path: %v", err)
 	}
 	// NOTE: we don't use path.Dir here because it does not handle case
 	// which path starts with two "/" in Windows: "//psf/Home/..."
 	AppPath = strings.Replace(AppPath, "\\", "/", -1)
 }
 // WorkDir returns absolute path of work directory.
 func WorkDir() (string, error) {
 	wd := os.Getenv("GOGS_WORK_DIR")
 	if len(wd) > 0 {
 		return wd, nil
 	}
 	i := strings.LastIndex(AppPath, "/")
 	if i == -1 {
 		return AppPath, nil
 	}
 	return AppPath[:i], nil
 }
 func forcePathSeparator(path string) {
 	if strings.Contains(path, "\\") {
 		log.Fatal("Do not use '\\' or '\\\\' in paths, please use '/' in all places")
 	}
 }
 // IsRunUserMatchCurrentUser returns false if configured run user does not match
 // actual user that runs the app. The first return value is the actual user name.
 // This check is ignored under Windows since SSH remote login is not the main
 // method to login on Windows.
 func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
-	if IsWindows {
+	if IsWindowsRuntime() {
 		return "", true
 	}
@ -394,351 +581,17 @@ func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
 	return currentUser, runUser == currentUser
 }
-// getOpenSSHVersion parses and returns string representation of OpenSSH version
+// InitLogging initializes the logging service of the application.
 // returned by command "ssh -V".
 func getOpenSSHVersion() string {
 	// NOTE: Somehow the version is printed to stderr.
 	_, stderr, err := process.Exec("setting.getOpenSSHVersion", "ssh", "-V")
 	if err != nil {
 		log.Fatal("Failed to get OpenSSH version: %v - %s", err, stderr)
 	}
 	// Trim unused information: https://github.com/gogs/gogs/issues/4507#issuecomment-305150441
 	version := strings.TrimRight(strings.Fields(stderr)[0], ",1234567890")
 	version = strings.TrimSuffix(strings.TrimPrefix(version, "OpenSSH_"), "p")
 	return version
 }
 // Init initializes configuration by loading from sources.
 // ⚠️ WARNING: Do not print anything in this function other than wanrings or errors.
 func Init() {
 	workDir, err := WorkDir()
 	if err != nil {
 		log.Fatal("Failed to get work directory: %v", err)
 		return
 	}
 	Cfg, err = ini.LoadSources(ini.LoadOptions{
 		IgnoreInlineComment: true,
 	}, conf.MustAsset("conf/app.ini"))
 	if err != nil {
 		log.Fatal("Failed to parse 'conf/app.ini': %v", err)
 		return
 	}
 	CustomPath = os.Getenv("GOGS_CUSTOM")
 	if len(CustomPath) == 0 {
 		CustomPath = workDir + "/custom"
 	}
 	if len(CustomConf) == 0 {
 		CustomConf = CustomPath + "/conf/app.ini"
 	}
 	if com.IsFile(CustomConf) {
 		if err = Cfg.Append(CustomConf); err != nil {
 			log.Fatal("Failed to load custom conf %q: %v", CustomConf, err)
 			return
 		}
 	} else {
 		log.Warn("Custom config '%s' not found, ignore this warning if you're running the first time", CustomConf)
 	}
 	Cfg.NameMapper = ini.SnackCase
 	homeDir, err := com.HomeDir()
 	if err != nil {
 		log.Fatal("Failed to get home directory: %v", err)
 		return
 	}
 	homeDir = strings.Replace(homeDir, "\\", "/", -1)
 	LogRootPath = Cfg.Section("log").Key("ROOT_PATH").MustString(path.Join(workDir, "log"))
 	forcePathSeparator(LogRootPath)
 	sec := Cfg.Section("server")
 	AppName = Cfg.Section("").Key("APP_NAME").MustString("Gogs")
 	AppURL = sec.Key("ROOT_URL").MustString("http://localhost:3000/")
 	if AppURL[len(AppURL)-1] != '/' {
 		AppURL += "/"
 	}
 	// Check if has app suburl.
 	url, err := url.Parse(AppURL)
 	if err != nil {
 		log.Fatal("Failed to parse ROOT_URL %q: %s", AppURL, err)
 		return
 	}
 	// Suburl should start with '/' and end without '/', such as '/{subpath}'.
 	// This value is empty if site does not have sub-url.
 	AppSubURL = strings.TrimSuffix(url.Path, "/")
 	AppSubURLDepth = strings.Count(AppSubURL, "/")
 	HostAddress = url.Host
 	Protocol = SCHEME_HTTP
 	if sec.Key("PROTOCOL").String() == "https" {
 		Protocol = SCHEME_HTTPS
 		CertFile = sec.Key("CERT_FILE").String()
 		KeyFile = sec.Key("KEY_FILE").String()
 		TLSMinVersion = sec.Key("TLS_MIN_VERSION").String()
 	} else if sec.Key("PROTOCOL").String() == "fcgi" {
 		Protocol = SCHEME_FCGI
 	} else if sec.Key("PROTOCOL").String() == "unix" {
 		Protocol = SCHEME_UNIX_SOCKET
 		UnixSocketPermissionRaw := sec.Key("UNIX_SOCKET_PERMISSION").MustString("666")
 		UnixSocketPermissionParsed, err := strconv.ParseUint(UnixSocketPermissionRaw, 8, 32)
 		if err != nil || UnixSocketPermissionParsed > 0777 {
 			log.Fatal("Failed to parse unixSocketPermission %q: %v", UnixSocketPermissionRaw, err)
 			return
 		}
 		UnixSocketPermission = uint32(UnixSocketPermissionParsed)
 	}
 	Domain = sec.Key("DOMAIN").MustString("localhost")
 	HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
 	HTTPPort = sec.Key("HTTP_PORT").MustString("3000")
 	LocalURL = sec.Key("LOCAL_ROOT_URL").MustString(string(Protocol) + "://localhost:" + HTTPPort + "/")
 	OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
 	DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
 	LoadAssetsFromDisk = sec.Key("LOAD_ASSETS_FROM_DISK").MustBool()
 	StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(workDir)
 	AppDataPath = sec.Key("APP_DATA_PATH").MustString("data")
 	EnableGzip = sec.Key("ENABLE_GZIP").MustBool()
 	switch sec.Key("LANDING_PAGE").MustString("home") {
 	case "explore":
 		LandingPageURL = LANDING_PAGE_EXPLORE
 	default:
 		LandingPageURL = LANDING_PAGE_HOME
 	}
 	SSH.RootPath = path.Join(homeDir, ".ssh")
 	SSH.RewriteAuthorizedKeysAtStart = sec.Key("REWRITE_AUTHORIZED_KEYS_AT_START").MustBool()
 	SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
 	SSH.KeyTestPath = os.TempDir()
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
 		log.Fatal("Failed to map SSH settings: %v", err)
 		return
 	}
 	if SSH.Disabled {
 		SSH.StartBuiltinServer = false
 		SSH.MinimumKeySizeCheck = false
 	}
 	if !SSH.Disabled && !SSH.StartBuiltinServer {
 		if err := os.MkdirAll(SSH.RootPath, 0700); err != nil {
 			log.Fatal("Failed to create '%s': %v", SSH.RootPath, err)
 			return
 		} else if err = os.MkdirAll(SSH.KeyTestPath, 0644); err != nil {
 			log.Fatal("Failed to create '%s': %v", SSH.KeyTestPath, err)
 			return
 		}
 	}
 	if SSH.StartBuiltinServer {
 		SSH.RewriteAuthorizedKeysAtStart = false
 	}
 	// Check if server is eligible for minimum key size check when user choose to enable.
 	// Windows server and OpenSSH version lower than 5.1 (https://gogs.io/gogs/issues/4507)
 	// are forced to be disabled because the "ssh-keygen" in Windows does not print key type.
 	if SSH.MinimumKeySizeCheck &&
 		(IsWindows || version.Compare(getOpenSSHVersion(), "5.1", "<")) {
 		SSH.MinimumKeySizeCheck = false
 		log.Warn(`SSH minimum key size check is forced to be disabled because server is not eligible:
 1. Windows server
 2. OpenSSH version is lower than 5.1`)
 	}
 	if SSH.MinimumKeySizeCheck {
 		SSH.MinimumKeySizes = map[string]int{}
 		for _, key := range Cfg.Section("ssh.minimum_key_sizes").Keys() {
 			if key.MustInt() != -1 {
 				SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
 			}
 		}
 	}
 	sec = Cfg.Section("security")
 	InstallLock = sec.Key("INSTALL_LOCK").MustBool()
 	SecretKey = sec.Key("SECRET_KEY").String()
 	LoginRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
 	CookieUserName = sec.Key("COOKIE_USERNAME").String()
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
 	CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
 	EnableLoginStatusCookie = sec.Key("ENABLE_LOGIN_STATUS_COOKIE").MustBool(false)
 	LoginStatusCookieName = sec.Key("LOGIN_STATUS_COOKIE_NAME").MustString("login_status")
 	sec = Cfg.Section("attachment")
 	AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
 	if !filepath.IsAbs(AttachmentPath) {
 		AttachmentPath = path.Join(workDir, AttachmentPath)
 	}
 	AttachmentAllowedTypes = strings.Replace(sec.Key("ALLOWED_TYPES").MustString("image/jpeg,image/png"), "|", ",", -1)
 	AttachmentMaxSize = sec.Key("MAX_SIZE").MustInt64(4)
 	AttachmentMaxFiles = sec.Key("MAX_FILES").MustInt(5)
 	AttachmentEnabled = sec.Key("ENABLED").MustBool(true)
 	TimeFormat = map[string]string{
 		"ANSIC":       time.ANSIC,
 		"UnixDate":    time.UnixDate,
 		"RubyDate":    time.RubyDate,
 		"RFC822":      time.RFC822,
 		"RFC822Z":     time.RFC822Z,
 		"RFC850":      time.RFC850,
 		"RFC1123":     time.RFC1123,
 		"RFC1123Z":    time.RFC1123Z,
 		"RFC3339":     time.RFC3339,
 		"RFC3339Nano": time.RFC3339Nano,
 		"Kitchen":     time.Kitchen,
 		"Stamp":       time.Stamp,
 		"StampMilli":  time.StampMilli,
 		"StampMicro":  time.StampMicro,
 		"StampNano":   time.StampNano,
 	}[Cfg.Section("time").Key("FORMAT").MustString("RFC1123")]
 	RunUser = Cfg.Section("").Key("RUN_USER").String()
 	// Does not check run user when the install lock is off.
 	if InstallLock {
 		currentUser, match := IsRunUserMatchCurrentUser(RunUser)
 		if !match {
 			log.Fatal("The user configured to run Gogs is %q, but the current user is %q", RunUser, currentUser)
 			return
 		}
 	}
 	ProdMode = Cfg.Section("").Key("RUN_MODE").String() == "prod"
 	// Determine and create root git repository path.
 	sec = Cfg.Section("repository")
 	RepoRootPath = sec.Key("ROOT").MustString(path.Join(homeDir, "gogs-repositories"))
 	forcePathSeparator(RepoRootPath)
 	if !filepath.IsAbs(RepoRootPath) {
 		RepoRootPath = path.Join(workDir, RepoRootPath)
 	} else {
 		RepoRootPath = path.Clean(RepoRootPath)
 	}
 	ScriptType = sec.Key("SCRIPT_TYPE").MustString("bash")
 	if err = Cfg.Section("repository").MapTo(&Repository); err != nil {
 		log.Fatal("Failed to map Repository settings: %v", err)
 		return
 	} else if err = Cfg.Section("repository.editor").MapTo(&Repository.Editor); err != nil {
 		log.Fatal("Failed to map Repository.Editor settings: %v", err)
 		return
 	} else if err = Cfg.Section("repository.upload").MapTo(&Repository.Upload); err != nil {
 		log.Fatal("Failed to map Repository.Upload settings: %v", err)
 		return
 	}
 	if !filepath.IsAbs(Repository.Upload.TempPath) {
 		Repository.Upload.TempPath = path.Join(workDir, Repository.Upload.TempPath)
 	}
 	sec = Cfg.Section("picture")
 	AvatarUploadPath = sec.Key("AVATAR_UPLOAD_PATH").MustString(path.Join(AppDataPath, "avatars"))
 	forcePathSeparator(AvatarUploadPath)
 	if !filepath.IsAbs(AvatarUploadPath) {
 		AvatarUploadPath = path.Join(workDir, AvatarUploadPath)
 	}
 	RepositoryAvatarUploadPath = sec.Key("REPOSITORY_AVATAR_UPLOAD_PATH").MustString(path.Join(AppDataPath, "repo-avatars"))
 	forcePathSeparator(RepositoryAvatarUploadPath)
 	if !filepath.IsAbs(RepositoryAvatarUploadPath) {
 		RepositoryAvatarUploadPath = path.Join(workDir, RepositoryAvatarUploadPath)
 	}
 	switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
 	case "duoshuo":
 		GravatarSource = "http://gravatar.duoshuo.com/avatar/"
 	case "gravatar":
 		GravatarSource = "https://secure.gravatar.com/avatar/"
 	case "libravatar":
 		GravatarSource = "https://seccdn.libravatar.org/avatar/"
 	default:
 		GravatarSource = source
 	}
 	DisableGravatar = sec.Key("DISABLE_GRAVATAR").MustBool()
 	EnableFederatedAvatar = sec.Key("ENABLE_FEDERATED_AVATAR").MustBool(true)
 	if OfflineMode {
 		DisableGravatar = true
 		EnableFederatedAvatar = false
 	}
 	if DisableGravatar {
 		EnableFederatedAvatar = false
 	}
 	if EnableFederatedAvatar {
 		LibravatarService = libravatar.New()
 		parts := strings.Split(GravatarSource, "/")
 		if len(parts) >= 3 {
 			if parts[0] == "https:" {
 				LibravatarService.SetUseHTTPS(true)
 				LibravatarService.SetSecureFallbackHost(parts[2])
 			} else {
 				LibravatarService.SetUseHTTPS(false)
 				LibravatarService.SetFallbackHost(parts[2])
 			}
 		}
 	}
 	if err = Cfg.Section("http").MapTo(&HTTP); err != nil {
 		log.Fatal("Failed to map HTTP settings: %v", err)
 		return
 	} else if err = Cfg.Section("webhook").MapTo(&Webhook); err != nil {
 		log.Fatal("Failed to map Webhook settings: %v", err)
 		return
 	} else if err = Cfg.Section("release.attachment").MapTo(&Release.Attachment); err != nil {
 		log.Fatal("Failed to map Release.Attachment settings: %v", err)
 		return
 	} else if err = Cfg.Section("markdown").MapTo(&Markdown); err != nil {
 		log.Fatal("Failed to map Markdown settings: %v", err)
 		return
 	} else if err = Cfg.Section("smartypants").MapTo(&Smartypants); err != nil {
 		log.Fatal("Failed to map Smartypants settings: %v", err)
 		return
 	} else if err = Cfg.Section("admin").MapTo(&Admin); err != nil {
 		log.Fatal("Failed to map Admin settings: %v", err)
 		return
 	} else if err = Cfg.Section("cron").MapTo(&Cron); err != nil {
 		log.Fatal("Failed to map Cron settings: %v", err)
 		return
 	} else if err = Cfg.Section("git").MapTo(&Git); err != nil {
 		log.Fatal("Failed to map Git settings: %v", err)
 		return
 	} else if err = Cfg.Section("mirror").MapTo(&Mirror); err != nil {
 		log.Fatal("Failed to map Mirror settings: %v", err)
 		return
 	} else if err = Cfg.Section("api").MapTo(&API); err != nil {
 		log.Fatal("Failed to map API settings: %v", err)
 		return
 	} else if err = Cfg.Section("ui").MapTo(&UI); err != nil {
 		log.Fatal("Failed to map UI settings: %v", err)
 		return
 	} else if err = Cfg.Section("prometheus").MapTo(&Prometheus); err != nil {
 		log.Fatal("Failed to map Prometheus settings: %v", err)
 		return
 	}
 	if Mirror.DefaultInterval <= 0 {
 		Mirror.DefaultInterval = 24
 	}
 	Langs = Cfg.Section("i18n").Key("LANGS").Strings(",")
 	Names = Cfg.Section("i18n").Key("NAMES").Strings(",")
 	dateLangs = Cfg.Section("i18n.datelang").KeysHash()
 	ShowFooterBranding = Cfg.Section("other").Key("SHOW_FOOTER_BRANDING").MustBool()
 	ShowFooterTemplateLoadTime = Cfg.Section("other").Key("SHOW_FOOTER_TEMPLATE_LOAD_TIME").MustBool()
 	HasRobotsTxt = com.IsFile(path.Join(CustomPath, "robots.txt"))
 }
 // InitLogging initializes the logging infrastructure of the application.
 func InitLogging() {
 	LogRootPath = File.Section("log").Key("ROOT_PATH").MustString(filepath.Join(WorkDir(), "log"))
 	// Because we always create a console logger as the primary logger at init time,
 	// we need to remove it in case the user doesn't configure to use it after the
-	// logging infrastructure is initalized.
+	// logging service is initalized.
 	hasConsole := false
 	// Iterate over [log.*] sections to initialize individual logger.
-	LogModes = strings.Split(Cfg.Section("log").Key("MODE").MustString("console"), ",")
+	LogModes = strings.Split(File.Section("log").Key("MODE").MustString("console"), ",")
 	LogConfigs = make([]interface{}, len(LogModes))
 	levelMappings := map[string]log.Level{
 		"trace": log.LevelTrace,
@ -755,7 +608,7 @@ func InitLogging() {
 	for i, mode := range LogModes {
 		mode = strings.ToLower(strings.TrimSpace(mode))
 		secName := "log." + mode
-		sec, err := Cfg.GetSection(secName)
+		sec, err := File.GetSection(secName)
 		if err != nil {
 			log.Fatal("Missing configuration section [%s] for %q logger", secName, mode)
 			return
@ -852,7 +705,7 @@ var Service struct {
 }
 func newService() {
-	sec := Cfg.Section("service")
+	sec := File.Section("service")
 	Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
 	Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
 	Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
@ -864,12 +717,12 @@ func newService() {
 }
 func newCacheService() {
-	CacheAdapter = Cfg.Section("cache").Key("ADAPTER").In("memory", []string{"memory", "redis", "memcache"})
+	CacheAdapter = File.Section("cache").Key("ADAPTER").In("memory", []string{"memory", "redis", "memcache"})
 	switch CacheAdapter {
 	case "memory":
-		CacheInterval = Cfg.Section("cache").Key("INTERVAL").MustInt(60)
+		CacheInterval = File.Section("cache").Key("INTERVAL").MustInt(60)
 	case "redis", "memcache":
-		CacheConn = strings.Trim(Cfg.Section("cache").Key("HOST").String(), "\" ")
+		CacheConn = strings.Trim(File.Section("cache").Key("HOST").String(), "\" ")
 	default:
 		log.Fatal("Unrecognized cache adapter %q", CacheAdapter)
 		return
@ -879,15 +732,15 @@ func newCacheService() {
 }
 func newSessionService() {
-	SessionConfig.Provider = Cfg.Section("session").Key("PROVIDER").In("memory",
+	SessionConfig.Provider = File.Section("session").Key("PROVIDER").In("memory",
 		[]string{"memory", "file", "redis", "mysql"})
-	SessionConfig.ProviderConfig = strings.Trim(Cfg.Section("session").Key("PROVIDER_CONFIG").String(), "\" ")
+	SessionConfig.ProviderConfig = strings.Trim(File.Section("session").Key("PROVIDER_CONFIG").String(), "\" ")
-	SessionConfig.CookieName = Cfg.Section("session").Key("COOKIE_NAME").MustString("i_like_gogs")
+	SessionConfig.CookieName = File.Section("session").Key("COOKIE_NAME").MustString("i_like_gogs")
-	SessionConfig.CookiePath = AppSubURL
+	SessionConfig.CookiePath = Server.Subpath
-	SessionConfig.Secure = Cfg.Section("session").Key("COOKIE_SECURE").MustBool()
+	SessionConfig.Secure = File.Section("session").Key("COOKIE_SECURE").MustBool()
-	SessionConfig.Gclifetime = Cfg.Section("session").Key("GC_INTERVAL_TIME").MustInt64(3600)
+	SessionConfig.Gclifetime = File.Section("session").Key("GC_INTERVAL_TIME").MustInt64(3600)
-	SessionConfig.Maxlifetime = Cfg.Section("session").Key("SESSION_LIFE_TIME").MustInt64(86400)
+	SessionConfig.Maxlifetime = File.Section("session").Key("SESSION_LIFE_TIME").MustInt64(86400)
-	CSRFCookieName = Cfg.Section("session").Key("CSRF_COOKIE_NAME").MustString("_csrf")
+	CSRFCookieName = File.Section("session").Key("CSRF_COOKIE_NAME").MustString("_csrf")
 	log.Trace("Session service is enabled")
 }
@ -916,14 +769,14 @@ var (
 // newMailService initializes mail service options from configuration.
 // No non-error log will be printed in hook mode.
 func newMailService() {
-	sec := Cfg.Section("mailer")
+	sec := File.Section("mailer")
 	if !sec.Key("ENABLED").MustBool() {
 		return
 	}
 	MailService = &Mailer{
 		QueueLength:     sec.Key("SEND_BUFFER_LEN").MustInt(100),
-		SubjectPrefix:   sec.Key("SUBJECT_PREFIX").MustString("[" + AppName + "] "),
+		SubjectPrefix:   sec.Key("SUBJECT_PREFIX").MustString("[" + App.BrandName + "] "),
 		Host:            sec.Key("HOST").String(),
 		User:            sec.Key("USER").String(),
 		Passwd:          sec.Key("PASSWD").String(),
@ -954,7 +807,7 @@ func newMailService() {
 }
 func newRegisterMailService() {
-	if !Cfg.Section("service").Key("REGISTER_EMAIL_CONFIRM").MustBool() {
+	if !File.Section("service").Key("REGISTER_EMAIL_CONFIRM").MustBool() {
 		return
 	} else if MailService == nil {
 		log.Warn("Email confirmation is not enabled due to the mail service is not available")
@ -967,7 +820,7 @@ func newRegisterMailService() {
 // newNotifyMailService initializes notification email service options from configuration.
 // No non-error log will be printed in hook mode.
 func newNotifyMailService() {
-	if !Cfg.Section("service").Key("ENABLE_NOTIFY_MAIL").MustBool() {
+	if !File.Section("service").Key("ENABLE_NOTIFY_MAIL").MustBool() {
 		return
 	} else if MailService == nil {
 		log.Warn("Email notification is not enabled due to the mail service is not available")
--- a/internal/conf/static.go
+++ b/internal/conf/static.go
@ -0,0 +1,107 @@
 // Copyright 2020 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package conf
 import (
 	"net/url"
 	"os"
 )
 // ℹ️ README: This file contains static values that should only be set at initialization time.
 // HasMinWinSvc is whether the application is built with Windows Service support.
 var HasMinWinSvc bool
 // Build information should only be set by -ldflags.
 var (
 	BuildTime   string
 	BuildCommit string
 )
 // CustomConf returns the absolute path of custom configuration file that is used.
 var CustomConf string
 var (
 	// Application settings
 	App struct {
 		// ⚠️ WARNING: Should only be set by gogs.go.
 		Version string `ini:"-"`
 		BrandName string
 		RunUser   string
 		RunMode   string
 		// Deprecated: Use BrandName instead, will be removed in 0.13.
 		AppName string
 	}
 	// Server settings
 	Server struct {
 		ExternalURL          string `ini:"EXTERNAL_URL"`
 		Domain               string
 		Protocol             string
 		HTTPAddr             string `ini:"HTTP_ADDR"`
 		HTTPPort             string `ini:"HTTP_PORT"`
 		CertFile             string
 		KeyFile              string
 		TLSMinVersion        string `ini:"TLS_MIN_VERSION"`
 		UnixSocketPermission string
 		LocalRootURL         string `ini:"LOCAL_ROOT_URL"`
 		OfflineMode      bool
 		DisableRouterLog bool
 		EnableGzip       bool
 		AppDataPath        string
 		LoadAssetsFromDisk bool
 		LandingURL string `ini:"LANDING_URL"`
 		// Derived from other static values
 		URL            *url.URL    `ini:"-"` // Parsed URL object of ExternalURL.
 		Subpath        string      `ini:"-"` // Subpath found the ExternalURL. Should be empty when not found.
 		SubpathDepth   int         `ini:"-"` // The number of slashes found in the Subpath.
 		UnixSocketMode os.FileMode `ini:"-"` // Parsed file mode of UnixSocketPermission.
 		// Deprecated: Use ExternalURL instead, will be removed in 0.13.
 		RootURL string `ini:"ROOT_URL"`
 		// Deprecated: Use LandingURL instead, will be removed in 0.13.
 		LangdingPage string `ini:"LANDING_PAGE"`
 	}
 	// SSH settings
 	SSH struct {
 		Disabled                     bool           `ini:"DISABLE_SSH"`
 		Domain                       string         `ini:"SSH_DOMAIN"`
 		Port                         int            `ini:"SSH_PORT"`
 		RootPath                     string         `ini:"SSH_ROOT_PATH"`
 		KeygenPath                   string         `ini:"SSH_KEYGEN_PATH"`
 		KeyTestPath                  string         `ini:"SSH_KEY_TEST_PATH"`
 		StartBuiltinServer           bool           `ini:"START_SSH_SERVER"`
 		ListenHost                   string         `ini:"SSH_LISTEN_HOST"`
 		ListenPort                   int            `ini:"SSH_LISTEN_PORT"`
 		ServerCiphers                []string       `ini:"SSH_SERVER_CIPHERS"`
 		MinimumKeySizeCheck          bool           `ini:"MINIMUM_KEY_SIZE_CHECK"`
 		MinimumKeySizes              map[string]int `ini:"-"` // Load from [ssh.minimum_key_sizes]
 		RewriteAuthorizedKeysAtStart bool           `ini:"REWRITE_AUTHORIZED_KEYS_AT_START"`
 	}
 )
 // transferDeprecated transfers deprecated values to the new ones when set.
 func transferDeprecated() {
 	if App.AppName != "" {
 		App.BrandName = App.AppName
 		App.AppName = ""
 	}
 	if Server.RootURL != "" {
 		Server.ExternalURL = Server.RootURL
 		Server.RootURL = ""
 	}
 	if Server.LangdingPage == "explore" {
 		Server.LandingURL = "/explore"
 		Server.LangdingPage = ""
 	}
 }
--- a/internal/setting/computed_minwinsvc.go
+++ b/internal/setting/computed_minwinsvc.go
@ -4,12 +4,12 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
-package setting
+package conf
 import (
 	_ "github.com/gogs/minwinsvc"
 )
 func init() {
-	supportWindowsService = true
+	HasMinWinSvc = true
 }
--- a/internal/conf/utils.go
+++ b/internal/conf/utils.go
@ -0,0 +1,27 @@
 // Copyright 2020 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package conf
 import (
 	"strings"
 	"github.com/pkg/errors"
 	"gogs.io/gogs/internal/process"
 )
 // openSSHVersion returns string representation of OpenSSH version via command "ssh -V".
 func openSSHVersion() (string, error) {
 	// NOTE: Somehow the version is printed to stderr.
 	_, stderr, err := process.Exec("conf.openSSHVersion", "ssh", "-V")
 	if err != nil {
 		return "", errors.Wrap(err, stderr)
 	}
 	// Trim unused information, see https://github.com/gogs/gogs/issues/4507#issuecomment-305150441.
 	v := strings.TrimRight(strings.Fields(stderr)[0], ",1234567890")
 	v = strings.TrimSuffix(strings.TrimPrefix(v, "OpenSSH_"), "p")
 	return v, nil
 }
--- a/internal/context/api.go
+++ b/internal/context/api.go
@ -13,7 +13,7 @@ import (
 	"gopkg.in/macaron.v1"
 	log "unknwon.dev/clog/v2"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 type APIContext struct {
@ -79,16 +79,16 @@ func (c *APIContext) SetLinkHeader(total, pageSize int) {
 	page := paginater.New(total, pageSize, c.QueryInt("page"), 0)
 	links := make([]string, 0, 4)
 	if page.HasNext() {
-		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"next\"", setting.AppURL, c.Req.URL.Path[1:], page.Next()))
+		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"next\"", conf.Server.ExternalURL, c.Req.URL.Path[1:], page.Next()))
 	}
 	if !page.IsLast() {
-		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"last\"", setting.AppURL, c.Req.URL.Path[1:], page.TotalPages()))
+		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"last\"", conf.Server.ExternalURL, c.Req.URL.Path[1:], page.TotalPages()))
 	}
 	if !page.IsFirst() {
-		links = append(links, fmt.Sprintf("<%s%s?page=1>; rel=\"first\"", setting.AppURL, c.Req.URL.Path[1:]))
+		links = append(links, fmt.Sprintf("<%s%s?page=1>; rel=\"first\"", conf.Server.ExternalURL, c.Req.URL.Path[1:]))
 	}
 	if page.HasPrevious() {
-		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"prev\"", setting.AppURL, c.Req.URL.Path[1:], page.Previous()))
+		links = append(links, fmt.Sprintf("<%s%s?page=%d>; rel=\"prev\"", conf.Server.ExternalURL, c.Req.URL.Path[1:], page.Previous()))
 	}
 	if len(links) > 0 {
@ -100,7 +100,7 @@ func APIContexter() macaron.Handler {
 	return func(ctx *Context) {
 		c := &APIContext{
 			Context: ctx,
-			BaseURL: setting.AppURL + "api/v1",
+			BaseURL: conf.Server.ExternalURL + "api/v1",
 		}
 		ctx.Map(c)
 	}
--- a/internal/context/auth.go
+++ b/internal/context/auth.go
@ -13,7 +13,7 @@ import (
 	"gopkg.in/macaron.v1"
 	"gogs.io/gogs/internal/auth"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -27,8 +27,8 @@ type ToggleOptions struct {
 func Toggle(options *ToggleOptions) macaron.Handler {
 	return func(c *Context) {
 		// Cannot view any page before installation.
-		if !setting.InstallLock {
+		if !conf.InstallLock {
-			c.Redirect(setting.AppSubURL + "/install")
+			c.Redirect(conf.Server.Subpath + "/install")
 			return
 		}
@ -40,14 +40,14 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		}
 		// Check non-logged users landing page.
-		if !c.IsLogged && c.Req.RequestURI == "/" && setting.LandingPageURL != setting.LANDING_PAGE_HOME {
+		if !c.IsLogged && c.Req.RequestURI == "/" && conf.Server.LandingURL != "/" {
-			c.Redirect(setting.AppSubURL + string(setting.LandingPageURL))
+			c.Redirect(conf.Server.LandingURL)
 			return
 		}
 		// Redirect to dashboard if user tries to visit any non-login page.
 		if options.SignOutRequired && c.IsLogged && c.Req.RequestURI != "/" {
-			c.Redirect(setting.AppSubURL + "/")
+			c.Redirect(conf.Server.Subpath + "/")
 			return
 		}
@ -68,10 +68,10 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 					return
 				}
-				c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+c.Req.RequestURI), 0, setting.AppSubURL)
+				c.SetCookie("redirect_to", url.QueryEscape(conf.Server.Subpath+c.Req.RequestURI), 0, conf.Server.Subpath)
-				c.Redirect(setting.AppSubURL + "/user/login")
+				c.Redirect(conf.Server.Subpath + "/user/login")
 				return
-			} else if !c.User.IsActive && setting.Service.RegisterEmailConfirm {
+			} else if !c.User.IsActive && conf.Service.RegisterEmailConfirm {
 				c.Data["Title"] = c.Tr("auth.active_your_account")
 				c.HTML(200, "user/auth/activate")
 				return
@ -80,9 +80,9 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		// Redirect to log in page if auto-signin info is provided and has not signed in.
 		if !options.SignOutRequired && !c.IsLogged && !auth.IsAPIPath(c.Req.URL.Path) &&
-			len(c.GetCookie(setting.CookieUserName)) > 0 {
+			len(c.GetCookie(conf.CookieUserName)) > 0 {
-			c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+c.Req.RequestURI), 0, setting.AppSubURL)
+			c.SetCookie("redirect_to", url.QueryEscape(conf.Server.Subpath+c.Req.RequestURI), 0, conf.Server.Subpath)
-			c.Redirect(setting.AppSubURL + "/user/login")
+			c.Redirect(conf.Server.Subpath + "/user/login")
 			return
 		}
--- a/internal/context/context.go
+++ b/internal/context/context.go
@ -21,10 +21,10 @@ import (
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/auth"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/template"
 )
@ -151,9 +151,9 @@ func (c *Context) Redirect(location string, status ...int) {
 }
 // SubURLRedirect responses redirection wtih given location and status.
-// It prepends setting.AppSubURL to the location string.
+// It prepends setting.Server.Subpath to the location string.
 func (c *Context) SubURLRedirect(location string, status ...int) {
-	c.Redirect(setting.AppSubURL+location, status...)
+	c.Redirect(conf.Server.Subpath+location, status...)
 }
 // RenderWithErr used for page has form validation but need to prompt error to users.
@ -174,7 +174,7 @@ func (c *Context) Handle(status int, msg string, err error) {
 	case http.StatusInternalServerError:
 		c.Data["Title"] = "Internal Server Error"
 		log.Error("%s: %v", msg, err)
-		if !setting.ProdMode || (c.IsLogged && c.User.IsAdmin) {
+		if !conf.IsProdMode() || (c.IsLogged && c.User.IsAdmin) {
 			c.Data["ErrorMsg"] = err
 		}
 	}
@ -233,7 +233,7 @@ func Contexter() macaron.Handler {
 			csrf:    x,
 			Flash:   f,
 			Session: sess,
-			Link:    setting.AppSubURL + strings.TrimSuffix(ctx.Req.URL.Path, "/"),
+			Link:    conf.Server.Subpath + strings.TrimSuffix(ctx.Req.URL.Path, "/"),
 			Repo: &Repository{
 				PullRequest: &PullRequest{},
 			},
@ -263,9 +263,9 @@ func Contexter() macaron.Handler {
 				branchName = repo.DefaultBranch
 			}
-			prefix := setting.AppURL + path.Join(ownerName, repoName, "src", branchName)
+			prefix := conf.Server.ExternalURL + path.Join(ownerName, repoName, "src", branchName)
 			insecureFlag := ""
-			if !strings.HasPrefix(setting.AppURL, "https://") {
+			if !strings.HasPrefix(conf.Server.ExternalURL, "https://") {
 				insecureFlag = "--insecure "
 			}
 			c.PlainText(http.StatusOK, []byte(com.Expand(`<!doctype html>
@ -279,7 +279,7 @@ func Contexter() macaron.Handler {
 	</body>
 </html>
 `, map[string]string{
-				"GoGetImport":    path.Join(setting.HostAddress, setting.AppSubURL, repo.FullName()),
+				"GoGetImport":    path.Join(conf.Server.URL.Host, conf.Server.Subpath, repo.FullName()),
 				"CloneLink":      db.ComposeHTTPSCloneURL(ownerName, repoName),
 				"GoDocDirectory": prefix + "{/dir}",
 				"GoDocFile":      prefix + "{/dir}/{file}#L{line}",
@ -288,8 +288,8 @@ func Contexter() macaron.Handler {
 			return
 		}
-		if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
+		if len(conf.HTTP.AccessControlAllowOrigin) > 0 {
-			c.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
+			c.Header().Set("Access-Control-Allow-Origin", conf.HTTP.AccessControlAllowOrigin)
 			c.Header().Set("'Access-Control-Allow-Credentials' ", "true")
 			c.Header().Set("Access-Control-Max-Age", "3600")
 			c.Header().Set("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With")
@ -312,7 +312,7 @@ func Contexter() macaron.Handler {
 		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
 		if c.Req.Method == "POST" && strings.Contains(c.Req.Header.Get("Content-Type"), "multipart/form-data") {
-			if err := c.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
+			if err := c.Req.ParseMultipartForm(conf.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
 				c.ServerError("ParseMultipartForm", err)
 				return
 			}
@ -323,8 +323,8 @@ func Contexter() macaron.Handler {
 		log.Trace("Session ID: %s", sess.ID())
 		log.Trace("CSRF Token: %v", c.Data["CSRFToken"])
-		c.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
+		c.Data["ShowRegistrationButton"] = conf.Service.ShowRegistrationButton
-		c.Data["ShowFooterBranding"] = setting.ShowFooterBranding
+		c.Data["ShowFooterBranding"] = conf.ShowFooterBranding
 		c.renderNoticeBanner()
--- a/internal/context/notice.go
+++ b/internal/context/notice.go
@ -6,20 +6,20 @@ package context
 import (
 	"os"
-	"path"
+	"path/filepath"
 	"github.com/unknwon/com"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
 // renderNoticeBanner checks if a notice banner file exists and loads the message to display
 // on all pages.
 func (c *Context) renderNoticeBanner() {
-	fpath := path.Join(setting.CustomPath, "notice", "banner.md")
+	fpath := filepath.Join(conf.CustomDir(), "notice", "banner.md")
 	if !com.IsExist(fpath) {
 		return
 	}
--- a/internal/context/org.go
+++ b/internal/context/org.go
@ -9,9 +9,9 @@ import (
 	"gopkg.in/macaron.v1"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 type Organization struct {
@ -91,7 +91,7 @@ func HandleOrgAssignment(c *Context, args ...bool) {
 	c.Data["IsOrganizationOwner"] = c.Org.IsOwner
 	c.Data["IsOrganizationMember"] = c.Org.IsMember
-	c.Org.OrgLink = setting.AppSubURL + "/org/" + org.Name
+	c.Org.OrgLink = conf.Server.Subpath + "/org/" + org.Name
 	c.Data["OrgLink"] = c.Org.OrgLink
 	// Team.
--- a/internal/context/repo.go
+++ b/internal/context/repo.go
@ -17,7 +17,7 @@ import (
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 type PullRequest struct {
@ -248,8 +248,8 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		c.Data["IsRepositoryAdmin"] = c.Repo.IsAdmin()
 		c.Data["IsRepositoryWriter"] = c.Repo.IsWriter()
-		c.Data["DisableSSH"] = setting.SSH.Disabled
+		c.Data["DisableSSH"] = conf.SSH.Disabled
-		c.Data["DisableHTTP"] = setting.Repository.DisableHTTPGit
+		c.Data["DisableHTTP"] = conf.Repository.DisableHTTPGit
 		c.Data["CloneLink"] = repo.CloneLink()
 		c.Data["WikiCloneLink"] = repo.WikiCloneLink()
--- a/internal/cron/cron.go
+++ b/internal/cron/cron.go
@ -12,7 +12,7 @@ import (
 	"github.com/gogs/cron"
 	"gogs.io/gogs/internal/db"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 var c = cron.New()
@ -22,45 +22,45 @@ func NewContext() {
 		entry *cron.Entry
 		err   error
 	)
-	if setting.Cron.UpdateMirror.Enabled {
+	if conf.Cron.UpdateMirror.Enabled {
-		entry, err = c.AddFunc("Update mirrors", setting.Cron.UpdateMirror.Schedule, db.MirrorUpdate)
+		entry, err = c.AddFunc("Update mirrors", conf.Cron.UpdateMirror.Schedule, db.MirrorUpdate)
 		if err != nil {
 			log.Fatal("Cron.(update mirrors): %v", err)
 		}
-		if setting.Cron.UpdateMirror.RunAtStart {
+		if conf.Cron.UpdateMirror.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
 			go db.MirrorUpdate()
 		}
 	}
-	if setting.Cron.RepoHealthCheck.Enabled {
+	if conf.Cron.RepoHealthCheck.Enabled {
-		entry, err = c.AddFunc("Repository health check", setting.Cron.RepoHealthCheck.Schedule, db.GitFsck)
+		entry, err = c.AddFunc("Repository health check", conf.Cron.RepoHealthCheck.Schedule, db.GitFsck)
 		if err != nil {
 			log.Fatal("Cron.(repository health check): %v", err)
 		}
-		if setting.Cron.RepoHealthCheck.RunAtStart {
+		if conf.Cron.RepoHealthCheck.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
 			go db.GitFsck()
 		}
 	}
-	if setting.Cron.CheckRepoStats.Enabled {
+	if conf.Cron.CheckRepoStats.Enabled {
-		entry, err = c.AddFunc("Check repository statistics", setting.Cron.CheckRepoStats.Schedule, db.CheckRepoStats)
+		entry, err = c.AddFunc("Check repository statistics", conf.Cron.CheckRepoStats.Schedule, db.CheckRepoStats)
 		if err != nil {
 			log.Fatal("Cron.(check repository statistics): %v", err)
 		}
-		if setting.Cron.CheckRepoStats.RunAtStart {
+		if conf.Cron.CheckRepoStats.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
 			go db.CheckRepoStats()
 		}
 	}
-	if setting.Cron.RepoArchiveCleanup.Enabled {
+	if conf.Cron.RepoArchiveCleanup.Enabled {
-		entry, err = c.AddFunc("Repository archive cleanup", setting.Cron.RepoArchiveCleanup.Schedule, db.DeleteOldRepositoryArchives)
+		entry, err = c.AddFunc("Repository archive cleanup", conf.Cron.RepoArchiveCleanup.Schedule, db.DeleteOldRepositoryArchives)
 		if err != nil {
 			log.Fatal("Cron.(repository archive cleanup): %v", err)
 		}
-		if setting.Cron.RepoArchiveCleanup.RunAtStart {
+		if conf.Cron.RepoArchiveCleanup.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
 			go db.DeleteOldRepositoryArchives()
--- a/internal/db/action.go
+++ b/internal/db/action.go
@ -19,9 +19,9 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/lazyregexp"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -134,8 +134,8 @@ func (a *Action) ShortRepoPath() string {
 }
 func (a *Action) GetRepoLink() string {
-	if len(setting.AppSubURL) > 0 {
+	if conf.Server.Subpath != "" {
-		return path.Join(setting.AppSubURL, a.GetRepoPath())
+		return path.Join(conf.Server.Subpath, a.GetRepoPath())
 	}
 	return "/" + a.GetRepoPath()
 }
@ -495,8 +495,8 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 		}
 	}
-	if len(opts.Commits.Commits) > setting.UI.FeedMaxCommitNum {
+	if len(opts.Commits.Commits) > conf.UI.FeedMaxCommitNum {
-		opts.Commits.Commits = opts.Commits.Commits[:setting.UI.FeedMaxCommitNum]
+		opts.Commits.Commits = opts.Commits.Commits[:conf.UI.FeedMaxCommitNum]
 	}
 	data, err := jsoniter.Marshal(opts.Commits)
@ -540,7 +540,7 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 			return nil
 		}
-		compareURL := setting.AppURL + opts.Commits.CompareURL
+		compareURL := conf.Server.ExternalURL + opts.Commits.CompareURL
 		if isNewRef {
 			compareURL = ""
 			if err = PrepareWebhooks(repo, HOOK_EVENT_CREATE, &api.CreatePayload{
@ -692,8 +692,8 @@ type MirrorSyncPushActionOptions struct {
 // MirrorSyncPushAction adds new action for mirror synchronization of pushed commits.
 func MirrorSyncPushAction(repo *Repository, opts MirrorSyncPushActionOptions) error {
-	if len(opts.Commits.Commits) > setting.UI.FeedMaxCommitNum {
+	if len(opts.Commits.Commits) > conf.UI.FeedMaxCommitNum {
-		opts.Commits.Commits = opts.Commits.Commits[:setting.UI.FeedMaxCommitNum]
+		opts.Commits.Commits = opts.Commits.Commits[:conf.UI.FeedMaxCommitNum]
 	}
 	apiCommits, err := opts.Commits.ToApiPayloadCommits(repo.RepoPath(), repo.HTMLURL())
@ -707,7 +707,7 @@ func MirrorSyncPushAction(repo *Repository, opts MirrorSyncPushActionOptions) er
 		Ref:        opts.RefName,
 		Before:     opts.OldCommitID,
 		After:      opts.NewCommitID,
-		CompareURL: setting.AppURL + opts.Commits.CompareURL,
+		CompareURL: conf.Server.ExternalURL + opts.Commits.CompareURL,
 		Commits:    apiCommits,
 		Repo:       repo.APIFormat(nil),
 		Pusher:     apiPusher,
@ -738,8 +738,8 @@ func MirrorSyncDeleteAction(repo *Repository, refName string) error {
 // actorID is the user who's requesting, ctxUserID is the user/org that is requested.
 // actorID can be -1 when isProfile is true or to skip the permission check.
 func GetFeeds(ctxUser *User, actorID, afterID int64, isProfile bool) ([]*Action, error) {
-	actions := make([]*Action, 0, setting.UI.User.NewsFeedPagingNum)
+	actions := make([]*Action, 0, conf.UI.User.NewsFeedPagingNum)
-	sess := x.Limit(setting.UI.User.NewsFeedPagingNum).Where("user_id = ?", ctxUser.ID).Desc("id")
+	sess := x.Limit(conf.UI.User.NewsFeedPagingNum).Where("user_id = ?", ctxUser.ID).Desc("id")
 	if afterID > 0 {
 		sess.And("id < ?", afterID)
 	}
--- a/internal/db/attachment.go
+++ b/internal/db/attachment.go
@ -15,7 +15,7 @@ import (
 	gouuid "github.com/satori/go.uuid"
 	"xorm.io/xorm"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 // Attachment represent a attachment of issue/comment/release.
@ -44,7 +44,7 @@ func (a *Attachment) AfterSet(colName string, _ xorm.Cell) {
 // AttachmentLocalPath returns where attachment is stored in local file system based on given UUID.
 func AttachmentLocalPath(uuid string) string {
-	return path.Join(setting.AttachmentPath, uuid[0:1], uuid[1:2], uuid)
+	return path.Join(conf.AttachmentPath, uuid[0:1], uuid[1:2], uuid)
 }
 // LocalPath returns where attachment is stored in local file system.
--- a/internal/db/git_diff.go
+++ b/internal/db/git_diff.go
@ -17,7 +17,7 @@ import (
 	"github.com/gogs/git-module"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/template/highlight"
 	"gogs.io/gogs/internal/tool"
 )
@ -69,7 +69,7 @@ func init() {
 // ComputedInlineDiffFor computes inline diff for the given line.
 func (diffSection *DiffSection) ComputedInlineDiffFor(diffLine *git.DiffLine) template.HTML {
-	if setting.Git.DisableDiffHighlight {
+	if conf.Git.DisableDiffHighlight {
 		return template.HTML(html.EscapeString(diffLine.Content[1:]))
 	}
 	var (
--- a/internal/db/issue.go
+++ b/internal/db/issue.go
@ -16,7 +16,7 @@ import (
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/db/errors"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -969,9 +969,9 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
 		return make([]*Issue, 0), nil
 	}
-	sess.Limit(setting.UI.IssuePagingNum, (opts.Page-1)*setting.UI.IssuePagingNum)
+	sess.Limit(conf.UI.IssuePagingNum, (opts.Page-1)*conf.UI.IssuePagingNum)
-	issues := make([]*Issue, 0, setting.UI.IssuePagingNum)
+	issues := make([]*Issue, 0, conf.UI.IssuePagingNum)
 	if err := sess.Find(&issues); err != nil {
 		return nil, fmt.Errorf("Find: %v", err)
 	}
--- a/internal/db/issue_mail.go
+++ b/internal/db/issue_mail.go
@ -12,7 +12,7 @@ import (
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/markup"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func (issue *Issue) MailSubject() string {
@ -95,7 +95,7 @@ func NewMailerIssue(issue *Issue) mailer.Issue {
 // 1. Repository watchers, users who participated in comments and the assignee.
 // 2. Users who are not in 1. but get mentioned in current issue/comment.
 func mailIssueCommentToParticipants(issue *Issue, doer *User, mentions []string) error {
-	if !setting.Service.EnableNotifyMail {
+	if !conf.Service.EnableNotifyMail {
 		return nil
 	}
--- a/internal/db/login_source.go
+++ b/internal/db/login_source.go
@ -11,7 +11,7 @@ import (
 	"net/smtp"
 	"net/textproto"
 	"os"
-	"path"
+	"path/filepath"
 	"strings"
 	"sync"
 	"time"
@ -27,8 +27,8 @@ import (
 	"gogs.io/gogs/internal/auth/github"
 	"gogs.io/gogs/internal/auth/ldap"
 	"gogs.io/gogs/internal/auth/pam"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 type LoginType int
@ -462,7 +462,7 @@ var localLoginSources = &LocalLoginSources{}
 // LoadAuthSources loads authentication sources from local files
 // and converts them into login sources.
 func LoadAuthSources() {
-	authdPath := path.Join(setting.CustomPath, "conf/auth.d")
+	authdPath := filepath.Join(conf.CustomDir(), "conf", "auth.d")
 	if !com.IsDir(authdPath) {
 		return
 	}
--- a/internal/db/migrations/v15.go
+++ b/internal/db/migrations/v15.go
@ -15,8 +15,8 @@ import (
 	log "unknwon.dev/clog/v2"
 	"xorm.io/xorm"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/setting"
 )
 func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
@ -32,18 +32,18 @@ func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
 	var (
 		hookNames = []string{"pre-receive", "update", "post-receive"}
 		hookTpls  = []string{
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", conf.ScriptType, conf.AppPath(), conf.CustomConf),
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", conf.ScriptType, conf.AppPath(), conf.CustomConf),
-			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
+			fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", conf.ScriptType, conf.AppPath(), conf.CustomConf),
 		}
 	)
 	// Cleanup old update.log and http.log files.
-	filepath.Walk(setting.LogRootPath, func(path string, info os.FileInfo, err error) error {
+	_ = filepath.Walk(conf.LogRootPath, func(path string, info os.FileInfo, err error) error {
 		if !info.IsDir() &&
 			(strings.HasPrefix(filepath.Base(path), "update.log") ||
 				strings.HasPrefix(filepath.Base(path), "http.log")) {
-			os.Remove(path)
+			_ = os.Remove(path)
 		}
 		return nil
 	})
@ -63,7 +63,7 @@ func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
 				return nil
 			}
-			repoBase := filepath.Join(setting.RepoRootPath, strings.ToLower(user.Name), strings.ToLower(repo.Name))
+			repoBase := filepath.Join(conf.RepoRootPath, strings.ToLower(user.Name), strings.ToLower(repo.Name))
 			repoPath := repoBase + ".git"
 			wikiPath := repoBase + ".wiki.git"
 			log.Trace("[%04d]: %s", idx, repoPath)
@ -82,7 +82,7 @@ func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
 				// In case user runs this migration multiple times, and custom hook exists,
 				// we assume it's been migrated already.
 				if hookName != "update" && osutil.IsFile(oldHookPath) && !com.IsExist(customHookDir) {
-					os.MkdirAll(customHookDir, os.ModePerm)
+					_ = os.MkdirAll(customHookDir, os.ModePerm)
 					if err = os.Rename(oldHookPath, newHookPath); err != nil {
 						return fmt.Errorf("move hook file to custom directory '%s' -> '%s': %v", oldHookPath, newHookPath, err)
 					}
@ -93,7 +93,7 @@ func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
 				}
 				if com.IsDir(wikiPath) {
-					os.MkdirAll(wikiHookDir, os.ModePerm)
+					_ = os.MkdirAll(wikiHookDir, os.ModePerm)
 					wikiHookPath := filepath.Join(wikiHookDir, hookName)
 					if err = ioutil.WriteFile(wikiHookPath, []byte(hookTpls[i]), os.ModePerm); err != nil {
 						return fmt.Errorf("write wiki hook file '%s': %v", wikiHookPath, err)
--- a/internal/db/migrations/v16.go
+++ b/internal/db/migrations/v16.go
@ -14,7 +14,7 @@ import (
 	"github.com/gogs/git-module"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func updateRepositorySizes(x *xorm.Engine) (err error) {
@ -60,7 +60,7 @@ func updateRepositorySizes(x *xorm.Engine) (err error) {
 				continue
 			}
-			repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(user.Name), strings.ToLower(repo.Name)) + ".git"
+			repoPath := filepath.Join(conf.RepoRootPath, strings.ToLower(user.Name), strings.ToLower(repo.Name)) + ".git"
 			countObject, err := git.GetRepoSize(repoPath)
 			if err != nil {
 				log.Warn("GetRepoSize: %v", err)
--- a/internal/db/migrations/v18.go
+++ b/internal/db/migrations/v18.go
@ -9,7 +9,7 @@ import (
 	"xorm.io/xorm"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func updateRepositoryDescriptionField(x *xorm.Engine) error {
@ -20,13 +20,13 @@ func updateRepositoryDescriptionField(x *xorm.Engine) error {
 		return nil
 	}
 	switch {
-		case setting.UseMySQL:
+		case conf.UseMySQL:
 			_, err = x.Exec("ALTER TABLE `repository` MODIFY `description` VARCHAR(512);")
-		case setting.UseMSSQL:
+		case conf.UseMSSQL:
 			_, err = x.Exec("ALTER TABLE `repository` ALTER COLUMN `description` VARCHAR(512);")
-		case setting.UsePostgreSQL:
+		case conf.UsePostgreSQL:
 			_, err = x.Exec("ALTER TABLE `repository` ALTER COLUMN `description` TYPE VARCHAR(512);")
-		case setting.UseSQLite3:
+		case conf.UseSQLite3:
 			// Sqlite3 uses TEXT type by default for any string type field.
 			// Keep this comment to mention that we don't missed any option.
 	}
--- a/internal/db/milestone.go
+++ b/internal/db/milestone.go
@ -13,7 +13,7 @@ import (
 	api "github.com/gogs/go-gogs-client"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 // Milestone represents a milestone of repository.
@ -157,10 +157,10 @@ func GetMilestonesByRepoID(repoID int64) ([]*Milestone, error) {
 // GetMilestones returns a list of milestones of given repository and status.
 func GetMilestones(repoID int64, page int, isClosed bool) ([]*Milestone, error) {
-	miles := make([]*Milestone, 0, setting.UI.IssuePagingNum)
+	miles := make([]*Milestone, 0, conf.UI.IssuePagingNum)
 	sess := x.Where("repo_id = ? AND is_closed = ?", repoID, isClosed)
 	if page > 0 {
-		sess = sess.Limit(setting.UI.IssuePagingNum, (page-1)*setting.UI.IssuePagingNum)
+		sess = sess.Limit(conf.UI.IssuePagingNum, (page-1)*conf.UI.IssuePagingNum)
 	}
 	return miles, sess.Find(&miles)
 }
--- a/internal/db/mirror.go
+++ b/internal/db/mirror.go
@ -20,11 +20,11 @@ import (
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/process"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/sync"
 )
-var MirrorQueue = sync.NewUniqueQueue(setting.Repository.MirrorQueueLength)
+var MirrorQueue = sync.NewUniqueQueue(conf.Repository.MirrorQueueLength)
 // Mirror represents mirror information of a repository.
 type Mirror struct {
@ -258,7 +258,7 @@ func parseRemoteUpdateOutput(output string) []*mirrorSyncResult {
 func (m *Mirror) runSync() ([]*mirrorSyncResult, bool) {
 	repoPath := m.Repo.RepoPath()
 	wikiPath := m.Repo.WikiPath()
-	timeout := time.Duration(setting.Git.Timeout.Mirror) * time.Second
+	timeout := time.Duration(conf.Git.Timeout.Mirror) * time.Second
 	// Do a fast-fail testing against on repository URL to ensure it is accessible under
 	// good condition to prevent long blocking on URL resolution without syncing anything.
--- a/internal/db/models.go
+++ b/internal/db/models.go
@ -24,8 +24,8 @@ import (
 	"xorm.io/core"
 	"xorm.io/xorm"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/migrations"
 	"gogs.io/gogs/internal/setting"
 )
 // Engine represents a XORM engine or session.
@ -75,17 +75,17 @@ func init() {
 }
 func LoadConfigs() {
-	sec := setting.Cfg.Section("database")
+	sec := conf.File.Section("database")
 	DbCfg.Type = sec.Key("DB_TYPE").String()
 	switch DbCfg.Type {
 	case "sqlite3":
-		setting.UseSQLite3 = true
+		conf.UseSQLite3 = true
 	case "mysql":
-		setting.UseMySQL = true
+		conf.UseMySQL = true
 	case "postgres":
-		setting.UsePostgreSQL = true
+		conf.UsePostgreSQL = true
 	case "mssql":
-		setting.UseMSSQL = true
+		conf.UseMSSQL = true
 	}
 	DbCfg.Host = sec.Key("HOST").String()
 	DbCfg.Name = sec.Key("NAME").String()
@ -189,8 +189,8 @@ func SetEngine() (err error) {
 	// WARNING: for serv command, MUST remove the output to os.stdout,
 	// so use log file to instead print to stdout.
-	sec := setting.Cfg.Section("log.xorm")
+	sec := conf.File.Section("log.xorm")
-	logger, err := log.NewFileWriter(path.Join(setting.LogRootPath, "xorm.log"),
+	logger, err := log.NewFileWriter(path.Join(conf.LogRootPath, "xorm.log"),
 		log.FileRotationConfig{
 			Rotate:  sec.Key("ROTATE").MustBool(true),
 			Daily:   sec.Key("ROTATE_DAILY").MustBool(true),
@ -206,7 +206,7 @@ func SetEngine() (err error) {
 	x.SetMaxIdleConns(0)
 	x.SetConnMaxLifetime(time.Second)
-	if setting.ProdMode {
+	if conf.IsProdMode() {
 		x.SetLogger(xorm.NewSimpleLogger3(logger, xorm.DEFAULT_LOG_PREFIX, xorm.DEFAULT_LOG_FLAG, core.LOG_WARNING))
 	} else {
 		x.SetLogger(xorm.NewSimpleLogger(logger))
@ -389,7 +389,7 @@ func ImportDatabase(dirPath string, verbose bool) (err error) {
 		}
 		// PostgreSQL needs manually reset table sequence for auto increment keys
-		if setting.UsePostgreSQL {
+		if conf.UsePostgreSQL {
 			rawTableName := snakeMapper.Obj2Table(tableName)
 			seqName := rawTableName + "_id_seq"
 			if _, err = x.Exec(fmt.Sprintf(`SELECT setval('%s', COALESCE((SELECT MAX(id)+1 FROM "%s"), 1), false);`, seqName, rawTableName)); err != nil {
--- a/internal/db/pull.go
+++ b/internal/db/pull.go
@ -8,6 +8,7 @@ import (
 	"fmt"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"time"
@ -18,14 +19,14 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/process"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/sync"
 )
-var PullRequestQueue = sync.NewUniqueQueue(setting.Repository.PullRequestQueueLength)
+var PullRequestQueue = sync.NewUniqueQueue(conf.Repository.PullRequestQueueLength)
 type PullRequestType int
@ -218,9 +219,9 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
 	// Create temporary directory to store temporary copy of the base repository,
 	// and clean it up when operation finished regardless of succeed or not.
-	tmpBasePath := path.Join(setting.AppDataPath, "tmp/repos", com.ToStr(time.Now().Nanosecond())+".git")
+	tmpBasePath := filepath.Join(conf.Server.AppDataPath, "tmp", "repos", com.ToStr(time.Now().Nanosecond())+".git")
-	os.MkdirAll(path.Dir(tmpBasePath), os.ModePerm)
+	os.MkdirAll(filepath.Dir(tmpBasePath), os.ModePerm)
-	defer os.RemoveAll(path.Dir(tmpBasePath))
+	defer os.RemoveAll(filepath.Dir(tmpBasePath))
 	// Clone the base repository to the defined temporary directory,
 	// and checks out to base branch directly.
@ -378,7 +379,7 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
 		Ref:        git.BRANCH_PREFIX + pr.BaseBranch,
 		Before:     pr.MergeBase,
 		After:      mergeCommit.ID.String(),
-		CompareURL: setting.AppURL + pr.BaseRepo.ComposeCompareURL(pr.MergeBase, pr.MergedCommitID),
+		CompareURL: conf.Server.ExternalURL + pr.BaseRepo.ComposeCompareURL(pr.MergeBase, pr.MergedCommitID),
 		Commits:    commits,
 		Repo:       pr.BaseRepo.APIFormat(nil),
 		Pusher:     pr.HeadRepo.MustOwner().APIFormat(),
--- a/internal/db/repo.go
+++ b/internal/db/repo.go
@ -30,13 +30,12 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/assets/conf"
 	"gogs.io/gogs/internal/avatar"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/process"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/sync"
 )
@ -61,7 +60,7 @@ func LoadRepoConfig() {
 		if err != nil {
 			log.Fatal("Failed to get %s files: %v", t, err)
 		}
-		customPath := path.Join(setting.CustomPath, "conf", t)
+		customPath := filepath.Join(conf.CustomDir(), "conf", t)
 		if com.IsDir(customPath) {
 			customFiles, err := com.StatDir(customPath)
 			if err != nil {
@ -88,13 +87,13 @@ func LoadRepoConfig() {
 	// Filter out invalid names and promote preferred licenses.
 	sortedLicenses := make([]string, 0, len(Licenses))
-	for _, name := range setting.Repository.PreferredLicenses {
+	for _, name := range conf.Repository.PreferredLicenses {
 		if com.IsSliceContainsStr(Licenses, name) {
 			sortedLicenses = append(sortedLicenses, name)
 		}
 	}
 	for _, name := range Licenses {
-		if !com.IsSliceContainsStr(setting.Repository.PreferredLicenses, name) {
+		if !com.IsSliceContainsStr(conf.Repository.PreferredLicenses, name) {
 			sortedLicenses = append(sortedLicenses, name)
 		}
 	}
@ -111,18 +110,18 @@ func NewRepoContext() {
 	// Check Git version.
 	var err error
-	setting.Git.Version, err = git.BinVersion()
+	conf.Git.Version, err = git.BinVersion()
 	if err != nil {
 		log.Fatal("Failed to get Git version: %v", err)
 	}
-	log.Trace("Git version: %s", setting.Git.Version)
+	log.Trace("Git version: %s", conf.Git.Version)
-	if version.Compare("1.8.3", setting.Git.Version, ">") {
+	if version.Compare("1.8.3", conf.Git.Version, ">") {
 		log.Fatal("Gogs requires Git version greater or equal to 1.8.3")
 	}
 	git.HookDir = "custom_hooks"
 	git.HookSampleDir = "hooks"
-	git.DefaultCommitsPageSize = setting.UI.User.CommitsPagingNum
+	git.DefaultCommitsPageSize = conf.UI.User.CommitsPagingNum
 	// Git requires setting user.name and user.email in order to commit changes.
 	for configKey, defaultValue := range map[string]string{"user.name": "Gogs", "user.email": "gogs@fake.local"} {
@ -145,7 +144,7 @@ func NewRepoContext() {
 		log.Fatal("Failed to execute 'git config --global core.quotepath false': %v - %s", err, stderr)
 	}
-	RemoveAllWithNotice("Clean up repository temporary data", filepath.Join(setting.AppDataPath, "tmp"))
+	RemoveAllWithNotice("Clean up repository temporary data", filepath.Join(conf.Server.AppDataPath, "tmp"))
 }
 // Repository contains information of a repository.
@ -292,12 +291,12 @@ func (repo *Repository) FullName() string {
 }
 func (repo *Repository) HTMLURL() string {
-	return setting.AppURL + repo.FullName()
+	return conf.Server.ExternalURL + repo.FullName()
 }
 // CustomAvatarPath returns repository custom avatar file path.
 func (repo *Repository) CustomAvatarPath() string {
-	return filepath.Join(setting.RepositoryAvatarUploadPath, com.ToStr(repo.ID))
+	return filepath.Join(conf.RepositoryAvatarUploadPath, com.ToStr(repo.ID))
 }
 // RelAvatarLink returns relative avatar link to the site domain,
@ -308,14 +307,14 @@ func (repo *Repository) RelAvatarLink() string {
 	if !com.IsExist(repo.CustomAvatarPath()) {
 		return defaultImgUrl
 	}
-	return fmt.Sprintf("%s/%s/%d", setting.AppSubURL, REPO_AVATAR_URL_PREFIX, repo.ID)
+	return fmt.Sprintf("%s/%s/%d", conf.Server.Subpath, REPO_AVATAR_URL_PREFIX, repo.ID)
 }
 // AvatarLink returns repository avatar absolute link.
 func (repo *Repository) AvatarLink() string {
 	link := repo.RelAvatarLink()
 	if link[0] == '/' && link[1] != '/' {
-		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
+		return conf.Server.ExternalURL + strings.TrimPrefix(link, conf.Server.Subpath)[1:]
 	}
 	return link
 }
@ -328,7 +327,7 @@ func (repo *Repository) UploadAvatar(data []byte) error {
 		return fmt.Errorf("decode image: %v", err)
 	}
-	os.MkdirAll(setting.RepositoryAvatarUploadPath, os.ModePerm)
+	_ = os.MkdirAll(conf.RepositoryAvatarUploadPath, os.ModePerm)
 	fw, err := os.Create(repo.CustomAvatarPath())
 	if err != nil {
 		return fmt.Errorf("create custom avatar directory: %v", err)
@ -546,7 +545,7 @@ func (repo *Repository) RelLink() string {
 }
 func (repo *Repository) Link() string {
-	return setting.AppSubURL + "/" + repo.FullName()
+	return conf.Server.Subpath + "/" + repo.FullName()
 }
 func (repo *Repository) ComposeCompareURL(oldCommitID, newCommitID string) string {
@ -593,7 +592,7 @@ func (repo *Repository) NextIssueIndex() int64 {
 }
 func (repo *Repository) LocalCopyPath() string {
-	return path.Join(setting.AppDataPath, "tmp/local-repo", com.ToStr(repo.ID))
+	return filepath.Join(conf.Server.AppDataPath, "tmp", "local-repo", com.ToStr(repo.ID))
 }
 // UpdateLocalCopy fetches latest changes of given branch from repoPath to localPath.
@ -609,7 +608,7 @@ func UpdateLocalCopyBranch(repoPath, localPath, branch string, isWiki bool) (err
 			branch = ""
 		}
 		if err = git.Clone(repoPath, localPath, git.CloneRepoOptions{
-			Timeout: time.Duration(setting.Git.Timeout.Clone) * time.Second,
+			Timeout: time.Duration(conf.Git.Timeout.Clone) * time.Second,
 			Branch:  branch,
 		}); err != nil {
 			return fmt.Errorf("git clone %s: %v", branch, err)
@ -685,7 +684,7 @@ type CloneLink struct {
 // ComposeHTTPSCloneURL returns HTTPS clone URL based on given owner and repository name.
 func ComposeHTTPSCloneURL(owner, repo string) string {
-	return fmt.Sprintf("%s%s/%s.git", setting.AppURL, owner, repo)
+	return fmt.Sprintf("%s%s/%s.git", conf.Server.ExternalURL, owner, repo)
 }
 func (repo *Repository) cloneLink(isWiki bool) *CloneLink {
@ -696,10 +695,10 @@ func (repo *Repository) cloneLink(isWiki bool) *CloneLink {
 	repo.Owner = repo.MustOwner()
 	cl := new(CloneLink)
-	if setting.SSH.Port != 22 {
+	if conf.SSH.Port != 22 {
-		cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.SSH.Domain, setting.SSH.Port, repo.Owner.Name, repoName)
+		cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", conf.App.RunUser, conf.SSH.Domain, conf.SSH.Port, repo.Owner.Name, repoName)
 	} else {
-		cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.SSH.Domain, repo.Owner.Name, repoName)
+		cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", conf.App.RunUser, conf.SSH.Domain, repo.Owner.Name, repoName)
 	}
 	cl.HTTPS = ComposeHTTPSCloneURL(repo.Owner.Name, repoName)
 	return cl
@ -764,7 +763,7 @@ func MigrateRepository(doer, owner *User, opts MigrateRepoOptions) (*Repository,
 		repo.NumWatches = 1
 	}
-	migrateTimeout := time.Duration(setting.Git.Timeout.Migrate) * time.Second
+	migrateTimeout := time.Duration(conf.Git.Timeout.Migrate) * time.Second
 	RemoveAllWithNotice("Repository path erase before creation", repoPath)
 	if err = git.Clone(opts.RemoteAddr, repoPath, git.CloneRepoOptions{
@ -820,9 +819,9 @@ func MigrateRepository(doer, owner *User, opts MigrateRepoOptions) (*Repository,
 	if opts.IsMirror {
 		if _, err = x.InsertOne(&Mirror{
 			RepoID:      repo.ID,
-			Interval:    setting.Mirror.DefaultInterval,
+			Interval:    conf.Mirror.DefaultInterval,
 			EnablePrune: true,
-			NextSync:    time.Now().Add(time.Duration(setting.Mirror.DefaultInterval) * time.Hour),
+			NextSync:    time.Now().Add(time.Duration(conf.Mirror.DefaultInterval) * time.Hour),
 		}); err != nil {
 			return repo, fmt.Errorf("InsertOne: %v", err)
 		}
@ -858,7 +857,7 @@ func createDelegateHooks(repoPath string) (err error) {
 	for _, name := range git.HookNames {
 		hookPath := filepath.Join(repoPath, "hooks", name)
 		if err = ioutil.WriteFile(hookPath,
-			[]byte(fmt.Sprintf(hooksTpls[name], setting.ScriptType, setting.AppPath, setting.CustomConf)),
+			[]byte(fmt.Sprintf(hooksTpls[name], conf.ScriptType, conf.AppPath(), conf.CustomConf)),
 			os.ModePerm); err != nil {
 			return fmt.Errorf("create delegate hook '%s': %v", hookPath, err)
 		}
@ -929,7 +928,7 @@ func getRepoInitFile(tp, name string) ([]byte, error) {
 	relPath := path.Join("conf", tp, strings.TrimLeft(path.Clean("/"+name), "/"))
 	// Use custom file when available.
-	customPath := path.Join(setting.CustomPath, relPath)
+	customPath := filepath.Join(conf.CustomDir(), relPath)
 	if osutil.IsFile(customPath) {
 		return ioutil.ReadFile(customPath)
 	}
@ -1768,7 +1767,7 @@ func DeleteOldRepositoryArchives() {
 	log.Trace("Doing: DeleteOldRepositoryArchives")
 	formats := []string{"zip", "targz"}
-	oldestTime := time.Now().Add(-setting.Cron.RepoArchiveCleanup.OlderThan)
+	oldestTime := time.Now().Add(-conf.Cron.RepoArchiveCleanup.OlderThan)
 	if err := x.Where("id > 0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
@ -1931,7 +1930,7 @@ func GitFsck() {
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
 			repoPath := repo.RepoPath()
-			if err := git.Fsck(repoPath, setting.Cron.RepoHealthCheck.Timeout, setting.Cron.RepoHealthCheck.Args...); err != nil {
+			if err := git.Fsck(repoPath, conf.Cron.RepoHealthCheck.Timeout, conf.Cron.RepoHealthCheck.Args...); err != nil {
 				desc := fmt.Sprintf("Failed to perform health check on repository '%s': %v", repoPath, err)
 				log.Warn(desc)
 				if err = CreateRepositoryNotice(desc); err != nil {
@ -1945,7 +1944,7 @@ func GitFsck() {
 }
 func GitGcRepos() error {
-	args := append([]string{"gc"}, setting.Git.GCArgs...)
+	args := append([]string{"gc"}, conf.Git.GCArgs...)
 	return x.Where("id > 0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
@ -1953,7 +1952,7 @@ func GitGcRepos() error {
 				return err
 			}
 			_, stderr, err := process.ExecDir(
-				time.Duration(setting.Git.Timeout.GC)*time.Second,
+				time.Duration(conf.Git.Timeout.GC)*time.Second,
 				RepoPath(repo.Owner.Name, repo.Name), "Repository garbage collection",
 				"git", args...)
 			if err != nil {
@ -2235,7 +2234,7 @@ func GetWatchers(repoID int64) ([]*Watch, error) {
 func (repo *Repository) GetWatchers(page int) ([]*User, error) {
 	users := make([]*User, 0, ItemsPerPage)
 	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("watch.repo_id=?", repo.ID)
-	if setting.UsePostgreSQL {
+	if conf.UsePostgreSQL {
 		sess = sess.Join("LEFT", "watch", `"user".id=watch.user_id`)
 	} else {
 		sess = sess.Join("LEFT", "watch", "user.id=watch.user_id")
@ -2326,7 +2325,7 @@ func IsStaring(userID, repoID int64) bool {
 func (repo *Repository) GetStargazers(page int) ([]*User, error) {
 	users := make([]*User, 0, ItemsPerPage)
 	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("star.repo_id=?", repo.ID)
-	if setting.UsePostgreSQL {
+	if conf.UsePostgreSQL {
 		sess = sess.Join("LEFT", "star", `"user".id=star.uid`)
 	} else {
 		sess = sess.Join("LEFT", "star", "user.id=star.uid")
--- a/internal/db/repo_editor.go
+++ b/internal/db/repo_editor.go
@ -24,7 +24,7 @@ import (
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/process"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -95,7 +95,7 @@ func (repo *Repository) DiscardLocalRepoBranchChanges(branch string) error {
 // checkoutNewBranch checks out to a new branch from the a branch name.
 func checkoutNewBranch(repoPath, localPath, oldBranch, newBranch string) error {
 	if err := git.Checkout(localPath, git.CheckoutOptions{
-		Timeout:   time.Duration(setting.Git.Timeout.Pull) * time.Second,
+		Timeout:   time.Duration(conf.Git.Timeout.Pull) * time.Second,
 		Branch:    newBranch,
 		OldBranch: oldBranch,
 	}); err != nil {
@ -231,7 +231,7 @@ func (repo *Repository) GetDiffPreview(branch, treePath, content string) (diff *
 	pid := process.Add(fmt.Sprintf("GetDiffPreview [repo_path: %s]", repo.RepoPath()), cmd)
 	defer process.Remove(pid)
-	diff, err = ParsePatch(setting.Git.MaxGitDiffLines, setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles, stdout)
+	diff, err = ParsePatch(conf.Git.MaxGitDiffLines, conf.Git.MaxGitDiffLineCharacters, conf.Git.MaxGitDiffFiles, stdout)
 	if err != nil {
 		return nil, fmt.Errorf("parse path: %v", err)
 	}
@ -318,7 +318,7 @@ type Upload struct {
 // UploadLocalPath returns where uploads is stored in local file system based on given UUID.
 func UploadLocalPath(uuid string) string {
-	return path.Join(setting.Repository.Upload.TempPath, uuid[0:1], uuid[1:2], uuid)
+	return path.Join(conf.Repository.Upload.TempPath, uuid[0:1], uuid[1:2], uuid)
 }
 // LocalPath returns where uploads are temporarily stored in local file system.
--- a/internal/db/ssh_key.go
+++ b/internal/db/ssh_key.go
@ -23,8 +23,8 @@ import (
 	log "unknwon.dev/clog/v2"
 	"xorm.io/xorm"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/process"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -84,7 +84,7 @@ func (k *PublicKey) OmitEmail() string {
 // AuthorizedString returns formatted public key string for authorized_keys file.
 func (k *PublicKey) AuthorizedString() string {
-	return fmt.Sprintf(_TPL_PUBLICK_KEY, setting.AppPath, k.ID, setting.CustomConf, k.Content)
+	return fmt.Sprintf(_TPL_PUBLICK_KEY, conf.AppPath(), k.ID, conf.CustomConf, k.Content)
 }
 // IsDeployKey returns true if the public key is used as deploy key.
@ -179,7 +179,7 @@ func parseKeyString(content string) (string, error) {
 // writeTmpKeyFile writes key content to a temporary file
 // and returns the name of that file, along with any possible errors.
 func writeTmpKeyFile(content string) (string, error) {
-	tmpFile, err := ioutil.TempFile(setting.SSH.KeyTestPath, "gogs_keytest")
+	tmpFile, err := ioutil.TempFile(conf.SSH.KeyTestPath, "gogs_keytest")
 	if err != nil {
 		return "", fmt.Errorf("TempFile: %v", err)
 	}
@ -199,7 +199,7 @@ func SSHKeyGenParsePublicKey(key string) (string, int, error) {
 	}
 	defer os.Remove(tmpName)
-	stdout, stderr, err := process.Exec("SSHKeyGenParsePublicKey", setting.SSH.KeygenPath, "-lf", tmpName)
+	stdout, stderr, err := process.Exec("SSHKeyGenParsePublicKey", conf.SSH.KeygenPath, "-lf", tmpName)
 	if err != nil {
 		return "", 0, fmt.Errorf("fail to parse public key: %s - %s", err, stderr)
 	}
@ -274,7 +274,7 @@ func SSHNativeParsePublicKey(keyLine string) (string, int, error) {
 // CheckPublicKeyString checks if the given public key string is recognized by SSH.
 // It returns the actual public key line on success.
 func CheckPublicKeyString(content string) (_ string, err error) {
-	if setting.SSH.Disabled {
+	if conf.SSH.Disabled {
 		return "", errors.New("SSH is disabled")
 	}
@ -291,7 +291,7 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 	// Remove any unnecessary whitespace
 	content = strings.TrimSpace(content)
-	if !setting.SSH.MinimumKeySizeCheck {
+	if !conf.SSH.MinimumKeySizeCheck {
 		return content, nil
 	}
@ -300,7 +300,7 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 		keyType string
 		length  int
 	)
-	if setting.SSH.StartBuiltinServer {
+	if conf.SSH.StartBuiltinServer {
 		fnName = "SSHNativeParsePublicKey"
 		keyType, length, err = SSHNativeParsePublicKey(content)
 	} else {
@ -310,9 +310,9 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 	if err != nil {
 		return "", fmt.Errorf("%s: %v", fnName, err)
 	}
-	log.Trace("Key info [native: %v]: %s-%d", setting.SSH.StartBuiltinServer, keyType, length)
+	log.Trace("Key info [native: %v]: %s-%d", conf.SSH.StartBuiltinServer, keyType, length)
-	if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length >= minLen {
+	if minLen, found := conf.SSH.MinimumKeySizes[keyType]; found && length >= minLen {
 		return content, nil
 	} else if found && length < minLen {
 		return "", fmt.Errorf("key length is not enough: got %d, needs %d", length, minLen)
@ -325,7 +325,7 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 	sshOpLocker.Lock()
 	defer sshOpLocker.Unlock()
-	fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
+	fpath := filepath.Join(conf.SSH.RootPath, "authorized_keys")
 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
 	if err != nil {
 		return err
@ -333,7 +333,7 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 	defer f.Close()
 	// Note: chmod command does not support in Windows.
-	if !setting.IsWindows {
+	if !conf.IsWindowsRuntime() {
 		fi, err := f.Stat()
 		if err != nil {
 			return err
@ -375,12 +375,12 @@ func addKey(e Engine, key *PublicKey) (err error) {
 	// Calculate fingerprint.
 	tmpPath := strings.Replace(path.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()),
 		"id_rsa.pub"), "\\", "/", -1)
-	os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
+	_ = os.MkdirAll(path.Dir(tmpPath), os.ModePerm)
 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
 		return err
 	}
-	stdout, stderr, err := process.Exec("AddPublicKey", setting.SSH.KeygenPath, "-lf", tmpPath)
+	stdout, stderr, err := process.Exec("AddPublicKey", conf.SSH.KeygenPath, "-lf", tmpPath)
 	if err != nil {
 		return fmt.Errorf("fail to parse public key: %s - %s", err, stderr)
 	} else if len(stdout) < 2 {
@ -394,7 +394,7 @@ func addKey(e Engine, key *PublicKey) (err error) {
 	}
 	// Don't need to rewrite this file if builtin SSH server is enabled.
-	if setting.SSH.StartBuiltinServer {
+	if conf.SSH.StartBuiltinServer {
 		return nil
 	}
 	return appendAuthorizedKeysToFile(key)
@ -523,8 +523,8 @@ func RewriteAuthorizedKeys() error {
 	log.Trace("Doing: RewriteAuthorizedKeys")
-	os.MkdirAll(setting.SSH.RootPath, os.ModePerm)
+	_ = os.MkdirAll(conf.SSH.RootPath, os.ModePerm)
-	fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
+	fpath := filepath.Join(conf.SSH.RootPath, "authorized_keys")
 	tmpPath := fpath + ".tmp"
 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
@ -536,7 +536,7 @@ func RewriteAuthorizedKeys() error {
 		_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
 		return err
 	})
-	f.Close()
+	_ = f.Close()
 	if err != nil {
 		return err
 	}
--- a/internal/db/ssh_key_test.go
+++ b/internal/db/ssh_key_test.go
@ -11,11 +11,11 @@ import (
 	. "github.com/smartystreets/goconvey/convey"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func init() {
-	setting.Init()
+	conf.MustInit("")
 }
 func Test_SSHParsePublicKey(t *testing.T) {
--- a/internal/db/two_factor.go
+++ b/internal/db/two_factor.go
@ -16,7 +16,7 @@ import (
 	"xorm.io/xorm"
 	"gogs.io/gogs/internal/db/errors"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -47,7 +47,7 @@ func (t *TwoFactor) ValidateTOTP(passcode string) (bool, error) {
 	if err != nil {
 		return false, fmt.Errorf("DecodeString: %v", err)
 	}
-	decryptSecret, err := com.AESGCMDecrypt(tool.MD5Bytes(setting.SecretKey), secret)
+	decryptSecret, err := com.AESGCMDecrypt(tool.MD5Bytes(conf.SecretKey), secret)
 	if err != nil {
 		return false, fmt.Errorf("AESGCMDecrypt: %v", err)
 	}
@ -85,7 +85,7 @@ func NewTwoFactor(userID int64, secret string) error {
 	}
 	// Encrypt secret
-	encryptSecret, err := com.AESGCMEncrypt(tool.MD5Bytes(setting.SecretKey), []byte(secret))
+	encryptSecret, err := com.AESGCMEncrypt(tool.MD5Bytes(conf.SecretKey), []byte(secret))
 	if err != nil {
 		return fmt.Errorf("AESGCMEncrypt: %v", err)
 	}
--- a/internal/db/user.go
+++ b/internal/db/user.go
@ -30,8 +30,8 @@ import (
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/avatar"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -152,23 +152,23 @@ func (u *User) HasForkedRepo(repoID int64) bool {
 func (u *User) RepoCreationNum() int {
 	if u.MaxRepoCreation <= -1 {
-		return setting.Repository.MaxCreationLimit
+		return conf.Repository.MaxCreationLimit
 	}
 	return u.MaxRepoCreation
 }
 func (u *User) CanCreateRepo() bool {
 	if u.MaxRepoCreation <= -1 {
-		if setting.Repository.MaxCreationLimit <= -1 {
+		if conf.Repository.MaxCreationLimit <= -1 {
 			return true
 		}
-		return u.NumRepos < setting.Repository.MaxCreationLimit
+		return u.NumRepos < conf.Repository.MaxCreationLimit
 	}
 	return u.NumRepos < u.MaxRepoCreation
 }
 func (u *User) CanCreateOrganization() bool {
-	return !setting.Admin.DisableRegularOrgCreation || u.IsAdmin
+	return !conf.Admin.DisableRegularOrgCreation || u.IsAdmin
 }
 // CanEditGitHook returns true if user can edit Git hooks.
@ -178,31 +178,31 @@ func (u *User) CanEditGitHook() bool {
 // CanImportLocal returns true if user can migrate repository by local path.
 func (u *User) CanImportLocal() bool {
-	return setting.Repository.EnableLocalPathMigration && (u.IsAdmin || u.AllowImportLocal)
+	return conf.Repository.EnableLocalPathMigration && (u.IsAdmin || u.AllowImportLocal)
 }
 // DashboardLink returns the user dashboard page link.
 func (u *User) DashboardLink() string {
 	if u.IsOrganization() {
-		return setting.AppSubURL + "/org/" + u.Name + "/dashboard/"
+		return conf.Server.Subpath + "/org/" + u.Name + "/dashboard/"
 	}
-	return setting.AppSubURL + "/"
+	return conf.Server.Subpath + "/"
 }
 // HomeLink returns the user or organization home page link.
 func (u *User) HomeLink() string {
-	return setting.AppSubURL + "/" + u.Name
+	return conf.Server.Subpath + "/" + u.Name
 }
 func (u *User) HTMLURL() string {
-	return setting.AppURL + u.Name
+	return conf.Server.ExternalURL + u.Name
 }
 // GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
 func (u *User) GenerateEmailActivateCode(email string) string {
 	code := tool.CreateTimeLimitCode(
 		com.ToStr(u.ID)+email+u.LowerName+u.Passwd+u.Rands,
-		setting.Service.ActiveCodeLives, nil)
+		conf.Service.ActiveCodeLives, nil)
 	// Add tail hex username
 	code += hex.EncodeToString([]byte(u.LowerName))
@ -216,7 +216,7 @@ func (u *User) GenerateActivateCode() string {
 // CustomAvatarPath returns user custom avatar file path.
 func (u *User) CustomAvatarPath() string {
-	return filepath.Join(setting.AvatarUploadPath, com.ToStr(u.ID))
+	return filepath.Join(conf.AvatarUploadPath, com.ToStr(u.ID))
 }
 // GenerateRandomAvatar generates a random avatar for user.
@ -251,7 +251,7 @@ func (u *User) GenerateRandomAvatar() error {
 // which includes app sub-url as prefix. However, it is possible
 // to return full URL if user enables Gravatar-like service.
 func (u *User) RelAvatarLink() string {
-	defaultImgUrl := setting.AppSubURL + "/img/avatar_default.png"
+	defaultImgUrl := conf.Server.Subpath + "/img/avatar_default.png"
 	if u.ID == -1 {
 		return defaultImgUrl
 	}
@ -261,15 +261,15 @@ func (u *User) RelAvatarLink() string {
 		if !com.IsExist(u.CustomAvatarPath()) {
 			return defaultImgUrl
 		}
-		return fmt.Sprintf("%s/%s/%d", setting.AppSubURL, USER_AVATAR_URL_PREFIX, u.ID)
+		return fmt.Sprintf("%s/%s/%d", conf.Server.Subpath, USER_AVATAR_URL_PREFIX, u.ID)
-	case setting.DisableGravatar, setting.OfflineMode:
+	case conf.DisableGravatar:
 		if !com.IsExist(u.CustomAvatarPath()) {
 			if err := u.GenerateRandomAvatar(); err != nil {
 				log.Error("GenerateRandomAvatar: %v", err)
 			}
 		}
-		return fmt.Sprintf("%s/%s/%d", setting.AppSubURL, USER_AVATAR_URL_PREFIX, u.ID)
+		return fmt.Sprintf("%s/%s/%d", conf.Server.Subpath, USER_AVATAR_URL_PREFIX, u.ID)
 	}
 	return tool.AvatarLink(u.AvatarEmail)
 }
@ -278,7 +278,7 @@ func (u *User) RelAvatarLink() string {
 func (u *User) AvatarLink() string {
 	link := u.RelAvatarLink()
 	if link[0] == '/' && link[1] != '/' {
-		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
+		return conf.Server.ExternalURL + strings.TrimPrefix(link, conf.Server.Subpath)[1:]
 	}
 	return link
 }
@ -287,7 +287,7 @@ func (u *User) AvatarLink() string {
 func (u *User) GetFollowers(page int) ([]*User, error) {
 	users := make([]*User, 0, ItemsPerPage)
 	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.follow_id=?", u.ID)
-	if setting.UsePostgreSQL {
+	if conf.UsePostgreSQL {
 		sess = sess.Join("LEFT", "follow", `"user".id=follow.user_id`)
 	} else {
 		sess = sess.Join("LEFT", "follow", "user.id=follow.user_id")
@ -303,7 +303,7 @@ func (u *User) IsFollowing(followID int64) bool {
 func (u *User) GetFollowing(page int) ([]*User, error) {
 	users := make([]*User, 0, ItemsPerPage)
 	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.user_id=?", u.ID)
-	if setting.UsePostgreSQL {
+	if conf.UsePostgreSQL {
 		sess = sess.Join("LEFT", "follow", `"user".id=follow.follow_id`)
 	} else {
 		sess = sess.Join("LEFT", "follow", "user.id=follow.follow_id")
@ -341,7 +341,7 @@ func (u *User) UploadAvatar(data []byte) error {
 		return fmt.Errorf("decode image: %v", err)
 	}
-	os.MkdirAll(setting.AvatarUploadPath, os.ModePerm)
+	_ = os.MkdirAll(conf.AvatarUploadPath, os.ModePerm)
 	fw, err := os.Create(u.CustomAvatarPath())
 	if err != nil {
 		return fmt.Errorf("create custom avatar directory: %v", err)
@ -617,7 +617,7 @@ func parseUserFromCode(code string) (user *User) {
 // verify active code when active account
 func VerifyUserActiveCode(code string) (user *User) {
-	minutes := setting.Service.ActiveCodeLives
+	minutes := conf.Service.ActiveCodeLives
 	if user = parseUserFromCode(code); user != nil {
 		// time limit code
@ -633,7 +633,7 @@ func VerifyUserActiveCode(code string) (user *User) {
 // verify active code when active account
 func VerifyActiveEmailCode(code, email string) *EmailAddress {
-	minutes := setting.Service.ActiveCodeLives
+	minutes := conf.Service.ActiveCodeLives
 	if user := parseUserFromCode(code); user != nil {
 		// time limit code
@ -877,7 +877,7 @@ func DeleteInactivateUsers() (err error) {
 // UserPath returns the path absolute path of user repositories.
 func UserPath(userName string) string {
-	return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
+	return filepath.Join(conf.RepoRootPath, strings.ToLower(userName))
 }
 func GetUserByKeyID(keyID int64) (*User, error) {
@ -1049,8 +1049,8 @@ func SearchUserByName(opts *SearchUserOptions) (users []*User, _ int64, _ error)
 	}
 	opts.Keyword = strings.ToLower(opts.Keyword)
-	if opts.PageSize <= 0 || opts.PageSize > setting.UI.ExplorePagingNum {
+	if opts.PageSize <= 0 || opts.PageSize > conf.UI.ExplorePagingNum {
-		opts.PageSize = setting.UI.ExplorePagingNum
+		opts.PageSize = conf.UI.ExplorePagingNum
 	}
 	if opts.Page <= 0 {
 		opts.Page = 1
--- a/internal/db/webhook.go
+++ b/internal/db/webhook.go
@ -21,13 +21,13 @@ import (
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/httplib"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/sync"
 )
-var HookQueue = sync.NewUniqueQueue(setting.Webhook.QueueLength)
+var HookQueue = sync.NewUniqueQueue(conf.Webhook.QueueLength)
 type HookContentType int
@ -99,7 +99,7 @@ type Webhook struct {
 	ContentType  HookContentType
 	Secret       string     `xorm:"TEXT"`
 	Events       string     `xorm:"TEXT"`
-	*HookEvent   `xorm:"-"` // LEGACY [1.0]: Cannot ignore JSON here, it breaks old backup archive
+	*HookEvent   `xorm:"-"` // LEGACY [1.0]: Cannot ignore JSON (i.e. json:"-") here, it breaks old backup archive
 	IsSSL        bool       `xorm:"is_ssl"`
 	IsActive     bool
 	HookTaskType HookTaskType
@ -482,8 +482,8 @@ func (t *HookTask) MarshalJSON(v interface{}) string {
 // HookTasks returns a list of hook tasks by given conditions.
 func HookTasks(hookID int64, page int) ([]*HookTask, error) {
-	tasks := make([]*HookTask, 0, setting.Webhook.PagingNum)
+	tasks := make([]*HookTask, 0, conf.Webhook.PagingNum)
-	return tasks, x.Limit(setting.Webhook.PagingNum, (page-1)*setting.Webhook.PagingNum).Where("hook_id=?", hookID).Desc("id").Find(&tasks)
+	return tasks, x.Limit(conf.Webhook.PagingNum, (page-1)*conf.Webhook.PagingNum).Where("hook_id=?", hookID).Desc("id").Find(&tasks)
 }
 // createHookTask creates a new hook task,
@ -652,14 +652,14 @@ func TestWebhook(repo *Repository, event HookEventType, p api.Payloader, webhook
 func (t *HookTask) deliver() {
 	t.IsDelivered = true
-	timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second
+	timeout := time.Duration(conf.Webhook.DeliverTimeout) * time.Second
 	req := httplib.Post(t.URL).SetTimeout(timeout, timeout).
 		Header("X-Github-Delivery", t.UUID).
 		Header("X-Github-Event", string(t.EventType)).
 		Header("X-Gogs-Delivery", t.UUID).
 		Header("X-Gogs-Signature", t.Signature).
 		Header("X-Gogs-Event", string(t.EventType)).
-		SetTLSClientConfig(&tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify})
+		SetTLSClientConfig(&tls.Config{InsecureSkipVerify: conf.Webhook.SkipTLSVerify})
 	switch t.ContentType {
 	case JSON:
--- a/internal/db/webhook_discord.go
+++ b/internal/db/webhook_discord.go
@ -14,7 +14,7 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 type DiscordEmbedFooterObject struct {
@ -78,7 +78,7 @@ func getDiscordCreatePayload(p *api.CreatePayload) (*DiscordPayload, error) {
 	return &DiscordPayload{
 		Embeds: []*DiscordEmbedObject{{
 			Description: content,
-			URL:         setting.AppURL + p.Sender.UserName,
+			URL:         conf.Server.ExternalURL + p.Sender.UserName,
 			Author: &DiscordEmbedAuthorObject{
 				Name:    p.Sender.UserName,
 				IconURL: p.Sender.AvatarUrl,
@ -95,7 +95,7 @@ func getDiscordDeletePayload(p *api.DeletePayload) (*DiscordPayload, error) {
 	return &DiscordPayload{
 		Embeds: []*DiscordEmbedObject{{
 			Description: content,
-			URL:         setting.AppURL + p.Sender.UserName,
+			URL:         conf.Server.ExternalURL + p.Sender.UserName,
 			Author: &DiscordEmbedAuthorObject{
 				Name:    p.Sender.UserName,
 				IconURL: p.Sender.AvatarUrl,
@ -112,7 +112,7 @@ func getDiscordForkPayload(p *api.ForkPayload) (*DiscordPayload, error) {
 	return &DiscordPayload{
 		Embeds: []*DiscordEmbedObject{{
 			Description: content,
-			URL:         setting.AppURL + p.Sender.UserName,
+			URL:         conf.Server.ExternalURL + p.Sender.UserName,
 			Author: &DiscordEmbedAuthorObject{
 				Name:    p.Sender.UserName,
 				IconURL: p.Sender.AvatarUrl,
@ -160,7 +160,7 @@ func getDiscordPushPayload(p *api.PushPayload, slack *SlackMeta) (*DiscordPayloa
 		AvatarURL: slack.IconURL,
 		Embeds: []*DiscordEmbedObject{{
 			Description: content,
-			URL:         setting.AppURL + p.Sender.UserName,
+			URL:         conf.Server.ExternalURL + p.Sender.UserName,
 			Color:       int(color),
 			Author: &DiscordEmbedAuthorObject{
 				Name:    p.Sender.UserName,
@ -361,7 +361,7 @@ func getDiscordReleasePayload(p *api.ReleasePayload) (*DiscordPayload, error) {
 	return &DiscordPayload{
 		Embeds: []*DiscordEmbedObject{{
 			Description: content,
-			URL:         setting.AppURL + p.Sender.UserName,
+			URL:         conf.Server.ExternalURL + p.Sender.UserName,
 			Author: &DiscordEmbedAuthorObject{
 				Name:    p.Sender.UserName,
 				IconURL: p.Sender.AvatarUrl,
--- a/internal/db/webhook_slack.go
+++ b/internal/db/webhook_slack.go
@ -13,7 +13,7 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 type SlackMeta struct {
@ -147,7 +147,7 @@ func getSlackPushPayload(p *api.PushPayload, slack *SlackMeta) (*SlackPayload, e
 }
 func getSlackIssuesPayload(p *api.IssuesPayload, slack *SlackMeta) (*SlackPayload, error) {
-	senderLink := SlackLinkFormatter(setting.AppURL+p.Sender.UserName, p.Sender.UserName)
+	senderLink := SlackLinkFormatter(conf.Server.ExternalURL+p.Sender.UserName, p.Sender.UserName)
 	titleLink := SlackLinkFormatter(fmt.Sprintf("%s/issues/%d", p.Repository.HTMLURL, p.Index),
 		fmt.Sprintf("#%d %s", p.Index, p.Issue.Title))
 	var text, title, attachmentText string
@ -165,7 +165,7 @@ func getSlackIssuesPayload(p *api.IssuesPayload, slack *SlackMeta) (*SlackPayloa
 		attachmentText = SlackTextFormatter(p.Issue.Body)
 	case api.HOOK_ISSUE_ASSIGNED:
 		text = fmt.Sprintf("[%s] Issue assigned to %s: %s by %s", p.Repository.FullName,
-			SlackLinkFormatter(setting.AppURL+p.Issue.Assignee.UserName, p.Issue.Assignee.UserName),
+			SlackLinkFormatter(conf.Server.ExternalURL+p.Issue.Assignee.UserName, p.Issue.Assignee.UserName),
 			titleLink, senderLink)
 	case api.HOOK_ISSUE_UNASSIGNED:
 		text = fmt.Sprintf("[%s] Issue unassigned: %s by %s", p.Repository.FullName, titleLink, senderLink)
@ -193,7 +193,7 @@ func getSlackIssuesPayload(p *api.IssuesPayload, slack *SlackMeta) (*SlackPayloa
 }
 func getSlackIssueCommentPayload(p *api.IssueCommentPayload, slack *SlackMeta) (*SlackPayload, error) {
-	senderLink := SlackLinkFormatter(setting.AppURL+p.Sender.UserName, p.Sender.UserName)
+	senderLink := SlackLinkFormatter(conf.Server.ExternalURL+p.Sender.UserName, p.Sender.UserName)
 	titleLink := SlackLinkFormatter(fmt.Sprintf("%s/issues/%d#%s", p.Repository.HTMLURL, p.Issue.Index, CommentHashTag(p.Comment.ID)),
 		fmt.Sprintf("#%d %s", p.Issue.Index, p.Issue.Title))
 	var text, title, attachmentText string
@ -227,7 +227,7 @@ func getSlackIssueCommentPayload(p *api.IssueCommentPayload, slack *SlackMeta) (
 }
 func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*SlackPayload, error) {
-	senderLink := SlackLinkFormatter(setting.AppURL+p.Sender.UserName, p.Sender.UserName)
+	senderLink := SlackLinkFormatter(conf.Server.ExternalURL+p.Sender.UserName, p.Sender.UserName)
 	titleLink := SlackLinkFormatter(fmt.Sprintf("%s/pulls/%d", p.Repository.HTMLURL, p.Index),
 		fmt.Sprintf("#%d %s", p.Index, p.PullRequest.Title))
 	var text, title, attachmentText string
@ -249,7 +249,7 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
 		attachmentText = SlackTextFormatter(p.PullRequest.Body)
 	case api.HOOK_ISSUE_ASSIGNED:
 		text = fmt.Sprintf("[%s] Pull request assigned to %s: %s by %s", p.Repository.FullName,
-			SlackLinkFormatter(setting.AppURL+p.PullRequest.Assignee.UserName, p.PullRequest.Assignee.UserName),
+			SlackLinkFormatter(conf.Server.ExternalURL+p.PullRequest.Assignee.UserName, p.PullRequest.Assignee.UserName),
 			titleLink, senderLink)
 	case api.HOOK_ISSUE_UNASSIGNED:
 		text = fmt.Sprintf("[%s] Pull request unassigned: %s by %s", p.Repository.FullName, titleLink, senderLink)
--- a/internal/db/wiki.go
+++ b/internal/db/wiki.go
@ -17,7 +17,7 @@ import (
 	"github.com/gogs/git-module"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/sync"
 )
@ -71,7 +71,7 @@ func (repo *Repository) InitWiki() error {
 }
 func (repo *Repository) LocalWikiPath() string {
-	return path.Join(setting.AppDataPath, "tmp/local-wiki", com.ToStr(repo.ID))
+	return filepath.Join(conf.Server.AppDataPath, "tmp", "local-wiki", com.ToStr(repo.ID))
 }
 // UpdateLocalWiki makes sure the local copy of repository wiki is up-to-date.
--- a/internal/mailer/mail.go
+++ b/internal/mailer/mail.go
@ -7,7 +7,7 @@ package mailer
 import (
 	"fmt"
 	"html/template"
-	"path"
+	"path/filepath"
 	"sync"
 	"time"
@ -16,8 +16,8 @@ import (
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/assets/templates"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -41,15 +41,15 @@ var (
 func render(tpl string, data map[string]interface{}) (string, error) {
 	tplRenderOnce.Do(func() {
 		opt := &macaron.RenderOptions{
-			Directory:         path.Join(setting.StaticRootPath, "templates/mail"),
+			Directory:         filepath.Join(conf.WorkDir(), "templates", "mail"),
-			AppendDirectories: []string{path.Join(setting.CustomPath, "templates/mail")},
+			AppendDirectories: []string{filepath.Join(conf.CustomDir(), "templates", "mail")},
 			Extensions:        []string{".tmpl", ".html"},
 			Funcs: []template.FuncMap{map[string]interface{}{
 				"AppName": func() string {
-					return setting.AppName
+					return conf.App.BrandName
 				},
 				"AppURL": func() string {
-					return setting.AppURL
+					return conf.Server.ExternalURL
 				},
 				"Year": func() int {
 					return time.Now().Year()
@ -59,7 +59,7 @@ func render(tpl string, data map[string]interface{}) (string, error) {
 				},
 			}},
 		}
-		if !setting.LoadAssetsFromDisk {
+		if !conf.Server.LoadAssetsFromDisk {
 			opt.TemplateFileSystem = templates.NewTemplateFileSystem("mail", opt.AppendDirectories[0])
 		}
@ -105,8 +105,8 @@ type Issue interface {
 func SendUserMail(c *macaron.Context, u User, tpl, code, subject, info string) {
 	data := map[string]interface{}{
 		"Username":          u.DisplayName(),
-		"ActiveCodeLives":   setting.Service.ActiveCodeLives / 60,
+		"ActiveCodeLives":   conf.Service.ActiveCodeLives / 60,
-		"ResetPwdCodeLives": setting.Service.ResetPwdCodeLives / 60,
+		"ResetPwdCodeLives": conf.Service.ResetPwdCodeLives / 60,
 		"Code":              code,
 	}
 	body, err := render(tpl, data)
@ -133,7 +133,7 @@ func SendResetPasswordMail(c *macaron.Context, u User) {
 func SendActivateEmailMail(c *macaron.Context, u User, email string) {
 	data := map[string]interface{}{
 		"Username":        u.DisplayName(),
-		"ActiveCodeLives": setting.Service.ActiveCodeLives / 60,
+		"ActiveCodeLives": conf.Service.ActiveCodeLives / 60,
 		"Code":            u.GenerateEmailActivateCode(email),
 		"Email":           email,
 	}
@ -204,7 +204,7 @@ func composeIssueMessage(issue Issue, repo Repository, doer User, tplName string
 	if err != nil {
 		log.Error("HTMLString (%s): %v", tplName, err)
 	}
-	from := gomail.NewMessage().FormatAddress(setting.MailService.FromEmail, doer.DisplayName())
+	from := gomail.NewMessage().FormatAddress(conf.MailService.FromEmail, doer.DisplayName())
 	msg := NewMessageFrom(tos, from, subject, content)
 	msg.Info = fmt.Sprintf("Subject: %s, %s", subject, info)
 	return msg
--- a/internal/mailer/mailer.go
+++ b/internal/mailer/mailer.go
@ -18,7 +18,7 @@ import (
 	"gopkg.in/gomail.v2"
 	log "unknwon.dev/clog/v2"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 type Message struct {
@ -34,13 +34,13 @@ func NewMessageFrom(to []string, from, subject, htmlBody string) *Message {
 	msg := gomail.NewMessage()
 	msg.SetHeader("From", from)
 	msg.SetHeader("To", to...)
-	msg.SetHeader("Subject", setting.MailService.SubjectPrefix+subject)
+	msg.SetHeader("Subject", conf.MailService.SubjectPrefix+subject)
 	msg.SetDateHeader("Date", time.Now())
 	contentType := "text/html"
 	body := htmlBody
 	switchedToPlaintext := false
-	if setting.MailService.UsePlainText || setting.MailService.AddPlainTextAlt {
+	if conf.MailService.UsePlainText || conf.MailService.AddPlainTextAlt {
 		plainBody, err := html2text.FromString(htmlBody)
 		if err != nil {
 			log.Error("html2text.FromString: %v", err)
@ -51,7 +51,7 @@ func NewMessageFrom(to []string, from, subject, htmlBody string) *Message {
 		}
 	}
 	msg.SetBody(contentType, body)
-	if switchedToPlaintext && setting.MailService.AddPlainTextAlt && !setting.MailService.UsePlainText {
+	if switchedToPlaintext && conf.MailService.AddPlainTextAlt && !conf.MailService.UsePlainText {
 		// The AddAlternative method name is confusing - adding html as an "alternative" will actually cause mail
 		// clients to show it as first priority, and the text "main body" is the 2nd priority fallback.
 		// See: https://godoc.org/gopkg.in/gomail.v2#Message.AddAlternative
@ -65,7 +65,7 @@ func NewMessageFrom(to []string, from, subject, htmlBody string) *Message {
 // NewMessage creates new mail message object with default From header.
 func NewMessage(to []string, subject, body string) *Message {
-	return NewMessageFrom(to, setting.MailService.From, subject, body)
+	return NewMessageFrom(to, conf.MailService.From, subject, body)
 }
 type loginAuth struct {
@ -99,7 +99,7 @@ type Sender struct {
 }
 func (s *Sender) Send(from string, to []string, msg io.WriterTo) error {
-	opts := setting.MailService
+	opts := conf.MailService
 	host, port, err := net.SplitHostPort(opts.Host)
 	if err != nil {
@ -225,11 +225,11 @@ func NewContext() {
 	// Need to check if mailQueue is nil because in during reinstall (user had installed
 	// before but swithed install lock off), this function will be called again
 	// while mail queue is already processing tasks, and produces a race condition.
-	if setting.MailService == nil || mailQueue != nil {
+	if conf.MailService == nil || mailQueue != nil {
 		return
 	}
-	mailQueue = make(chan *Message, setting.MailService.QueueLength)
+	mailQueue = make(chan *Message, conf.MailService.QueueLength)
 	go processMailQueue()
 }
@ -239,7 +239,7 @@ func NewContext() {
 func Send(msg *Message) {
 	mailQueue <- msg
-	if setting.HookMode {
+	if conf.HookMode {
 		<-msg.confirmChan
 		return
 	}
--- a/internal/markup/markdown.go
+++ b/internal/markup/markdown.go
@ -13,15 +13,15 @@ import (
 	"github.com/russross/blackfriday"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/lazyregexp"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
 // IsMarkdownFile reports whether name looks like a Markdown file based on its extension.
 func IsMarkdownFile(name string) bool {
 	extension := strings.ToLower(filepath.Ext(name))
-	for _, ext := range setting.Markdown.FileExtensions {
+	for _, ext := range conf.Markdown.FileExtensions {
 		if strings.ToLower(ext) == extension {
 			return true
 		}
@ -63,7 +63,7 @@ func (r *MarkdownRenderer) AutoLink(out *bytes.Buffer, link []byte, kind int) {
 	// Since this method could only possibly serve one link at a time,
 	// we do not need to find all.
-	if bytes.HasPrefix(link, []byte(setting.AppURL)) {
+	if bytes.HasPrefix(link, []byte(conf.Server.ExternalURL)) {
 		m := CommitPattern.Find(link)
 		if m != nil {
 			m = bytes.TrimSpace(m)
@ -86,14 +86,14 @@ func (r *MarkdownRenderer) AutoLink(out *bytes.Buffer, link []byte, kind int) {
 			}
 			index := string(m[i+7 : j])
-			fullRepoURL := setting.AppURL + strings.TrimPrefix(r.urlPrefix, "/")
+			fullRepoURL := conf.Server.ExternalURL + strings.TrimPrefix(r.urlPrefix, "/")
 			var link string
 			if strings.HasPrefix(string(m), fullRepoURL) {
 				// Use a short issue reference if the URL refers to this repository
 				link = fmt.Sprintf(`<a href="%s">#%s</a>`, m, index)
 			} else {
 				// Use a cross-repository issue reference if the URL refers to a different repository
-				repo := string(m[len(setting.AppURL) : i-1])
+				repo := string(m[len(conf.Server.ExternalURL) : i-1])
 				link = fmt.Sprintf(`<a href="%s">%s#%s</a>`, m, repo, index)
 			}
 			out.WriteString(link)
@ -122,18 +122,18 @@ func RawMarkdown(body []byte, urlPrefix string) []byte {
 	htmlFlags |= blackfriday.HTML_SKIP_STYLE
 	htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
-	if setting.Smartypants.Enabled {
+	if conf.Smartypants.Enabled {
 		htmlFlags |= blackfriday.HTML_USE_SMARTYPANTS
-		if setting.Smartypants.Fractions {
+		if conf.Smartypants.Fractions {
 			htmlFlags |= blackfriday.HTML_SMARTYPANTS_FRACTIONS
 		}
-		if setting.Smartypants.Dashes {
+		if conf.Smartypants.Dashes {
 			htmlFlags |= blackfriday.HTML_SMARTYPANTS_DASHES
 		}
-		if setting.Smartypants.LatexDashes {
+		if conf.Smartypants.LatexDashes {
 			htmlFlags |= blackfriday.HTML_SMARTYPANTS_LATEX_DASHES
 		}
-		if setting.Smartypants.AngledQuotes {
+		if conf.Smartypants.AngledQuotes {
 			htmlFlags |= blackfriday.HTML_SMARTYPANTS_ANGLED_QUOTES
 		}
 	}
@ -153,7 +153,7 @@ func RawMarkdown(body []byte, urlPrefix string) []byte {
 	extensions |= blackfriday.EXTENSION_SPACE_HEADERS
 	extensions |= blackfriday.EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK
-	if setting.Markdown.EnableHardLineBreak {
+	if conf.Markdown.EnableHardLineBreak {
 		extensions |= blackfriday.EXTENSION_HARD_LINE_BREAK
 	}
--- a/internal/markup/markdown_test.go
+++ b/internal/markup/markdown_test.go
@ -12,12 +12,12 @@ import (
 	"github.com/russross/blackfriday"
 	. "github.com/smartystreets/goconvey/convey"
 	"gogs.io/gogs/internal/conf"
 	. "gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 )
 func Test_IsMarkdownFile(t *testing.T) {
-	setting.Markdown.FileExtensions = strings.Split(".md,.markdown,.mdown,.mkd", ",")
+	conf.Markdown.FileExtensions = strings.Split(".md,.markdown,.mdown,.mkd", ",")
 	Convey("Detect Markdown file extension", t, func() {
 		testCases := []struct {
 			ext   string
@ -40,7 +40,7 @@ func Test_IsMarkdownFile(t *testing.T) {
 func Test_Markdown(t *testing.T) {
 	Convey("Rendering an issue URL", t, func() {
-		setting.AppURL = "http://localhost:3000/"
+		conf.Server.ExternalURL = "http://localhost:3000/"
 		htmlFlags := 0
 		htmlFlags |= blackfriday.HTML_SKIP_STYLE
 		htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
@ -82,7 +82,7 @@ func Test_Markdown(t *testing.T) {
 	})
 	Convey("Rendering a commit URL", t, func() {
-		setting.AppURL = "http://localhost:3000/"
+		conf.Server.ExternalURL = "http://localhost:3000/"
 		htmlFlags := 0
 		htmlFlags |= blackfriday.HTML_SKIP_STYLE
 		htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
--- a/internal/markup/markup.go
+++ b/internal/markup/markup.go
@ -13,8 +13,8 @@ import (
 	"github.com/unknwon/com"
 	"golang.org/x/net/html"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/lazyregexp"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -78,7 +78,7 @@ func cutoutVerbosePrefix(prefix string) string {
 		if prefix[i] == '/' {
 			count++
 		}
-		if count >= 3+setting.AppSubURLDepth {
+		if count >= 3+conf.Server.SubpathDepth {
 			return prefix[:i]
 		}
 	}
@ -133,7 +133,7 @@ func RenderCrossReferenceIssueIndexPattern(rawBytes []byte, urlPrefix string, me
 		repo := string(m[:delimIdx])
 		index := string(m[delimIdx+1:])
-		link := fmt.Sprintf(`<a href="%s%s/issues/%s">%s</a>`, setting.AppURL, repo, index, m)
+		link := fmt.Sprintf(`<a href="%s%s/issues/%s">%s</a>`, conf.Server.ExternalURL, repo, index, m)
 		rawBytes = bytes.Replace(rawBytes, m, []byte(link), 1)
 	}
 	return rawBytes
@ -155,7 +155,7 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string, metas map[string]strin
 	for _, m := range ms {
 		m = m[bytes.Index(m, []byte("@")):]
 		rawBytes = bytes.Replace(rawBytes, m,
-			[]byte(fmt.Sprintf(`<a href="%s/%s">%s</a>`, setting.AppSubURL, m[1:], m)), -1)
+			[]byte(fmt.Sprintf(`<a href="%s/%s">%s</a>`, conf.Server.Subpath, m[1:], m)), -1)
 	}
 	rawBytes = RenderIssueIndexPattern(rawBytes, urlPrefix, metas)
--- a/internal/markup/markup_test.go
+++ b/internal/markup/markup_test.go
@ -10,8 +10,8 @@ import (
 	. "github.com/smartystreets/goconvey/convey"
 	"gogs.io/gogs/internal/conf"
 	. "gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 )
 func Test_IsReadmeFile(t *testing.T) {
@ -62,7 +62,7 @@ func Test_RenderIssueIndexPattern(t *testing.T) {
 			urlPrefix                   = "/prefix"
 			metas     map[string]string = nil
 		)
-		setting.AppSubURLDepth = 0
+		conf.Server.SubpathDepth = 0
 		Convey("To the internal issue tracker", func() {
 			Convey("It should not render anything when there are no mentions", func() {
--- a/internal/markup/sanitizer.go
+++ b/internal/markup/sanitizer.go
@ -10,7 +10,7 @@ import (
 	"github.com/microcosm-cc/bluemonday"
 	"gogs.io/gogs/internal/lazyregexp"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 // Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow
@ -40,7 +40,7 @@ func NewSanitizer() {
 		sanitizer.policy.AllowURLSchemes("data")
 		// Custom URL-Schemes
-		sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
+		sanitizer.policy.AllowURLSchemes(conf.Markdown.CustomURLSchemes...)
 	})
 }
--- a/internal/route/admin/admin.go
+++ b/internal/route/admin/admin.go
@ -14,12 +14,12 @@ import (
 	"github.com/unknwon/com"
 	"gopkg.in/macaron.v1"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/cron"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/process"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -168,10 +168,10 @@ func Dashboard(c *context.Context) {
 		return
 	}
-	c.Data["GitVersion"] = setting.Git.Version
+	c.Data["GitVersion"] = conf.Git.Version
 	c.Data["GoVersion"] = runtime.Version()
-	c.Data["BuildTime"] = setting.BuildTime
+	c.Data["BuildTime"] = conf.BuildTime
-	c.Data["BuildCommit"] = setting.BuildCommit
+	c.Data["BuildCommit"] = conf.BuildCommit
 	c.Data["Stats"] = db.GetStatistic()
 	// FIXME: update periodically
@ -189,7 +189,7 @@ func SendTestMail(c *context.Context) {
 		c.Flash.Info(c.Tr("admin.config.test_mail_sent", email))
 	}
-	c.Redirect(setting.AppSubURL + "/admin/config")
+	c.Redirect(conf.Server.Subpath + "/admin/config")
 }
 func Config(c *context.Context) {
@ -197,54 +197,53 @@ func Config(c *context.Context) {
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminConfig"] = true
-	c.Data["AppURL"] = setting.AppURL
+	c.Data["AppURL"] = conf.Server.ExternalURL
-	c.Data["Domain"] = setting.Domain
+	c.Data["Domain"] = conf.Server.Domain
-	c.Data["OfflineMode"] = setting.OfflineMode
+	c.Data["OfflineMode"] = conf.Server.OfflineMode
-	c.Data["DisableRouterLog"] = setting.DisableRouterLog
+	c.Data["DisableRouterLog"] = conf.Server.DisableRouterLog
-	c.Data["RunUser"] = setting.RunUser
+	c.Data["RunUser"] = conf.App.RunUser
 	c.Data["RunMode"] = strings.Title(macaron.Env)
-	c.Data["StaticRootPath"] = setting.StaticRootPath
+	c.Data["LogRootPath"] = conf.LogRootPath
-	c.Data["LogRootPath"] = setting.LogRootPath
+	c.Data["ReverseProxyAuthUser"] = conf.ReverseProxyAuthUser
 	c.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser
-	c.Data["SSH"] = setting.SSH
+	c.Data["SSH"] = conf.SSH
-	c.Data["RepoRootPath"] = setting.RepoRootPath
+	c.Data["RepoRootPath"] = conf.RepoRootPath
-	c.Data["ScriptType"] = setting.ScriptType
+	c.Data["ScriptType"] = conf.ScriptType
-	c.Data["Repository"] = setting.Repository
+	c.Data["Repository"] = conf.Repository
-	c.Data["HTTP"] = setting.HTTP
+	c.Data["HTTP"] = conf.HTTP
 	c.Data["DbCfg"] = db.DbCfg
-	c.Data["Service"] = setting.Service
+	c.Data["Service"] = conf.Service
-	c.Data["Webhook"] = setting.Webhook
+	c.Data["Webhook"] = conf.Webhook
 	c.Data["MailerEnabled"] = false
-	if setting.MailService != nil {
+	if conf.MailService != nil {
 		c.Data["MailerEnabled"] = true
-		c.Data["Mailer"] = setting.MailService
+		c.Data["Mailer"] = conf.MailService
 	}
-	c.Data["CacheAdapter"] = setting.CacheAdapter
+	c.Data["CacheAdapter"] = conf.CacheAdapter
-	c.Data["CacheInterval"] = setting.CacheInterval
+	c.Data["CacheInterval"] = conf.CacheInterval
-	c.Data["CacheConn"] = setting.CacheConn
+	c.Data["CacheConn"] = conf.CacheConn
-	c.Data["SessionConfig"] = setting.SessionConfig
+	c.Data["SessionConfig"] = conf.SessionConfig
-	c.Data["DisableGravatar"] = setting.DisableGravatar
+	c.Data["DisableGravatar"] = conf.DisableGravatar
-	c.Data["EnableFederatedAvatar"] = setting.EnableFederatedAvatar
+	c.Data["EnableFederatedAvatar"] = conf.EnableFederatedAvatar
-	c.Data["Git"] = setting.Git
+	c.Data["Git"] = conf.Git
 	type logger struct {
 		Mode, Config string
 	}
-	loggers := make([]*logger, len(setting.LogModes))
+	loggers := make([]*logger, len(conf.LogModes))
-	for i := range setting.LogModes {
+	for i := range conf.LogModes {
 		loggers[i] = &logger{
-			Mode: strings.Title(setting.LogModes[i]),
+			Mode: strings.Title(conf.LogModes[i]),
 		}
-		result, _ := jsoniter.MarshalIndent(setting.LogConfigs[i], "", "  ")
+		result, _ := jsoniter.MarshalIndent(conf.LogConfigs[i], "", "  ")
 		loggers[i].Config = string(result)
 	}
 	c.Data["Loggers"] = loggers
--- a/internal/route/admin/auths.go
+++ b/internal/route/admin/auths.go
@ -14,10 +14,10 @@ import (
 	"xorm.io/core"
 	"gogs.io/gogs/internal/auth/ldap"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -175,7 +175,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
 	log.Trace("Authentication created by admin(%s): %s", c.User.Name, f.Name)
 	c.Flash.Success(c.Tr("admin.auths.new_success", f.Name))
-	c.Redirect(setting.AppSubURL + "/admin/auths")
+	c.Redirect(conf.Server.Subpath + "/admin/auths")
 }
 func EditAuthSource(c *context.Context) {
@ -248,7 +248,7 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 	log.Trace("Authentication changed by admin '%s': %d", c.User.Name, source.ID)
 	c.Flash.Success(c.Tr("admin.auths.update_success"))
-	c.Redirect(setting.AppSubURL + "/admin/auths/" + com.ToStr(f.ID))
+	c.Redirect(conf.Server.Subpath + "/admin/auths/" + com.ToStr(f.ID))
 }
 func DeleteAuthSource(c *context.Context) {
@ -265,7 +265,7 @@ func DeleteAuthSource(c *context.Context) {
 			c.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
 		}
 		c.JSONSuccess(map[string]interface{}{
-			"redirect": setting.AppSubURL + "/admin/auths/" + c.Params(":authid"),
+			"redirect": conf.Server.Subpath + "/admin/auths/" + c.Params(":authid"),
 		})
 		return
 	}
@ -273,6 +273,6 @@ func DeleteAuthSource(c *context.Context) {
 	c.Flash.Success(c.Tr("admin.auths.deletion_success"))
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/admin/auths",
+		"redirect": conf.Server.Subpath + "/admin/auths",
 	})
 }
--- a/internal/route/admin/notice.go
+++ b/internal/route/admin/notice.go
@ -9,9 +9,9 @@ import (
 	"github.com/unknwon/paginater"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -28,9 +28,9 @@ func Notices(c *context.Context) {
 	if page <= 1 {
 		page = 1
 	}
-	c.Data["Page"] = paginater.New(int(total), setting.UI.Admin.NoticePagingNum, page, 5)
+	c.Data["Page"] = paginater.New(int(total), conf.UI.Admin.NoticePagingNum, page, 5)
-	notices, err := db.Notices(page, setting.UI.Admin.NoticePagingNum)
+	notices, err := db.Notices(page, conf.UI.Admin.NoticePagingNum)
 	if err != nil {
 		c.Handle(500, "Notices", err)
 		return
@ -68,5 +68,5 @@ func EmptyNotices(c *context.Context) {
 	log.Trace("System notices deleted by admin (%s): [start: %d]", c.User.Name, 0)
 	c.Flash.Success(c.Tr("admin.notices.delete_success"))
-	c.Redirect(setting.AppSubURL + "/admin/notices")
+	c.Redirect(conf.Server.Subpath + "/admin/notices")
 }
--- a/internal/route/admin/orgs.go
+++ b/internal/route/admin/orgs.go
@ -8,7 +8,7 @@ import (
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/route"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 const (
@ -24,7 +24,7 @@ func Organizations(c *context.Context) {
 		Type:     db.USER_TYPE_ORGANIZATION,
 		Counter:  db.CountOrganizations,
 		Ranger:   db.Organizations,
-		PageSize: setting.UI.Admin.OrgPagingNum,
+		PageSize: conf.UI.Admin.OrgPagingNum,
 		OrderBy:  "id ASC",
 		TplName:  ORGS,
 	})
--- a/internal/route/admin/repos.go
+++ b/internal/route/admin/repos.go
@ -8,9 +8,9 @@ import (
 	"github.com/unknwon/paginater"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -35,7 +35,7 @@ func Repos(c *context.Context) {
 	keyword := c.Query("q")
 	if len(keyword) == 0 {
-		repos, err = db.Repositories(page, setting.UI.Admin.RepoPagingNum)
+		repos, err = db.Repositories(page, conf.UI.Admin.RepoPagingNum)
 		if err != nil {
 			c.Handle(500, "Repositories", err)
 			return
@ -47,7 +47,7 @@ func Repos(c *context.Context) {
 			OrderBy:  "id ASC",
 			Private:  true,
 			Page:     page,
-			PageSize: setting.UI.Admin.RepoPagingNum,
+			PageSize: conf.UI.Admin.RepoPagingNum,
 		})
 		if err != nil {
 			c.Handle(500, "SearchRepositoryByName", err)
@ -56,7 +56,7 @@ func Repos(c *context.Context) {
 	}
 	c.Data["Keyword"] = keyword
 	c.Data["Total"] = count
-	c.Data["Page"] = paginater.New(int(count), setting.UI.Admin.RepoPagingNum, page, 5)
+	c.Data["Page"] = paginater.New(int(count), conf.UI.Admin.RepoPagingNum, page, 5)
 	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.Handle(500, "LoadAttributes", err)
@ -82,6 +82,6 @@ func DeleteRepo(c *context.Context) {
 	c.Flash.Success(c.Tr("repo.settings.deletion_success"))
 	c.JSON(200, map[string]interface{}{
-		"redirect": setting.AppSubURL + "/admin/repos?page=" + c.Query("page"),
+		"redirect": conf.Server.Subpath + "/admin/repos?page=" + c.Query("page"),
 	})
 }
--- a/internal/route/admin/users.go
+++ b/internal/route/admin/users.go
@ -10,12 +10,12 @@ import (
 	"github.com/unknwon/com"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/route"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -33,7 +33,7 @@ func Users(c *context.Context) {
 		Type:     db.USER_TYPE_INDIVIDUAL,
 		Counter:  db.CountUsers,
 		Ranger:   db.Users,
-		PageSize: setting.UI.Admin.UserPagingNum,
+		PageSize: conf.UI.Admin.UserPagingNum,
 		OrderBy:  "id ASC",
 		TplName:  USERS,
 	})
@ -53,7 +53,7 @@ func NewUser(c *context.Context) {
 	}
 	c.Data["Sources"] = sources
-	c.Data["CanSendEmail"] = setting.MailService != nil
+	c.Data["CanSendEmail"] = conf.MailService != nil
 	c.HTML(200, USER_NEW)
 }
@ -69,7 +69,7 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
 	}
 	c.Data["Sources"] = sources
-	c.Data["CanSendEmail"] = setting.MailService != nil
+	c.Data["CanSendEmail"] = conf.MailService != nil
 	if c.HasError() {
 		c.HTML(200, USER_NEW)
@ -115,12 +115,12 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
 	log.Trace("Account created by admin (%s): %s", c.User.Name, u.Name)
 	// Send email notification.
-	if f.SendNotify && setting.MailService != nil {
+	if f.SendNotify && conf.MailService != nil {
 		mailer.SendRegisterNotifyMail(c.Context, db.NewMailerUser(u))
 	}
 	c.Flash.Success(c.Tr("admin.users.new_success", u.Name))
-	c.Redirect(setting.AppSubURL + "/admin/users/" + com.ToStr(u.ID))
+	c.Redirect(conf.Server.Subpath + "/admin/users/" + com.ToStr(u.ID))
 }
 func prepareUserInfo(c *context.Context) *db.User {
@ -155,7 +155,7 @@ func EditUser(c *context.Context) {
 	c.Data["Title"] = c.Tr("admin.users.edit_account")
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminUsers"] = true
-	c.Data["EnableLocalPathMigration"] = setting.Repository.EnableLocalPathMigration
+	c.Data["EnableLocalPathMigration"] = conf.Repository.EnableLocalPathMigration
 	prepareUserInfo(c)
 	if c.Written() {
@ -169,7 +169,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 	c.Data["Title"] = c.Tr("admin.users.edit_account")
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminUsers"] = true
-	c.Data["EnableLocalPathMigration"] = setting.Repository.EnableLocalPathMigration
+	c.Data["EnableLocalPathMigration"] = conf.Repository.EnableLocalPathMigration
 	u := prepareUserInfo(c)
 	if c.Written() {
@ -226,7 +226,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 	log.Trace("Account profile updated by admin (%s): %s", c.User.Name, u.Name)
 	c.Flash.Success(c.Tr("admin.users.update_profile_success"))
-	c.Redirect(setting.AppSubURL + "/admin/users/" + c.Params(":userid"))
+	c.Redirect(conf.Server.Subpath + "/admin/users/" + c.Params(":userid"))
 }
 func DeleteUser(c *context.Context) {
@ -241,12 +241,12 @@ func DeleteUser(c *context.Context) {
 		case db.IsErrUserOwnRepos(err):
 			c.Flash.Error(c.Tr("admin.users.still_own_repo"))
 			c.JSON(200, map[string]interface{}{
-				"redirect": setting.AppSubURL + "/admin/users/" + c.Params(":userid"),
+				"redirect": conf.Server.Subpath + "/admin/users/" + c.Params(":userid"),
 			})
 		case db.IsErrUserHasOrgs(err):
 			c.Flash.Error(c.Tr("admin.users.still_has_org"))
 			c.JSON(200, map[string]interface{}{
-				"redirect": setting.AppSubURL + "/admin/users/" + c.Params(":userid"),
+				"redirect": conf.Server.Subpath + "/admin/users/" + c.Params(":userid"),
 			})
 		default:
 			c.Handle(500, "DeleteUser", err)
@ -257,6 +257,6 @@ func DeleteUser(c *context.Context) {
 	c.Flash.Success(c.Tr("admin.users.deletion_success"))
 	c.JSON(200, map[string]interface{}{
-		"redirect": setting.AppSubURL + "/admin/users",
+		"redirect": conf.Server.Subpath + "/admin/users",
 	})
 }
--- a/internal/route/api/v1/admin/user.go
+++ b/internal/route/api/v1/admin/user.go
@ -16,7 +16,7 @@ import (
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/route/api/v1/user"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func parseLoginSource(c *context.APIContext, u *db.User, sourceID int64, loginName string) {
@ -68,7 +68,7 @@ func CreateUser(c *context.APIContext, form api.CreateUserOption) {
 	log.Trace("Account created by admin %q: %s", c.User.Name, u.Name)
 	// Send email notification.
-	if form.SendNotify && setting.MailService != nil {
+	if form.SendNotify && conf.MailService != nil {
 		mailer.SendRegisterNotifyMail(c.Context.Context, db.NewMailerUser(u))
 	}
--- a/internal/route/api/v1/convert/utils.go
+++ b/internal/route/api/v1/convert/utils.go
@ -5,15 +5,15 @@
 package convert
 import (
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 // ToCorrectPageSize makes sure page size is in allowed range.
 func ToCorrectPageSize(size int) int {
 	if size <= 0 {
 		size = 10
-	} else if size > setting.API.MaxResponseItems {
+	} else if size > conf.API.MaxResponseItems {
-		size = setting.API.MaxResponseItems
+		size = conf.API.MaxResponseItems
 	}
 	return size
 }
--- a/internal/route/api/v1/repo/commits.go
+++ b/internal/route/api/v1/repo/commits.go
@ -12,10 +12,10 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 func GetSingleCommit(c *context.APIContext) {
@ -70,12 +70,12 @@ func GetSingleCommit(c *context.APIContext) {
 	c.JSONSuccess(&api.Commit{
 		CommitMeta: &api.CommitMeta{
-			URL: setting.AppURL + c.Link[1:],
+			URL: conf.Server.ExternalURL + c.Link[1:],
 			SHA: commit.ID.String(),
 		},
 		HTMLURL: c.Repo.Repository.HTMLURL() + "/commits/" + commit.ID.String(),
 		RepoCommit: &api.RepoCommit{
-			URL: setting.AppURL + c.Link[1:],
+			URL: conf.Server.ExternalURL + c.Link[1:],
 			Author: &api.CommitUser{
 				Name:  commit.Author.Name,
 				Email: commit.Author.Email,
--- a/internal/route/api/v1/repo/issue.go
+++ b/internal/route/api/v1/repo/issue.go
@ -14,7 +14,7 @@ import (
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func listIssues(c *context.APIContext, opts *db.IssuesOptions) {
@ -40,7 +40,7 @@ func listIssues(c *context.APIContext, opts *db.IssuesOptions) {
 		apiIssues[i] = issues[i].APIFormat()
 	}
-	c.SetLinkHeader(int(count), setting.UI.IssuePagingNum)
+	c.SetLinkHeader(int(count), conf.UI.IssuePagingNum)
 	c.JSONSuccess(&apiIssues)
 }
--- a/internal/route/api/v1/repo/key.go
+++ b/internal/route/api/v1/repo/key.go
@ -10,13 +10,13 @@ import (
 	api "github.com/gogs/go-gogs-client"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 func composeDeployKeysAPILink(repoPath string) string {
-	return setting.AppURL + "api/v1/repos/" + repoPath + "/keys/"
+	return conf.Server.ExternalURL + "api/v1/repos/" + repoPath + "/keys/"
 }
 // https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#list-deploy-keys
--- a/internal/route/api/v1/repo/repo.go
+++ b/internal/route/api/v1/repo/repo.go
@ -18,7 +18,7 @@ import (
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/route/api/v1/convert"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func Search(c *context.APIContext) {
@ -263,7 +263,7 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 	repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{
 		Name:        f.RepoName,
 		Description: f.Description,
-		IsPrivate:   f.Private || setting.Repository.ForcePrivate,
+		IsPrivate:   f.Private || conf.Repository.ForcePrivate,
 		IsMirror:    f.Mirror,
 		RemoteAddr:  remoteAddr,
 	})
--- a/internal/route/api/v1/user/email.go
+++ b/internal/route/api/v1/user/email.go
@ -12,7 +12,7 @@ import (
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 func ListEmails(c *context.APIContext) {
@ -39,7 +39,7 @@ func AddEmail(c *context.APIContext, form api.CreateEmailOption) {
 		emails[i] = &db.EmailAddress{
 			UID:         c.User.ID,
 			Email:       form.Emails[i],
-			IsActivated: !setting.Service.RegisterEmailConfirm,
+			IsActivated: !conf.Service.RegisterEmailConfirm,
 		}
 	}
--- a/internal/route/api/v1/user/key.go
+++ b/internal/route/api/v1/user/key.go
@ -10,10 +10,10 @@ import (
 	repo2 "gogs.io/gogs/internal/route/api/v1/repo"
 	"net/http"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 func GetUserByParamsName(c *context.APIContext, name string) *db.User {
@ -31,7 +31,7 @@ func GetUserByParams(c *context.APIContext) *db.User {
 }
 func composePublicKeysAPILink() string {
-	return setting.AppURL + "api/v1/user/keys/"
+	return conf.Server.ExternalURL + "api/v1/user/keys/"
 }
 func listPublicKeys(c *context.APIContext, uid int64) {
--- a/internal/route/dev/template.go
+++ b/internal/route/dev/template.go
@ -5,19 +5,19 @@
 package dev
 import (
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 func TemplatePreview(c *context.Context) {
 	c.Data["User"] = db.User{Name: "Unknown"}
-	c.Data["AppName"] = setting.AppName
+	c.Data["AppName"] = conf.App.BrandName
-	c.Data["AppVersion"] = setting.AppVersion
+	c.Data["AppVersion"] = conf.App.Version
-	c.Data["AppURL"] = setting.AppURL
+	c.Data["AppURL"] = conf.Server.ExternalURL
 	c.Data["Code"] = "2014031910370000009fff6782aadb2162b4a997acb69d4400888e0b9274657374"
-	c.Data["ActiveCodeLives"] = setting.Service.ActiveCodeLives / 60
+	c.Data["ActiveCodeLives"] = conf.Service.ActiveCodeLives / 60
-	c.Data["ResetPwdCodeLives"] = setting.Service.ResetPwdCodeLives / 60
+	c.Data["ResetPwdCodeLives"] = conf.Service.ResetPwdCodeLives / 60
 	c.Data["CurDbValue"] = ""
 	c.HTML(200, (c.Params("*")))
--- a/internal/route/home.go
+++ b/internal/route/home.go
@ -8,9 +8,9 @@ import (
 	"github.com/unknwon/paginater"
 	user2 "gogs.io/gogs/internal/route/user"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -22,7 +22,7 @@ const (
 func Home(c *context.Context) {
 	if c.IsLogged {
-		if !c.User.IsActive && setting.Service.RegisterEmailConfirm {
+		if !c.User.IsActive && conf.Service.RegisterEmailConfirm {
 			c.Data["Title"] = c.Tr("auth.active_your_account")
 			c.Success(user2.ACTIVATE)
 		} else {
@ -32,9 +32,9 @@ func Home(c *context.Context) {
 	}
 	// Check auto-login.
-	uname := c.GetCookie(setting.CookieUserName)
+	uname := c.GetCookie(conf.CookieUserName)
 	if len(uname) != 0 {
-		c.Redirect(setting.AppSubURL + "/user/login")
+		c.Redirect(conf.Server.Subpath + "/user/login")
 		return
 	}
@ -58,7 +58,7 @@ func ExploreRepos(c *context.Context) {
 		UserID:   c.UserID(),
 		OrderBy:  "updated_unix DESC",
 		Page:     page,
-		PageSize: setting.UI.ExplorePagingNum,
+		PageSize: conf.UI.ExplorePagingNum,
 	})
 	if err != nil {
 		c.ServerError("SearchRepositoryByName", err)
@ -66,7 +66,7 @@ func ExploreRepos(c *context.Context) {
 	}
 	c.Data["Keyword"] = keyword
 	c.Data["Total"] = count
-	c.Data["Page"] = paginater.New(int(count), setting.UI.ExplorePagingNum, page, 5)
+	c.Data["Page"] = paginater.New(int(count), conf.UI.ExplorePagingNum, page, 5)
 	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.ServerError("RepositoryList.LoadAttributes", err)
@ -136,7 +136,7 @@ func ExploreUsers(c *context.Context) {
 		Type:     db.USER_TYPE_INDIVIDUAL,
 		Counter:  db.CountUsers,
 		Ranger:   db.Users,
-		PageSize: setting.UI.ExplorePagingNum,
+		PageSize: conf.UI.ExplorePagingNum,
 		OrderBy:  "updated_unix DESC",
 		TplName:  EXPLORE_USERS,
 	})
@ -151,7 +151,7 @@ func ExploreOrganizations(c *context.Context) {
 		Type:     db.USER_TYPE_ORGANIZATION,
 		Counter:  db.CountOrganizations,
 		Ranger:   db.Organizations,
-		PageSize: setting.UI.ExplorePagingNum,
+		PageSize: conf.UI.ExplorePagingNum,
 		OrderBy:  "updated_unix DESC",
 		TplName:  EXPLORE_ORGANIZATIONS,
 	})
--- a/internal/route/install.go
+++ b/internal/route/install.go
@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"strings"
 	"github.com/pkg/errors"
 	"github.com/unknwon/com"
 	"gopkg.in/ini.v1"
 	"gopkg.in/macaron.v1"
@ -19,13 +20,14 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/cron"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/markup"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/osutil"
 	"gogs.io/gogs/internal/ssh"
 	"gogs.io/gogs/internal/template/highlight"
 	"gogs.io/gogs/internal/tool"
@ -37,7 +39,7 @@ const (
 )
 func checkRunMode() {
-	if setting.ProdMode {
+	if conf.IsProdMode() {
 		macaron.Env = macaron.PROD
 		macaron.ColorLog = false
 	} else {
@ -47,20 +49,26 @@ func checkRunMode() {
 }
 // GlobalInit is for global configuration reload-able.
-func GlobalInit() {
+func GlobalInit(customConf string) error {
-	setting.Init()
+	err := conf.Init(customConf)
-	setting.InitLogging()
+	if err != nil {
-	log.Info("%s %s", setting.AppName, setting.AppVersion)
+		return errors.Wrap(err, "init configuration")
-	log.Trace("Custom path: %s", setting.CustomPath)
+	}
-	log.Trace("Log path: %s", setting.LogRootPath)
+
-	log.Trace("Build time: %s", setting.BuildTime)
+	conf.InitLogging()
-	log.Trace("Build commit: %s", setting.BuildCommit)
+	log.Info("%s %s", conf.App.BrandName, conf.App.Version)
 	log.Trace("Work directory: %s", conf.WorkDir())
 	log.Trace("Custom path: %s", conf.CustomDir())
 	log.Trace("Custom config: %s", conf.CustomConf)
 	log.Trace("Log path: %s", conf.LogRootPath)
 	log.Trace("Build time: %s", conf.BuildTime)
 	log.Trace("Build commit: %s", conf.BuildCommit)
 	db.LoadConfigs()
-	setting.NewServices()
+	conf.NewServices()
 	mailer.NewContext()
-	if setting.InstallLock {
+	if conf.InstallLock {
 		highlight.NewContext()
 		markup.NewSanitizer()
 		if err := db.NewEngine(); err != nil {
@ -81,33 +89,35 @@ func GlobalInit() {
 	if db.EnableSQLite3 {
 		log.Info("SQLite3 is supported")
 	}
-	if setting.SupportWindowsService() {
+	if conf.HasMinWinSvc {
 		log.Info("Builtin Windows Service is supported")
 	}
-	if setting.LoadAssetsFromDisk {
+	if conf.Server.LoadAssetsFromDisk {
 		log.Trace("Assets are loaded from disk")
 	}
 	checkRunMode()
-	if !setting.InstallLock {
+	if !conf.InstallLock {
-		return
+		return nil
 	}
-	if setting.SSH.StartBuiltinServer {
+	if conf.SSH.StartBuiltinServer {
-		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers)
+		ssh.Listen(conf.SSH.ListenHost, conf.SSH.ListenPort, conf.SSH.ServerCiphers)
-		log.Info("SSH server started on %s:%v", setting.SSH.ListenHost, setting.SSH.ListenPort)
+		log.Info("SSH server started on %s:%v", conf.SSH.ListenHost, conf.SSH.ListenPort)
-		log.Trace("SSH server cipher list: %v", setting.SSH.ServerCiphers)
+		log.Trace("SSH server cipher list: %v", conf.SSH.ServerCiphers)
 	}
-	if setting.SSH.RewriteAuthorizedKeysAtStart {
+	if conf.SSH.RewriteAuthorizedKeysAtStart {
 		if err := db.RewriteAuthorizedKeys(); err != nil {
 			log.Warn("Failed to rewrite authorized_keys file: %v", err)
 		}
 	}
 	return nil
 }
 func InstallInit(c *context.Context) {
-	if setting.InstallLock {
+	if conf.InstallLock {
 		c.NotFound()
 		return
 	}
@ -144,40 +154,40 @@ func Install(c *context.Context) {
 	}
 	// Application general settings
-	f.AppName = setting.AppName
+	f.AppName = conf.App.BrandName
-	f.RepoRootPath = setting.RepoRootPath
+	f.RepoRootPath = conf.RepoRootPath
 	// Note(unknwon): it's hard for Windows users change a running user,
 	// 	so just use current one if config says default.
-	if setting.IsWindows && setting.RunUser == "git" {
+	if conf.IsWindowsRuntime() && conf.App.RunUser == "git" {
 		f.RunUser = user.CurrentUsername()
 	} else {
-		f.RunUser = setting.RunUser
+		f.RunUser = conf.App.RunUser
 	}
-	f.Domain = setting.Domain
+	f.Domain = conf.Server.Domain
-	f.SSHPort = setting.SSH.Port
+	f.SSHPort = conf.SSH.Port
-	f.UseBuiltinSSHServer = setting.SSH.StartBuiltinServer
+	f.UseBuiltinSSHServer = conf.SSH.StartBuiltinServer
-	f.HTTPPort = setting.HTTPPort
+	f.HTTPPort = conf.Server.HTTPPort
-	f.AppUrl = setting.AppURL
+	f.AppUrl = conf.Server.ExternalURL
-	f.LogRootPath = setting.LogRootPath
+	f.LogRootPath = conf.LogRootPath
 	// E-mail service settings
-	if setting.MailService != nil {
+	if conf.MailService != nil {
-		f.SMTPHost = setting.MailService.Host
+		f.SMTPHost = conf.MailService.Host
-		f.SMTPFrom = setting.MailService.From
+		f.SMTPFrom = conf.MailService.From
-		f.SMTPUser = setting.MailService.User
+		f.SMTPUser = conf.MailService.User
 	}
-	f.RegisterConfirm = setting.Service.RegisterEmailConfirm
+	f.RegisterConfirm = conf.Service.RegisterEmailConfirm
-	f.MailNotify = setting.Service.EnableNotifyMail
+	f.MailNotify = conf.Service.EnableNotifyMail
 	// Server and other services settings
-	f.OfflineMode = setting.OfflineMode
+	f.OfflineMode = conf.Server.OfflineMode
-	f.DisableGravatar = setting.DisableGravatar
+	f.DisableGravatar = conf.DisableGravatar
-	f.EnableFederatedAvatar = setting.EnableFederatedAvatar
+	f.EnableFederatedAvatar = conf.EnableFederatedAvatar
-	f.DisableRegistration = setting.Service.DisableRegistration
+	f.DisableRegistration = conf.Service.DisableRegistration
-	f.EnableCaptcha = setting.Service.EnableCaptcha
+	f.EnableCaptcha = conf.Service.EnableCaptcha
-	f.RequireSignInView = setting.Service.RequireSignInView
+	f.RequireSignInView = conf.Service.RequireSignInView
 	form.Assign(f, c.Data)
 	c.Success(INSTALL)
@ -251,7 +261,7 @@ func InstallPost(c *context.Context, f form.Install) {
 		return
 	}
-	currentUser, match := setting.IsRunUserMatchCurrentUser(f.RunUser)
+	currentUser, match := conf.IsRunUserMatchCurrentUser(f.RunUser)
 	if !match {
 		c.FormErr("RunUser")
 		c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), INSTALL, &f)
@ -300,10 +310,10 @@ func InstallPost(c *context.Context, f form.Install) {
 	// Save settings.
 	cfg := ini.Empty()
-	if com.IsFile(setting.CustomConf) {
+	if osutil.IsFile(conf.CustomConf) {
 		// Keeps custom settings if there is already something.
-		if err := cfg.Append(setting.CustomConf); err != nil {
+		if err := cfg.Append(conf.CustomConf); err != nil {
-			log.Error("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+			log.Error("Failed to load custom conf %q: %v", conf.CustomConf, err)
 		}
 	}
 	cfg.Section("database").Key("DB_TYPE").SetValue(db.DbCfg.Type)
@ -368,13 +378,18 @@ func InstallPost(c *context.Context, f form.Install) {
 	}
 	cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
-	os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm)
+	_ = os.MkdirAll(filepath.Dir(conf.CustomConf), os.ModePerm)
-	if err := cfg.SaveTo(setting.CustomConf); err != nil {
+	if err := cfg.SaveTo(conf.CustomConf); err != nil {
 		c.RenderWithErr(c.Tr("install.save_config_failed", err), INSTALL, &f)
 		return
 	}
-	GlobalInit()
+	// NOTE: We reuse the current value because this handler does not have access to CLI flags.
 	err = GlobalInit(conf.CustomConf)
 	if err != nil {
 		c.RenderWithErr(c.Tr("install.init_failed", err), INSTALL, &f)
 		return
 	}
 	// Create admin account
 	if len(f.AdminName) > 0 {
@ -387,7 +402,7 @@ func InstallPost(c *context.Context, f form.Install) {
 		}
 		if err := db.CreateUser(u); err != nil {
 			if !db.IsErrUserAlreadyExist(err) {
-				setting.InstallLock = false
+				conf.InstallLock = false
 				c.FormErr("AdminName", "AdminEmail")
 				c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f)
 				return
--- a/internal/route/org/members.go
+++ b/internal/route/org/members.go
@ -8,10 +8,10 @@ import (
 	"github.com/unknwon/com"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -87,7 +87,7 @@ func MembersAction(c *context.Context) {
 	if c.Params(":action") != "leave" {
 		c.Redirect(c.Org.OrgLink + "/members")
 	} else {
-		c.Redirect(setting.AppSubURL + "/")
+		c.Redirect(conf.Server.Subpath + "/")
 	}
 }
--- a/internal/route/org/org.go
+++ b/internal/route/org/org.go
@ -7,10 +7,10 @@ package org
 import (
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -52,5 +52,5 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
 	}
 	log.Trace("Organization created: %s", org.Name)
-	c.Redirect(setting.AppSubURL + "/org/" + f.OrgName + "/dashboard")
+	c.Redirect(conf.Server.Subpath + "/org/" + f.OrgName + "/dashboard")
 }
--- a/internal/route/org/setting.go
+++ b/internal/route/org/setting.go
@ -9,12 +9,12 @@ import (
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/route/user"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -63,7 +63,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
 			return
 		}
 		// reset c.org.OrgLink with new name
-		c.Org.OrgLink = setting.AppSubURL + "/org/" + f.Name
+		c.Org.OrgLink = conf.Server.Subpath + "/org/" + f.Name
 		log.Trace("Organization name changed: %s -> %s", org.Name, f.Name)
 	}
 	// In case it's just a case change.
@ -130,7 +130,7 @@ func SettingsDelete(c *context.Context) {
 			}
 		} else {
 			log.Trace("Organization deleted: %s", org.Name)
-			c.Redirect(setting.AppSubURL + "/")
+			c.Redirect(conf.Server.Subpath + "/")
 		}
 		return
 	}
@ -143,7 +143,7 @@ func Webhooks(c *context.Context) {
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["BaseLink"] = c.Org.OrgLink
 	c.Data["Description"] = c.Tr("org.settings.hooks_desc")
-	c.Data["Types"] = setting.Webhook.Types
+	c.Data["Types"] = conf.Webhook.Types
 	ws, err := db.GetWebhooksByOrgID(c.Org.Organization.ID)
 	if err != nil {
--- a/internal/route/repo/commit.go
+++ b/internal/route/repo/commit.go
@ -10,9 +10,9 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -135,8 +135,8 @@ func Diff(c *context.Context) {
 	}
 	diff, err := db.GetDiffCommit(db.RepoPath(userName, repoName),
-		commitID, setting.Git.MaxGitDiffLines,
+		commitID, conf.Git.MaxGitDiffLines,
-		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
+		conf.Git.MaxGitDiffLineCharacters, conf.Git.MaxGitDiffFiles)
 	if err != nil {
 		c.NotFoundOrServerError("get diff commit", git.IsErrNotExist, err)
 		return
@ -168,11 +168,11 @@ func Diff(c *context.Context) {
 	c.Data["Diff"] = diff
 	c.Data["Parents"] = parents
 	c.Data["DiffNotAvailable"] = diff.NumFiles() == 0
-	c.Data["SourcePath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "src", commitID)
+	c.Data["SourcePath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "src", commitID)
 	if commit.ParentCount() > 0 {
-		c.Data["BeforeSourcePath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "src", parents[0])
+		c.Data["BeforeSourcePath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "src", parents[0])
 	}
-	c.Data["RawPath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "raw", commitID)
+	c.Data["RawPath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "raw", commitID)
 	c.Success(DIFF)
 }
@ -202,8 +202,8 @@ func CompareDiff(c *context.Context) {
 	}
 	diff, err := db.GetDiffRange(db.RepoPath(userName, repoName), beforeCommitID,
-		afterCommitID, setting.Git.MaxGitDiffLines,
+		afterCommitID, conf.Git.MaxGitDiffLines,
-		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
+		conf.Git.MaxGitDiffLineCharacters, conf.Git.MaxGitDiffFiles)
 	if err != nil {
 		c.Handle(404, "GetDiffRange", err)
 		return
@ -229,8 +229,8 @@ func CompareDiff(c *context.Context) {
 	c.Data["Commit"] = commit
 	c.Data["Diff"] = diff
 	c.Data["DiffNotAvailable"] = diff.NumFiles() == 0
-	c.Data["SourcePath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "src", afterCommitID)
+	c.Data["SourcePath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "src", afterCommitID)
-	c.Data["BeforeSourcePath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "src", beforeCommitID)
+	c.Data["BeforeSourcePath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "src", beforeCommitID)
-	c.Data["RawPath"] = setting.AppSubURL + "/" + path.Join(userName, repoName, "raw", afterCommitID)
+	c.Data["RawPath"] = conf.Server.Subpath + "/" + path.Join(userName, repoName, "raw", afterCommitID)
 	c.HTML(200, DIFF)
 }
--- a/internal/route/repo/download.go
+++ b/internal/route/repo/download.go
@ -13,7 +13,7 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/context"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -35,7 +35,7 @@ func serveData(c *context.Context, name string, r io.Reader) error {
 			c.Resp.Header().Set("Content-Disposition", "attachment; filename=\""+name+"\"")
 			c.Resp.Header().Set("Content-Transfer-Encoding", "binary")
 		}
-	} else if !setting.Repository.EnableRawFileRenderMode || !c.QueryBool("render") {
+	} else if !conf.Repository.EnableRawFileRenderMode || !c.QueryBool("render") {
 		c.Resp.Header().Set("Content-Type", "text/plain; charset=utf-8")
 	}
--- a/internal/route/repo/editor.go
+++ b/internal/route/repo/editor.go
@ -14,12 +14,12 @@ import (
 	log "unknwon.dev/clog/v2"
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/pathutil"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/template"
 	"gogs.io/gogs/internal/tool"
 )
@ -110,10 +110,10 @@ func editFile(c *context.Context, isNewFile bool) {
 	c.Data["commit_choice"] = "direct"
 	c.Data["new_branch_name"] = ""
 	c.Data["last_commit"] = c.Repo.Commit.ID
-	c.Data["MarkdownFileExts"] = strings.Join(setting.Markdown.FileExtensions, ",")
+	c.Data["MarkdownFileExts"] = strings.Join(conf.Markdown.FileExtensions, ",")
-	c.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
+	c.Data["LineWrapExtensions"] = strings.Join(conf.Repository.Editor.LineWrapExtensions, ",")
-	c.Data["PreviewableFileModes"] = strings.Join(setting.Repository.Editor.PreviewableFileModes, ",")
+	c.Data["PreviewableFileModes"] = strings.Join(conf.Repository.Editor.PreviewableFileModes, ",")
-	c.Data["EditorconfigURLPrefix"] = fmt.Sprintf("%s/api/v1/repos/%s/editorconfig/", setting.AppSubURL, c.Repo.Repository.FullName())
+	c.Data["EditorconfigURLPrefix"] = fmt.Sprintf("%s/api/v1/repos/%s/editorconfig/", conf.Server.Subpath, c.Repo.Repository.FullName())
 	c.Success(EDIT_FILE)
 }
@ -156,9 +156,9 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
 	c.Data["commit_choice"] = f.CommitChoice
 	c.Data["new_branch_name"] = branchName
 	c.Data["last_commit"] = f.LastCommit
-	c.Data["MarkdownFileExts"] = strings.Join(setting.Markdown.FileExtensions, ",")
+	c.Data["MarkdownFileExts"] = strings.Join(conf.Markdown.FileExtensions, ",")
-	c.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
+	c.Data["LineWrapExtensions"] = strings.Join(conf.Repository.Editor.LineWrapExtensions, ",")
-	c.Data["PreviewableFileModes"] = strings.Join(setting.Repository.Editor.PreviewableFileModes, ",")
+	c.Data["PreviewableFileModes"] = strings.Join(conf.Repository.Editor.PreviewableFileModes, ",")
 	if c.HasError() {
 		c.Success(EDIT_FILE)
@ -400,9 +400,9 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
 func renderUploadSettings(c *context.Context) {
 	c.RequireDropzone()
-	c.Data["UploadAllowedTypes"] = strings.Join(setting.Repository.Upload.AllowedTypes, ",")
+	c.Data["UploadAllowedTypes"] = strings.Join(conf.Repository.Upload.AllowedTypes, ",")
-	c.Data["UploadMaxSize"] = setting.Repository.Upload.FileMaxSize
+	c.Data["UploadMaxSize"] = conf.Repository.Upload.FileMaxSize
-	c.Data["UploadMaxFiles"] = setting.Repository.Upload.MaxFiles
+	c.Data["UploadMaxFiles"] = conf.Repository.Upload.MaxFiles
 }
 func UploadFile(c *context.Context) {
@ -533,9 +533,9 @@ func UploadFileToServer(c *context.Context) {
 	}
 	fileType := http.DetectContentType(buf)
-	if len(setting.Repository.Upload.AllowedTypes) > 0 {
+	if len(conf.Repository.Upload.AllowedTypes) > 0 {
 		allowed := false
-		for _, t := range setting.Repository.Upload.AllowedTypes {
+		for _, t := range conf.Repository.Upload.AllowedTypes {
 			t := strings.Trim(t, " ")
 			if t == "*/*" || t == fileType {
 				allowed = true
--- a/internal/route/repo/http.go
+++ b/internal/route/repo/http.go
@ -23,7 +23,7 @@ import (
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/lazyregexp"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -44,9 +44,9 @@ func askCredentials(c *context.Context, status int, text string) {
 func HTTPContexter() macaron.Handler {
 	return func(c *context.Context) {
-		if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
+		if len(conf.HTTP.AccessControlAllowOrigin) > 0 {
 			// Set CORS headers for browser-based git clients
-			c.Resp.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
+			c.Resp.Header().Set("Access-Control-Allow-Origin", conf.HTTP.AccessControlAllowOrigin)
 			c.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, User-Agent")
 			// Handle preflight OPTIONS request
@ -77,7 +77,7 @@ func HTTPContexter() macaron.Handler {
 		}
 		// Authentication is not required for pulling from public repositories.
-		if isPull && !repo.IsPrivate && !setting.Service.RequireSignInView {
+		if isPull && !repo.IsPrivate && !conf.Service.RequireSignInView {
 			c.Map(&HTTPContext{
 				Context: c,
 			})
@ -368,7 +368,7 @@ func getGitRepoPath(dir string) (string, error) {
 		dir += ".git"
 	}
-	filename := path.Join(setting.RepoRootPath, dir)
+	filename := path.Join(conf.RepoRootPath, dir)
 	if _, err := os.Stat(filename); os.IsNotExist(err) {
 		return "", err
 	}
@ -387,7 +387,7 @@ func HTTP(c *HTTPContext) {
 		// We perform check here because route matched in cmd/web.go is wider than needed,
 		// but we only want to output this message only if user is really trying to access
 		// Git HTTP endpoints.
-		if setting.Repository.DisableHTTPGit {
+		if conf.Repository.DisableHTTPGit {
 			c.HandleText(http.StatusForbidden, "Interacting with repositories by HTTP protocol is not disabled")
 			return
 		}
--- a/internal/route/repo/issue.go
+++ b/internal/route/repo/issue.go
@ -17,12 +17,12 @@ import (
 	"github.com/unknwon/paginater"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -116,8 +116,8 @@ func issues(c *context.Context, isPullList bool) {
 	// Must sign in to see issues about you.
 	if viewType != "all" && !c.IsLogged {
-		c.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubURL+c.Req.RequestURI), 0, setting.AppSubURL)
+		c.SetCookie("redirect_to", "/"+url.QueryEscape(conf.Server.Subpath+c.Req.RequestURI), 0, conf.Server.Subpath)
-		c.Redirect(setting.AppSubURL + "/user/login")
+		c.Redirect(conf.Server.Subpath + "/user/login")
 		return
 	}
@ -167,7 +167,7 @@ func issues(c *context.Context, isPullList bool) {
 	} else {
 		total = int(issueStats.ClosedCount)
 	}
-	pager := paginater.New(total, setting.UI.IssuePagingNum, page, 5)
+	pager := paginater.New(total, conf.UI.IssuePagingNum, page, 5)
 	c.Data["Page"] = pager
 	issues, err := db.Issues(&db.IssuesOptions{
@ -256,10 +256,10 @@ func Pulls(c *context.Context) {
 func renderAttachmentSettings(c *context.Context) {
 	c.Data["RequireDropzone"] = true
-	c.Data["IsAttachmentEnabled"] = setting.AttachmentEnabled
+	c.Data["IsAttachmentEnabled"] = conf.AttachmentEnabled
-	c.Data["AttachmentAllowedTypes"] = setting.AttachmentAllowedTypes
+	c.Data["AttachmentAllowedTypes"] = conf.AttachmentAllowedTypes
-	c.Data["AttachmentMaxSize"] = setting.AttachmentMaxSize
+	c.Data["AttachmentMaxSize"] = conf.AttachmentMaxSize
-	c.Data["AttachmentMaxFiles"] = setting.AttachmentMaxFiles
+	c.Data["AttachmentMaxFiles"] = conf.AttachmentMaxFiles
 }
 func RetrieveRepoMilestonesAndAssignees(c *context.Context, repo *db.Repository) {
@ -429,7 +429,7 @@ func NewIssuePost(c *context.Context, f form.NewIssue) {
 	}
 	var attachments []string
-	if setting.AttachmentEnabled {
+	if conf.AttachmentEnabled {
 		attachments = f.Files
 	}
@ -493,12 +493,12 @@ func uploadAttachment(c *context.Context, allowedTypes []string) {
 }
 func UploadIssueAttachment(c *context.Context) {
-	if !setting.AttachmentEnabled {
+	if !conf.AttachmentEnabled {
 		c.NotFound()
 		return
 	}
-	uploadAttachment(c, strings.Split(setting.AttachmentAllowedTypes, ","))
+	uploadAttachment(c, strings.Split(conf.AttachmentAllowedTypes, ","))
 }
 func viewIssue(c *context.Context, isPullList bool) {
@ -669,7 +669,7 @@ func viewIssue(c *context.Context, isPullList bool) {
 	c.Data["NumParticipants"] = len(participants)
 	c.Data["Issue"] = issue
 	c.Data["IsIssueOwner"] = c.Repo.IsWriter() || (c.IsLogged && issue.IsPoster(c.User.ID))
-	c.Data["SignInLink"] = setting.AppSubURL + "/user/login?redirect_to=" + c.Data["Link"].(string)
+	c.Data["SignInLink"] = conf.Server.Subpath + "/user/login?redirect_to=" + c.Data["Link"].(string)
 	c.HTML(200, ISSUE_VIEW)
 }
@ -845,7 +845,7 @@ func NewComment(c *context.Context, f form.CreateComment) {
 	}
 	var attachments []string
-	if setting.AttachmentEnabled {
+	if conf.AttachmentEnabled {
 		attachments = f.Files
 	}
@ -1098,7 +1098,7 @@ func Milestones(c *context.Context) {
 	} else {
 		total = int(closedCount)
 	}
-	c.Data["Page"] = paginater.New(total, setting.UI.IssuePagingNum, page, 5)
+	c.Data["Page"] = paginater.New(total, conf.UI.IssuePagingNum, page, 5)
 	miles, err := db.GetMilestones(c.Repo.Repository.ID, page, isShowClosed)
 	if err != nil {
@ -1130,7 +1130,7 @@ func NewMilestone(c *context.Context) {
 	c.Data["PageIsIssueList"] = true
 	c.Data["PageIsMilestones"] = true
 	c.Data["RequireDatetimepicker"] = true
-	c.Data["DateLang"] = setting.DateLang(c.Locale.Language())
+	c.Data["DateLang"] = conf.DateLang(c.Locale.Language())
 	c.HTML(200, MILESTONE_NEW)
 }
@ -1139,7 +1139,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
 	c.Data["PageIsIssueList"] = true
 	c.Data["PageIsMilestones"] = true
 	c.Data["RequireDatetimepicker"] = true
-	c.Data["DateLang"] = setting.DateLang(c.Locale.Language())
+	c.Data["DateLang"] = conf.DateLang(c.Locale.Language())
 	if c.HasError() {
 		c.HTML(200, MILESTONE_NEW)
@ -1175,7 +1175,7 @@ func EditMilestone(c *context.Context) {
 	c.Data["PageIsMilestones"] = true
 	c.Data["PageIsEditMilestone"] = true
 	c.Data["RequireDatetimepicker"] = true
-	c.Data["DateLang"] = setting.DateLang(c.Locale.Language())
+	c.Data["DateLang"] = conf.DateLang(c.Locale.Language())
 	m, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
@ -1199,7 +1199,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
 	c.Data["PageIsMilestones"] = true
 	c.Data["PageIsEditMilestone"] = true
 	c.Data["RequireDatetimepicker"] = true
-	c.Data["DateLang"] = setting.DateLang(c.Locale.Language())
+	c.Data["DateLang"] = conf.DateLang(c.Locale.Language())
 	if c.HasError() {
 		c.HTML(200, MILESTONE_NEW)
--- a/internal/route/repo/pull.go
+++ b/internal/route/repo/pull.go
@ -14,11 +14,11 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -354,8 +354,8 @@ func ViewPullFiles(c *context.Context) {
 	}
 	diff, err := db.GetDiffRange(diffRepoPath,
-		startCommitID, endCommitID, setting.Git.MaxGitDiffLines,
+		startCommitID, endCommitID, conf.Git.MaxGitDiffLines,
-		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
+		conf.Git.MaxGitDiffLineCharacters, conf.Git.MaxGitDiffFiles)
 	if err != nil {
 		c.ServerError("GetDiffRange", err)
 		return
@ -383,9 +383,9 @@ func ViewPullFiles(c *context.Context) {
 		c.Data["Reponame"] = pull.HeadRepo.Name
 		headTarget := path.Join(pull.HeadUserName, pull.HeadRepo.Name)
-		c.Data["SourcePath"] = setting.AppSubURL + "/" + path.Join(headTarget, "src", endCommitID)
+		c.Data["SourcePath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "src", endCommitID)
-		c.Data["BeforeSourcePath"] = setting.AppSubURL + "/" + path.Join(headTarget, "src", startCommitID)
+		c.Data["BeforeSourcePath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "src", startCommitID)
-		c.Data["RawPath"] = setting.AppSubURL + "/" + path.Join(headTarget, "raw", endCommitID)
+		c.Data["RawPath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "raw", endCommitID)
 	}
 	c.Data["RequireHighlightJS"] = true
@ -570,8 +570,8 @@ func PrepareCompareDiff(
 	}
 	diff, err := db.GetDiffRange(db.RepoPath(headUser.Name, headRepo.Name),
-		prInfo.MergeBase, headCommitID, setting.Git.MaxGitDiffLines,
+		prInfo.MergeBase, headCommitID, conf.Git.MaxGitDiffLines,
-		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
+		conf.Git.MaxGitDiffLineCharacters, conf.Git.MaxGitDiffFiles)
 	if err != nil {
 		c.ServerError("GetDiffRange", err)
 		return false
@ -593,9 +593,9 @@ func PrepareCompareDiff(
 	c.Data["IsImageFile"] = headCommit.IsImageFile
 	headTarget := path.Join(headUser.Name, repo.Name)
-	c.Data["SourcePath"] = setting.AppSubURL + "/" + path.Join(headTarget, "src", headCommitID)
+	c.Data["SourcePath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "src", headCommitID)
-	c.Data["BeforeSourcePath"] = setting.AppSubURL + "/" + path.Join(headTarget, "src", prInfo.MergeBase)
+	c.Data["BeforeSourcePath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "src", prInfo.MergeBase)
-	c.Data["RawPath"] = setting.AppSubURL + "/" + path.Join(headTarget, "raw", headCommitID)
+	c.Data["RawPath"] = conf.Server.Subpath + "/" + path.Join(headTarget, "raw", headCommitID)
 	return false
 }
@ -677,7 +677,7 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
 		return
 	}
-	if setting.AttachmentEnabled {
+	if conf.AttachmentEnabled {
 		attachments = f.Files
 	}
--- a/internal/route/repo/release.go
+++ b/internal/route/repo/release.go
@ -14,7 +14,7 @@ import (
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/markup"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 const (
@ -151,10 +151,10 @@ func Releases(c *context.Context) {
 func renderReleaseAttachmentSettings(c *context.Context) {
 	c.Data["RequireDropzone"] = true
-	c.Data["IsAttachmentEnabled"] = setting.Release.Attachment.Enabled
+	c.Data["IsAttachmentEnabled"] = conf.Release.Attachment.Enabled
-	c.Data["AttachmentAllowedTypes"] = strings.Join(setting.Release.Attachment.AllowedTypes, ",")
+	c.Data["AttachmentAllowedTypes"] = strings.Join(conf.Release.Attachment.AllowedTypes, ",")
-	c.Data["AttachmentMaxSize"] = setting.Release.Attachment.MaxSize
+	c.Data["AttachmentMaxSize"] = conf.Release.Attachment.MaxSize
-	c.Data["AttachmentMaxFiles"] = setting.Release.Attachment.MaxFiles
+	c.Data["AttachmentMaxFiles"] = conf.Release.Attachment.MaxFiles
 }
 func NewRelease(c *context.Context) {
@ -203,7 +203,7 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
 	}
 	var attachments []string
-	if setting.Release.Attachment.Enabled {
+	if conf.Release.Attachment.Enabled {
 		attachments = f.Files
 	}
@ -295,7 +295,7 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
 	}
 	var attachments []string
-	if setting.Release.Attachment.Enabled {
+	if conf.Release.Attachment.Enabled {
 		attachments = f.Files
 	}
@ -312,11 +312,11 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
 }
 func UploadReleaseAttachment(c *context.Context) {
-	if !setting.Release.Attachment.Enabled {
+	if !conf.Release.Attachment.Enabled {
 		c.NotFound()
 		return
 	}
-	uploadAttachment(c, setting.Release.Attachment.AllowedTypes)
+	uploadAttachment(c, conf.Release.Attachment.AllowedTypes)
 }
 func DeleteRelease(c *context.Context) {
--- a/internal/route/repo/repo.go
+++ b/internal/route/repo/repo.go
@ -15,11 +15,11 @@ import (
 	"github.com/gogs/git-module"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -75,7 +75,7 @@ func Create(c *context.Context) {
 	c.Data["Readmes"] = db.Readmes
 	c.Data["readme"] = "Default"
 	c.Data["private"] = c.User.LastRepoVisibility
-	c.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	c.Data["IsForcedPrivate"] = conf.Repository.ForcePrivate
 	ctxUser := checkContextUser(c, c.QueryInt64("org"))
 	if c.Written() {
@ -128,12 +128,12 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
 		Gitignores:  f.Gitignores,
 		License:     f.License,
 		Readme:      f.Readme,
-		IsPrivate:   f.Private || setting.Repository.ForcePrivate,
+		IsPrivate:   f.Private || conf.Repository.ForcePrivate,
 		AutoInit:    f.AutoInit,
 	})
 	if err == nil {
 		log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
-		c.Redirect(setting.AppSubURL + "/" + ctxUser.Name + "/" + repo.Name)
+		c.Redirect(conf.Server.Subpath + "/" + ctxUser.Name + "/" + repo.Name)
 		return
 	}
@ -149,7 +149,7 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
 func Migrate(c *context.Context) {
 	c.Data["Title"] = c.Tr("new_migrate")
 	c.Data["private"] = c.User.LastRepoVisibility
-	c.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	c.Data["IsForcedPrivate"] = conf.Repository.ForcePrivate
 	c.Data["mirror"] = c.Query("mirror") == "1"
 	ctxUser := checkContextUser(c, c.QueryInt64("org"))
@ -199,13 +199,13 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
 	repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{
 		Name:        f.RepoName,
 		Description: f.Description,
-		IsPrivate:   f.Private || setting.Repository.ForcePrivate,
+		IsPrivate:   f.Private || conf.Repository.ForcePrivate,
 		IsMirror:    f.Mirror,
 		RemoteAddr:  remoteAddr,
 	})
 	if err == nil {
 		log.Trace("Repository migrated [%d]: %s/%s", repo.ID, ctxUser.Name, f.RepoName)
-		c.Redirect(setting.AppSubURL + "/" + ctxUser.Name + "/" + f.RepoName)
+		c.Redirect(conf.Server.Subpath + "/" + ctxUser.Name + "/" + f.RepoName)
 		return
 	}
--- a/internal/route/repo/setting.go
+++ b/internal/route/repo/setting.go
@ -14,12 +14,12 @@ import (
 	"github.com/unknwon/com"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -196,7 +196,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		}
 		log.Trace("Repository converted from mirror to regular: %s/%s", c.Repo.Owner.Name, repo.Name)
 		c.Flash.Success(c.Tr("repo.settings.convert_succeed"))
-		c.Redirect(setting.AppSubURL + "/" + c.Repo.Owner.Name + "/" + repo.Name)
+		c.Redirect(conf.Server.Subpath + "/" + c.Repo.Owner.Name + "/" + repo.Name)
 	case "transfer":
 		if !c.Repo.IsOwner() {
@ -235,7 +235,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		}
 		log.Trace("Repository transfered: %s/%s -> %s", c.Repo.Owner.Name, repo.Name, newOwner)
 		c.Flash.Success(c.Tr("repo.settings.transfer_succeed"))
-		c.Redirect(setting.AppSubURL + "/" + newOwner + "/" + repo.Name)
+		c.Redirect(conf.Server.Subpath + "/" + newOwner + "/" + repo.Name)
 	case "delete":
 		if !c.Repo.IsOwner() {
@ -371,7 +371,7 @@ func SettingsCollaboration(c *context.Context) {
 func SettingsCollaborationPost(c *context.Context) {
 	name := strings.ToLower(c.Query("collaborator"))
 	if len(name) == 0 || c.Repo.Owner.LowerName == name {
-		c.Redirect(setting.AppSubURL + c.Req.URL.Path)
+		c.Redirect(conf.Server.Subpath + c.Req.URL.Path)
 		return
 	}
@ -379,7 +379,7 @@ func SettingsCollaborationPost(c *context.Context) {
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Flash.Error(c.Tr("form.user_not_exist"))
-			c.Redirect(setting.AppSubURL + c.Req.URL.Path)
+			c.Redirect(conf.Server.Subpath + c.Req.URL.Path)
 		} else {
 			c.Handle(500, "GetUserByName", err)
 		}
@ -389,7 +389,7 @@ func SettingsCollaborationPost(c *context.Context) {
 	// Organization is not allowed to be added as a collaborator
 	if u.IsOrganization() {
 		c.Flash.Error(c.Tr("repo.settings.org_not_allowed_to_be_collaborator"))
-		c.Redirect(setting.AppSubURL + c.Req.URL.Path)
+		c.Redirect(conf.Server.Subpath + c.Req.URL.Path)
 		return
 	}
@ -398,12 +398,12 @@ func SettingsCollaborationPost(c *context.Context) {
 		return
 	}
-	if setting.Service.EnableNotifyMail {
+	if conf.Service.EnableNotifyMail {
 		mailer.SendCollaboratorMail(db.NewMailerUser(u), db.NewMailerUser(c.User), db.NewMailerRepo(c.Repo.Repository))
 	}
 	c.Flash.Success(c.Tr("repo.settings.add_collaborator_success"))
-	c.Redirect(setting.AppSubURL + c.Req.URL.Path)
+	c.Redirect(conf.Server.Subpath + c.Req.URL.Path)
 }
 func ChangeCollaborationAccessMode(c *context.Context) {
--- a/internal/route/repo/view.go
+++ b/internal/route/repo/view.go
@ -20,7 +20,7 @@ import (
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/markup"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/template"
 	"gogs.io/gogs/internal/template/highlight"
 	"gogs.io/gogs/internal/tool"
@ -47,7 +47,7 @@ func renderDirectory(c *context.Context, treeLink string) {
 	}
 	entries.Sort()
-	c.Data["Files"], err = entries.GetCommitsInfoWithCustomConcurrency(c.Repo.Commit, c.Repo.TreePath, setting.Repository.CommitsFetchConcurrency)
+	c.Data["Files"], err = entries.GetCommitsInfoWithCustomConcurrency(c.Repo.Commit, c.Repo.TreePath, conf.Repository.CommitsFetchConcurrency)
 	if err != nil {
 		c.ServerError("GetCommitsInfoWithCustomConcurrency", err)
 		return
@ -118,7 +118,7 @@ func renderDirectory(c *context.Context, treeLink string) {
 	if c.Repo.CanEnableEditor() {
 		c.Data["CanAddFile"] = true
-		c.Data["CanUploadFile"] = setting.Repository.Upload.Enabled
+		c.Data["CanUploadFile"] = conf.Repository.Upload.Enabled
 	}
 }
@ -152,7 +152,7 @@ func renderFile(c *context.Context, entry *git.TreeEntry, treeLink, rawLink stri
 	canEnableEditor := c.Repo.CanEnableEditor()
 	switch {
 	case isTextFile:
-		if blob.Size() >= setting.UI.MaxDisplayFileSize {
+		if blob.Size() >= conf.UI.MaxDisplayFileSize {
 			c.Data["IsFileTooLarge"] = true
 			break
 		}
--- a/internal/route/repo/webhook.go
+++ b/internal/route/repo/webhook.go
@ -18,7 +18,7 @@ import (
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 const (
@ -32,7 +32,7 @@ func Webhooks(c *context.Context) {
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["BaseLink"] = c.Repo.RepoLink
 	c.Data["Description"] = c.Tr("repo.settings.hooks_desc", "https://github.com/gogs/docs-api/blob/master/Repositories/Webhooks.md")
-	c.Data["Types"] = setting.Webhook.Types
+	c.Data["Types"] = conf.Webhook.Types
 	ws, err := db.GetWebhooksByRepoID(c.Repo.Repository.ID)
 	if err != nil {
@ -76,7 +76,7 @@ func getOrgRepoCtx(c *context.Context) (*OrgRepoCtx, error) {
 func checkHookType(c *context.Context) string {
 	hookType := strings.ToLower(c.Params(":type"))
-	if !com.IsSliceContainsStr(setting.Webhook.Types, hookType) {
+	if !com.IsSliceContainsStr(conf.Webhook.Types, hookType) {
 		c.Handle(404, "checkHookType", nil)
 		return ""
 	}
--- a/internal/route/user/auth.go
+++ b/internal/route/user/auth.go
@ -11,12 +11,12 @@ import (
 	"github.com/go-macaron/captcha"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -36,7 +36,7 @@ func AutoLogin(c *context.Context) (bool, error) {
 		return false, nil
 	}
-	uname := c.GetCookie(setting.CookieUserName)
+	uname := c.GetCookie(conf.CookieUserName)
 	if len(uname) == 0 {
 		return false, nil
 	}
@ -45,9 +45,9 @@ func AutoLogin(c *context.Context) (bool, error) {
 	defer func() {
 		if !isSucceed {
 			log.Trace("auto-login cookie cleared: %s", uname)
-			c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL)
+			c.SetCookie(conf.CookieUserName, "", -1, conf.Server.Subpath)
-			c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL)
+			c.SetCookie(conf.CookieRememberName, "", -1, conf.Server.Subpath)
-			c.SetCookie(setting.LoginStatusCookieName, "", -1, setting.AppSubURL)
+			c.SetCookie(conf.LoginStatusCookieName, "", -1, conf.Server.Subpath)
 		}
 	}()
@ -59,16 +59,16 @@ func AutoLogin(c *context.Context) (bool, error) {
 		return false, nil
 	}
-	if val, ok := c.GetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName); !ok || val != u.Name {
+	if val, ok := c.GetSuperSecureCookie(u.Rands+u.Passwd, conf.CookieRememberName); !ok || val != u.Name {
 		return false, nil
 	}
 	isSucceed = true
 	c.Session.Set("uid", u.ID)
 	c.Session.Set("uname", u.Name)
-	c.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
+	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
-	if setting.EnableLoginStatusCookie {
+	if conf.EnableLoginStatusCookie {
-		c.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubURL)
+		c.SetCookie(conf.LoginStatusCookieName, "true", 0, conf.Server.Subpath)
 	}
 	return true, nil
 }
@ -85,7 +85,7 @@ func Login(c *context.Context) {
 	redirectTo := c.Query("redirect_to")
 	if len(redirectTo) > 0 {
-		c.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL)
+		c.SetCookie("redirect_to", redirectTo, 0, conf.Server.Subpath)
 	} else {
 		redirectTo, _ = url.QueryUnescape(c.GetCookie("redirect_to"))
 	}
@ -96,7 +96,7 @@ func Login(c *context.Context) {
 		} else {
 			c.SubURLRedirect("/")
 		}
-		c.SetCookie("redirect_to", "", -1, setting.AppSubURL)
+		c.SetCookie("redirect_to", "", -1, conf.Server.Subpath)
 		return
 	}
@ -119,9 +119,9 @@ func Login(c *context.Context) {
 func afterLogin(c *context.Context, u *db.User, remember bool) {
 	if remember {
-		days := 86400 * setting.LoginRememberDays
+		days := 86400 * conf.LoginRememberDays
-		c.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubURL, "", setting.CookieSecure, true)
+		c.SetCookie(conf.CookieUserName, u.Name, days, conf.Server.Subpath, "", conf.CookieSecure, true)
-		c.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubURL, "", setting.CookieSecure, true)
+		c.SetSuperSecureCookie(u.Rands+u.Passwd, conf.CookieRememberName, u.Name, days, conf.Server.Subpath, "", conf.CookieSecure, true)
 	}
 	c.Session.Set("uid", u.ID)
@ -130,13 +130,13 @@ func afterLogin(c *context.Context, u *db.User, remember bool) {
 	c.Session.Delete("twoFactorUserID")
 	// Clear whatever CSRF has right now, force to generate a new one
-	c.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
+	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
-	if setting.EnableLoginStatusCookie {
+	if conf.EnableLoginStatusCookie {
-		c.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubURL)
+		c.SetCookie(conf.LoginStatusCookieName, "true", 0, conf.Server.Subpath)
 	}
 	redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to"))
-	c.SetCookie("redirect_to", "", -1, setting.AppSubURL)
+	c.SetCookie("redirect_to", "", -1, conf.Server.Subpath)
 	if tool.IsSameSiteURLPath(redirectTo) {
 		c.Redirect(redirectTo)
 		return
@ -283,18 +283,18 @@ func LoginTwoFactorRecoveryCodePost(c *context.Context) {
 func SignOut(c *context.Context) {
 	c.Session.Flush()
 	c.Session.Destory(c.Context)
-	c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL)
+	c.SetCookie(conf.CookieUserName, "", -1, conf.Server.Subpath)
-	c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL)
+	c.SetCookie(conf.CookieRememberName, "", -1, conf.Server.Subpath)
-	c.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
+	c.SetCookie(conf.CSRFCookieName, "", -1, conf.Server.Subpath)
 	c.SubURLRedirect("/")
 }
 func SignUp(c *context.Context) {
 	c.Title("sign_up")
-	c.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
+	c.Data["EnableCaptcha"] = conf.Service.EnableCaptcha
-	if setting.Service.DisableRegistration {
+	if conf.Service.DisableRegistration {
 		c.Data["DisableRegistration"] = true
 		c.Success(SIGNUP)
 		return
@ -306,9 +306,9 @@ func SignUp(c *context.Context) {
 func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 	c.Title("sign_up")
-	c.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
+	c.Data["EnableCaptcha"] = conf.Service.EnableCaptcha
-	if setting.Service.DisableRegistration {
+	if conf.Service.DisableRegistration {
 		c.Status(403)
 		return
 	}
@ -318,7 +318,7 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 		return
 	}
-	if setting.Service.EnableCaptcha && !cpt.VerifyReq(c.Req) {
+	if conf.Service.EnableCaptcha && !cpt.VerifyReq(c.Req) {
 		c.FormErr("Captcha")
 		c.RenderWithErr(c.Tr("form.captcha_incorrect"), SIGNUP, &f)
 		return
@ -334,7 +334,7 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 		Name:     f.UserName,
 		Email:    f.Email,
 		Passwd:   f.Password,
-		IsActive: !setting.Service.RegisterEmailConfirm,
+		IsActive: !conf.Service.RegisterEmailConfirm,
 	}
 	if err := db.CreateUser(u); err != nil {
 		switch {
@ -368,11 +368,11 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 	}
 	// Send confirmation email, no need for social account.
-	if setting.Service.RegisterEmailConfirm && u.ID > 1 {
+	if conf.Service.RegisterEmailConfirm && u.ID > 1 {
 		mailer.SendActivateAccountMail(c.Context, db.NewMailerUser(u))
 		c.Data["IsSendRegisterMail"] = true
 		c.Data["Email"] = u.Email
-		c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
+		c.Data["Hours"] = conf.Service.ActiveCodeLives / 60
 		c.Success(ACTIVATE)
 		if err := c.Cache.Put(u.MailResendCacheKey(), 1, 180); err != nil {
@ -393,11 +393,11 @@ func Activate(c *context.Context) {
 			return
 		}
 		// Resend confirmation email.
-		if setting.Service.RegisterEmailConfirm {
+		if conf.Service.RegisterEmailConfirm {
 			if c.Cache.IsExist(c.User.MailResendCacheKey()) {
 				c.Data["ResendLimited"] = true
 			} else {
-				c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
+				c.Data["Hours"] = conf.Service.ActiveCodeLives / 60
 				mailer.SendActivateAccountMail(c.Context, db.NewMailerUser(c.User))
 				if err := c.Cache.Put(c.User.MailResendCacheKey(), 1, 180); err != nil {
@ -457,7 +457,7 @@ func ActivateEmail(c *context.Context) {
 func ForgotPasswd(c *context.Context) {
 	c.Title("auth.forgot_password")
-	if setting.MailService == nil {
+	if conf.MailService == nil {
 		c.Data["IsResetDisable"] = true
 		c.Success(FORGOT_PASSWORD)
 		return
@ -470,7 +470,7 @@ func ForgotPasswd(c *context.Context) {
 func ForgotPasswdPost(c *context.Context) {
 	c.Title("auth.forgot_password")
-	if setting.MailService == nil {
+	if conf.MailService == nil {
 		c.Status(403)
 		return
 	}
@ -482,7 +482,7 @@ func ForgotPasswdPost(c *context.Context) {
 	u, err := db.GetUserByEmail(email)
 	if err != nil {
 		if errors.IsUserNotExist(err) {
-			c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
+			c.Data["Hours"] = conf.Service.ActiveCodeLives / 60
 			c.Data["IsResetSent"] = true
 			c.Success(FORGOT_PASSWORD)
 			return
@ -509,7 +509,7 @@ func ForgotPasswdPost(c *context.Context) {
 		log.Error("Failed to put cache key 'mail resend': %v", err)
 	}
-	c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
+	c.Data["Hours"] = conf.Service.ActiveCodeLives / 60
 	c.Data["IsResetSent"] = true
 	c.Success(FORGOT_PASSWORD)
 }
--- a/internal/route/user/home.go
+++ b/internal/route/user/home.go
@ -11,10 +11,10 @@ import (
 	"github.com/unknwon/com"
 	"github.com/unknwon/paginater"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/setting"
 )
 const (
@ -110,7 +110,7 @@ func Dashboard(c *context.Context) {
 	// Only user can have collaborative repositories.
 	if !ctxUser.IsOrganization() {
-		collaborateRepos, err := c.User.GetAccessibleRepositories(setting.UI.User.RepoPagingNum)
+		collaborateRepos, err := c.User.GetAccessibleRepositories(conf.UI.User.RepoPagingNum)
 		if err != nil {
 			c.Handle(500, "GetAccessibleRepositories", err)
 			return
@ -125,7 +125,7 @@ func Dashboard(c *context.Context) {
 	var repos, mirrors []*db.Repository
 	var repoCount int64
 	if ctxUser.IsOrganization() {
-		repos, repoCount, err = ctxUser.GetUserRepositories(c.User.ID, 1, setting.UI.User.RepoPagingNum)
+		repos, repoCount, err = ctxUser.GetUserRepositories(c.User.ID, 1, conf.UI.User.RepoPagingNum)
 		if err != nil {
 			c.Handle(500, "GetUserRepositories", err)
 			return
@ -137,7 +137,7 @@ func Dashboard(c *context.Context) {
 			return
 		}
 	} else {
-		if err = ctxUser.GetRepositories(1, setting.UI.User.RepoPagingNum); err != nil {
+		if err = ctxUser.GetRepositories(1, conf.UI.User.RepoPagingNum); err != nil {
 			c.Handle(500, "GetRepositories", err)
 			return
 		}
@ -152,7 +152,7 @@ func Dashboard(c *context.Context) {
 	}
 	c.Data["Repos"] = repos
 	c.Data["RepoCount"] = repoCount
-	c.Data["MaxShowRepoNum"] = setting.UI.User.RepoPagingNum
+	c.Data["MaxShowRepoNum"] = conf.UI.User.RepoPagingNum
 	if err := db.MirrorRepositoryList(mirrors).LoadAttributes(); err != nil {
 		c.Handle(500, "MirrorRepositoryList.LoadAttributes", err)
@ -328,7 +328,7 @@ func Issues(c *context.Context) {
 	c.Data["Issues"] = issues
 	c.Data["Repos"] = showRepos
-	c.Data["Page"] = paginater.New(total, setting.UI.IssuePagingNum, page, 5)
+	c.Data["Page"] = paginater.New(total, conf.UI.IssuePagingNum, page, 5)
 	c.Data["IssueStats"] = issueStats
 	c.Data["ViewType"] = string(filterMode)
 	c.Data["SortType"] = sortType
@ -380,7 +380,7 @@ func showOrgProfile(c *context.Context) {
 		err   error
 	)
 	if c.IsLogged && !c.User.IsAdmin {
-		repos, count, err = org.GetUserRepositories(c.User.ID, page, setting.UI.User.RepoPagingNum)
+		repos, count, err = org.GetUserRepositories(c.User.ID, page, conf.UI.User.RepoPagingNum)
 		if err != nil {
 			c.Handle(500, "GetUserRepositories", err)
 			return
@ -392,7 +392,7 @@ func showOrgProfile(c *context.Context) {
 			UserID:   org.ID,
 			Private:  showPrivate,
 			Page:     page,
-			PageSize: setting.UI.User.RepoPagingNum,
+			PageSize: conf.UI.User.RepoPagingNum,
 		})
 		if err != nil {
 			c.Handle(500, "GetRepositories", err)
@ -401,7 +401,7 @@ func showOrgProfile(c *context.Context) {
 		c.Data["Repos"] = repos
 		count = db.CountUserRepositories(org.ID, showPrivate)
 	}
-	c.Data["Page"] = paginater.New(int(count), setting.UI.User.RepoPagingNum, page, 5)
+	c.Data["Page"] = paginater.New(int(count), conf.UI.User.RepoPagingNum, page, 5)
 	if err := org.GetMembers(); err != nil {
 		c.Handle(500, "GetMembers", err)
@ -420,5 +420,5 @@ func Email2User(c *context.Context) {
 		c.NotFoundOrServerError("GetUserByEmail", errors.IsUserNotExist, err)
 		return
 	}
-	c.Redirect(setting.AppSubURL + "/user/" + u.Name)
+	c.Redirect(conf.Server.Subpath + "/user/" + u.Name)
 }
--- a/internal/route/user/profile.go
+++ b/internal/route/user/profile.go
@ -13,7 +13,7 @@ import (
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/tool"
 )
@ -70,7 +70,7 @@ func Profile(c *context.Context, puser *context.ParamsUser) {
 			UserID:   puser.ID,
 			Private:  showPrivate,
 			Page:     page,
-			PageSize: setting.UI.User.RepoPagingNum,
+			PageSize: conf.UI.User.RepoPagingNum,
 		})
 		if err != nil {
 			c.ServerError("GetRepositories", err)
@ -78,7 +78,7 @@ func Profile(c *context.Context, puser *context.ParamsUser) {
 		}
 		count := db.CountUserRepositories(puser.ID, showPrivate)
-		c.Data["Page"] = paginater.New(int(count), setting.UI.User.RepoPagingNum, page, 5)
+		c.Data["Page"] = paginater.New(int(count), conf.UI.User.RepoPagingNum, page, 5)
 	}
 	c.Success(PROFILE)
--- a/internal/route/user/setting.go
+++ b/internal/route/user/setting.go
@ -18,12 +18,12 @@ import (
 	"github.com/unknwon/com"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/context"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/db/errors"
 	"gogs.io/gogs/internal/form"
 	"gogs.io/gogs/internal/mailer"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -262,7 +262,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 	email := &db.EmailAddress{
 		UID:         c.User.ID,
 		Email:       f.Email,
-		IsActivated: !setting.Service.RegisterEmailConfirm,
+		IsActivated: !conf.Service.RegisterEmailConfirm,
 	}
 	if err := db.AddEmailAddress(email); err != nil {
 		if db.IsErrEmailAlreadyUsed(err) {
@ -274,13 +274,13 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 	}
 	// Send confirmation email
-	if setting.Service.RegisterEmailConfirm {
+	if conf.Service.RegisterEmailConfirm {
 		mailer.SendActivateEmailMail(c.Context, db.NewMailerUser(c.User), email.Email)
 		if err := c.Cache.Put("MailResendLimit_"+c.User.LowerName, c.User.LowerName, 180); err != nil {
 			log.Error("Set cache 'MailResendLimit' failed: %v", err)
 		}
-		c.Flash.Info(c.Tr("settings.add_email_confirmation_sent", email.Email, setting.Service.ActiveCodeLives/60))
+		c.Flash.Info(c.Tr("settings.add_email_confirmation_sent", email.Email, conf.Service.ActiveCodeLives/60))
 	} else {
 		c.Flash.Success(c.Tr("settings.add_email_success"))
 	}
@ -299,7 +299,7 @@ func DeleteEmail(c *context.Context) {
 	c.Flash.Success(c.Tr("settings.email_deletion_success"))
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/email",
+		"redirect": conf.Server.Subpath + "/user/settings/email",
 	})
 }
@ -371,7 +371,7 @@ func DeleteSSHKey(c *context.Context) {
 	}
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/ssh",
+		"redirect": conf.Server.Subpath + "/user/settings/ssh",
 	})
 }
@ -406,7 +406,7 @@ func SettingsTwoFactorEnable(c *context.Context) {
 	}
 	if key == nil {
 		key, err = totp.Generate(totp.GenerateOpts{
-			Issuer:      setting.AppName,
+			Issuer:      conf.App.BrandName,
 			AccountName: c.User.Email,
 		})
 		if err != nil {
@ -506,7 +506,7 @@ func SettingsTwoFactorDisable(c *context.Context) {
 	c.Flash.Success(c.Tr("settings.two_factor_disable_success"))
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/security",
+		"redirect": conf.Server.Subpath + "/user/settings/security",
 	})
 }
@ -542,7 +542,7 @@ func SettingsLeaveRepo(c *context.Context) {
 	c.Flash.Success(c.Tr("settings.repos.leave_success", repo.FullName()))
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/repositories",
+		"redirect": conf.Server.Subpath + "/user/settings/repositories",
 	})
 }
@ -571,7 +571,7 @@ func SettingsLeaveOrganization(c *context.Context) {
 	}
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/organizations",
+		"redirect": conf.Server.Subpath + "/user/settings/organizations",
 	})
 }
@ -632,7 +632,7 @@ func SettingsDeleteApplication(c *context.Context) {
 	}
 	c.JSONSuccess(map[string]interface{}{
-		"redirect": setting.AppSubURL + "/user/settings/applications",
+		"redirect": conf.Server.Subpath + "/user/settings/applications",
 	})
 }
@ -654,16 +654,16 @@ func SettingsDelete(c *context.Context) {
 			switch {
 			case db.IsErrUserOwnRepos(err):
 				c.Flash.Error(c.Tr("form.still_own_repo"))
-				c.Redirect(setting.AppSubURL + "/user/settings/delete")
+				c.Redirect(conf.Server.Subpath + "/user/settings/delete")
 			case db.IsErrUserHasOrgs(err):
 				c.Flash.Error(c.Tr("form.still_has_org"))
-				c.Redirect(setting.AppSubURL + "/user/settings/delete")
+				c.Redirect(conf.Server.Subpath + "/user/settings/delete")
 			default:
 				c.ServerError("DeleteUser", err)
 			}
 		} else {
 			log.Trace("Account deleted: %s", c.User.Name)
-			c.Redirect(setting.AppSubURL + "/")
+			c.Redirect(conf.Server.Subpath + "/")
 		}
 		return
 	}
--- a/internal/setting/computed.go
+++ b/internal/setting/computed.go
@ -1,12 +0,0 @@
 // Copyright 2020 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package setting
 var supportWindowsService bool
 // SupportWindowsService returns true if running as Windows Service is supported.
 func SupportWindowsService() bool {
 	return supportWindowsService
 }
--- a/internal/ssh/ssh.go
+++ b/internal/ssh/ssh.go
@ -18,8 +18,8 @@ import (
 	"golang.org/x/crypto/ssh"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/setting"
 )
 func cleanCommand(cmd string) string {
@ -64,9 +64,9 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
 					cmdName := strings.TrimLeft(payload, "'()")
 					log.Trace("SSH: Payload: %v", cmdName)
-					args := []string{"serv", "key-" + keyID, "--config=" + setting.CustomConf}
+					args := []string{"serv", "key-" + keyID, "--config=" + conf.CustomConf}
 					log.Trace("SSH: Arguments: %v", args)
-					cmd := exec.Command(setting.AppPath, args...)
+					cmd := exec.Command(conf.AppPath(), args...)
 					cmd.Env = append(os.Environ(), "SSH_ORIGINAL_COMMAND="+cmdName)
 					stdout, err := cmd.StdoutPipe()
@ -163,10 +163,10 @@ func Listen(host string, port int, ciphers []string) {
 		},
 	}
-	keyPath := filepath.Join(setting.AppDataPath, "ssh/gogs.rsa")
+	keyPath := filepath.Join(conf.Server.AppDataPath, "ssh", "gogs.rsa")
 	if !com.IsExist(keyPath) {
 		os.MkdirAll(filepath.Dir(keyPath), os.ModePerm)
-		_, stderr, err := com.ExecCmd(setting.SSH.KeygenPath, "-f", keyPath, "-t", "rsa", "-m", "PEM", "-N", "")
+		_, stderr, err := com.ExecCmd(conf.SSH.KeygenPath, "-f", keyPath, "-t", "rsa", "-m", "PEM", "-N", "")
 		if err != nil {
 			panic(fmt.Sprintf("Failed to generate private key: %v - %s", err, stderr))
 		}
--- a/internal/template/highlight/highlight.go
+++ b/internal/template/highlight/highlight.go
@ -8,7 +8,7 @@ import (
 	"path"
 	"strings"
-	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/conf"
 )
 var (
@ -72,7 +72,7 @@ var (
 )
 func NewContext() {
-	keys := setting.Cfg.Section("highlight.mapping").Keys()
+	keys := conf.File.Section("highlight.mapping").Keys()
 	for i := range keys {
 		highlightMapping[keys[i].Name()] = keys[i].Value()
 	}
--- a/internal/template/template.go
+++ b/internal/template/template.go
@ -21,9 +21,9 @@ import (
 	"golang.org/x/text/transform"
 	log "unknwon.dev/clog/v2"
 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
 	"gogs.io/gogs/internal/markup"
 	"gogs.io/gogs/internal/setting"
 	"gogs.io/gogs/internal/tool"
 )
@ -40,28 +40,28 @@ func FuncMap() []template.FuncMap {
 				return time.Now().Year()
 			},
 			"UseHTTPS": func() bool {
-				return strings.HasPrefix(setting.AppURL, "https")
+				return conf.Server.URL.Scheme == "https"
 			},
 			"AppName": func() string {
-				return setting.AppName
+				return conf.App.BrandName
 			},
 			"AppSubURL": func() string {
-				return setting.AppSubURL
+				return conf.Server.Subpath
 			},
 			"AppURL": func() string {
-				return setting.AppURL
+				return conf.Server.ExternalURL
 			},
 			"AppVer": func() string {
-				return setting.AppVersion
+				return conf.App.Version
 			},
 			"AppDomain": func() string {
-				return setting.Domain
+				return conf.Server.Domain
 			},
 			"DisableGravatar": func() bool {
-				return setting.DisableGravatar
+				return conf.DisableGravatar
 			},
 			"ShowFooterTemplateLoadTime": func() bool {
-				return setting.ShowFooterTemplateLoadTime
+				return conf.ShowFooterTemplateLoadTime
 			},
 			"LoadTimes": func(startTime time.Time) string {
 				return fmt.Sprint(time.Since(startTime).Nanoseconds()/1e6) + "ms"
@ -111,7 +111,7 @@ func FuncMap() []template.FuncMap {
 			"EscapePound":           EscapePound,
 			"RenderCommitMessage":   RenderCommitMessage,
 			"ThemeColorMetaTag": func() string {
-				return setting.UI.ThemeColorMetaTag
+				return conf.UI.ThemeColorMetaTag
 			},
 			"FilenameIsImage": func(filename string) bool {
 				mimeType := mime.TypeByExtension(filepath.Ext(filename))
--- a/Show More
+++ b/Show More