Service Configuration

Example YAML Config

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148


# Autogenerated
# Filename: frontend-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9141
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9140
  protocol: tcp
  prefix: ""
  cors:
    allow_origins:
    - https://localhost:9200
    allow_methods:
    - OPTIONS
    - HEAD
    - GET
    - PUT
    - POST
    - PATCH
    - DELETE
    - MKCOL
    - PROPFIND
    - PROPPATCH
    - MOVE
    - COPY
    - REPORT
    - SEARCH
    allow_headers:
    - Origin
    - Accept
    - Content-Type
    - Depth
    - Authorization
    - Ocs-Apirequest
    - If-None-Match
    - If-Match
    - Destination
    - Overwrite
    - X-Request-Id
    - X-Requested-With
    - Tus-Resumable
    - Tus-Checksum-Algorithm
    - Upload-Concat
    - Upload-Length
    - Upload-Metadata
    - Upload-Defer-Length
    - Upload-Expires
    - Upload-Checksum
    - Upload-Offset
    - X-HTTP-Method-Override
    - Cache-Control
    allow_credentials: false
transfer_secret: ""
token_manager:
  jwt_secret: ""
reva:
  address: com.owncloud.api.gateway
  tls:
    mode: ""
    cacert: ""
machine_auth_api_key: ""
skip_user_groups_in_token: false
enable_favorites: false
max_quota: 0
upload_max_chunk_size: 10000000
upload_http_method_override: ""
default_upload_protocol: tus
enable_federated_sharing_incoming: false
enable_federated_sharing_outgoing: false
search_min_length: 3
edition: Community
disable_sse: false
default_link_permissions: 1
public_url: https://localhost:9200
app_handler:
  insecure: false
archiver:
  max_num_files: 10000
  max_size: 1073741824
  insecure: false
data_gateway:
  prefix: data
ocs:
  prefix: ocs
  share_prefix: /Shares
  home_namespace: /users/{{.Id.OpaqueId}}
  additional_info_attribute: '{{.Mail}}'
  stat_cache_type: memory
  stat_cache_nodes:
  - 127.0.0.1:9233
  stat_cache_database: cache-stat
  stat_cache_table: ""
  stat_cache_ttl: 5m0s
  stat_cache_size: 0
  stat_cache_disable_persistence: false
  stat_cache_auth_username: ""
  stat_cache_auth_password: ""
  enable_denials: false
  list_ocm_shares: true
  public_sharing_share_must_have_password: true
  public_sharing_writeableshare_must_have_password: false
  include_ocm_sharees: false
  show_email_in_results: false
checksums:
  supported_types:
  - sha1
  - md5
  - adler32
  preferred_upload_type: sha1
read_only_user_attributes: []
ldap_server_write_enabled: true
full_text_search: false
middleware:
  auth:
    credentials_by_user_agent: {}
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
  username: ""
  password: ""
grpc_client_tls: null
auto_accept_shares: true
service_account:
  service_account_id: ""
  service_account_secret: ""
password_policy:
  min_characters: 8
  min_lowercase_characters: 1
  min_uppercase_characters: 1
  min_digits: 1
  min_special_characters: 1
  banned_passwords_list: ""

Environment Variables

Name	Type	Default Value	Description
OCIS_TRACING_ENABLED FRONTEND_TRACING_ENABLED	bool	false	Activates tracing.
OCIS_TRACING_TYPE FRONTEND_TRACING_TYPE	string		The type of tracing. Defaults to ‘’, which is the same as ‘jaeger’. Allowed tracing types are ‘jaeger’ and ’’ as of now.
OCIS_TRACING_ENDPOINT FRONTEND_TRACING_ENDPOINT	string		The endpoint of the tracing agent.
OCIS_TRACING_COLLECTOR FRONTEND_TRACING_COLLECTOR	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
OCIS_LOG_LEVEL FRONTEND_LOG_LEVEL	string		The log level. Valid values are: ‘panic’, ‘fatal’, ’error’, ‘warn’, ‘info’, ‘debug’, ’trace’.
OCIS_LOG_PRETTY FRONTEND_LOG_PRETTY	bool	false	Activates pretty log output.
OCIS_LOG_COLOR FRONTEND_LOG_COLOR	bool	false	Activates colorized log output.
OCIS_LOG_FILE FRONTEND_LOG_FILE	string		The path to the log file. Activates logging to this file if set.
FRONTEND_DEBUG_ADDR	string	127.0.0.1:9141	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
FRONTEND_DEBUG_TOKEN	string		Token to secure the metrics endpoint.
FRONTEND_DEBUG_PPROF	bool	false	Enables pprof, which can be used for profiling.
FRONTEND_DEBUG_ZPAGES	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
FRONTEND_HTTP_ADDR	string	127.0.0.1:9140	The bind address of the HTTP service.
FRONTEND_HTTP_PROTOCOL	string	tcp	The transport protocol of the HTTP service.
FRONTEND_HTTP_PREFIX	string		The Path prefix where the frontend can be accessed (defaults to /).
OCIS_CORS_ALLOW_ORIGINS FRONTEND_CORS_ALLOW_ORIGINS	[]string	[https://localhost:9200]	A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_METHODS FRONTEND_CORS_ALLOW_METHODS	[]string	[OPTIONS HEAD GET PUT POST PATCH DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]	A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_HEADERS FRONTEND_CORS_ALLOW_HEADERS	[]string	[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]	A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.
OCIS_CORS_ALLOW_CREDENTIALS FRONTEND_CORS_ALLOW_CREDENTIALS	bool	false	Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.
OCIS_TRANSFER_SECRET	string		Transfer secret for signing file up- and download requests.
OCIS_JWT_SECRET FRONTEND_JWT_SECRET	string		The secret to mint and validate jwt tokens.
OCIS_REVA_GATEWAY	string	com.owncloud.api.gateway	The CS3 gateway endpoint.
OCIS_GRPC_CLIENT_TLS_MODE	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are ‘off’, ‘insecure’ and ‘on’. ‘off’: disables transport security for the clients. ‘insecure’ allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). ‘on’ enables transport security, including server certificate verification.
OCIS_GRPC_CLIENT_TLS_CACERT	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
OCIS_MACHINE_AUTH_API_KEY FRONTEND_MACHINE_AUTH_API_KEY	string		The machine auth API key used to validate internal requests necessary to access resources from other services.
FRONTEND_SKIP_USER_GROUPS_IN_TOKEN	bool	false	Disables the loading of user’s group memberships from the reva access token.
FRONTEND_ENABLE_FAVORITES	bool	false	Enables the support for favorites in the clients.
OCIS_SPACES_MAX_QUOTA FRONTEND_MAX_QUOTA	uint64	0	Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities.
FRONTEND_UPLOAD_MAX_CHUNK_SIZE	int	10000000	Sets the max chunk sizes in bytes for uploads via the clients.
FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE	string		Advise TUS to replace PATCH requests by POST requests.
FRONTEND_DEFAULT_UPLOAD_PROTOCOL	string	tus	The default upload protocol to use in clients. Currently only ’tus’ is available. See the developer API documentation for more details about TUS.
FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING	bool	false	Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.
FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING	bool	false	Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.
FRONTEND_SEARCH_MIN_LENGTH	int	3	Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.
OCIS_EDITION FRONTEND_EDITION	string	Community	Edition of oCIS. Used for branding purposes.
OCIS_DISABLE_SSE FRONTEND_DISABLE_SSE	bool	false	When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.
FRONTEND_DEFAULT_LINK_PERMISSIONS	int	1	Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.
OCIS_URL FRONTEND_PUBLIC_URL	string	https://localhost:9200	The public facing URL of the oCIS frontend.
OCIS_INSECURE FRONTEND_APP_HANDLER_INSECURE	bool	false	Allow insecure connections to the frontend.
FRONTEND_ARCHIVER_MAX_NUM_FILES	int64	10000	Max number of files that can be packed into an archive.
FRONTEND_ARCHIVER_MAX_SIZE	int64	1073741824	Max size in bytes of the zip archive the archiver can create.
OCIS_INSECURE FRONTEND_ARCHIVER_INSECURE	bool	false	Allow insecure connections to the archiver.
FRONTEND_DATA_GATEWAY_PREFIX	string	data	Path prefix for the data gateway.
FRONTEND_OCS_PREFIX	string	ocs	URL path prefix for the OCS service. Note that the string must not start with ‘/’.
FRONTEND_OCS_SHARE_PREFIX	string	/Shares	Path prefix for shares as part of an ocis resource. Note that the path must start with ‘/’.
FRONTEND_OCS_PERSONAL_NAMESPACE	string	/users/{{.Id.OpaqueId}}	Home namespace identifier.
FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE	string	{{.Mail}}	Additional information attribute for the user like {{.Mail}}.
OCIS_CACHE_STORE FRONTEND_OCS_STAT_CACHE_STORE	string	memory	The type of the cache store. Supported values are: ‘memory’, ‘redis-sentinel’, ’nats-js-kv’, ’noop’. See the text description for details.
OCIS_CACHE_STORE_NODES FRONTEND_OCS_STAT_CACHE_STORE_NODES	[]string	[127.0.0.1:9233]	A list of nodes to access the configured store. This has no effect when ‘memory’ or ‘ocmem’ stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.
OCIS_CACHE_DATABASE	string	cache-stat	The database name the configured store should use.
FRONTEND_OCS_STAT_CACHE_TABLE	string		The database table the store should use.
OCIS_CACHE_TTL FRONTEND_OCS_STAT_CACHE_TTL	Duration	5m0s	Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details.
OCIS_CACHE_SIZE FRONTEND_OCS_STAT_CACHE_SIZE	int	0	Max number of entries to hold in the cache.
OCIS_CACHE_DISABLE_PERSISTENCE FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE	bool	false	Disable persistence of the cache. Only applies when using the ’nats-js-kv’ store type. Defaults to false.
OCIS_CACHE_AUTH_USERNAME FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME	string		The username to use for authentication. Only applies when using the ’nats-js-kv’ store type.
OCIS_CACHE_AUTH_PASSWORD FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD	string		The password to use for authentication. Only applies when using the ’nats-js-kv’ store type.
FRONTEND_OCS_ENABLE_DENIALS	bool	false	EXPERIMENTAL: enable the feature to deny access on folders.
FRONTEND_OCS_LIST_OCM_SHARES	bool	true	Include OCM shares when listing shares. See the OCM service documentation for more details.
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD	bool	true	Set this to true if you want to enforce passwords on all public shares.
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD	bool	false	Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for ‘passwords on all public shares’ is set to false.
FRONTEND_OCS_INCLUDE_OCM_SHAREES	bool	false	Include OCM sharees when listing sharees.
OCIS_SHOW_USER_EMAIL_IN_RESULTS	bool	false	Mask user email addresses in responses.
FRONTEND_CHECKSUMS_SUPPORTED_TYPES	[]string	[sha1 md5 adler32]	A list of checksum types that indicate to clients which hashes the server can use to verify upload integrity. Supported types are ‘sha1’, ‘md5’ and ‘adler32’. See the Environment Variable Types description for more details.
FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE	string	sha1	The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.
FRONTEND_READONLY_USER_ATTRIBUTES	[]string	[]	A list of user attributes to indicate as read-only. Supported values: ‘user.onPremisesSamAccountName’ (username), ‘user.displayName’, ‘user.mail’, ‘user.passwordProfile’ (password), ‘user.appRoleAssignments’ (role), ‘user.memberOf’ (groups), ‘user.accountEnabled’ (login allowed), ‘drive.quota’ (quota). See the Environment Variable Types description for more details.
OCIS_LDAP_SERVER_WRITE_ENABLED FRONTEND_LDAP_SERVER_WRITE_ENABLED	bool	true	Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to ’true’ when keeping default settings for the LDAP user and group attribute types (the ‘OCIS_LDAP_USER_SCHEMA_* and ‘OCIS_LDAP_GROUP_SCHEMA_* variables).
FRONTEND_FULL_TEXT_SEARCH_ENABLED	bool	false	Set to true to signal the web client that full-text search is enabled.
OCIS_EVENTS_ENDPOINT FRONTEND_EVENTS_ENDPOINT	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
OCIS_EVENTS_CLUSTER FRONTEND_EVENTS_CLUSTER	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
OCIS_INSECURE FRONTEND_EVENTS_TLS_INSECURE	bool	false	Whether to verify the server TLS certificates.
FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE	string		The root CA certificate used to validate the server’s TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false.
OCIS_EVENTS_ENABLE_TLS FRONTEND_EVENTS_ENABLE_TLS	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_USERNAME FRONTEND_EVENTS_AUTH_USERNAME	string		The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
OCIS_EVENTS_AUTH_PASSWORD FRONTEND_EVENTS_AUTH_PASSWORD	string		The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
FRONTEND_AUTO_ACCEPT_SHARES	bool	true	Defines if shares should be auto accepted by default. Users can change this setting individually in their profile.
OCIS_SERVICE_ACCOUNT_ID FRONTEND_SERVICE_ACCOUNT_ID	string		The ID of the service account the service should use. See the ‘auth-service’ service description for more details.
OCIS_SERVICE_ACCOUNT_SECRET FRONTEND_SERVICE_ACCOUNT_SECRET	string		The service account secret.
OCIS_PASSWORD_POLICY_DISABLED FRONTEND_PASSWORD_POLICY_DISABLED	bool	false	Disable the password policy. Defaults to false if not set.
OCIS_PASSWORD_POLICY_MIN_CHARACTERS FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS	int	8	Define the minimum password length. Defaults to 8 if not set.
OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS	int	1	Define the minimum number of uppercase letters. Defaults to 1 if not set.
OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS	int	1	Define the minimum number of lowercase letters. Defaults to 1 if not set.
OCIS_PASSWORD_POLICY_MIN_DIGITS FRONTEND_PASSWORD_POLICY_MIN_DIGITS	int	1	Define the minimum number of digits. Defaults to 1 if not set.
OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS	int	1	Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST	string		Path to the ‘banned passwords list’ file. See the documentation for more details.