Web Service Configuration
Introduction
The web service embeds and serves the static files for the Infinite Scale web client. See the ownCloud Web description for more details.
Note that clients will respond with a connection error if the web service is not available.
The web service also provides a minimal API for branding functionality like changing the logo shown.
Custom Compiled Web Assets
If you want to use your custom compiled web client assets instead of the embedded ones, then you can do that by setting the WEB_ASSET_PATH
variable to point to your compiled files. See ownCloud Web / Getting Started and ownCloud Web / Setup with oCIS in the developer documentation for more details.
Customize the Web UI Configuration
See the Web UI documentation for how to configure theming and customization or how to embed Web into another application.
Configuration
Environment Variables
The web
service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9104 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9100 |
The bind address of the HTTP service. |
|
bool |
false |
Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. |
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the http services. |
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |
|
string |
/ |
Subdirectory that serves as the root for this HTTP service. |
|
int |
604800 |
Cache policy in seconds for ownCloud Web assets. |
|
[]string |
[*] |
A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin |
|
[]string |
[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] |
A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method |
|
[]string |
[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override] |
A blank or comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. |
|
bool |
true |
Allow credentials for CORS. See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. |
|
string |
~/.ocis/web/assets |
Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets. |
|
string |
|
Read the ownCloud Web json based configuration from this path/file. The config file takes precedence over WEB_OPTION_xxx environment variables. See the text description for more details. |
|
string |
|
Read the ownCloud Web configuration from this file path. |
|
string |
https://localhost:9200 |
Base URL to load themes from. Will be prepended to the theme path. |
|
string |
/themes/owncloud/theme.json |
Subpath/file to load the theme. Will be appended to the URL of the theme server. |
|
string |
https://localhost:9200 |
URL, where the oCIS APIs are reachable for ownCloud Web. |
|
string |
https://localhost:9200/.well-known/openid-configuration |
URL for the OIDC well-known configuration endpoint. Defaults to the oCIS API URL + '/.well-known/openid-configuration'. |
|
string |
https://localhost:9200 |
URL of the OIDC issuer. It defaults to URL of the builtin IDP. |
|
string |
web |
The OIDC client ID which ownCloud Web uses. This client needs to be set up in your IDP. Note that this setting has no effect when using the builtin IDP. |
|
string |
code |
The OIDC response type to use for authentication. |
|
string |
openid profile email |
OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc. |
|
string |
|
This value needs to point to a valid and reachable web page. The web client will trigger a redirect to that page directly after the logout action. The default value is empty and redirects to the login page. |
|
string |
|
Specifies a folder that is used when the user navigates 'home'. Navigating home gets triggered by clicking on the 'All files' menu item. The user will not be jailed in that directory, it simply serves as a default location. A static location can be provided, or variables of the user object to come up with a user specific home path can be used. This uses the twig template variable style and allows picking a value or a substring of a value of the authenticated user. Examples are '/Shares', '/{{.Id}}' and '/{{substr 0 3 .Id}}/{{.Id}'. |
|
bool |
false |
Configures whether apps and extensions should generally open in a new tab. Defaults to false. |
|
bool |
false |
Set this option to 'true' to disable previews in all the different web file listing views. This can speed up file listings in folders with many files. The only list view that is not affected by this setting is the trash bin, as it does not allow previewing at all. |
|
[]string |
[image/gif image/png image/jpeg text/plain image/tiff image/bmp image/x-ms-bmp] |
Specifies which mimeTypes will be previewed in the UI. For example to only preview jpg and text files, set this option to ['image/jpeg', 'text/plain']. |
|
bool |
false |
Set this option to 'true' to disable the feedback link in the topbar. Keeping it enabled by setting the value to 'false' or with the absence of the option, allows ownCloud to get feedback from your user base through a dedicated survey website. |
|
int |
200 |
Sets the amount of users shown as recipients in the dropdown menu when sharing resources. Default amount is 200. |
|
bool |
false |
Sets the list of the (link) shares list in the sidebar to be initially expanded. Default is a collapsed state, only showing the first three shares. |
|
bool |
false |
Set this option to 'true' if running on an EOS storage backend (https://eos-web.web.cern.ch/eos-web/) to enable its specific features. Defaults to 'false'. |
|
bool |
false |
Set this option to 'true' to hide quick actions (buttons appearing on file rows) and only show them when the user hovers over the row with his mouse. Defaults to 'false'. |
|
bool |
true |
Enable or disable fileIds being added to the URL. Defaults to 'true', because otherwise spaces with name clashes cannot be resolved correctly. Note: Only disable this if you can guarantee on the server side, that spaces of the same namespace cannot have name clashes. |
|
bool |
true |
Specifies whether the 'Read more' link should be displayed or not. |
|
string |
|
Adds a link to the user’s profile page to point him to an external page, where he can manage his session and devices. This is helpful when an external IdP is used. This option is disabled by default. |
|
bool |
true |
Specifies whether single file link shares should be opened with the default app or not. If not opened by the default app, the Web UI just displays the file details. Defaults to 'true'. |
|
string |
|
Specifies the target URL for the imprint link valid for the ocis instance in the account menu. |
|
string |
|
Specifies the target URL for the privacy link valid for the ocis instance in the account menu. |
|
string |
|
Specifies the target URL valid for the ocis instance for the generic logged out / access denied page. |
|
bool |
true |
Specifies whether the access token will be stored in the local storage when set to 'true' or in the session storage when set to 'false''. If stored in the local storage, login state will be persisted across multiple browser tabs, means no additional logins are required. Defaults to 'true'. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The bind address of the GRPC service. |
YAML Example
Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.
# Autogenerated
# Filename: web-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9104
token: ""
pprof: false
zpages: false
http:
addr: 127.0.0.1:9100
tls:
enabled: false
cert: ""
key: ""
root: /
cache_ttl: 604800
cors:
allow_origins:
- '*'
allow_methods:
- OPTIONS
- HEAD
- GET
- PUT
- PATCH
- POST
- DELETE
- MKCOL
- PROPFIND
- PROPPATCH
- MOVE
- COPY
- REPORT
- SEARCH
allow_headers:
- Origin
- Accept
- Content-Type
- Depth
- Authorization
- Ocs-Apirequest
- If-None-Match
- If-Match
- Destination
- Overwrite
- X-Request-Id
- X-Requested-With
- Tus-Resumable
- Tus-Checksum-Algorithm
- Upload-Concat
- Upload-Length
- Upload-Metadata
- Upload-Defer-Length
- Upload-Expires
- Upload-Checksum
- Upload-Offset
- X-HTTP-Method-Override
allow_credentials: true
asset:
path: ~/.ocis/web/assets
file: ""
web:
path: ""
theme_server: https://localhost:9200
theme_path: /themes/owncloud/theme.json
config:
server: https://localhost:9200
oidc:
metadata_url: https://localhost:9200/.well-known/openid-configuration
authority: https://localhost:9200
client_id: web
response_type: code
scope: openid profile email
post_logout_redirect_uri: ""
apps:
- files
- search
- text-editor
- pdf-viewer
- external
- admin-settings
applications: []
external_apps:
- id: preview
path: web-app-preview
config:
mimeTypes:
- image/tiff
- image/bmp
- image/x-ms-bmp
options:
homeFolder: ""
openAppsInTab: false
disablePreviews: false
previewFileMimeTypes:
- image/gif
- image/png
- image/jpeg
- text/plain
- image/tiff
- image/bmp
- image/x-ms-bmp
accountEditLink: null
disableFeedbackLink: false
feedbackLink: null
sharingRecipientsPerPage: 200
sidebar:
shares:
showAllOnLoad: false
runningOnEos: false
cernFeatures: false
hoverableQuickActions: false
routing:
idBased: true
upload: null
editor: null
contextHelpersReadMore: true
logoutUrl: ""
openLinksWithDefaultApp: true
imprintUrl: ""
privacyUrl: ""
accessDeniedHelpUrl: ""
tokenStorageLocal: true
styles: []
scripts: []
custom_translations: []
token_manager:
jwt_secret: ""
gateway_addr: com.owncloud.api.gateway