Sharing Service Configuration

Table of Contents

Introduction
Default Values
Passwords
Event Bus Configuration
Configuration
- Environment Variables
- YAML Example

Introduction

The Infinite Scale Sharing service

Default Values

Sharing listens on port 9150 by default.

Passwords

For details on password management see the Passwords documentation.

Event Bus Configuration

The Infinite Scale event bus can be configured by a set of environment variables.

If you are using a binary installation as described in Minimal Bare Metal Deployment or Bare Metal with systemd, the address of the event bus OCIS_EVENTS_ENDPOINT is predefined as localhost address without the need for further configuration, but changeable on demand.
In case of an orchestrated installation like with Docker or Kubernetes, the event bus must be an external service for scalability like a Redis Sentinel cluster or a key-value-store NATS JetStream. Both named stores are supported and also used in Caching and Persistence. The store used is not part of the Infinite Scale installation and must be separately provided and configured.
Note that from a configuration point of view, caching and persistence are independent of the event bus configuration.

Note that for each global environment variable, a service-based one might be available additionally. For precedences see Environment Variable Notes. Check the configuration section below.

Without the aim of completeness, see the list of environment variables to configure the event bus:

Envvar Description

Envvar	Description
`OCIS_EVENTS_ENDPOINT`	The address of the event system.
`OCIS_EVENTS_CLUSTER`	The clusterID of the event system. Mandatory when using NATS as event system.
`OCIS_EVENTS_ENABLE_TLS`	Enable TLS for the connection to the events broker.
`OCIS_INSECURE`	Whether to verify the server TLS certificates.
`OCIS_EVENTS_AUTH_USERNAME`	The username to authenticate with the events broker.
`OCIS_EVENTS_AUTH_PASSWORD`	The password to authenticate with the events broker.

OCIS_EVENTS_ENDPOINT

The address of the event system.

OCIS_EVENTS_CLUSTER

The clusterID of the event system. Mandatory when using NATS as event system.

OCIS_EVENTS_ENABLE_TLS

Enable TLS for the connection to the events broker.

OCIS_INSECURE

Whether to verify the server TLS certificates.

OCIS_EVENTS_AUTH_USERNAME

The username to authenticate with the events broker.

OCIS_EVENTS_AUTH_PASSWORD

The password to authenticate with the events broker.

Configuration

Environment Variables

The sharing service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.

5.0.9

Deprecation notes for the sharing service
Deprecation Info	Deprecation Version	Removal Version	Deprecation Replacement
Resharing will be removed in the future.	5.0

Environment variables for the sharing service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `SHARING_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `SHARING_TRACING_TYPE`	string		The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.
`OCIS_TRACING_ENDPOINT` `SHARING_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `SHARING_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `SHARING_LOG_LEVEL`	string		The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.
`OCIS_LOG_PRETTY` `SHARING_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `SHARING_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `SHARING_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`SHARING_DEBUG_ADDR`	string	127.0.0.1:9151	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`SHARING_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`SHARING_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`SHARING_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`SHARING_GRPC_ADDR`	string	127.0.0.1:9150	The bind address of the GRPC service.
`SHARING_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GRPC service.
`OCIS_JWT_SECRET` `SHARING_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`OCIS_REVA_GATEWAY`	string	com.owncloud.api.gateway	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`OCIS_EVENTS_ENDPOINT` `SHARING_EVENTS_ENDPOINT`	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_CLUSTER` `SHARING_EVENTS_CLUSTER`	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
`OCIS_INSECURE` `SHARING_EVENTS_TLS_INSECURE`	bool	false	Whether to verify the server TLS certificates.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE`	string		The root CA certificate used to validate the server’s TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_EVENTS_ENABLE_TLS` `SHARING_EVENTS_ENABLE_TLS`	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.
`OCIS_EVENTS_AUTH_USERNAME` `SHARING_EVENTS_AUTH_USERNAME`	string		Username for the events broker.
`OCIS_EVENTS_AUTH_PASSWORD` `SHARING_EVENTS_AUTH_PASSWORD`	string		Password for the events broker.
`SHARING_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`OCIS_ENABLE_RESHARING` `SHARING_ENABLE_RESHARING` Deprecation Note	bool	true	Changing this value is NOT supported. Enables the support for resharing.
`SHARING_USER_DRIVER`	string	jsoncs3	Driver to be used to persist shares. Supported values are 'jsoncs3', 'json', 'cs3' (deprecated) and 'owncloudsql'.
`SHARING_USER_JSONCS3_PROVIDER_ADDR`	string	com.owncloud.api.storage-system	GRPC address of the STORAGE-SYSTEM service.
`OCIS_SYSTEM_USER_ID` `SHARING_USER_JSONCS3_SYSTEM_USER_ID`	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP` `SHARING_USER_JSONCS3_SYSTEM_USER_IDP`	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_API_KEY` `SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY`	string		API key for the STORAGE-SYSTEM system user.
`SHARING_USER_JSONCS3_CACHE_TTL`	int	0	TTL for the internal caches in seconds.
`SHARING_USER_JSON_FILE`	string	/var/lib/ocis/storage/shares.json	Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage.
`SHARING_USER_CS3_PROVIDER_ADDR`	string	com.owncloud.api.storage-system	GRPC address of the STORAGE-SYSTEM service.
`OCIS_SYSTEM_USER_ID` `SHARING_USER_CS3_SYSTEM_USER_ID`	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP` `SHARING_USER_CS3_SYSTEM_USER_IDP`	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_API_KEY` `SHARING_USER_CS3_SYSTEM_USER_API_KEY`	string		API key for the STORAGE-SYSTEM system user.
`SHARING_USER_OWNCLOUDSQL_DB_USERNAME`	string	owncloud	Username for the database.
`SHARING_USER_OWNCLOUDSQL_DB_PASSWORD`	string		Password for the database.
`SHARING_USER_OWNCLOUDSQL_DB_HOST`	string	mysql	Hostname or IP of the database server.
`SHARING_USER_OWNCLOUDSQL_DB_PORT`	int	3306	Port that the database server is listening on.
`SHARING_USER_OWNCLOUDSQL_DB_NAME`	string	owncloud	Name of the database to be used.
`SHARING_USER_OWNCLOUDSQL_USER_STORAGE_MOUNT_ID`	string		Mount ID of the ownCloudSQL users storage for mapping ownCloud 10 shares.
`SHARING_PUBLIC_DRIVER`	string	jsoncs3	Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated).
`SHARING_PUBLIC_JSON_FILE`	string	/var/lib/ocis/storage/publicshares.json	Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage.
`SHARING_PUBLIC_JSONCS3_PROVIDER_ADDR`	string	com.owncloud.api.storage-system	GRPC address of the STORAGE-SYSTEM service.
`OCIS_SYSTEM_USER_ID` `SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID`	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP` `SHARING_PUBLIC_JSONCS3_SYSTEM_USER_IDP`	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_API_KEY` `SHARING_PUBLIC_JSONCS3_SYSTEM_USER_API_KEY`	string		API key for the STORAGE-SYSTEM system user.
`SHARING_PUBLIC_CS3_PROVIDER_ADDR`	string	com.owncloud.api.storage-system	GRPC address of the STORAGE-SYSTEM service.
`OCIS_SYSTEM_USER_ID` `SHARING_PUBLIC_CS3_SYSTEM_USER_ID`	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP` `SHARING_PUBLIC_CS3_SYSTEM_USER_IDP`	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_API_KEY` `SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY`	string		API key for the STORAGE-SYSTEM system user.
`OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` `SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`	bool	false	Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in the frontend service.
`OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` `SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`	bool	true	Set this to true if you want to enforce passwords on all public shares.
`OCIS_PASSWORD_POLICY_DISABLED` `SHARING_PASSWORD_POLICY_DISABLED`	bool	false	Disable the password policy. Defaults to false if not set.
`OCIS_PASSWORD_POLICY_MIN_CHARACTERS` `SHARING_PASSWORD_POLICY_MIN_CHARACTERS`	int	8	Define the minimum password length. Defaults to 8 if not set.
`OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS` `SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`	int	1	Define the minimum number of uppercase letters. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS` `SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`	int	1	Define the minimum number of lowercase letters. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_DIGITS` `SHARING_PASSWORD_POLICY_MIN_DIGITS`	int	1	Define the minimum number of digits. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS` `SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`	int	1	Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST` `SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`	string		Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.

YAML Example

Note the file shown below must be renamed and placed in the correct folder according to the Configuration File Naming conventions to be effective.
See the Notes for Environment Variables if you want to use environment variables in the yaml file.

5.0.9

# Autogenerated
# Filename: sharing-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9151
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9150
  tls: null
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: com.owncloud.api.gateway
  tls:
    mode: ""
    cacert: ""
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_cert_path: ""
  enable_tls: false
  auth_username: ""
  auth_password: ""
skip_user_groups_in_token: false
enable_resharing: true
user_sharing_driver: jsoncs3
user_sharing_drivers:
  jsoncs3:
    provider_addr: com.owncloud.api.storage-system
    system_user_id: ""
    system_user_idp: internal
    system_user_api_key: ""
    cache_ttl: 0
  json:
    file: /var/lib/ocis/storage/shares.json
  cs3:
    provider_addr: com.owncloud.api.storage-system
    system_user_id: ""
    system_user_idp: internal
    system_user_api_key: ""
  owncloudsql:
    db_username: owncloud
    db_password: ""
    db_host: mysql
    db_port: 3306
    db_name: owncloud
    user_storage_mount_id: ""
public_sharing_driver: jsoncs3
public_sharing_drivers:
  json:
    file: /var/lib/ocis/storage/publicshares.json
  jsoncs3:
    provider_addr: com.owncloud.api.storage-system
    system_user_id: ""
    system_user_idp: internal
    system_user_api_key: ""
  cs3:
    provider_addr: com.owncloud.api.storage-system
    system_user_id: ""
    system_user_idp: internal
    system_user_api_key: ""
public_sharing_writeableshare_must_have_password: false
public_sharing_share_must_have_password: true
enable_expired_shares_cleanup: true
password_policy:
  min_characters: 8
  min_lowercase_characters: 1
  min_uppercase_characters: 1
  min_digits: 1
  min_special_characters: 1
  banned_passwords_list: ""