Sharing Service Configuration
Event Bus Configuration
The Infinite Scale event bus can be configured by a set of environment variables.
|
Note that for each global environment variable, a service-based one might be available additionally. For precedences see Environment Variable Notes. Check the configuration section below.
Without the aim of completeness, see the list of environment variables to configure the event bus:
| Envvar | Description |
|---|---|
|
The address of the event system. |
|
The clusterID of the event system. Mandatory when using NATS as event system. |
|
Enable TLS for the connection to the events broker. |
|
Whether to verify the server TLS certificates. |
|
The username to authenticate with the events broker. |
|
The password to authenticate with the events broker. |
Configuration
Environment Variables
The sharing service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.
| Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
|---|---|---|---|
Resharing will be removed in the future. |
5.0 |
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9151 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9150 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
string |
127.0.0.1:9233 |
The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. |
|
string |
ocis-cluster |
The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. |
|
bool |
false |
Whether to verify the server TLS certificates. |
|
string |
|
The root CA certificate used to validate the server’s TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false. |
|
bool |
false |
Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. |
|
string |
|
Username for the events broker. |
|
string |
|
Password for the events broker. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Changing this value is NOT supported. Enables the support for resharing. |
|
string |
jsoncs3 |
Driver to be used to persist shares. Supported values are 'jsoncs3', 'json', 'cs3' (deprecated) and 'owncloudsql'. |
|
string |
com.owncloud.api.storage-system |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
int |
0 |
TTL for the internal caches in seconds. |
|
string |
/var/lib/ocis/storage/shares.json |
Path to the JSON file where shares will be persisted. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage. |
|
string |
com.owncloud.api.storage-system |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
string |
owncloud |
Username for the database. |
|
string |
|
Password for the database. |
|
string |
mysql |
Hostname or IP of the database server. |
|
int |
3306 |
Port that the database server is listening on. |
|
string |
owncloud |
Name of the database to be used. |
|
string |
|
Mount ID of the ownCloudSQL users storage for mapping ownCloud 10 shares. |
|
string |
jsoncs3 |
Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated). |
|
string |
/var/lib/ocis/storage/publicshares.json |
Path to the JSON file where public share meta-data will be stored. This JSON file contains the information about public shares that have been created. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage. |
|
string |
com.owncloud.api.storage-system |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
string |
com.owncloud.api.storage-system |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
bool |
false |
Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in the frontend service. |
|
bool |
true |
Set this to true if you want to enforce passwords on all public shares. |
|
bool |
false |
Disable the password policy. Defaults to false if not set. |
|
int |
8 |
Define the minimum password length. Defaults to 8 if not set. |
|
int |
1 |
Define the minimum number of uppercase letters. Defaults to 1 if not set. |
|
int |
1 |
Define the minimum number of lowercase letters. Defaults to 1 if not set. |
|
int |
1 |
Define the minimum number of digits. Defaults to 1 if not set. |
|
int |
1 |
Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set. |
|
string |
|
Path to the 'banned passwords list' file. See the documentation for more details. |
YAML Example
-
Note that the filename shown below has been chosen on purpose.
-
See the Configuration File Naming for details when setting up your own configuration.
-
See the Notes for Environment Variables if you want to use environment variables in the yaml file.
# Autogenerated
# Filename: sharing-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9151
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9150
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: com.owncloud.api.gateway
tls:
mode: ""
cacert: ""
events:
endpoint: 127.0.0.1:9233
cluster: ocis-cluster
tls_insecure: false
tls_root_ca_cert_path: ""
enable_tls: false
auth_username: ""
auth_password: ""
skip_user_groups_in_token: false
enable_resharing: true
user_sharing_driver: jsoncs3
user_sharing_drivers:
jsoncs3:
provider_addr: com.owncloud.api.storage-system
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
cache_ttl: 0
json:
file: /var/lib/ocis/storage/shares.json
cs3:
provider_addr: com.owncloud.api.storage-system
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
owncloudsql:
db_username: owncloud
db_password: ""
db_host: mysql
db_port: 3306
db_name: owncloud
user_storage_mount_id: ""
public_sharing_driver: jsoncs3
public_sharing_drivers:
json:
file: /var/lib/ocis/storage/publicshares.json
jsoncs3:
provider_addr: com.owncloud.api.storage-system
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
cs3:
provider_addr: com.owncloud.api.storage-system
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
public_sharing_writeableshare_must_have_password: false
public_sharing_share_must_have_password: true
enable_expired_shares_cleanup: true
password_policy:
min_characters: 8
min_lowercase_characters: 1
min_uppercase_characters: 1
min_digits: 1
min_special_characters: 1
banned_passwords_list: ""