Environment Variables with Special Scopes

Table of Contents

Introduction
Special Environment Variables
Extended Environment Variables
Global Environment Variables

Introduction

Some environment variables have a special, extended or global scope. Variables with special scope are related to a deployment method only. Variables with an extended scope do not directly configure services but functions underneath. Variables with a global scope can configure more than one service.

Examples:

The global environment variable OCIS_LOG_LEVEL is available in multiple services.
The extended environment variable OCIS_CONFIG_DIR can be used with ocis init.
The special environment variable OCIS_RUN_SERVICES defines services to start when the container is started.

Special Environment Variables

The following environment variables are only available when using a developer version for Infinite Scale. For additional information read the Start Infinite Scale documentation. Read the Environment Variable Types documentation for important details.

master + Rolling 7.1.2

Environment variables to define services when starting the container
Name	Description
`OCIS_RUN_SERVICES`	A comma-separated list of service names. Will start only the listed services.
`OCIS_EXCLUDE_RUN_SERVICES`	A comma-separated list of service names. Will start all default services except of the ones listed. Has no effect when `OCIS_RUN_SERVICES` is set.
`OCIS_ADD_RUN_SERVICES`	A comma-separated list of service names. Will add the listed services to the default configuration. Has no effect when `OCIS_RUN_SERVICES` is set. Note that one can add services not started by the default list and exclude services from the default list by using both envvars at the same time.
`OCIS_RUNTIME_PORT`	The port where the runtime will start. Defaults to 9250. Only necessary when multiple runtimes are started in parallel. Each runtime must have its own port exclusively.
`OCIS_RUNTIME_HOST`	The hostname the runtime will listen to. Defaults to `localhost`.

Note to get the current list of services started by default, you need to run ocis server without restriction which services to start and run afterwards ocis list.

Extended Environment Variables

Note, see the Registry documentation for details on the Micro Registry and their available settings.

The extended variables are defined in the following way. Read the Environment Variable Types documentation for important details. Column IV shows with which release the environment variable has been introduced.

master + Rolling 7.1.2

Environment variables with extended scope not included in a service
Name	Type	Default Value	Description
`GRPC_MAX_CONNECTION_AGE`	Duration	9223372036854775807	Timeout for GRPC connections. After timeout, a new connection will be established automatically. The default value is in ns and is about 2.5 mio h.
`MICRO_LOG_LEVEL`	string	Error	Set the log level for the internal go micro framework. Only change on supervision of ownCloud Support.
`MICRO_REGISTRY`	string	nats-js-kv	The Go micro registry type to use. Supported types are: 'memory' and 'nats-js-kv' (default). Only change on supervision of ownCloud Support.
`MICRO_REGISTRY_ADDRESS`	string	127.0.0.1:9233	The bind address of the internal go micro framework. Only change on supervision of ownCloud Support.
`MICRO_REGISTRY_AUTH_PASSWORD`	string		Optional when using nats to authenticate with the nats cluster.
`MICRO_REGISTRY_AUTH_USERNAME`	string		Optional when using nats to authenticate with the nats cluster.
`OCIS_BASE_DATA_PATH`	string		The base directory location used by several services and for user data. See the General Info section in the documentation for more details on defaults. Services can have, if available, an individual setting with an own environment variable.
`OCIS_CONFIG_DIR`	string		The default directory location for config files. See the General Info section in the documentation for more details on defaults.

Global Environment Variables

Note that the descriptions of these environment variables may differ depending on the service context.

The global variables are defined in the following way. Read the Environment Variable Types documentation for important details. Column IV shows with which release the environment variable has been introduced.

master + Rolling 7.1.2

Environment variables with global scope available in multiple services
Name	IV	Services	Type	Default Value	Description
`IDM_CREATE_DEMO_USERS`	pre5.0	idm settings	bool	false	Flag to enable or disable the creation of the demo users.
`OCIS_ADMIN_USER_ID`	pre5.0	idm settings storage-users	string		ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand.
`OCIS_ASYNC_UPLOADS`	pre5.0	search storage-users storage-users	bool	true	Enable asynchronous file uploads.
`OCIS_CACHE_AUTH_PASSWORD`	5.0	frontend gateway gateway graph ocs proxy proxy settings storage-system storage-users storage-users	string		The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.
`OCIS_CACHE_AUTH_USERNAME`	5.0	frontend gateway gateway graph ocs proxy proxy settings storage-system storage-users storage-users	string		The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured.
`OCIS_CACHE_DATABASE`	pre5.0	frontend gateway gateway proxy settings storage-system storage-users storage-users	string	cache-providers	The database name the configured store should use.
`OCIS_CACHE_DISABLE_PERSISTENCE`	5.0	frontend gateway gateway graph proxy proxy settings storage-system storage-users storage-users	bool	false	Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false.
`OCIS_CACHE_STORE`	pre5.0	frontend gateway gateway graph ocs proxy proxy settings storage-system storage-users storage-users	string	memory	The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details.
`OCIS_CACHE_STORE_NODES`	pre5.0	frontend gateway gateway graph ocs proxy proxy settings storage-system storage-users storage-users	[]string	[127.0.0.1:9233]	A list of nodes to access the configured store. This has no effect when 'memory' store are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.
`OCIS_CACHE_TTL`	pre5.0	frontend gateway gateway graph ocs proxy proxy settings storage-system storage-users storage-users	Duration	336h0m0s	Time to live for cache records in the graph. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.
`OCIS_CLAIM_MANAGED_SPACES_ENABLED`	7.2.0	frontend proxy	bool	false	Enables Space management through OIDC claims. See the text description for more details.
`OCIS_CORS_ALLOW_CREDENTIALS`	pre5.0	activitylog auth-app frontend graph invitations ocdav ocm ocs settings sse storage-users thumbnails userlog web webdav webfinger	bool	true	Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.
`OCIS_CORS_ALLOW_HEADERS`	pre5.0	activitylog auth-app frontend graph invitations ocdav ocm ocs settings sse storage-users thumbnails userlog web webdav webfinger	[]string	[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest]	A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.
`OCIS_CORS_ALLOW_METHODS`	pre5.0	activitylog auth-app frontend graph invitations ocdav ocm ocs settings sse storage-users thumbnails userlog web webdav webfinger	[]string	[GET POST DELETE]	A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.
`OCIS_CORS_ALLOW_ORIGINS`	pre5.0	activitylog auth-app frontend graph invitations ocdav ocm ocs settings sse storage-users thumbnails userlog web webdav webfinger	[]string	[*]	A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.
`OCIS_DECOMPOSEDFS_PROPAGATOR`	pre5.0	storage-users storage-users	string	sync	The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option.
`OCIS_DEFAULT_LANGUAGE`	5.0	activitylog graph notifications settings userlog	string		The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.
`OCIS_DISABLE_VERSIONING`	7.0.0	storage-users storage-users	bool	false	Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version.
`OCIS_EDITION`	pre5.0	frontend ocdav	string	Community	Edition of oCIS. Used for branding purposes.
`OCIS_ENABLE_OCM`	5.0	frontend frontend frontend frontend graph	bool	false	Include OCM sharees when listing users.
`OCIS_EVENTS_AUTH_PASSWORD`	5.0	activitylog antivirus audit clientlog eventhistory frontend graph notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	string		The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
`OCIS_EVENTS_AUTH_USERNAME`	5.0	activitylog antivirus audit clientlog eventhistory frontend graph notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	string		The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services.
`OCIS_EVENTS_CLUSTER`	pre5.0	activitylog antivirus audit clientlog eventhistory frontend graph notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_ENABLE_TLS`	pre5.0	activitylog antivirus audit clientlog eventhistory frontend graph nats notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.
`OCIS_EVENTS_ENDPOINT`	pre5.0	activitylog antivirus audit clientlog eventhistory frontend graph notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE`	pre5.0	activitylog antivirus audit clientlog eventhistory graph notifications ocm policies postprocessing proxy search sharing sse storage-users userlog	string		The root CA certificate used to validate the server’s TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_GATEWAY_GRPC_ADDR`	pre5.0	gateway storage-users	string	127.0.0.1:9142	The bind address of the GRPC service.
`OCIS_GRPC_CLIENT_TLS_CACERT`	pre5.0	app-provider app-registry auth-app auth-basic auth-bearer auth-machine auth-service frontend gateway graph groups idp notifications ocdav ocm proxy search sharing storage-publiclink storage-shares storage-system storage-users users	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`OCIS_GRPC_CLIENT_TLS_MODE`	pre5.0	app-provider app-registry auth-app auth-basic auth-bearer auth-machine auth-service frontend gateway graph groups idp notifications ocdav ocm proxy search sharing storage-publiclink storage-shares storage-system storage-users users	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.
`OCIS_GRPC_PROTOCOL`	7.0.0	app-provider app-registry auth-app auth-basic auth-bearer auth-machine auth-service collaboration gateway groups ocm sharing storage-publiclink storage-shares storage-system storage-users users	string	tcp	The transport protocol of the GRPC service.
`OCIS_HTTP_TLS_CERTIFICATE`	pre5.0	activitylog auth-app collaboration graph invitations ocs settings sse thumbnails userlog web webdav webfinger	string		Path/File name of the TLS server certificate (in PEM format) for the http services.
`OCIS_HTTP_TLS_ENABLED`	pre5.0	activitylog auth-app collaboration graph invitations ocs settings sse thumbnails userlog web webdav webfinger	bool	false	Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.
`OCIS_HTTP_TLS_KEY`	pre5.0	activitylog auth-app collaboration graph invitations ocs settings sse thumbnails userlog web webdav webfinger	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.
`OCIS_INSECURE`	pre5.0	activitylog antivirus audit auth-bearer clientlog eventhistory frontend frontend frontend graph nats notifications ocdav ocm policies postprocessing proxy proxy search search sharing sse storage-users thumbnails thumbnails userlog webfinger	bool	false	Whether to verify the server TLS certificates.
`OCIS_JWT_SECRET`	7.0.0	activitylog app-provider app-registry auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration frontend gateway graph groups invitations ocdav ocm ocs search settings sharing sse storage-publiclink storage-shares storage-system storage-users userlog users web	string		The secret to mint and validate jwt tokens.
`OCIS_KEYCLOAK_BASE_PATH`	pre5.0	graph invitations	string		The URL to access keycloak.
`OCIS_KEYCLOAK_CLIENT_ID`	pre5.0	graph invitations	string		The client id to authenticate with keycloak.
`OCIS_KEYCLOAK_CLIENT_REALM`	pre5.0	graph invitations	string		The realm the client is defined in.
`OCIS_KEYCLOAK_CLIENT_SECRET`	pre5.0	graph invitations	string		The client secret to use in authentication.
`OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY`	pre5.0	graph invitations	bool	false	Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.
`OCIS_KEYCLOAK_USER_REALM`	pre5.0	graph invitations	string		The realm users are defined.
`OCIS_LDAP_BIND_DN`	pre5.0	auth-basic graph groups idp users	string	uid=libregraph,ou=sysusers,o=libregraph-idm	LDAP DN to use for simple bind authentication with the target LDAP server.
`OCIS_LDAP_BIND_PASSWORD`	pre5.0	auth-basic graph groups idp users	string		Password to use for authenticating the 'bind_dn'.
`OCIS_LDAP_CACERT`	pre5.0	auth-basic graph groups idp users	string	/var/lib/ocis/idm/ldap.crt	Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH/idm.
`OCIS_LDAP_DISABLED_USERS_GROUP_DN`	pre5.0	auth-basic graph users	string	cn=DisabledUsersGroup,ou=groups,o=libregraph-idm	The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.
`OCIS_LDAP_DISABLE_USER_MECHANISM`	pre5.0	auth-basic graph users	string	attribute	An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'.
`OCIS_LDAP_GROUP_BASE_DN`	pre5.0	auth-basic graph groups users	string	ou=groups,o=libregraph-idm	Search base DN for looking up LDAP groups.
`OCIS_LDAP_GROUP_FILTER`	pre5.0	auth-basic graph groups users	string		LDAP filter to add to the default filters for group searches.
`OCIS_LDAP_GROUP_OBJECTCLASS`	pre5.0	auth-basic graph groups users	string	groupOfNames	The object class to use for groups in the default group search filter ('groupOfNames').
`OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME`	pre5.0	auth-basic groups users	string	cn	LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).
`OCIS_LDAP_GROUP_SCHEMA_GROUPNAME`	pre5.0	auth-basic graph groups users	string	cn	LDAP Attribute to use for the name of groups.
`OCIS_LDAP_GROUP_SCHEMA_ID`	pre5.0	auth-basic graph groups users	string	owncloudUUID	LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.
`OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`	pre5.0	auth-basic graph groups users	bool	false	Set this to true if the defined 'ID' attribute for groups is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the group ID’s.
`OCIS_LDAP_GROUP_SCHEMA_MAIL`	pre5.0	auth-basic groups users	string	mail	LDAP Attribute to use for the email address of groups (can be empty).
`OCIS_LDAP_GROUP_SCHEMA_MEMBER`	pre5.0	auth-basic graph groups users	string	member	LDAP Attribute that is used for group members.
`OCIS_LDAP_GROUP_SCOPE`	pre5.0	auth-basic graph groups users	string	sub	LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.
`OCIS_LDAP_INSECURE`	pre5.0	auth-basic graph groups idp users	bool	false	Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
`OCIS_LDAP_SERVER_WRITE_ENABLED`	pre5.0	frontend graph	bool	true	Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OCIS_LDAP_USER_SCHEMA_* and 'OCIS_LDAP_GROUP_SCHEMA_* variables).
`OCIS_LDAP_URI`	pre5.0	auth-basic graph groups idp users	string	ldaps://localhost:9235	URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'
`OCIS_LDAP_USER_BASE_DN`	pre5.0	auth-basic graph groups idp users	string	ou=users,o=libregraph-idm	Search base DN for looking up LDAP users.
`OCIS_LDAP_USER_ENABLED_ATTRIBUTE`	pre5.0	auth-basic graph idp users	string	ownCloudUserEnabled	LDAP Attribute to use as a flag telling if the user is enabled or disabled.
`OCIS_LDAP_USER_FILTER`	pre5.0	auth-basic graph groups idp users	string		LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
`OCIS_LDAP_USER_OBJECTCLASS`	pre5.0	auth-basic graph groups idp users	string	inetOrgPerson	The object class to use for users in the default user search filter ('inetOrgPerson').
`OCIS_LDAP_USER_SCHEMA_DISPLAYNAME`	pre5.0	auth-basic graph groups users	string	displayName	LDAP Attribute to use for the display name of users.
`OCIS_LDAP_USER_SCHEMA_ID`	pre5.0	auth-basic graph groups idp users	string	owncloudUUID	LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.
`OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`	pre5.0	auth-basic graph groups users	bool	false	Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID’s.
`OCIS_LDAP_USER_SCHEMA_MAIL`	pre5.0	auth-basic graph groups idp users	string	mail	LDAP Attribute to use for the email address of users.
`OCIS_LDAP_USER_SCHEMA_USERNAME`	pre5.0	auth-basic graph groups idp users	string	uid	LDAP Attribute to use for username of users.
`OCIS_LDAP_USER_SCHEMA_USER_TYPE`	pre5.0	graph users	string	ownCloudUserType	LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'.
`OCIS_LDAP_USER_SCOPE`	pre5.0	auth-basic graph groups idp users	string	sub	LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.
`OCIS_LOG_COLOR`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	bool	false	Activates colorized log output.
`OCIS_LOG_FILE`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	string		The path to the log file. Activates logging to this file if set.
`OCIS_LOG_LEVEL`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	string		The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.
`OCIS_LOG_PRETTY`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	bool	false	Activates pretty log output.
`OCIS_MACHINE_AUTH_API_KEY`	7.0.0	auth-app auth-machine frontend idp ocdav proxy storage-users	string		The machine auth API key used to validate internal requests necessary to access resources from other services.
`OCIS_MAX_CONCURRENCY`	7.0.0	frontend graph sharing storage-users storage-users userlog	int	20	The maximum number of concurrent requests the service will handle.
`OCIS_MAX_TAG_LENGTH`	7.2.0	frontend graph	int	100	Define the maximum tag length. Defaults to 100 if not set. Set to 0 to not limit the tag length. Changes only impact the validation of new tags.
`OCIS_OIDC_ISSUER`	pre5.0	auth-basic auth-bearer groups idm idp proxy users web webfinger	string	https://localhost:9200	The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
`OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`	5.0	frontend sharing	string		Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details.
`OCIS_PASSWORD_POLICY_DISABLED`	5.0	frontend sharing	bool	false	Disable the password policy. Defaults to false if not set.
`OCIS_PASSWORD_POLICY_MIN_CHARACTERS`	5.0	frontend sharing	int	8	Define the minimum password length. Defaults to 8 if not set.
`OCIS_PASSWORD_POLICY_MIN_DIGITS`	5.0	frontend sharing	int	1	Define the minimum number of digits. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`	5.0	frontend sharing	int	1	Define the minimum number of uppercase letters. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`	5.0	frontend sharing	int	1	Define the minimum number of characters from the special characters list to be present. Defaults to 1 if not set.
`OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`	5.0	frontend sharing	int	1	Define the minimum number of lowercase letters. Defaults to 1 if not set.
`OCIS_PERSISTENT_STORE`	pre5.0	activitylog collaboration eventhistory notifications postprocessing userlog	string	memory	The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details.
`OCIS_PERSISTENT_STORE_AUTH_PASSWORD`	5.0	activitylog collaboration eventhistory notifications postprocessing userlog	string		The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.
`OCIS_PERSISTENT_STORE_AUTH_USERNAME`	5.0	activitylog collaboration eventhistory notifications postprocessing userlog	string		The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.
`OCIS_PERSISTENT_STORE_NODES`	pre5.0	activitylog collaboration eventhistory notifications postprocessing userlog	[]string	[]	A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.
`OCIS_PERSISTENT_STORE_TTL`	pre5.0	activitylog collaboration eventhistory notifications postprocessing userlog	Duration	336h0m0s	Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details.
`OCIS_REVA_GATEWAY`	pre5.0	activitylog app-provider app-registry auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration frontend gateway graph groups idp notifications ocdav ocm proxy search sharing storage-publiclink storage-shares storage-system storage-users thumbnails userlog users webdav	string	com.owncloud.api.gateway	The CS3 gateway endpoint.
`OCIS_SERVICE_ACCOUNT_ID`	5.0	activitylog auth-service clientlog frontend graph notifications ocm proxy search settings storage-users userlog	string		The ID of the service account the service should use. See the 'auth-service' service description for more details.
`OCIS_SERVICE_ACCOUNT_SECRET`	5.0	activitylog auth-service clientlog frontend graph notifications ocm proxy search storage-users userlog	string		The service account secret.
`OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD`	5.0	frontend sharing	bool	true	Set this to true if you want to enforce passwords on all public shares.
`OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD`	5.0	frontend sharing	bool	false	Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares.
`OCIS_SHOW_USER_EMAIL_IN_RESULTS`	6.0.0	frontend graph	bool	false	Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses.
`OCIS_SPACES_MAX_QUOTA`	pre5.0	frontend storage-users	uint64	0	Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service.
`OCIS_SYSTEM_USER_API_KEY`	pre5.0	settings sharing sharing sharing sharing storage-system	string		API key for the STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_ID`	pre5.0	settings sharing sharing sharing sharing storage-system	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP`	pre5.0	settings sharing sharing sharing sharing	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_TRACING_COLLECTOR`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_TRACING_ENABLED`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	bool	false	Activates tracing.
`OCIS_TRACING_ENDPOINT`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	string		The endpoint of the tracing agent.
`OCIS_TRACING_TYPE`	7.0.0	activitylog antivirus app-provider app-registry audit auth-app auth-basic auth-bearer auth-machine auth-service clientlog collaboration eventhistory frontend gateway graph groups idm idp invitations nats notifications ocdav ocm ocs policies postprocessing proxy search settings sharing sse storage-publiclink storage-shares storage-system storage-users thumbnails userlog users web webdav webfinger	string		The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.
`OCIS_TRANSFER_SECRET`	pre5.0	frontend gateway	string		The storage transfer secret.
`OCIS_TRANSLATION_PATH`	7.0.0	activitylog graph notifications settings userlog	string		(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details.
`OCIS_URL`	pre5.0	app-provider auth-basic auth-bearer frontend gateway graph groups idm idp notifications ocdav proxy users web web web webdav webfinger webfinger	string	https://localhost:9200	The public facing URL of WebDAV.
`OCIS_WOPI_DISABLE_CHAT`	7.0.0	app-provider collaboration	bool	false	Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft.
`STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY`	pre5.0	storage-users storage-users	Duration	0s	The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details.
`STORAGE_USERS_PERMISSION_ENDPOINT`	pre5.0	storage-users storage-users storage-users	string	com.owncloud.api.settings	Endpoint of the permissions service. The endpoints can differ for 'ocis' and 's3ng'.