Environment Variables with Special Scopes

Table of Contents

Introduction
Special Environment Variables
Extended Environment Variables
Global Environment Variables

Introduction

Some environment variables have a special, extended or global scope. Variables with special scope are related to a deployment menthod only. Variables with an extended scope do not directly configure services but functions underneath. Variables with a global scope can configure more than one service.

Examples:

The global environment variable OCIS_LOG_LEVEL is available in multiple services.
The extended environment variable OCIS_CONFIG_DIR can be used with ocis init.
The special environment variable OCIS_RUN_SERVICES is only available with a binary deployment.

Special Environment Variables

The following environment variables are only available with the Binary Setup and do not have any dependency to a release:

all releases

Name Description

Name	Description
`OCIS_RUN_SERVICES`	A comma-separated list of service names. Will start only the listed services.
`OCIS_EXCLUDE_RUN_SERVICES`	A comma-separated list of service names. Will start all services except for the ones listed. Has no effect when OCIS_RUN_SERVICES is set.

OCIS_RUN_SERVICES

A comma-separated list of service names. Will start only the listed services.

OCIS_EXCLUDE_RUN_SERVICES

A comma-separated list of service names. Will start all services except for the ones listed. Has no effect when OCIS_RUN_SERVICES is set.

Extended Environment Variables

The extended variables are defined in the following way:

latest
2.0.0

Environment variables with extended scope not included in a service
Name	Type	Default Value	Description
`MICRO_LOG_LEVEL`	string	Error	Set the log level for the internal go micro framework. Only change on supervision of ownCloud Support.
`MICRO_LOG_LEVEL`
`MICRO_LOG_LEVEL`
`MICRO_REGISTRY`	string		Go micro registry type to use. Supported types are: 'nats', 'kubernetes', 'etcd', 'consul' and 'memory'. Will be selected automatically. Only change on supervision of ownCloud Support.
`MICRO_REGISTRY_ADDRESS`	string		The bind address of the internal go micro framework. Only change on supervision of ownCloud Support.
`OCIS_BASE_DATA_PATH`	string	'/var/lib/ocis' or '$HOME/.ocis/'	The base directory location used by several services and for user data. Predefined to '/var/lib/ocis' for container images (inside the container) or '$HOME/.ocis/' for binary releases. Services can have, if available, an individual setting with an own environment variable.
`OCIS_CONFIG_DIR`	string	'/etc/ocis' or '$HOME/.ocis/config'	The default directory location for config files. Predefined to '/etc/ocis' for container images (inside the container) or '$HOME/.ocis/config' for binary releases.

Environment variables with extended scope not included in a service
Name	Type	Default Value	Description
`MICRO_LOG_LEVEL`	string	Error	Set the log level for the internal go micro framework. Only change on supervision of ownCloud Support.
`MICRO_REGISTRY`	string		Go micro registry type to use. Supported types are: 'nats', 'kubernetes', 'etcd', 'consul' and 'memory'. Will be selected automatically. Only change on supervision of ownCloud Support.
`MICRO_REGISTRY_ADDRESS`	string		The bind address of the internal go micro framework. Only change on supervision of ownCloud Support.
`OCIS_BASE_DATA_PATH`	string	'/var/lib/ocis' or '$HOME/.ocis/'	The base directory location used by several services and for user data. Predefined to '/var/lib/ocis' for container images (inside the container) or '$HOME/.ocis/' for binary releases. Services can have, if available, an individual setting with an own environment variable.
`OCIS_CONFIG_DIR`	string	'/etc/ocis' or '$HOME/.ocis/config'	The default directory location for config files. Predefined to '/etc/ocis' for container images (inside the container) or '$HOME/.ocis/config' for binary releases.

Global Environment Variables

The global variables are defined in the following way:

latest
2.0.0

Environment variables with global scope available in multiple services
Name	Services	Type	Default Value	Description
`ACCOUNTS_DEMO_USERS_AND_GROUPS`	idm settings	bool	false	Flag to enable or disable the creation of the demo users.
`LDAP_BIND_DN`	auth-basic graph groups idp users	string	uid=libregraph,ou=sysusers,o=libregraph-idm	LDAP DN to use for simple bind authentication with the target LDAP server.
`LDAP_BIND_PASSWORD`	auth-basic graph groups idp users	string		Password to use for authenticating the 'bind_dn'.
`LDAP_CACERT`	auth-basic graph groups idp users	string	~/.ocis/idm/ldap.crt	Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm.
`LDAP_GROUP_BASE_DN`	auth-basic graph groups users	string	ou=groups,o=libregraph-idm	Search base DN for looking up LDAP groups.
`LDAP_GROUP_FILTER`	auth-basic graph groups users	string		LDAP filter to add to the default filters for group searches.
`LDAP_GROUP_OBJECTCLASS`	auth-basic graph groups users	string	groupOfNames	The object class to use for groups in the default group search filter ('groupOfNames').
`LDAP_GROUP_SCHEMA_DISPLAYNAME`	auth-basic groups users	string	cn	LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).
`LDAP_GROUP_SCHEMA_GROUPNAME`	auth-basic graph groups users	string	cn	LDAP Attribute to use for the name of groups.
`LDAP_GROUP_SCHEMA_ID`	auth-basic graph groups users	string	owncloudUUID	LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID.
`LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`	auth-basic groups users	bool	false	Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID’s.
`LDAP_GROUP_SCHEMA_MAIL`	auth-basic groups users	string	mail	LDAP Attribute to use for the email address of groups (can be empty).
`LDAP_GROUP_SCHEMA_MEMBER`	auth-basic groups users	string	member	LDAP Attribute that is used for group members.
`LDAP_GROUP_SCOPE`	auth-basic graph groups users	string	sub	LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'.
`LDAP_INSECURE`	auth-basic graph groups idp users	bool	false	Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
`LDAP_URI`	auth-basic graph groups idp users	string	ldaps://localhost:9235	URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'
`LDAP_USER_BASE_DN`	auth-basic graph groups idp users	string	ou=users,o=libregraph-idm	Search base DN for looking up LDAP users.
`LDAP_USER_FILTER`	auth-basic graph groups idp users	string		LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
`LDAP_USER_OBJECTCLASS`	auth-basic graph groups idp users	string	inetOrgPerson	The object class to use for users in the default user search filter ('inetOrgPerson').
`LDAP_USER_SCHEMA_DISPLAYNAME`	auth-basic groups users	string	displayname	LDAP Attribute to use for the displayname of users.
`LDAP_USER_SCHEMA_ID`	auth-basic graph groups idp users	string	owncloudUUID	LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.
`LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`	auth-basic groups users	bool	false	Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID’s.
`LDAP_USER_SCHEMA_MAIL`	auth-basic graph groups idp users	string	mail	LDAP Attribute to use for the email address of users.
`LDAP_USER_SCHEMA_USERNAME`	auth-basic graph groups idp users	string	uid	LDAP Attribute to use for username of users.
`LDAP_USER_SCOPE`	auth-basic graph groups idp users	string	sub	LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'.
`OCIS_ADMIN_USER_ID`	idm settings	string		ID of the user that should receive admin privileges.
`OCIS_CACHE_STORE_ADDRESS`	gateway graph ocs storage-users	string		A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd"
`OCIS_CACHE_STORE_SIZE`	graph ocs	int	0	Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely.
`OCIS_CACHE_STORE_TYPE`	gateway graph ocs storage-users	string		The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory"
`OCIS_CORS_ALLOW_CREDENTIALS`	frontend ocs settings webdav	bool	true	Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.
`OCIS_CORS_ALLOW_HEADERS`	frontend ocs settings webdav	[]string	[Authorization Origin Content-Type Accept X-Requested-With]	A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
`OCIS_CORS_ALLOW_METHODS`	frontend ocs settings webdav	[]string	[GET POST PUT PATCH DELETE OPTIONS]	A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method
`OCIS_CORS_ALLOW_ORIGINS`	frontend ocs settings webdav	[]string	[*]	A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
`OCIS_EVENTS_ENABLE_TLS`	audit graph nats notifications postprocessing search sharing storage-users	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`OCIS_GRPC_CLIENT_TLS_CACERT`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph graph groups idp notifications ocdav proxy proxy search search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users webdav	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`OCIS_GRPC_CLIENT_TLS_MODE`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph graph groups idp notifications ocdav proxy proxy search search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users webdav	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.
`OCIS_GRPC_TLS_CERTIFICATE`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	string		Path/File name of the TLS server certificate (in PEM format) for the grpc services.
`OCIS_GRPC_TLS_ENABLED`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	bool	false	Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.
`OCIS_GRPC_TLS_KEY`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.
`OCIS_HTTP_TLS_CERTIFICATE`	graph ocs settings thumbnails web webdav	string		Path/File name of the TLS server certificate (in PEM format) for the http services.
`OCIS_HTTP_TLS_ENABLED`	graph ocs settings thumbnails web webdav	bool	false	Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.
`OCIS_HTTP_TLS_KEY`	graph ocs settings thumbnails web webdav	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.
`OCIS_INSECURE`	audit auth-bearer frontend frontend graph nats notifications ocdav postprocessing proxy search search sharing storage-users thumbnails thumbnails	bool	false	Whether to verify the server TLS certificates.
`OCIS_JWT_SECRET`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups ocdav ocs proxy settings sharing storage-publiclink storage-shares storage-system storage-users users	string		The secret to mint and validate jwt tokens.
`OCIS_LOG_COLOR`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs postprocessing proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates colorized log output.
`OCIS_LOG_FILE`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs postprocessing proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The path to the log file. Activates logging to this file if set.
`OCIS_LOG_LEVEL`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs postprocessing proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".
`OCIS_LOG_PRETTY`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs postprocessing proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates pretty log output.
`OCIS_MACHINE_AUTH_API_KEY`	auth-machine frontend idp notifications ocdav proxy search	string		The machine auth API key used to validate internal requests necessary to access resources from other services.
`OCIS_OIDC_ISSUER`	auth-basic auth-bearer groups idp proxy users web	string	https://localhost:9200	The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
`OCIS_SYSTEM_USER_API_KEY`	settings sharing sharing sharing sharing storage-system	string		API key for the STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_ID`	settings sharing sharing sharing sharing storage-system	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP`	settings sharing sharing sharing sharing	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_TRACING_COLLECTOR`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_TRACING_ENABLED`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates tracing.
`OCIS_TRACING_ENDPOINT`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The endpoint of the tracing agent.
`OCIS_TRACING_TYPE`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.
`OCIS_URL`	app-provider auth-basic auth-bearer frontend gateway graph groups idp notifications ocdav proxy users web web web webdav	string	https://localhost:9200	The public facing URL of WebDAV.
`REVA_GATEWAY`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idp notifications ocdav proxy search sharing storage-publiclink storage-shares storage-system storage-users thumbnails users webdav	string	127.0.0.1:9142	The CS3 gateway endpoint.
`STORAGE_TRANSFER_SECRET`	frontend gateway	string		Transfer secret for signing file up- and download requests.
`STORAGE_USERS_OCIS_ASYNC_UPLOADS`	search storage-users	bool	false	Enable asynchronous file uploads.

Environment variables with global scope available in multiple services
Name	Services	Type	Default Value	Description
`ACCOUNTS_DEMO_USERS_AND_GROUPS`	idm settings	bool	false	The default role assignments the demo users should be setup.
`LDAP_BIND_DN`	auth-basic graph groups idp users	string	uid=reva,ou=sysusers,o=libregraph-idm	LDAP DN to use for simple bind authentication with the target LDAP server.
`LDAP_BIND_PASSWORD`	auth-basic graph groups idp users	string		Password to use for authenticating the 'bind_dn'.
`LDAP_CACERT`	auth-basic graph groups idp users	string	~/.ocis/idm/ldap.crt	Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm.
`LDAP_GROUP_BASE_DN`	auth-basic graph groups users	string	ou=groups,o=libregraph-idm	Search base DN for looking up LDAP groups.
`LDAP_GROUP_FILTER`	auth-basic graph groups users	string		LDAP filter to add to the default filters for group searches.
`LDAP_GROUP_OBJECTCLASS`	auth-basic graph groups users	string	groupOfNames	The object class to use for groups in the default group search filter ('groupOfNames').
`LDAP_GROUP_SCHEMA_DISPLAYNAME`	auth-basic groups users	string	cn	LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).
`LDAP_GROUP_SCHEMA_GROUPNAME`	auth-basic graph groups users	string	cn	LDAP Attribute to use for the name of groups.
`LDAP_GROUP_SCHEMA_ID`	auth-basic graph groups users	string	ownclouduuid	LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID).
`LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING`	auth-basic groups users	bool	false	Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs.
`LDAP_GROUP_SCHEMA_MAIL`	auth-basic groups users	string	mail	LDAP Attribute to use for the email address of groups (can be empty).
`LDAP_GROUP_SCHEMA_MEMBER`	auth-basic groups users	string	member	LDAP Attribute that is used for group members.
`LDAP_GROUP_SCOPE`	auth-basic graph groups users	string	sub	LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'.
`LDAP_INSECURE`	auth-basic graph groups idp users	bool	false	Disable TLS certificate validation for the LDAP connections. Do not set this in production environments.
`LDAP_URI`	auth-basic graph groups idp users	string	ldaps://localhost:9235	URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'
`LDAP_USER_BASE_DN`	auth-basic graph groups idp users	string	ou=users,o=libregraph-idm	Search base DN for looking up LDAP users.
`LDAP_USER_FILTER`	auth-basic graph groups idp users	string		LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
`LDAP_USER_OBJECTCLASS`	auth-basic graph groups idp users	string	inetOrgPerson	The object class to use for users in the default user search filter ('inetOrgPerson').
`LDAP_USER_SCHEMA_DISPLAYNAME`	auth-basic groups users	string	displayname	LDAP Attribute to use for the displayname of users.
`LDAP_USER_SCHEMA_ID`	auth-basic graph groups idp users	string	ownclouduuid	LDAP Attribute to use as the unique id for users. This should be a stable globally unique ID like a UUID.
`LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`	auth-basic groups users	bool	false	Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.
`LDAP_USER_SCHEMA_MAIL`	auth-basic graph groups idp users	string	mail	LDAP Attribute to use for the email address of users.
`LDAP_USER_SCHEMA_USERNAME`	auth-basic graph groups idp users	string	uid	LDAP Attribute to use for username of users.
`LDAP_USER_SCOPE`	auth-basic graph groups idp users	string	sub	LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'.
`OCIS_ADMIN_USER_ID`	idm settings	string		ID of the user that should receive admin privileges.
`OCIS_CACHE_STORE_ADDRESS`	gateway graph ocs storage-users	[]string	[]	Node addresses to use for the cache store.
`OCIS_CACHE_STORE_SIZE`	graph ocs	int	0	Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely.
`OCIS_CACHE_STORE_TYPE`	gateway graph ocs storage-users	string	memory	Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
`OCIS_CORS_ALLOW_CREDENTIALS`	frontend ocs settings webdav	bool	true	Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.
`OCIS_CORS_ALLOW_HEADERS`	frontend ocs settings webdav	[]string	[Authorization Origin Content-Type Accept X-Requested-With]	A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
`OCIS_CORS_ALLOW_METHODS`	frontend ocs settings webdav	[]string	[GET POST PUT PATCH DELETE OPTIONS]	A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method
`OCIS_CORS_ALLOW_ORIGINS`	frontend ocs settings webdav	[]string	[*]	A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
`OCIS_EVENTS_ENABLE_TLS`	audit graph nats notifications search sharing storage-users	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`OCIS_GRPC_CLIENT_TLS_CACERT`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph graph groups idp notifications ocdav ocs ocs proxy proxy search search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users webdav	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`OCIS_GRPC_CLIENT_TLS_MODE`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph graph groups idp notifications ocdav ocs ocs proxy proxy search search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users webdav	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.
`OCIS_GRPC_TLS_CERTIFICATE`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	string		Path/File name of the TLS server certificate (in PEM format) for the grpc services.
`OCIS_GRPC_TLS_ENABLED`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	bool	false	Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.
`OCIS_GRPC_TLS_KEY`	app-provider app-registry auth-basic auth-bearer auth-machine gateway groups search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.
`OCIS_HTTP_TLS_CERTIFICATE`	graph ocs settings thumbnails web webdav	string		Path/File name of the TLS server certificate (in PEM format) for the http services.
`OCIS_HTTP_TLS_ENABLED`	graph ocs settings thumbnails web webdav	bool	false	Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.
`OCIS_HTTP_TLS_KEY`	graph ocs settings thumbnails web webdav	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.
`OCIS_INSECURE`	audit auth-bearer frontend frontend graph nats notifications ocdav proxy search sharing storage-users thumbnails thumbnails	bool	false	Whether to verify the server TLS certificates.
`OCIS_JWT_SECRET`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups ocdav ocs proxy settings sharing storage-publiclink storage-shares storage-system storage-users users	string		The secret to mint and validate jwt tokens.
`OCIS_LOG_COLOR`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates colorized log output.
`OCIS_LOG_FILE`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The path to the log file. Activates logging to this file if set.
`OCIS_LOG_LEVEL`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".
`OCIS_LOG_PRETTY`	app-provider app-registry audit auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp nats notifications ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates pretty log output.
`OCIS_MACHINE_AUTH_API_KEY`	auth-machine frontend idp notifications ocdav ocs proxy search	string		Machine auth API key used to validate internal requests necessary for the access to resources from other services.
`OCIS_OIDC_ISSUER`	auth-basic auth-bearer groups idp ocs proxy users web	string	https://localhost:9200	The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
`OCIS_SYSTEM_USER_API_KEY`	settings sharing sharing sharing sharing storage-system	string		API key for the STORAGE-SYSTEM system user.
`OCIS_SYSTEM_USER_ID`	settings sharing sharing sharing sharing storage-system	string		ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.
`OCIS_SYSTEM_USER_IDP`	settings sharing sharing sharing sharing	string	internal	IDP of the oCIS STORAGE-SYSTEM system user.
`OCIS_TRACING_COLLECTOR`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_TRACING_ENABLED`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	bool	false	Activates tracing.
`OCIS_TRACING_ENDPOINT`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The endpoint of the tracing agent.
`OCIS_TRACING_TYPE`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idm idp ocdav ocs proxy search settings sharing storage-publiclink storage-shares storage-system storage-users store thumbnails users web webdav	string		The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.
`OCIS_URL`	app-provider auth-basic auth-bearer frontend gateway graph groups idp notifications ocdav ocs proxy users web web web webdav	string	https://localhost:9200	The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider.
`REVA_GATEWAY`	app-provider app-registry auth-basic auth-bearer auth-machine frontend gateway graph groups idp notifications ocdav ocs proxy search sharing storage-publiclink storage-shares storage-system storage-users thumbnails users webdav	string	127.0.0.1:9142	The CS3 gateway endpoint.
`STORAGE_TRANSFER_SECRET`	frontend gateway	string		The storage transfer secret.