Environment Variables with Special Scopes
Introduction
Some environment variables have a special, extended or global scope. Variables with special scope are related to a deployment menthod only. Variables with an extended scope do not directly configure services but functions underneath. Variables with a global scope can configure more than one service.
Examples:
-
The global environment variable
OCIS_LOG_LEVEL
is available in multiple services. -
The extended environment variable
OCIS_CONFIG_DIR
can be used withocis init
. -
The special environment variable
OCIS_RUN_SERVICES
is only available with a binary deployment.
Special Environment Variables
The following environment variables are only available with the Binary Setup and do not have any dependency to a release:
Extended Environment Variables
The extended
variables are defined in the following way:
Name | Type | Default Value | Description |
---|---|---|---|
|
string |
Error |
Set the log level for the internal go micro framework. Only change on supervision of ownCloud Support. |
|
|
|
|
|
|
|
|
|
string |
|
Go micro registry type to use. Supported types are: 'nats', 'kubernetes', 'etcd', 'consul' and 'memory'. Will be selected automatically. Only change on supervision of ownCloud Support. |
|
string |
|
The bind address of the internal go micro framework. Only change on supervision of ownCloud Support. |
|
string |
'/var/lib/ocis' or '$HOME/.ocis/' |
The base directory location used by several services and for user data. Predefined to '/var/lib/ocis' for container images (inside the container) or '$HOME/.ocis/' for binary releases. Services can have, if available, an individual setting with an own environment variable. |
|
string |
'/etc/ocis' or '$HOME/.ocis/config' |
The default directory location for config files. Predefined to '/etc/ocis' for container images (inside the container) or '$HOME/.ocis/config' for binary releases. |
Name | Type | Default Value | Description |
---|---|---|---|
|
string |
Error |
Set the log level for the internal go micro framework. Only change on supervision of ownCloud Support. |
|
string |
|
Go micro registry type to use. Supported types are: 'nats', 'kubernetes', 'etcd', 'consul' and 'memory'. Will be selected automatically. Only change on supervision of ownCloud Support. |
|
string |
|
The bind address of the internal go micro framework. Only change on supervision of ownCloud Support. |
|
string |
'/var/lib/ocis' or '$HOME/.ocis/' |
The base directory location used by several services and for user data. Predefined to '/var/lib/ocis' for container images (inside the container) or '$HOME/.ocis/' for binary releases. Services can have, if available, an individual setting with an own environment variable. |
|
string |
'/etc/ocis' or '$HOME/.ocis/config' |
The default directory location for config files. Predefined to '/etc/ocis' for container images (inside the container) or '$HOME/.ocis/config' for binary releases. |
Global Environment Variables
The global
variables are defined in the following way:
Name | Services | Type | Default Value | Description |
---|---|---|---|---|
|
bool |
false |
Flag to enable or disable the creation of the demo users. |
|
|
string |
uid=libregraph,ou=sysusers,o=libregraph-idm |
LDAP DN to use for simple bind authentication with the target LDAP server. |
|
|
string |
|
Password to use for authenticating the 'bind_dn'. |
|
|
string |
~/.ocis/idm/ldap.crt |
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm. |
|
|
string |
ou=groups,o=libregraph-idm |
Search base DN for looking up LDAP groups. |
|
|
string |
|
LDAP filter to add to the default filters for group searches. |
|
|
string |
groupOfNames |
The object class to use for groups in the default group search filter ('groupOfNames'). |
|
|
string |
cn |
LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). |
|
|
string |
cn |
LDAP Attribute to use for the name of groups. |
|
|
string |
owncloudUUID |
LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID. |
|
|
bool |
false |
Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID’s. |
|
|
string |
LDAP Attribute to use for the email address of groups (can be empty). |
||
|
string |
member |
LDAP Attribute that is used for group members. |
|
|
string |
sub |
LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'. |
|
|
bool |
false |
Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. |
|
|
string |
ldaps://localhost:9235 |
URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' |
|
|
string |
ou=users,o=libregraph-idm |
Search base DN for looking up LDAP users. |
|
|
string |
|
LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. |
|
|
string |
inetOrgPerson |
The object class to use for users in the default user search filter ('inetOrgPerson'). |
|
|
string |
displayname |
LDAP Attribute to use for the displayname of users. |
|
|
string |
owncloudUUID |
LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. |
|
|
bool |
false |
Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID’s. |
|
|
string |
LDAP Attribute to use for the email address of users. |
||
|
string |
uid |
LDAP Attribute to use for username of users. |
|
|
string |
sub |
LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. |
|
|
string |
|
ID of the user that should receive admin privileges. |
|
|
string |
|
A comma-separated list of addresses to connect to. Only valid if the above setting is set to "etcd" |
|
|
int |
0 |
Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely. |
|
|
string |
|
The type of the cache store. Valid options are "noop", "ocmem", "etcd" and "memory" |
|
|
bool |
true |
Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. |
|
|
[]string |
[Authorization Origin Content-Type Accept X-Requested-With] |
A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. |
|
|
[]string |
[GET POST PUT PATCH DELETE OPTIONS] |
A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method |
|
|
[]string |
[*] |
A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin |
|
|
bool |
false |
Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.. |
|
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. |
|
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the grpc services. |
|
|
bool |
false |
Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure. |
|
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services. |
|
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the http services. |
|
|
bool |
false |
Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. |
|
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |
|
|
bool |
false |
Whether to verify the server TLS certificates. |
|
|
string |
|
The secret to mint and validate jwt tokens. |
|
|
bool |
false |
Activates colorized log output. |
|
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
|
bool |
false |
Activates pretty log output. |
|
|
string |
|
The machine auth API key used to validate internal requests necessary to access resources from other services. |
|
|
string |
https://localhost:9200 |
The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. |
|
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
|
bool |
false |
Activates tracing. |
|
|
string |
|
The endpoint of the tracing agent. |
|
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
|
string |
https://localhost:9200 |
The public facing URL of WebDAV. |
|
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
|
string |
|
Transfer secret for signing file up- and download requests. |
|
|
bool |
false |
Enable asynchronous file uploads. |
Name | Services | Type | Default Value | Description |
---|---|---|---|---|
|
bool |
false |
The default role assignments the demo users should be setup. |
|
|
string |
uid=reva,ou=sysusers,o=libregraph-idm |
LDAP DN to use for simple bind authentication with the target LDAP server. |
|
|
string |
|
Password to use for authenticating the 'bind_dn'. |
|
|
string |
~/.ocis/idm/ldap.crt |
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/idm. |
|
|
string |
ou=groups,o=libregraph-idm |
Search base DN for looking up LDAP groups. |
|
|
string |
|
LDAP filter to add to the default filters for group searches. |
|
|
string |
groupOfNames |
The object class to use for groups in the default group search filter ('groupOfNames'). |
|
|
string |
cn |
LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). |
|
|
string |
cn |
LDAP Attribute to use for the name of groups. |
|
|
string |
ownclouduuid |
LDAP Attribute to use as the unique id for groups. This should be a stable globally unique id (e.g. a UUID). |
|
|
bool |
false |
Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group IDs. |
|
|
string |
LDAP Attribute to use for the email address of groups (can be empty). |
||
|
string |
member |
LDAP Attribute that is used for group members. |
|
|
string |
sub |
LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. |
|
|
bool |
false |
Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. |
|
|
string |
ldaps://localhost:9235 |
URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' |
|
|
string |
ou=users,o=libregraph-idm |
Search base DN for looking up LDAP users. |
|
|
string |
|
LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. |
|
|
string |
inetOrgPerson |
The object class to use for users in the default user search filter ('inetOrgPerson'). |
|
|
string |
displayname |
LDAP Attribute to use for the displayname of users. |
|
|
string |
ownclouduuid |
LDAP Attribute to use as the unique id for users. This should be a stable globally unique ID like a UUID. |
|
|
bool |
false |
Set this to true if the defined 'id' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs. |
|
|
string |
LDAP Attribute to use for the email address of users. |
||
|
string |
uid |
LDAP Attribute to use for username of users. |
|
|
string |
sub |
LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. |
|
|
string |
|
ID of the user that should receive admin privileges. |
|
|
[]string |
[] |
Node addresses to use for the cache store. |
|
|
int |
0 |
Maximum number of items per table in the ocmem cache store. Other cache stores will ignore the option and can grow indefinitely. |
|
|
string |
memory |
Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd". |
|
|
bool |
true |
Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. |
|
|
[]string |
[Authorization Origin Content-Type Accept X-Requested-With] |
A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. |
|
|
[]string |
[GET POST PUT PATCH DELETE OPTIONS] |
A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method |
|
|
[]string |
[*] |
A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin |
|
|
bool |
false |
Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.. |
|
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. |
|
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the grpc services. |
|
|
bool |
false |
Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure. |
|
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services. |
|
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the http services. |
|
|
bool |
false |
Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. |
|
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |
|
|
bool |
false |
Whether to verify the server TLS certificates. |
|
|
string |
|
The secret to mint and validate jwt tokens. |
|
|
bool |
false |
Activates colorized log output. |
|
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
|
bool |
false |
Activates pretty log output. |
|
|
string |
|
Machine auth API key used to validate internal requests necessary for the access to resources from other services. |
|
|
string |
https://localhost:9200 |
The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. |
|
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
|
bool |
false |
Activates tracing. |
|
|
string |
|
The endpoint of the tracing agent. |
|
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
|
string |
https://localhost:9200 |
The identity provider value to set in the userids of the CS3 user objects for users returned by this user provider. |
|
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
|
string |
|
The storage transfer secret. |