Web Service Configuration

Introduction

The web service embeds and serves the static files for the Infinite Scale web client. See the ownCloud Web description for more details.

Note that clients will respond with a connection error if the web service is not available.

The web service also provides a minimal API for branding functionality like changing the logo shown.

Default Values

  • Web listens on port 9100 by default.

Custom Compiled Web Assets

If you want to use your custom compiled web client assets instead of the embedded ones, then you can do that by setting the WEB_ASSET_PATH variable to point to your compiled files. See ownCloud Web / Getting Started and ownCloud Web / Setup with oCIS in the developer documentation for more details.

Customize the Web UI Configuration

See the Web UI documentation for how to configure theming and customization or how to embed Web into another application.

Configuration

Environment Variables

The web service is configured via the following environment variables. Read the Environment Variable Types documentation for important details. Column IV shows with which release the environment variable has been introduced.

  • master + Rolling 6.1.0

Deprecation notes for the web service
Deprecation Info Deprecation Version Removal Version Deprecation Replacement

The WEB_ASSET_PATH is deprecated and will be removed in the future.

5.1.0

7.0.0

Use WEB_ASSET_CORE_PATH instead.


Environment variables for the web service
Name IV Type Default Value Description

OCIS_TRACING_ENABLED
WEB_TRACING_ENABLED

pre5.0

bool

false

Activates tracing.

OCIS_TRACING_TYPE
WEB_TRACING_TYPE

pre5.0

string

The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.

OCIS_TRACING_ENDPOINT
WEB_TRACING_ENDPOINT

pre5.0

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
WEB_TRACING_COLLECTOR

pre5.0

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
WEB_LOG_LEVEL

pre5.0

string

The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.

OCIS_LOG_PRETTY
WEB_LOG_PRETTY

pre5.0

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
WEB_LOG_COLOR

pre5.0

bool

false

Activates colorized log output.

OCIS_LOG_FILE
WEB_LOG_FILE

pre5.0

string

The path to the log file. Activates logging to this file if set.

WEB_DEBUG_ADDR

pre5.0

string

127.0.0.1:9104

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

WEB_DEBUG_TOKEN

pre5.0

string

Token to secure the metrics endpoint.

WEB_DEBUG_PPROF

pre5.0

bool

false

Enables pprof, which can be used for profiling.

WEB_DEBUG_ZPAGES

pre5.0

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

WEB_HTTP_ADDR

pre5.0

string

127.0.0.1:9100

The bind address of the HTTP service.

OCIS_HTTP_TLS_ENABLED

pre5.0

bool

false

Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true.

OCIS_HTTP_TLS_CERTIFICATE

pre5.0

string

Path/File name of the TLS server certificate (in PEM format) for the http services.

OCIS_HTTP_TLS_KEY

pre5.0

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services.

WEB_HTTP_ROOT

pre5.0

string

/

Subdirectory that serves as the root for this HTTP service.

WEB_CACHE_TTL

pre5.0

int

604800

Cache policy in seconds for ownCloud Web assets.

OCIS_CORS_ALLOW_ORIGINS
WEB_CORS_ALLOW_ORIGINS

pre5.0

[]string

[https://localhost:9200]

A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_METHODS
WEB_CORS_ALLOW_METHODS

pre5.0

[]string

[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]

A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_HEADERS
WEB_CORS_ALLOW_HEADERS

pre5.0

[]string

[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]

A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.

OCIS_CORS_ALLOW_CREDENTIALS
WEB_CORS_ALLOW_CREDENTIALS

pre5.0

bool

false

Allow credentials for CORS. See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

WEB_ASSET_PATH
Deprecation Note

pre5.0

string

Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets.

WEB_ASSET_CORE_PATH

6.0.0

string

/var/lib/ocis/web/assets/core

Serve ownCloud Web assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/web/assets/core

OCIS_ASSET_THEMES_PATH
WEB_ASSET_THEMES_PATH

6.0.0

string

/var/lib/ocis/web/assets/themes

Serve ownCloud themes from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/web/assets/themes

WEB_ASSET_APPS_PATH

6.0.0

string

/var/lib/ocis/web/assets/apps

Serve ownCloud Web apps assets from a path on the filesystem instead of the builtin assets. If not defined, the root directory derives from $OCIS_BASE_DATA_PATH:/web/assets/apps

WEB_UI_CONFIG_FILE

pre5.0

string

Read the ownCloud Web json based configuration from this path/file. The config file takes precedence over WEB_OPTION_xxx environment variables. See the text description for more details.

OCIS_URL
WEB_UI_THEME_SERVER

pre5.0

string

https://localhost:9200

Base URL to load themes from. Will be prepended to the theme path.

WEB_UI_THEME_PATH

pre5.0

string

/themes/owncloud/theme.json

Path to the theme json file. Will be appended to the URL of the theme server.

OCIS_URL
WEB_UI_CONFIG_SERVER

pre5.0

string

https://localhost:9200

URL, where the oCIS APIs are reachable for ownCloud Web.

WEB_OIDC_METADATA_URL

pre5.0

string

https://localhost:9200/.well-known/openid-configuration

URL for the OIDC well-known configuration endpoint. Defaults to the oCIS API URL + '/.well-known/openid-configuration'.

OCIS_URL
OCIS_OIDC_ISSUER
WEB_OIDC_AUTHORITY

pre5.0

string

https://localhost:9200

URL of the OIDC issuer. It defaults to URL of the builtin IDP.

OCIS_OIDC_CLIENT_ID
WEB_OIDC_CLIENT_ID

pre5.0

string

web

The OIDC client ID which ownCloud Web uses. This client needs to be set up in your IDP. Note that this setting has no effect when using the builtin IDP.

WEB_OIDC_RESPONSE_TYPE

pre5.0

string

code

The OIDC response type to use for authentication.

WEB_OIDC_SCOPE

pre5.0

string

openid profile email

OIDC scopes to request during authentication to authorize access to user details. Defaults to 'openid profile email'. Values are separated by blank. More example values but not limited to are 'address' or 'phone' etc.

WEB_OIDC_POST_LOGOUT_REDIRECT_URI

pre5.0

string

This value needs to point to a valid and reachable web page. The web client will trigger a redirect to that page directly after the logout action. The default value is empty and redirects to the login page.

WEB_OPTION_HOME_FOLDER

pre5.0

string

Specifies a folder that is used when the user navigates 'home'. Navigating home gets triggered by clicking on the 'All files' menu item. The user will not be jailed in that directory, it simply serves as a default location. A static location can be provided, or variables of the user object to come up with a user specific home path can be used. This uses the twig template variable style and allows picking a value or a substring of a value of the authenticated user. Examples are '/Shares', '/{{.Id}}' and '/{{substr 0 3 .Id}}/{{.Id}'.

WEB_OPTION_OPEN_APPS_IN_TAB

pre5.0

bool

false

Configures whether apps and extensions should generally open in a new tab. Defaults to false.

OCIS_DISABLE_PREVIEWS
WEB_OPTION_DISABLE_PREVIEWS

pre5.0

bool

false

Set this option to 'true' to disable previews in all the different web file listing views. This can speed up file listings in folders with many files. The only list view that is not affected by this setting is the trash bin, as it does not allow previewing at all.

WEB_OPTION_PREVIEW_FILE_MIMETYPES

pre5.0

[]string

[image/gif image/png image/jpeg text/plain image/tiff image/bmp image/x-ms-bmp application/vnd.geogebra.slides]

A list of mimeTypes to specify which ones will be previewed in the UI. For example, to only preview jpg and text files, set this option to 'image/jpeg,text/plain'. See the Environment Variable Types description for more details.

WEB_OPTION_DISABLE_FEEDBACK_LINK

pre5.0

bool

false

Set this option to 'true' to disable the feedback link in the top bar. Keeping it enabled by setting the value to 'false' or with the absence of the option, allows ownCloud to get feedback from your user base through a dedicated survey website.

WEB_OPTION_SHARING_RECIPIENTS_PER_PAGE

pre5.0

int

200

Sets the number of users shown as recipients in the dropdown menu when sharing resources.

WEB_OPTION_SIDEBAR_SHARES_SHOW_ALL_ON_LOAD

pre5.0

bool

false

Sets the list of the (link) shares list in the sidebar to be initially expanded. Default is a collapsed state, only showing the first three shares.

WEB_OPTION_RUNNING_ON_EOS

pre5.0

bool

false

Set this option to 'true' if running on an EOS storage backend (https://eos-web.web.cern.ch/eos-web/) to enable its specific features. Defaults to 'false'.

WEB_OPTION_HOVERABLE_QUICK_ACTIONS

pre5.0

bool

false

Set this option to 'true' to hide quick actions (buttons appearing on file rows) and only show them when the user hovers over the row with his mouse. Defaults to 'false'.

WEB_OPTION_ROUTING_ID_BASED

pre5.0

bool

true

Enable or disable fileIds being added to the URL. Defaults to 'true', because otherwise spaces with name clashes cannot be resolved correctly. Note: Only disable this if you can guarantee on the server side, that spaces of the same namespace cannot have name clashes.

WEB_OPTION_CONTEXTHELPERS_READ_MORE

pre5.0

bool

true

Specifies whether the 'Read more' link should be displayed or not.

WEB_OPTION_LOGOUT_URL

pre5.0

string

Adds a link to the user’s profile page to point him to an external page, where he can manage his session and devices. This is helpful when an external IdP is used. This option is disabled by default.

WEB_OPTION_LOGIN_URL

5.0

string

Specifies the target URL to the login page. This is helpful when an external IdP is used. This option is disabled by default. Example URL like: https://www.myidp.com/login.

WEB_OPTION_OPEN_LINKS_WITH_DEFAULT_APP

pre5.0

bool

true

Specifies whether single file link shares should be opened with the default app or not. If not opened by the default app, the Web UI just displays the file details.

WEB_OPTION_TOKEN_STORAGE_LOCAL

pre5.0

bool

true

Specifies whether the access token will be stored in the local storage when set to 'true' or in the session storage when set to 'false'. If stored in the local storage, login state will be persisted across multiple browser tabs, means no additional logins are required.

WEB_OPTION_DISABLED_EXTENSIONS

5.0

[]string

[]

A list to disable specific Web extensions identified by their ID. The ID can e.g. be taken from the 'index.ts' file of the web extension. Example: 'com.github.owncloud.web.files.search,com.github.owncloud.web.files.print'. See the Environment Variable Types description for more details.

WEB_OPTION_USER_LIST_REQUIRES_FILTER

5.0

bool

false

Defines whether one or more filters must be set in order to list users in the Web admin settings. Set this option to 'true' if running in an environment with a lot of users and listing all users could slow down performance. Defaults to 'false'.

WEB_OPTION_CONCURRENT_REQUESTS_RESOURCE_BATCH_ACTIONS

5.0

int

0

Defines the maximum number of concurrent requests per file/folder/space batch action. Defaults to 4.

WEB_OPTION_CONCURRENT_REQUESTS_SSE

5.0

int

0

Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.

WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE

5.0

int

0

Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.

WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST

5.0

int

0

Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.

OCIS_JWT_SECRET
WEB_JWT_SECRET

pre5.0

string

The secret to mint and validate jwt tokens.

WEB_GATEWAY_GRPC_ADDR

pre5.0

string

com.owncloud.api.gateway

The bind address of the GRPC service.

YAML Example

  • master + Rolling 6.1.0

# Autogenerated
# Filename: web-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9104
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9100
  tls:
    enabled: false
    cert: ""
    key: ""
  root: /
  cache_ttl: 604800
  cors:
    allow_origins:
    - https://localhost:9200
    allow_methods:
    - OPTIONS
    - HEAD
    - GET
    - PUT
    - PATCH
    - POST
    - DELETE
    - MKCOL
    - PROPFIND
    - PROPPATCH
    - MOVE
    - COPY
    - REPORT
    - SEARCH
    allow_headers:
    - Origin
    - Accept
    - Content-Type
    - Depth
    - Authorization
    - Ocs-Apirequest
    - If-None-Match
    - If-Match
    - Destination
    - Overwrite
    - X-Request-Id
    - X-Requested-With
    - Tus-Resumable
    - Tus-Checksum-Algorithm
    - Upload-Concat
    - Upload-Length
    - Upload-Metadata
    - Upload-Defer-Length
    - Upload-Expires
    - Upload-Checksum
    - Upload-Offset
    - X-HTTP-Method-Override
    allow_credentials: false
asset:
  path: ""
  core_path: /var/lib/ocis/web/assets/core
  themes_path: /var/lib/ocis/web/assets/themes
  apps_path: /var/lib/ocis/web/assets/apps
file: ""
web:
  theme_server: https://localhost:9200
  theme_path: /themes/owncloud/theme.json
  config:
    server: https://localhost:9200
    oidc:
      metadata_url: https://localhost:9200/.well-known/openid-configuration
      authority: https://localhost:9200
      client_id: web
      response_type: code
      scope: openid profile email
      post_logout_redirect_uri: ""
    apps:
    - files
    - search
    - text-editor
    - pdf-viewer
    - external
    - admin-settings
    - epub-reader
    - draw-io
    applications: []
    external_apps:
    - id: preview
      path: web-app-preview
      config:
        mimeTypes:
        - image/tiff
        - image/bmp
        - image/x-ms-bmp
    options:
      homeFolder: ""
      openAppsInTab: false
      disablePreviews: false
      previewFileMimeTypes:
      - image/gif
      - image/png
      - image/jpeg
      - text/plain
      - image/tiff
      - image/bmp
      - image/x-ms-bmp
      - application/vnd.geogebra.slides
      accountEditLink: null
      disableFeedbackLink: false
      feedbackLink: null
      sharingRecipientsPerPage: 200
      sidebar:
        shares:
          showAllOnLoad: false
      runningOnEos: false
      cernFeatures: false
      hoverableQuickActions: false
      routing:
        idBased: true
      upload: null
      editor: null
      contextHelpersReadMore: true
      logoutUrl: ""
      loginUrl: ""
      openLinksWithDefaultApp: true
      tokenStorageLocal: true
      disabledExtensions: []
      embed: null
      userListRequiresFilter: false
      concurrentRequests:
        resourceBatchActions: 0
        sse: 0
        shares:
          create: 0
          list: 0
    styles: []
    scripts: []
    custom_translations: []
apps: {}
token_manager:
  jwt_secret: ""
gateway_addr: com.owncloud.api.gateway