eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

[docs-only] Some doc related updates

Browse Source
This commit is contained in:
Martin Mattel
2026-02-16 15:38:48 +01:00
parent 7d6aa0ea02
commit 31c89b5eaa
3 changed files with 135 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

231
docs/helpers/env_vars.yaml
View File

@@ -7903,7 +7903,7 @@ OCIS_ASSET_THEMES_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_ASYNC_UPLOADS:
name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS
name: OCIS_ASYNC_UPLOADS
defaultValue: "true"
type: bool
description: Enable asynchronous file uploads.
@@ -7912,20 +7912,20 @@ OCIS_ASYNC_UPLOADS:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_PASSWORD:
name: OCIS_CACHE_AUTH_PASSWORD;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD
name: OCIS_CACHE_AUTH_PASSWORD;SETTINGS_CACHE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the store. Only applies when store
description: The password to authenticate with the cache. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_AUTH_USERNAME:
name: OCIS_CACHE_AUTH_USERNAME;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME
name: OCIS_CACHE_AUTH_USERNAME;SETTINGS_CACHE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the store. Only applies when store
description: The username to authenticate with the cache. Only applies when store
type 'nats-js-kv' is configured.
introductionVersion: "5.0"
deprecationVersion: ""
@@ -7951,33 +7951,35 @@ OCIS_CACHE_DISABLE_PERSISTENCE:
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE:
name: OCIS_CACHE_STORE;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE
defaultValue: nats-js-kv
name: OCIS_CACHE_STORE;SETTINGS_CACHE_STORE
defaultValue: memory
type: string
description: 'The type of the signing key store. Supported values are: ''redis-sentinel''
and ''nats-js-kv''. See the text description for details.'
introductionVersion: "5.0"
description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'',
''nats-js-kv'', ''noop''. See the text description for details.'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_STORE_NODES:
name: OCIS_CACHE_STORE_NODES;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES
name: OCIS_CACHE_STORE_NODES;SETTINGS_CACHE_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
type: '[]string'
description: A list of nodes to access the configured store. Note that the behaviour
how nodes are used is dependent on the library of the configured store. See the
Environment Variable Types description for more details.
introductionVersion: "5.0"
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
is dependent on the library of the configured store. See the Environment Variable
Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CACHE_TTL:
name: OCIS_CACHE_TTL;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL
defaultValue: 12h0m0s
name: OCIS_CACHE_TTL;SETTINGS_CACHE_TTL
defaultValue: 10m0s
type: Duration
description: Default time to live for signing keys. See the Environment Variable
Types description for more details.
introductionVersion: "5.0"
description: Default time to live for entries in the cache. Only applied when access
tokens has no expiration. See the Environment Variable Types description for more
details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8019,7 +8021,7 @@ OCIS_CLAIM_MANAGED_SPACES_REGEXP:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_CREDENTIALS:
name: OCIS_CORS_ALLOW_CREDENTIALS;OCS_CORS_ALLOW_CREDENTIALS
name: OCIS_CORS_ALLOW_CREDENTIALS;SETTINGS_CORS_ALLOW_CREDENTIALS
defaultValue: "true"
type: bool
description: 'Allow credentials for CORS.See following chapter for more details:
@@ -8029,9 +8031,8 @@ OCIS_CORS_ALLOW_CREDENTIALS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_HEADERS:
name: OCIS_CORS_ALLOW_HEADERS;OCS_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id
Cache-Control]'
name: OCIS_CORS_ALLOW_HEADERS;SETTINGS_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]'
type: '[]string'
description: 'A list of allowed CORS headers. See following chapter for more details:
*Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
@@ -8041,7 +8042,7 @@ OCIS_CORS_ALLOW_HEADERS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_METHODS:
name: OCIS_CORS_ALLOW_METHODS;OCS_CORS_ALLOW_METHODS
name: OCIS_CORS_ALLOW_METHODS;SETTINGS_CORS_ALLOW_METHODS
defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]'
type: '[]string'
description: 'A list of allowed CORS methods. See following chapter for more details:
@@ -8052,7 +8053,7 @@ OCIS_CORS_ALLOW_METHODS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_ORIGINS:
name: OCIS_CORS_ALLOW_ORIGINS;OCS_CORS_ALLOW_ORIGINS
name: OCIS_CORS_ALLOW_ORIGINS;SETTINGS_CORS_ALLOW_ORIGINS
defaultValue: '[*]'
type: '[]string'
description: 'A list of allowed CORS origins. See following chapter for more details:
@@ -8175,7 +8176,7 @@ OCIS_ENABLE_OCM:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_PASSWORD:
name: OCIS_EVENTS_AUTH_PASSWORD;AUDIT_EVENTS_AUTH_PASSWORD
name: OCIS_EVENTS_AUTH_PASSWORD;SSE_EVENTS_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the events broker. The events broker
@@ -8185,7 +8186,7 @@ OCIS_EVENTS_AUTH_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_AUTH_USERNAME:
name: OCIS_EVENTS_AUTH_USERNAME;AUDIT_EVENTS_AUTH_USERNAME
name: OCIS_EVENTS_AUTH_USERNAME;SSE_EVENTS_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the events broker. The events broker
@@ -8195,18 +8196,18 @@ OCIS_EVENTS_AUTH_USERNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_CLUSTER:
name: OCIS_EVENTS_CLUSTER;AUDIT_EVENTS_CLUSTER
name: OCIS_EVENTS_CLUSTER;SSE_EVENTS_CLUSTER
defaultValue: ocis-cluster
type: string
description: The clusterID of the event system. The event system is the message
queuing service. It is used as message broker for the microservice architecture.
Mandatory when using NATS as event system.
introductionVersion: pre5.0
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENABLE_TLS:
name: OCIS_EVENTS_ENABLE_TLS;AUDIT_EVENTS_ENABLE_TLS
name: OCIS_EVENTS_ENABLE_TLS;NATS_EVENTS_ENABLE_TLS
defaultValue: "false"
type: bool
description: Enable TLS for the connection to the events broker. The events broker
@@ -8216,22 +8217,22 @@ OCIS_EVENTS_ENABLE_TLS:
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_ENDPOINT:
name: OCIS_EVENTS_ENDPOINT;AUDIT_EVENTS_ENDPOINT
name: OCIS_EVENTS_ENDPOINT;SSE_EVENTS_ENDPOINT
defaultValue: 127.0.0.1:9233
type: string
description: The address of the event system. The event system is the message queuing
service. It is used as message broker for the microservice architecture.
introductionVersion: pre5.0
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE:
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE
name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE
defaultValue: ""
type: string
description: The root CA certificate used to validate the server's TLS certificate.
If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.
introductionVersion: pre5.0
If provided SSE_EVENTS_TLS_INSECURE will be seen as false.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8268,7 +8269,7 @@ OCIS_GRPC_CLIENT_TLS_MODE:
removalVersion: ""
deprecationInfo: ""
OCIS_GRPC_PROTOCOL:
name: OCIS_GRPC_PROTOCOL;GROUPS_GRPC_PROTOCOL
name: OCIS_GRPC_PROTOCOL;APP_REGISTRY_GRPC_PROTOCOL
defaultValue: ""
type: string
description: The transport protocol of the GRPC service.
@@ -8308,16 +8309,17 @@ OCIS_HTTP_TLS_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_INSECURE:
name: OCIS_INSECURE;WEBFINGER_INSECURE
name: OCIS_INSECURE;NATS_TLS_SKIP_VERIFY_CLIENT_CERT
defaultValue: "false"
type: bool
description: Allow insecure connections to the WEBFINGER service.
description: Whether the NATS server should skip the client certificate verification
during the TLS handshake.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_JWT_SECRET:
name: OCIS_JWT_SECRET;OCS_JWT_SECRET
name: OCIS_JWT_SECRET;APP_REGISTRY_JWT_SECRET
defaultValue: ""
type: string
description: The secret to mint and validate jwt tokens.
@@ -8326,7 +8328,7 @@ OCIS_JWT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_BASE_PATH:
name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH
name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH
defaultValue: ""
type: string
description: The URL to access keycloak.
@@ -8335,16 +8337,16 @@ OCIS_KEYCLOAK_BASE_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_ID:
name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID
name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID
defaultValue: ""
type: string
description: The client ID to authenticate with keycloak.
description: The client id to authenticate with keycloak.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_REALM:
name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM
name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM
defaultValue: ""
type: string
description: The realm the client is defined in.
@@ -8353,7 +8355,7 @@ OCIS_KEYCLOAK_CLIENT_REALM:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_SECRET:
name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET
name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET
defaultValue: ""
type: string
description: The client secret to use in authentication.
@@ -8362,7 +8364,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY:
name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY
name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY
defaultValue: "false"
type: bool
description: Disable TLS certificate validation for Keycloak connections. Do not
@@ -8372,7 +8374,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_USER_REALM:
name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM
name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM
defaultValue: ""
type: string
description: The realm users are defined.
@@ -8381,7 +8383,7 @@ OCIS_KEYCLOAK_USER_REALM:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_DN:
name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN
name: OCIS_LDAP_BIND_DN;USERS_LDAP_BIND_DN
defaultValue: uid=reva,ou=sysusers,o=libregraph-idm
type: string
description: LDAP DN to use for simple bind authentication with the target LDAP
@@ -8391,7 +8393,7 @@ OCIS_LDAP_BIND_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_BIND_PASSWORD:
name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD
name: OCIS_LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD
defaultValue: ""
type: string
description: Password to use for authenticating the 'bind_dn'.
@@ -8400,7 +8402,7 @@ OCIS_LDAP_BIND_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_CACERT:
name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT
name: OCIS_LDAP_CACERT;USERS_LDAP_CACERT
defaultValue: /var/lib/ocis/idm/ldap.crt
type: string
description: Path/File name for the root CA certificate (in PEM format) used to
@@ -8421,7 +8423,7 @@ OCIS_LDAP_CROSS_INSTANCE_REFERENCE_TEMPLATE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLE_USER_MECHANISM:
name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM
name: OCIS_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM
defaultValue: attribute
type: string
description: An option to control the behavior for disabling users. Valid options
@@ -8434,7 +8436,7 @@ OCIS_LDAP_DISABLE_USER_MECHANISM:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLED_USERS_GROUP_DN:
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN
defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm
type: string
description: The distinguished name of the group to which added users will be classified
@@ -8454,7 +8456,7 @@ OCIS_LDAP_GROUP_AFFILIATION_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_BASE_DN:
name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN
name: OCIS_LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN
defaultValue: ou=groups,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP groups.
@@ -8463,7 +8465,7 @@ OCIS_LDAP_GROUP_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_FILTER:
name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER
name: OCIS_LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for group searches.
@@ -8472,17 +8474,17 @@ OCIS_LDAP_GROUP_FILTER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_OBJECTCLASS:
name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS
name: OCIS_LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS
defaultValue: groupOfNames
type: string
description: The object class to use for groups in the default group search filter
('groupOfNames').
like 'groupOfNames'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME
name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the displayname of groups (often the same
@@ -8492,7 +8494,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME
name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME
defaultValue: cn
type: string
description: LDAP Attribute to use for the name of groups.
@@ -8501,17 +8503,17 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID:
name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID
name: OCIS_LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP Attribute to use as the unique id for groups. This should be a
description: LDAP Attribute to use as the unique ID for groups. This should be a
stable globally unique ID like a UUID.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'id' attribute for groups is of the
@@ -8522,7 +8524,7 @@ OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MAIL:
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL
name: OCIS_LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP Attribute to use for the email address of groups (can be empty).
@@ -8531,7 +8533,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCHEMA_MEMBER:
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER
name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER
defaultValue: member
type: string
description: LDAP Attribute that is used for group members.
@@ -8540,17 +8542,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_GROUP_SCOPE:
name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE
name: OCIS_LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up groups. Supported scopes are
description: LDAP search scope to use when looking up groups. Supported values are
'base', 'one' and 'sub'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_INSECURE:
name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE
name: OCIS_LDAP_INSECURE;USERS_LDAP_INSECURE
defaultValue: "false"
type: bool
description: Disable TLS certificate validation for the LDAP connections. Do not
@@ -8630,7 +8632,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_URI:
name: OCIS_LDAP_URI;GROUPS_LDAP_URI
name: OCIS_LDAP_URI;USERS_LDAP_URI
defaultValue: ldaps://localhost:9235
type: string
description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://'
@@ -8640,7 +8642,7 @@ OCIS_LDAP_URI:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_BASE_DN:
name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN
name: OCIS_LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN
defaultValue: ou=users,o=libregraph-idm
type: string
description: Search base DN for looking up LDAP users.
@@ -8649,7 +8651,7 @@ OCIS_LDAP_USER_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_ENABLED_ATTRIBUTE:
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;USERS_LDAP_USER_ENABLED_ATTRIBUTE
defaultValue: ownCloudUserEnabled
type: string
description: LDAP attribute to use as a flag telling if the user is enabled or disabled.
@@ -8658,7 +8660,7 @@ OCIS_LDAP_USER_ENABLED_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_FILTER:
name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER
name: OCIS_LDAP_USER_FILTER;USERS_LDAP_USER_FILTER
defaultValue: ""
type: string
description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'.
@@ -8687,24 +8689,24 @@ OCIS_LDAP_USER_MEMBER_ATTRIBUTE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_OBJECTCLASS:
name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS
name: OCIS_LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS
defaultValue: inetOrgPerson
type: string
description: The object class to use for users in the default user search filter
('inetOrgPerson').
like 'inetOrgPerson'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_DISPLAYNAME:
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME
name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME
defaultValue: displayname
type: string
description: LDAP Attribute to use for the displayname of users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | '
OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
name: OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID;GRAPH_LDAP_EXTERNAL_ID_ATTRIBUTE
defaultValue: owncloudExternalID
@@ -8717,17 +8719,17 @@ OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID:
name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID
name: OCIS_LDAP_USER_SCHEMA_ID;USERS_LDAP_USER_SCHEMA_ID
defaultValue: ownclouduuid
type: string
description: LDAP Attribute to use as the unique id for users. This should be a
stable globally unique id like a UUID.
description: LDAP Attribute to use as the unique ID for users. This should be a
stable globally unique ID like a UUID.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING:
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING
defaultValue: "false"
type: bool
description: Set this to true if the defined 'ID' attribute for users is of the
@@ -8738,7 +8740,7 @@ OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_MAIL:
name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL
name: OCIS_LDAP_USER_SCHEMA_MAIL;USERS_LDAP_USER_SCHEMA_MAIL
defaultValue: mail
type: string
description: LDAP Attribute to use for the email address of users.
@@ -8747,7 +8749,7 @@ OCIS_LDAP_USER_SCHEMA_MAIL:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USER_TYPE:
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE
defaultValue: ownCloudUserType
type: string
description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default
@@ -8757,7 +8759,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USERNAME:
name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME
name: OCIS_LDAP_USER_SCHEMA_USERNAME;USERS_LDAP_USER_SCHEMA_USERNAME
defaultValue: uid
type: string
description: LDAP Attribute to use for username of users.
@@ -8766,17 +8768,17 @@ OCIS_LDAP_USER_SCHEMA_USERNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCOPE:
name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE
name: OCIS_LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE
defaultValue: sub
type: string
description: LDAP search scope to use when looking up users. Supported scopes are
description: LDAP search scope to use when looking up users. Supported values are
'base', 'one' and 'sub'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_COLOR:
name: OCIS_LOG_COLOR;OCS_LOG_COLOR
name: OCIS_LOG_COLOR;APP_REGISTRY_LOG_COLOR
defaultValue: "false"
type: bool
description: Activates colorized log output.
@@ -8785,7 +8787,7 @@ OCIS_LOG_COLOR:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_FILE:
name: OCIS_LOG_FILE;OCS_LOG_FILE
name: OCIS_LOG_FILE;APP_REGISTRY_LOG_FILE
defaultValue: ""
type: string
description: The path to the log file. Activates logging to this file if set.
@@ -8794,7 +8796,7 @@ OCIS_LOG_FILE:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_LEVEL:
name: OCIS_LOG_LEVEL;OCS_LOG_LEVEL
name: OCIS_LOG_LEVEL;APP_REGISTRY_LOG_LEVEL
defaultValue: ""
type: string
description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'',
@@ -8804,7 +8806,7 @@ OCIS_LOG_LEVEL:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_PRETTY:
name: OCIS_LOG_PRETTY;OCS_LOG_PRETTY
name: OCIS_LOG_PRETTY;APP_REGISTRY_LOG_PRETTY
defaultValue: "false"
type: bool
description: Activates pretty log output.
@@ -8862,7 +8864,7 @@ OCIS_MFA_ENABLED:
type: bool
description: Enable MFA enforcement. If enabled users need to complete MFA before
they can access specific paths
introductionVersion: Balch
introductionVersion: 7.3.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -8897,7 +8899,7 @@ OCIS_MULTI_INSTANCE_INSTANCEID:
name: OCIS_MULTI_INSTANCE_INSTANCEID
defaultValue: ""
type: string
description: The unique id of this instance
description: The unique ID of this instance.
introductionVersion: 8.0.0
deprecationVersion: ""
removalVersion: ""
@@ -8933,17 +8935,16 @@ OCIS_OIDC_CLIENT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_OIDC_ISSUER:
name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL
name: OCIS_URL;OCIS_OIDC_ISSUER
defaultValue: https://localhost:9200
type: string
description: The identity provider value to set in the group IDs of the CS3 group
objects for groups returned by this group provider.
description: The OIDC issuer URL to assign to the demo users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
defaultValue: ""
type: string
description: Path to the 'banned passwords list' file. This only impacts public
@@ -8953,7 +8954,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_DISABLED:
name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED
name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED
defaultValue: "false"
type: bool
description: Disable the password policy. Defaults to false if not set.
@@ -8962,7 +8963,7 @@ OCIS_PASSWORD_POLICY_DISABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS
defaultValue: "8"
type: int
description: Define the minimum password length. Defaults to 8 if not set.
@@ -8971,7 +8972,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_DIGITS:
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS
defaultValue: "1"
type: int
description: Define the minimum number of digits. Defaults to 1 if not set.
@@ -8980,7 +8981,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of uppercase letters. Defaults to 1 if not
@@ -8990,7 +8991,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of characters from the special characters
@@ -9000,7 +9001,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of lowercase letters. Defaults to 1 if not
@@ -9114,7 +9115,7 @@ OCIS_SERVICE_ACCOUNT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_SERVICE_ACCOUNT_SECRET:
name: OCIS_SERVICE_ACCOUNT_SECRET;USERLOG_SERVICE_ACCOUNT_SECRET
name: OCIS_SERVICE_ACCOUNT_SECRET;CLIENTLOG_SERVICE_ACCOUNT_SECRET
defaultValue: ""
type: string
description: The service account secret.
@@ -9123,7 +9124,7 @@ OCIS_SERVICE_ACCOUNT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
defaultValue: "true"
type: bool
description: Set this to true if you want to enforce passwords on all public shares.
@@ -9132,11 +9133,11 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
defaultValue: "false"
type: bool
description: Set this to true if you want to enforce passwords on Uploader, Editor
or Contributor shares.
description: Set this to true if you want to enforce passwords for writable shares.
Only effective if the setting for 'passwords on all public shares' is set to false.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
@@ -9182,7 +9183,7 @@ OCIS_SYSTEM_USER_IDP:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_COLLECTOR:
name: OCIS_TRACING_COLLECTOR;OCS_TRACING_COLLECTOR
name: OCIS_TRACING_COLLECTOR;APP_REGISTRY_TRACING_COLLECTOR
defaultValue: ""
type: string
description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces.
@@ -9192,7 +9193,7 @@ OCIS_TRACING_COLLECTOR:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENABLED:
name: OCIS_TRACING_ENABLED;OCS_TRACING_ENABLED
name: OCIS_TRACING_ENABLED;APP_REGISTRY_TRACING_ENABLED
defaultValue: "false"
type: bool
description: Activates tracing.
@@ -9201,7 +9202,7 @@ OCIS_TRACING_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENDPOINT:
name: OCIS_TRACING_ENDPOINT;OCS_TRACING_ENDPOINT
name: OCIS_TRACING_ENDPOINT;APP_REGISTRY_TRACING_ENDPOINT
defaultValue: ""
type: string
description: The endpoint of the tracing agent.
@@ -9210,7 +9211,7 @@ OCIS_TRACING_ENDPOINT:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_TYPE:
name: OCIS_TRACING_TYPE;OCS_TRACING_TYPE
name: OCIS_TRACING_TYPE;APP_REGISTRY_TRACING_TYPE
defaultValue: ""
type: string
description: The type of tracing. Defaults to '', which is the same as 'jaeger'.
@@ -9223,7 +9224,7 @@ OCIS_TRANSFER_SECRET:
name: OCIS_TRANSFER_SECRET
defaultValue: ""
type: string
description: The storage transfer secret.
description: Transfer secret for signing file up- and download requests.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9240,11 +9241,10 @@ OCIS_TRANSLATION_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_URL:
name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL
name: OCIS_URL;OCIS_OIDC_ISSUER
defaultValue: https://localhost:9200
type: string
description: The identity provider value to set in the group IDs of the CS3 group
objects for groups returned by this group provider.
description: The OIDC issuer URL to assign to the demo users.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9259,11 +9259,12 @@ OCIS_USER_SEARCH_DISPLAYED_ATTRIBUTES:
removalVersion: ""
deprecationInfo: ""
OCIS_WOPI_DISABLE_CHAT:
name: APP_PROVIDER_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
defaultValue: "false"
type: bool
description: Disable the chat functionality of the office app.
introductionVersion: pre5.0
description: Disable chat in the office web frontend. This feature applies to OnlyOffice
and Microsoft.
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""

24
docs/services/storage-publiclink/_index.md
View File

@@ -1,6 +1,6 @@
---
title: storage-publiclink
date: 2026-01-23T13:37:38.466093882+01:00
date: 2026-02-16T15:34:12.415339224+01:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/services/storage-publiclink
@@ -21,20 +21,32 @@ geekdocCollapseSection: true
## Brute Force Protection
The brute force protection will prevent access to public links if wrong passwords are entered. The implementation is very similar to a rate limiter, but taking into account only wrong password attempts.
The brute force protection will prevent access to public links if wrong
passwords are entered. The implementation is very similar to a rate limiter,
but taking into account only wrong password attempts.
This feature is enabled by default with predefined settings.
If you want to disable this feature, set the related configuration values to 0.
By default, you're allowed a maximum of 5 failed attempts in 1 hour:
* `STORAGE_PUBLICLINK_BRUTEFORCE_MAXATTEMPTS=5`
* `STORAGE_PUBLICLINK_BRUTEFORCE_TIMEGAP=1h`
You can adjust those values to your liking in order to define the failure rate threshold (5 failures per hour, by default).
You can adjust those values to your liking in order to define the failure rate
threshold (5 failures per hour, by default).
If the failure rate threshold is exceeded, the public link will be blocked until such rate goes below the threshold. This means that it will remain blocked for an undefined time: a couple of seconds in the best case, or up to `STORAGE_PUBLICLINK_BRUTEFORCE_TIME` in the worst case.
If the failure rate threshold is exceeded, the public link will be blocked
until such rate goes below the threshold. This means that it will remain
blocked for an undefined time: a couple of seconds in the best case, or up
to `STORAGE_PUBLICLINK_BRUTEFORCE_TIMEGAP` in the worst case.
If the public link is blocked by the brute force protection, it will be blocked for all the users.
If the public link is blocked by the brute force protection, it will be blocked
for all the users. Any attempt with a false password will restart the trigger.
As said, this feature is enabled by default, with a 5 failures per hour rate. If you want to disable this feature, set the related configuration values to 0.
Note that this feature uses the configurable store. No setting changes need to
be made when using defaults.
## Example Yaml Config
{{< include file="services/_includes/storage-publiclink-config-example.yaml" language="yaml" >}}

2
services/proxy/pkg/config/config.go
View File

@@ -129,7 +129,7 @@ type JWKS struct {
}
type MFAConfig struct {
Enabled bool `yaml:"enabled" env:"OCIS_MFA_ENABLED" desc:"Enable MFA enforcement. If enabled users need to complete MFA before they can access specific paths" introductionVersion:"Balch"`
Enabled bool `yaml:"enabled" env:"OCIS_MFA_ENABLED" desc:"Enable MFA enforcement. If enabled users need to complete MFA before they can access specific paths" introductionVersion:"7.3.0"`
AuthLevelNames []string `yaml:"auth_level_name" env:"OCIS_MFA_AUTH_LEVEL_NAMES" desc:"This authentication level name indicates that multi-factor authentication was performed. The name must match the ACR claim in the access token received. Note: If multiple names are required, use a comma-separated list. The front-end service will use the first name in the list when requesting multi-factor authentication (MFA)." introductionVersion:"7.3.0"`
}