diff --git a/admin_manual/configuration_server/config_sample_php_parameters.rst b/admin_manual/configuration_server/config_sample_php_parameters.rst index e7141387d..43e7f2eaf 100644 --- a/admin_manual/configuration_server/config_sample_php_parameters.rst +++ b/admin_manual/configuration_server/config_sample_php_parameters.rst @@ -387,6 +387,17 @@ Disabling this is discouraged for security reasons. Defaults to ``true`` +:: + + 'auth.authtoken.v1.disabled' => false, + +Whether the authtoken v1 provider should be skipped + +The v1 provider is deprecated and removed in Nextcloud 24 onwards. It can be +disabled already when the instance was installed after Nextcloud 14. + +Defaults to ``false`` + :: 'auth.webauthn.enabled' => true, @@ -899,6 +910,11 @@ connection. If none of these hosts are reachable, the administration panel will show a warning. Set to an empty list to not do any such checks (warning will still be shown). +If no protocol is provided, both http and https will be tested. +For example, 'http://www.nextcloud.com' and 'https://www.nextcloud.com' +will be tested for 'www.nextcloud.com' +If a protocol is provided, only this one will be tested. + Defaults to the following domains: - www.nextcloud.com @@ -978,6 +994,14 @@ must be installed and active. Defaults to ``file`` +:: + + 'log_type_audit' => 'file', + +This parameter determines where the audit logs are sent. See ``log_type`` for more information. + +Defaults to ``file`` + :: 'logfile' => '/var/log/nextcloud.log', @@ -987,11 +1011,20 @@ Name of the file to which the Nextcloud logs are written if parameter Defaults to ``[datadirectory]/nextcloud.log`` +:: + + 'logfile_audit' => '/var/log/audit.log', + +Name of the file to which the audit logs are written if parameter +``log_type`` is set to ``file``. + +Defaults to ``[datadirectory]/audit.log`` + :: 'logfilemode' => 0640, -Log file mode for the Nextcloud loggin type in octal notation. +Log file mode for the Nextcloud logging type in octal notation. Defaults to 0640 (writeable by user, readable by group). @@ -1015,6 +1048,17 @@ with a unique id. Only available if ``log_type`` is set to ``syslog`` or The default value is ``Nextcloud``. +:: + + 'syslog_tag_audit' => 'Nextcloud', + +If you maintain different instances and aggregate the logs, you may want +to distinguish between them. ``syslog_tag_audit`` can be set per instance +with a unique id. Only available if ``log_type`` is set to ``syslog`` or +``systemd``. + +The default value is the value of ``syslog_tag``. + :: 'log.condition' => [ @@ -1206,6 +1250,18 @@ likely show the default mimetype icon. Set to -1 for no limit. Defaults to ``50`` megabytes +:: + + 'preview_max_memory' => 128, + +max memory for generating image previews with imagegd (default behavior) +Reads the image dimensions from the header and assumes 32 bits per pixel. + +If creating the image would allocate more memory, preview generation will +be disabled and the default mimetype icon is shown. Set to -1 for no limit. + +Defaults to ``128`` megabytes + :: 'preview_libreoffice_path' => '/usr/bin/libreoffice', @@ -1230,7 +1286,6 @@ Defaults to ``''`` (empty string) 'OC\Preview\PNG', 'OC\Preview\JPEG', 'OC\Preview\GIF', - 'OC\Preview\HEIC', 'OC\Preview\BMP', 'OC\Preview\XBitmap', 'OC\Preview\MP3', @@ -1246,6 +1301,7 @@ The following providers are disabled by default due to performance or privacy concerns: - OC\\Preview\\Illustrator + - OC\\Preview\\HEIC - OC\\Preview\\Movie - OC\\Preview\\MSOffice2003 - OC\\Preview\\MSOffice2007 @@ -1263,7 +1319,6 @@ Defaults to the following providers: - OC\\Preview\\BMP - OC\\Preview\\GIF - - OC\\Preview\\HEIC - OC\\Preview\\JPEG - OC\\Preview\\MarkDown - OC\\Preview\\MP3 @@ -1345,6 +1400,21 @@ are kicked out of Nextcloud instantly. Defaults to ``false`` +:: + + 'maintenance_window_start' => 1, + +UTC Hour for maintenance windows + +Some background jobs only run once a day. When an hour is defined for this config, +the background jobs which advertise themselves as not time sensitive will be +delayed during the "working" hours and only run in the 4 hours after the given time. +This is e.g. used for activity expiration, suspicious login training and update checks. + +A value of 1 e.g. will only run these background jobs between 01:00am UTC and 05:00am UTC. + +Defaults to ``100`` which disables the feature + SSL --- @@ -1404,8 +1474,17 @@ Defaults to ``none`` 'host' => 'localhost', // can also be a unix domain socket: '/tmp/redis.sock' 'port' => 6379, 'timeout' => 0.0, + 'read_timeout' => 0.0, + 'user' => '', // Optional, if not defined no password will be used. 'password' => '', // Optional, if not defined no password will be used. 'dbindex' => 0, // Optional, if undefined SELECT will not run and will use Redis Server's default DB Index. + // If redis in-transit encryption is enabled, provide certificates + // SSL context https://www.php.net/manual/en/context.ssl.php + 'ssl_context' => [ + 'local_cert' => '/certs/redis.crt', + 'local_pk' => '/certs/redis.key', + 'cafile' => '/certs/ca.crt' + ] ], Connection details for redis to use for memory caching in a single server configuration. @@ -1414,6 +1493,9 @@ For enhanced security it is recommended to configure Redis to require a password. See http://redis.io/topics/security for more information. +We also support redis SSL/TLS encryption as of version 6. +See https://redis.io/topics/encryption for more information. + :: 'redis.cluster' => [ @@ -1424,7 +1506,15 @@ for more information. 'timeout' => 0.0, 'read_timeout' => 0.0, 'failover_mode' => \RedisCluster::FAILOVER_ERROR, + 'user' => '', // Optional, if not defined no password will be used. 'password' => '', // Optional, if not defined no password will be used. + // If redis in-transit encryption is enabled, provide certificates + // SSL context https://www.php.net/manual/en/context.ssl.php + 'ssl_context' => [ + 'local_cert' => '/certs/redis.crt', + 'local_pk' => '/certs/redis.key', + 'cafile' => '/certs/ca.crt' + ] ], Connection details for a Redis Cluster @@ -1666,6 +1756,16 @@ Set to true to enforce that internal shares need to be accepted Set to false to stop sending a mail when users receive a share +:: + + 'transferIncomingShares' => false, + +Set to true to always transfer incoming shares by default +when running "occ files:transfer-ownership". + +Defaults to false, so incoming shares are not transferred if not specifically requested +by a command line argument. + All other configuration options ------------------------------- @@ -1721,6 +1821,25 @@ https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_l http://www.tocker.ca/2013/10/31/benchmarking-innodb-page-compression-performance.html http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/ +:: + + 'mysql.collation' => null, + +For search queries in the database, a default collation – depending on the +character set – is chosen. In some cases a different behaviour is desired, +for instances when a accent sensitive search is desired. + +MariaDB and MySQL have an overlap in available collations, but also +incompatible ones, also depending on the version of the database server. + +This option allows to override the automatic choice. Example: + +'mysql.collation' => 'utf8mb4_0900_as_ci', + +This setting has no effect on setup or creating tables. In those cases +always utf8[mb4]_bin is being used. This setting is only taken into +consideration in SQL queries that utilize LIKE comparison operators. + :: 'supportedDatabases' => [ @@ -1898,6 +2017,19 @@ unlikely. Defaults to ``1800`` (seconds) +:: + + 'files_external_allow_create_new_local' => true, + +Allows to create external storages of type "Local" in the web interface and APIs. + +When disable, it is still possible to create local storages with occ using +the following command: + +% php occ files_external:create /mountpoint local null::null -c datadir=/path/to/data + +Defaults to ``true`` + :: 'filesystem_check_changes' => 0, @@ -2148,6 +2280,18 @@ Some companies require it to be disabled to comply with their security policy. Simply set this property to "false", if you want to turn this feature off. +:: + + 'files_no_background_scan' => false, + +Disable background scanning of files + +By default, a background job runs every 10 minutes and execute a background +scan to sync filesystem and database. Only users with unscanned files +(size < 0 in filecache) are included. Maximum 500 users per job. + +Defaults to ``true`` + .. ALL_OTHER_SECTIONS_END .. Generated content above. Don't change this.