Host Server Settings

This chapter lists and describes the available configuration options for the TeamDrive Host Server.

You can review and modify most of these via the TeamDrive Host Server Administration Console by clicking Settings. Some settings are marked as read-only (“R/O”), they can not be changed.

The settings are grouped in these sections:

Admin Console

AllowedLoginIPList

This is a comma separated list of IP addresses of the users that are allowed to login to the Admin Console.

If the list is empty, then there is no login restriction based on IP.

HttpsUsedByAdmin

Set to True if the Host Server Admin Console must be accessed using HTTPS.

MaxRecordsDisplayed

This setting determines the maximum number of records that may be retrieved from the database at any a time (e.g. when displaying user or space information on the Administration Console. This parameter may only be changed by a Superuser.

ServiceDisplayName

This name is displayed in the Host Admin Console. Initial is is set to the domain name of the Host Server. The name is used for display purposes only, and may be set to any value.

SessionTimeout

This is the idle time in seconds after which you are required to login to the Host Server Admin Console again.

ShowDeletedObjects

Set to True to display Spaces and other objects in the Administration Console that have the Deleted status.

API Settings

APIAccessList

A white list of IP addresses (separated by commas or spaces) of machines that are permitted to access the Host Server API. For example, the IP address of the host running the TeamDrive Registration Server Administration Console should be added here.

APIChecksumRequired

If set to True, then each call to the API must include a checksum hash, constructed using the API Hash defined in APISalt.

APILogEntryTimeout

API Log entries older than this value, in days, will be removed. If set to zero the API Log entries will never be removed.

APILogging

Set to True if API logging should be enabled. Every API access will be logged in the database table hostapilog.TD2APIRequests.

APIReturnSpaceNames

Set to True if Space names should be returned through the API. This requires the setting StoreSpaceNames to be set to True as well, otherwise this option has no effect.

APISalt

This is a unique character sequence that must be identical to the API Salt of the associated Registration Server.

Authentication

ExtAuthEnabled

Set to True to enable External Authentication. External Authentication allows the administrative users of the Host Server to be mananged in a central location, such as an LDAP server.

ExtAuthURL

This is the URL that is used by the Host Server to verify the login of a user, when using External Authentication. The Host Server adds two arguments when the URL is requested: username and password. The URL should reference a page that performs verification, and returns information about the user required by the Host Server. A generic example, and an LDAP example for performing External Authentication are provided with the Host Server distribution.

UseTwoFactorAuth

Set to True to enable 2-Factor Authentication via email for Superusers.

Client Settings

ClientPollFrequency

The interval in which Clients poll their Spaces for updates, in seconds. 0 or empty means the Clients will use their default.

EnableProxyCaching

When this value is set to True, the server will allow “getblob” calls without a timestamp. This means that calls from the TeamDrive Client to the Host Server will be cacheable because the URL will not constantly change.

In this case, the Host Server check whether the request has been sent via a downstream proxy. This is determined by checking the “Via” HTTP header. The setting NonCachingProxies is used to determine if the downstream proxies may be caching proxies.

If a caching proxy is found, then the Host Server will not redirect the request to an Object Store. The redirect must be avoided because Object Store URLs are authenticated in a way that makes them not cacheable. On the other hand, redirection is an optimisation. Requests that are not redirected must be served via the Host Server, which requires additional bandwidth and capacities on the Host Server. It is therefore important if there are downstream proxies such as a load balancer which do not perform caching then the should be listed in the NonCachingProxies setting in order to ensure a redirect is done whenever possible.

Note that if the timestamp is excluded from a call to the Host Server, then the URL can be used to repeat the call. As a result, the data can always be retrieved by anyone who has stored the URL, and as long as this setting is set to True. However, then security of the Space is not comprised by this as long as the caller does not posses the key with which data in the Space is encrypted.

This is not a problem when using HTTPS for the calls to the Host Server.

By default this value is False. This setting is new in version 3.7.1.

HttpsUsedByClients

Set to True if the TeanDrive Clients should use HTTPS to access the data stored in Spaces. By default this value is False because TLS (Transport Layer Security) is generally not required by TeamDrive as the data is end-to-end encrypted.

LogFileThreshold

This is the threshold (in bytes) after which a the Client last.log is renamed to a number log.

NonCachingProxies

This is a comma separated list of host names or pseudonyms of proxies that are downstream from the Host Server but do not cache any data. For example, this may be the name of the local load balancer.

Note that additional spaces in the list (for example, before or after a comma) will not be ignored. The server performs a “contains”, case-insensitive comparison to determine of a proxy is non-caching. For example, if an HTTP header contains the following proxies:

Via: HTTP/1.1 AWS;branch=z9hG4bKc3efe2ccb5263af2"
Via: HTTP/1.1 my.example.com:18386"

Setting NonCachingProxies to “EXAMPLE.COM,z9hG4bK”, will identify both proxies as non-caching.

If EnableProxyCaching is set to true, then setting this variable helps the Host Server to determine if a request may be cached or not. See EnableProxyCaching above.

SnapshotThreshold

The log threshold, in bytes, after which the Client will create a new snapshot of a Space, 0 or empty means the Client will use its default.

StatisticPollFactor

Multiple the ClientPollFrequency by this amount to determine the how often the client retrieves the statistics, 0 or empty means the client will use its default value of 5

TimeDiffTolerance

This is the maximum allowed difference in time between the Client and the Host Server. The value is given in seconds. Currently this setting only affects Clients using version 3 of the TeamDrive Protocol. Since the Client automatically synchronises its time with the server, the time difference should only be due to the time required to send a request from the Client to the Server.

Email Settings

EmailOriginHost

This is the host name of the system that will send the email.

EmailReplyToAddress

This is the email address that user will see as sender of the e-mail. And it is the email address that will be used if the user replies to the email. Normally a “no-reply” type email address is used, since the user is not intended to reply to email sent by the Hosting System.

EmailSenderAddress

This is the email address that will appear as sender in email envelope. If an email bounces, this address will be notified.

EmailSendTimeout

This is the timeout in seconds used when sending emails.

SMTPServerHost (R/O)

This is the host (and port) of the SMTP server used to send emails.

General Settings

DownloadContentType

This setting determined the HTTP content type downloaded encrypted Space data. This includes the log and file data that belongs to Spaces. It does not include downloaded public files, which use a content type that depends on the file type.

By default, this setting is empty. In this case, the content type used depends on the TeamDrive protocol version. The original TeamDrive protocol set the content to “text/plain” for encrypted log file data, and set no content type for encrypted file data.

The new TeamDrive protocol returns “application/octet-stream” by default. Whether the new protocol is used, defends on the client software. Please check the Client release notes in this regard.

There is normally no need to change this setting, unless a proxy or firewall is preventing the download of data. In this case, the following alternative values are recommended: “text/html”, “text/plain”, “application/x-binary” or “application/x-teamdrive”.

Note

Do not set this value to “application/json”. This content type is reserved for internal use.

EnforceTrafficLimit

When set to False, the traffic quota for all Depots will be considered unlimited. The value is True by default.

NotifyVolumeCriticalLevel

This is a percentage value, by default 90. When the disk usage of a Volume exceeds this level a critical notification email is sent.

NotifyVolumeEmail

The Hosting Service offers a notification service that will send an email when the disk usage of a volume exceeds predefined thresholds. In order to receive notifications, set this setting to the email address of the Administrator.

When email are sent depends in the settings NotifyVolumeWarningLevel and NotifyVolumeCriticalLevel.

NotifyVolumeWarningLevel

This is a percentage value, by default 75. When the disk usage of a Volume exceeds this level a warning notification email is sent.

ProviderCode

This is the 4-digit code of provider (distributor/tenant) under which this this Host Server is registered. This is a read-only setting that cannot be modified after the initial server setup.

RegistrationDeviceID

This is the ID returned by the Registration Server upon registration. It is the ID of the user under which the Host Server is registered. This setting cannot be changed.

RegServerName

The name of the Registration Server associated with this host. This value cannot be altered after registration.

RegServerURL

This is the URL used to access the Registration Server. This value may not be altered after registration.

RegServerRoot

The path to the Registration Server source code files.

ServerVersion

The current server version. This value cannot be changed.

ServiceHostURL

This is the Host URL used by the clients to create and access Space data. It can not be changed.

ServiceUniqueName

This is a unique name of the Hosting Service, consisting of the Host Server’s domain name and the associated Registration Server. This value can not be changed.

SpaceStatisticEnabled

Set to True if Space Statistics should be exported.

SpaceStatisticExportPath

This is the path for the files containing the exported Space Statistics, default is: ../docs/p1a/statistic/.

StoreSpaceNames

Set to True if the Host Server should store the names of Spaces defined by the user.

Logging

ModuleLogFile

The path and name of the Apache module (mod_pspace) log file. This file must be owned and writable by the system user the Apache HTTP Server runs under (e.g. apache).

ModuleLogLevel

This is the maximum level of logging of messages logged by the Apache module (mod_pspace). A higher number results in more verbose logging. Possible values are: 1 = Protocol, 2 = Error, 3 = Warning, 4 = Trace, 5 = Debug.

Object Store

HostServerBucketID

A unique ID used to ensure that multiple Host Servers cannot use the same bucket. This is a read-only setting that cannot be modified.

ImportS3tagFiles

This setting is set to True until all action tag files have been imported by the s3d Daemon, it has no effect when TSHS is enabled. It must be set manually to False when all action tag files have been imported.

MaxFileAge

This is the maximum age, in days, that a file normally transferred to the object store by the s3d Daemon can be before it is automatically transferred. Normally files are transferred just after they have been written, but if for some reason the file is not transferred this will trigger the transfer. This setting should be long enough to guarantee that no file will be transferred that is still in the process of being uploaded.

S3AccessKey

The access (public) key, used to access the specified bucket on an compatible object store.

If you have a running installation, and you need to change S3AccessKey as well as other setting such as S3SecretKey or S3Server at the same time, then follow this procedure:

  1. Stop the Apache HTTP service.

  2. Set S3SyncActive to False.

  3. Update all settings: S3AccessKey, S3SecretKey and S3Server as required.

  4. Set S3SyncActive to True.

    Note that when you do this, the Host Server will check the credentials you entered and only allow S3 to be activated if the credentials are correct.

  5. Start the Apache HTTP service.

S3ArchiveLogs

Set this value to True if the object store access logs used for calculating traffic are to be archived instead of deleted.

S3AuthTimeout

The number of seconds an authenticated query string is valid. Keeping this value high will improve the possibility for caching files in proxies. Reducing the value might cause traffic-limit problems if a proxy isn’t able to cache the file within the timeout period.

S3Brand

This setting specifies the type of object storage. Possible options are: Amazon, OpenStack or Azure.

S3DataBucketName

The name of the Bucket on the compatible object store that will contain the Space data

S3EnableRedirect

When S3 redirect is enabled, the Host Server will redirect the Client to download objects directly from the compatible object store, when appropriate. The alternative is that all downloads are performed via the Host Server (the Host Server acts like a Proxy that fetches data from the object store and forwards it to the Client).

S3LogBucketName

The bucket that contains the object store access log files. These log files are used to analyse and calculate traffic.

S3Options

S3 options control the way the compatible object store is accessed. For example, the number of parallel threads during upload, whether to use multipart uploads, etc.

S3ProcessedPath

If S3ArchiveLogs is set to True, then the logs stored in S3ToProcessPath are moved to this path, after they have been used to calculate traffic.

S3RedirectProtocol

This setting determines the protocol to be used for redirects to S3, permitted values are: client, http or https. Setting the value to client means that the protocol used will depending on the protocol of the TeamDrive Client request.

Note that if the S3Server setting specifies a full URL, with a protocol (e.g. “http://...” or “https://...”), then the value specified by S3RedirectProtocol is ignored. Redirects will always use protocol specified by the URL in S3Server setting.

S3SecretKey

The secret (private) key used to acces the specified bucket on the compatible object store.

If you have a running installation, and you need to change S3SecretKey as well as other setting such as S3AccessKey or S3Server at the same time, you need to first disable S3 synchronisation. Follow the procedure described here: S3AccessKey.

S3Server

This is the domain name of the compatible object store, e.g. s3.amazonaws.com or youraccount.blob.core.cloudapi.de. By default the HTTP protocol will be used. To change this, specify a full URL, including port if necessary, for eaxmple: https://youraccount.blob.core.cloudapi.de.

If you have a running installation, and you need to change S3Server as well as other setting such as S3AccessKey or S3SecretKey at the same time, you need to first disable S3 synchronisation. Follow the procedure described here: S3AccessKey.

S3SyncActive

Set to True when data stored by the Host Server (Space data) should be transferred to an compatible cloud storage. Transfer to the object store is possible from both Volume storage and TSHS.

S3ToProcessPath

The path in which the object store access logs are stored. The access logs are used to calculate traffic caused by direct downloads from object storage.

Outgoing Connections

UseProxy

Set this value to True in order to enable the use of a proxy for all outgoing connections of the Host Server.

ProxyHost

This is the domain name (or IP address) and port number of the proxy to be used for outgoing connections. If not set, the UseProxy setting will be ignored.

Note that this setting is used for both HTTP and HTTPS connections.

NoProxyList

This is a comma separated list of domains and IP addresses that are to be contacted without the use of a proxy.

ConnectionTimeout

The timeout in milliseconds when making outbound connections. The default is 10 seconds.

This setting should be set to a value less than NetworkTimeout.

NetworkTimeout

The timeout in milliseconds for an entire network operation, which includes the connection time, and the time to transfer all data. The default is 3 minute.

This setting should be set to a value greater than ConnectionTimeout.

Publishing

DefaultLanguage

This is the default language used if the browser specifies an unknown language. This setting is only used when the user requests public files from the Hosting Service. The value is used to select the correct language template for interaction with the user. See Customizing HTML templates for published files for further details.

ForceDownloadList

This is a comma separated list of content types and file suffixes that cause the Host Server to force a download of the file when it is published. This means file that files of this type are never displayed in the browser. Instead the user will be required to save the file to local storage.

By default, files containing HTML and XHTML content must be downloaded, rather then displayed in the browser. In addition, files with an unrecognised content type (that is, files with an unrecognised suffix) will also require downloaded.

Set this value to “*” in order to force the download of all files.

HttpsUsedByPublish

Set to True if published files must be uploaded and downloaded using HTTPS. This ensures that the file content cannot be intercepted in transit from the TeamDrive Client to the Host Server, and from the Host Server to the web client downloading the file.

The Host Server will generate an error if HttpsUsedByPublish is set to True, and a user attempts to download a published file using HTTP (instead of HTTPS).

PublishRedirectTimeout

The number of seconds a redirect URLs for published documents is valid.

PublicRewritesInstalled

Set this to True if the following rewrite rules for published files have been installed on apache:

RewriteRule ^/[a-z]*/public/(.*)$ /primespace/public/$1 [PT]
RewriteRule ^/[a-z]*/getpub/(.*)$ /primespace/getpub/$1 [PT]

Add these rules to the /etc/httpd/conf.d/td-hostserver.httpd.conf.ssl and /etc/httpd/conf.d/td-hostserver.httpd.conf files if they are not already included.

The rules are automatically installed on new installations of the Host Server.

When installed, the rules allow the TeamDrive client to generate published file URLs that differ in the first path component depending on the space. This helps to prevent disruption between spaces when published content undergoes restrictions.

Be default this value is False.

Resource Management Settings

The Host Server manages certain resources on behalf of the TeamDrive clients. This includes the automatic deletion of Read Notifications and Soft Locks when there expiry time is reached.

Note that the paths and names of the documents involved in resource management are encrypted and therefore unknown to the Host Server.

DefaultReadNotificationtMaxAge

Read Notifications inform users of a Space which documents have been opened, by which users, and what time the document was first opened.

This setting is the default maximum age for Read Notifications. it can be overridden by setting this value at the Space level. This can be done using the Admin Console or the TeamDrive Client. When this value is set to 0 (zero) at the Space level, the DefaultReadNotificationtMaxAge is used.

The default for this setting is 30 days.

Read Notification that exceed this age are automatically deleted.

DefaultSoftLockMaxAge

A “soft lock” is a warning to a user that a document may be in use by another user. Soft locks are automatically set by the TeamDrive client when a document is opened. And removed when the document is closed.

However, it is possible that TeamDrive is shutdown, before a document is closed. In the case the soft lock will be automatically removed by the Host Server

This setting is the maximum age for soft Locks, after the TeamDrive client that set the soft lock has been shutdown.

The default value is 2 hours, and should never be set to less than 1 hour, or locks may be removed incorrectly.

DefaultTemplateFooter

If not empty, this text will replace the [[FOOTER]] place holder in HTML templates used by the Host Server. This value is overwritten by the Depot specific tempalte footer.

DefaultTemplateHeader

If not empty, this text will replace the [[HEADER]] place holder in HTML templates used by the Host Server. This value is overwritten by the Depot specific tempalte header.

SpaceDeletionDelay

This is a delay in minutes (default: 24 hours) which is enforced when a space is deleted before it is actually removed from disk. This allows a space to be undeleted, if done within this time frame.

Snapshot Settings

ConsolidatePerDayAfter

This is the time in days before all Snapshots for one day are consolidated into a single Snapshot. This is done to reduce the number of Snapshots per Space. The default value is 30 days.

See Snapshot Consolidation for details.

ConsolidatePerMonthAfter

This is the time in days before all Snapshots for a month are consolidated into a single Snapshot. This is done to reduce the number of Snapshots per Space. The default value is 365 days.

See Snapshot Consolidation for details.

DefaultSnapshotFrequency

This is the default frequency of Snapshot Backups in minutes. By default this value is 240, which is 4 hours. This means that a Snapshot Backup is performed every 4 hours.

This value may be set at the Space level using the TeamDrive Client or the Host Server Admin Console. If set, then the global DefaultSnapshotFrequency is ignored and the Space level value is used instead.

The minimum Snapshot Frequency is 30 minutes.

DefaultSnapshotMaximumAge

This is the default maximum age of Snapshots in days. By default this value is 30 days. This means that Snapshot Backups older than 30 days are automatically deleted.

This value may be set at the Space level using the TeamDrive Client or the Host Server Admin Console. If set, then the global DefaultSnapshotMaximumAge is ignored and the Space level value is used instead.

The minimum value for this setting is 2 days.

EnableSnapshotsByDefault

This setting determines whether Snapshot Backups are enabled on Spaces by default or not. When a Space is created the TeamDrive Client may specify whether Snapshot Backups are enabled for the Space or not. If this information is not specified, then the EnableSnapshotsByDefault value is used, and Snapshots enabled at the Space level accordingly.

After an upgrade to version 3.7, the value of this setting will determine whether Snapshot Backups is enabled for existing Spaces or not.

Note

Ensure that you set this value as required before setting SnapshotsEnabled to True for the first time after upgrade (see SnapshotsEnabled below).

SnapshotsEnabled

Set to True to enable the Snapshot Backups for the server, in general. This setting is True by default in a new installation of the Host Server. On upgrade to version 3.7 of an existing Host Server installation, this value is set to False. This is to avoid enabling Snapshot backups on a system that previously did not perform Snapshot Backups.

Note

Ensure that you set EnableSnapshotsByDefault as required before setting SnapshotsEnabled to True for the first time after an upgrade to version 3.7. When SnapshotsEnabled is set to True for the first time, the EnableSnapshotsByDefault value is applied to every existing Space.

If False, the server will not create new Snapshot Backups. In this case the fact that Snapshots are enabled for certain Spaces is ignored.

Setting SnapshotsEnabled to False does not cause any existing Snapshots to be deleted. This still depends on whether Snapshots are enabled for a Space and the maximum allowed age of Snapshots for a Space.

TSHS Settings

TSHSEnabled

Set to True to enable TSHS (TeamDrive Scalable Hosting Storage). If changed, a restart of the Apache HTTP Server required.

TSHSExecutable

This is a reference to the tshs executable. This path must be set correctly if TSHS is enabled.

TSHSImportVolumes

This setting is set automatically when TSHS is enabled. It is set to True if Space data is stored on the Host Server Volumes when TSHS is enabled. It must be set manually to False when all data has been transfered from the Host Volumes to TSHS.

TSHSMyCnfFile

This is a reference to the my.cnf file that is used by TSHS. The my.cnf file must contain a group called [tshs] which specifies the connection to the TSHS Admin MySQL database.