Host Server Settings¶
This chapter lists and describes the available configuration options for the TeamDrive Host Server.
You can review and modify most of these via the TeamDrive Host Server Administration Console by clicking Settings. Some settings are marked as read-only (“R/O”), they can not be changed.
The settings are grouped in these sections:
Admin Console¶
AllowedLoginIPList¶
This is a comma separated list of IP addresses of the users that are allowed to login to the Admin Console.
If the list is empty, then there is no login restriction based on IP.
HttpsUsedByAdmin¶
Set to True
if the Host Server Admin Console must be accessed using HTTPS.
MaxRecordsDisplayed¶
This setting determines the maximum number of records that may be retrieved from the database at any a time (e.g. when displaying user or space information on the Administration Console. This parameter may only be changed by a Superuser.
ServiceDisplayName¶
This name is displayed in the Host Admin Console. Initial is is set to the domain name of the Host Server. The name is used for display purposes only, and may be set to any value.
SessionTimeout¶
This is the idle time in seconds after which you are required to login to the Host Server Admin Console again.
ShowDeletedObjects¶
Set to True
to display Spaces and other objects in the Administration
Console that have the Deleted status.
API Settings¶
APIAccessList¶
A white list of IP addresses (separated by commas or spaces) of machines that are permitted to access the Host Server API. For example, the IP address of the host running the TeamDrive Registration Server Administration Console should be added here.
APIChecksumRequired¶
If set to True
, then each call to the API must include a checksum hash,
constructed using the API Hash defined in APISalt
.
APILogEntryTimeout¶
API Log entries older than this value, in days, will be removed. If set to zero the API Log entries will never be removed.
APILogging¶
Set to True
if API logging should be enabled. Every API access will be
logged in the database table hostapilog.TD2APIRequests
.
APIReturnSpaceNames¶
Set to True
if Space names should be returned through the API. This
requires the setting StoreSpaceNames
to be set to True
as well,
otherwise this option has no effect.
APISalt¶
This is a unique character sequence that must be identical to the API Salt of the associated Registration Server.
Authentication¶
ExtAuthEnabled¶
Set to True
to enable External Authentication. External Authentication
allows the administrative users of the Host Server to be mananged in a central
location, such as an LDAP server.
ExtAuthURL¶
This is the URL that is used by the Host Server to verify the login of a user, when using External Authentication. The Host Server adds two arguments when the URL is requested: username and password. The URL should reference a page that performs verification, and returns information about the user required by the Host Server. A generic example, and an LDAP example for performing External Authentication are provided with the Host Server distribution.
UseTwoFactorAuth¶
Set to True
to enable 2-Factor Authentication via email for Superusers.
Client Settings¶
ClientPollFrequency¶
The interval in which Clients poll their Spaces for updates, in seconds. 0 or empty means the Clients will use their default.
EnableProxyCaching¶
When this value is set to True
, the server will allow “getblob” calls
without a timestamp. This means that calls from the TeamDrive Client
to the Host Server will be cacheable because the URL will not constantly
change.
In this case, the Host Server check whether the request has been sent
via a downstream proxy. This is determined by checking the “Via” HTTP
header. The setting NonCachingProxies
is used to determine if the
downstream proxies may be caching proxies.
If a caching proxy is found, then the Host Server will not redirect the
request to an Object Store. The redirect must be avoided because Object Store
URLs are authenticated in a way that makes them not cacheable. On the other
hand, redirection is an optimisation. Requests that are not redirected must
be served via the Host Server, which requires additional bandwidth and
capacities on the Host Server. It is therefore important if there are
downstream proxies such as a load balancer which do not perform caching
then the should be listed in the NonCachingProxies
setting in order
to ensure a redirect is done whenever possible.
Note that if the timestamp is excluded from a call to the Host Server, then
the URL can be used to repeat the call. As a result, the data can always
be retrieved by anyone who has stored the URL, and as long as this setting
is set to True
. However, then security of the Space is not comprised
by this as long as the caller does not posses the key with which data in the
Space is encrypted.
This is not a problem when using HTTPS for the calls to the Host Server.
By default this value is False
. This setting is new in version 3.7.1.
HttpsUsedByClients¶
Set to True
if the TeanDrive Clients should use HTTPS to access the data
stored in Spaces. By default this value is False
because TLS (Transport
Layer Security) is generally not required by TeamDrive as the data is
end-to-end encrypted.
LogFileThreshold¶
This is the threshold (in bytes) after which a the Client last.log
is
renamed to a number log.
NonCachingProxies¶
This is a comma separated list of host names or pseudonyms of proxies that are downstream from the Host Server but do not cache any data. For example, this may be the name of the local load balancer.
Note that additional spaces in the list (for example, before or after a comma) will not be ignored. The server performs a “contains”, case-insensitive comparison to determine of a proxy is non-caching. For example, if an HTTP header contains the following proxies:
Via: HTTP/1.1 AWS;branch=z9hG4bKc3efe2ccb5263af2"
Via: HTTP/1.1 my.example.com:18386"
Setting NonCachingProxies
to “EXAMPLE.COM,z9hG4bK”, will identify both proxies
as non-caching.
If EnableProxyCaching
is set to true
, then setting this variable helps
the Host Server to determine if a request may be cached or not. See
EnableProxyCaching above.
SnapshotThreshold¶
The log threshold, in bytes, after which the Client will create a new snapshot of a Space, 0 or empty means the Client will use its default.
StatisticPollFactor¶
Multiple the ClientPollFrequency
by this amount to determine the how often
the client retrieves the statistics, 0 or empty means the client will use its
default value of 5
TimeDiffTolerance¶
This is the maximum allowed difference in time between the Client and the Host Server. The value is given in seconds. Currently this setting only affects Clients using version 3 of the TeamDrive Protocol. Since the Client automatically synchronises its time with the server, the time difference should only be due to the time required to send a request from the Client to the Server.
Email Settings¶
EmailOriginHost¶
This is the host name of the system that will send the email.
EmailReplyToAddress¶
This is the email address that user will see as sender of the e-mail. And it is the email address that will be used if the user replies to the email. Normally a “no-reply” type email address is used, since the user is not intended to reply to email sent by the Hosting System.
EmailSenderAddress¶
This is the email address that will appear as sender in email envelope. If an email bounces, this address will be notified.
EmailSendTimeout¶
This is the timeout in seconds used when sending emails.
SMTPServerHost (R/O)¶
This is the host (and port) of the SMTP server used to send emails.
General Settings¶
DownloadContentType¶
This setting determined the HTTP content type downloaded encrypted Space data. This includes the log and file data that belongs to Spaces. It does not include downloaded public files, which use a content type that depends on the file type.
By default, this setting is empty. In this case, the content type used depends on the TeamDrive protocol version. The original TeamDrive protocol set the content to “text/plain” for encrypted log file data, and set no content type for encrypted file data.
The new TeamDrive protocol returns “application/octet-stream” by default. Whether the new protocol is used, defends on the client software. Please check the Client release notes in this regard.
There is normally no need to change this setting, unless a proxy or firewall is preventing the download of data. In this case, the following alternative values are recommended: “text/html”, “text/plain”, “application/x-binary” or “application/x-teamdrive”.
Note
Do not set this value to “application/json”. This content type is reserved for internal use.
EnforceTrafficLimit¶
When set to False
, the traffic quota for all Depots will be considered
unlimited. The value is True
by default.
NotifyVolumeCriticalLevel¶
This is a percentage value, by default 90. When the disk usage of a Volume exceeds this level a critical notification email is sent.
NotifyVolumeEmail¶
The Hosting Service offers a notification service that will send an email when the disk usage of a volume exceeds predefined thresholds. In order to receive notifications, set this setting to the email address of the Administrator.
When email are sent depends in the settings NotifyVolumeWarningLevel
and NotifyVolumeCriticalLevel
.
NotifyVolumeWarningLevel¶
This is a percentage value, by default 75. When the disk usage of a Volume exceeds this level a warning notification email is sent.
ProviderCode¶
This is the 4-digit code of provider (distributor/tenant) under which this this Host Server is registered. This is a read-only setting that cannot be modified after the initial server setup.
RegistrationDeviceID¶
This is the ID returned by the Registration Server upon registration. It is the ID of the user under which the Host Server is registered. This setting cannot be changed.
RegServerName¶
The name of the Registration Server associated with this host. This value cannot be altered after registration.
RegServerURL¶
This is the URL used to access the Registration Server. This value may not be altered after registration.
RegServerRoot¶
The path to the Registration Server source code files.
ServerVersion¶
The current server version. This value cannot be changed.
ServiceHostURL¶
This is the Host URL used by the clients to create and access Space data. It can not be changed.
ServiceUniqueName¶
This is a unique name of the Hosting Service, consisting of the Host Server’s domain name and the associated Registration Server. This value can not be changed.
SpaceStatisticEnabled¶
Set to True
if Space Statistics should be exported.
SpaceStatisticExportPath¶
This is the path for the files containing the exported Space Statistics,
default is: ../docs/p1a/statistic/
.
StoreSpaceNames¶
Set to True
if the Host Server should store the names of Spaces defined by
the user.
Logging¶
ModuleLogFile¶
The path and name of the Apache module (mod_pspace
) log file. This file
must be owned and writable by the system user the Apache HTTP Server runs
under (e.g. apache
).
ModuleLogLevel¶
This is the maximum level of logging of messages logged by the Apache module
(mod_pspace
). A higher number results in more verbose logging. Possible
values are: 1 = Protocol, 2 = Error, 3 = Warning, 4 = Trace, 5 = Debug.
Object Store¶
HostServerBucketID¶
A unique ID used to ensure that multiple Host Servers cannot use the same bucket. This is a read-only setting that cannot be modified.
ImportS3tagFiles¶
This setting is set to True
until all action tag files have been
imported by the s3d Daemon, it has no effect when TSHS is enabled. It must be
set manually to False
when all action tag files have been imported.
MaxFileAge¶
This is the maximum age, in days, that a file normally transferred to the object store by the s3d Daemon can be before it is automatically transferred. Normally files are transferred just after they have been written, but if for some reason the file is not transferred this will trigger the transfer. This setting should be long enough to guarantee that no file will be transferred that is still in the process of being uploaded.
S3AccessKey¶
The access (public) key, used to access the specified bucket on an compatible object store.
If you have a running installation, and you need to change S3AccessKey
as well as other setting such as S3SecretKey
or S3Server
at the
same time, then follow this procedure:
Stop the Apache HTTP service.
Set
S3SyncActive
toFalse
.Update all settings:
S3AccessKey
,S3SecretKey
andS3Server
as required.Set
S3SyncActive
toTrue
.Note that when you do this, the Host Server will check the credentials you entered and only allow S3 to be activated if the credentials are correct.
Start the Apache HTTP service.
S3ArchiveLogs¶
Set this value to True
if the object store access logs used for
calculating traffic are to be archived instead of deleted.
S3AuthTimeout¶
The number of seconds an authenticated query string is valid. Keeping this value high will improve the possibility for caching files in proxies. Reducing the value might cause traffic-limit problems if a proxy isn’t able to cache the file within the timeout period.
S3Brand¶
This setting specifies the type of object storage. Possible options are: Amazon, OpenStack or Azure.
S3DataBucketName¶
The name of the Bucket on the compatible object store that will contain the Space data
S3EnableRedirect¶
When S3 redirect is enabled, the Host Server will redirect the Client to download objects directly from the compatible object store, when appropriate. The alternative is that all downloads are performed via the Host Server (the Host Server acts like a Proxy that fetches data from the object store and forwards it to the Client).
S3LogBucketName¶
The bucket that contains the object store access log files. These log files are used to analyse and calculate traffic.
S3Options¶
S3 options control the way the compatible object store is accessed. For example, the number of parallel threads during upload, whether to use multipart uploads, etc.
S3ProcessedPath¶
If S3ArchiveLogs
is set to True
, then the logs stored in
S3ToProcessPath
are moved to this path, after they have been used to
calculate traffic.
S3RedirectProtocol¶
This setting determines the protocol to be used for redirects to S3, permitted
values are: client
, http
or https
. Setting the value to client
means that the protocol used will depending on the protocol of the TeamDrive
Client request.
Note that if the S3Server
setting specifies a full URL, with a protocol
(e.g. “http://...” or “https://...”), then the value specified by
S3RedirectProtocol
is ignored. Redirects will always use protocol specified
by the URL in S3Server
setting.
S3SecretKey¶
The secret (private) key used to acces the specified bucket on the compatible object store.
If you have a running installation, and you need to change S3SecretKey
as well as other setting such as S3AccessKey
or S3Server
at the
same time, you need to first disable S3 synchronisation. Follow the
procedure described here: S3AccessKey.
S3Server¶
This is the domain name of the compatible object store, e.g.
s3.amazonaws.com
or youraccount.blob.core.cloudapi.de
. By default
the HTTP protocol will be used. To change this, specify a full URL, including
port if necessary, for eaxmple: https://youraccount.blob.core.cloudapi.de
.
If you have a running installation, and you need to change S3Server
as well as other setting such as S3AccessKey
or S3SecretKey
at the
same time, you need to first disable S3 synchronisation. Follow the
procedure described here: S3AccessKey.
S3SyncActive¶
Set to True
when data stored by the Host Server (Space data) should be
transferred to an compatible cloud storage. Transfer to the object store is
possible from both Volume storage and TSHS.
S3ToProcessPath¶
The path in which the object store access logs are stored. The access logs are used to calculate traffic caused by direct downloads from object storage.
Outgoing Connections¶
UseProxy¶
Set this value to True
in order to enable the use of a proxy for all
outgoing connections of the Host Server.
ProxyHost¶
This is the domain name (or IP address) and port number of the proxy to
be used for outgoing connections. If not set, the UseProxy
setting
will be ignored.
Note that this setting is used for both HTTP and HTTPS connections.
NoProxyList¶
This is a comma separated list of domains and IP addresses that are to be contacted without the use of a proxy.
ConnectionTimeout¶
The timeout in milliseconds when making outbound connections. The default is 10 seconds.
This setting should be set to a value less than NetworkTimeout
.
NetworkTimeout¶
The timeout in milliseconds for an entire network operation, which includes the connection time, and the time to transfer all data. The default is 3 minute.
This setting should be set to a value greater than ConnectionTimeout
.
Publishing¶
DefaultLanguage¶
This is the default language used if the browser specifies an unknown language. This setting is only used when the user requests public files from the Hosting Service. The value is used to select the correct language template for interaction with the user. See Customizing HTML templates for published files for further details.
EnableDirectLink¶
Normally, access to published (public) files us provided via an intermediate page which is specified “public-redirect.html” template file (see Customizing HTML templates for published files).
The “direct link” functionality allows a published URL to bypass this page, allowing files to be directly downloaded by a browser. This can be enabled by adding the “dl=1” argument to the public URL.
The EnableDirectLink
setting determines whether the direct link functionality is
enabled or not. By default this setting is set to True
.
Note that allowed direct links can be a security risk because it allows user to publish complete web-site link content.
ForceDownloadList¶
This is a comma separated list of content types and file suffixes that cause the Host Server to force a download of the file when it is published. This means file that files of this type are never displayed in the browser. Instead the user will be required to save the file to local storage.
By default, files containing HTML and XHTML content must be downloaded, rather then displayed in the browser. In addition, files with an unrecognised content type (that is, files with an unrecognised suffix) will also require downloaded.
Set this value to “*” in order to force the download of all files.
HttpsUsedByPublish¶
Set to True
if published files must be uploaded and downloaded using
HTTPS. This ensures that the file content cannot be intercepted in transit
from the TeamDrive Client to the Host Server, and from the Host Server to the
web client downloading the file.
The Host Server will generate an error if HttpsUsedByPublish
is set
to True
, and a user attempts to download a published file using HTTP
(instead of HTTPS).
PublishRedirectTimeout¶
The number of seconds a redirect URLs for published documents is valid.
PublicRewritesInstalled¶
Set this to True
if the following rewrite rules for published files
have been installed on apache:
RewriteRule ^/[a-z]*/public/(.*)$ /primespace/public/$1 [PT]
RewriteRule ^/[a-z]*/getpub/(.*)$ /primespace/getpub/$1 [PT]
Add these rules to the /etc/httpd/conf.d/td-hostserver.httpd.conf.ssl
and
/etc/httpd/conf.d/td-hostserver.httpd.conf
files if they are not already
included.
The rules are automatically installed on new installations of the Host Server.
When installed, the rules allow the TeamDrive client to generate published file URLs that differ in the first path component depending on the space. This helps to prevent disruption between spaces when published content undergoes restrictions.
Be default this value is False
.
Resource Management Settings¶
The Host Server manages certain resources on behalf of the TeamDrive clients. This includes the automatic deletion of Read Notifications and Soft Locks when there expiry time is reached.
Note that the paths and names of the documents involved in resource management are encrypted and therefore unknown to the Host Server.
DefaultReadNotificationtMaxAge¶
Read Notifications inform users of a Space which documents have been opened, by which users, and what time the document was first opened.
This setting is the default maximum age for Read Notifications. it can
be overridden by setting this value at the Space level. This can be done
using the Admin Console or the TeamDrive Client. When this value is set to
0 (zero) at the Space level, the DefaultReadNotificationtMaxAge
is used.
The default for this setting is 30 days.
Read Notification that exceed this age are automatically deleted.
DefaultSoftLockMaxAge¶
A “soft lock” is a warning to a user that a document may be in use by another user. Soft locks are automatically set by the TeamDrive client when a document is opened. And removed when the document is closed.
However, it is possible that TeamDrive is shutdown, before a document is closed. In the case the soft lock will be automatically removed by the Host Server
This setting is the maximum age for soft Locks, after the TeamDrive client that set the soft lock has been shutdown.
The default value is 2 hours, and should never be set to less than 1 hour, or locks may be removed incorrectly.
DefaultTemplateHeader¶
If not empty, this text will replace the [[HEADER]]
place holder in HTML
templates used by the Host Server. This value is overwritten by the
Depot specific tempalte header.
SpaceDeletionDelay¶
This is a delay in minutes (default: 24 hours) which is enforced when a space is deleted before it is actually removed from disk. This allows a space to be undeleted, if done within this time frame.
Snapshot Settings¶
ConsolidatePerDayAfter¶
This is the time in days before all Snapshots for one day are consolidated into a single Snapshot. This is done to reduce the number of Snapshots per Space. The default value is 30 days.
See Snapshot Consolidation for details.
ConsolidatePerMonthAfter¶
This is the time in days before all Snapshots for a month are consolidated into a single Snapshot. This is done to reduce the number of Snapshots per Space. The default value is 365 days.
See Snapshot Consolidation for details.
DefaultSnapshotFrequency¶
This is the default frequency of Snapshot Backups in minutes. By default this value is 240, which is 4 hours. This means that a Snapshot Backup is performed every 4 hours.
This value may be set at the Space level using the TeamDrive Client or
the Host Server Admin Console. If set, then the global DefaultSnapshotFrequency
is ignored and the Space level value is used instead.
The minimum Snapshot Frequency is 30 minutes.
DefaultSnapshotMaximumAge¶
This is the default maximum age of Snapshots in days. By default this value is 30 days. This means that Snapshot Backups older than 30 days are automatically deleted.
This value may be set at the Space level using the TeamDrive Client or
the Host Server Admin Console. If set, then the global DefaultSnapshotMaximumAge
is ignored and the Space level value is used instead.
The minimum value for this setting is 2 days.
EnableSnapshotsByDefault¶
This setting determines whether Snapshot Backups are enabled on Spaces by
default or not. When a Space is created the TeamDrive Client may specify
whether Snapshot Backups are enabled for the Space or not. If this
information is not specified, then the EnableSnapshotsByDefault
value
is used, and Snapshots enabled at the Space level accordingly.
After an upgrade to version 3.7, the value of this setting will determine whether Snapshot Backups is enabled for existing Spaces or not.
Note
Ensure that you set this value as required before setting
SnapshotsEnabled
to True
for the first time after upgrade (see
SnapshotsEnabled below).
SnapshotsEnabled¶
Set to True
to enable the Snapshot Backups for the server, in general.
This setting is True
by default in a new installation of the Host Server. On
upgrade to version 3.7 of an existing Host Server installation, this value is
set to False
. This is to avoid enabling Snapshot backups on a system that
previously did not perform Snapshot Backups.
Note
Ensure that you set EnableSnapshotsByDefault
as required before
setting SnapshotsEnabled
to True
for the first time after an
upgrade to version 3.7. When SnapshotsEnabled
is set to True
for the first time, the EnableSnapshotsByDefault
value is applied
to every existing Space.
If False
, the server will not create new Snapshot Backups. In this case
the fact that Snapshots are enabled for certain Spaces is ignored.
Setting SnapshotsEnabled
to False
does not cause any existing Snapshots
to be deleted. This still depends on whether Snapshots are enabled for a Space
and the maximum allowed age of Snapshots for a Space.
TSHS Settings¶
TSHSEnabled¶
Set to True
to enable TSHS (TeamDrive Scalable Hosting Storage). If
changed, a restart of the Apache HTTP Server required.
TSHSExecutable¶
This is a reference to the tshs
executable. This path must be set
correctly if TSHS is enabled.
TSHSImportVolumes¶
This setting is set automatically when TSHS is enabled. It is set to True
if
Space data is stored on the Host Server Volumes when TSHS is enabled. It must
be set manually to False
when all data has been transfered from the Host
Volumes to TSHS.
TSHSMyCnfFile¶
This is a reference to the my.cnf
file that is used by TSHS. The
my.cnf
file must contain a group called [tshs]
which specifies the
connection to the TSHS Admin MySQL database.