Web Portal Settings¶
This chapter lists and describes the available configuration options for the TeamDrive Web Portal.
You can review and modify most of these via the TeamDrive Web Portal Admin Console by clicking Settings. Some settings are marked as read-only (“R/O”), they can not be changed.
The settings are grouped into sections:
Admin Console¶
ExtAuthEnabled¶
Set this value to True
to enable external authentication for the
Administration Console. This should not be confued with the use of
external authentication used by users of the Web Portal. See
Administrator Login using External Authentication for details.
ExtAuthURL¶
This is the URL that is used by the Web Portal to verify the login of an Administrator, when using External Authentication. See Administrator Login using External Authentication for details.
ForceHTTPSUsage¶
Set to True
if the Web Portal Admin Console must be accessed using
HTTPS.
Language¶
This is the default language used by the Web Portal Admin Console.
MaxRecordsDisplayed¶
This setting determines the maximum number of records that may be retrieved from the database at any time. This parameter may only be changed by a Superuser.
SessionTimeout¶
This is the idle time in seconds after which you are required to login to the Web Portal Admin Console again.
UseTwoFactorAuth¶
Set to True
to enable two-factor authentication for Superusers.
Note that this setting only applies to the user of the Web Portal Admin Console. The setting has nothing to do with the use of two-facter authentication used by the users of the portal. This is described in the section: How to Enable Two-Factor Authentication.
API¶
APIAccessList¶
A list of IPs which are allowed to access the API of the Web Portal.
APIChecksumSalt¶
To detect “man in the middle” attacks when sending API requests to the Web Portal, a random “salt value” is generated during the initial installation. The sender must add this salt value to his request before calculating the MD5 hash value of the API request content which will be sent to the Web Portal.
The checksum will be included in the URL, so that the Web Portal can check if the content was modified during the transport.
This setting is read-only and can not be changed via the Admin web interface.
Authentication¶
AuthLoginPageURL¶
This is URL of the login page which is used to login using the external Authentication Service. See Configuring Active Directory / LDAP Authentication Services for details.
When AuthServiceEnabled
is True
, the Web Portal login page:
https://webportal.yourdomain.com/portal/login.html
, redirects
to the page specified by this setting.
If AuthServiceEnabled
is True
, but this setting has no
value, then the Portal Login page provided by the Registration
Server (version 3.6 or later) is used by default.
The Registration Server Portal Login page also allows the
use of Two-factor authentication using the Google Authentication
App. In this case, Two-factor authentication can be setup using
the page: https://webportal.yourdomain.com/portal/setup-2fa.html
,
which redirects to the web-page that provides this service
on the Registration Server.
The Registration Server Portal pages are customisable using the templates provided. Details are available in the Registration Server documentation.
AuthServiceEnabled¶
Since version 2.0.5 of the Web Portal, the setting is only required if you want to use a specific Authentication Service.
If AuthServiceEnabled
is False
the Web Portal automatically
uses external authentication as required by the user, provided you are using
TeamDrive Agent 4.6.11.2656 or later (WEBCLIENT-335).
The 4.6.11.2656 agent, first requires the user to enter an email (or username), and then based on this input the user is directed to the standard TeamDrive login, or the user’s external authentication service.
Note that the domain of the Web Portal must be registered with all
External Authentication services used by the user of the portal.
This is done by adding the domain of the Web Portal to the
$allowed_origins
configuration setting of the external service.
If your external authentication service does not support this configuration parameter, then it will need to be updated.
When RegistrationEnabled
is set to True
, you must ensure
that AuthLoginPageURL
(see AuthLoginPageURL) and
AuthTokenVerifyURL
(AuthTokenVerifyURL) are set correctly.
In this case the Web Portal will use the external authentication service specified by these settings. Only users of this authentication service may then login.
See Configuring Active Directory / LDAP Authentication Services for further using external authentication services.
AuthTokenVerifyURL¶
This URL is used to verify the token returned by the Authentication Service after success login by a TeamDrive user. See Configuring Active Directory / LDAP Authentication Services for details.
By default, this setting is set to the Registration Server Portal
verification URL: https://<reg-server-domain>/portal/verify.html
LicenseBuyURL¶
This URL will be displayed for a user, if LicenseProfessionalRequired is set and the user has no professional license.
LicenseProfessionalRequired¶
Login at the Web Portal requires a professional license for the user.
RegistrationEnabled¶
Set to True
in order to allow users to register directly From
the Web Portal. By default this value is set to False
.
The setting RegistrationURL
(see RegistrationURL) specifies the
URL that provides the registration page.
When RegistrationEnabled
is set to True
there are 2 possibilities,
depending on whether AuthServiceEnabled
(AuthServiceEnabled) is
set to True
or False
.
If AuthServiceEnabled
is True
, then registration uses the external
Authentication Service mechanism which results in the user being logged-in,
immediately after registration.
When AuthServiceEnabled
is True
, it is possible to use the
customisable registration page provided by the Registration Server
(version 3.6 or later). In this case RegistrationURL
must not be set
(see RegistrationURL) .
If AuthServiceEnabled
is False
, then the TeamDrive Agent Web-GUI
provides a “Register Now” button which references this page specified by
RegistrationURL
, in the login dialog.
In this case, the page referenced by RegistrationURL
is a custom
developed web-page which performs registration using the Registration
Server API and then redirects to the Web Portal login page:
https://webportal.yourdomain.com/portal/login.html
.
RegistrationURL¶
This URL references a Web-page where a user can register as a TeamDrive user. Alternatively, if an external Authentication Service is being used this page allows users to register with this service.
This page will only be used of RegistrationEnabled
is set to True
.
The Web Portal register page:
https://webportal.yourdomain.com/portal/register.html
, automatically
redirects to the page.
If RegistrationEnabled
is True
, but this setting has no
value, then the Portal Registration page provided by the Registration
Server (version 3.6 or later) is used by default. In this case,
AuthServiceEnabled
(see AuthServiceEnabled) must be set to True
.
If RegistrationEnabled
is True
and AuthServiceEnabled
is False
then this setting must reference a custom developed web-page which performs
registration using the Registration Server API and then redirects to the
Web Portal login page: https://webportal.yourdomain.com/portal/login.html
.
UseEmbeddedLogin¶
This setting determines whether the Web Portal uses the embedded, or non-embedded form of external login / registration.
External authentication can be embedded in the TeamDrive Web GUI, or can the
external authentication pages can be used directly. Set UseEmbeddedLogin
to True
in order to use the embedded login form.
By default, UseEmbeddedLogin
is set to False
if you upgrade from
a previous version of the Web Portal that was using external authentication,
otherwise, the default is True
.
Accessing the Web Portal domain, for example: https://webportal.yourdomain.com
,
will automatically present the login in the embedded or non-embedded form, as
specified by UseEmbeddedLogin
.
You can now use “explicit” links to the login page in order to set the default provider code and language, for the login or registration.
For the non-embedded login form use the following explicit link:
https://webportal.yourdomain.com/portal/login.html?dist=CODE&lang=LG
and for the embedded login form use the following explicit link:
https://webportal.yourdomain.com/extauth/login.html?dist=CODE&lang=LG
where CODE
is the provider code, and LG
is the language code, for
example en
or de
.
Note that the external authentication service must be able to handle the specified provider code and language.
Docker Settings¶
ContainerDatabases¶
This setting allows you to specify an alternative path for the SQLite
databases used by the containers. If empty (the default value) then the
SQLite database is placed with the rest of the data in the ContainerRoot
directory.
When specified, the user-specific directory in this location will be mounted in the container under the path: “/teamdrive/dbs”. However, this path will only be used if you build a new image using the TeamDrive Agent version 4.6.12.2637 or later.
This version of the client supports the “–database-path” option which
allows you to specify an alternative path for the SQLite database. When
ContainerDatabases
is set, the image build process will automatically
add this option to the start parameters of the agent (see @USEDATABASEPATH
in the BuildDockerfile
setting).
ContainerHosts¶
Specify a list of hosts and IP addresses that should be added to the “/etc/hosts” file of the container when it is started.
Use the same format as used in the “/etc/hosts”, for example:
192.168.2.101 my.host.org alt.host.org
192.168.30.30 our.server.com
You can also use ;
or ,
in order to separate lines, for example:
192.168.2.101 my.host.org alt.host.org;192.168.30.30 our.server.com
The Docker “ExtraHosts” parameter is used to add the hosts specified here to the contaner on startup, so changes only take effect if a container is re-created.
ContainerIdleTimeout¶
This is a timeout value in seconds that determines when the TeamDrive Agent running in a container will automatically shutdown, stopping the container. The default value is 15 minutes. This results in the user of the container loosing their session information, and login is required on the next access.
The value set here specifies the value of the idle-shutdown-timeout
client
setting (see ClientSettings), which is written to the teamdrive.ini
file.
If a SharedIniPath
is specified then changes to this setting take affect when
a container is restarted. Otherwise the Docker container image must be rebuilt
for changes to take effect (see SharedIniPath for a description of why this
is the case).
ContainerImage¶
This is the name of the image that must be used when creating a new container. See Upgrading the Database Structure and Docker Container Image for details.
Note that if the MinimumAgentVersion
specifies a TeamDrive agent
version that is higher than the version of the Agent specified
by ContainerImage
, then the container image used will be
determined by MinimumAgentVersion
.
ContainerRoot¶
This is the absolute path that reference the directory in which all containers will store their user data.
Data in this location is stored in a sub-directory for each container. The sub-directory name is the username of the user of the container.
This user-specific directory is mounted in the container under the “/teamdrive/data” directory, which ensures that containers cannot access the data of other users.
ContainerStorageTimeout¶
This is the time, in minutes, that a container must be idle before its storage is removed. Zero means that the container storage is never deleted. See Upgrading the Database Structure and Docker Container Image for details.
CurrentGUIVersion¶
The version of the installed GUI package. The update process will retrieve
or build a new Docker container (see update process for details). The GUI
package will be extracted from this container and the HTML pages, images
and javascript code will be located in the apache document root. The GUI
version should be identical to the ContainerImage
version.
DockerHost¶
This is the host name and port of the Docker daemon which runs the containers. See Installing Docker for details.
MinDockerDataSpaceAvailable¶
A minimum value in GB for the available Docker data space on the storage (see https://docs.docker.com/storage/storagedriver/overlayfs-driver/) If the minimum value is reached, no more Docker container for new users will be created. Set to 0 to disable checking the available Docker data space.
MinDockerMetaDataSpaceAvailable¶
A minimum value in GB for the available Docker meta data space on the storage (see https://docs.docker.com/storage/storagedriver/overlayfs-driver/) If the minimum value is reached, no more Docker container for new users will be created. Set to 0 to disable checking the available Docker meta data space.
MinimumAgentVersion¶
This setting is specifies the minimum TeamDrive Agent version that is
required by the Web Portal. The setting may not be modified. If The
current image used by containers has a Agent version that is earlier
than MinimumAgentVersion
, then upgrade of the containers will be
forced by the Web Portal. This means that users may experience a
spontaneous logout.
Following upgrade, ContainerImage
will be set to the required
image.
MaxActiveContainer¶
A parameter to limit the currently active users. Set to 0 to disable the limitation.
OldImageRemovalTime¶
Use this setting to specify when containers with old images should be
removed. You can set it to “now”, to remove the containers immediately, if
set to “never”, then containers are only removed if the OldImageTimeout
is
exceeded. This value can also be set to a time (e.g. 03:00, format: hh:mm),
or a date (format YYYY-MM-DD hh:mm). Note, if RemoveOldImages is False
,
this setting is ignored. See Upgrading the Database Structure and Docker Container Image for details.
OldImageTimeout¶
This is the time, in seconds, that a container with an old image must be
idle before it is removed. Zero means the container is removed, even if
it is running. Note, if RemoveOldImages
is False
, this setting is ignored.
See Upgrading the Database Structure and Docker Container Image for details.
RemoveIdleContainerTime¶
This is the time, in seconds, that a container must be idle before it is removed. Zero means that containers are never removed. See Upgrading the Database Structure and Docker Container Image for details.
RemoveOldImages¶
Set to True
if containers running an old image (i.e. not equal to
ContainerImage) should be removed. See Upgrading the Database Structure and Docker Container Image for
details.
Email Settings¶
EmailOriginHost¶
Specify the domain of the origin host, for emails sent by the server. See Enabling Two-Factor Authentication for Administrators for details.
EmailSendTimeout¶
Timeout in seconds, when sending an email. See Enabling Two-Factor Authentication for Administrators for details.
EmailReplyToAddress¶
This is the email address that will appear in the Reply-To header of the email, and will be used by the email client if the user attempts to reply to emails sent by the Web Portal. See Enabling Two-Factor Authentication for Administrators for details.
EmailSenderAddress¶
The email address of the sender. This address is not directly visible to the email receiver. If an email bounces, a message will be sent to this address. See Enabling Two-Factor Authentication for Administrators for details.
EmailSettingsToConfirm¶
A hash of the email settings that need to be confirmed before saving. See Enabling Two-Factor Authentication for Administrators for details.
SMTPServerHost¶
Domain name (and port) of the SMTP server used to send emails. See Enabling Two-Factor Authentication for Administrators for details.
General Settings¶
AllowedProviders¶
This is a list of Provider codes of the users that may login to the Portal. If empty, any user may login to the Portal.
Note
Changes to the list will not be recognized by running container instances. You have to stop all running instances manually.
ClientSettings¶
This is a list of settings for the TeamDrive Agent running in all
containers belonging to the Web Portal. In addition to these settings,
the Web Portal automatically sets sqlite-synchronous=normal
and
idle-shutdown-timeout
(which depends on the value of ContainerIdleTimeout
).
If the setting SharedIniPath
(see SharedIniPath) is empty, then the
client settings are added to the “/etc/teamdrive.ini” file which is built
into the Docker container image.
If SharedIniPath
is not empty, the then client settings are written to
the teamdrive.ini
file created in the directory specified by SharedIniPath
.
This means if the client settings are changed, then they only take effect
when the container is rebuild, if``SharedIniPath`` is not specified. If
a SharedIniPath
is given, then the client setting changes take effect when
a container is restarted.
MaxLoginRate¶
This is the maximum number of logins to the Web Portal within one minute. The default value is 20. The logins are averaged over 10 minutes so it is possible to exceed this number in bursts.
The object of this setting is to prevent Denial Service and other brute force attacks against the Web Portal login, by automated systems.
As a result, only IP numbers used more than 4 times over the last 10 minutes count towards the total. This means that a login from a little-userd IP address is not subject to this restriction.
If the rate is exceeded, the users will get an error message that login has been temporarily disable for security reasons, and that they should try again in a few minutes.
In addition, an email is sent to the administrators of the Web Portal, specifying the current login rate. This helps administrators to identify attacks on the Web Portal login.
MaxLoginLogAge¶
The Web Portal keeps a log of the logins, which includes the login name, and the IP address of the user. This setting specifies how long the log entries are preserved. By default this is 48 hours.
The purpose of the log is to detect possible abuse or denial of service attacks aimed at the Web Portal.
PrimaryRegistrationServer¶
Web Portals can be connected to a number or Registration Servers. The Primary Registration Server must be selected from the servers that have been registered. This can be done from the Registration Server list.
ServerRoot¶
The installation directory of the Web Portal application. This setting is read-only, and cannot be changed after installation.
WebPortalDomain¶
This is the domain name (or URL) of this service.
WebPortalName¶
This name of this service. The name is displayed in the Web Portal Admin Console. The default value is the domain name of the service. The name is used for display purposes only, and may be set to any value.
Outgoing Connections¶
UseProxy¶
Set this value to True
in order to enable the use of a proxy for all
outgoing connections of the Web Portal, and the TeamDrive Agent running
in the Docker environment.
ProxyHost¶
This is the domain name (or IP address) and port number of the proxy to
be used for outgoing connections. If not set, the UseProxy
setting
will be ignored.
Note that this setting is used for both HTTP and HTTPS connections.
NoProxyList¶
This is a comma separated list of domains and IP addresses that are to be contacted without the use of a proxy.
ConnectionTimeout¶
The timeout in milliseconds when making outbound connections. The default is 30 seconds.
Build Image¶
The Build Image settings are used to build and, if necessary, customize the Docker container image for use with the Web Portal.
AgentCommandLineArgs¶
These are the command line arguments passed to the TeamDrive Agent when started
in a container. This is a read-only value that is affected by the following
settings: ContainerIdleTimeout
, ContainerDatabases
and SharedIniPath
(see AgentDownloadURL, ContainerDatabases and
SharedIniPath).
In addition, if SharedIniPath
is empty, then the value set using
ClientSettings
will be added to the command line parameters.
When the container image is built, the value of this setting is substituted
for the @COMMANDLINEARGS@ in the BuildDockerfile
(see BuildDockerfile).
AgentDownloadURL¶
This URL is used to download the TeamDrive Agent archive (.tar.gz file).
By default the URL refers to the TeamDrive download portal:
http://s3download.teamdrive.net/{VERSIONSHORT}/{PROVIDERCODE}/linux-x86_64/{PRODUCTNAME}_agent_{VERSION}_el7.x86_64.tar.gz
Before usage, the following substitutions are made:
- {PRODUCTNAME} is set to
BuildProductName
, after converting to all lowercase letters.- {PROVIDERCODE} is set to the value of the
BuildProviderCode
setting.- {VERSION} is set to the version of the Agent being built.
- {VERSIONSHORT} a short version of the version number of the archive, which does not include the “patch” number. Version numbers have the form: <major>.<minor>.<patch>.<build>
If you have your own download portal, you can remove the placeholders as required.
If the required TeamDrive Agent archive is found in the build folder
(ImageBuildFolder
) the Web Portal will not attempt to download the
archive.
BuildBinaryName¶
BuildBinaryName
is the name of TeamDrive Agent binary executable which is
started when launching a Docker container. The executable is included in the
Agent archive (.tar.gz file).
By default, this value is “teamdrived.bin”.
BuildDockerfile¶
The contents of the Dockerfile used by docker to build a new TeamDrive Agent image, as described in the Docker documentation: https://docs.docker.com/engine/reference/builder/.
A number of replacements are performed before the file is used:
- @AGENTARCHIVE@ is set to the last component of the
AgentDownloadURL
setting.- @BINARYNAME@ is set to the value of the
BuildBinaryName
setting.- @COMMANDLINEARGS@ is set to the value of the
AgentCommandLineArgs
setting.- @PRODUCTNAME@ is set to
BuildProductName
, after converting to all lowercase letters.
Note the place-holder variable @IDLETIMEOUT@ (value of the ContainerIdleTimeout
setting)
has been deprecated. You should use @COMMANDLINEARGS@ instead as demonstrated by the default
BuildDockerfile
, as follows:
CMD [ \"./@BINARYNAME@\", @COMMANDLINEARGS@ ]
After substitution, the Web Portal uses the value of ImageBuildCommand
to
call docker to create the image.
BuildProductName¶
This is the customisable Product name. The default Product name is “teamdrive”.
Note that the Product name is required to be all lowercase letters.
This value is the first part of the name of the Agent archive (.tar.gz file)
which contains the binary of the TeamDrive Agent, as specified by the
last component of the AgentDownloadURL
setting, for
example: “teamdrive_agent_4.5.5.1838_el7.x86_64.tar.gz”.
When the Agent archive is unpacked, the Web Portal assumes that the top-level directory is the same as the value of this setting. In addition, when upgrading, the Web Portal will create a Docker image with a name of the form:
<build-product-name>/agent:<version-number>-<provider-code>.
The Web Portal also uses the image name to search the Docker hub before building a custom image.
BuildProviderCode¶
This is your 4 letter Provider code. This should correspond to the provider code specified in the DISTRIBUTOR file. By default, the Provide code is “TMDR”.
BuildWgetCommand¶
This is a shell command calls the wget executable to download the TeamDrive Agent archive. Additional arguments (e.g. -O, -e and the download URL) will be added to this command as required.
The only reason to change this setting is to determine the “wget” executable to be used by add a path, or to specify a different location for the log file.
Before usage, {BUILDFOLDER} is set to the value of the ImageBuildFolder
setting.
If the wget call fails, check the “wget-log” log file for details.
DISTRIBUTORFile¶
This is the contents of the signed DISTRIBUTOR file to be used by the TeamDrive agent running in the container. This value replaces the contents of the DISTRIBUTOR file included in the Agent archive.
By default this value is empty, which means that the DISTRIBUTOR file in the Agent archive is used.
Please notice, that only signed DISTRIBUTOR files will be accepted. The signature will be checked during the creation of the docker image and at each start of the agent.
The default contents for the TeamDrive Agent are as follows:
code=TMDR
reg-server-list-url=http://reg.teamdrive.net/pbas/td2as/lis/regserverlist.htm
reg-server-name=TeamDriveMaster
reg-server-url=http://reg.teamdrive.net/pbas/td2as/reg/
notification-url=http://notification.teamdrive.net/pbas/td2as/reg/
media-server-url=http://media.teamdrive.net/pbas/td2as/reg/
update-program-url=http://reg.teamdrive.net/pbas/td2as/upd/update.xml
balance-url=http://balance.teamdrive.net/pbas/td2as/bal/balance.xml
log-upload-url=http://logupload.teamdrive.com/upload.php
redirector-url=http://www.teamdrive.com/redirector.php
ping-url=http://ping.teamdrive.net/ping.xml
enable-provider-panel-android=false
enable-provider-panel-ios=false
enable-provider-panel-linux=true
enable-provider-panel-mac=true
enable-provider-panel-win=true
HttpConfigFolder¶
The path to the Apache folder for configuration files, “/etc/httpd/conf.d/” by default. There is no need to change this setting if you are running the Web Portal on CentOS 6 or CentOS 7.
HttpDocsFolder¶
This must be set to the path to the Apache documents folder. By default, the value is “/var/www/”. There is no need to change this setting if you are running the Web Portal on CentOS 6 or CentOS 7.
ImageBuildCommand¶
This is a shell command which calls the docker executable to build a new Docker image. The only reason to change this setting is to determine the “docker” executable to be used by specifying the path of the executable.
Before usage, the following substitutions are made:
- {BUILDFOLDER} is set to the value of the
ImageBuildFolder
setting.- {PRODUCTNAME} is set to
BuildProductName
, after converting to all lowercase letters.- {PROVIDERCODE} is set to the value of the
BuildProviderCode
setting.- {VERSION} is set to the version of the Agent being built.
ImageBuildFolder¶
This is the folder in the filesystem where the files are created during the Docker image build process.
If the Agent archive cannot be downloaded then it may be copied manually to this directory before the build is initiated (see Installing the TeamDrive Agent Docker Image).
The DISTRIBTOR file and the Dockerfile used to build the Docker image are created in this directory. Since these files are not deleted you can check the contents after the build is completed.