Web Portal Settings¶
This chapter lists and describes the available configuration options for the TeamDrive Web Portal.
You can review and modify most of these via the TeamDrive Web Portal Admin Console by clicking Settings. Some settings are marked as read-only (“R/O”), they can not be changed.
The settings are grouped into sections:
Admin Console¶
ExtAuthEnabled¶
Set this value to True
to enable external authentication for the
Administration Console. This should not be confued with the use of
external authentication used by users of the Web Portal. See
Administrator Login using External Authentication for details.
ExtAuthURL¶
This is the URL that is used by the Web Portal to verify the login of an Administrator, when using External Authentication. See Administrator Login using External Authentication for details.
ForceHTTPSUsage¶
Set to True
if the Web Portal Admin Console must be accessed using
HTTPS.
Language¶
This is the default language used by the Web Portal Admin Console.
MaxRecordsDisplayed¶
This setting determines the maximum number of records that may be retrieved from the database at any time. This parameter may only be changed by a Superuser.
SessionTimeout¶
This is the idle time in seconds after which you are required to login to the Web Portal Admin Console again.
UseTwoFactorAuth¶
Set to True
to enable two-factor authentication for Superusers.
Note that this setting only applies to the user of the Web Portal Admin Console. The setting has nothing to do with the use of two-facter authentication used by the users of the portal. This is described in the section: How to Enable Two-Factor Authentication.
API¶
APIAccessList¶
A list of IPs which are allowed to access the API of the Web Portal.
APIChecksumSalt¶
To detect “man in the middle” attacks when sending API requests to the Web Portal, a random “salt value” is generated during the initial installation. The sender must add this salt value to his request before calculating the MD5 hash value of the API request content which will be sent to the Web Portal.
The checksum will be included in the URL, so that the Web Portal can check if the content was modified during the transport.
This setting is read-only and can not be changed via the Admin web interface.
Authentication¶
AuthLoginPageURL¶
This is URL of the login page which is used to login using the external Authentication Service. See Configuring Active Directory / LDAP Authentication Services for details.
When AuthServiceEnabled
is True
, the Web Portal login page:
https://webportal.yourdomain.com/portal/login.html
, redirects
to the page specified by this setting.
If AuthServiceEnabled
is True
, but this setting has no
value, then the Portal Login page provided by the Registration
Server (version 3.6 or later) is used by default.
The Registration Server Portal Login page also allows the
use of Two-factor authentication using the Google Authentication
App. In this case, Two-factor authentication can be setup using
the page: https://webportal.yourdomain.com/portal/setup-2fa.html
,
which redirects to the web-page that provides this service
on the Registration Server.
The Registration Server Portal pages are customisable using the templates provided. Details are available in the Registration Server documentation.
AuthServiceEnabled¶
Since version 2.0.5 of the Web Portal, the setting is only required if you want to use a specific Authentication Service.
If AuthServiceEnabled
is False
the Web Portal automatically
uses external authentication as required by the user, provided you are using
TeamDrive Agent 4.6.11.2656 or later (WEBCLIENT-335).
The 4.6.11.2656 agent, first requires the user to enter an email (or username), and then based on this input the user is directed to the standard TeamDrive login, or the user’s external authentication service.
Note that the domain of the Web Portal must be registered with all
External Authentication services used by the users of the portal.
This is done by adding the domain of the Web Portal to the
$allowed_origins
configuration setting of the external service.
If your external authentication service does not support this configuration parameter, then it will need to be updated.
When AuthServiceEnabled
is set to True
, you must ensure
that AuthLoginPageURL
(see AuthLoginPageURL) and
AuthTokenVerifyURL
(AuthTokenVerifyURL) are set correctly.
Once a Web Portal is configured for external authentication, it no longer supports regular login (i.e. authentication using the Registration Server).
In this case, the user will always be redirected to the external login page, and will not be able to access the standard login page provided by the TeamDrive Agent. This means that only users of this authentication service may then login.
See Configuring Active Directory / LDAP Authentication Services for further using external authentication services.
AuthTokenVerifyURL¶
This URL is used to verify the token returned by the Authentication Service after success login by a TeamDrive user. See Configuring Active Directory / LDAP Authentication Services for details.
By default, this setting is set to the Registration Server Portal
verification URL: https://<reg-server-domain>/portal/verify.html
LicenseBuyURL¶
This URL will be displayed for a user, if LicenseProfessionalRequired is set and the user has no professional license.
LicenseProfessionalRequired¶
Login at the Web Portal requires a professional license for the user.
RegistrationEnabled¶
Set to True
in order to allow users to register directly From
the Web Portal. By default this value is set to False
.
The setting RegistrationURL
(see RegistrationURL) specifies the
URL that provides the registration page.
When RegistrationEnabled
is set to True
there are 2 possibilities,
depending on whether AuthServiceEnabled
(AuthServiceEnabled) is
set to True
or False
.
If AuthServiceEnabled
is True
, then registration uses the external
Authentication Service mechanism which results in the user being logged-in,
immediately after registration.
When AuthServiceEnabled
is True
, it is possible to use the
customisable registration page provided by the Registration Server
(version 3.6 or later). In this case RegistrationURL
must not be set
(see RegistrationURL) .
If AuthServiceEnabled
is False
, then the TeamDrive Agent Web-GUI
provides a “Register Now” button which references this page specified by
RegistrationURL
, in the login dialog.
In this case, the page referenced by RegistrationURL
is a custom
developed web-page which performs registration using the Registration
Server API and then redirects to the Web Portal login page:
https://webportal.yourdomain.com/portal/login.html
.
RegistrationURL¶
This URL references a Web-page where a user can register as a TeamDrive user. Alternatively, if an external Authentication Service is being used this page allows users to register with this service.
This page will only be used of RegistrationEnabled
is set to True
.
The Web Portal register page:
https://webportal.yourdomain.com/portal/register.html
, automatically
redirects to the page.
If RegistrationEnabled
is True
, but this setting has no
value, then the Portal Registration page provided by the Registration
Server (version 3.6 or later) is used by default. In this case,
AuthServiceEnabled
(see AuthServiceEnabled) must be set to True
.
If RegistrationEnabled
is True
and AuthServiceEnabled
is False
then this setting must reference a custom developed web-page which performs
registration using the Registration Server API and then redirects to the
Web Portal login page: https://webportal.yourdomain.com/portal/login.html
.
UseEmbeddedLogin¶
This setting determines whether the Web Portal uses the embedded, or non-embedded form of external login / registration.
External authentication can be embedded in the TeamDrive Web GUI, or can the
external authentication pages can be used directly. Set UseEmbeddedLogin
to True
in order to use the embedded login form.
By default, UseEmbeddedLogin
is set to False
if you upgrade from
a previous version of the Web Portal that was using external authentication,
otherwise, the default is True
.
Accessing the Web Portal domain, for example: https://webportal.yourdomain.com
,
will automatically present the login in the embedded or non-embedded form, as
specified by UseEmbeddedLogin
.
You can now use “explicit” links to the login page in order to set the default provider code and language, for the login or registration.
For the non-embedded login form use the following explicit link:
https://webportal.yourdomain.com/portal/login.html?dist=CODE&lang=LG
and for the embedded login form use the following explicit link:
https://webportal.yourdomain.com/extauth/login.html?dist=CODE&lang=LG
where CODE
is the provider code, and LG
is the language code, for
example en
or de
.
Note that the external authentication service must be able to handle the specified provider code and language.
Sandbox Settings¶
ContainerDatabases¶
This setting allows you to specify an alternative path for the SQLite
databases used by the containers. If empty (the default value) then the
SQLite database is placed with the rest of the data in the ContainerRoot
directory.
When specified, the user-specific directory in this location will be mounted in the container under the path: “/teamdrive/dbs”. However, this path will only be used if you build a new image using the TeamDrive Agent version 4.6.12.2637 or later.
This version of the client supports the “–database-path” option which
allows you to specify an alternative path for the SQLite database. When
ContainerDatabases
is set, the image build process will automatically
add this option to the start parameters of the agent (see @USEDATABASEPATH
).
ContainerHost¶
This is the host name which runs the webportal.
ContainerIdleTimeout¶
This is a timeout value in seconds that determines when the TeamDrive Agent will automatically shutdown. The default value is 15 minutes. This results in the user of the TeamDrive Agent loosing their session information, and login is required on the next access.
The value set here specifies the value of the idle-shutdown-timeout
client
setting (see ClientSettings), which is written to the teamdrive.ini
file.
If a SharedIniPath
is specified then changes to this setting take affect when
a TeamDrive Agent is restarted.
ContainerImage¶
This is the name of the image that must be used when creating a new TeamDrive Agent. See Upgrading the Database Structure and TeamDrive Agent for details.
Note that if the MinimumAgentVersion
specifies a TeamDrive Agent
version that is higher than the version of the Agent specified
by ContainerImage
, then the TeamDrive Agent used will be
determined by MinimumAgentVersion
.
ContainerRoot¶
This is the absolute path that reference the directory in which all TeamDrive Agents will store their user data.
Data in this location is stored in a sub-directory for each TeamDrive Agent. The sub-directory name is the username.
This user-specific directory is mounted in the TeamDrive Agent for his home-directory. A process sandboxing ensures that the TeamDrive Agent for one user cannot access the data of other users.
ContainerStorageTimeout¶
This is the time, in minutes, that a TeamDrive Agent must be idle before its storage is removed. Zero means that the TeamDrive Agent storage is never deleted. See Upgrading the Database Structure and TeamDrive Agent for details.
CurrentGUIVersion¶
The version of the installed GUI package. The update process will retrieve
or build a new TeamDrive Agent (see update process for details). The GUI
package will be extracted from this TeamDrive Agent and the HTML pages, images
and javascript code will be located in the apache document root. The GUI
version should be identical to the ContainerImage
version.
ImageUpdateInProgress¶
This setting will be set to true during the update and users using the
webportal will get the hint Upgrade in progress, please try again shortly
.
MaxActiveContainer¶
A parameter to limit the currently active users. Set to 0 to disable the limitation.
MinimumAgentVersion¶
This setting is specifies the minimum TeamDrive Agent version that is
required by the Web Portal. The setting may not be modified. If The
current image used by containers has a Agent version that is earlier
than MinimumAgentVersion
, then upgrade of the containers will be
forced by the Web Portal. This means that users may experience a
spontaneous logout.
Following upgrade, ContainerImage
will be set to the required
image.
OldImageRemovalTime¶
Use this setting to specify when containers with old images should be
removed. You can set it to “now”, to remove the containers immediately, if
set to “never”, then containers are only removed if the OldImageTimeout
is
exceeded. This value can also be set to a time (e.g. 03:00, format: hh:mm),
or a date (format YYYY-MM-DD hh:mm). Note, if RemoveOldImages is False
,
this setting is ignored. See Upgrading the Database Structure and TeamDrive Agent for details.
OldImageTimeout¶
This is the time, in seconds, that a TeamDrive Agent with an old version must be
idle before it is removed. Zero means the TeamDrive Agent is removed, even if
it is running. Note, if RemoveOldImages
is False
, this setting is ignored.
See Upgrading the Database Structure and TeamDrive Agent for details.
RemoveIdleContainerTime¶
This is the time, in seconds, that a TeamDrive Agent must be idle before it is removed. Zero means that TeamDrive Agents are never removed. See Upgrading the Database Structure and TeamDrive Agent for details.
RemoveOldImages¶
Set to True
if TeamDrive Agent running an old image (i.e. not equal to
ContainerImage) should be removed. See Upgrading the Database Structure and TeamDrive Agent for
details.
SandboxCommand¶
Specifies the binary and command line parameters used to run the Agent in a systemd-sandbox environment.
Container Swapping¶
When enabled container swapping will transfer user data that have not been used for a certain amount of time to a backup storage. This is done to free up space on the primary storage, used by the Webportal.
This also allows user data to be transfered from one host to another in order to balance load.
Only the state of the user data in the form of the SQLite database, and the changed settings are stored.
AWSProfile¶
This is the value of the “–profile” option for the Amazon CLI (aws).
EnableSwapping¶
Set to True
to enable container swapping.
ObjectStoreURL¶
The URL for accessing the object store.
StorageAccessKey¶
The object store access key.
StorageBucket¶
The object store bucket, or a path in the case of a file system (mount
) backup storage.
StorageSecret¶
The object store secret.
StorageType¶
The backup storage type. One of the following: azure
, amazon
, ionos
or mount
.
SwapBinary¶
Use this setting to specify an alternative binary CLI (command line interface) for the object store in use.
By default, /bin/az
is used in the case of azure
, /usr/local/bin/aws
is used in
the case of amazon
and ionos
, and /bin/cp
is used for mount
storage.
Email Settings¶
EmailOriginHost¶
Specify the domain of the origin host, for emails sent by the server. See Enabling Two-Factor Authentication for Administrators for details.
EmailSendTimeout¶
Timeout in seconds, when sending an email. See Enabling Two-Factor Authentication for Administrators for details.
EmailReplyToAddress¶
This is the email address that will appear in the Reply-To header of the email, and will be used by the email client if the user attempts to reply to emails sent by the Web Portal. See Enabling Two-Factor Authentication for Administrators for details.
EmailSenderAddress¶
The email address of the sender. This address is not directly visible to the email receiver. If an email bounces, a message will be sent to this address. See Enabling Two-Factor Authentication for Administrators for details.
EmailSettingsToConfirm¶
A hash of the email settings that need to be confirmed before saving. See Enabling Two-Factor Authentication for Administrators for details.
SMTPServerHost¶
Domain name (and port) of the SMTP server used to send emails. See Enabling Two-Factor Authentication for Administrators for details.
General Settings¶
AllowedProviders¶
This is a list of Provider codes of the users that may login to the Portal. If empty, any user may login to the Portal.
Note
Changes to the list will not be recognized by running container instances. You have to stop all running instances manually.
ClientSettings¶
This is a list of settings for the TeamDrive Agent running in all
containers belonging to the Web Portal. In addition to these settings,
the Web Portal automatically sets sqlite-synchronous=normal
and
idle-shutdown-timeout
(which depends on the value of ContainerIdleTimeout
).
The client settings are written to the teamdrive.ini
file created in the
directory specified by SharedIniPath
.
This means if the client settings are changed, then they only take effect when the TeamDrive Agent is restarted.
MaxLoginLogAge¶
The Web Portal keeps a log of the logins, which includes the login name, and the IP address of the user. This setting specifies how long the log entries are preserved. By default this is 48 hours.
The purpose of the log is to detect possible abuse or denial of service attacks aimed at the Web Portal.
MaxLoginRate¶
This is the maximum number of logins to the Web Portal within one minute. The default value is 20. The logins are averaged over 10 minutes so it is possible to exceed this number in bursts.
The object of this setting is to prevent Denial Service and other brute force attacks against the Web Portal login, by automated systems.
As a result, only IP numbers used more than 4 times over the last 10 minutes count towards the total. This means that a login from a little-userd IP address is not subject to this restriction.
If the rate is exceeded, the users will get an error message that login has been temporarily disable for security reasons, and that they should try again in a few minutes.
In addition, an email is sent to the administrators of the Web Portal, specifying the current login rate. This helps administrators to identify attacks on the Web Portal login.
PrimaryRegistrationServer¶
Web Portals can be connected to a number or Registration Servers. The Primary Registration Server must be selected from the servers that have been registered. This can be done from the Registration Server list.
ServerRoot¶
The installation directory of the Web Portal application. This setting is read-only, and cannot be changed after installation.
WebPortalDomain¶
This is the domain name (or URL) of this service.
WebPortalName¶
This name of this service. The name is displayed in the Web Portal Admin Console. The default value is the domain name of the service. The name is used for display purposes only, and may be set to any value.
Outgoing Connections¶
UseProxy¶
Set this value to True
in order to enable the use of a proxy for all
outgoing connections of the Web Portal and the TeamDrive Agent.
ProxyHost¶
This is the domain name (or IP address) and port number of the proxy to
be used for outgoing connections. If not set, the UseProxy
setting
will be ignored.
Note that this setting is used for both HTTP and HTTPS connections.
NoProxyList¶
This is a comma separated list of domains and IP addresses that are to be contacted without the use of a proxy.
ConnectionTimeout¶
The timeout in milliseconds when making outbound connections. The default is 30 seconds.
Build Image¶
The Build Image settings are used to build and, if necessary, customize the TeamDrive Agent for use with the Web Portal.
AgentCommandLineArgs¶
These are the command line arguments passed to the TeamDrive Agent. This is a
read-only value that is affected by the following settings:
ContainerIdleTimeout
, ContainerDatabases
and SharedIniPath
(see AgentDownloadURL, ContainerDatabases and
SharedIniPath).
In addition, if SharedIniPath
is empty, then the value set using
ClientSettings
will be added to the command line parameters.
AgentDownloadURL¶
This URL is used to download the TeamDrive Agent archive (.tar.gz file).
By default the URL refers to the TeamDrive download portal:
http://download.teamdrive.net/{VERSIONSHORT}/{PROVIDERCODE}/linux-x86_64/{PRODUCTNAME}_agent_{VERSION}_el7.x86_64.tar.gz
Before usage, the following substitutions are made:
- {PRODUCTNAME} is set to
BuildProductName
, after converting to all lowercase letters.- {PROVIDERCODE} is set to the value of the
BuildProviderCode
setting.- {VERSION} is set to the version of the Agent being built.
- {VERSIONSHORT} a short version of the version number of the archive, which does not include the “patch” number. Version numbers have the form: <major>.<minor>.<patch>.<build>
If you have your own download portal, you can remove the placeholders as required.
If the required TeamDrive Agent archive is found in the “archive” folder in the
ServerRoot
directory the Web Portal will not attempt to download the archive.
BuildBinaryName¶
BuildBinaryName
is the name of TeamDrive Agent binary executable. The
executable is included in the Agent archive (.tar.gz file).
By default, this value is “teamdrived.bin”.
Note
If you change this value you must start execute:
yvva --call=upgrade_now
as root, in order for the change to take effect.
BuildProductName¶
This is the customisable Product name. The default Product name is “teamdrive”.
Note that the Product name is required to be all lowercase letters.
This value is the first part of the name of the Agent archive (.tar.gz file)
which contains the binary of the TeamDrive Agent, as specified by the
last component of the AgentDownloadURL
setting, for
example: “teamdrive_agent_4.5.5.1838_el7.x86_64.tar.gz”.
BuildProviderCode¶
This is your 4 letter Provider code. This should correspond to the provider code specified in the DISTRIBUTOR file. By default, the Provide code is “TMDR”.
DISTRIBUTORFile¶
This is the contents of the signed DISTRIBUTOR file to be used by the TeamDrive agent running in the container. This value replaces the contents of the DISTRIBUTOR file included in the Agent archive.
By default this value is empty, which means that the DISTRIBUTOR file in the Agent archive is used.
Please notice, that only signed DISTRIBUTOR files will be accepted. The signature will be checked during the start of an agent.
The default contents for the TeamDrive Agent are as follows:
code=TMDR
reg-server-list-url=http://reg.teamdrive.net/pbas/td2as/lis/regserverlist.htm
reg-server-name=TeamDriveMaster
reg-server-url=http://reg.teamdrive.net/pbas/td2as/reg/
notification-url=http://notification.teamdrive.net/pbas/td2as/reg/
media-server-url=http://media.teamdrive.net/pbas/td2as/reg/
update-program-url=http://reg.teamdrive.net/pbas/td2as/upd/update.xml
balance-url=http://balance.teamdrive.net/pbas/td2as/bal/balance.xml
log-upload-url=http://logupload.teamdrive.com/upload.php
redirector-url=http://www.teamdrive.com/redirector.php
ping-url=http://ping.teamdrive.net/ping.xml
enable-provider-panel-android=false
enable-provider-panel-ios=false
enable-provider-panel-linux=true
enable-provider-panel-mac=true
enable-provider-panel-win=true
HttpConfigFolder¶
The path to the Apache folder for configuration files, “/etc/httpd/conf.d/” by default. There is no need to change this setting if you are running the Web Portal on CentOS 7 or CentOS 8.
HttpDocsFolder¶
This must be set to the path to the Apache documents folder. By default, the value is “/var/www/”. There is no need to change this setting if you are running the Web Portal on CentOS 7 or CentOS 8.