Web Portal Settings¶

ExtAuthEnabled¶

Set this value to True to enable external authentication for the Administration Console. This should not be confued with the use of external authentication used by users of the Web Portal. See Administrator Login using External Authentication for details.

ExtAuthURL¶

This is the URL that is used by the Web Portal to verify the login of an Administrator, when using External Authentication. See Administrator Login using External Authentication for details.

ForceHTTPSUsage¶

Set to True if the Web Portal Admin Console must be accessed using HTTPS.

Language¶

This is the default language used by the Web Portal Admin Console.

MaxRecordsDisplayed¶

This setting determines the maximum number of records that may be retrieved from the database at any time. This parameter may only be changed by a Superuser.

SessionTimeout¶

This is the idle time in seconds after which you are required to login to the Web Portal Admin Console again.

UseTwoFactorAuth¶

Set to True to enable two-factor authentication for Superusers.

Note that this setting only applies to the user of the Web Portal Admin Console. The setting has nothing to do with the use of two-facter authentication used by the users of the portal. This is described in the section: How to Enable Two-Factor Authentication.

APIAccessList¶

A list of IPs which are allowed to access the API of the Web Portal.

APIChecksumSalt¶

To detect “man in the middle” attacks when sending API requests to the Web Portal, a random “salt value” is generated during the initial installation. The sender must add this salt value to his request before calculating the MD5 hash value of the API request content which will be sent to the Web Portal.

The checksum will be included in the URL, so that the Web Portal can check if the content was modified during the transport.

This setting is read-only and can not be changed via the Admin web interface.

AuthLoginPageURL¶

This is URL of the login page which is used to login using the external Authentication Service. See Configuring Active Directory / LDAP Authentication Services for details.

When AuthServiceEnabled is True, the Web Portal login page: https://webportal.yourdomain.com/portal/login.html, redirects to the page specified by this setting.

If AuthServiceEnabled is True, but this setting has no value, then the Portal Login page provided by the Registration Server (version 3.6 or later) is used by default.

The Registration Server Portal Login page also allows the use of Two-factor authentication using the Google Authentication App. In this case, Two-factor authentication can be setup using the page: https://webportal.yourdomain.com/portal/setup-2fa.html, which redirects to the web-page that provides this service on the Registration Server.

The Registration Server Portal pages are customisable using the templates provided. Details are available in the Registration Server documentation.

AuthServiceEnabled¶

Since version 2.0.5 of the Web Portal, the setting is only required if you want to use a specific Authentication Service.

If AuthServiceEnabled is False the Web Portal automatically uses external authentication as required by the user, provided you are using TeamDrive Agent 4.6.11.2656 or later (WEBCLIENT-335).

The 4.6.11.2656 agent, first requires the user to enter an email (or username), and then based on this input the user is directed to the standard TeamDrive login, or the user’s external authentication service.

Note that the domain of the Web Portal must be registered with all External Authentication services used by the users of the portal. This is done by adding the domain of the Web Portal to the $allowed_origins configuration setting of the external service.

If your external authentication service does not support this configuration parameter, then it will need to be updated.

When AuthServiceEnabled is set to True, you must ensure that AuthLoginPageURL (see AuthLoginPageURL) and AuthTokenVerifyURL (AuthTokenVerifyURL) are set correctly.

Once a Web Portal is configured for external authentication, it no longer supports regular login (i.e. authentication using the Registration Server).

In this case, the user will always be redirected to the external login page, and will not be able to access the standard login page provided by the TeamDrive Agent. This means that only users of this authentication service may then login.

See Configuring Active Directory / LDAP Authentication Services for further using external authentication services.

AuthTokenVerifyURL¶

This URL is used to verify the token returned by the Authentication Service after success login by a TeamDrive user. See Configuring Active Directory / LDAP Authentication Services for details.

By default, this setting is set to the Registration Server Portal verification URL: https://<reg-server-domain>/portal/verify.html

LicenseBuyURL¶

This URL will be displayed for a user, if LicenseProfessionalRequired is set and the user has no professional license.

LicenseProfessionalRequired¶

Login at the Web Portal requires a professional license for the user.

RegistrationEnabled¶

Set to True in order to allow users to register directly From the Web Portal. By default this value is set to False.

The setting RegistrationURL (see RegistrationURL) specifies the URL that provides the registration page.

When RegistrationEnabled is set to True there are 2 possibilities, depending on whether AuthServiceEnabled (AuthServiceEnabled) is set to True or False.

If AuthServiceEnabled is True, then registration uses the external Authentication Service mechanism which results in the user being logged-in, immediately after registration.

When AuthServiceEnabled is True, it is possible to use the customisable registration page provided by the Registration Server (version 3.6 or later). In this case RegistrationURL must not be set (see RegistrationURL) .

If AuthServiceEnabled is False, then the TeamDrive Agent Web-GUI provides a “Register Now” button which references this page specified by RegistrationURL, in the login dialog.

In this case, the page referenced by RegistrationURL is a custom developed web-page which performs registration using the Registration Server API and then redirects to the Web Portal login page: https://webportal.yourdomain.com/portal/login.html.

RegistrationURL¶

This URL references a Web-page where a user can register as a TeamDrive user. Alternatively, if an external Authentication Service is being used this page allows users to register with this service.

This page will only be used of RegistrationEnabled is set to True.

The Web Portal register page: https://webportal.yourdomain.com/portal/register.html, automatically redirects to the page.

If RegistrationEnabled is True, but this setting has no value, then the Portal Registration page provided by the Registration Server (version 3.6 or later) is used by default. In this case, AuthServiceEnabled (see AuthServiceEnabled) must be set to True.

If RegistrationEnabled is True and AuthServiceEnabled is False then this setting must reference a custom developed web-page which performs registration using the Registration Server API and then redirects to the Web Portal login page: https://webportal.yourdomain.com/portal/login.html.

ContainerDatabases¶

This setting allows you to specify an alternative path for the SQLite databases used by the containers. If empty (the default value) then the SQLite database is placed with the rest of the data in the ContainerRoot directory.

When specified, the user-specific directory in this location will be mounted in the container under the path: “/teamdrive/dbs”. However, this path will only be used if you build a new image using the TeamDrive Agent version 4.6.12.2637 or later.

This version of the client supports the “–database-path” option which allows you to specify an alternative path for the SQLite database. When ContainerDatabases is set, the image build process will automatically add this option to the start parameters of the agent (see @USEDATABASEPATH).

ContainerHost¶

This is the host name which runs the webportal.

ContainerIdleTimeout¶

This is a timeout value in seconds that determines when the TeamDrive Agent will automatically shutdown. The default value is 15 minutes. This results in the user of the TeamDrive Agent loosing their session information, and login is required on the next access.

The value set here specifies the value of the idle-shutdown-timeout client setting (see ClientSettings), which is written to the teamdrive.ini file.

If a SharedIniPath is specified then changes to this setting take affect when a TeamDrive Agent is restarted.

ContainerImage¶

This is the name of the image that must be used when creating a new TeamDrive Agent. See Upgrading the Database Structure and TeamDrive Agent for details.

Note that if the MinimumAgentVersion specifies a TeamDrive Agent version that is higher than the version of the Agent specified by ContainerImage, then the TeamDrive Agent used will be determined by MinimumAgentVersion.

ContainerRoot¶

This is the absolute path that reference the directory in which all TeamDrive Agents will store their user data.

Data in this location is stored in a sub-directory for each TeamDrive Agent. The sub-directory name is the username.

This user-specific directory is mounted in the TeamDrive Agent for his home-directory. A process sandboxing ensures that the TeamDrive Agent for one user cannot access the data of other users.

ContainerStorageTimeout¶

This is the time, in minutes, that a TeamDrive Agent must be idle before its storage is removed. Zero means that the TeamDrive Agent storage is never deleted. See Upgrading the Database Structure and TeamDrive Agent for details.

CurrentGUIVersion¶

The version of the installed GUI package. The update process will retrieve or build a new TeamDrive Agent (see update process for details). The GUI package will be extracted from this TeamDrive Agent and the HTML pages, images and javascript code will be located in the apache document root. The GUI version should be identical to the ContainerImage version.

ImageUpdateInProgress¶

This setting will be set to true during the update and users using the webportal will get the hint Upgrade in progress, please try again shortly.

MaxActiveContainer¶

A parameter to limit the currently active users. Set to 0 to disable the limitation.

MinimumAgentVersion¶

This setting is specifies the minimum TeamDrive Agent version that is required by the Web Portal. The setting may not be modified. If The current image used by containers has a Agent version that is earlier than MinimumAgentVersion, then upgrade of the containers will be forced by the Web Portal. This means that users may experience a spontaneous logout.

Following upgrade, ContainerImage will be set to the required image.

RemoveIdleContainerTime¶

This is the time, in seconds, that a TeamDrive Agent container must be idle before it is removed from local storage. Zero means containers are never removed. See Upgrading the Database Structure and TeamDrive Agent for details.

If cloud storage is in use (see EnableSwapping), then the container is swapped to the cloud storage, after it is removed from local storage. In this case the container is not lost, and can be retrieved from cloud storage the next time the user logs in.

If cloud storage is not in use, then deleting the container results in a loss of the synchronisation state of the Web Portal for the user. This means the user will have to re-enter all spaces after the next login.

RequireLocalEncryption¶

Set this value to True in order to ensure that the all containers of the Web Portal use local encryption (default is False).

Note that users will not be able to login to the portal if users do not permit the activation of the Super PIN for their account.

SandboxCommand¶

Specifies the binary and command line parameters used to run the Agent in a systemd-sandbox environment.

SharedIniPath¶

Used SharedIniPath you can specify a global path for the teamdrive.ini file which is then used by all TeamDrive Agents.

The recommended value for this settings is /opt/teamdrive/webportal/shared/.

When you set this path, the Web Portal will automatically create the teamdrive.ini file in the SharedIniPath location. If there is a non-empty teamdrive.ini file at this path, then you will not be able to set SharedIniPath because the Web Portal overwrites the contents of this file.

Do not edit the teamdrive.ini file directly. Instead specify the client settings you required using the ClientSettings setting (ClientSettings).

When SharedIniPath is used, then changes ClientSettings which are written to the teamdrive.ini file when a TeamDrive Agent is restarted.

AWSProfile¶

This is the value of the “–profile” option for the Amazon CLI (aws).

EnableSwapping¶

Set to True to enable container swapping.

ObjectStoreURL¶

The URL for accessing the object store.

StorageAccessKey¶

The object store access key.

StorageBucket¶

The object store bucket, or a path in the case of a file system (mount) backup storage.

StorageSecret¶

The object store secret.

StorageType¶

The backup storage type. One of the following: azure, amazon, ionos or mount.

SwapBinary¶

Use this setting to specify an alternative binary CLI (command line interface) for the object store in use.

By default, /bin/az is used in the case of azure, /usr/local/bin/aws is used in the case of amazon and ionos, and /bin/cp is used for mount storage.

ContainerRunLimit¶

Set this value to the maximum number of containers that may be started when containers are started automatically in the background for synchronisation purposes.

The default value is 20.

EnableSyncContainers¶

Set EnableSyncContainers to True to enable the container synchronisation feature. The setting is ``True` by default.

When enabled containers will be started periodically in the background so that active spaces of the user can be synchronised, saving time when the user logs in.

SyncInboxesOnly¶

Set to True if only inbox containers should be synchronised. The default value is ``True`.

SyncProviderList¶

This is a comma separated list of Provider codes. All containers of users that belong to these Providers will be periodically synchronised regardless of the SyncInboxesOnly setting.

EmailOriginHost¶

Specify the domain of the origin host, for emails sent by the server. See Enabling Two-Factor Authentication for Administrators for details.

EmailSendTimeout¶

Timeout in seconds, when sending an email. See Enabling Two-Factor Authentication for Administrators for details.

EmailReplyToAddress¶

This is the email address that will appear in the Reply-To header of the email, and will be used by the email client if the user attempts to reply to emails sent by the Web Portal. See Enabling Two-Factor Authentication for Administrators for details.

EmailSenderAddress¶

The email address of the sender. This address is not directly visible to the email receiver. If an email bounces, a message will be sent to this address. See Enabling Two-Factor Authentication for Administrators for details.

EmailSettingsToConfirm¶

A hash of the email settings that need to be confirmed before saving. See Enabling Two-Factor Authentication for Administrators for details.

SMTPServerHost¶

Domain name (and port) of the SMTP server used to send emails. See Enabling Two-Factor Authentication for Administrators for details.

AllowedProviders¶

This is a list of Provider codes of the users that may login to the Portal. If empty, any user may login to the Portal.

ClientSettings¶

This is a list of settings for the TeamDrive Agent running in all containers belonging to the Web Portal. In addition to these settings, the Web Portal automatically sets sqlite-synchronous=normal and idle-shutdown-timeout (which depends on the value of ContainerIdleTimeout).

The client settings are written to the teamdrive.ini file created in the directory specified by SharedIniPath.

This means if the client settings are changed, then they only take effect when the TeamDrive Agent is restarted.

MaxLoginLogAge¶

The Web Portal keeps a log of the logins, which includes the login name, and the IP address of the user. This setting specifies how long the log entries are preserved. By default this is 48 hours.

The purpose of the log is to detect possible abuse or denial of service attacks aimed at the Web Portal.

MaxLoginRate¶

This is the maximum number of logins to the Web Portal within one minute. The default value is 20. The logins are averaged over 10 minutes so it is possible to exceed this number in bursts.

The object of this setting is to prevent Denial Service and other brute force attacks against the Web Portal login, by automated systems.

As a result, only IP numbers used more than 4 times over the last 10 minutes count towards the total. This means that a login from a little-userd IP address is not subject to this restriction.

If the rate is exceeded, the users will get an error message that login has been temporarily disable for security reasons, and that they should try again in a few minutes.

In addition, an email is sent to the administrators of the Web Portal, specifying the current login rate. This helps administrators to identify attacks on the Web Portal login.

PrimaryRegistrationServer¶

Web Portals can be connected to a number or Registration Servers. The Primary Registration Server must be selected from the servers that have been registered. This can be done from the Registration Server list.

ServerRoot¶

The installation directory of the Web Portal application. This setting is read-only, and cannot be changed after installation.

WebPortalDomain¶

This is the domain name (or URL) of this service.

WebPortalName¶

This name of this service. The name is displayed in the Web Portal Admin Console. The default value is the domain name of the service. The name is used for display purposes only, and may be set to any value.

UseProxy¶

Set this value to True in order to enable the use of a proxy for all outgoing connections of the Web Portal and the TeamDrive Agent.

ProxyHost¶

This is the domain name (or IP address) and port number of the proxy to be used for outgoing connections. If not set, the UseProxy setting will be ignored.

Note that this setting is used for both HTTP and HTTPS connections.

NoProxyList¶

This is a comma separated list of domains and IP addresses that are to be contacted without the use of a proxy.

ConnectionTimeout¶

The timeout in milliseconds when making outbound connections. The default is 30 seconds.

AgentCommandLineArgs¶

These are the command line arguments passed to the TeamDrive Agent. This is a read-only value that is affected by the following settings: ContainerIdleTimeout, ContainerDatabases and SharedIniPath (see AgentDownloadURL, ContainerDatabases and SharedIniPath).

In addition, if SharedIniPath is empty, then the value set using ClientSettings will be added to the command line parameters.

AgentDownloadURL¶

This URL is used to download the TeamDrive Agent archive (.tar.gz file).

By default the URL refers to the TeamDrive download portal:

http://download.teamdrive.net/{VERSIONSHORT}/{PROVIDERCODE}/linux-x86_64/{PRODUCTNAME}_agent_{VERSION}_el7.x86_64.tar.gz

Before usage, the following substitutions are made:

• {PRODUCTNAME} is set to BuildProductName, after converting to all lowercase letters.
• {PROVIDERCODE} is set to the value of the BuildProviderCode setting.
• {VERSION} is set to the version of the Agent being built.
• {VERSIONSHORT} a short version of the version number of the archive, which does not include the “patch” number. Version numbers have the form: <major>.<minor>.<patch>.<build>

If you have your own download portal, you can remove the placeholders as required.

If the required TeamDrive Agent archive is found in the “archive” folder in the ServerRoot directory the Web Portal will not attempt to download the archive.

BuildBinaryName¶

BuildBinaryName is the original name of the TeamDrive Agent executable in the Agent archive (.tar.gz file).

When updating to a new agent version, the binary name is changed to “teamdrived.bin”, which is the name of the executable used by the Web Portal.

BuildProductName¶

This is the customisable Product name. The default Product name is “teamdrive”.

Note that the Product name is required to be all lowercase letters.

This value is the first part of the name of the Agent archive (.tar.gz file) which contains the binary of the TeamDrive Agent, as specified by the last component of the AgentDownloadURL setting, for example: “teamdrive_agent_4.5.5.1838_el7.x86_64.tar.gz”.

BuildProviderCode¶

This is your 4 letter Provider code. This should correspond to the provider code specified in the DISTRIBUTOR file. By default, the Provide code is “TMDR”.

DISTRIBUTORFile¶

This is the contents of the signed DISTRIBUTOR file to be used by the TeamDrive agent running in the container. This value replaces the contents of the DISTRIBUTOR file included in the Agent archive.

By default this value is empty, which means that the DISTRIBUTOR file in the Agent archive is used.

Please notice, that only signed DISTRIBUTOR files will be accepted. The signature will be checked during the start of an agent.

The default contents for the TeamDrive Agent are as follows:

code=TMDR
reg-server-list-url=http://reg.teamdrive.net/pbas/td2as/lis/regserverlist.htm
reg-server-name=TeamDriveMaster
reg-server-url=http://reg.teamdrive.net/pbas/td2as/reg/
notification-url=http://notification.teamdrive.net/pbas/td2as/reg/
media-server-url=http://media.teamdrive.net/pbas/td2as/reg/
update-program-url=http://reg.teamdrive.net/pbas/td2as/upd/update.xml
balance-url=http://balance.teamdrive.net/pbas/td2as/bal/balance.xml
log-upload-url=http://logupload.teamdrive.com/upload.php
redirector-url=http://www.teamdrive.com/redirector.php
ping-url=http://ping.teamdrive.net/ping.xml

enable-provider-panel-android=false
enable-provider-panel-ios=false
enable-provider-panel-linux=true
enable-provider-panel-mac=true
enable-provider-panel-win=true

HttpConfigFolder¶

The path to the Apache folder for configuration files, “/etc/httpd/conf.d/” by default. There is no need to change this setting if you are running the Web Portal on CentOS 7 or CentOS 8.

HttpDocsFolder¶

This must be set to the path to the Apache documents folder. By default, the value is “/var/www/”. There is no need to change this setting if you are running the Web Portal on CentOS 7 or CentOS 8.