<!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
<!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
<allowed_languagesdesc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance."default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">en_GB en_US fr_FR </allowed_languages>
<sys_template_pathdesc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes."type="path"relative="true"default="systemplate"></sys_template_path>
<child_root_pathdesc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory."type="path"relative="true"default="jails"></child_root_path>
<server_namedesc="External hostname:port of the server running loolwsd. If empty, it's derived from the request (please set it if this doesn't work). Must be specified when behind a reverse-proxy or when the hostname is not reachable directly."type="string"default="">code.oasis21.org</server_name>
<file_server_root_pathdesc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet."type="path"relative="true"default="loleaflet/../"></file_server_root_path>
<memproportiondesc="The maximum percentage of system memory consumed by all of the LibreOffice Online, after which we start cleaning up idle documents"type="double"default="80.0"></memproportion>
<num_prespawn_childrendesc="Number of child processes to keep started in advance and waiting for new clients."type="uint"default="1">1</num_prespawn_children>
<per_documentdesc="Document-specific settings, including LO Core settings.">
<max_concurrencydesc="The maximum number of threads to use while processing a document."type="uint"default="4">4</max_concurrency>
<batch_prioritydesc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones"type="uint"default="5">5</batch_priority>
<document_signing_urldesc="The endpoint URL of signing server, if empty the document signing is disabled"type="string"default=""></document_signing_url>
<redlining_as_commentsdesc="If true show red-lines as comments"type="bool"default="false">false</redlining_as_comments>
<idle_timeout_secsdesc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour."type="uint"default="3600">3600</idle_timeout_secs>
<!-- Idle save and auto save are checked every 30 seconds -->
<!-- They are disabled when the value is zero or negative. -->
<idlesave_duration_secsdesc="The number of idle seconds after which document, if modified, should be saved. Defaults to 30 seconds."type="int"default="30">30</idlesave_duration_secs>
<autosave_duration_secsdesc="The number of seconds after which document, if modified, should be saved. Defaults to 5 minutes."type="int"default="300">300</autosave_duration_secs>
<always_save_on_exitdesc="On exiting the last editor, always perform the save, even if the document is not modified."type="bool"default="false">false</always_save_on_exit>
<limit_virt_mem_mbdesc="The maximum virtual memory allowed to each document process. 0 for unlimited."type="uint">0</limit_virt_mem_mb>
<limit_stack_mem_kbdesc="The maximum stack size allowed to each document process. 0 for unlimited."type="uint">8000</limit_stack_mem_kb>
<limit_file_size_mbdesc="The maximum file size allowed to each document process to write. 0 for unlimited."type="uint">0</limit_file_size_mb>
<limit_num_open_filesdesc="The maximum number of files allowed to each document process to open. 0 for unlimited."type="uint">0</limit_num_open_files>
<limit_load_secsdesc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited."type="uint"default="100">100</limit_load_secs>
<limit_convert_secsdesc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited."type="uint"default="100">100</limit_convert_secs>
</per_document>
<per_viewdesc="View-specific settings.">
<out_of_focus_timeout_secsdesc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 120 seconds."type="uint"default="120">120</out_of_focus_timeout_secs>
<idle_timeout_secsdesc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes."type="uint"default="900">900</idle_timeout_secs>
</per_view>
<loleaflet_htmldesc="Allows UI customization by replacing the single endpoint of loleaflet.html"type="string"default="loleaflet.html">loleaflet.html</loleaflet_html>
<logging>
<colortype="bool">true</color>
<leveltype="string"desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace"default="warning">debug</level>
<protocoltype="bool"descr="Enable minimal client-site JS protocol logging from the start">true</protocol>
<propertyname="purgeAge"desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
<propertyname="purgeCount"desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
<propertyname="rotateOnOpen"desc="Enable/disable log file rotation on opening.">true</property>
<propertyname="flush"desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
</file>
<anonymize>
<anonymize_user_datatype="bool"desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled."default="false">false</anonymize_user_data>
<anonymization_salttype="uint"desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number."default="82589933">82589933</anonymization_salt>
</anonymize>
</logging>
<loleaflet_loggingdesc="Logging in the browser console"default="false">false</loleaflet_logging>
<tracedesc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first."enable="false">
<pathdesc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz"compress="true"snapshot="false"></path>
<filter>
<messagedesc="Regex pattern of messages to exclude"></message>
</filter>
<outgoing>
<recorddesc="Whether or not to record outgoing messages"default="false">false</record>
</outgoing>
</trace>
<netdesc="Network settings">
<!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, loolwsd unexpectedly listens on [::1] only.
You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
<prototype="string"default="all"desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
<listentype="string"default="any"desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<service_roottype="path"default=""desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<proxy_prefixtype="bool"default="false"desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
<post_allowdesc="Allow/deny client IP address for POST(REST)."allow="true">
<frame_ancestorsdesc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space.">cloud.oasis21.org</frame_ancestors>
<enabletype="bool"desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable."default="true">true</enable>
<terminationdesc="Connection via proxy where loolwsd acts as working via https, but actually uses http."type="bool"default="true">true</termination>
<cert_file_pathdesc="Path to the cert file"relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_pathdesc="Path to the key file"relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_pathdesc="Path to the ca file"relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<cipher_listdesc="List of OpenSSL ciphers to accept"default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkpdesc="Enable HTTP Public key pinning"enable="false"report_only="false">
<max_agedesc="HPKP's max-age directive - time in seconds browser should remember the pins"enable="true">1000</max_age>
<report_uridesc="HPKP's report-uri directive - pin validation failure are reported at this URL"enable="false"></report_uri>
<pinsdesc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
<securitydesc="Altering these defaults potentially opens you to significant risk">
<seccompdesc="Should we use the seccomp system call filtering."type="bool"default="true">true</seccomp>
<capabilitiesdesc="Should we require capabilities to isolate processes into chroot jails"type="bool"default="true">true</capabilities>
</security>
<watermark>
<opacitydesc="Opacity of on-screen watermark from 0.0 to 1.0"type="double"default="0.2"></opacity>
<textdesc="Watermark text to be displayed on the document if entered"type="string"></text>
</watermark>
<welcome>
<enabletype="bool"desc="Controls whether the welcome screen should be shown to the users on new install and updates."default="false">false</enable>
<enable_buttontype="bool"desc="Controls whether the welcome screen should have an explanatory button instead of an X button to close the dialog."default="false">false</enable_button>
<pathdesc="Path to 'welcome-$lang.html' files served on first start or when the version changes. When empty, defaults to the Release notes."type="path"relative="true"default="loleaflet/welcome"></path>
</welcome>
<storagedesc="Backend storage">
<filesystemallow="false"/>
<wopidesc="Allow/deny wopi storage. Mutually exclusive with webdav."allow="true">
<hostdesc="Regex pattern of hostname to allow or deny."allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<hostdesc="Regex pattern of hostname to allow or deny."allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<hostdesc="Regex pattern of hostname to allow or deny."allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<hostdesc="Regex pattern of hostname to allow or deny."allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<hostdesc="Regex pattern of hostname to allow or deny."allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<hostdesc="Regex pattern of hostname to allow or deny."allow="false">192\.168\.1\.1</host>
<max_file_sizedesc="Maximum document size in bytes to load. 0 for unlimited."type="uint">0</max_file_size>
<reuse_cookiesdesc="When enabled, cookies from the browser will be captured and set on WOPI requests."type="bool"default="false">false</reuse_cookies>
<lockingdesc="Locking settings">
<refreshdesc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh"type="int"default="900">900</refresh>
</locking>
</wopi>
<webdavdesc="Allow/deny webdav storage. Mutually exclusive with wopi."allow="false">
<as_schemetype="bool"default="true"desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
<enabletype="bool"desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and loolwsd. When empty this defaults to following the ssl.enable setting"></enable>
<cert_file_pathdesc="Path to the cert file"relative="false"></cert_file_path>
<key_file_pathdesc="Path to the key file"relative="false"></key_file_path>
<ca_file_pathdesc="Path to the ca file. If this is not empty, then SSL verification will be strict, otherwise cert of storage (WOPI-like host) will not be verified."relative="false"></ca_file_path>
<cipher_listdesc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overriden only if absolutely needed."></cipher_list>
</ssl>
</storage>
<tile_cache_persistentdesc="Should the tiles persist between two editing sessions of the given document?"type="bool"default="true">true</tile_cache_persistent>
<admin_consoledesc="Web admin console settings.">
<enabledesc="Enable the admin console functionality"type="bool"default="true">true</enable>
<enable_pamdesc="Enable admin user authentication with PAM"type="bool"default="false">false</enable_pam>
<usernamedesc="The username of the admin console. Ignored if PAM is enabled.">nextcloud</username>
<passworddesc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">o!NdFB7fpQAbXG</password>
</admin_console>
<monitorsdesc="Addresses of servers we connect to on start for monitoring">