<!-- -*- nxml-child-
indent: 4; tab-width: 4;
indent-tabs-mode: nil -*- -->
<config>
<!-- For more detailed documentation on typical configuration options please see:
https://sdk.collaboraonl
ine.com/docs/
installation/Configuration.html -->
<!-- Note: 'default' attributes are used
to document a sett
ing's default value as well as
to use as fallback. -->
<!-- Note: When add
ing a new entry, a default must be set
in WSD
in case the entry is miss
ing upon deployment. -->
<accessibility desc="Accessibility sett
ings">
<enable type="bool" desc="Controls whether accessibility support should be enabled or not." default="false">false</enable>
</accessibility>
<allowed_languages desc="List of supported languages of Writ
ing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this
instance. Allo
wing
too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
<!--
These are the sett
ings of external (remote) spellchecker and grammar checker services. Currently Language
Tool and Duden Korrekturserver APIs are supported, you can
set either of them. By default they are
disabled.
To turn the support on, please set "enabled" property
to true. It works with self hosted or cloud services, free
and premium as well. The "base_url" may be https://api.language
toolplus.com/v2 if the cloud version of Language
Tool is used. Please note that your data
in the
document e.g. the text part of it will be sent
to the cloud API. Please read the respective privacy policies, e.g. https://language
tool.org/legal/privacy.
-->
<language
tool desc="Remote API sett
ings for spell and grammar check
ing">
<enabled desc="Enable Remote Spell and Grammar Checker" type="bool" default="false">false</enabled>
<base_url desc="HTTP endpo
int for the API server, without /check or /languages postfix at the end." type="str
ing" default=""></base_url>
<user_name desc="Language
Tool or Duden account username for premium usage." type="str
ing" default=""></user_name>
<api_key desc="API key provided by Language
Tool or Duden account for premium usage." type="str
ing" default=""></api_key>
<ssl_verification desc="Enable or
disable SSL verification. You may have
to disable it
in test environments with self-signed certificates." type="str
ing" default="true">true</ssl_verification>
<rest_pro
tocol desc="REST API pro
tocol. For Language
Tool leave it blank, for Duden Korrekturserver use the str
ing 'duden'." type="str
ing" default=""></rest_pro
tocol>
</language
tool>
<deepl desc="DeepL API sett
ings for translation service">
<enabled desc="If true, s
hows translate option as a menu entry
in the compact view and as an icon
in the tabbed view." type="bool" default="false">false</enabled>
<api_url desc="URL for the API" type="str
ing" default=""></api_url>
<auth_key desc="Auth Key generated by your account" type="str
ing" default=""></auth_key>
</deepl>
<sys_template_path desc="Path
to a template tree with shared libraries etc
to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<child_root_path desc="Path
to the direc
tory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty direc
tory." type="path" relative="true" default="jails"></child_root_path>
<mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of l
ink
ing/copy
ing each file." type="bool" default="true">true</mount_jail_tree>
<server_name desc="External hostname:port of the server runn
ing coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when beh
ind a reverse-proxy or when the hostname is not reachable directly." type="str
ing" default=""></server_name>
<file_server_root_path desc="Path
to the direc
tory that should be considered root for the file server. This should be the direc
tory conta
ining cool." type="path" relative="true" default="browser/../"></file_server_root_path>
<hexify_embedded_urls desc="Enable
to protect encoded URLs from gett
ing decoded by
intermediate hops. Particularly useful on Azure deployments" type="bool" default="false">false</hexify_embedded_urls>
<experimental_features desc="Enable/
Disable experimental features" type="bool" default="true">true</experimental_features>
<memproportion desc="The maximum percentage of available memory consumed by all of the Collabora Onl
ine Development Edition processes, after which we start clean
ing up idle documents. If cgroup memory limits are set, this is the maximum percentage of that limit
to consume." type="double" default="80.0"></memproportion>
<num_prespawn_children desc="Number of child processes
to keep started
in advance and wait
ing for new clients." type="u
int" default="4">4</num_prespawn_children>
<fetch_update_check desc="Every number of hours will fetch latest version data. Defaults
to 10 hours." type="u
int" default="
10">
10</fetch_update_check>
<allow_update_popup desc="Allows notification about an update
in the edi
tor" type="bool" default="true">true</allow_update_popup>
<per_document desc="Document-specific sett
ings,
includ
ing LO Core sett
ings.">
<max_concurrency desc="The maximum number of threads
to use while process
ing a document." type="u
int" default="4">4</max_concurrency>
<batch_priority desc="A (lower) priority for use by batch eg. convert-
to processes
to avoid starv
ing
interactive ones" type="u
int" default="5">5</batch_priority>
<bgsave_priority desc="A (lower) priority for use by background save processes
to free time for
interactive ones" type="u
int" default="5">5</bgsave_priority>
<bgsave_timeout_secs desc="The default maximum number of seconds
to wait for the background save processes
to f
inish before giv
ing up and revert
ing
to synchronous sav
ing" type="u
int" default="120">120</bgsave_timeout_secs>
<redl
ining_as_comments desc="If true s
how red-l
ines as comments" type="bool" default="false">false</redl
ining_as_comments>
<pdf_resolution_dpi desc="The resolution,
in DPI, used
to render PDF documents as image. Memory consumption grows proportionally. Must be a positive value less than 385. Defaults
to 96." type="u
int" default="96">96</pdf_resolution_dpi>
<idle_timeout_secs desc="The maximum number of seconds before unload
ing an idle document. Defaults
to 1 hour." type="u
int" default="3600">3600</idle_timeout_secs>
<idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved.
Disabled when 0. Defaults
to 30 seconds." type="u
int" default="30">30</idlesave_duration_secs>
<au
tosave_duration_secs desc="The number of seconds after which document, if modified, should be saved.
Disabled when 0. Defaults
to 5 m
inutes." type="u
int" default="300">300</au
tosave_duration_secs>
<background_au
tosave desc="Allow au
to-saves
to occur
in a forked background process where possible." type="bool" default="true">true</background_au
tosave>
<background_manualsave desc="Allow manual save
to occur
in a forked background process where possible" type="bool" default="true">true</background_manualsave>
<always_save_on_exit desc="On exit
ing the last edi
tor, always perform a save and upload if the document had been modified. This is
to allow the s
torage
to s
tore the document, if it had skipped do
ing so, previously, as an optimization." type="bool" default="false">false</always_save_on_exit>
<limit_virt_mem_mb desc="The maximum virtual memory allowed
to each document process. 0 for unlimited." type="u
int">0</limit_virt_mem_mb>
<limit_stack_mem_kb desc="The maximum stack size allowed
to each document process. 0 for unlimited." type="u
int">8000</limit_stack_mem_kb>
<limit_file_size_mb desc="The maximum file size allowed
to each document process
to write. 0 for unlimited." type="u
int">0</limit_file_size_mb>
<limit_num_open_files desc="The maximum number of files allowed
to each document process
to open. 0 for unlimited." type="u
int">0</limit_num_open_files>
<limit_load_secs desc="Maximum number of seconds
to wait for a document load
to succeed. 0 for unlimited." type="u
int" default="
100">
100</limit_load_secs>
<limit_s
tore_failures desc="Maximum number of consecutive save-and-upload
to s
torage failures when unload
ing the document. 0 for unlimited (not recommended)." type="u
int" default="5">5</limit_s
tore_failures>
<limit_convert_secs desc="Maximum number of seconds
to wait for a document conversion
to succeed. 0 for unlimited." type="u
int" default="
100">
100</limit_convert_secs>
<m
in_time_between_saves_ms desc="M
inimum number of milliseconds between sav
ing the document on disk." type="u
int" default="500">500</m
in_time_between_saves_ms>
<m
in_time_between_uploads_ms desc="M
inimum number of milliseconds between upload
ing the document
to s
torage." type="u
int" default="5000">5000</m
in_time_between_uploads_ms>
<cleanup desc="Checks for resource consum
ing (bad) documents and kills associated kit process. A document is considered resource consum
ing (bad) if is
in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="true">
<cleanup_
interval_ms desc="
Interval between two checks" type="u
int" default="
10000">
10000</cleanup_
interval_ms>
<bad_behavior_period_secs desc="M
inimum time period for a document
to be
in bad state before associated kit process is killed. If
in this period the condition for bad document is not met once then this period is reset" type="u
int" default="60">60</bad_behavior_period_secs>
<idle_time_secs desc="M
inimum idle time for a document
to be candidate for bad state" type="u
int" default="300">300</idle_time_secs>
<limit_dirty_mem_mb desc="M
inimum memory usage for a document
to be candidate for bad state" type="u
int" default="3072">3072</limit_dirty_mem_mb>
<limit_cpu_per desc="M
inimum CPU usage for a document
to be candidate for bad state" type="u
int" default="85">85</limit_cpu_per>
<lost_kit_grace_period_secs desc="The m
inimum grace period for a lost kit process (not referenced by coolwsd)
to resolve its lost status before it is term
inated.
To disable the cleanup of lost kits use value 0" default="120">120</lost_kit_grace_period_secs>
</cleanup>
</per_document>
<per_view desc="View-specific sett
ings.">
<out_of_focus_timeout_secs desc="The maximum number of seconds before dimm
ing and s
topp
ing updates when the browser tab is no longer
in focus. Defaults
to 300 seconds." type="u
int" default="300">300</out_of_focus_timeout_secs>
<idle_timeout_secs desc="The maximum number of seconds before dimm
ing and s
topp
ing updates when the user is no longer active (even if the browser is
in focus). Defaults
to 15 m
inutes." type="u
int" default="900">900</idle_timeout_secs>
<cus
tom_os_
info desc="Cus
tom str
ing s
hown as OS version
in About dialog, get from system if empty." type="str
ing" default=""></cus
tom_os_
info>
<m
in_saved_message_timeout_secs type="u
int" desc="The m
inimum number of seconds before the last modified message is be
ing displayed." default="6">6</m
in_saved_message_timeout_secs>
</per_view>
<ver_suffix desc="Appended
to etags
to allow easy refresh of changed files dur
ing development" type="str
ing" default=""></ver_suffix>
<logg
ing>
<color type="bool">true</color>
<!--
Note
to developers: When you do "make run", the logg
ing.level will be set on the
coolwsd command l
ine, so if you want
to change it for your test
ing, do it
in
Makefile.am, not here.
-->
<level type="str
ing" desc="Can be 0-8 (with the lowest numbers be
ing the least verbose), or none (turns off logg
ing), fatal, critical, error, warn
ing, notice,
information, debug, trace" default="warn
ing">warn
ing</level>
<level_startup type="str
ing" desc="As for level - but for the
initial startup phase which is most problematic, logg
ing reverts
to level configured above when startup is complete" default="trace">trace</level_startup>
<
disabled_areas type="str
ing" desc="High verbosity logg
ing ie.
info
to trace are
disable-able, comma separated: Generic, Pixel, Socket, WebSocket, Http, WebServer, S
torage, WOPI, Adm
in, Javascript" default="Socket,WebSocket,Adm
in,Pixel">Socket,WebSocket,Adm
in,Pixel</
disabled_areas>
<most_verbose_level_settable_from_client type="str
ing" desc="A logg
ingleveloverride message from the client can not set a more verbose log level than this" default="notice">notice</most_verbose_level_settable_from_client>
<least_verbose_level_settable_from_client type="str
ing" desc="A logg
ingleveloverride message from a client can not set a less verbose log level than this" default="fatal">fatal</least_verbose_level_settable_from_client>
<pro
tocol type="bool" desc="Enable m
inimal client-site JS pro
tocol logg
ing from the start">false</pro
tocol>
<!-- lokit_sal_log example: Log WebDAV-related messages, that is
interest
ing for debugg
ing
Insert - Image operation: "+TIMESTAMP+
INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
<lokit_sal_log type="str
ing" desc="F
ine tune log messages from LOKit. Default is
to suppress log messages from LOKit." default="-
INFO-WARN">-
INFO-WARN</lokit_sal_log>
<file enable="false">
<!-- If you use other path than /var/log and you run coolwsd from systemd, make sure that you enable that path
in coolwsd.service (ReadWritePaths). Also the log file path must be writable by the 'cool' user. -->
<property name="path" desc="Log file path.">/var/log/coolwsd.log</property>
<property name="
rotation" desc="Log file
rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number
to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/
disable log file compression.">true</property>
<property name="purgeAge" desc="The maximum age of log files
to preserve. See Poco FileChannel.">
10 days</property>
<property name="purgeCount" desc="The maximum number of log archives
to preserve. Use 'none'
to disable purg
ing. See Poco FileChannel.">
10</property>
<property name="
rotateOnOpen" desc="Enable/
disable log file
rotation on open
ing.">true</property>
<property name="flush" desc="Enable/
disable flush
ing after logg
ing each l
ine. May harm performance. Note that without flush
ing after each l
ine, the log l
ines from the different processes will not appear
in chronological order.">false</property>
</file>
<anonymize>
<anonymize_user_data type="bool" desc="Enable
to anonymize/obfuscate of user-data
in logs. If default is true, it was forced at compile-time and cannot be
disabled." default="false">false</anonymize_user_data>
<anonymization_salt type="u
int" desc="The salt used
to anonymize/obfuscate user-data
in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
</anonymize>
<docstats type="bool" desc="Enable
to see document handl
ing
information
in logs." default="false">false</docstats>
<userstats desc="Enable user stats. i.e: logs the details of a file and user" type="bool" default="false">false</userstats>
<
disable_server_audit type="bool" desc="
Disabled server audit dialog and notification. Adm
in will no longer see warn
ings
in the application user
interface. This doesn't affect log file." default="false">false</
disable_server_audit>
</logg
ing>
<canvas_slides
how_enabled type="bool" desc="If true, WebGl presentation rendered on the client side is enabled, otherwise
interactive SVG is used." default="true">true</canvas_slides
how_enabled>
<logg
ing_ui_cmd>
<merge type="bool" desc="If true, repeated commands after each other will be merged
into 1 l
ine. If false, every command will be 1 new l
ine." default="true">true</merge>
<merge_display_end_time type="bool" desc="If true, the duration of the merged command will also be logged." default="false">true</merge_display_end_time>
<file enable="false">
<!-- If you use other path than /var/log and you run coolwsd from systemd, make sure that you enable that path
in coolwsd.service (ReadWritePaths). Also the log file path must be writable by the 'cool' user. -->
<property name="path" desc="Log file path.">/var/log/coolwsd-ui-cmd.log</property>
<property name="purgeCount" desc="The maximum number of log archives
to preserve. Use 'none'
to disable purg
ing. See Poco FileChannel.">
10</property>
<property name="
rotateOnOpen" desc="Enable/
disable log file
rotation on open
ing.">true</property>
<property name="flush" desc="Enable/
disable flush
ing after logg
ing each l
ine. May harm performance. Note that without flush
ing after each l
ine, the log l
ines from the different processes will not appear
in chronological order.">false</property>
</file>
</logg
ing_ui_cmd>
<!--
Note
to developers: When you do "make run", the trace_event[@enable] will be set on the
coolwsd command l
ine, so if you want
to change it for your test
ing, do it
in Makefile.am,
not here.
-->
<trace_event desc="The possibility
to turn on generation of a Chrome Trace Event file" enable="false">
<path desc="Output path for the Trace Event file,
to which they will be written if turned on at run-time" type="str
ing" default="/var/log/coolwsd.trace.json">/var/log/coolwsd.trace.json</path>
</trace_event>
<browser_logg
ing desc="Logg
ing
in the browser console" default="false">false</browser_logg
ing>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied
to the path first." enable="false">
<path desc="Output path
to hold trace file and docs. Use '%' for timestamp
to avoid overwrit
ing. For example: /some/path/
to/cooltrace-%.gz" compress="true" snapshot="false"></path>
<filter>
<message desc="Regex pattern of messages
to exclude"></message>
</filter>
<outgo
ing>
<record desc="Whether or not
to record outgo
ing messages" default="false">false</record>
</outgo
ing>
</trace>
<net desc="Network sett
ings">
<!-- On systems where localhost resolves
to IPv6 [::1] address first, when net.pro
to is all and net.listen is loopback, coolwsd unexpectedly listens on [::1] only.
You need
to change net.pro
to to IPv4, if you want
to use 127.0.0.1. -->
<pro
to type="str
ing" default="all" desc="Pro
tocol
to use IPv4, IPv6 or all for both">all</pro
to>
<listen type="str
ing" default="any" desc="Listen address that coolwsd b
inds
to. Can be 'any' or 'loopback'.">any</listen>
<!-- this allows you
to shift all of our URLs
into a sub-path from
https://my.com/browser/a123...
to https://my.com/my/sub/path/browser/a123... -->
<service_root type="path" default="" desc="Prefix the base URL for all the pages, websockets, etc. with this path. This
includes the discovery URL."></service_root>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 b
lock as pla
in IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private
10.0.0.0/8 subnet (Podman).">
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow>
<lok_allow desc="Allowed hosts as an external data source
inside edited files. All allowed post_allow.host and s
torage.wopi entries are also considered
to be allowed as a data source. Used for example
in: PostMessage Action_
InsertGraphic, =WEBSERVICE() function, external reference
in the cell.">
<host desc="The IPv4 private 192.168 b
lock as pla
in IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private
10.0.0.0/8 subnet (Podman).">
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Dit
to, but as IPv4-mapped IPv6 addresses">::ffff:
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Localhost access by name">localhost</host>
</lok_allow>
<content_security_policy desc="Cus
tomize the CSP header by specify
ing one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2">
</content_security_policy>
<frame_ances
tors>
http://192.168.2.
107:8881
http://
10.1.200.64:*
http://192.168.11.33:*
</frame_ances
tors>
<connection_timeout_secs desc="Specifies the connection, send, recv timeout
in seconds for connections
initiated by coolwsd (such as WOPI connections)." type="
int" default="30">30</connection_timeout_secs>
<!-- this sett
ing radically changes
how onl
ine works, it should not be used
in a production environment -->
<proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix
to be passed-
in through which
to redirect requests">false</proxy_prefix>
</net>
<ssl desc="SSL sett
ings">
<!-- switches from https:// + wss://
to http:// + ws:// -->
<enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not
disable for production deployment). If default is false, must first be compiled with SSL support
to enable." default="true">true</enable>
<!-- SSL off-load can be done
in a proxy, if so
disable SSL, and enable term
ination below
in production -->
<term
ination desc="Connection via proxy where coolwsd acts as work
ing via https, but actually uses http." type="bool" default="false">false</term
ination>
<cert_file_path desc="Path
to the cert file" type="path" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path
to the key file" type="path" relative="false">/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc="Path
to the ca file" type="path" relative="false">/etc/coolwsd/ca-cha
in.cert.pem</ca_file_path>
<ssl_verification desc="Enable or
disable SSL verification of hosts remote
to coolwsd. If true SSL verification will be strict, otherwise certs of hosts will not be verified. You may have
to disable it
in test environments with self-signed certificates." type="str
ing" default="false">false</ssl_verification>
<cipher_list desc="List of OpenSSL ciphers
to accept" type="str
ing" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkp desc="Enable HTTP Public key p
inn
ing" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time
in seconds browser should remember the p
ins" enable="true" type="u
int" default="
1000">
1000</max_age>
<report_uri desc="HPKP's report-uri directive - p
in validation failure are reported at this URL" enable="false" type="str
ing"></report_uri>
<p
ins desc="Base64 encoded SPKI f
ingerpr
ints of keys
to be p
inned">
<p
in></p
in>
</p
ins>
</hpkp>
<sts desc="Strict-Transport-Security sett
ings, per rfc6797. Subdoma
ins are always
included.">
<enabled desc="Whether or not Strict-Transport-Security is enabled. Enable only when ready for production. Cannot be
disabled without resett
ing the browsers." type="bool" default="false">false</enabled>
<max_age desc="Strict-Transport-Security max-age directive,
in seconds. 0 is allowed; please see rfc6797 for details. Defaults
to 1 year." type="
int" default="31536000">31536000</max_age>
</sts>
</ssl>
<security desc="Alter
ing these defaults potentially opens you
to significant risk">
<seccomp desc="Should failure
to enable seccomp system call filter
ing be a fatal error." type="bool" default="true">true</seccomp>
<!-- deprecated: If capabilities is 'false', coolwsd will assume mount_namespaces of 'true'
to achieve
this goal, only avoid
ing chroot for process isolation if l
inux namespaces are unavailable -->
<capabilities desc="Should we require capabilities
to isolate processes
into chroot jails" type="bool" default="true">true</capabilities>
<jwt_expiry_secs desc="Time
in seconds before the Adm
in Console's JWT
token expires" type="
int" default="1800">1800</jwt_expiry_secs>
<enable_macros_execution desc="Specifies whether the macro execution is enabled
in general. This will enable Basic and Python scripts
to execute both
installed and from documents. If it is set
to false, the macro_security_level is ignored. If it is set
to true, the mentioned entry specified the level of macro security." type="bool" default="false">false</enable_macros_execution>
<macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before execut
ing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="
int" default="1">1</macro_security_level>
<enable_websocket_urp desc="Should we enable URP (UNO remote pro
tocol) communication over the websocket. This allows full control of the Kit child server
to anyone with access
to the websocket
includ
ing execut
ing macros without confirmation or runn
ing arbitrary shell commands
in the jail." type="bool" default="false">false</enable_websocket_urp>
<enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpo
int will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
<server_signature desc="Whether
to send server signature
in HTTP response headers" type="bool" default="false">false</server_signature>
</security>
<certificates>
<database_path type="str
ing" desc="Path
to the NSS certificates that are available
to all users" default=""></database_path>
</certificates>
<watermark>
<opacity desc="Opacity of on-
screen watermark from 0.0
to 1.0" type="double" default="0.2">0.2</opacity>
<text desc="Watermark text
to be displayed on the document if entered" type="str
ing"></text>
</watermark>
<user_
interface>
<mode type="str
ing" desc="Controls the user
interface style. The 'default' means: Take the value from ui_defaults, or decide for one of compact or tabbed (default|compact|tabbed)" default="default">default</mode>
<use_
integration_theme desc="Use theme from the
integra
tor" type="bool" default="true">true</use_
integration_theme>
<statusbar_save_
indica
tor desc="S
how sav
ing status
indica
tor
in the statusbar" type="bool" default="true">true</statusbar_save_
indica
tor>
</user_
interface>
<s
torage desc="Backend s
torage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi s
torage." allow="true">
<max_file_size desc="Maximum document size
in bytes
to load. 0 for unlimited." type="u
int">0</max_file_size>
<
locking desc="
Locking sett
ings">
<refresh desc="
How frequently we should re-acquire a
lock with the s
torage server,
in seconds (default 15 m
ins) or 0 for no refresh" type="
int" default="900">900</refresh>
</
locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not def
ined. set mode
to 'groups' and def
ine group
to allow multiple host and its aliases" mode="groups">
<group>192.168.2.
107:8880,localhost:3000,
10.1.200.64</group>
</alias_groups>
<is_legacy_server desc="Set
to true for legacy server that need deprecated headers." type="bool" default="false">false</is_legacy_server>
</wopi>
<ssl desc="SSL sett
ings">
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme
to enable SSL for s
torage">true</as_scheme>
<enable type="bool" desc="If as_scheme is false or not set, this can be set
to force SSL encryption between s
torage and coolwsd. When empty this defaults
to follo
wing the ssl.enable sett
ing"></enable>
<cert_file_path desc="Path
to the cert file. When empty this defaults
to follo
wing the ssl.cert_file_path sett
ing" type="path" relative="false"></cert_file_path>
<key_file_path desc="Path
to the key file. When empty this defaults
to follo
wing the ssl.key_file_path sett
ing" type="path" relative="false"></key_file_path>
<ca_file_path desc="Path
to the ca file. When empty this defaults
to follo
wing the ssl.ca_file_path sett
ing" type="path" relative="false"></ca_file_path>
<cipher_list desc="List of OpenSSL ciphers
to accept. If empty the defaults are used. These can be overridden only if absolutely needed."></cipher_list>
</ssl>
</s
torage>
<adm
in_console desc="Web adm
in console sett
ings.">
<enable desc="Enable the adm
in console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable adm
in user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the adm
in console. Ignored if PAM is enabled."></username>
<password desc="The password of the adm
in console. Deprecated on most platforms.
Instead, use PAM or coolconfig
to set up a secure password."></password>
<logg
ing desc="Log adm
in activities irrespective of logg
ing.level">
<adm
in_log
in desc="log when an adm
in logged
into the console" type="bool" default="true">true</adm
in_log
in>
<metrics_fetch desc="log when metrics endpo
int is accessed and metrics endpo
int authentication is enabled" type="bool" default="true">true</metrics_fetch>
<moni
tor_connect desc="log when external moni
tor gets connected" type="bool" default="true">true</moni
tor_connect>
<adm
in_action desc="log when adm
in does some action for example kill
ing a process" type="bool" default="true">true</adm
in_action>
</logg
ing>
</adm
in_console>
<moni
tors desc="Addresses of servers we connect
to on start for moni
tor
ing">
<!-- <moni
tor desc="Address of the moni
tor and
interval after which it should try reconnect
ing after disconnect" retry
Interval="20">wss://foobar:234/ws</moni
tor> -->
</moni
tors>
<quarant
ine_files desc="Files are s
tored here
to be exam
ined later
in cases of crashes or similar situation." default="false" enable="false">
<limit_dir_size_mb desc="Maximum direc
tory size,
in MBs. On exceed
ing the specified limit, older files will be deleted." default="250" type="u
int">250</limit_dir_size_mb>
<max_versions_
to_ma
inta
in desc="
How many versions of the same file
to keep." default="5" type="u
int">5</max_versions_
to_ma
inta
in>
<path desc="Absolute path of the direc
tory under which quarant
ined files will be s
tored. Do not use a relative path." type="path" relative="false"></path>
<expiry_m
in desc="Time
in m
ins after quarant
ined files will be deleted." type="
int" default="3000">3000</expiry_m
in>
</quarant
ine_files>
<cache_files desc="Files are cached here
to speed up config support.">
<path desc="Absolute path of the direc
tory under which cached files will be s
tored. Do not use a relative path." type="path" relative="false"></path>
<expiry_m
in desc="Time
in m
ins after disuse at which cache files will be deleted." type="
int" default="3000">
1000</expiry_m
in>
</cache_files>
<extra_export_formats desc="Enable various extra export formats for additional compatibility. Note that disabl
ing options here *only*
disables them visually: these are all 'safe'
to export, it might just be undesirable
to s
how them, so you can't
disable export
ing these server-side">
<impress_swf desc="Enable export
ing Adobe flash .swf files from presentations" type="bool" default="false">false</impress_swf>
<impress_bmp desc="Enable export
ing .bmp bitmap files from presentation slides" type="bool" default="false">false</impress_bmp>
<impress_gif desc="Enable export
ing .gif image files from presentation slides" type="bool" default="false">false</impress_gif>
<impress_png desc="Enable export
ing .png image files from presentation slides" type="bool" default="false">false</impress_png>
<impress_svg desc="Enable export
ing
interactive .svg image files from presentations" type="bool" default="false">false</impress_svg>
<impress_tiff desc="Enable export
ing .tiff image files from presentation slides" type="bool" default="false">false</impress_tiff>
</extra_export_formats>
<serverside_config>
<idle_timeout_secs desc="The maximum number of seconds before unload
ing an idle sub forkit. Defaults
to 1 hour." type="u
int" default="3600">3600</idle_timeout_secs>
</serverside_config>
<remote_config>
<remote_url desc="remote server
to which you will send request
to get remote config
in response" type="str
ing" default=""></remote_url>
</remote_config>
<s
top_on_config_change desc="S
top coolwsd whenever config files change." type="bool" default="false">false</s
top_on_config_change>
<remote_font_config>
<url desc="URL of optional JSON file that lists fonts
to be
included
in Onl
ine" type="str
ing" default=""></url>
</remote_font_config>
<fonts_miss
ing>
<handl
ing desc="
How to handle fonts miss
ing
in a document: 'report', 'log', 'both', or 'ignore'" type="str
ing" default="log">log</handl
ing>
</fonts_miss
ing>
<
indirection_endpo
int>
<url desc="URL endpo
int
to server which servers route
Token
in json format" type="str
ing" default=""></url>
<migration_timeout_secs desc="The maximum number of seconds wait
ing for shutdown migration message from
indirection server before unload
ing an document. Defaults
to 180 second." type="u
int" default="180">180</migration_timeout_secs>
<geolocation_setup>
<enable desc="Enable geolocation_setup when us
ing
indirection server with geolocation configuration" type="bool" default="false">false</enable>
<timezone desc="IANA timezone of server. For example: Europe/Berl
in" type="str
ing"></timezone>
<allowed_websocket_orig
ins desc="Orig
in header
to get accepted dur
ing websocket upgrade">
<!-- <orig
in></orig
in> -->
</allowed_websocket_orig
ins>
</geolocation_setup>
<server_name desc="server name
to s
how in cluster overview adm
in panel" type="str
ing" default=""></server_name>
</
indirection_endpo
int>
<home_mode>
<enable desc="Home users can enable this sett
ing, which
in turn
disables welcome
screen and user feedback popups, but also limits concurrent open connections
to 20 and concurrent open documents
to 10. The default means that number of concurrent open connections and concurrent open documents are unlimited, but welcome
screen and user feedback cannot be switched off." type="bool" default="false">false</enable>
</home_mode>
<zotero desc="Zotero plug
in configuration. For more details about Zotero visit https://www.zotero.org/">
<enable desc="Enable Zotero plug
in." type="bool" default="true">true</enable>
</zotero>
<help_url desc="The Help root URL, or empty for no help (hides the Help but
tons)" type="str
ing" default="https://help.collaboraoffice.com/help.html?">https://help.collaboraoffice.com/help.html?</help_url>
<overwrite_mode>
<enable desc="Enable overwrite mode (user can use
insert key)" type="bool" default="false">false</enable>
</overwrite_mode>
<wasm desc="WASM-specific sett
ings">
<enable desc="Enable WASM support" type="bool" default="false">false</enable>
<force desc="When enabled, all requests are redirected
to WASM." type="bool" default="false">false</force>
</wasm>
<document_sign
ing desc="Document sign
ing sett
ings">
<enable desc="Enable document sign
ing" type="bool" default="true">true</enable>
</document_sign
ing>
</config>
这是我的coolwsd.xml 这样可以吗
禁用Windows10屏幕旋转
扫一扫
896
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
