Configuring ONLYOFFICE Docs Enterprise Edition

Introduction

To change any ONLYOFFICE Docs server settings, configure the corresponding parameter in ONLYOFFICE Docs configuration file, which can be found at the following path:

  • For Linux - /etc/onlyoffice/documentserver/default.json
  • For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\default.json

If you want to change it, you can use the local.json file, where all the edited parameters should be stored. This file is located in the same directory as the default.json file, and the whole object structure for the necessary parameter must be retained.

Please do not edit the contents of the default.json file directly. The default values will be restored each time you restart Docker container or upgrade ONLYOFFICE Docs to a new version, and all your changes will be lost.

Default server settings are described below.

StatsD

ParameterDescriptionTypeDefault
Defines if the StatsD metrics are enabled for ONLYOFFICE Docs or not.booleanfalse
Defines the StatsD server host (host name or IP address).string"localhost"
Defines the StatsD server port.string"8125"
Defines a string that will be added to the beginning of all the stats automatically. It helps to distinguish different applications using the same StatsD server.string"ds."

These parameters define the StatsD server properties, specifying an aggregator of metrics.

Example
"statsd": {
    "useMetrics": false,
    "host": "localhost",
    "port": "8125",
    "prefix": "ds."
}

Logger

ParameterDescriptionTypeDefault
Defines a path to the log file.string""
Defines the log options.object
Defines if the log information is printed to the console or not.booleantrue

These parameters define the logger properties.

Example
"log": {
    "filePath": "",
    "options": {
        "replaceConsole": true
    }
}

Queues

ParameterDescriptionTypeDefault
Defines the message broker type.string"rabbitmq"
Defines the conversion timeout (measured in seconds).integer300
Defines the TTL (time to live) of all the messages in a queue (measured in seconds).integer900

These parameters define a queue of messages received from the message-broker.

Example
"queue": {
    "type": "rabbitmq",
    "visibilityTimeout": 300,
    "retentionPeriod": 900
}

Email

ParameterDescriptionTypeDefault
Defines the basic settings for connecting to the SMTP server.object
Defines the host name or IP address of the SMTP server.string"localhost"
Defines the SMTP server port.integer587
Defines the authentication data.object
Defines the authentication username.string"onlyoffice"
Defines the authentication password.string"onlyoffice"
Defines the technical options for connecting to the SMTP server.object
Defines whether to allow using files as content. If this parameter is set to true, then JSON data from an untrusted source cannot be used as the email. If an attachment or message node tries to fetch something from a file, the sending returns an error.booleanfalse
Defines whether to allow using URLs as content.booleanfalse
Defines the email message settings.object
Defines the email address of the sender. All email addresses can be plain "sender@server.com" or with formatted name '"Sender Name" sender@server.com'.string"from@example.com"
Defines the comma separated list or an array of recipients email addresses that will appear on the To: field.string"to@example.com"

These parameters define the settings of an external mail server, which is used to send notifications. To connect to the mail server, use the nodemailer library. Many config settings are passed directly to this library.

Example
"email": {
    "smtpServerConfiguration": {
        "host": "localhost",
        "port": 587,
        "auth": {
            "user": "onlyoffice",
            "pass": "onlyoffice"
        }
    },
    "connectionConfiguration": {
        "disableFileAccess": false,
        "disableUrlAccess": false
    },
    "contactDefaults": {
        "from": "from@example.com",
        "to": "to@example.com"
    }
}

Notification

ParameterDescriptionTypeDefault
Defines the rules of notification settings for four notification types: licenseExpirationWarning, licenseExpirationError, licenseLimitEdit, licenseLimitLiveViewer.object
Defines the rules for the licenseExpirationWarning notification settings.object
Defines whether the licenseExpirationWarning notification is enabled. Each notification type must be enabled separately.booleanfalse
Defines the way of sending the licenseExpirationWarning notification. Currently, only the email type is available.array of strings["email"]
Defines a template of the licenseExpirationWarning notification title and body.object
Defines a template of the licenseExpirationWarning notification title.string"%s Docs license expiration warning"
notification.rules.licenseExpirationWarning.template.body
Defines a template of the licenseExpirationWarning notification body.string"Attention! Your license is about to expire on %s.\nUpon reaching this date, you will no longer be entitled to receive personal technical support and install new Docs versions released after this date."
Defines the licenseExpirationWarning notification sending policy.object
Defines the time when the licenseExpirationWarning notification will be sent (not more often than the specified period).string"1d"
Defines the rules for the licenseExpirationError notification settings.object
Defines whether the licenseExpirationError notification is enabled. Each notification type must be enabled separately.booleanfalse
Defines the way of sending the licenseExpirationError notification. Currently, only the email type is available.array of strings["email"]
Defines a template of the licenseExpirationError notification title and body.object
Defines a template of the licenseExpirationError notification title.string"%s Docs license expiration warning"
notification.rules.licenseExpirationError.template.body
Defines a template of the licenseExpirationError notification body.string"Attention! Your license expired on %s.\nYou are no longer entitled to receive personal technical support and install new Docs versions released after this date.\nPlease contact sales@onlyoffice.com to discuss license renewal."
Defines the licenseExpirationError notification sending policy.object
Defines the time when the licenseExpirationError notification will be sent (not more often than the specified period).string"1d"
Defines the rules for the licenseLimitEdit notification settings.object
Defines whether the licenseLimitEdit notification is enabled. Each notification type must be enabled separately.booleanfalse
Defines the way of sending the licenseLimitEdit notification. Currently, only the email type is available.array of strings["email"]
Defines a template of the licenseLimitEdit notification title and body.object
Defines a template of the licenseLimitEdit notification title.string"%s Docs license connection limit warning"
notification.rules.licenseLimitEdit.template.body
Defines a template of the licenseLimitEdit notification body.string"Attention! You have reached %s%% of the %s limit set by your license."
Defines the licenseLimitEdit notification sending policy.object
Defines the time when the licenseLimitEdit notification will be sent (not more often than the specified period).string"1d"
Defines the rules for the licenseLimitLiveViewer notification settings.object
Defines whether the licenseLimitLiveViewer notification is enabled. Each notification type must be enabled separately.booleanfalse
Defines the way of sending the licenseLimitLiveViewer notification. Currently, only the email type is available.array of strings["email"]
Defines a template of the licenseLimitLiveViewer notification title and body.object
Defines a template of the licenseLimitLiveViewer notification title.string"%s Docs license connection limit warning"
notification.rules.licenseLimitLiveViewer.template.body
Defines a template of the licenseLimitLiveViewer notification body.string"Attention! You have reached %s%% of the %s limit set by your license."
Defines the licenseLimitLiveViewer notification sending policy.object
Defines the time when the licenseLimitLiveViewer notification will be sent (not more often than the specified period).string"1d"

These parameters define the notification settings.

Notifications with the following event types and content are sent:

  • 70% of the connection quota (quota of unique users) is exceeded.

    License connection limit warning: "Attention! You have reached 70% of the connections limit set by your license."

  • The connection quota (quota of unique users) is reached.

    License connection limit warning: "Attention! You have reached 100% of the connection limit set by your license."

  • 30 days before the license expires.

    License expiration warning: "Attention! Your license is about to expire on September 8, 2024. Upon reaching this date, you will no longer be entitled to receive personal technical support and install new Docs versions released after this date."

  • The license has expired.

    License connection limit warning: "Attention! Your license expired on September 8, 2024. You are no longer entitled to receive personal technical support and install new Docs versions released after this date. Please contact sales@onlyoffice.com to discuss license renewal."

These notifications are written to the server log with the WARN or ERROR level.

Example
"notification": {
    "rules": {
        "licenseExpirationWarning": {
            "enable": false,
            "transportType": [
                "email"
            ],
            "template": {
                "title": "%s Docs license expiration warning",
                "body": "Attention! Your license is about to expire on %s.\nUpon reaching this date, you will no longer be entitled to receive personal technical support and install new Docs versions released after this date."
            },
            "policies": {
                "repeatInterval": "1d"
            }
        },
        "licenseExpirationError": {
            "enable": false,
            "transportType": [
                "email"
            ],
            "template": {
                "title": "%s Docs license expiration warning",
                "body": "Attention! Your license expired on %s.\nYou are no longer entitled to receive personal technical support and install new Docs versions released after this date.\nPlease contact sales@onlyoffice.com to discuss license renewal."
            },
            "policies": {
                "repeatInterval": "1d"
            }
        },
        "licenseLimitEdit": {
            "enable": false,
            "transportType": [
                "email"
            ],
            "template": {
                "title": "%s Docs license connection limit warning",
                "body": "Attention! You have reached %s%% of the %s limit set by your license."
            },
            "policies": {
                "repeatInterval": "1h"
            }
        },
        "licenseLimitLiveViewer": {
            "enable": false,
            "transportType": [
                "email"
            ],
            "template": {
                "title": "%s Docs license connection limit warning",
                "body": "Attention! You have reached %s%% of the live viewer %s limit set by your license."
            },
            "policies": {
                "repeatInterval": "1h"
            }
        }
    }
}

Document storage service

ParameterDescriptionTypeDefault
Defines the document storage service name.string"storage-fs"
Defines a fileSystem object parameters.object
Defines a path to the App_Data folder where all files are stored.string""
Defines the time when the temporary URL to the fileSystem object expires (measured in seconds).integer900
Defines the secret string which is used to sign the URL.string"verysecretstring"
Defines an AWS region where your Amazon bucket resides.string""
Defines the S3 AWS document storage endpoint.string"http://localhost/s3"
Defines a unique S3 AWS document storage name.string"cache"
Defines the S3 AWS document storage folder name where all the files are stored.string"files"
Defines the cache folder name for working in the multi-tenant mode.string"data"
Defines the time when the URL to the S3 AWS document storage expires (measured in milliseconds).integer604800
Defines a key ID to access the S3 AWS document storage.string"AKID"
Defines a secret key to access the S3 AWS document storage.string"SECRET"
Defines if SSL of the S3 AWS document storage is enabled or not.booleanfalse
Defines if the requests to the S3 AWS document storage always use path style addressing.booleantrue
Defines an external host which is used instead of the host specified in the request.string""

These parameters define the document storage service configuration.

Example
"storage": {
    "name": "storage-fs",
    "fs": {
        "folderPath": "",
        "urlExpires": 900,
        "secretString": "verysecretstring"
    },
    "region": "",
    "endpoint": "http://localhost/s3",
    "bucketName": "cache",
    "storageFolderName": "files",
    "cacheFolderName": "data",
    "urlExpires": 604800,
    "accessKeyId": "AKID",
    "secretAccessKey": "SECRET",
    "sslEnabled": false,
    "s3ForcePathStyle": true,
    "externalHost": ""
}

Persistent storage

These parameters define the settings of the persistent storage, which is used to separate the settings for the document cache file storage and the storage of the forgotten and error files. Settings that are not specified in this object are inherited from the storage object. The separation is convenient for server upgrades.

Example
"persistentStorage": {
}

RabbitMQ

ParameterDescriptionTypeDefault
Defines the RabbitMQ URL.string"amqp://guest:guest@localhost:5672"

Defines the RabbitMQ socket options that will be passed to the socket library (net or tls). These options must be fields set on the object supplied. The socket options can be used for the SSL connection and can contain the following fields:

  • cert - defines a certificate to present to the server (in PEM or pkcs12 format),
    type: string,
    example: "";
  • key - defines the private key for the certificate (in PEM or pkcs12 format),
    type: string,
    example: "";
  • passphrase - defines a passphrase for the private key,
    type: string,
    example: "MySecretPassword";
  • ca - defines a list of the CA certificates in PEM format that we will trust, since we are using a self-signed certificate,
    type: array,
    example: [];
  • noDelay - defines if TCP_NODELAY (Nagle's algorithm) is set on the underlying socket or not,
    type: boolean,
    example: true.
object{}
Defines the Publisher Subscriber exchange server.string"ds.pubsub"
Defines a queue of tasks.string"ds.converttask"
Defines a queue of responses.string"ds.convertresponse"
Defines a dead letter exchange.string"ds.exchangeconvertdead"
Defines a dead letter queue.string"ds.convertdead"
Defines the delayed queue.string"ds.delayed"

These parameters define the RabbitMQ message broker configuration.

Example
"rabbitmq": {
    "url": "amqp://guest:guest@localhost:5672",
    "socketOptions": {},
    "exchangepubsub": "ds.pubsub",
    "queueconverttask": "ds.converttask",
    "queueconvertresponse": "ds.convertresponse",
    "exchangeconvertdead": "ds.exchangeconvertdead",
    "queueconvertdead": "ds.convertdead",
    "queuedelayed": "ds.delayed"
}

ActiveMQ

ParameterDescriptionTypeDefault
Defines the ActiveMQ connect options.object
Defines a port of the server to which the ActiveMQ container is connected.integer5672
Defines a host (host name or IP address) of the server to which the ActiveMQ container is connected.string"localhost"
Defines if the ActiveMQ module will automatically attempt to reconnect if disconnected (true) or not (false).booleanfalse
Defines a queue of tasks.string"ds.converttask"
Defines a queue of responses.string"ds.convertresponse"
Defines a dead letter queue.string"ActiveMQ.DLQ"
Defines the delayed queue.string"ds.delayed"
Defines the Publisher Subscriber topic.string"ds.pubsub"

These parameters define the ActiveMQ message broker configuration.

Example
"activemq": {
    "connectOptions": {
        "port": 5672,
        "host": "localhost",
        "reconnect": false
    },
    "queueconverttask": "ds.converttask",
    "queueconvertresponse": "ds.convertresponse",
    "queueconvertdead": "ActiveMQ.DLQ",
    "queuedelayed": "ds.delayed",
    "topicpubsub": "ds.pubsub"
}

DNS cache

ParameterDescriptionTypeDefault
Defines if the DNS cache is enabled or not.booleantrue
Defines the time when the DNS records expire (measured in seconds).integer300
Defines the DNS cache size.integer1000

These parameters define the configuration of the DNS cache which is used for the IP-filter.

Example
"dnscache": {
    "enable" : true,
    "ttl" : 300,
    "cachesize" : 1000
}

OpenPGP protocol

ParameterDescriptionTypeDefault
Defines the OpenPGP protocol configuration.object{}
Defines the OpenPGP encryption settings.object
Defines a password which is used for the OpenPGP encryption.array of strings["verysecretstring"]
Defines the OpenPGP decryption settings.object
Defines a password which is used for the OpenPGP decryption.array of strings["verysecretstring"]

These parameters define the settings of the OpenPGP protocol, which is used to encrypt the password when opening an encrypted document for editing.

Example
"openpgpjs": {
    "config": {
    },
    "encrypt": {
        "passwords": ["verysecretstring"]
    },
    "decrypt": {
        "passwords": ["verysecretstring"]
    }
}

AES-256-GCM algorithm

ParameterDescriptionTypeDefault
Defines the AES-256-GCM algorithm configuration.object
Defines the key length measured in bytes.integer32
Defines the salt length measured in bytes.integer64
Defines the initialization vector length measured in bytes.integer16
Defines the iterations length measured in bytes.integer5
Defines a password which is used for the AES-256-GCM encryption.string"verysecretstring"

These parameters define the settings of the AES-256-GCM encryption algorithm.

Example
"aesEncrypt": {
    "config": {
        "keyByteLength": 32,
        "saltByteLength": 64,
        "initializationVectorByteLength": 16,
        "iterationsByteLength": 5
    },
    "secret": "verysecretstring"
}

Bottleneck

ParameterDescriptionTypeDefault
Defines the constructor options to generate limiters for throttling the database requests.object{}

This parameter defines the Bottleneck configuration.

Example
"bottleneck": {
    "getChanges": {
    }
}

WOPI

ParameterDescriptionTypeDefault
Defines if WOPI is enabled or not.booleanfalse
Defines the WOPI host (host name or IP address).string""
Defines a path to the WOPI HTML template.string"../../web-apps/apps/api/wopi"
Defines a zone that the Document Server uses to navigate the browser to the WOPI application.string"external-http"
Defines a path to the favicon for the document editor.string"/web-apps/apps/documenteditor/main/resources/img/favicon.ico"
Defines a path to the favicon for the spreadsheet editor.string"/web-apps/apps/spreadsheeteditor/main/resources/img/favicon.ico"
Defines a path to the favicon for the presentation editor.string"/web-apps/apps/presentationeditor/main/resources/img/favicon.ico"
Defines a path to the favicon for the PDF editor.string"/web-apps/apps/pdfeditor/main/resources/img/favicon.ico"
Defines a list of WOPI file information parameters that are blocked when sending this array to the browser. However, these parameters are available on the server.array of strings["FileUrl"]
Defines the file types that can be viewed in the PDF editor.array of strings["djvu", "xps", "oxps"]
Defines the file types that can be edited in the PDF editor.array of strings["pdf"]
Defines the form file types.array of strings["pdf"]
Defines the file types that can be viewed in the document editor.array of strings["doc", "dotm", "dot", "fodt", "ott", "rtf", "mht", "mhtml", "html", "htm", "xml", "epub", "fb2", "sxw", "stw", "wps", "wpt", "docxf", "oform"]
Defines the file types that can be edited in the document editor.array of strings["docx", "dotx", "docm", "odt", "txt"]
Defines the file types that can be viewed in the spreadsheet editor.array of strings["xls", "xlsb", "xltm", "xlt", "fods", "ots", "sxc", "xml", "et", "ett"]
Defines the file types that can be edited in the spreadsheet editor.array of strings["xlsx", "xltx", "xlsm", "ods", "csv"]
Defines the file types that can be viewed in the presentation editor.array of strings["ppt", "ppsx", "ppsm", "pps", "potm", "pot", "fodp", "otp", "sxi", "dps", "dpt"]
Defines the file types that can be edited in the presentation editor.array of strings["pptx", "potx", "pptm", "odp"]
Defines the public key that the integrator uses to check the private key.string"BgIAAACkAABSU0ExAAgAAAEAAQBpTpiJQ2hD8plpGTfEEmcq4IKyr31HikXpuVSBraMfqyodn2PGXBJ3daNSmdPOc0Nz4HO9Auljn8YYXDPBdpiABptSKvEDPF23Q+Qytg0+vCRyondyBcW91w7KLzXce3fnk8ZfJ8QtbZPL9m11wJIWZueQF+l0HKYx4lty+nccbCanytFTADkGQ3SnmExGEF3rBz6I9+OcrDDK9NKPJgEmCiuyei/d4XbPgKls3EIG0h38X5mVF2VytfWm2Yu850B6z3N4MYhj4b4vsYT62zEC4pMRUeb8dIBy4Jsmr3avtmeO00MUH6DVyPC8nirixj2YIOPKk13CdVqGDSXA3cvl"
Defines the RSA modulus in the Base64-encoded format that is used to retrieve the public key.string"5cvdwCUNhlp1wl2TyuMgmD3G4iqevPDI1aAfFEPTjme2r3avJpvgcoB0/OZREZPiAjHb+oSxL77hY4gxeHPPekDnvIvZpvW1cmUXlZlf/B3SBkLcbKmAz3bh3S96sisKJgEmj9L0yjCsnOP3iD4H610QRkyYp3RDBjkAU9HKpyZsHHf6clviMaYcdOkXkOdmFpLAdW32y5NtLcQnX8aT53d73DUvyg7XvcUFcneiciS8Pg22MuRDt108A/EqUpsGgJh2wTNcGMafY+kCvXPgc0NzztOZUqN1dxJcxmOfHSqrH6OtgVS56UWKR32vsoLgKmcSxDcZaZnyQ2hDiZhOaQ=="
Defines the RSA exponent in the Base64-encoded format that is used to retrieve the public key.string"65537"
Defines the private key that signs the Document Server request.string"-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDly93AJQ2GWnXC\nXZPK4yCYPcbiKp688MjVoB8UQ9OOZ7avdq8mm+BygHT85lERk+ICMdv6hLEvvuFj\niDF4c896QOe8i9mm9bVyZReVmV/8HdIGQtxsqYDPduHdL3qyKwomASaP0vTKMKyc\n4/eIPgfrXRBGTJindEMGOQBT0cqnJmwcd/pyW+Ixphx06ReQ52YWksB1bfbLk20t\nxCdfxpPnd3vcNS/KDte9xQVyd6JyJLw+DbYy5EO3XTwD8SpSmwaAmHbBM1wYxp9j\n6QK9c+BzQ3PO05lSo3V3ElzGY58dKqsfo62BVLnpRYpHfa+yguAqZxLENxlpmfJD\naEOJmE5pAgMBAAECggEALiL+RKOr0Xu8BOgQ0j1DwA03LxVrhXe6etmJI+JySTcd\ngKENjWziZVrRIi2DvUm5qMMl7WhSwslKK1eexxZJY7xASqSxcEoIwgz17T07/jxm\nfIdUBiUKDZ1Kv8PWmIr3oKW+fkXWi/m1zlIe0qXRpTmsGNEsHQLEqi0rmaiXTXOR\n/2Ldwi6kZR3sWFx97YS4Mx/pueGJTXEai6AVEZzN5Gog6xD8HXR1Rvq+hhd+MocG\nfnU4HgilKRfoJlWd9FOscgSufKG0L3ViO4fSKU46l5aullDYUk5ECMWiwuKSqSE7\nqD45jI3mbOre7S4u3S3TWdD3lzwiXL49LdwKlEC4mQKBgQD0sLr0GH4Wr+QX2xJE\nuA/Cb8QW41l8iSCBTRZZR/sJOd+o3rbcVidlzO/EbZblXG4ZPDmRjgBCGKIP5EZi\n0DsL+Wv32WOo44LpxJGhqExbm0H1iZ1zZ97l0P8fvIhHE42gmaLToOIGDhPSXGvv\nzlqOHbGbq4jsERc1jp1bej5q6wKBgQDwaueIc4pRchH98QYidcyr8Vwg9KhbnfYX\ny3W4RPlZtBdF34iJaio+ASzugo/zy1RTcVrsCskYWXyKDUQz1yu0iCng+fDCUnTm\nXGmEoEGNhk4vTJOt7hBav1/Ja/dUipGf6mXUuanwJ0e+1/Et/B0ah5X1Um5AyNZI\nM+SyRz3u+wKBgQCjvtUNXoqaghCBCmB6TjZ1prexnWkYFugCv2SSUMIk1W7gIlJ6\ntsjcrj1R1Qii6qzfBFd+GWoA0V06h0e2/qRVCg//p6GytrW33IycgvS+ZPLJ7tLI\nFR2r66WfRlpoPiSL8eRt/P7kkG0hXCn7K7ub2TEu/Ka/W1yNwad6PR8iCwKBgQC8\nXcZSrtQsxAc8w99emJVoEo9wcsCGJ9ltA0iUu9XyZpvlbyJ3J+s48YrWxQ0sop7L\nUgE+96Rfo51kPMi3JVtk81p8ntf4KMrWwokaFMXHsPcJMCJ1IBVIRLE0C5eZcYhv\nlyN57I4tT1lzOZYJxYK4Cot/zrn7oF/j6mTBGfh4iQKBgQCiJMUxRz01/czH/XSX\ngo3dVbHQ4FEOufWnE3Eb93S8r0/eq1RM118rb0TqzuiadW2xYDU4nucWQlrlmq0d\nFY/m+Hy97pqyk6jmoU5I/D+ssBIoYHWLnH9/xfvDEk2JGSJSHtzu0D4EDC/rgQ49\nMbYsO5oUrF8tPlhj5vzbf3GKLA==\n-----END PRIVATE KEY-----\n"
Defines the old public key that the integrator used to check the private key.string"BgIAAACkAABSU0ExAAgAAAEAAQBpTpiJQ2hD8plpGTfEEmcq4IKyr31HikXpuVSBraMfqyodn2PGXBJ3daNSmdPOc0Nz4HO9Auljn8YYXDPBdpiABptSKvEDPF23Q+Qytg0+vCRyondyBcW91w7KLzXce3fnk8ZfJ8QtbZPL9m11wJIWZueQF+l0HKYx4lty+nccbCanytFTADkGQ3SnmExGEF3rBz6I9+OcrDDK9NKPJgEmCiuyei/d4XbPgKls3EIG0h38X5mVF2VytfWm2Yu850B6z3N4MYhj4b4vsYT62zEC4pMRUeb8dIBy4Jsmr3avtmeO00MUH6DVyPC8nirixj2YIOPKk13CdVqGDSXA3cvl"
Defines the old RSA modulus in the Base64-encoded format that was used to retrieve the public key.string"5cvdwCUNhlp1wl2TyuMgmD3G4iqevPDI1aAfFEPTjme2r3avJpvgcoB0/OZREZPiAjHb+oSxL77hY4gxeHPPekDnvIvZpvW1cmUXlZlf/B3SBkLcbKmAz3bh3S96sisKJgEmj9L0yjCsnOP3iD4H610QRkyYp3RDBjkAU9HKpyZsHHf6clviMaYcdOkXkOdmFpLAdW32y5NtLcQnX8aT53d73DUvyg7XvcUFcneiciS8Pg22MuRDt108A/EqUpsGgJh2wTNcGMafY+kCvXPgc0NzztOZUqN1dxJcxmOfHSqrH6OtgVS56UWKR32vsoLgKmcSxDcZaZnyQ2hDiZhOaQ=="
Defines the old RSA exponent in the Base64-encoded format that was used to retrieve the public key.string"65537"
Defines the old private key that signed the Document Server request.string"-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDly93AJQ2GWnXC\nXZPK4yCYPcbiKp688MjVoB8UQ9OOZ7avdq8mm+BygHT85lERk+ICMdv6hLEvvuFj\niDF4c896QOe8i9mm9bVyZReVmV/8HdIGQtxsqYDPduHdL3qyKwomASaP0vTKMKyc\n4/eIPgfrXRBGTJindEMGOQBT0cqnJmwcd/pyW+Ixphx06ReQ52YWksB1bfbLk20t\nxCdfxpPnd3vcNS/KDte9xQVyd6JyJLw+DbYy5EO3XTwD8SpSmwaAmHbBM1wYxp9j\n6QK9c+BzQ3PO05lSo3V3ElzGY58dKqsfo62BVLnpRYpHfa+yguAqZxLENxlpmfJD\naEOJmE5pAgMBAAECggEALiL+RKOr0Xu8BOgQ0j1DwA03LxVrhXe6etmJI+JySTcd\ngKENjWziZVrRIi2DvUm5qMMl7WhSwslKK1eexxZJY7xASqSxcEoIwgz17T07/jxm\nfIdUBiUKDZ1Kv8PWmIr3oKW+fkXWi/m1zlIe0qXRpTmsGNEsHQLEqi0rmaiXTXOR\n/2Ldwi6kZR3sWFx97YS4Mx/pueGJTXEai6AVEZzN5Gog6xD8HXR1Rvq+hhd+MocG\nfnU4HgilKRfoJlWd9FOscgSufKG0L3ViO4fSKU46l5aullDYUk5ECMWiwuKSqSE7\nqD45jI3mbOre7S4u3S3TWdD3lzwiXL49LdwKlEC4mQKBgQD0sLr0GH4Wr+QX2xJE\nuA/Cb8QW41l8iSCBTRZZR/sJOd+o3rbcVidlzO/EbZblXG4ZPDmRjgBCGKIP5EZi\n0DsL+Wv32WOo44LpxJGhqExbm0H1iZ1zZ97l0P8fvIhHE42gmaLToOIGDhPSXGvv\nzlqOHbGbq4jsERc1jp1bej5q6wKBgQDwaueIc4pRchH98QYidcyr8Vwg9KhbnfYX\ny3W4RPlZtBdF34iJaio+ASzugo/zy1RTcVrsCskYWXyKDUQz1yu0iCng+fDCUnTm\nXGmEoEGNhk4vTJOt7hBav1/Ja/dUipGf6mXUuanwJ0e+1/Et/B0ah5X1Um5AyNZI\nM+SyRz3u+wKBgQCjvtUNXoqaghCBCmB6TjZ1prexnWkYFugCv2SSUMIk1W7gIlJ6\ntsjcrj1R1Qii6qzfBFd+GWoA0V06h0e2/qRVCg//p6GytrW33IycgvS+ZPLJ7tLI\nFR2r66WfRlpoPiSL8eRt/P7kkG0hXCn7K7ub2TEu/Ka/W1yNwad6PR8iCwKBgQC8\nXcZSrtQsxAc8w99emJVoEo9wcsCGJ9ltA0iUu9XyZpvlbyJ3J+s48YrWxQ0sop7L\nUgE+96Rfo51kPMi3JVtk81p8ntf4KMrWwokaFMXHsPcJMCJ1IBVIRLE0C5eZcYhv\nlyN57I4tT1lzOZYJxYK4Cot/zrn7oF/j6mTBGfh4iQKBgQCiJMUxRz01/czH/XSX\ngo3dVbHQ4FEOufWnE3Eb93S8r0/eq1RM118rb0TqzuiadW2xYDU4nucWQlrlmq0d\nFY/m+Hy97pqyk6jmoU5I/D+ssBIoYHWLnH9/xfvDEk2JGSJSHtzu0D4EDC/rgQ49\nMbYsO5oUrF8tPlhj5vzbf3GKLA==\n-----END PRIVATE KEY-----\n"
Defines the interval time in minutes for refreshing the lock on a file by resetting its automatic expiration timer to 30 minutes.string"10m"
Defines the properties of dummy handlers for stress testing.object
Defines if the dummy handlers are enabled or not.booleanfalse
Defines the dummy path to the sample file.string""

These parameters define the WOPI protocol configuration.

Example
"wopi": {
    "enable": false,
    "host" : "",
    "htmlTemplate" : "../../web-apps/apps/api/wopi",
    "wopiZone" : "external-http",
    "favIconUrlWord" : "/web-apps/apps/documenteditor/main/resources/img/favicon.ico",
    "favIconUrlCell" : "/web-apps/apps/spreadsheeteditor/main/resources/img/favicon.ico",
    "favIconUrlSlide" : "/web-apps/apps/presentationeditor/main/resources/img/favicon.ico",
    "favIconUrlPdf" : "/web-apps/apps/pdfeditor/main/resources/img/favicon.ico",
    "fileInfoBlockList" : ["FileUrl"],
    "pdfView": ["djvu", "xps", "oxps"],
    "pdfEdit": ["pdf"],
    "forms": ["pdf"],
    "wordView": ["doc", "dotm", "dot", "fodt", "ott", "rtf", "mht", "mhtml", "html", "htm", "xml", "epub", "fb2", "sxw", "stw", "wps", "wpt", "docxf", "oform"],
    "wordEdit": ["docx", "dotx", "docm", "odt", "txt"],
    "cellView": ["xls", "xlsb", "xltm", "xlt", "fods", "ots", "sxc", "xml", "et", "ett"],
    "cellEdit": ["xlsx", "xltx", "xlsm", "ods", "csv"],
    "slideView": ["ppt", "ppsx", "ppsm", "pps", "potm", "pot", "fodp", "otp", "sxi", "dps", "dpt"],
    "slideEdit": ["pptx", "potx", "pptm", "odp"],
    "publicKey": "BgIAAACkAABSU0ExAAgAAAEAAQBpTpiJQ2hD8plpGTfEEmcq4IKyr31HikXpuVSBraMfqyodn2PGXBJ3daNSmdPOc0Nz4HO9Auljn8YYXDPBdpiABptSKvEDPF23Q+Qytg0+vCRyondyBcW91w7KLzXce3fnk8ZfJ8QtbZPL9m11wJIWZueQF+l0HKYx4lty+nccbCanytFTADkGQ3SnmExGEF3rBz6I9+OcrDDK9NKPJgEmCiuyei/d4XbPgKls3EIG0h38X5mVF2VytfWm2Yu850B6z3N4MYhj4b4vsYT62zEC4pMRUeb8dIBy4Jsmr3avtmeO00MUH6DVyPC8nirixj2YIOPKk13CdVqGDSXA3cvl",
    "modulus": "5cvdwCUNhlp1wl2TyuMgmD3G4iqevPDI1aAfFEPTjme2r3avJpvgcoB0/OZREZPiAjHb+oSxL77hY4gxeHPPekDnvIvZpvW1cmUXlZlf/B3SBkLcbKmAz3bh3S96sisKJgEmj9L0yjCsnOP3iD4H610QRkyYp3RDBjkAU9HKpyZsHHf6clviMaYcdOkXkOdmFpLAdW32y5NtLcQnX8aT53d73DUvyg7XvcUFcneiciS8Pg22MuRDt108A/EqUpsGgJh2wTNcGMafY+kCvXPgc0NzztOZUqN1dxJcxmOfHSqrH6OtgVS56UWKR32vsoLgKmcSxDcZaZnyQ2hDiZhOaQ==",
    "exponent": 65537,
    "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDly93AJQ2GWnXC\nXZPK4yCYPcbiKp688MjVoB8UQ9OOZ7avdq8mm+BygHT85lERk+ICMdv6hLEvvuFj\niDF4c896QOe8i9mm9bVyZReVmV/8HdIGQtxsqYDPduHdL3qyKwomASaP0vTKMKyc\n4/eIPgfrXRBGTJindEMGOQBT0cqnJmwcd/pyW+Ixphx06ReQ52YWksB1bfbLk20t\nxCdfxpPnd3vcNS/KDte9xQVyd6JyJLw+DbYy5EO3XTwD8SpSmwaAmHbBM1wYxp9j\n6QK9c+BzQ3PO05lSo3V3ElzGY58dKqsfo62BVLnpRYpHfa+yguAqZxLENxlpmfJD\naEOJmE5pAgMBAAECggEALiL+RKOr0Xu8BOgQ0j1DwA03LxVrhXe6etmJI+JySTcd\ngKENjWziZVrRIi2DvUm5qMMl7WhSwslKK1eexxZJY7xASqSxcEoIwgz17T07/jxm\nfIdUBiUKDZ1Kv8PWmIr3oKW+fkXWi/m1zlIe0qXRpTmsGNEsHQLEqi0rmaiXTXOR\n/2Ldwi6kZR3sWFx97YS4Mx/pueGJTXEai6AVEZzN5Gog6xD8HXR1Rvq+hhd+MocG\nfnU4HgilKRfoJlWd9FOscgSufKG0L3ViO4fSKU46l5aullDYUk5ECMWiwuKSqSE7\nqD45jI3mbOre7S4u3S3TWdD3lzwiXL49LdwKlEC4mQKBgQD0sLr0GH4Wr+QX2xJE\nuA/Cb8QW41l8iSCBTRZZR/sJOd+o3rbcVidlzO/EbZblXG4ZPDmRjgBCGKIP5EZi\n0DsL+Wv32WOo44LpxJGhqExbm0H1iZ1zZ97l0P8fvIhHE42gmaLToOIGDhPSXGvv\nzlqOHbGbq4jsERc1jp1bej5q6wKBgQDwaueIc4pRchH98QYidcyr8Vwg9KhbnfYX\ny3W4RPlZtBdF34iJaio+ASzugo/zy1RTcVrsCskYWXyKDUQz1yu0iCng+fDCUnTm\nXGmEoEGNhk4vTJOt7hBav1/Ja/dUipGf6mXUuanwJ0e+1/Et/B0ah5X1Um5AyNZI\nM+SyRz3u+wKBgQCjvtUNXoqaghCBCmB6TjZ1prexnWkYFugCv2SSUMIk1W7gIlJ6\ntsjcrj1R1Qii6qzfBFd+GWoA0V06h0e2/qRVCg//p6GytrW33IycgvS+ZPLJ7tLI\nFR2r66WfRlpoPiSL8eRt/P7kkG0hXCn7K7ub2TEu/Ka/W1yNwad6PR8iCwKBgQC8\nXcZSrtQsxAc8w99emJVoEo9wcsCGJ9ltA0iUu9XyZpvlbyJ3J+s48YrWxQ0sop7L\nUgE+96Rfo51kPMi3JVtk81p8ntf4KMrWwokaFMXHsPcJMCJ1IBVIRLE0C5eZcYhv\nlyN57I4tT1lzOZYJxYK4Cot/zrn7oF/j6mTBGfh4iQKBgQCiJMUxRz01/czH/XSX\ngo3dVbHQ4FEOufWnE3Eb93S8r0/eq1RM118rb0TqzuiadW2xYDU4nucWQlrlmq0d\nFY/m+Hy97pqyk6jmoU5I/D+ssBIoYHWLnH9/xfvDEk2JGSJSHtzu0D4EDC/rgQ49\nMbYsO5oUrF8tPlhj5vzbf3GKLA==\n-----END PRIVATE KEY-----\n",
    "publicKeyOld": "BgIAAACkAABSU0ExAAgAAAEAAQBpTpiJQ2hD8plpGTfEEmcq4IKyr31HikXpuVSBraMfqyodn2PGXBJ3daNSmdPOc0Nz4HO9Auljn8YYXDPBdpiABptSKvEDPF23Q+Qytg0+vCRyondyBcW91w7KLzXce3fnk8ZfJ8QtbZPL9m11wJIWZueQF+l0HKYx4lty+nccbCanytFTADkGQ3SnmExGEF3rBz6I9+OcrDDK9NKPJgEmCiuyei/d4XbPgKls3EIG0h38X5mVF2VytfWm2Yu850B6z3N4MYhj4b4vsYT62zEC4pMRUeb8dIBy4Jsmr3avtmeO00MUH6DVyPC8nirixj2YIOPKk13CdVqGDSXA3cvl",
    "modulusOld": "5cvdwCUNhlp1wl2TyuMgmD3G4iqevPDI1aAfFEPTjme2r3avJpvgcoB0/OZREZPiAjHb+oSxL77hY4gxeHPPekDnvIvZpvW1cmUXlZlf/B3SBkLcbKmAz3bh3S96sisKJgEmj9L0yjCsnOP3iD4H610QRkyYp3RDBjkAU9HKpyZsHHf6clviMaYcdOkXkOdmFpLAdW32y5NtLcQnX8aT53d73DUvyg7XvcUFcneiciS8Pg22MuRDt108A/EqUpsGgJh2wTNcGMafY+kCvXPgc0NzztOZUqN1dxJcxmOfHSqrH6OtgVS56UWKR32vsoLgKmcSxDcZaZnyQ2hDiZhOaQ==",
    "exponentOld": 65537,
    "privateKeyOld": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDly93AJQ2GWnXC\nXZPK4yCYPcbiKp688MjVoB8UQ9OOZ7avdq8mm+BygHT85lERk+ICMdv6hLEvvuFj\niDF4c896QOe8i9mm9bVyZReVmV/8HdIGQtxsqYDPduHdL3qyKwomASaP0vTKMKyc\n4/eIPgfrXRBGTJindEMGOQBT0cqnJmwcd/pyW+Ixphx06ReQ52YWksB1bfbLk20t\nxCdfxpPnd3vcNS/KDte9xQVyd6JyJLw+DbYy5EO3XTwD8SpSmwaAmHbBM1wYxp9j\n6QK9c+BzQ3PO05lSo3V3ElzGY58dKqsfo62BVLnpRYpHfa+yguAqZxLENxlpmfJD\naEOJmE5pAgMBAAECggEALiL+RKOr0Xu8BOgQ0j1DwA03LxVrhXe6etmJI+JySTcd\ngKENjWziZVrRIi2DvUm5qMMl7WhSwslKK1eexxZJY7xASqSxcEoIwgz17T07/jxm\nfIdUBiUKDZ1Kv8PWmIr3oKW+fkXWi/m1zlIe0qXRpTmsGNEsHQLEqi0rmaiXTXOR\n/2Ldwi6kZR3sWFx97YS4Mx/pueGJTXEai6AVEZzN5Gog6xD8HXR1Rvq+hhd+MocG\nfnU4HgilKRfoJlWd9FOscgSufKG0L3ViO4fSKU46l5aullDYUk5ECMWiwuKSqSE7\nqD45jI3mbOre7S4u3S3TWdD3lzwiXL49LdwKlEC4mQKBgQD0sLr0GH4Wr+QX2xJE\nuA/Cb8QW41l8iSCBTRZZR/sJOd+o3rbcVidlzO/EbZblXG4ZPDmRjgBCGKIP5EZi\n0DsL+Wv32WOo44LpxJGhqExbm0H1iZ1zZ97l0P8fvIhHE42gmaLToOIGDhPSXGvv\nzlqOHbGbq4jsERc1jp1bej5q6wKBgQDwaueIc4pRchH98QYidcyr8Vwg9KhbnfYX\ny3W4RPlZtBdF34iJaio+ASzugo/zy1RTcVrsCskYWXyKDUQz1yu0iCng+fDCUnTm\nXGmEoEGNhk4vTJOt7hBav1/Ja/dUipGf6mXUuanwJ0e+1/Et/B0ah5X1Um5AyNZI\nM+SyRz3u+wKBgQCjvtUNXoqaghCBCmB6TjZ1prexnWkYFugCv2SSUMIk1W7gIlJ6\ntsjcrj1R1Qii6qzfBFd+GWoA0V06h0e2/qRVCg//p6GytrW33IycgvS+ZPLJ7tLI\nFR2r66WfRlpoPiSL8eRt/P7kkG0hXCn7K7ub2TEu/Ka/W1yNwad6PR8iCwKBgQC8\nXcZSrtQsxAc8w99emJVoEo9wcsCGJ9ltA0iUu9XyZpvlbyJ3J+s48YrWxQ0sop7L\nUgE+96Rfo51kPMi3JVtk81p8ntf4KMrWwokaFMXHsPcJMCJ1IBVIRLE0C5eZcYhv\nlyN57I4tT1lzOZYJxYK4Cot/zrn7oF/j6mTBGfh4iQKBgQCiJMUxRz01/czH/XSX\ngo3dVbHQ4FEOufWnE3Eb93S8r0/eq1RM118rb0TqzuiadW2xYDU4nucWQlrlmq0d\nFY/m+Hy97pqyk6jmoU5I/D+ssBIoYHWLnH9/xfvDEk2JGSJSHtzu0D4EDC/rgQ49\nMbYsO5oUrF8tPlhj5vzbf3GKLA==\n-----END PRIVATE KEY-----\n",
    "refreshLockInterval": "10m",
    "dummy": {
        "enable": false,
        "sampleFilePath": ""
    }
}

Tenants

ParameterDescriptionTypeDefault
Defines a directory that limits the files that can be accessed by ONLYOFFICE Docs.string""
Defines the tenant base domain name.string""
Defines the name of the config file in the tenant folder to override default.json. It is used in the multi-tenant mode to initialize the specific tenant settings (wopi, ipfilter, jwt secret etc.). string"config.json"
Defines the .pem filename where the tenant secret key is stored.string"secret.key"
Defines the filename where the tenant license is stored.string"license.lic"
Defines the domain name of the default tenant.string"localhost"
Defines the cache properties for reading multi-tenant license and secret.object
Defines the TTL (time to live) for every generated cache element (measured in seconds).integer300
Defines the period used for the automatic delete check interval (measured in seconds).integer60
Defines if the cached variables will be cloned or not. If true, a copy of the cached variable will be created. If false, only the reference will be saved.booleanfalse

These parameters define the tenants properties for working in the multi-tenant mode.

Example
"tenants": {
    "baseDir" : "",
    "baseDomain" : "",
    "filenameConfig" : "config.json",
    "filenameSecret" : "secret.key",
    "filenameLicense" : "license.lic",
    "defaultTenant" : "localhost",
    "cache": {
        "stdTTL": 300,
        "checkperiod": 60,
        "useClones": false
    },
}

External request

ParameterDescriptionTypeDefault
Defines the IP addresses that are allowed for direct requests.object
Defines a list of the IP addresses that are trusted for the direct requests.list[]
Defines if the trusted IP addresses are in the JWT or not.booleantrue
Defines the external request options.object
Defines if the external requests are allowed or not.booleantrue
Defines if the private IP address will be blocked or not.booleantrue
Defines the proxy URL.string""
Defines the proxy authentication parameters.object
Defines the proxy authentication username.string""
Defines the proxy authentication password.string""
Defines the proxy headers.object{}

These parameters define the configuration of the external requests.

Example
"externalRequest": {
    "directIfIn" : {
        "allowList": [],
        "jwtToken": true
    },
    "action": {
        "allow": true,
        "blockPrivateIP": true,
        "proxyUrl": "",
        "proxyUser": {
            "username": "",
            "password": ""
        },
        "proxyHeaders": {
        }
    }
}

Document Server services

These parameters define the settings for the Document Server services.

ParameterDescriptionTypeDefault
Defines the settings for the co-authoring editing session.object

Server

ParameterDescriptionTypeDefault
Defines the server port.integer8000
Defines a number of worker threads per CPU.integer1
Defines the server mode.string"development"
Defines a maximum size for all the uploaded temporary files used by each process (measured in bytes).integer104857600
Defines a maximum size for all the images uploaded in each process (measured in bytes).integer26214400
Defines the timeout properties for downloading images.object

Defines a period which specifies two timeouts:

  • read timeout - time to wait for a server to send response headers (and start the response body) before aborting the request;
  • connection timeout - sets the socket to timeout after timeout of inactivity. Note that increasing the timeout beyond the OS-wide TCP connection timeout will not have any effect.

This parameter is sent to the npm module.

string"2m"
Defines the whole request cycle - a period from the download start to the full download.string"2m"
Defines the timeout properties for callback requesting.object

Defines a period which specifies two timeouts:

  • read timeout - time to wait for a server to send response headers (and start the response body) before aborting the request;
  • connection timeout - sets the socket to timeout after timeout of inactivity. Note that increasing the timeout beyond the OS-wide TCP connection timeout will not have any effect.

This parameter is sent to the npm module.

string"10m"
Defines the whole request cycle timeout.string"10m"
Defines a path where the health check requests will be sent.string"../public/healthcheck.docx"
Defines the conversion start delay time (measured in milliseconds) after the edited file is closed.integer5000
Defines if the singleton can be edited or not.booleanfalse
Defines a folder name where all the forgotten files are stored.string"forgotten"
Defines a forgotten file name.string"output"
Defines a maximum size of the request changes.integer20000
Defines if the password-protected files can be opened or not.booleantrue
Defines if the anonymous users have access to the editor or live viewer or not.booleantrue
Defines the editor data storage. The possible values: "editorDataRedis", "".string"editorDataRedis"
Defines the editor data storage for license calculation and statistics (local memory or redis). The possible values are "editorDataMemory", "editorDataRedis", or "". The default "" value means that the value of the editorDataStorage parameter will be used. This parameter is primarily used for a sharded cluster.string""
Defines if the assembled file is saved in its original format or not.booleantrue
Defines a path to the "new" file template if a file of 0 bytes was received from the link for opening.string"../../document-templates/new"
Defines extensions which are allowed to be downloaded via the downloadFile handler.array of strings["pdf", "xlsx"]
Defines if the required token parameters will be validated. This is required for security. For example, the conversion token will not be used to open a document.booleantrue
Defines whether a file without any changes can be forcesaved by clicking the Save button.booleanfalse

These parameters define the server configuration.

Example
"services": {
    "CoAuthoring": {
        "server": {
            "port": 8000,
            "workerpercpu": 1,
            "mode": "development",
            "limits_tempfile_upload": 104857600,
            "limits_image_size": 26214400,
            "limits_image_download_timeout": {
                "connectionAndInactivity": "2m",
                "wholeCycle": "2m"
            },
            "callbackRequestTimeout": {
                "connectionAndInactivity": "10m",
                "wholeCycle": "10m"
            },
            "healthcheckfilepath": "../public/healthcheck.docx",
            "savetimeoutdelay": 5000,
            "edit_singleton": false,
            "forgottenfiles": "forgotten",
            "forgottenfilesname": "output",
            "maxRequestChanges": 20000,
            "openProtectedFile": true,
            "isAnonymousSupport": true,
            "editorDataStorage": "editorDataRedis",
            "editorStatStorage": "",
            "assemblyFormatAsOrigin": true,
            "newFileTemplate" : "../../document-templates/new",
            "downloadFileAllowExt": ["pdf", "xlsx"],
            "tokenRequiredParams": true,
            "forceSaveUsingButtonWithoutChanges": false
        }
    }
}

Default request

ParameterDescriptionTypeDefault
Defines the default HTTP request headers.object
Defines the default User-Agent request header.string"Node.js/6.13"
Defines the default Connection request header.string"Keep-Alive"
Defines if the Accept-Encoding header is added to request compressed content encodings from the server (if not already present) and decode supported content encodings in the response.booleantrue
Defines if the certificates will be verified by the Document Server or not.booleantrue

These parameters define the default request configuration.

Example
"services": {
    "CoAuthoring": {
        "requestDefaults": {
            "headers": {
                "User-Agent": "Node.js/6.13",
                "Connection": "Keep-Alive"
            },
            "gzip": true,
            "rejectUnauthorized": true
        }
    }
}

Auto assembly

ParameterDescriptionTypeDefault
Defines if the automatic forcesaving is enabled or not.booleanfalse
Defines the interval time in minutes for initiating the automatic forcesaving.string"5m"
Defines the delay in minutes between the intervals.string"1m"

These parameters define the automatic forcesaving configuration.

The automatic forcesaving will only be initiated after some changes were made to the document. The empty versions will not be forcesaved automatically. Additionally, file versioning needs to be implemented on the document management system's side for this parameter to work.
Example
"services": {
    "CoAuthoring": {
        "autoAssembly": {
            "enable": false,
            "interval": "5m",
            "step": "1m"
        }
    }
}

Utils

ParameterDescriptionTypeDefault
Defines a directory where all the fonts are stored.string"null"
Defines the patterns for searching font files of the corresponding extensions.string"*.ttf;*.ttc;*.otf"
Defines the supported image formats for uploading.string"jpg;jpeg;jpe;png;gif;bmp;svg;tiff;tif"

These parameters define the utils configuration.

Example
"services": {
    "CoAuthoring": {
        "utils": {
            "utils_common_fontdir": "null",
            "utils_fonts_search_patterns": "*.ttf;*.ttc;*.otf",
            "limits_image_types_upload": "jpg;jpeg;jpe;png;gif;bmp;svg;tiff;tif"
        }
    }
}

SQL

ParameterDescriptionTypeDefault
Defines the database type (postgres, mariadb or mysql).string"postgres"
Defines the database table name where all the document changes are stored.string"doc_changes"
Defines the database table name where the query result is stored.string"task_result"
Defines the database server host (host name or IP address).string"localhost"
Defines the database server port.integer5432
Defines a name of a database to be created on the image startup.string"onlyoffice"
Defines a new username with superuser permissions for the database account.string"onlyoffice"
Defines a password set to the database account.string"onlyoffice"
Defines the database charset.string"utf8"
Defines the maximum number of the simultaneous user connections to the database server.integer10
Defines the maximum size of data that can be sent in one request.integer1048575
Defines the parameters that can be passed directly to the node-postgres pool library.object
Defines a number of milliseconds a client must remain idle in the pool and not be checked out before it is disconnected from the backend and discarded. Set to 0 to disable automatic disconnection of idle clients.integer30000
Defines a number of seconds that represents the maximum lifetime.integer60000
Defines a number of milliseconds before the query statement times out.integer60000
Defines a number of milliseconds before a query call times out.integer60000
Defines a number of milliseconds to wait for a connection.integer60000
Defines the Dameng database parameters.object
Defines if the column names are uppercase or not.booleanfalse
Defines the case of column names.string"lower"
Defines a number of milliseconds to wait for a connection.integer60000
Defines if the login encryption is enabled or not.booleanfalse
Defines the local timezone.integer0
Defines a number of seconds after which the pool terminates idle connections (unused in the pool).integer60
Defines a number of milliseconds when a connection request made by a client or a server doesn't receive a response from the other end.integer60000
Defines a number of milliseconds when messages are retained in the queue before they are discarded.integer60000
Defines the Oracle database parameters.object
Defines a number of seconds to wait for a connection.integer60
Defines the MS SQL database parameters.object
Defines the MS SQL database options.object
Defines whether the data will be encrypted before sending it over the network.booleanfalse
Defines whether an encryption occurs when there is no verified server certificate.booleantrue
Defines the parameters of the connection pool.object
Defines a number of milliseconds a client must remain idle in the pool and not be checked out before it is disconnected from the backend and discarded. Set to 0 to disable automatic disconnection of idle clients.integer30000
Defines the connection parameters of the MySQL database (including SSL settings) that can be passed directly to the node-mysql2 module.object
Defines a number of milliseconds to wait for a connection.integer60000
Defines a number of milliseconds before a query call times out.integer60000

These parameters define the database configuration.

Example
"services": {
    "CoAuthoring": {
        "sql": {
            "type": "postgres",
            "tableChanges": "doc_changes",
            "tableResult": "task_result",
            "dbHost": "localhost",
            "dbPort": 5432,
            "dbName": "onlyoffice",
            "dbUser": "onlyoffice",
            "dbPass": "onlyoffice",
            "charset": "utf8",
            "connectionlimit": 10,
            "max_allowed_packet": 1048575,
                "pgPoolExtraOptions": {
                "idleTimeoutMillis": 30000,
                "maxLifetimeSeconds": 60000,
                "statement_timeout": 60000,
                "query_timeout": 60000,
                "connectionTimeoutMillis": 60000
            },
            "damengExtraOptions": {
                "columnNameUpperCase": false,
                "columnNameCase": "lower",
                "connectTimeout": 60000,
                "loginEncrypt": false,
                "localTimezone": 0,
                "poolTimeout": 60,
                "socketTimeout": 60000,
                "queueTimeout": 60000
            },
            "oracleExtraOptions": {
                "connectTimeout": 60
            },
            "msSqlExtraOptions": {
                "options": {
                    "encrypt": false,
                    "trustServerCertificate": true
                },
                "pool": {
                    "idleTimeoutMillis": 30000
                }
            },
            "mysqlExtraOptions": {
                "connectTimeout": 60000,
                "queryTimeout": 60000
            }
        }
    }
}

Redis

ParameterDescriptionTypeDefault
Defines the database name, "redis" or "ioredis".string"redis"
Defines the name prefix for all the used structures in Redis.string"ds:"
Defines the Redis server host (host name or IP address).string"127.0.0.1"
Defines the Redis server port.integer6379
Defines the parameters (username, password, modules etc.) that can be passed directly to the node-redis createClient library.object{}
Defines the parameters (rootNodes, defaults, modules etc.) that can be passed directly to the node-redis clustering library to connect to the redis cluster. This setting has the priority over the options parameter for connecting to the single redis. object{}
Defines the parameters (username, password, modules etc.) that can be passed directly to the ioredis RedisOptions library.object
Defines if the connection to the server will be delayed until the first command is sent or redis.connect() is called explicitly.booleantrue
Defines a list of nodes of the cluster you want to connect to that can be passed directly to the ioredis cluster library to connect to the redis cluster. This setting has the priority over the iooptions parameter for connecting to the single redis. array[]
Defines the parameters (clusterRetryStrategy, dnsLookup, scaleReads etc.) that can be passed directly to the ioredis cluster library to connect to the redis cluster. This setting has the priority over the iooptions parameter for connecting to the single redis. object
Defines if the connection to the server will be delayed until the first command is sent or redis.connect() is called explicitly.booleantrue

These parameters define the Redis configuration.

Example
"services": {
    "CoAuthoring": {
        "redis": {
            "name": "redis",
            "prefix": "ds:",
            "host": "127.0.0.1",
            "port": 6379,
            "options": {},
            "optionsCluster": {},
            "iooptions": {
                "lazyConnect": true
            },
            "iooptionsClusterNodes": [],
            "iooptionsClusterOptions": {
                "lazyConnect": true
            }
        }
    }
}

PubSub service

ParameterDescriptionTypeDefault
Defines the maximum size of changes which can be passed via PubSub. If the size exceeds the specified value, the changes will be read from the database.integer1000

This parameter defines the PubSub service configuration.

Example
"services": {
    "CoAuthoring": {
        "pubsub": {
            "maxChanges": 1000
        }
    }
}

Expiration

ParameterDescriptionTypeDefault
Defines the time for saving locks.integer60
Defines the time of life for the user presence status.integer300
Defines the time of life for the locks.integer604800
Defines the time for changing indexes.integer86400
Defines the time for locking documents.integer30
Defines the time of life for the messages.integer86400
Defines the time of life for the last database save executed with success.integer604800
Defines the time of life for the forcesaving executed with success.integer604800
Defines the time of life for the forcesaved locks in the ioredis cluster mode.integer5000
Defines the time of life for the database save executed with success.integer3600
Defines the time for starting check, during which old files are deleted from the cache (every two minutes by default).string"0 */2 * * * *"
Defines the time of life for the folders in App_Data.integer86400
Defines the time for check starting (every hour by default).string"00 00 */1 * * *"
Defines the number of simultaneously deleted document folders from the cache.integer100

Defines the inactive session lifetime. This parameter allows ending editing session for an idle user. It is also used to initialize document saving procedure by terminating the last editing session. So, it defines the time after which an inactive user will be disconnected from the editing session. Its value format is "1s", "1m", "1h", "1d" etc.

Please note that by inactivity, we mean the absence of any action in the editor, including cursor movement.
string"1h"
Defines the lifetime for any editing session.string"30d"
Defines the time before the sessionidle or sessionabsolute ttl expires when a warning message is sent.string"2m"
Defines the time of life for the PEM files with secrets.string"1h"
Defines the time for checking the PEM files ttl.string"10m"
Defines the time when the user can open the file again after an error occurs due to opening an already saved file using the old key.string"5m"
Defines the time of life for the list of the month unique users.string"1y"

These parameters define the expiration settings.

Example
"services": {
    "CoAuthoring": {
        "expire": {
            "saveLock": 60,
            "presence": 300,
            "locks": 604800,
            "changeindex": 86400,
            "lockDoc": 30,
            "message": 86400,
            "lastsave": 604800,
            "forcesave": 604800,
            "forcesaveLock": 5000,
            "saved": 3600,
            "documentsCron": "0 */2 * * * *",
            "files": 86400,
            "filesCron": "00 00 */1 * * *",
            "filesremovedatonce": 100,
            "sessionidle": "1h",
            "sessionabsolute": "30d",
            "sessionclosecommand": "2m",
            "pemStdTTL": "1h",
            "pemCheckPeriod": "10m",
            "updateVersionStatus": "5m",
            "monthUniqueUsers": "1y"
        }
    }
}

IP filter

ParameterDescriptionTypeDefault

Defines the IP filter rules that contain the following parameters:

  • address - the IP address of the integrator. This parameter can contain IP in the X.X.X.X format for ipv4 or in the xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx format for ipv6, dns-name or * wildcard to replace any symbol/symbols,
    type: string,
    example: "ip_address";
  • allowed - specifies if the IP address is trusted or not,
    type: boolean,
    example: true.
array of objects
Defines if the IP filter is used for the request or not.booleanfalse
Defines an error code for the IP filter.integer403

These parameters define the IP filter configuration.

Example
"services": {
    "CoAuthoring": {
        "ipfilter": {
            "rules": [{"address": "*", "allowed": true}],
            "useforrequest": false,
            "errorcode": 403
        }
    }
}

Request Filtering Agent

ParameterDescriptionTypeDefault
Defines if it is allowed to connect private IP address or not. This includes private IP addresses and reserved IP addresses.booleanfalse
Defines if it is allowed to connect meta IP address or not. Meta address can be 0.0.0.0 (IPv4) or :: (IPv6) - a meta address that routing another address.booleanfalse

These parameters define the Request Filtering Agent configuration.

Example
"services": {
    "CoAuthoring": {
        "request-filtering-agent" : {
            "allowPrivateIPAddress": false,
            "allowMetaIPAddress": false
        }
    }
}

Secret key

ParameterDescriptionTypeDefault

Defines the parameters of a secret key to generate a token in the client-side browser requests to ONLYOFFICE Docs:

  • string - the secret key,
    type: string,
    example: "secret";
  • file - the PEM file where the secret is stored,
    type: string,
    example: "".
object

Defines the parameters of a secret key to generate a token in the incoming HTTP requests with the commands from the document storage service to the document command service, document conversion service and document builder service:

  • string - the secret key,
    type: string,
    example: "secret";
  • file - the PEM file where the secret is stored,
    type: string,
    example: "".
object

Defines the parameters of a secret key to generate a token in the outgoing HTTP requests to the callbackUrl address by document editing service:

  • string - the secret key,
    type: string,
    example: "secret";
  • file - the PEM file where the secret is stored,
    type: string,
    example: "".
object

Defines the parameters of a secret key to generate the session token:

  • string - the secret key,
    type: string,
    example: "secret";
  • file - the PEM file where the secret is stored,
    type: string,
    example: "".
object

These parameters define the secret key configuration.

Example
"services": {
    "CoAuthoring": {
        "secret": {
            "browser": {"string": "secret", "file": ""},
            "inbox": {"string": "secret", "file": ""},
            "outbox": {"string": "secret", "file": ""},
            "session": {"string": "secret", "file": ""}
        }
    }
}

Token

ParameterDescriptionTypeDefault
Defines if the tokens are enabled or not.object
Defines if a token in the client-side browser requests is enabled or not.booleanfalse
Defines if the tokens in the HTTP requests are enabled or not.object
Defines if a token in the incoming HTTP requests is enabled or not.booleanfalse
Defines if a token in the outgoing HTTP requests is enabled or not.booleanfalse
Defines the browser token configuration.object
Defines if the browser token is equal to the token from the incoming requests (true) or not (false).booleantrue
Defines the configuration of a token from the incoming requests.object
Defines the HTTP header that will be used to send the incoming request token.string"Authorization"
Defines a prefix in the HTTP header that will be used to send the incoming request token.string"Bearer "
Defines if a token is enabled in the incoming request body or not.booleanfalse
Defines the configuration of a token from the outgoing requests.object
Defines the HTTP header that will be used to send the outgoing request token.string"Authorization"
Defines a prefix in the HTTP header that will be used to send the outgoing request token.string"Bearer "
Defines an algorithm which is used to sign the outgoing request token.string"HS256"
Defines a period when the outgoing request token expires.string"5m"
Defines if a token is enabled in the outgoing request body or not.booleanfalse
Defines the regular expression that specifies URLs from which the authorization should be excluded. The empty string means that this option is disabled.string""
Defines the session token configuration.object
Defines an algorithm which is used to sign the session token.string"HS256"
Defines a period when the session token expires.string"30d"
Defines the token verifying options.object
Defines a number of seconds which is acceptable when dealing with the clock differences among different servers.integer60

These parameters define the token configuration.

Example
"services": {
    "CoAuthoring": {
        "token": {
            "enable": {
                "browser": false,
                "request": {
                    "inbox": false,
                    "outbox": false
                }
            },
            "browser": {
                "secretFromInbox": true
            },
            "inbox": {
                "header": "Authorization",
                "prefix": "Bearer ",
                "inBody": false
            },
            "outbox": {
                "header": "Authorization",
                "prefix": "Bearer ",
                "algorithm": "HS256",
                "expires": "5m",
                "inBody": false,
                "urlExclusionRegex": ""
            },
            "session": {
                "algorithm": "HS256",
                "expires": "30d"
            },
            "verifyOptions": {
                "clockTolerance": 60
            }
        }
    }
}

Plugins

ParameterDescriptionTypeDefault
Defines a path to the folder where all the plugins are stored.string"/sdkjs-plugins"
Defines a list of plugins that run automatically.list[]

These parameters define the plugins configuration.

Example
"services": {
    "CoAuthoring": {
        "plugins": {
            "uri": "/sdkjs-plugins",
            "autostart": []
        }
    }
}

Themes

ParameterDescriptionTypeDefault
Defines a path to the folder where all the json files with the custom color themes are stored.string"/web-apps/apps/common/main/resources/themes"

This parameter defines the properties of the custom color themes.

Example
"services": {
    "CoAuthoring": {
        "themes": {
            "uri": "/web-apps/apps/common/main/resources/themes"
        }
    }
}

Editor

ParameterDescriptionTypeDefault
Defines a path to the spell checker.string""
Defines the settings for reconnecting the editor to the server.object
Defines a maximum number of attempts to reconnect the editor.integer50
Defines the attempt delay for reconnecting the editor.string"2s"
Defines if the document changes are saved in binary (true) or JSON (false) format.booleanfalse
Defines a maximum payload size of WebSocket.string"1.5MB"
Defines a limit on the total size of the changes made to the document. When the limit is exceeded, the user receives a dialog box with a suggestion to cancel the last action or switch to the offline mode. This setting is disabled by default.string"0mb"

These parameters define the editor configuration.

Example
"services": {
    "CoAuthoring": {
        "editor":{
            "spellcheckerUrl": "",
            "reconnection":{
                "attempts": 50,
                "delay": "2s"
            },
            "binaryChanges": false,
            "websocketMaxPayloadSize": "1.5MB",
            "maxChangesSize": "0mb"
        }
    }
}

SockJs

ParameterDescriptionTypeDefault
Defines a path to the sockjs.min.js file.string""
Defines if CORS will be disabled or not. The true value prevents the Access-Control-Allow-Origin header vulnerability.booleantrue
Defines if the WebSocket protocol is enabled or not.booleantrue

These parameters define the SockJs configuration.

Example
"services": {
    "CoAuthoring": {
        "sockjs": {
            "sockjs_url": "",
            "disable_cors": true,
            "websocket": true
        }
    }
}

Socket.IO

ParameterDescriptionTypeDefault
Defines the connection properties.object
Defines the path that is captured on the server side.string"/doc/"
Defines if the client files will be served or not.booleanfalse
Defines the timeout period in milliseconds within which the client must respond with a pong to the server ping. If there is no response, the server considers that the connection is closed. The connection between the server and the client is checked every pingInterval milliseconds. integer20000
Defines the interval time in milliseconds, which is used to check if the connection is still alive between the server and the client. The server sends a ping packet to the client, and if the client does not respond with a pong within a pingTimeout period, the server considers that the connection is closed. integer25000
Defines the maximum number of bytes a single message can be, before closing the socket.integer1e8

These parameters define the Socket.IO module configuration.

Example
"socketio": {
    "connection": {
        "path": "/doc/",
        "serveClient": false,
        "pingTimeout": 20000,
        "pingInterval": 25000,
        "maxHttpBufferSize": 1e8
    }
}

Callback backoff options

ParameterDescriptionTypeDefault
Defines the maximum amount of times to retry the operation.integer0
Defines the callback backoff timeouts.object
Defines the exponential factor to use.integer2
Defines the number of milliseconds before starting the first try.integer1000
Defines the maximum number of milliseconds between two retries.integer2147483647
Defines if the timeouts are randomized by multiplying with a factor between 1 and 2 or not.booleanfalse
Defines the HTTP statuses of the callback backoff.string"429,500-599"

These parameters define the callback backoff options.

Example
"services": {
    "CoAuthoring": {
        "callbackBackoffOptions": {
            "retries": 0,
            "timeout":{
                "factor": 2,
                "minTimeout": 1000,
                "maxTimeout": 2147483647,
                "randomize": false
            },
            "httpStatus": "429,500-599"
        }
    }
}

License

ParameterDescriptionTypeDefault
Defines a path to the license file.string""
Defines a percent range of the connections and connections_view limitations, exceeding which a license limit warning appears in logs. integer70

Defines the license package type.

This parameter is set at the time of version build. You do not have to manually configure it.
integer1
Defines the time before the license expires when a warning message is sent.string"30d"

These parameters define the license configuration.

Example
"license" : {
    "license_file": "",
    "warning_limit_percents": 70,
    "packageType": 1,
    "warning_license_expiration": "30d"
}

Converter

ParameterDescriptionTypeDefault
Defines the converter properties.object
Defines a maximum size of the file being requested (measured in bytes).integer104857600
Defines the timeout properties for downloading the converted file.object

Defines a period which specifies two timeouts:

  • read timeout - time to wait for a server to send response headers (and start the response body) before aborting the request;
  • connection timeout - sets the socket to timeout after timeout of inactivity. Note that increasing the timeout beyond the OS-wide TCP connection timeout will not have any effect.

This parameter is sent to the npm module.

string"2m"
Defines the whole request cycle timeout.string"2m"
Defines a maximum number of attempts to download the converted file.integer3
Defines the attempt delay to download the converted file.integer1000
Defines a maximum number of conversion processes which can be active at one time.integer1
Defines a path to the folder with fonts.string"null"
Defines a path to the folder with the presentation themes.string"null"
Defines a path to the x2t file converter.string"null"
Defines a path to the Document Builder application.string"null"
Defines the additional parameters for running x2t.string""
Defines the parameters that can be passed directly to the node.js child_process.spawn library (only for running x2t).object{}
Defines a path to the error files.string""
Defines the StreamWriter buffer size.integer8388608
Defines a maximum number of message re-deliveries.integer2
Defines limits for input files.object
Defines the OOXML file types for which the limits are specified (text documents/spreadsheets/presentations). This does not include other objects, like images.string"docx;dotx;docm;dotm"/"xlsx;xltx;xlsm;xltm"/"pptx;ppsx;potx;pptm;ppsm;potm"
Defines the zip archive properties.object
Defines the total uncompressed file size for text documents/spreadsheets/presentations.string"50MB"/"300MB"/"50MB"
Defines the name template for files which sizes are counted.string"*.xml"

These parameters define the file converter configuration.

Example
"FileConverter": {
    "converter": {
        "maxDownloadBytes": 104857600,
        "downloadTimeout": {
            "connectionAndInactivity": "2m",
            "wholeCycle": "2m"
        },
        "downloadAttemptMaxCount": 3,
        "downloadAttemptDelay": 1000,
        "maxprocesscount": 1,
        "fontDir": "null",
        "presentationThemesDir": "null",
        "x2tPath": "null",
        "docbuilderPath": "null",
        "args": "",
        "spawnOptions": {},
        "errorfiles": "",
        "streamWriterBufferSize": 8388608,
        "maxRedeliveredCount": 2,
        "inputLimits": [
            {
            "type": "docx;dotx;docm;dotm",
            "zip": {
                "uncompressed": "50MB",
                "template": "*.xml"
            }
            },
            {
            "type": "xlsx;xltx;xlsm;xltm",
            "zip": {
                "uncompressed": "300MB",
                "template": "*.xml"
            }
            },
            {
            "type": "pptx;ppsx;potx;pptm;ppsm;potm",
            "zip": {
                "uncompressed": "50MB",
                "template": "*.xml"
            }
            }
        ]
    }
}

Host ONLYOFFICE Docs on your own server or use it in the cloud

Get it nowUse in the cloud
Article with the tag:
Browse all tags