diff --git a/docs/chungus.conf b/docs/chungus.conf new file mode 100644 index 00000000..7ac7ba9a --- /dev/null +++ b/docs/chungus.conf @@ -0,0 +1,2138 @@ +# not actually YAML but lets pretend: +# -*- mode: yaml -*- +# vim: ft=yaml: + + +## this config-file does not make any sense at all, and will not work anywhere +## +## it is a nearly-complete example of every config option and how each can be used, +## but will NOT be maintained, it's just to get a feel for how the config works +## +## this file was initially generated by and based on: +## cat copyparty/__main__.py | awk -F\" -vp1=$(printf %090d 0) '/arse.SUPPRE/{next}/add_argument_group/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};{m=""}/metavar=/{m=": "$4}/add_argument\(/{h=$0;sub(/.*, help="/,"",h);sub(/"\)$/,"",h);k=$2;sub(/^-+/,"",k);printf"\n # %s\n %s%s\n",h,k,m}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/;s/\\033\[[^m]*[0-9]m//g;s/ \(volflag=([^)]+)\)$/\n # πŸ“‚ also available as volflag "\1"/' | xsel -ib +## grep -A9001 ^flagcats copyparty/cfg.py | grep -B9001 ^flagdescs | awk -F\" -vp1=$(printf %090d 0) '/^ "/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};/^ [^ ]/{k=$0;h=$0;sub(/^ +./,"",k);sub(/.: .*/,"",k);sub(/[^:]+: ./,"",h);sub(/.,$/,"",h);sub(/=/,": ",k);printf"\n # %s\n %s\n",h,k}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/' | xsel -ib + + +[global] + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// general options \\0000000000000000000000000000000000000000000000000000000000000000000000\ + + # REPEATABLE: add a config file; add multiple by repeating the option + c: /etc/some.conf + c: /etc/another.conf + + # max num clients; will not accept more http/https connections at this point + nc: 1024 + + # max num cpu cores, 0=all, 1=default=recommended + j: 4 + + # enable the ?dots url parameter / client option which allows clients to see dotfiles / hidden files + # πŸ“‚ also available as volflag "dots" + ed + + # how to handle url-form POSTs; see --help-urlform + urlform: save,get + + # server terminal title, for example [$ip-10.1.2.] or [$ip-] + wintitle: $ip-10.1.2. + + # server name (displayed topleft in browser and in mDNS) + name: mogra + + # REPEATABLE: map file EXTension to MIMEtype, for example [jpg=image/jpeg] + mime: qoi=image/x-qoi + mime: adf=application/x-amiga-disk-format + + # list default mimetype mapping and exit + mimes + + # do expensive analysis to improve accuracy of returned mimetypes; will make file-downloads, rss, and webdav slower + # πŸ“‚ also available as volflag "rmagic" + rmagic + + # show licenses and exit + license + + # show versions and exit + version + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// qr options \\000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # show http:// QR-code on startup + qr + + # show https:// QR-code on startup + qrs + + # location to include in the url, for example [priv/?pw=hunter2] + qrl: uploads/?pw=okletsgo # hint + + # select IP which starts with PREFIX; [.] to force default IP when mDNS URL would have been used instead + qri: 192.168. # hint + + # foreground; try [0] if the qr-code is unreadable + qr-fg: 46 # hint; default=0=black + + # background (white=255) + qr-bg: 92 # hint; default=229=parchment + + # padding (spec says 4 or more, but 1 is usually fine) + qrp: 2 # hint + + # [1]=1x, [2]=2x, [0]=auto (try [2] on broken fonts) + qrz: 2 # hint + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// filesystem options \\0000000000000000000000000000000000000000000000000000000000000000000\ + + # if a file cannot be deleted because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0 + # πŸ“‚ also available as volflag "rm_retry" + rm-retry: 15/0.1 # default on windows; 0 on unix + + # if a file cannot be renamed because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0 + # πŸ“‚ also available as volflag "mv_retry" + mv-retry: 15/0.1 # default on windows; 0 on unix + + # file I/O buffer-size; if your volumes are on a network drive, try increasing to 524288 or even 4194304 (and let me know if that improves your performance) + iobuf: 262144 # default + + # rebuild mountpoint cache every SEC to keep track of sparse-files support; keep low on servers with removable media + mtab-age: 60 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// share-url options \\00000000000000000000000000000000000000000000000000000000000000000000\ + + # toplevel virtual folder for shared files/folders, for example [/share] + shr: /shares # hint; default is unset + + # database to store shares in + shr-db: $XDG_CONFIG_PATH/.copyparty/shares.db # default (and yes, $ENV will expand in configs) + + # comma-separated list of users allowed to view/delete any share + shr-adm: ame,same # hint + + # shares can be revived by their owner if they expired less than MIN minutes ago; [60]=hour, [1440]=day, [10080]=week + shr-rt: 1440 # default + + # debug + shr-v + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// upload options \\00000000000000000000000000000000000000000000000000000000000000000000000\ + + # dotfile incomplete uploads, hiding them from clients unless -ed + dotpart + + # when avoiding filename collisions by appending the uploader's ip to the filename: append the plaintext ip instead of salting and hashing the ip + plain-ip + + # filename for nameless uploads (when uploader doesn't provide a name); default is [put-UNIXTIME-IP.bin] (the .6f means six decimal places) + # πŸ“‚ also available as volflag "put_name" + put-name: put-{now.6f}-{cip}.bin # default + + # default checksum-hasher for PUT/WebDAV uploads: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s + # πŸ“‚ also available as volflag "put_ck" + put-ck: sha512 # default + + # default checksum-hasher for bup/basic-uploader: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s + # πŸ“‚ also available as volflag "bup_ck" + bup-ck: sha512 # default + + # grace period where uploads can be deleted by the uploader, even without delete permissions; 0=disabled, default=12h + unpost: 43200 # default (12h) + + # clients can abort incomplete uploads by using the unpost tab (requires -e2d). [0] = never allowed (disable feature), [1] = allow if client has the same IP as the upload AND is using the same account, [2] = just check the IP, [3] = just check account-name + # πŸ“‚ also available as volflag "u2abort" + u2abort: 1 # default + + # file write grace period (any client can write to a blank file last-modified more recently than SEC seconds ago) + blank-wt: 300 # default + + # max number of uploads to keep in memory when running without -e2d; roughly 1 MiB RAM per 600 + reg-cap: 38400 # default + + # disable file-handle pooling -- instead, repeatedly close and reopen files during upload (bad idea to enable this on windows and/or cow filesystems) + no-fpool + + # force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...) + use-fpool + + # unix file permissions to use when creating files; default is probably 644 (OS-decided), see --help-chmod. Examples: [644] = owner-RW + all-R, [755] = owner-RWX + all-RX, [777] = full-yolo + # πŸ“‚ also available as volflag "chmod_f" + chmod-f: 644 # hint; default is unset + + # unix file permissions to use when creating directories; see --help-chmod. Examples: [755] = owner-RW + all-R, [777] = full-yolo + # πŸ“‚ also available as volflag "chmod_d" + chmod-d: 755 # default + + # unix user-id to chown new files/folders to; default = -1 = do-not-change + # πŸ“‚ also available as volflag "uid" + uid: 1000 # hint + + # unix group-id to chown new files/folders to; default = -1 = do-not-change + # πŸ“‚ also available as volflag "gid" + gid: 573 # hint + + # enable symlink-based upload deduplication + # πŸ“‚ also available as volflag "dedup" + dedup + + # how careful to be when deduplicating files; [1] = just verify the filesize, [50] = verify file contents have not been altered + # πŸ“‚ also available as volflag "safededup" + safe-dedup: 50 # default + + # enable hardlink-based dedup; will fallback on symlinks when that is impossible (across filesystems) + # πŸ“‚ also available as volflag "hardlink" + hardlink + + # do not fallback to symlinks when a hardlink cannot be made + # πŸ“‚ also available as volflag "hardlinkonly" + hardlink-only + + # enable reflink-based dedup; will fallback on full copies when that is impossible (non-CoW filesystem) + # πŸ“‚ also available as volflag "reflink" + reflink + + # reject duplicate files during upload; only matches within the same volume + # πŸ“‚ also available as volflag "nodupe" + no-dupe + + # do not use existing data on disk to satisfy dupe uploads; reduces server HDD reads in exchange for much more network load + # πŸ“‚ also available as volflag "noclone" + no-clone + + # disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually + no-snap + + # write upload state to ./hist/up2k.snap every SEC seconds; allows resuming incomplete uploads after a server crash + snap-wri: 300 # default + + # forget unfinished uploads after MIN minutes; impossible to resume them after that (360=6h, 1440=24h) + snap-drop: 1440 # default + + # how to timestamp uploaded files; [c]=client-last-modified, [u]=upload-time, [fc]=force-c, [fu]=force-u + # πŸ“‚ also available as volflag "u2ts" + u2ts: c # default + + # force randomized filenames, --nrand chars long + # πŸ“‚ also available as volflag "rand" + rand + + # randomized filenames length + # πŸ“‚ also available as volflag "nrand" + nrand: 9 # default + + # enable filetype detection on nameless uploads + # πŸ“‚ also available as volflag "magic" + magic + + # ensure GiB free disk space by rejecting upload requests; assumes gigabytes unless a unit suffix is given: [256m], [4], [2T] + # πŸ“‚ also available as volflag "df" + df: 4 # hint; default=0 + + # windows-only: minimum size of incoming uploads through up2k before they are made into sparse files + sparse: 4 # default + + # configure turbo-mode in up2k client; [-1] = forbidden/always-off, [0] = default-off and warn if enabled, [1] = default-off, [2] = on, [3] = on and disable datecheck + turbo: 0 # default + + # when to use a wasm-hasher instead of the browser's builtin; faster on chrome, but buggy in older chrome versions. [0] = only when necessary (non-https), [1] = always (all browsers), [2] = always on chrome/firefox, [3] = always on chrome, [N] = chrome-version N and newer (recommendation: 137) + nosubtle: 0 # default + + # web-client: number of file chunks to upload in parallel; 1 or 2 is good when latency is low (same-country), 2~4 for android-clients, 2~6 for cross-atlantic. Max is 6 in most browsers. Big values increase network-speed but may reduce HDD-speed + u2j: 2 # default + + # web-client: default upload chunksize (MiB); sets min,default,max in the settings gui. Each HTTP POST will aim for default, and never exceed max. Cloudflare max is 96. Big values are good for cross-atlantic but may increase HDD fragmentation on some FS. Disable this optimization with [1,1,1] + u2sz: 1,64,96 # default + + # web-client: default setting for when to replace/overwrite existing files; [0]=never, [1]=if-client-newer, [2]=always + # πŸ“‚ also available as volflag "u2ow" + u2ow: 0 # default + + # upload order; [s]=smallest-first, [n]=alphabetical, [fs]=force-s, [fn]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine + u2sort: s # default + + # write POST reports to textfiles in working-directory + write-uplog + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// network options \\0000000000000000000000000000000000000000000000000000000000000000000000\ + + # IPs and/or unix-sockets to listen on, COMMA-SEPARATED LIST (see --help-bind). Default: all IPv4 and IPv6 + i: 192.168.0.1,::1,unix:770:www:/dev/shm/party.sock # hint; default=:: + + # ports to listen on (comma/range); ignored for unix-sockets + p: 3923,4001-4005 # hint; default=3923 + + # include link-local IPv4/IPv6 in mDNS replies, even if the NIC has routable IPs (breaks some mDNS clients) + ll + + # which ip to associate clients with; [0]=tcp, [1]=origin (first x-fwd, unsafe), [2]=outermost-proxy, [3]=second-proxy, [-1]=closest-proxy + rproxy: 1 # default + + # if reverse-proxied, which http header to read the client's real ip from + xff-hdr: x-forwarded-for # default + + # list of trusted reverse-proxy CIDRs (comma-separated); only accept the real-ip header (--xff-hdr) and IdP headers if the incoming connection is from an IP within either of these subnets. Specify [lan] to allow all LAN / private / non-internet IPs. Can be disabled with [any] if you are behind cloudflare (or similar) and are using --xff-hdr=cf-connecting-ip (or similar) + xff-src: 127.0.0.0/8, ::1/128 # default + + # only accept connections from IP-addresses inside CIDR (comma-separated); examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] + ipa: 10.89.0.0/16, 192.168.33.0/24 # hint; default is unset + + # if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here; example: [/foo/bar] + rp-loc: /files # hint; default is unset + + # set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances + reuseaddr + + # allow listening on IPs which do not yet exist, for example if the network interfaces haven't finished going up. Only makes sense for IPs other than '0.0.0.0', '127.0.0.1', '::', and '::1'. May require running as root (unless net.ipv6.ip_nonlocal_bind) + freebind + + # write list of listening-on ip:port to textfile at PATH when http-servers have started + wr-h-eps: /dev/shm/listening-on.txt # hint; default is unset + + # write list of accessible-on ip:port to textfile at PATH when http-servers have started + wr-h-aon: /dev/shm/accessible-on.txt # hint; default is unset + + # socket timeout (read request header) + s-thead: 120 # default + + # socket timeout (read/write request/response bodies). Use 60 on fast servers (default is extremely safe). Disable with 0 if reverse-proxied for a 2% speed boost + s-tbody: 128 # default + + # socket read size in bytes (indirectly affects filesystem writes; recommendation: keep equal-to or lower-than --iobuf) + s-rd-sz: 262144 # default + + # socket write size in bytes + s-wr-sz: 262144 # default + + # debug: socket write delay in seconds + s-wr-slp: 0 # default + + # debug: response delay in seconds + rsp-slp: 0 # default + + # debug: response delay, random duration 0..SEC + rsp-jtr: 0 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// SSL/TLS options \\0000000000000000000000000000000000000000000000000000000000000000000000\ + + # disable ssl/tls -- force plaintext + http-only + + # disable plaintext -- force tls + https-only + + # path to file containing a concatenation of TLS key and certificate chain + cert: $XDG_CONFIG_PATH/.copyparty/cert.pem # default + + # set allowed ssl/tls versions; [help] shows available versions; default is what your python version considers safe + ssl-ver: ssl3,tls10 # hint; default is unset + + # set allowed ssl/tls ciphers; [help] shows available ciphers + ciphers: xtea,rot13 # hint; default is unset + + # dump some tls info + ssl-dbg + + # log master secrets for later decryption in wireshark + ssl-log: /mnt/stash/gotem.log # hint; default is unset + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// TLS certificate generator options \\0000000000000000000000000000000000000000000000000000\ + + # disable automatic certificate creation + no-crt + + # comma-separated list of FQDNs (domains) to add into the certificate + crt-ns: example.com,fileshare.nasa.gov + + # do not add wildcard entries for each --crt-ns + crt-exact + + # do not add autodetected IP addresses into cert + crt-noip + + # do not add 127.0.0.1 / localhost into cert + crt-nolo + + # do not add mDNS names / hostname into cert + crt-nohn + + # where to save the CA cert + crt-dir: $XDG_CONFIG_PATH/.copyparty/ # default + + # ca-certificate expiration time in days + crt-cdays: 3650 # default + + # server-cert expiration time in days + crt-sdays: 365 # default + + # CA/server-cert common-name + crt-cn: partyco # default + + # override CA name + crt-cnc: --crt-cn # default = copy the above + + # override server-cert name + crt-cns: --crt-cnc # default = copy the above + + # backdate in hours + crt-back: 72 # default + + # algorithm and keysize; one of these: ecdsa-256 rsa-4096 rsa-2048 + crt-alg: ecdsa-256 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// IdP / identity provider / user authentication options \\00000000000000000000000000000000\ + + # bypass the copyparty authentication checks if the request-header HN contains a username to associate the request with (for use with authentik/oauth/...) + # └─WARNING: if you enable this, make sure clients are unable to specify this header themselves; must be washed away and replaced by a reverse-proxy + idp-h-usr: idp-username # hint; default is unset + + # assume the request-header HN contains the groupname of the requesting user; can be referenced in config files for group-based access control + idp-h-grp: idp-groups # hint; default is unset + + # optional but recommended safeguard; your reverse-proxy will insert a secret header named HN into all requests, and the other IdP headers will be ignored if this header is not present + idp-h-key: supersecretmagicword # hint; default is unset + + # if there are multiple groups in --idp-h-grp, they are separated by one of the characters in RE + idp-gsep: |:;+, # default + + # where to store the known IdP users/groups (if you run multiple copyparty instances, make sure they use different DBs) + idp-db: $XDG_CONFIG_PATH/.copyparty/idp.db # default + + # how to use --idp-db; [0] = entirely disable, [1] = write-only (effectively disabled), [2] = remember users, [3] = remember users and groups. + # └─NOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP + idp-store: 1 # default + + # comma-separated list of users allowed to use /?idp (the cache management UI) + idp-adm: ben,jerry # hint; default is unset + + # generate a session-token for IdP users which is written to cookie cppws (or cppwd if plaintext), to reduce the load on the IdP server, lifetime S seconds. + # └─note: The expiration time is a client hint only; the actual lifetime of the session-token is infinite (until next restart with --ses-db wiped) + idp-cookie: 600 # hint; default=0=disabled + + # disable basic-authentication support; do not accept passwords from the 'Authenticate' header at all. NOTE: This breaks support for the android app + no-bauth + + # keeps basic-authentication enabled, but only as a last-resort; if a cookie is also provided then the cookie wins + bauth-last + + # where to store the sessions database (if you run multiple copyparty instances, make sure they use different DBs) + ses-db: $XDG_CONFIG_PATH/.copyparty/sessions.db # default + + # session key length; default is 120 bits ((20//4)*4*6) + ses-len: 20 + + # disable sessions; use plaintext passwords in cookies + no-ses + + # REPEATABLE: users with IP matching CIDR are auto-authenticated as username USR; example: [172.16.24.0/24=dave] + ipu: CIDR=USR # placeholder + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// user-changeable passwords options \\0000000000000000000000000000000000000000000000000000\ + + # allow users to change their own passwords + chpw + + # REPEATABLE: do not allow password-changes for this comma-separated list of usernames + chpw-no: ole,dole,doffen # hint; default is unset + + # where to store the passwords database (if you run multiple copyparty instances, make sure they use different DBs) + chpw-db: $XDG_CONFIG_PATH/.copyparty/chpw.json + + # minimum password length + chpw-len: 8 # default + + # verbosity of summary on config load [0] = nothing at all, [1] = number of users, [2] = list users with default-pw, [3] = list all users + chpw-v: 2 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// Zeroconf options \\000000000000000000000000000000000000000000000000000000000000000000000\ + + # enable all zeroconf backends (mdns, ssdp) + z + + # enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes + # └─example: eth0, wlo1, virhost0, 192.168.123.0/24, fd00:fda::/96 + z-on: NETS # placeholder; default is unset + + # disable zeroconf on the comma-separated list of subnets and/or interface names/indexes + z-off: NETS # placeholder; default is unset + + # check for network changes every SEC seconds (0=disable) + z-chk: 10 # default + + # verbose all zeroconf backends + zv + + # rejoin multicast groups every SEC seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [300] or [180] + # └─note: can be due to firewalls; make sure UDP port 5353 is open in both directions (on clients too) + mc-hop: 0 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// Zeroconf-mDNS options; also see --help-zm \\00000000000000000000000000000000000000000000\ + + # announce the enabled protocols over mDNS (multicast DNS-SD) -- compatible with KDE, gnome, macOS, ... + zm + + # enable mDNS ONLY on the comma-separated list of subnets and/or interface names/indexes + zm-on: NETS # placeholder; default is unset + + # disable mDNS on the comma-separated list of subnets and/or interface names/indexes + zm-off: NETS # placeholder; default is unset + + # IPv4 only -- try this if some clients can't connect + zm4 + + # IPv6 only + zm6 + + # verbose mdns + zmv + + # verboser mdns + zmvv + + # mute parser errors (invalid incoming MDNS packets) + zm-no-pe + + # disable workaround for avahi-bug #379 (corruption in Avahi's mDNS reflection feature) + zm-nwa-1 + + # list of services to announce -- d=webdav h=http f=ftp s=smb -- lowercase=plaintext uppercase=TLS -- default: all enabled services except http/https (Ddfs if --ftp and --smb is set, Dd otherwise) + zms: dhf # probably default + + # link a specific folder for webdav shares + zm-ld: /public/stuff # hint; default is unset (webroot) + + # link a specific folder for http shares + zm-lh: /public/stuff # hint; default is unset (webroot) + + # link a specific folder for ftp shares + zm-lf: /public/stuff # hint; default is unset (webroot) + + # link a specific folder for smb shares + zm-ls: /public/stuff # hint; default is unset (webroot) + + # merge NICs which share subnets; assume that same subnet means same network + zm-mnic + + # merge subnets on each NIC -- always enabled for ipv6 -- reduces network load, but gnome-gvfs clients may stop working, and clients cannot be in subnets that the server is not + zm-msub + + # disable NSEC replies -- try this if some clients don't see copyparty + zm-noneg + + # send unsolicited announce every SEC; useful if clients have IPs in a subnet which doesn't overlap with the server, or to avoid some firewall issues + zm-spam: 0 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// Zeroconf-SSDP options \\0000000000000000000000000000000000000000000000000000000000000000\ + + # announce the enabled protocols over SSDP -- compatible with Windows + zs + + # enable SSDP ONLY on the comma-separated list of subnets and/or interface names/indexes + zs-on: NETS # placeholder; default is unset + + # disable SSDP on the comma-separated list of subnets and/or interface names/indexes + zs-off: NETS # placeholder; default is unset + + # verbose SSDP + zsv + + # location to include in the url (or a complete external URL), for example [priv/?pw=hunter2] (goes directly to /priv/ with password hunter2) or [?hc=priv&pw=hunter2] (shows mounting options for /priv/ with password) + zsl: /?hc # default + + # USN (device identifier) to announce + zsid: UUID # placeholder; default is an autogenerated UUID + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// FTP options (TCP only) \\000000000000000000000000000000000000000000000000000000000000000\ + + # enable FTP server on PORT, for example 3921 + ftp: 3921 # hint; default is unset + + # enable FTPS server on PORT, for example 3990 + ftps: 3990 # hint; default is unset + + # verbose + ftpv + + # only listen on IPv4 + ftp4 + + # only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] + ftp-ipa: CIDR # placeholder + + # if target file exists, reject upload instead of overwrite + ftp-no-ow + + # grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than SEC seconds ago) + ftp-wt: 7 # default + + # the NAT address to use for passive connections + ftp-nat: 192.168.1.13 # hint; default is unset + + # the range of TCP ports to use for passive connections, for example 12000-13000 + ftp-pr: 12000-12099 # hint; default is unset + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// WebDAV options \\00000000000000000000000000000000000000000000000000000000000000000000000\ + + # enable full write support, even if client may not be webdav. WARNING: This has side-effects -- PUT-operations will now OVERWRITE existing files, rather than inventing new filenames to avoid loss of data. You might want to instead set this as a volflag where needed. By not setting this flag, uploaded files can get written to a filename which the client does not expect (which might be okay, depending on client) + daw + + # allow depth:infinite requests (recursive file listing); extremely server-heavy but required for spec compliance -- luckily few clients rely on this + dav-inf + + # disable apple-garbage filter -- allow macos to create junk files (._* and .DS_Store, .Spotlight-*, .fseventsd, .Trashes, .AppleDouble, __MACOS) + dav-mac + + # show symlink-destination's lastmodified instead of the link itself; always enabled for recursive listings + # πŸ“‚ also available as volflag "davrt" + dav-rt + + # force auth for all folders (required by davfs2 when only some folders are world-readable) + # πŸ“‚ also available as volflag "davauth" + dav-auth + + # regex of tricky user-agents which expect 401 from GET requests; disable with [no] or blank + dav-ua1: kioworker/ # default (KDE) + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// TFTP options (UDP only) \\00000000000000000000000000000000000000000000000000000000000000\ + + # enable TFTP server on PORT, for example 69 or 3969 + tftp: 3969 # hint; default is unset + + # only listen on IPv4 + tftp4 + + # verbose + tftpv + + # verboser + tftpvv + + # debug: disable optimizations + tftp-no-fast + + # return a directory listing if a file with this name is requested and it does not exist; defaults matches .ls, dir, .dir.txt, ls.txt, ... + tftp-lsf: \.?(dir|ls)(\.txt)? # default + + # if someone tries to download a directory, return an error instead of showing its directory listing + tftp-nols + + # only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] + tftp-ipa: CIDR # placeholder + + # the range of UDP ports to use for data transfer, for example 12000-13000 + tftp-pr: 12100-12199 # hint; default is unset + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// SMB/CIFS options \\000000000000000000000000000000000000000000000000000000000000000000000\ + + # enable smb (read-only) -- this requires running copyparty as root on linux and macos unless --smb-port is set above 1024 and your OS does port-forwarding from 445 to that. + # └─WARNING: this protocol is DANGEROUS and buggy! Never expose to the internet! + smb + + # enable write support (please dont) + smbw + + # disable SMBv2, only enable SMBv1 (CIFS) + smb1 + + # port to listen on -- if you change this value, you must NAT from TCP:445 to this port using iptables or similar + smb-port: 445 # default + + # truncate directory listings to 64kB (~400 files); avoids impacket-0.11 bug, fixes impacket-0.12 performance + smb-nwa-1 + + # disable impacket workaround for filecopy globs + smb-nwa-2 + + # small performance boost: disable per-account permissions, enables account coalescing instead (if one user has write/delete-access, then everyone does) + smba + + # verbose + smbv + + # verboser + smbvv + + # verbosest + smbvvv + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// handlers (see --help-handlers) \\0000000000000000000000000000000000000000000000000000000\ + + # REPEATABLE: handle 404s by executing PY file + on404: ~/bin/on404.py # hint; default is unset + on404: ~/bin/on404season2.py + + # REPEATABLE: handle 403s by executing PY file + on403: ~/bin/on403.py # hint; default is unset + + # recompile handlers on each request -- expensive but convenient when hacking on stuff + hot-handlers + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// event hooks (see --help-hooks) \\0000000000000000000000000000000000000000000000000000000\ + + # REPEATABLE: execute CMD before a file upload starts + xbu: ~/bin/execute-before-upload.py # hint; default is unset + + # REPEATABLE: execute CMD after a file upload finishes + xau: ~/bin/execute-after-upload.py # hint; default is unset + + # REPEATABLE: execute CMD after all uploads finish and volume is idle + xiu: ~/bin/execute-idle-upload.py # hint; default is unset + + # REPEATABLE: execute CMD before a file copy + xbc: ~/bin/execute-before-copy.py # hint; default is unset + + # REPEATABLE: execute CMD after a file copy + xac: ~/bin/execute-after-copy.py # hint; default is unset + + # REPEATABLE: execute CMD before a file move/rename + xbr: ~/bin/execute-before-rename.py # hint; default is unset + + # REPEATABLE: execute CMD after a file move/rename + xar: ~/bin/execute-after-rename.py # hint; default is unset + + # REPEATABLE: execute CMD before a file delete + xbd: ~/bin/execute-before-delete.py # hint; default is unset + + # REPEATABLE: execute CMD after a file delete + xad: ~/bin/execute-after-delete.py # hint; default is unset + + # REPEATABLE: execute CMD on message + xm: ~/bin/execute-on-message.py # hint; default is unset + + # REPEATABLE: execute CMD if someone gets banned (pw/404/403/url) + xban: ~/bin/execute-on-ban.py # hint; default is unset + + # verbose hooks + hook-v + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// grafana/prometheus metrics endpoint \\00000000000000000000000000000000000000000000000000\ + + # enable openmetrics at /.cpr/metrics for admin accounts + stats + + # disable disk-space metrics (used/free space) + nos-hdd + + # disable volume size metrics (num files, total bytes, vmaxb/vmaxn) + nos-vol + + # disable volume state metrics (indexing, analyzing, activity) + nos-vst + + # disable dupe-files metrics (good idea; very slow) + nos-dup + + # disable unfinished-uploads metrics + nos-unf + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// yolo options \\0000000000000000000000000000000000000000000000000000000000000000000000000\ + + # disable csrf protections; let other domains/sites impersonate you through cross-site requests + allow-csrf + + # allow cookies from other domains (if you follow a link from another website into your server, you will arrive logged-in); this reduces protection against CSRF + cookie-lax + + # permit ?move=[...] and ?delete as GET + getmod + + # allow users with write-only access to upload logues and readmes without adding the _wo_ filename prefix + # πŸ“‚ also available as volflag "wo_up_readme" + wo-up-readme + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// opt-outs \\00000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # never write anything to disk (debug/benchmark) + nw + + # do not disable quick-edit-mode on windows (it is disabled to avoid accidental text selection in the terminal window, as this would pause execution) + keep-qem + + # disable webdav support + no-dav + + # disable delete operations + no-del + + # disable move/rename operations + no-mv + + # disable copy operations + no-cp + + # no title hostname; don't show --name in + nth + + # no info hostname -- don't show in UI + nih + + # no info disk-usage -- don't show in UI + nid + + # no powered-by-copyparty branding in UI + nb + + # reject download-as-zip if more than N files in total; optionally takes a unit suffix: [256], [9K], [4G] + # πŸ“‚ also available as volflag "zipmaxn" + zipmaxn: N # placeholder; default is unset + + # reject download-as-zip if total download size exceeds SZ bytes; optionally takes a unit suffix: [256M], [4G], [2T] + # πŸ“‚ also available as volflag "zipmaxs" + zipmaxs: SZ # placeholder; default is unset + + # custom errormessage when download size exceeds max + # πŸ“‚ also available as volflag "zipmaxt" + zipmaxt: TXT # placeholder; default is unset + + # authenticated users bypass the zip size limit + # πŸ“‚ also available as volflag "zipmaxu" + zipmaxu + + # who can download as zip/tar? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access (volflag=zip_who) + # └─WARNING: if a nested volume has a more restrictive value than a parent volume, then this will be ignored if the download is initiated from the parent, more lenient volume + zip-who: 3 # default + + # regex of user-agents to reject from download-as-zip/tar; disable with [no] or blank + ua-nozip: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default + + # disable download as zip/tar; same as --zip-who=0 + no-zip + + # disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...) + no-tarcmp + + # do not allow clients (or server config) to schedule an upload to be deleted after a given time + no-lifetime + + # disable race-the-beam (lockstep download of files which are currently being uploaded) + # πŸ“‚ also available as volflag "nopipe" + no-pipe + + # disable streaming a growing files with ?tail + # πŸ“‚ also available as volflag "notail" + no-tail + + # do not write uploader-IP into the database; will also disable unpost, you may want --forget-ip instead + # πŸ“‚ also available as volflag "no_db_ip" + no-db-ip + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// safety options \\00000000000000000000000000000000000000000000000000000000000000000000000\ + + # increase safety: Disable thumbnails / potentially dangerous software (ffmpeg/pillow/vips), hide partial uploads, avoid crawlers. + # └─Alias of --dotpart --no-thumb --no-mtag-ff --no-robots --force-js + s + + # further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s. + # └─Alias of -s --unpost=0 --no-del --no-mv --hardlink --vague-403 -nih + ss + + # further increase safety: Enable logging to disk, scan for dangerous symlinks. + # └─Alias of -ss --no-dav --no-logues --no-readme -lo=cpp-%Y-%m%d-%H%M%S.txt.xz --ls=**,*,ln,p,r + sss + + # do a sanity/safety check of all volumes on startup; arguments USER,VOL,FLAGS (see --help-ls); example [**,*,ln,p,r] + ls: **,*,ln,p,r # hint; default is unset + + # never follow symlinks leaving the volume root, unless the link is into another volume where the user has similar access + # πŸ“‚ also available as volflag "xvol" + xvol + + # stay within the filesystem of the volume root; do not descend into other devices (symlink or bind-mount to another HDD, ...) + # πŸ“‚ also available as volflag "xdev" + xdev + + # disallow moving dotfiles; makes it impossible to move folders containing dotfiles + no-dot-mv + + # disallow renaming dotfiles; makes it impossible to turn something into a dotfile + no-dot-ren + + # disable rendering .prologue/.epilogue.html into directory listings + no-logues + + # disable rendering readme/preadme.md into directory listings + no-readme + + # send 404 instead of 403 (security through ambiguity, very enterprise) + vague-403 + + # don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore --no-robots + force-js + + # adds http and html headers asking search engines to not index anything + # πŸ“‚ also available as volflag "norobots" + no-robots + + # logout clients after H hours of inactivity; [0.0028]=10sec, [0.1]=6min, [24]=day, [168]=week, [720]=month, [8760]=year) + logout: 8086 # default + + # more than N wrong passwords in W minutes = ban for B minutes; disable with [no] + ban-pw: 9,60,1440 # default + + # more than N password-changes in W minutes = ban for B minutes; disable with [no] + ban-pwc: 5,60,1440 # default + + # hitting more than N 404's in W minutes = ban for B minutes; only affects users who cannot see directory listings because their access is either g/G/h + ban-404: 50,60,1440 # default + + # hitting more than N 403's in W minutes = ban for B minutes; [1440]=day, [10080]=week, [43200]=month + ban-403: 9,2,1440 # default + + # hitting more than N 422's in W minutes = ban for B minutes (invalid requests, attempted exploits ++) + ban-422: 9,2,1440 # default + + # hitting more than N sus URL's in W minutes = ban for B minutes; applies only to permissions g/G/h (decent replacement for --ban-404 if that can't be used) + ban-url: 9,2,1440 # default + + # URLs which are considered sus / eligible for banning; disable with blank or [no] + sus-urls: \.php$|(^|/)wp-(admin|content|includes)/ # default + + # harmless URLs ignored from 404-bans; disable with blank or [no] + nonsus-urls: ^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known # default + + # if a client is banned, reject its connection as soon as possible; not a good idea to enable when proxied behind cloudflare since it could ban your reverse-proxy + early-ban + + # if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0 + aclose: 10 # default + + # if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [0] + loris: 60 # default + + # Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [https://1.2.3.4]. Default [*] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives + acao: * # default + + # Access-Control-Allow-Methods; list of methods to accept from offsite ('*' behaves like --acao's description) + acam: GET,HEAD # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// salting options \\0000000000000000000000000000000000000000000000000000000000000000000000\ + + # account-pw hashing algorithm; one of these, best to worst: argon2 scrypt sha2 none (each optionally followed by alg-specific comma-sep. config) + ah-alg: argon2 # hint; default is unset + + # account-pw salt; ignored if --ah-alg is none (default) + ah-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ + + # generate hashed password for PW, or read passwords from STDIN if PW is [-] + ah-gen: PW # placeholder + + # launch an interactive shell which hashes passwords without ever storing or displaying the original passwords + ah-cli + + # per-file accesskey salt; used to generate unpredictable URLs for hidden files + fk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ + + # per-directory accesskey salt; used to generate unpredictable URLs to share folders with users who only have the 'get' permission + dk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ + + # up2k file-hash salt; serves no purpose, no reason to change this (but delete all databases if you do) + warksalt: hunter2 # default + + # on startup, print the effective value of --ah-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) + show-ah-salt + + # on startup, print the effective value of --fk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) + show-fk-salt + + # on startup, print the effective value of --dk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) + show-dk-salt + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// shutdown options \\000000000000000000000000000000000000000000000000000000000000000000000\ + + # continue running even if it's impossible to listen on some of the requested endpoints + ign-ebind + + # continue running even if it's impossible to receive connections at all + ign-ebind-all + + # shutdown after WHEN has finished; [cfg] config parsing, [idx] volscan + multimedia indexing + exit: WHEN # placeholder; default is unset + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// logging options \\0000000000000000000000000000000000000000000000000000000000000000000000\ + + # quiet; disable most STDOUT messages + q + + # logfile, example: cpp-%Y-%m%d-%H%M%S.txt.xz (NB: some errors may appear on STDOUT only) + lo: PATH # placeholder + + # disable colors; same as environment-variable NO_COLOR + no-ansi + + # force colors; overrides environment-variable NO_COLOR + ansi + + # don't flush the logfile after each write; tiny bit faster + no-logflush + + # do not list volumes and permissions on startup + no-voldump + + # do not use local timezone; assume the TZ env-var is UTC (tiny bit faster) + log-utc + + # timestamp resolution / number of timestamp decimals + log-tdec: 3 # default + + # log failed login attempt passwords: 0=terse, 1=plaintext, 2=hashed + log-badpwd: 1 # default + + # debug: print tcp-server msgs + log-conn + + # debug: print http-server threadpool scaling + log-htp + + # print request HEADER; [*]=all + ihead: user-agent # hint; default is unset + + # print response HEADER; [*]=all + ohead: set-cooke # hint; default is unset + + # dont log URLs matching regex RE + lf-url: ^/\.cpr/|[?&]th=[wjp]|/\.(_|ql_|DS_Store$|localized$) # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// admin panel options \\000000000000000000000000000000000000000000000000000000000000000000\ + + # disable ?reload=cfg (reload users/volumes/volflags from config file) + no-reload + + # disable ?scan (volume reindexing) + no-rescan + + # disable ?stack (list all stacks) + no-stack + + # disable ?ru (list of recent uploads) + no-ups-page + + # don't show list of incoming files in controlpanel + no-up-list + + # who can see active downloads in the controlpanel? [0]=nobody, [1]=admins, [2]=everyone + dl-list: 2 # default + + # who can see recent uploads on the ?ru page? [0]=nobody, [1]=admins, [2]=everyone + # πŸ“‚ also available as volflag "ups_who" + ups-who: 2 # default + + # let everyone see upload timestamps on the ?ru page, not just admins + ups-when + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// thumbnail options \\00000000000000000000000000000000000000000000000000000000000000000000\ + + # disable all thumbnails + # πŸ“‚ also available as volflag "dthumb" + no-thumb + + # disable video thumbnails + # πŸ“‚ also available as volflag "dvthumb" + no-vthumb + + # disable audio thumbnails (spectrograms) + # πŸ“‚ also available as volflag "dathumb" + no-athumb + + # thumbnail res + # πŸ“‚ also available as volflag "thsize" + th-size: 320x256 # default + + # num cpu cores to use for generating thumbnails + th-mt: 4 # hint; default is autodetect + + # conversion timeout in seconds + # πŸ“‚ also available as volflag "convt" + th-convt: 60 # default + + # max memory usage (GiB) permitted by thumbnailer; not very accurate + th-ram-max: 3 # hint; default is 60% of free ram at startup (some conditions apply) + + # crop thumbnails to 4:3 or keep dynamic height; client can override in UI unless force. [y]=crop, [n]=nocrop, [fy]=force-y, [fn]=force-n + # πŸ“‚ also available as volflag "crop" + th-crop: y # default + + # show thumbs at 3x resolution; client can override in UI unless force. [y]=yes, [n]=no, [fy]=force-yes, [fn]=force-no + # πŸ“‚ also available as volflag "th3x" + th-x3: n # default + + # image decoders, in order of preference + th-dec: vips,pil,ff # default + + # disable jpg output + th-no-jpg + + # disable webp output + th-no-webp + + # force jpg output for video thumbs (avoids issues on some FFmpeg builds) + th-ff-jpg + + # use swresample instead of soxr for audio thumbs (faster, lower accuracy, avoids issues on some FFmpeg builds) + th-ff-swr + + # activity labeling cooldown -- avoids doing keepalive pokes (updating the mtime) on thumbnail folders more often than SEC seconds + th-poke: 300 # default + + # cleanup interval; 0=disabled + th-clean: 43200 # default + + # max folder age -- folders which haven't been poked for longer than --th-poke seconds will get deleted every --th-clean seconds + th-maxage: 604800 # default + + # folder thumbnails to stat/look for; enabling -e2d will make these case-insensitive, and try them as dotfiles (.folder.jpg), and also automatically select thumbnails for all folders that contain pics, even if none match this pattern + th-covers: folder.png,folder.jpg,cover.png,cover.jpg # default + + # image formats to decode using pillow + th-r-pil: a,very,long,list,of,file,extensions # hint + + # image formats to decode using pyvips + th-r-vips: a,very,long,list,of,file,extensions # hint + + # image formats to decode using ffmpeg + th-r-ffi: a,very,long,list,of,file,extensions # hint + + # video formats to decode using ffmpeg + th-r-ffv: a,very,long,list,of,file,extensions # hint + + # audio formats to decode using ffmpeg + th-r-ffa: a,very,long,list,of,file,extensions # hint + + # audio formats which provoke https://trac.ffmpeg.org/ticket/10797 (huge ram usage for s3xmodit spectrograms) + th-spec-cnv: a,very,long,list,of,file,extensions # hint + + # audio/image formats to decompress before passing to ffmpeg + au-unpk: mdz=mod.zip, mdgz=mod.gz, mdxz=mod.xz, and so on + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// transcoding options \\000000000000000000000000000000000000000000000000000000000000000000\ + + # target bitrate for transcoding to opus; set 0 to disable + q-opus: 128 # default + + # target quality for transcoding to mp3, for example [192k] (CBR) or [q0] (CQ/CRF, q0=maxquality, q9=smallest); set 0 to disable + q-mp3: q2 # default + + # allow transcoding to wav (lossless, uncompressed) + allow-wav + + # allow transcoding to flac (lossless, compressed) + allow-flac + + # disable transcoding to caf-opus (affects iOS v12~v17), will use mp3 instead + no-caf + + # disable transcoding to webm-opus (iOS v18 and later), will use mp3 instead + no-owa + + # disable audio transcoding + no-acode + + # disable batch audio transcoding by folder download (zip/tar) + no-bacode + + # delete cached transcode output after SEC seconds + ac-maxage: 86400 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// tailing options (realtime streaming of a growing file) \\0000000000000000000000000000000\ + + # who can tail? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access + # πŸ“‚ also available as volflag "tail_who" + tail-who: 2 # default + + # do not allow starting a new tail if more than N active downloads + tail-cmax: 64 # default + + # terminate connection after SEC seconds; [0]=never + # πŸ“‚ also available as volflag "tail_tmax" + tail-tmax: 0 # default + + # check for new data every SEC seconds + # πŸ“‚ also available as volflag "tail_rate" + tail-rate: 0.2 # default + + # send a zerobyte if connection is idle for SEC seconds to prevent disconnect + tail-ka: 3 # default + + # check if file was replaced (new fd) if idle for SEC seconds + # πŸ“‚ also available as volflag "tail_fd" + tail-fd: 1 # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// RSS options \\00000000000000000000000000000000000000000000000000000000000000000000000000\ + + # enable RSS output (experimental) + # πŸ“‚ also available as volflag "rss" + rss + + # default number of files to return (url-param 'nf') + rss-nf: 250 # default + + # default list of file extensions to include (url-param 'fext'); blank=all + rss-fext: mp3,opus # hint; default is unset + + # default sort order (url-param 'sort'); [m]=last-modified [u]=upload-time [n]=filename [s]=filesize; Uppercase=oldest-first. Note that upload-time is 0 for non-uploaded files + rss-sort: m # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// general db options \\0000000000000000000000000000000000000000000000000000000000000000000\ + + # enable up2k database; this enables file search, upload-undo, improves deduplication + e2d + + # scan writable folders for new files on startup; sets -e2d + e2ds + + # scans all folders on startup; sets -e2ds + e2dsa + + # verify file integrity; rehash all files and compare with db + e2v + + # on hash mismatch: update the database with the new hash + e2vu + + # on hash mismatch: panic and quit copyparty + e2vp + + # where to store volume data (db, thumbs); default is a folder named ".hist" inside each volume + # πŸ“‚ also available as volflag "hist" + hist: PATH # placeholder; default is unset + + # override where the volume databases are to be placed; default is the same as --hist + # πŸ“‚ also available as volflag "dbpath" + dbpath: PATH # placeholder; default is unset + + # regex: disable hashing of matching absolute-filesystem-paths during e2ds folder scans + # πŸ“‚ also available as volflag "nohash" + no-hash: ^/mnt/nas/linux-isos/knoppix/ + + # regex: disable indexing of matching absolute-filesystem-paths during e2ds folder scans + # πŸ“‚ also available as volflag "noidx" + no-idx: ^/mnt/nas/logs/ + + # do not show total recursive size of folders in listings, show inode size instead; slightly faster + # πŸ“‚ also available as volflag "nodirsz" + no-dirsz + + # if the directory-sizes in the UI are bonkers, use this along with -e2dsa to rebuild the index from scratch + re-dirsz + + # disable rescan acceleration; do full database integrity check -- makes the db ~5% smaller and bootup/rescans 3~10x slower + no-dhash + + # force a cache rebuild on startup; enable this once if it gets out of sync (should never be necessary) + re-dhash + + # never forget indexed files, even when deleted from disk -- makes it impossible to ever upload the same file twice -- only useful for offloading uploads to a cloud service or something + # πŸ“‚ also available as volflag "noforget" + no-forget + + # remove uploader-IP from database (and make unpost impossible) MIN minutes after upload, for GDPR reasons. Default [0] is never-forget. [1440]=day, [10080]=week, [43200]=month. + # πŸ“‚ also available as volflag "forget_ip" + forget-ip: 0 # default (disabled) + + # database durability profile; sets the tradeoff between robustness and speed, see --help-dbd + # πŸ“‚ also available as volflag "dbd" + dbd: wal # default + + # on upload: check all volumes for dupes, not just the target volume (probably buggy, not recommended) + # πŸ“‚ also available as volflag "xlink" + xlink + + # num cpu cores to use for file hashing; set 0 or 1 for single-core hashing + hash-mt: 4 # default is autodetect but max 5 + + # rescan filesystem for changes every SEC seconds; 0=off + # πŸ“‚ also available as volflag "scan" + re-maxage: 0 # default + + # defer any scheduled volume reindexing until SEC seconds after last db write (uploads, renames, ...) + db-act: 10 # default + + # search deadline -- terminate searches running for more than SEC seconds + srch-time: 45 # default + + # max search results to allow clients to fetch; 125 results will be shown initially + srch-hits: 7999 # default + + # regex: exclude files from search results if the file-URL matches PTN (case-sensitive) + # πŸ“‚ also available as volflag "srch_excl" + srch-excl: password|logs/[0-9] # hint (any URL containing 'password' or 'logs/DIGIT'), default is unset + + # show dotfiles in search results (volflags: dotsrch | nodotsrch) + dotsrch + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// metadata db options \\000000000000000000000000000000000000000000000000000000000000000000\ + + # enable metadata indexing; makes it possible to search for artist/title/codec/resolution/... + e2t + + # scan newly discovered files for metadata on startup; sets -e2t + e2ts + + # delete all metadata from DB and do a full rescan; sets -e2ts + e2tsr + + # use FFprobe for tags instead; will detect more tags + no-mutagen + + # never use FFprobe as tag reader; is probably safer + no-mtag-ff + + # timeout for FFprobe tag-scan + mtag-to: 60 # default + + # num cpu cores to use for tag scanning + mtag-mt: 4 # hint; default is autodetect + + # verbose tag scanning; print errors from mtp subprocesses and such + mtag-v + + # debug mtp settings and mutagen/FFprobe parsers + mtag-vv + + # REPEATABLE: add/replace metadata mapping + mtm: qux=foo,bar # hint (clone metadata-key foo to qux with bar as fallback); default is unset + + # tags to index/display (comma-sep.); either an entire replacement list, or add/remove stuff on the default-list with +foo or /bar" + mte: .files,circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,vc,ac,fmt,res,.fps,ahash,vhash # default + + # tags to hide by default (comma-sep.); assign/add/remove same as -mte" + mth: .vq,.aq,vc,ac,fmt,res,.fps # default + + # REPEATABLE: read tag M using program BIN to parse the file + mtp: .bpm=~/bin/audio-bpm.py # hint; default is unset + mtp: key=f,t5,~/bin/audio-key.py + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// textfile options \\000000000000000000000000000000000000000000000000000000000000000000000\ + + # where to store old version of markdown files; [s]=subfolder, [v]=volume-histpath, [n]=nope/disabled + # πŸ“‚ also available as volflag "md_hist" + md-hist: s # default + + # the textfile editor will check for serverside changes every SEC seconds + mcr: 60 # default + + # enable markdown plugins -- neat but dangerous, big XSS risk + emp + + # enable textfile expansion -- replace {{self.ip}} and such; see --help-exp + # πŸ“‚ also available as volflag "exp" + exp + + # comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan + # πŸ“‚ also available as volflag "exp_md" + exp-md: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default + + # comma/space-separated list of placeholders to expand in prologue/epilogue files + # πŸ“‚ also available as volflag "exp_lg" + exp-lg: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default + + # regex of user-agents to reject from viewing documents through ?doc=[...]; disable with [no] or blank + ua-nodoc: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// og / open graph / discord-embed options \\0000000000000000000000000000000000000000000000\ + + # disable hotlinking and return an html document instead; this is required by open-graph, but can also be useful on its own + # πŸ“‚ also available as volflag "og" + og + + # only disable hotlinking / engage OG behavior if the useragent matches regex RE + # πŸ“‚ also available as volflag "og_ua" + og-ua: (Discord|Twitter|Slack)bot # hint; default is unset + + # do not return the regular copyparty html, but instead load the jinja2 template at PATH (if path contains 'EXT' then EXT will be replaced with the requested file's extension) + # πŸ“‚ also available as volflag "og_tpl" + og-tpl: /var/copyparty/opengraph-EXT.j2 # hint; default is unset + + # do not automatically add OG entries into <head> (useful if you're doing this yourself in a template or such) + # πŸ“‚ also available as volflag "og_no_head" + og-no-head + + # thumbnail format; j=jpeg, jf=jpeg-uncropped, jf3=jpeg-uncropped-large, w=webm, ... + # πŸ“‚ also available as volflag "og_th" + og-th: jf3 # default + + # fallback title if there is nothing in the -e2t database + # πŸ“‚ also available as volflag "og_title" + og-title: HEY CHECK THIS OUT # hint; default is blank + + # audio title format; takes any metadata key + # πŸ“‚ also available as volflag "og_title_a" + og-title-a: 🎡 {{ artist }} - {{ title }} # default + + # video title format; takes any metadata key + # πŸ“‚ also available as volflag "og_title_v" + og-title-v: {{ title }} # default + + # image title format; takes any metadata key + # πŸ“‚ also available as volflag "og_title_i" + og-title-i: {{ title }} # default + + # force default title; do not read from tags + # πŸ“‚ also available as volflag "og_s_title" + og-s-title + + # description text; same for all files, disable with [-] + # πŸ“‚ also available as volflag "og_desc" + og-desc: bottom text # hint; default is blank + + # sitename; defaults to --name, disable with [-] + # πŸ“‚ also available as volflag "og_site" + og-site: dank memes # hint; default is blank which means it'll copy the `name` global-option + + # accent color (3 or 6 hex digits); may also affect safari and/or android-chrome + # πŸ“‚ also available as volflag "tcolor" + tcolor: 333 # default (copyparty gray) + + # query-string parceling; translate a request for /foo/.uqe/BASE64 into /foo?TEXT, or /foo/?TEXT if the first character in TEXT is a slash. Automatically enabled for --og + uqe + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// ui options \\000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # show grid/thumbnails by default + # πŸ“‚ also available as volflag "grid" + grid + + # select files in grid by ctrl-click + # πŸ“‚ also available as volflag "gsel" + gsel + + # default to local timezone instead of UTC + localtime + + # language; one of the following: eng nor chi + lang: eng # default + + # default theme to use (0..7) + theme: 0 # default + + # number of themes installed + themes: 8 # default + + # default audio/video volume percent + au-vol: 50 # default; anything 0-100 + + # default sort order, comma-separated column IDs (see header tooltips), prefix with '-' for descending. Examples: href -href ext sz ts tags/Album tags/.tn + # πŸ“‚ also available as volflag "sort" + sort: href # default + + # default-enable natural sort of filenames with leading numbers + # πŸ“‚ also available as volflag "nsort" + nsort + + # number of sorting rules to include in media URLs by default + # πŸ“‚ also available as volflag "hsortn" + hsortn: 2 # default + + # default-enable seeing dotfiles; only takes effect if user has the necessary permissions + see-dots + + # number of confirmations to show when deleting files (2/1/0) + qdel: 2 # default + + # don't show files/folders matching REGEX in file list. WARNING: Purely cosmetic! Does not affect API calls, just the browser. Example: [\.(js|css)$] + # πŸ“‚ also available as volflag "unlist" + unlist: REGEX # placeholder + + # favicon-text [ foreground [ background ] ], set blank to disable + favico: c 000 none # default + + # REPEATABLE: use thumbnail-image VP for file-extension E, example: [exe=/.res/exe.png] + # πŸ“‚ also available as volflag "ext_th" + ext-th: 7z=/.icons/archive.png # hint; default is unset + ext-th: exe=/.icons/glass-of-red-liquid.png + + # emoji or emoji,css Example: [πŸ₯–,padding:0] + spinner: 🌲 # default + + # URL to additional CSS to include in the filebrowser html + css-browser: /.res/rice.css # hint; default is unset + + # URL to additional JS to include in the filebrowser html + js-browser: /.res/mousetrail.js # hint; default is unset + + # URL to additional JS to include in all other pages + js-other: /.res/snowflakes.jpg # hint; default is unset + + # text to append to the <head> of all HTML pages (except for basic-browser); can be @PATH to send the contents of a file at PATH, and/or begin with % to render as jinja2 template + # πŸ“‚ also available as volflag "html_head" + html-head: <script>alert(1);</script> # hint; default is unset + + # if a folder contains index.html, show that instead of the directory listing by default (can be changed in the client settings UI, or add ?v to URL for override) + ih + + # file extensions to present as plaintext + textfiles: txt,nfo,diz,cue,readme # default + + # max size of embedded textfiles on ?doc= (anything bigger will be lazy-loaded by JS) + txt-max: 64 # default + + # title / service-name to show in html documents + doctitle: copyparty @ --name # default (--name will copy from global-option `name`) + + # server name (displayed in filebrowser document title) + bname: --name # default (copy global-option `name`) + + # powered-by link; disable with -nb + pb-url: https://github.com/9001/copyparty # default + + # show version on the control panel (incompatible with -nb) + ver + + # configure the option to enable/disable k304 on the controlpanel (workaround for buggy reverse-proxies); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on + k304: 0 # default + + # configure the option to enable/disable no304 on the controlpanel (workaround for buggy caching in browsers); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on + no304: 0 # default + + # list of capabilities to allow in the iframe 'sandbox' attribute for README.md docs (volflag=md_sbf); see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox + md-sbf: downloads forms popups scripts top-navigation-by-user-activation # default + + # list of capabilities to allow in the iframe 'sandbox' attribute for prologue/epilogue docs + # πŸ“‚ also available as volflag "lg_sbf" + lg-sbf: downloads forms popups scripts top-navigation-by-user-activation # default + + # the value of the iframe 'allow' attribute for README.md docs, for example [fullscreen] + # πŸ“‚ also available as volflag "md_sba" + md-sba: fullscreen # hint; default is blank + + # the value of the iframe 'allow' attribute for prologue/epilogue docs (volflag=lg_sba); see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#iframes + lg-sba: TXT # placeholder + + # don't sandbox README/PREADME.md documents (volflags: no_sb_md | sb_md) + no-sb-md + + # don't sandbox prologue/epilogue docs (volflags: no_sb_lg | sb_lg); enables non-js support + no-sb-lg + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// debug options \\000000000000000000000000000000000000000000000000000000000000000000000000\ + + # verbose config file parser (explain config) + vc + + # generate config file from current config (best-effort; probably buggy) + cgen + + # list information about detected optional dependencies + deps + + # kernel-bug workaround: disable poll; use select instead (limits max num clients to ~700) + no-poll + + # kernel-bug workaround: disable sendfile; do a safe and slow read-send-loop instead + no-sendfile + + # kernel-bug workaround: disable scandir; do a listdir + stat on each file instead + no-scandir + + # wait for initial filesystem indexing before accepting client requests + no-fastboot + + # disable httpserver threadpool, create threads as-needed instead + no-htp + + # when listening on unix-sockets, do a basic delete+bind instead of the default atomic bind + rm-sck + + # explain search processing, and do some extra expensive sanity checks + srch-dbg + + # use mdns-domain instead of server-ip on /?hc + rclone-mdns + + # write stacktrace to Path every S second, for example --stackmon=./st/%Y-%m/%d/%H%M.xz,60 + stackmon: P,S # placeholder + + # list active threads every SEC + log-thrs: 0 # default + + # log filekey params for files where path matches REGEX; [.] (a single dot) = all files + log-fk: /mnt/a-problematic-fuse/this-folder-breaks-filekeys/ # hint; default is unset + + # [up2k] if a client uploads a bitflipped/corrupted chunk, store a copy according to --bf-nc and --bf-dir + bak-flips + + # bak-flips: stop if there's more than NUM files at --kf-dir already; default: 6.3 GiB max (200*32M) + bf-nc: 200 # default + + # bak-flips: store corrupted chunks at PATH; default: folder named 'bf' wherever copyparty was started + bf-dir: /srv/bitflips/ # hint; default = bf + + # bak-flips: log corruption info to a textfile at PATH + bf-log: /srv/bitflips/the-history.txt # hint; default is unset + + ############################################################################################### + ############################################################################################### + ############################################################################################### + ############################################################################################### + ############################################################################################### + ############################################################################################### + #####/ + ##### This is the end of the [global] config section + ####/ + +[accounts] + foo: bar # username foo, password bar + +[groups] + g1: u1, u2, u3 # group "g1" with users u1, u2, and u3 + +[/the/url/to/share/this/volume/on/] + /the/actual/filesystem/path/ + accs: + r: username_who_gets_Read_access + w: username_who_gets_Write_access + m: username_who_gets_Move_access + d: username_who_gets_Delete_access + .: username_who_can_see_Dotfiles + g: username_who_gets_Get_access + G: username_who_gets_upGet_access + h: username_who_gets_html_access + a: username_who_gets_admin_access + A: username_who_gets_ReadWriteMoveDeleteDotfileAdmin_access + rwm: @g1 # the group "g1" gets Read+Write+Move + flags: + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// uploads, general \\000000000000000000000000000000000000000000000000000000000000000000000\ + + # enable symlink-based file deduplication + dedup + + # enable hardlink-based file deduplication, with fallback on symlinks when that is impossible + hardlink + + # dedup with hardlink only, never symlink; make a full copy if hardlink is impossible + hardlinkonly + + # enable reflink-based file deduplication, with fallback on full copy when that is impossible + reflink + + # verify on-disk data before using it for dedup + safededup + + # take dupe data from clients, even if available on HDD + noclone + + # rejects existing files (instead of linking/cloning them) + nodupe + + # unix-permission for new dirs/folders + chmod_d: 755 + + # unix-permission for new files + chmod_f: 644 + + # change owner of new files/folders to unix-user 573 + uid: 573 + + # change owner of new files/folders to unix-group 999 + gid: 999 + + # force use of sparse files, mainly for s3-backed storage + sparse + + # deny use of sparse files, mainly for slow storage + nosparse + + # enable full WebDAV write support (dangerous); PUT-operations will now OVERWRITE existing files + daw + + # forces all uploads into the top folder of the vfs + nosub + + # enables filetype detection for nameless uploads + magic + + # fallback filename for nameless uploads + put_name + + # default checksum-hasher for PUT/WebDAV uploads + put_ck + + # default checksum-hasher for bup/basic uploads + bup_ck + + # allows server-side gzip compression of uploads with ?gz + gz + + # allows server-side lzma compression of uploads with ?xz + xz + + # forces server-side compression, optional arg: xz,9 + pk + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// upload rules \\0000000000000000000000000000000000000000000000000000000000000000000000000\ + + # max 250 uploads over 15min + maxn: 250,600 + + # max 1 GiB over 5min (suffixes: b, k, m, g, t) + maxb: 1g,300 + + # total volume size max 1 GiB (suffixes: b, k, m, g, t) + vmaxb: 1g + + # max 4096 files in volume (suffixes: b, k, m, g, t) + vmaxn: 4k + + # return medialinks for non-up2k uploads (not hotlinks) + medialinks + + # write-only users can upload logues without getting renamed + wo_up_readme + + # force randomized filenames, 9 chars long by default + rand + + # randomized filenames are N chars long + nrand: N + + # overwrite existing files? 0=no 1=if-older 2=always + u2ow: N + + # [f]orce [c]lient-last-modified or [u]pload-time + u2ts: fc + + # allow aborting unfinished uploads? 0=no 1=strict 2=ip-chk 3=acct-chk + u2abort: 1 + + # allow filesizes between 1 KiB and 3MiB + sz: 1k-3m + + # ensure 1 GiB free disk space + df: 1g + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// upload rotation -- (moves all uploads into the specified folder structure) \\00000000000\ + + # 3 levels of subfolders with 100 entries in each + rotn: 100,3 + + # date-formatted organizing + rotf: %Y-%m/%d-%H + + # uploads are deleted after 1 hour + lifetime: 3600 + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// database, general \\00000000000000000000000000000000000000000000000000000000000000000000\ + + # enable database; makes files searchable + enables upload-undo + e2d + + # scan writable folders for new files on startup; also sets -e2d + e2ds + + # scans all folders for new files on startup; also sets -e2d + e2dsa + + # enable multimedia indexing; makes it possible to search for tags + e2t + + # scan existing files for tags on startup; also sets -e2t + e2ts + + # delete all metadata from DB (full rescan); also sets -e2ts + e2tsr + + # disables metadata collection for existing files + d2ts + + # verify integrity on startup by hashing files and comparing to db + e2v + + # when e2v fails, update the db (assume on-disk files are good) + e2vu + + # when e2v fails, panic and quit copyparty + e2vp + + # disables onboot indexing, overrides -e2ds* + d2ds + + # disables metadata collection, overrides -e2t* + d2t + + # disables file verification, overrides -e2v* + d2v + + # disables all database stuff, overrides -e2* + d2d + + # puts thumbnails and indexes at that location + hist: /tmp/cdb + + # puts indexes at that location + dbpath: /tmp/cdb + + # disable db if file foo doesn't exist + landmark: foo + + # scan for new files every 60sec, same as --re-maxage + scan: 60 + + # skips hashing file contents if path matches *.iso + nohash: \.iso$ + + # fully ignores the contents at paths matching *.iso + noidx: \.iso$ + + # don't forget files when deleted from disk + noforget + + # forget uploader-IP after 30 days (GDPR) + forget_ip: 43200 + + # never store uploader-IP in the db; disables unpost + no_db_ip + + # avoid excessive reindexing on android sdcardfs + fat32 + + # database speed-durability tradeoff + dbd: [acid|swal|wal|yolo] + + # cross-volume dupe detection / linking (dangerous) + xlink + + # do not descend into other filesystems + xdev + + # do not follow symlinks leaving the volume root + xvol + + # show dotfiles in search results + dotsrch + + # hide dotfiles in search results (default) + nodotsrch + + # exclude search results with URL matching this regex + srch_excl + + # media-tags to index/display + mte: artist,title + + # media-tags to hide by default + mth: fmt,res,ac + + # uses the "audio-bpm.py" program to generate ".bpm" tags from uploads (f = overwrite tags) + mtp: .bpm=f,audio-bpm.py + + # collects two tags at once + mtp: ahash,vhash=media-hash.py + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// thumbnails \\000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # disables all thumbnails + dthumb + + # disables video thumbnails + dvthumb + + # disables audio thumbnails (spectrograms) + dathumb + + # disables image thumbnails + dithumb + + # compress audio waveforms 33% better + pngquant + + # thumbnail res; WxH + thsize + + # center-cropping (y/n/fy/fn) + crop + + # 3x resolution (y/n/fy/fn) + th3x + + # conversion timeout in seconds + convt + + # use /b.png as thumbnail for file-extension s + ext_th: s=/b.png + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// handlers -- (better explained in --help-handlers) \\000000000000000000000000000000000000\ + + # handle 404s by executing PY file + on404: ~/bin/hook.py + + # handle 403s by executing PY file + on403: ~/bin/hook.py + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// event hooks -- (better explained in --help-hooks) \\000000000000000000000000000000000000\ + + # execute CMD before a file upload starts + xbu: ~/bin/hook.py + + # execute CMD after a file upload finishes + xau: ~/bin/hook.py + + # execute CMD after all uploads finish and volume is idle + xiu: ~/bin/hook.py + + # execute CMD before a file copy + xbc: ~/bin/hook.py + + # execute CMD after a file copy + xac: ~/bin/hook.py + + # execute CMD before a file rename/move + xbr: ~/bin/hook.py + + # execute CMD after a file rename/move + xar: ~/bin/hook.py + + # execute CMD before a file delete + xbd: ~/bin/hook.py + + # execute CMD after a file delete + xad: ~/bin/hook.py + + # execute CMD on message + xm: ~/bin/hook.py + + # execute CMD if someone gets banned + xban: ~/bin/hook.py + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// client and ux \\000000000000000000000000000000000000000000000000000000000000000000000000\ + + # show grid/thumbnails by default + grid + + # select files in grid by ctrl-click + gsel + + # default sort order + sort + + # natural-sort of leading digits in filenames + nsort + + # number of sort-rules to add to media URLs + hsortn + + # dont list files matching REGEX + unlist + + # includes TXT in the <head>, or @PATH for file at PATH + html_head: <script>alert(1);</script> + + # theme color (a hint for webbrowsers, discord, etc.) + tcolor: #fc0 + + # don't show total folder size + nodirsz + + # allows indexing by search engines (default) + robots + + # kindly asks search engines to leave + norobots + + # don't list read-access in controlpanel + unlistcr + + # don't list write-access in controlpanel + unlistcw + + # disable js sandbox for markdown files + no_sb_md + + # disable js sandbox for prologue/epilogue + no_sb_lg + + # enable js sandbox for markdown files (default) + sb_md + + # enable js sandbox for prologue/epilogue (default) + sb_lg + + # list of markdown-sandbox safeguards to disable + md_sbf + + # list of *logue-sandbox safeguards to disable + lg_sbf + + # value of iframe allow-prop for markdown-sandbox + md_sba + + # value of iframe allow-prop for *logue-sandbox + lg_sba + + # return html and markdown as text/html + nohtml + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// opengraph (discord embeds) \\00000000000000000000000000000000000000000000000000000000000\ + + # enable OG (disables hotlinking) + og + + # sitename; defaults to --name, disable with '-' + og_site + + # description text for all files; disable with '-' + og_desc + + # thumbnail format; j / jf / jf3 / w / w3 / ... + og_th: jf + + # audio title format; default: {{ artist }} - {{ title }} + og_title_a + + # video title format; default: {{ title }} + og_title_v + + # image title format; default: {{ title }} + og_title_i + + # fallback title if there's nothing in the db + og_title: foo + + # force default title; do not read from tags + og_s_title + + # custom html; see --og-tpl in --help + og_tpl + + # you want to add tags manually with og_tpl + og_no_head + + # if defined: only send OG html if useragent matches this regex + og_ua + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// textfiles \\0000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # where to put markdown backups; s=subfolder, v=volHist, n=nope + md_hist + + # enable textfile expansion; see --help-exp + exp + + # placeholders to expand in markdown files; see --help + exp_md + + # placeholders to expand in prologue/epilogue; see --help + exp_lg + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// tailing \\000000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # disable ?tail (download a growing file continuously) + notail + + # check if file was replaced (new fd) every 1 sec + tail_fd: 1 + + # check for new data every 0.2 sec + tail_rate: 0.2 + + # kill connection after 30 sec + tail_tmax: 30 + + # restrict ?tail access (1=admins,2=authed,3=everyone) + tail_who: 2 + + ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ + ###// others \\0000000000000000000000000000000000000000000000000000000000000000000000000000000\ + + # allow all users with read-access to enable the option to show dotfiles in listings + dots + + # generates per-file accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes + fk: 8 + + # generates slightly weaker per-file accesskeys, which are then required at the "g" permission; not affected by filesize or inode numbers + fka: 8 + + # generates per-directory accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes + dk: 8 + + # per-directory accesskeys allow browsing into subdirs + dks + + # allow seeing files (not folders) inside a specific folder with "g" perm, and does not require a valid dirkey to do so + dky + + # allow '?rss' URL suffix (experimental) + rss + + # expensive analysis for mimetype accuracy + rmagic + + # restrict viewing the list of recent uploads + ups_who: 2 + + # restrict access to download-as-zip/tar + zip_who: 2 + + # reject download-as-zip if more than 9000 files + zipmaxn: 9k + + # reject download-as-zip if size over 2 GiB + zipmaxs: 2g + + # reply with 'no' if download-as-zip exceeds max + zipmaxt: no + + # zip-size-limit does not apply to authenticated users + zipmaxu + + # disable race-the-beam (download unfinished uploads) + nopipe + + # ms-windows: timeout for renaming busy files + mv_retry + + # ms-windows: timeout for deleting busy files + rm_retry + + # ask webdav clients to login for all folders + davauth + + # show lastmod time of symlink destination, not the link itself (note: this option is always enabled for recursive listings) + davrt