# not actually YAML but lets pretend: # -*- mode: yaml -*- # vim: ft=yaml: ## this config-file does not make any sense at all, and will not work anywhere ## ## it is a nearly-complete example of every config option and how each can be used, ## but will NOT be maintained, it's just to get a feel for how the config works ## ## this file was initially generated by and based on: ## cat copyparty/__main__.py | awk -F\" -vp1=$(printf %090d 0) '/arse.SUPPRE/{next}/add_argument_group/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};{m=""}/metavar=/{m=": "$4}/add_argument\(/{h=$0;sub(/.*, help="/,"",h);sub(/"\)$/,"",h);k=$2;sub(/^-+/,"",k);printf"\n # %s\n %s%s\n",h,k,m}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/;s/\\033\[[^m]*[0-9]m//g;s/ \(volflag=([^)]+)\)$/\n # πŸ“‚ also available as volflag "\1"/' | xsel -ib ## grep -A9001 ^flagcats copyparty/cfg.py | grep -B9001 ^flagdescs | awk -F\" -vp1=$(printf %090d 0) '/^ "/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};/^ [^ ]/{k=$0;h=$0;sub(/^ +./,"",k);sub(/.: .*/,"",k);sub(/[^:]+: ./,"",h);sub(/.,$/,"",h);sub(/=/,": ",k);printf"\n # %s\n %s\n",h,k}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/' | xsel -ib [global] ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// general options \\0000000000000000000000000000000000000000000000000000000000000000000000\ # REPEATABLE: add a config file; add multiple by repeating the option c: /etc/some.conf c: /etc/another.conf # max num clients; will not accept more http/https connections at this point nc: 1024 # max num cpu cores, 0=all, 1=default=recommended j: 4 # enable the ?dots url parameter / client option which allows clients to see dotfiles / hidden files # πŸ“‚ also available as volflag "dots" ed # how to handle url-form POSTs; see --help-urlform urlform: save,get # server terminal title, for example [$ip-10.1.2.] or [$ip-] wintitle: $ip-10.1.2. # server name (displayed topleft in browser and in mDNS) name: mogra # REPEATABLE: map file EXTension to MIMEtype, for example [jpg=image/jpeg] mime: qoi=image/x-qoi mime: adf=application/x-amiga-disk-format # list default mimetype mapping and exit mimes # do expensive analysis to improve accuracy of returned mimetypes; will make file-downloads, rss, and webdav slower # πŸ“‚ also available as volflag "rmagic" rmagic # show licenses and exit license # show versions and exit version ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// qr options \\000000000000000000000000000000000000000000000000000000000000000000000000000\ # show http:// QR-code on startup qr # show https:// QR-code on startup qrs # location to include in the url, for example [priv/?pw=hunter2] qrl: uploads/?pw=okletsgo # hint # select IP which starts with PREFIX; [.] to force default IP when mDNS URL would have been used instead qri: 192.168. # hint # foreground; try [0] if the qr-code is unreadable qr-fg: 46 # hint; default=0=black # background (white=255) qr-bg: 92 # hint; default=229=parchment # padding (spec says 4 or more, but 1 is usually fine) qrp: 2 # hint # [1]=1x, [2]=2x, [0]=auto (try [2] on broken fonts) qrz: 2 # hint ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// filesystem options \\0000000000000000000000000000000000000000000000000000000000000000000\ # if a file cannot be deleted because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0 # πŸ“‚ also available as volflag "rm_retry" rm-retry: 15/0.1 # default on windows; 0 on unix # if a file cannot be renamed because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0 # πŸ“‚ also available as volflag "mv_retry" mv-retry: 15/0.1 # default on windows; 0 on unix # file I/O buffer-size; if your volumes are on a network drive, try increasing to 524288 or even 4194304 (and let me know if that improves your performance) iobuf: 262144 # default # rebuild mountpoint cache every SEC to keep track of sparse-files support; keep low on servers with removable media mtab-age: 60 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// share-url options \\00000000000000000000000000000000000000000000000000000000000000000000\ # toplevel virtual folder for shared files/folders, for example [/share] shr: /shares # hint; default is unset # database to store shares in shr-db: $XDG_CONFIG_PATH/.copyparty/shares.db # default (and yes, $ENV will expand in configs) # comma-separated list of users allowed to view/delete any share shr-adm: ame,same # hint # shares can be revived by their owner if they expired less than MIN minutes ago; [60]=hour, [1440]=day, [10080]=week shr-rt: 1440 # default # debug shr-v ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// upload options \\00000000000000000000000000000000000000000000000000000000000000000000000\ # dotfile incomplete uploads, hiding them from clients unless -ed dotpart # when avoiding filename collisions by appending the uploader's ip to the filename: append the plaintext ip instead of salting and hashing the ip plain-ip # filename for nameless uploads (when uploader doesn't provide a name); default is [put-UNIXTIME-IP.bin] (the .6f means six decimal places) # πŸ“‚ also available as volflag "put_name" put-name: put-{now.6f}-{cip}.bin # default # default checksum-hasher for PUT/WebDAV uploads: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s # πŸ“‚ also available as volflag "put_ck" put-ck: sha512 # default # default checksum-hasher for bup/basic-uploader: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s # πŸ“‚ also available as volflag "bup_ck" bup-ck: sha512 # default # grace period where uploads can be deleted by the uploader, even without delete permissions; 0=disabled, default=12h unpost: 43200 # default (12h) # clients can abort incomplete uploads by using the unpost tab (requires -e2d). [0] = never allowed (disable feature), [1] = allow if client has the same IP as the upload AND is using the same account, [2] = just check the IP, [3] = just check account-name # πŸ“‚ also available as volflag "u2abort" u2abort: 1 # default # file write grace period (any client can write to a blank file last-modified more recently than SEC seconds ago) blank-wt: 300 # default # max number of uploads to keep in memory when running without -e2d; roughly 1 MiB RAM per 600 reg-cap: 38400 # default # disable file-handle pooling -- instead, repeatedly close and reopen files during upload (bad idea to enable this on windows and/or cow filesystems) no-fpool # force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...) use-fpool # unix file permissions to use when creating files; default is probably 644 (OS-decided), see --help-chmod. Examples: [644] = owner-RW + all-R, [755] = owner-RWX + all-RX, [777] = full-yolo # πŸ“‚ also available as volflag "chmod_f" chmod-f: 644 # hint; default is unset # unix file permissions to use when creating directories; see --help-chmod. Examples: [755] = owner-RW + all-R, [777] = full-yolo # πŸ“‚ also available as volflag "chmod_d" chmod-d: 755 # default # unix user-id to chown new files/folders to; default = -1 = do-not-change # πŸ“‚ also available as volflag "uid" uid: 1000 # hint # unix group-id to chown new files/folders to; default = -1 = do-not-change # πŸ“‚ also available as volflag "gid" gid: 573 # hint # enable symlink-based upload deduplication # πŸ“‚ also available as volflag "dedup" dedup # how careful to be when deduplicating files; [1] = just verify the filesize, [50] = verify file contents have not been altered # πŸ“‚ also available as volflag "safededup" safe-dedup: 50 # default # enable hardlink-based dedup; will fallback on symlinks when that is impossible (across filesystems) # πŸ“‚ also available as volflag "hardlink" hardlink # do not fallback to symlinks when a hardlink cannot be made # πŸ“‚ also available as volflag "hardlinkonly" hardlink-only # enable reflink-based dedup; will fallback on full copies when that is impossible (non-CoW filesystem) # πŸ“‚ also available as volflag "reflink" reflink # reject duplicate files during upload; only matches within the same volume # πŸ“‚ also available as volflag "nodupe" no-dupe # do not use existing data on disk to satisfy dupe uploads; reduces server HDD reads in exchange for much more network load # πŸ“‚ also available as volflag "noclone" no-clone # disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually no-snap # write upload state to ./hist/up2k.snap every SEC seconds; allows resuming incomplete uploads after a server crash snap-wri: 300 # default # forget unfinished uploads after MIN minutes; impossible to resume them after that (360=6h, 1440=24h) snap-drop: 1440 # default # how to timestamp uploaded files; [c]=client-last-modified, [u]=upload-time, [fc]=force-c, [fu]=force-u # πŸ“‚ also available as volflag "u2ts" u2ts: c # default # force randomized filenames, --nrand chars long # πŸ“‚ also available as volflag "rand" rand # randomized filenames length # πŸ“‚ also available as volflag "nrand" nrand: 9 # default # enable filetype detection on nameless uploads # πŸ“‚ also available as volflag "magic" magic # ensure GiB free disk space by rejecting upload requests; assumes gigabytes unless a unit suffix is given: [256m], [4], [2T] # πŸ“‚ also available as volflag "df" df: 4 # hint; default=0 # windows-only: minimum size of incoming uploads through up2k before they are made into sparse files sparse: 4 # default # configure turbo-mode in up2k client; [-1] = forbidden/always-off, [0] = default-off and warn if enabled, [1] = default-off, [2] = on, [3] = on and disable datecheck turbo: 0 # default # when to use a wasm-hasher instead of the browser's builtin; faster on chrome, but buggy in older chrome versions. [0] = only when necessary (non-https), [1] = always (all browsers), [2] = always on chrome/firefox, [3] = always on chrome, [N] = chrome-version N and newer (recommendation: 137) nosubtle: 0 # default # web-client: number of file chunks to upload in parallel; 1 or 2 is good when latency is low (same-country), 2~4 for android-clients, 2~6 for cross-atlantic. Max is 6 in most browsers. Big values increase network-speed but may reduce HDD-speed u2j: 2 # default # web-client: default upload chunksize (MiB); sets min,default,max in the settings gui. Each HTTP POST will aim for default, and never exceed max. Cloudflare max is 96. Big values are good for cross-atlantic but may increase HDD fragmentation on some FS. Disable this optimization with [1,1,1] u2sz: 1,64,96 # default # web-client: default setting for when to replace/overwrite existing files; [0]=never, [1]=if-client-newer, [2]=always # πŸ“‚ also available as volflag "u2ow" u2ow: 0 # default # upload order; [s]=smallest-first, [n]=alphabetical, [fs]=force-s, [fn]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine u2sort: s # default # write POST reports to textfiles in working-directory write-uplog ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// network options \\0000000000000000000000000000000000000000000000000000000000000000000000\ # IPs and/or unix-sockets to listen on, COMMA-SEPARATED LIST (see --help-bind). Default: all IPv4 and IPv6 i: 192.168.0.1,::1,unix:770:www:/dev/shm/party.sock # hint; default=:: # ports to listen on (comma/range); ignored for unix-sockets p: 3923,4001-4005 # hint; default=3923 # include link-local IPv4/IPv6 in mDNS replies, even if the NIC has routable IPs (breaks some mDNS clients) ll # which ip to associate clients with; [0]=tcp, [1]=origin (first x-fwd, unsafe), [2]=outermost-proxy, [3]=second-proxy, [-1]=closest-proxy rproxy: 1 # default # if reverse-proxied, which http header to read the client's real ip from xff-hdr: x-forwarded-for # default # list of trusted reverse-proxy CIDRs (comma-separated); only accept the real-ip header (--xff-hdr) and IdP headers if the incoming connection is from an IP within either of these subnets. Specify [lan] to allow all LAN / private / non-internet IPs. Can be disabled with [any] if you are behind cloudflare (or similar) and are using --xff-hdr=cf-connecting-ip (or similar) xff-src: 127.0.0.0/8, ::1/128 # default # only accept connections from IP-addresses inside CIDR (comma-separated); examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] ipa: 10.89.0.0/16, 192.168.33.0/24 # hint; default is unset # if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here; example: [/foo/bar] rp-loc: /files # hint; default is unset # set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances reuseaddr # allow listening on IPs which do not yet exist, for example if the network interfaces haven't finished going up. Only makes sense for IPs other than '0.0.0.0', '127.0.0.1', '::', and '::1'. May require running as root (unless net.ipv6.ip_nonlocal_bind) freebind # write list of listening-on ip:port to textfile at PATH when http-servers have started wr-h-eps: /dev/shm/listening-on.txt # hint; default is unset # write list of accessible-on ip:port to textfile at PATH when http-servers have started wr-h-aon: /dev/shm/accessible-on.txt # hint; default is unset # socket timeout (read request header) s-thead: 120 # default # socket timeout (read/write request/response bodies). Use 60 on fast servers (default is extremely safe). Disable with 0 if reverse-proxied for a 2% speed boost s-tbody: 128 # default # socket read size in bytes (indirectly affects filesystem writes; recommendation: keep equal-to or lower-than --iobuf) s-rd-sz: 262144 # default # socket write size in bytes s-wr-sz: 262144 # default # debug: socket write delay in seconds s-wr-slp: 0 # default # debug: response delay in seconds rsp-slp: 0 # default # debug: response delay, random duration 0..SEC rsp-jtr: 0 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// SSL/TLS options \\0000000000000000000000000000000000000000000000000000000000000000000000\ # disable ssl/tls -- force plaintext http-only # disable plaintext -- force tls https-only # path to file containing a concatenation of TLS key and certificate chain cert: $XDG_CONFIG_PATH/.copyparty/cert.pem # default # set allowed ssl/tls versions; [help] shows available versions; default is what your python version considers safe ssl-ver: ssl3,tls10 # hint; default is unset # set allowed ssl/tls ciphers; [help] shows available ciphers ciphers: xtea,rot13 # hint; default is unset # dump some tls info ssl-dbg # log master secrets for later decryption in wireshark ssl-log: /mnt/stash/gotem.log # hint; default is unset ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// TLS certificate generator options \\0000000000000000000000000000000000000000000000000000\ # disable automatic certificate creation no-crt # comma-separated list of FQDNs (domains) to add into the certificate crt-ns: example.com,fileshare.nasa.gov # do not add wildcard entries for each --crt-ns crt-exact # do not add autodetected IP addresses into cert crt-noip # do not add 127.0.0.1 / localhost into cert crt-nolo # do not add mDNS names / hostname into cert crt-nohn # where to save the CA cert crt-dir: $XDG_CONFIG_PATH/.copyparty/ # default # ca-certificate expiration time in days crt-cdays: 3650 # default # server-cert expiration time in days crt-sdays: 365 # default # CA/server-cert common-name crt-cn: partyco # default # override CA name crt-cnc: --crt-cn # default = copy the above # override server-cert name crt-cns: --crt-cnc # default = copy the above # backdate in hours crt-back: 72 # default # algorithm and keysize; one of these: ecdsa-256 rsa-4096 rsa-2048 crt-alg: ecdsa-256 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// IdP / identity provider / user authentication options \\00000000000000000000000000000000\ # bypass the copyparty authentication checks if the request-header HN contains a username to associate the request with (for use with authentik/oauth/...) # └─WARNING: if you enable this, make sure clients are unable to specify this header themselves; must be washed away and replaced by a reverse-proxy idp-h-usr: idp-username # hint; default is unset # assume the request-header HN contains the groupname of the requesting user; can be referenced in config files for group-based access control idp-h-grp: idp-groups # hint; default is unset # optional but recommended safeguard; your reverse-proxy will insert a secret header named HN into all requests, and the other IdP headers will be ignored if this header is not present idp-h-key: supersecretmagicword # hint; default is unset # if there are multiple groups in --idp-h-grp, they are separated by one of the characters in RE idp-gsep: |:;+, # default # where to store the known IdP users/groups (if you run multiple copyparty instances, make sure they use different DBs) idp-db: $XDG_CONFIG_PATH/.copyparty/idp.db # default # how to use --idp-db; [0] = entirely disable, [1] = write-only (effectively disabled), [2] = remember users, [3] = remember users and groups. # └─NOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP idp-store: 1 # default # comma-separated list of users allowed to use /?idp (the cache management UI) idp-adm: ben,jerry # hint; default is unset # generate a session-token for IdP users which is written to cookie cppws (or cppwd if plaintext), to reduce the load on the IdP server, lifetime S seconds. # └─note: The expiration time is a client hint only; the actual lifetime of the session-token is infinite (until next restart with --ses-db wiped) idp-cookie: 600 # hint; default=0=disabled # disable basic-authentication support; do not accept passwords from the 'Authenticate' header at all. NOTE: This breaks support for the android app no-bauth # keeps basic-authentication enabled, but only as a last-resort; if a cookie is also provided then the cookie wins bauth-last # where to store the sessions database (if you run multiple copyparty instances, make sure they use different DBs) ses-db: $XDG_CONFIG_PATH/.copyparty/sessions.db # default # session key length; default is 120 bits ((20//4)*4*6) ses-len: 20 # disable sessions; use plaintext passwords in cookies no-ses # REPEATABLE: users with IP matching CIDR are auto-authenticated as username USR; example: [172.16.24.0/24=dave] ipu: CIDR=USR # placeholder ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// user-changeable passwords options \\0000000000000000000000000000000000000000000000000000\ # allow users to change their own passwords chpw # REPEATABLE: do not allow password-changes for this comma-separated list of usernames chpw-no: ole,dole,doffen # hint; default is unset # where to store the passwords database (if you run multiple copyparty instances, make sure they use different DBs) chpw-db: $XDG_CONFIG_PATH/.copyparty/chpw.json # minimum password length chpw-len: 8 # default # verbosity of summary on config load [0] = nothing at all, [1] = number of users, [2] = list users with default-pw, [3] = list all users chpw-v: 2 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// Zeroconf options \\000000000000000000000000000000000000000000000000000000000000000000000\ # enable all zeroconf backends (mdns, ssdp) z # enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes # └─example: eth0, wlo1, virhost0, 192.168.123.0/24, fd00:fda::/96 z-on: NETS # placeholder; default is unset # disable zeroconf on the comma-separated list of subnets and/or interface names/indexes z-off: NETS # placeholder; default is unset # check for network changes every SEC seconds (0=disable) z-chk: 10 # default # verbose all zeroconf backends zv # rejoin multicast groups every SEC seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [300] or [180] # └─note: can be due to firewalls; make sure UDP port 5353 is open in both directions (on clients too) mc-hop: 0 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// Zeroconf-mDNS options; also see --help-zm \\00000000000000000000000000000000000000000000\ # announce the enabled protocols over mDNS (multicast DNS-SD) -- compatible with KDE, gnome, macOS, ... zm # enable mDNS ONLY on the comma-separated list of subnets and/or interface names/indexes zm-on: NETS # placeholder; default is unset # disable mDNS on the comma-separated list of subnets and/or interface names/indexes zm-off: NETS # placeholder; default is unset # IPv4 only -- try this if some clients can't connect zm4 # IPv6 only zm6 # verbose mdns zmv # verboser mdns zmvv # mute parser errors (invalid incoming MDNS packets) zm-no-pe # disable workaround for avahi-bug #379 (corruption in Avahi's mDNS reflection feature) zm-nwa-1 # list of services to announce -- d=webdav h=http f=ftp s=smb -- lowercase=plaintext uppercase=TLS -- default: all enabled services except http/https (Ddfs if --ftp and --smb is set, Dd otherwise) zms: dhf # probably default # link a specific folder for webdav shares zm-ld: /public/stuff # hint; default is unset (webroot) # link a specific folder for http shares zm-lh: /public/stuff # hint; default is unset (webroot) # link a specific folder for ftp shares zm-lf: /public/stuff # hint; default is unset (webroot) # link a specific folder for smb shares zm-ls: /public/stuff # hint; default is unset (webroot) # merge NICs which share subnets; assume that same subnet means same network zm-mnic # merge subnets on each NIC -- always enabled for ipv6 -- reduces network load, but gnome-gvfs clients may stop working, and clients cannot be in subnets that the server is not zm-msub # disable NSEC replies -- try this if some clients don't see copyparty zm-noneg # send unsolicited announce every SEC; useful if clients have IPs in a subnet which doesn't overlap with the server, or to avoid some firewall issues zm-spam: 0 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// Zeroconf-SSDP options \\0000000000000000000000000000000000000000000000000000000000000000\ # announce the enabled protocols over SSDP -- compatible with Windows zs # enable SSDP ONLY on the comma-separated list of subnets and/or interface names/indexes zs-on: NETS # placeholder; default is unset # disable SSDP on the comma-separated list of subnets and/or interface names/indexes zs-off: NETS # placeholder; default is unset # verbose SSDP zsv # location to include in the url (or a complete external URL), for example [priv/?pw=hunter2] (goes directly to /priv/ with password hunter2) or [?hc=priv&pw=hunter2] (shows mounting options for /priv/ with password) zsl: /?hc # default # USN (device identifier) to announce zsid: UUID # placeholder; default is an autogenerated UUID ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// FTP options (TCP only) \\000000000000000000000000000000000000000000000000000000000000000\ # enable FTP server on PORT, for example 3921 ftp: 3921 # hint; default is unset # enable FTPS server on PORT, for example 3990 ftps: 3990 # hint; default is unset # verbose ftpv # only listen on IPv4 ftp4 # only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] ftp-ipa: CIDR # placeholder # if target file exists, reject upload instead of overwrite ftp-no-ow # grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than SEC seconds ago) ftp-wt: 7 # default # the NAT address to use for passive connections ftp-nat: 192.168.1.13 # hint; default is unset # the range of TCP ports to use for passive connections, for example 12000-13000 ftp-pr: 12000-12099 # hint; default is unset ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// WebDAV options \\00000000000000000000000000000000000000000000000000000000000000000000000\ # enable full write support, even if client may not be webdav. WARNING: This has side-effects -- PUT-operations will now OVERWRITE existing files, rather than inventing new filenames to avoid loss of data. You might want to instead set this as a volflag where needed. By not setting this flag, uploaded files can get written to a filename which the client does not expect (which might be okay, depending on client) daw # allow depth:infinite requests (recursive file listing); extremely server-heavy but required for spec compliance -- luckily few clients rely on this dav-inf # disable apple-garbage filter -- allow macos to create junk files (._* and .DS_Store, .Spotlight-*, .fseventsd, .Trashes, .AppleDouble, __MACOS) dav-mac # show symlink-destination's lastmodified instead of the link itself; always enabled for recursive listings # πŸ“‚ also available as volflag "davrt" dav-rt # force auth for all folders (required by davfs2 when only some folders are world-readable) # πŸ“‚ also available as volflag "davauth" dav-auth # regex of tricky user-agents which expect 401 from GET requests; disable with [no] or blank dav-ua1: kioworker/ # default (KDE) ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// TFTP options (UDP only) \\00000000000000000000000000000000000000000000000000000000000000\ # enable TFTP server on PORT, for example 69 or 3969 tftp: 3969 # hint; default is unset # only listen on IPv4 tftp4 # verbose tftpv # verboser tftpvv # debug: disable optimizations tftp-no-fast # return a directory listing if a file with this name is requested and it does not exist; defaults matches .ls, dir, .dir.txt, ls.txt, ... tftp-lsf: \.?(dir|ls)(\.txt)? # default # if someone tries to download a directory, return an error instead of showing its directory listing tftp-nols # only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24] tftp-ipa: CIDR # placeholder # the range of UDP ports to use for data transfer, for example 12000-13000 tftp-pr: 12100-12199 # hint; default is unset ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// SMB/CIFS options \\000000000000000000000000000000000000000000000000000000000000000000000\ # enable smb (read-only) -- this requires running copyparty as root on linux and macos unless --smb-port is set above 1024 and your OS does port-forwarding from 445 to that. # └─WARNING: this protocol is DANGEROUS and buggy! Never expose to the internet! smb # enable write support (please dont) smbw # disable SMBv2, only enable SMBv1 (CIFS) smb1 # port to listen on -- if you change this value, you must NAT from TCP:445 to this port using iptables or similar smb-port: 445 # default # truncate directory listings to 64kB (~400 files); avoids impacket-0.11 bug, fixes impacket-0.12 performance smb-nwa-1 # disable impacket workaround for filecopy globs smb-nwa-2 # small performance boost: disable per-account permissions, enables account coalescing instead (if one user has write/delete-access, then everyone does) smba # verbose smbv # verboser smbvv # verbosest smbvvv ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// handlers (see --help-handlers) \\0000000000000000000000000000000000000000000000000000000\ # REPEATABLE: handle 404s by executing PY file on404: ~/bin/on404.py # hint; default is unset on404: ~/bin/on404season2.py # REPEATABLE: handle 403s by executing PY file on403: ~/bin/on403.py # hint; default is unset # recompile handlers on each request -- expensive but convenient when hacking on stuff hot-handlers ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// event hooks (see --help-hooks) \\0000000000000000000000000000000000000000000000000000000\ # REPEATABLE: execute CMD before a file upload starts xbu: ~/bin/execute-before-upload.py # hint; default is unset # REPEATABLE: execute CMD after a file upload finishes xau: ~/bin/execute-after-upload.py # hint; default is unset # REPEATABLE: execute CMD after all uploads finish and volume is idle xiu: ~/bin/execute-idle-upload.py # hint; default is unset # REPEATABLE: execute CMD before a file copy xbc: ~/bin/execute-before-copy.py # hint; default is unset # REPEATABLE: execute CMD after a file copy xac: ~/bin/execute-after-copy.py # hint; default is unset # REPEATABLE: execute CMD before a file move/rename xbr: ~/bin/execute-before-rename.py # hint; default is unset # REPEATABLE: execute CMD after a file move/rename xar: ~/bin/execute-after-rename.py # hint; default is unset # REPEATABLE: execute CMD before a file delete xbd: ~/bin/execute-before-delete.py # hint; default is unset # REPEATABLE: execute CMD after a file delete xad: ~/bin/execute-after-delete.py # hint; default is unset # REPEATABLE: execute CMD on message xm: ~/bin/execute-on-message.py # hint; default is unset # REPEATABLE: execute CMD if someone gets banned (pw/404/403/url) xban: ~/bin/execute-on-ban.py # hint; default is unset # verbose hooks hook-v ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// grafana/prometheus metrics endpoint \\00000000000000000000000000000000000000000000000000\ # enable openmetrics at /.cpr/metrics for admin accounts stats # disable disk-space metrics (used/free space) nos-hdd # disable volume size metrics (num files, total bytes, vmaxb/vmaxn) nos-vol # disable volume state metrics (indexing, analyzing, activity) nos-vst # disable dupe-files metrics (good idea; very slow) nos-dup # disable unfinished-uploads metrics nos-unf ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// yolo options \\0000000000000000000000000000000000000000000000000000000000000000000000000\ # disable csrf protections; let other domains/sites impersonate you through cross-site requests allow-csrf # allow cookies from other domains (if you follow a link from another website into your server, you will arrive logged-in); this reduces protection against CSRF cookie-lax # permit ?move=[...] and ?delete as GET getmod # allow users with write-only access to upload logues and readmes without adding the _wo_ filename prefix # πŸ“‚ also available as volflag "wo_up_readme" wo-up-readme ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// opt-outs \\00000000000000000000000000000000000000000000000000000000000000000000000000000\ # never write anything to disk (debug/benchmark) nw # do not disable quick-edit-mode on windows (it is disabled to avoid accidental text selection in the terminal window, as this would pause execution) keep-qem # disable webdav support no-dav # disable delete operations no-del # disable move/rename operations no-mv # disable copy operations no-cp # no title hostname; don't show --name in nth # no info hostname -- don't show in UI nih # no info disk-usage -- don't show in UI nid # no powered-by-copyparty branding in UI nb # reject download-as-zip if more than N files in total; optionally takes a unit suffix: [256], [9K], [4G] # πŸ“‚ also available as volflag "zipmaxn" zipmaxn: N # placeholder; default is unset # reject download-as-zip if total download size exceeds SZ bytes; optionally takes a unit suffix: [256M], [4G], [2T] # πŸ“‚ also available as volflag "zipmaxs" zipmaxs: SZ # placeholder; default is unset # custom errormessage when download size exceeds max # πŸ“‚ also available as volflag "zipmaxt" zipmaxt: TXT # placeholder; default is unset # authenticated users bypass the zip size limit # πŸ“‚ also available as volflag "zipmaxu" zipmaxu # who can download as zip/tar? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access (volflag=zip_who) # └─WARNING: if a nested volume has a more restrictive value than a parent volume, then this will be ignored if the download is initiated from the parent, more lenient volume zip-who: 3 # default # regex of user-agents to reject from download-as-zip/tar; disable with [no] or blank ua-nozip: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default # disable download as zip/tar; same as --zip-who=0 no-zip # disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...) no-tarcmp # do not allow clients (or server config) to schedule an upload to be deleted after a given time no-lifetime # disable race-the-beam (lockstep download of files which are currently being uploaded) # πŸ“‚ also available as volflag "nopipe" no-pipe # disable streaming a growing files with ?tail # πŸ“‚ also available as volflag "notail" no-tail # do not write uploader-IP into the database; will also disable unpost, you may want --forget-ip instead # πŸ“‚ also available as volflag "no_db_ip" no-db-ip ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// safety options \\00000000000000000000000000000000000000000000000000000000000000000000000\ # increase safety: Disable thumbnails / potentially dangerous software (ffmpeg/pillow/vips), hide partial uploads, avoid crawlers. # └─Alias of --dotpart --no-thumb --no-mtag-ff --no-robots --force-js s # further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s. # └─Alias of -s --unpost=0 --no-del --no-mv --hardlink --vague-403 -nih ss # further increase safety: Enable logging to disk, scan for dangerous symlinks. # └─Alias of -ss --no-dav --no-logues --no-readme -lo=cpp-%Y-%m%d-%H%M%S.txt.xz --ls=**,*,ln,p,r sss # do a sanity/safety check of all volumes on startup; arguments USER,VOL,FLAGS (see --help-ls); example [**,*,ln,p,r] ls: **,*,ln,p,r # hint; default is unset # never follow symlinks leaving the volume root, unless the link is into another volume where the user has similar access # πŸ“‚ also available as volflag "xvol" xvol # stay within the filesystem of the volume root; do not descend into other devices (symlink or bind-mount to another HDD, ...) # πŸ“‚ also available as volflag "xdev" xdev # disallow moving dotfiles; makes it impossible to move folders containing dotfiles no-dot-mv # disallow renaming dotfiles; makes it impossible to turn something into a dotfile no-dot-ren # disable rendering .prologue/.epilogue.html into directory listings no-logues # disable rendering readme/preadme.md into directory listings no-readme # send 404 instead of 403 (security through ambiguity, very enterprise) vague-403 # don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore --no-robots force-js # adds http and html headers asking search engines to not index anything # πŸ“‚ also available as volflag "norobots" no-robots # logout clients after H hours of inactivity; [0.0028]=10sec, [0.1]=6min, [24]=day, [168]=week, [720]=month, [8760]=year) logout: 8086 # default # more than N wrong passwords in W minutes = ban for B minutes; disable with [no] ban-pw: 9,60,1440 # default # more than N password-changes in W minutes = ban for B minutes; disable with [no] ban-pwc: 5,60,1440 # default # hitting more than N 404's in W minutes = ban for B minutes; only affects users who cannot see directory listings because their access is either g/G/h ban-404: 50,60,1440 # default # hitting more than N 403's in W minutes = ban for B minutes; [1440]=day, [10080]=week, [43200]=month ban-403: 9,2,1440 # default # hitting more than N 422's in W minutes = ban for B minutes (invalid requests, attempted exploits ++) ban-422: 9,2,1440 # default # hitting more than N sus URL's in W minutes = ban for B minutes; applies only to permissions g/G/h (decent replacement for --ban-404 if that can't be used) ban-url: 9,2,1440 # default # URLs which are considered sus / eligible for banning; disable with blank or [no] sus-urls: \.php$|(^|/)wp-(admin|content|includes)/ # default # harmless URLs ignored from 404-bans; disable with blank or [no] nonsus-urls: ^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known # default # if a client is banned, reject its connection as soon as possible; not a good idea to enable when proxied behind cloudflare since it could ban your reverse-proxy early-ban # if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0 aclose: 10 # default # if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [0] loris: 60 # default # Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [https://1.2.3.4]. Default [*] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives acao: * # default # Access-Control-Allow-Methods; list of methods to accept from offsite ('*' behaves like --acao's description) acam: GET,HEAD # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// salting options \\0000000000000000000000000000000000000000000000000000000000000000000000\ # account-pw hashing algorithm; one of these, best to worst: argon2 scrypt sha2 none (each optionally followed by alg-specific comma-sep. config) ah-alg: argon2 # hint; default is unset # account-pw salt; ignored if --ah-alg is none (default) ah-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ # generate hashed password for PW, or read passwords from STDIN if PW is [-] ah-gen: PW # placeholder # launch an interactive shell which hashes passwords without ever storing or displaying the original passwords ah-cli # per-file accesskey salt; used to generate unpredictable URLs for hidden files fk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ # per-directory accesskey salt; used to generate unpredictable URLs to share folders with users who only have the 'get' permission dk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/ # up2k file-hash salt; serves no purpose, no reason to change this (but delete all databases if you do) warksalt: hunter2 # default # on startup, print the effective value of --ah-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) show-ah-salt # on startup, print the effective value of --fk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) show-fk-salt # on startup, print the effective value of --dk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified) show-dk-salt ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// shutdown options \\000000000000000000000000000000000000000000000000000000000000000000000\ # continue running even if it's impossible to listen on some of the requested endpoints ign-ebind # continue running even if it's impossible to receive connections at all ign-ebind-all # shutdown after WHEN has finished; [cfg] config parsing, [idx] volscan + multimedia indexing exit: WHEN # placeholder; default is unset ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// logging options \\0000000000000000000000000000000000000000000000000000000000000000000000\ # quiet; disable most STDOUT messages q # logfile, example: cpp-%Y-%m%d-%H%M%S.txt.xz (NB: some errors may appear on STDOUT only) lo: PATH # placeholder # disable colors; same as environment-variable NO_COLOR no-ansi # force colors; overrides environment-variable NO_COLOR ansi # don't flush the logfile after each write; tiny bit faster no-logflush # do not list volumes and permissions on startup no-voldump # do not use local timezone; assume the TZ env-var is UTC (tiny bit faster) log-utc # timestamp resolution / number of timestamp decimals log-tdec: 3 # default # log failed login attempt passwords: 0=terse, 1=plaintext, 2=hashed log-badpwd: 1 # default # debug: print tcp-server msgs log-conn # debug: print http-server threadpool scaling log-htp # print request HEADER; [*]=all ihead: user-agent # hint; default is unset # print response HEADER; [*]=all ohead: set-cooke # hint; default is unset # dont log URLs matching regex RE lf-url: ^/\.cpr/|[?&]th=[wjp]|/\.(_|ql_|DS_Store$|localized$) # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// admin panel options \\000000000000000000000000000000000000000000000000000000000000000000\ # disable ?reload=cfg (reload users/volumes/volflags from config file) no-reload # disable ?scan (volume reindexing) no-rescan # disable ?stack (list all stacks) no-stack # disable ?ru (list of recent uploads) no-ups-page # don't show list of incoming files in controlpanel no-up-list # who can see active downloads in the controlpanel? [0]=nobody, [1]=admins, [2]=everyone dl-list: 2 # default # who can see recent uploads on the ?ru page? [0]=nobody, [1]=admins, [2]=everyone # πŸ“‚ also available as volflag "ups_who" ups-who: 2 # default # let everyone see upload timestamps on the ?ru page, not just admins ups-when ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// thumbnail options \\00000000000000000000000000000000000000000000000000000000000000000000\ # disable all thumbnails # πŸ“‚ also available as volflag "dthumb" no-thumb # disable video thumbnails # πŸ“‚ also available as volflag "dvthumb" no-vthumb # disable audio thumbnails (spectrograms) # πŸ“‚ also available as volflag "dathumb" no-athumb # thumbnail res # πŸ“‚ also available as volflag "thsize" th-size: 320x256 # default # num cpu cores to use for generating thumbnails th-mt: 4 # hint; default is autodetect # conversion timeout in seconds # πŸ“‚ also available as volflag "convt" th-convt: 60 # default # max memory usage (GiB) permitted by thumbnailer; not very accurate th-ram-max: 3 # hint; default is 60% of free ram at startup (some conditions apply) # crop thumbnails to 4:3 or keep dynamic height; client can override in UI unless force. [y]=crop, [n]=nocrop, [fy]=force-y, [fn]=force-n # πŸ“‚ also available as volflag "crop" th-crop: y # default # show thumbs at 3x resolution; client can override in UI unless force. [y]=yes, [n]=no, [fy]=force-yes, [fn]=force-no # πŸ“‚ also available as volflag "th3x" th-x3: n # default # image decoders, in order of preference th-dec: vips,pil,raw,ff # default # disable jpg output th-no-jpg # disable webp output th-no-webp # force jpg output for video thumbs (avoids issues on some FFmpeg builds) th-ff-jpg # use swresample instead of soxr for audio thumbs (faster, lower accuracy, avoids issues on some FFmpeg builds) th-ff-swr # activity labeling cooldown -- avoids doing keepalive pokes (updating the mtime) on thumbnail folders more often than SEC seconds th-poke: 300 # default # cleanup interval; 0=disabled th-clean: 43200 # default # max folder age -- folders which haven't been poked for longer than --th-poke seconds will get deleted every --th-clean seconds th-maxage: 604800 # default # folder thumbnails to stat/look for; enabling -e2d will make these case-insensitive, and try them as dotfiles (.folder.jpg), and also automatically select thumbnails for all folders that contain pics, even if none match this pattern th-covers: folder.png,folder.jpg,cover.png,cover.jpg # default # image formats to decode using pillow th-r-pil: a,very,long,list,of,file,extensions # hint # image formats to decode using pyvips th-r-vips: a,very,long,list,of,file,extensions # hint # image formats to decode using rawpy th-r-raw: a,very,long,list,of,file,extensions # hint # image formats to decode using ffmpeg th-r-ffi: a,very,long,list,of,file,extensions # hint # video formats to decode using ffmpeg th-r-ffv: a,very,long,list,of,file,extensions # hint # audio formats to decode using ffmpeg th-r-ffa: a,very,long,list,of,file,extensions # hint # audio formats which provoke https://trac.ffmpeg.org/ticket/10797 (huge ram usage for s3xmodit spectrograms) th-spec-cnv: a,very,long,list,of,file,extensions # hint # audio/image formats to decompress before passing to ffmpeg au-unpk: mdz=mod.zip, mdgz=mod.gz, mdxz=mod.xz, and so on ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// transcoding options \\000000000000000000000000000000000000000000000000000000000000000000\ # target bitrate for transcoding to opus; set 0 to disable q-opus: 128 # default # target quality for transcoding to mp3, for example [192k] (CBR) or [q0] (CQ/CRF, q0=maxquality, q9=smallest); set 0 to disable q-mp3: q2 # default # allow transcoding to wav (lossless, uncompressed) allow-wav # allow transcoding to flac (lossless, compressed) allow-flac # disable transcoding to caf-opus (affects iOS v12~v17), will use mp3 instead no-caf # disable transcoding to webm-opus (iOS v18 and later), will use mp3 instead no-owa # disable audio transcoding no-acode # disable batch audio transcoding by folder download (zip/tar) no-bacode # delete cached transcode output after SEC seconds ac-maxage: 86400 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// tailing options (realtime streaming of a growing file) \\0000000000000000000000000000000\ # who can tail? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access # πŸ“‚ also available as volflag "tail_who" tail-who: 2 # default # do not allow starting a new tail if more than N active downloads tail-cmax: 64 # default # terminate connection after SEC seconds; [0]=never # πŸ“‚ also available as volflag "tail_tmax" tail-tmax: 0 # default # check for new data every SEC seconds # πŸ“‚ also available as volflag "tail_rate" tail-rate: 0.2 # default # send a zerobyte if connection is idle for SEC seconds to prevent disconnect tail-ka: 3 # default # check if file was replaced (new fd) if idle for SEC seconds # πŸ“‚ also available as volflag "tail_fd" tail-fd: 1 # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// RSS options \\00000000000000000000000000000000000000000000000000000000000000000000000000\ # enable RSS output (experimental) # πŸ“‚ also available as volflag "rss" rss # default number of files to return (url-param 'nf') rss-nf: 250 # default # default list of file extensions to include (url-param 'fext'); blank=all rss-fext: mp3,opus # hint; default is unset # default sort order (url-param 'sort'); [m]=last-modified [u]=upload-time [n]=filename [s]=filesize; Uppercase=oldest-first. Note that upload-time is 0 for non-uploaded files rss-sort: m # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// general db options \\0000000000000000000000000000000000000000000000000000000000000000000\ # enable up2k database; this enables file search, upload-undo, improves deduplication e2d # scan writable folders for new files on startup; sets -e2d e2ds # scans all folders on startup; sets -e2ds e2dsa # verify file integrity; rehash all files and compare with db e2v # on hash mismatch: update the database with the new hash e2vu # on hash mismatch: panic and quit copyparty e2vp # where to store volume data (db, thumbs); default is a folder named ".hist" inside each volume # πŸ“‚ also available as volflag "hist" hist: PATH # placeholder; default is unset # override where the volume databases are to be placed; default is the same as --hist # πŸ“‚ also available as volflag "dbpath" dbpath: PATH # placeholder; default is unset # regex: disable hashing of matching absolute-filesystem-paths during e2ds folder scans # πŸ“‚ also available as volflag "nohash" no-hash: ^/mnt/nas/linux-isos/knoppix/ # regex: disable indexing of matching absolute-filesystem-paths during e2ds folder scans # πŸ“‚ also available as volflag "noidx" no-idx: ^/mnt/nas/logs/ # do not show total recursive size of folders in listings, show inode size instead; slightly faster # πŸ“‚ also available as volflag "nodirsz" no-dirsz # if the directory-sizes in the UI are bonkers, use this along with -e2dsa to rebuild the index from scratch re-dirsz # disable rescan acceleration; do full database integrity check -- makes the db ~5% smaller and bootup/rescans 3~10x slower no-dhash # force a cache rebuild on startup; enable this once if it gets out of sync (should never be necessary) re-dhash # never forget indexed files, even when deleted from disk -- makes it impossible to ever upload the same file twice -- only useful for offloading uploads to a cloud service or something # πŸ“‚ also available as volflag "noforget" no-forget # remove uploader-IP from database (and make unpost impossible) MIN minutes after upload, for GDPR reasons. Default [0] is never-forget. [1440]=day, [10080]=week, [43200]=month. # πŸ“‚ also available as volflag "forget_ip" forget-ip: 0 # default (disabled) # database durability profile; sets the tradeoff between robustness and speed, see --help-dbd # πŸ“‚ also available as volflag "dbd" dbd: wal # default # on upload: check all volumes for dupes, not just the target volume (probably buggy, not recommended) # πŸ“‚ also available as volflag "xlink" xlink # num cpu cores to use for file hashing; set 0 or 1 for single-core hashing hash-mt: 4 # default is autodetect but max 5 # rescan filesystem for changes every SEC seconds; 0=off # πŸ“‚ also available as volflag "scan" re-maxage: 0 # default # defer any scheduled volume reindexing until SEC seconds after last db write (uploads, renames, ...) db-act: 10 # default # search deadline -- terminate searches running for more than SEC seconds srch-time: 45 # default # max search results to allow clients to fetch; 125 results will be shown initially srch-hits: 7999 # default # regex: exclude files from search results if the file-URL matches PTN (case-sensitive) # πŸ“‚ also available as volflag "srch_excl" srch-excl: password|logs/[0-9] # hint (any URL containing 'password' or 'logs/DIGIT'), default is unset # show dotfiles in search results (volflags: dotsrch | nodotsrch) dotsrch ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// metadata db options \\000000000000000000000000000000000000000000000000000000000000000000\ # enable metadata indexing; makes it possible to search for artist/title/codec/resolution/... e2t # scan newly discovered files for metadata on startup; sets -e2t e2ts # delete all metadata from DB and do a full rescan; sets -e2ts e2tsr # use FFprobe for tags instead; will detect more tags no-mutagen # never use FFprobe as tag reader; is probably safer no-mtag-ff # timeout for FFprobe tag-scan mtag-to: 60 # default # num cpu cores to use for tag scanning mtag-mt: 4 # hint; default is autodetect # verbose tag scanning; print errors from mtp subprocesses and such mtag-v # debug mtp settings and mutagen/FFprobe parsers mtag-vv # REPEATABLE: add/replace metadata mapping mtm: qux=foo,bar # hint (clone metadata-key foo to qux with bar as fallback); default is unset # tags to index/display (comma-sep.); either an entire replacement list, or add/remove stuff on the default-list with +foo or /bar" mte: .files,circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,vc,ac,fmt,res,.fps,ahash,vhash # default # tags to hide by default (comma-sep.); assign/add/remove same as -mte" mth: .vq,.aq,vc,ac,fmt,res,.fps # default # REPEATABLE: read tag M using program BIN to parse the file mtp: .bpm=~/bin/audio-bpm.py # hint; default is unset mtp: key=f,t5,~/bin/audio-key.py ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// textfile options \\000000000000000000000000000000000000000000000000000000000000000000000\ # where to store old version of markdown files; [s]=subfolder, [v]=volume-histpath, [n]=nope/disabled # πŸ“‚ also available as volflag "md_hist" md-hist: s # default # the textfile editor will check for serverside changes every SEC seconds mcr: 60 # default # enable markdown plugins -- neat but dangerous, big XSS risk emp # enable textfile expansion -- replace {{self.ip}} and such; see --help-exp # πŸ“‚ also available as volflag "exp" exp # comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan # πŸ“‚ also available as volflag "exp_md" exp-md: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default # comma/space-separated list of placeholders to expand in prologue/epilogue files # πŸ“‚ also available as volflag "exp_lg" exp-lg: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default # regex of user-agents to reject from viewing documents through ?doc=[...]; disable with [no] or blank ua-nodoc: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// og / open graph / discord-embed options \\0000000000000000000000000000000000000000000000\ # disable hotlinking and return an html document instead; this is required by open-graph, but can also be useful on its own # πŸ“‚ also available as volflag "og" og # only disable hotlinking / engage OG behavior if the useragent matches regex RE # πŸ“‚ also available as volflag "og_ua" og-ua: (Discord|Twitter|Slack)bot # hint; default is unset # do not return the regular copyparty html, but instead load the jinja2 template at PATH (if path contains 'EXT' then EXT will be replaced with the requested file's extension) # πŸ“‚ also available as volflag "og_tpl" og-tpl: /var/copyparty/opengraph-EXT.j2 # hint; default is unset # do not automatically add OG entries into <head> (useful if you're doing this yourself in a template or such) # πŸ“‚ also available as volflag "og_no_head" og-no-head # thumbnail format; j=jpeg, jf=jpeg-uncropped, jf3=jpeg-uncropped-large, w=webm, ... # πŸ“‚ also available as volflag "og_th" og-th: jf3 # default # fallback title if there is nothing in the -e2t database # πŸ“‚ also available as volflag "og_title" og-title: HEY CHECK THIS OUT # hint; default is blank # audio title format; takes any metadata key # πŸ“‚ also available as volflag "og_title_a" og-title-a: 🎡 {{ artist }} - {{ title }} # default # video title format; takes any metadata key # πŸ“‚ also available as volflag "og_title_v" og-title-v: {{ title }} # default # image title format; takes any metadata key # πŸ“‚ also available as volflag "og_title_i" og-title-i: {{ title }} # default # force default title; do not read from tags # πŸ“‚ also available as volflag "og_s_title" og-s-title # description text; same for all files, disable with [-] # πŸ“‚ also available as volflag "og_desc" og-desc: bottom text # hint; default is blank # sitename; defaults to --name, disable with [-] # πŸ“‚ also available as volflag "og_site" og-site: dank memes # hint; default is blank which means it'll copy the `name` global-option # accent color (3 or 6 hex digits); may also affect safari and/or android-chrome # πŸ“‚ also available as volflag "tcolor" tcolor: 333 # default (copyparty gray) # query-string parceling; translate a request for /foo/.uqe/BASE64 into /foo?TEXT, or /foo/?TEXT if the first character in TEXT is a slash. Automatically enabled for --og uqe ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// ui options \\000000000000000000000000000000000000000000000000000000000000000000000000000\ # show grid/thumbnails by default # πŸ“‚ also available as volflag "grid" grid # select files in grid by ctrl-click # πŸ“‚ also available as volflag "gsel" gsel # default to local timezone instead of UTC localtime # language; one of the following: eng nor chi lang: eng # default # default theme to use (0..7) theme: 0 # default # number of themes installed themes: 8 # default # default audio/video volume percent au-vol: 50 # default; anything 0-100 # default sort order, comma-separated column IDs (see header tooltips), prefix with '-' for descending. Examples: href -href ext sz ts tags/Album tags/.tn # πŸ“‚ also available as volflag "sort" sort: href # default # default-enable natural sort of filenames with leading numbers # πŸ“‚ also available as volflag "nsort" nsort # number of sorting rules to include in media URLs by default # πŸ“‚ also available as volflag "hsortn" hsortn: 2 # default # default-enable seeing dotfiles; only takes effect if user has the necessary permissions see-dots # number of confirmations to show when deleting files (2/1/0) qdel: 2 # default # don't show files/folders matching REGEX in file list. WARNING: Purely cosmetic! Does not affect API calls, just the browser. Example: [\.(js|css)$] # πŸ“‚ also available as volflag "unlist" unlist: REGEX # placeholder # favicon-text [ foreground [ background ] ], set blank to disable favico: c 000 none # default # REPEATABLE: use thumbnail-image VP for file-extension E, example: [exe=/.res/exe.png] # πŸ“‚ also available as volflag "ext_th" ext-th: 7z=/.icons/archive.png # hint; default is unset ext-th: exe=/.icons/glass-of-red-liquid.png # emoji or emoji,css Example: [πŸ₯–,padding:0] spinner: 🌲 # default # URL to additional CSS to include in the filebrowser html css-browser: /.res/rice.css # hint; default is unset # URL to additional JS to include in the filebrowser html js-browser: /.res/mousetrail.js # hint; default is unset # URL to additional JS to include in all other pages js-other: /.res/snowflakes.jpg # hint; default is unset # text to append to the <head> of all HTML pages (except for basic-browser); can be @PATH to send the contents of a file at PATH, and/or begin with % to render as jinja2 template # πŸ“‚ also available as volflag "html_head" html-head: <script>alert(1);</script> # hint; default is unset # if a folder contains index.html, show that instead of the directory listing by default (can be changed in the client settings UI, or add ?v to URL for override) ih # file extensions to present as plaintext textfiles: txt,nfo,diz,cue,readme # default # max size of embedded textfiles on ?doc= (anything bigger will be lazy-loaded by JS) txt-max: 64 # default # title / service-name to show in html documents doctitle: copyparty @ --name # default (--name will copy from global-option `name`) # server name (displayed in filebrowser document title) bname: --name # default (copy global-option `name`) # powered-by link; disable with -nb pb-url: https://github.com/9001/copyparty # default # show version on the control panel (incompatible with -nb) ver # configure the option to enable/disable k304 on the controlpanel (workaround for buggy reverse-proxies); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on k304: 0 # default # configure the option to enable/disable no304 on the controlpanel (workaround for buggy caching in browsers); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on no304: 0 # default # list of capabilities to allow in the iframe 'sandbox' attribute for README.md docs (volflag=md_sbf); see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox md-sbf: downloads forms popups scripts top-navigation-by-user-activation # default # list of capabilities to allow in the iframe 'sandbox' attribute for prologue/epilogue docs # πŸ“‚ also available as volflag "lg_sbf" lg-sbf: downloads forms popups scripts top-navigation-by-user-activation # default # the value of the iframe 'allow' attribute for README.md docs, for example [fullscreen] # πŸ“‚ also available as volflag "md_sba" md-sba: fullscreen # hint; default is blank # the value of the iframe 'allow' attribute for prologue/epilogue docs (volflag=lg_sba); see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#iframes lg-sba: TXT # placeholder # don't sandbox README/PREADME.md documents (volflags: no_sb_md | sb_md) no-sb-md # don't sandbox prologue/epilogue docs (volflags: no_sb_lg | sb_lg); enables non-js support no-sb-lg ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// debug options \\000000000000000000000000000000000000000000000000000000000000000000000000\ # verbose config file parser (explain config) vc # generate config file from current config (best-effort; probably buggy) cgen # list information about detected optional dependencies deps # kernel-bug workaround: disable poll; use select instead (limits max num clients to ~700) no-poll # kernel-bug workaround: disable sendfile; do a safe and slow read-send-loop instead no-sendfile # kernel-bug workaround: disable scandir; do a listdir + stat on each file instead no-scandir # wait for initial filesystem indexing before accepting client requests no-fastboot # disable httpserver threadpool, create threads as-needed instead no-htp # when listening on unix-sockets, do a basic delete+bind instead of the default atomic bind rm-sck # explain search processing, and do some extra expensive sanity checks srch-dbg # use mdns-domain instead of server-ip on /?hc rclone-mdns # write stacktrace to Path every S second, for example --stackmon=./st/%Y-%m/%d/%H%M.xz,60 stackmon: P,S # placeholder # list active threads every SEC log-thrs: 0 # default # log filekey params for files where path matches REGEX; [.] (a single dot) = all files log-fk: /mnt/a-problematic-fuse/this-folder-breaks-filekeys/ # hint; default is unset # [up2k] if a client uploads a bitflipped/corrupted chunk, store a copy according to --bf-nc and --bf-dir bak-flips # bak-flips: stop if there's more than NUM files at --kf-dir already; default: 6.3 GiB max (200*32M) bf-nc: 200 # default # bak-flips: store corrupted chunks at PATH; default: folder named 'bf' wherever copyparty was started bf-dir: /srv/bitflips/ # hint; default = bf # bak-flips: log corruption info to a textfile at PATH bf-log: /srv/bitflips/the-history.txt # hint; default is unset ############################################################################################### ############################################################################################### ############################################################################################### ############################################################################################### ############################################################################################### ############################################################################################### #####/ ##### This is the end of the [global] config section ####/ [accounts] foo: bar # username foo, password bar [groups] g1: u1, u2, u3 # group "g1" with users u1, u2, and u3 [/the/url/to/share/this/volume/on/] /the/actual/filesystem/path/ accs: r: username_who_gets_Read_access w: username_who_gets_Write_access m: username_who_gets_Move_access d: username_who_gets_Delete_access .: username_who_can_see_Dotfiles g: username_who_gets_Get_access G: username_who_gets_upGet_access h: username_who_gets_html_access a: username_who_gets_admin_access A: username_who_gets_ReadWriteMoveDeleteDotfileAdmin_access rwm: @g1 # the group "g1" gets Read+Write+Move flags: ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// uploads, general \\000000000000000000000000000000000000000000000000000000000000000000000\ # enable symlink-based file deduplication dedup # enable hardlink-based file deduplication, with fallback on symlinks when that is impossible hardlink # dedup with hardlink only, never symlink; make a full copy if hardlink is impossible hardlinkonly # enable reflink-based file deduplication, with fallback on full copy when that is impossible reflink # verify on-disk data before using it for dedup safededup # take dupe data from clients, even if available on HDD noclone # rejects existing files (instead of linking/cloning them) nodupe # unix-permission for new dirs/folders chmod_d: 755 # unix-permission for new files chmod_f: 644 # change owner of new files/folders to unix-user 573 uid: 573 # change owner of new files/folders to unix-group 999 gid: 999 # force use of sparse files, mainly for s3-backed storage sparse # deny use of sparse files, mainly for slow storage nosparse # enable full WebDAV write support (dangerous); PUT-operations will now OVERWRITE existing files daw # forces all uploads into the top folder of the vfs nosub # enables filetype detection for nameless uploads magic # fallback filename for nameless uploads put_name # default checksum-hasher for PUT/WebDAV uploads put_ck # default checksum-hasher for bup/basic uploads bup_ck # allows server-side gzip compression of uploads with ?gz gz # allows server-side lzma compression of uploads with ?xz xz # forces server-side compression, optional arg: xz,9 pk ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// upload rules \\0000000000000000000000000000000000000000000000000000000000000000000000000\ # max 250 uploads over 15min maxn: 250,600 # max 1 GiB over 5min (suffixes: b, k, m, g, t) maxb: 1g,300 # total volume size max 1 GiB (suffixes: b, k, m, g, t) vmaxb: 1g # max 4096 files in volume (suffixes: b, k, m, g, t) vmaxn: 4k # return medialinks for non-up2k uploads (not hotlinks) medialinks # write-only users can upload logues without getting renamed wo_up_readme # force randomized filenames, 9 chars long by default rand # randomized filenames are N chars long nrand: N # overwrite existing files? 0=no 1=if-older 2=always u2ow: N # [f]orce [c]lient-last-modified or [u]pload-time u2ts: fc # allow aborting unfinished uploads? 0=no 1=strict 2=ip-chk 3=acct-chk u2abort: 1 # allow filesizes between 1 KiB and 3MiB sz: 1k-3m # ensure 1 GiB free disk space df: 1g ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// upload rotation -- (moves all uploads into the specified folder structure) \\00000000000\ # 3 levels of subfolders with 100 entries in each rotn: 100,3 # date-formatted organizing rotf: %Y-%m/%d-%H # uploads are deleted after 1 hour lifetime: 3600 ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// database, general \\00000000000000000000000000000000000000000000000000000000000000000000\ # enable database; makes files searchable + enables upload-undo e2d # scan writable folders for new files on startup; also sets -e2d e2ds # scans all folders for new files on startup; also sets -e2d e2dsa # enable multimedia indexing; makes it possible to search for tags e2t # scan existing files for tags on startup; also sets -e2t e2ts # delete all metadata from DB (full rescan); also sets -e2ts e2tsr # disables metadata collection for existing files d2ts # verify integrity on startup by hashing files and comparing to db e2v # when e2v fails, update the db (assume on-disk files are good) e2vu # when e2v fails, panic and quit copyparty e2vp # disables onboot indexing, overrides -e2ds* d2ds # disables metadata collection, overrides -e2t* d2t # disables file verification, overrides -e2v* d2v # disables all database stuff, overrides -e2* d2d # puts thumbnails and indexes at that location hist: /tmp/cdb # puts indexes at that location dbpath: /tmp/cdb # disable db if file foo doesn't exist landmark: foo # scan for new files every 60sec, same as --re-maxage scan: 60 # skips hashing file contents if path matches *.iso nohash: \.iso$ # fully ignores the contents at paths matching *.iso noidx: \.iso$ # don't forget files when deleted from disk noforget # forget uploader-IP after 30 days (GDPR) forget_ip: 43200 # never store uploader-IP in the db; disables unpost no_db_ip # avoid excessive reindexing on android sdcardfs fat32 # database speed-durability tradeoff dbd: [acid|swal|wal|yolo] # cross-volume dupe detection / linking (dangerous) xlink # do not descend into other filesystems xdev # do not follow symlinks leaving the volume root xvol # show dotfiles in search results dotsrch # hide dotfiles in search results (default) nodotsrch # exclude search results with URL matching this regex srch_excl # media-tags to index/display mte: artist,title # media-tags to hide by default mth: fmt,res,ac # uses the "audio-bpm.py" program to generate ".bpm" tags from uploads (f = overwrite tags) mtp: .bpm=f,audio-bpm.py # collects two tags at once mtp: ahash,vhash=media-hash.py ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// thumbnails \\000000000000000000000000000000000000000000000000000000000000000000000000000\ # disables all thumbnails dthumb # disables video thumbnails dvthumb # disables audio thumbnails (spectrograms) dathumb # disables image thumbnails dithumb # compress audio waveforms 33% better pngquant # thumbnail res; WxH thsize # center-cropping (y/n/fy/fn) crop # 3x resolution (y/n/fy/fn) th3x # conversion timeout in seconds convt # use /b.png as thumbnail for file-extension s ext_th: s=/b.png ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// handlers -- (better explained in --help-handlers) \\000000000000000000000000000000000000\ # handle 404s by executing PY file on404: ~/bin/hook.py # handle 403s by executing PY file on403: ~/bin/hook.py ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// event hooks -- (better explained in --help-hooks) \\000000000000000000000000000000000000\ # execute CMD before a file upload starts xbu: ~/bin/hook.py # execute CMD after a file upload finishes xau: ~/bin/hook.py # execute CMD after all uploads finish and volume is idle xiu: ~/bin/hook.py # execute CMD before a file copy xbc: ~/bin/hook.py # execute CMD after a file copy xac: ~/bin/hook.py # execute CMD before a file rename/move xbr: ~/bin/hook.py # execute CMD after a file rename/move xar: ~/bin/hook.py # execute CMD before a file delete xbd: ~/bin/hook.py # execute CMD after a file delete xad: ~/bin/hook.py # execute CMD on message xm: ~/bin/hook.py # execute CMD if someone gets banned xban: ~/bin/hook.py ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// client and ux \\000000000000000000000000000000000000000000000000000000000000000000000000\ # show grid/thumbnails by default grid # select files in grid by ctrl-click gsel # default sort order sort # natural-sort of leading digits in filenames nsort # number of sort-rules to add to media URLs hsortn # dont list files matching REGEX unlist # includes TXT in the <head>, or @PATH for file at PATH html_head: <script>alert(1);</script> # theme color (a hint for webbrowsers, discord, etc.) tcolor: #fc0 # don't show total folder size nodirsz # allows indexing by search engines (default) robots # kindly asks search engines to leave norobots # don't list read-access in controlpanel unlistcr # don't list write-access in controlpanel unlistcw # disable js sandbox for markdown files no_sb_md # disable js sandbox for prologue/epilogue no_sb_lg # enable js sandbox for markdown files (default) sb_md # enable js sandbox for prologue/epilogue (default) sb_lg # list of markdown-sandbox safeguards to disable md_sbf # list of *logue-sandbox safeguards to disable lg_sbf # value of iframe allow-prop for markdown-sandbox md_sba # value of iframe allow-prop for *logue-sandbox lg_sba # return html and markdown as text/html nohtml ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// opengraph (discord embeds) \\00000000000000000000000000000000000000000000000000000000000\ # enable OG (disables hotlinking) og # sitename; defaults to --name, disable with '-' og_site # description text for all files; disable with '-' og_desc # thumbnail format; j / jf / jf3 / w / w3 / ... og_th: jf # audio title format; default: {{ artist }} - {{ title }} og_title_a # video title format; default: {{ title }} og_title_v # image title format; default: {{ title }} og_title_i # fallback title if there's nothing in the db og_title: foo # force default title; do not read from tags og_s_title # custom html; see --og-tpl in --help og_tpl # you want to add tags manually with og_tpl og_no_head # if defined: only send OG html if useragent matches this regex og_ua ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// textfiles \\0000000000000000000000000000000000000000000000000000000000000000000000000000\ # where to put markdown backups; s=subfolder, v=volHist, n=nope md_hist # enable textfile expansion; see --help-exp exp # placeholders to expand in markdown files; see --help exp_md # placeholders to expand in prologue/epilogue; see --help exp_lg ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// tailing \\000000000000000000000000000000000000000000000000000000000000000000000000000000\ # disable ?tail (download a growing file continuously) notail # check if file was replaced (new fd) every 1 sec tail_fd: 1 # check for new data every 0.2 sec tail_rate: 0.2 # kill connection after 30 sec tail_tmax: 30 # restrict ?tail access (1=admins,2=authed,3=everyone) tail_who: 2 ###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\ ###// others \\0000000000000000000000000000000000000000000000000000000000000000000000000000000\ # allow all users with read-access to enable the option to show dotfiles in listings dots # generates per-file accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes fk: 8 # generates slightly weaker per-file accesskeys, which are then required at the "g" permission; not affected by filesize or inode numbers fka: 8 # generates per-directory accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes dk: 8 # per-directory accesskeys allow browsing into subdirs dks # allow seeing files (not folders) inside a specific folder with "g" perm, and does not require a valid dirkey to do so dky # allow '?rss' URL suffix (experimental) rss # expensive analysis for mimetype accuracy rmagic # restrict viewing the list of recent uploads ups_who: 2 # restrict access to download-as-zip/tar zip_who: 2 # reject download-as-zip if more than 9000 files zipmaxn: 9k # reject download-as-zip if size over 2 GiB zipmaxs: 2g # reply with 'no' if download-as-zip exceeds max zipmaxt: no # zip-size-limit does not apply to authenticated users zipmaxu # disable race-the-beam (download unfinished uploads) nopipe # ms-windows: timeout for renaming busy files mv_retry # ms-windows: timeout for deleting busy files rm_retry # ask webdav clients to login for all folders davauth # show lastmod time of symlink destination, not the link itself (note: this option is always enabled for recursive listings) davrt