mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-10-31 04:32:20 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
copyparty/docs/chungus.conf
Adam R. Nelson 0177a9b402
Add RAW file thumbnailing support via rawpy (#567) 
* add RAW image file types to mimetype list
* add RAW thumbnailer via rawpy

---------

Signed-off-by: Adam R. Nelson <adam@nels.onl>
Signed-off-by: ed <s@ocv.me>
2025-08-11 17:28:01 +00:00

2142 lines
79 KiB
YAML
Raw Blame History

# not actually YAML but lets pretend:
# -*- mode: yaml -*-
# vim: ft=yaml:
## this config-file does not make any sense at all, and will not work anywhere
##
## it is a nearly-complete example of every config option and how each can be used,
## but will NOT be maintained, it's just to get a feel for how the config works
##
## this file was initially generated by and based on:
## cat copyparty/__main__.py | awk -F\" -vp1=$(printf %090d 0) '/arse.SUPPRE/{next}/add_argument_group/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};{m=""}/metavar=/{m=": "$4}/add_argument\(/{h=$0;sub(/.*, help="/,"",h);sub(/"\)$/,"",h);k=$2;sub(/^-+/,"",k);printf"\n # %s\n %s%s\n",h,k,m}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/;s/\\033\[[^m]*[0-9]m//g;s/ \(volflag=([^)]+)\)$/\n # 📂 also available as volflag "\1"/' | xsel -ib
## grep -A9001 ^flagcats copyparty/cfg.py | grep -B9001 ^flagdescs | awk -F\" -vp1=$(printf %090d 0) '/^ "/{printf"\n ###%s\\\n ###// %s \\\\%s\n",p1,$2,p1};/^ [^ ]/{k=$0;h=$0;sub(/^ +./,"",k);sub(/.: .*/,"",k);sub(/[^:]+: ./,"",h);sub(/.,$/,"",h);sub(/=/,": ",k);printf"\n # %s\n %s\n",h,k}' | sed -r 's/^( ###\/\/ .{88})0+/\1\\/;s/([^#]{40}) +/\1/' | xsel -ib
[global]
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// general options \\0000000000000000000000000000000000000000000000000000000000000000000000\
# REPEATABLE: add a config file; add multiple by repeating the option
c: /etc/some.conf
c: /etc/another.conf
# max num clients; will not accept more http/https connections at this point
nc: 1024
# max num cpu cores, 0=all, 1=default=recommended
j: 4
# enable the ?dots url parameter / client option which allows clients to see dotfiles / hidden files
# 📂 also available as volflag "dots"
ed
# how to handle url-form POSTs; see --help-urlform
urlform: save,get
# server terminal title, for example [$ip-10.1.2.] or [$ip-]
wintitle: $ip-10.1.2.
# server name (displayed topleft in browser and in mDNS)
name: mogra
# REPEATABLE: map file EXTension to MIMEtype, for example [jpg=image/jpeg]
mime: qoi=image/x-qoi
mime: adf=application/x-amiga-disk-format
# list default mimetype mapping and exit
mimes
# do expensive analysis to improve accuracy of returned mimetypes; will make file-downloads, rss, and webdav slower
# 📂 also available as volflag "rmagic"
rmagic
# show licenses and exit
license
# show versions and exit
version
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// qr options \\000000000000000000000000000000000000000000000000000000000000000000000000000\
# show http:// QR-code on startup
qr
# show https:// QR-code on startup
qrs
# location to include in the url, for example [priv/?pw=hunter2]
qrl: uploads/?pw=okletsgo # hint
# select IP which starts with PREFIX; [.] to force default IP when mDNS URL would have been used instead
qri: 192.168. # hint
# foreground; try [0] if the qr-code is unreadable
qr-fg: 46 # hint; default=0=black
# background (white=255)
qr-bg: 92 # hint; default=229=parchment
# padding (spec says 4 or more, but 1 is usually fine)
qrp: 2 # hint
# [1]=1x, [2]=2x, [0]=auto (try [2] on broken fonts)
qrz: 2 # hint
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// filesystem options \\0000000000000000000000000000000000000000000000000000000000000000000\
# if a file cannot be deleted because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0
# 📂 also available as volflag "rm_retry"
rm-retry: 15/0.1 # default on windows; 0 on unix
# if a file cannot be renamed because it is busy, continue trying for T seconds, retry every R seconds; disable with 0/0
# 📂 also available as volflag "mv_retry"
mv-retry: 15/0.1 # default on windows; 0 on unix
# file I/O buffer-size; if your volumes are on a network drive, try increasing to 524288 or even 4194304 (and let me know if that improves your performance)
iobuf: 262144 # default
# rebuild mountpoint cache every SEC to keep track of sparse-files support; keep low on servers with removable media
mtab-age: 60 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// share-url options \\00000000000000000000000000000000000000000000000000000000000000000000\
# toplevel virtual folder for shared files/folders, for example [/share]
shr: /shares # hint; default is unset
# database to store shares in
shr-db: $XDG_CONFIG_PATH/.copyparty/shares.db # default (and yes, $ENV will expand in configs)
# comma-separated list of users allowed to view/delete any share
shr-adm: ame,same # hint
# shares can be revived by their owner if they expired less than MIN minutes ago; [60]=hour, [1440]=day, [10080]=week
shr-rt: 1440 # default
# debug
shr-v
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// upload options \\00000000000000000000000000000000000000000000000000000000000000000000000\
# dotfile incomplete uploads, hiding them from clients unless -ed
dotpart
# when avoiding filename collisions by appending the uploader's ip to the filename: append the plaintext ip instead of salting and hashing the ip
plain-ip
# filename for nameless uploads (when uploader doesn't provide a name); default is [put-UNIXTIME-IP.bin] (the .6f means six decimal places)
# 📂 also available as volflag "put_name"
put-name: put-{now.6f}-{cip}.bin # default
# default checksum-hasher for PUT/WebDAV uploads: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s
# 📂 also available as volflag "put_ck"
put-ck: sha512 # default
# default checksum-hasher for bup/basic-uploader: no / md5 / sha1 / sha256 / sha512 / b2 / blake2 / b2s / blake2s
# 📂 also available as volflag "bup_ck"
bup-ck: sha512 # default
# grace period where uploads can be deleted by the uploader, even without delete permissions; 0=disabled, default=12h
unpost: 43200 # default (12h)
# clients can abort incomplete uploads by using the unpost tab (requires -e2d). [0] = never allowed (disable feature), [1] = allow if client has the same IP as the upload AND is using the same account, [2] = just check the IP, [3] = just check account-name
# 📂 also available as volflag "u2abort"
u2abort: 1 # default
# file write grace period (any client can write to a blank file last-modified more recently than SEC seconds ago)
blank-wt: 300 # default
# max number of uploads to keep in memory when running without -e2d; roughly 1 MiB RAM per 600
reg-cap: 38400 # default
# disable file-handle pooling -- instead, repeatedly close and reopen files during upload (bad idea to enable this on windows and/or cow filesystems)
no-fpool
# force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...)
use-fpool
# unix file permissions to use when creating files; default is probably 644 (OS-decided), see --help-chmod. Examples: [644] = owner-RW + all-R, [755] = owner-RWX + all-RX, [777] = full-yolo
# 📂 also available as volflag "chmod_f"
chmod-f: 644 # hint; default is unset
# unix file permissions to use when creating directories; see --help-chmod. Examples: [755] = owner-RW + all-R, [777] = full-yolo
# 📂 also available as volflag "chmod_d"
chmod-d: 755 # default
# unix user-id to chown new files/folders to; default = -1 = do-not-change
# 📂 also available as volflag "uid"
uid: 1000 # hint
# unix group-id to chown new files/folders to; default = -1 = do-not-change
# 📂 also available as volflag "gid"
gid: 573 # hint
# enable symlink-based upload deduplication
# 📂 also available as volflag "dedup"
dedup
# how careful to be when deduplicating files; [1] = just verify the filesize, [50] = verify file contents have not been altered
# 📂 also available as volflag "safededup"
safe-dedup: 50 # default
# enable hardlink-based dedup; will fallback on symlinks when that is impossible (across filesystems)
# 📂 also available as volflag "hardlink"
hardlink
# do not fallback to symlinks when a hardlink cannot be made
# 📂 also available as volflag "hardlinkonly"
hardlink-only
# enable reflink-based dedup; will fallback on full copies when that is impossible (non-CoW filesystem)
# 📂 also available as volflag "reflink"
reflink
# reject duplicate files during upload; only matches within the same volume
# 📂 also available as volflag "nodupe"
no-dupe
# do not use existing data on disk to satisfy dupe uploads; reduces server HDD reads in exchange for much more network load
# 📂 also available as volflag "noclone"
no-clone
# disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually
no-snap
# write upload state to ./hist/up2k.snap every SEC seconds; allows resuming incomplete uploads after a server crash
snap-wri: 300 # default
# forget unfinished uploads after MIN minutes; impossible to resume them after that (360=6h, 1440=24h)
snap-drop: 1440 # default
# how to timestamp uploaded files; [c]=client-last-modified, [u]=upload-time, [fc]=force-c, [fu]=force-u
# 📂 also available as volflag "u2ts"
u2ts: c # default
# force randomized filenames, --nrand chars long
# 📂 also available as volflag "rand"
rand
# randomized filenames length
# 📂 also available as volflag "nrand"
nrand: 9 # default
# enable filetype detection on nameless uploads
# 📂 also available as volflag "magic"
magic
# ensure GiB free disk space by rejecting upload requests; assumes gigabytes unless a unit suffix is given: [256m], [4], [2T]
# 📂 also available as volflag "df"
df: 4 # hint; default=0
# windows-only: minimum size of incoming uploads through up2k before they are made into sparse files
sparse: 4 # default
# configure turbo-mode in up2k client; [-1] = forbidden/always-off, [0] = default-off and warn if enabled, [1] = default-off, [2] = on, [3] = on and disable datecheck
turbo: 0 # default
# when to use a wasm-hasher instead of the browser's builtin; faster on chrome, but buggy in older chrome versions. [0] = only when necessary (non-https), [1] = always (all browsers), [2] = always on chrome/firefox, [3] = always on chrome, [N] = chrome-version N and newer (recommendation: 137)
nosubtle: 0 # default
# web-client: number of file chunks to upload in parallel; 1 or 2 is good when latency is low (same-country), 2~4 for android-clients, 2~6 for cross-atlantic. Max is 6 in most browsers. Big values increase network-speed but may reduce HDD-speed
u2j: 2 # default
# web-client: default upload chunksize (MiB); sets min,default,max in the settings gui. Each HTTP POST will aim for default, and never exceed max. Cloudflare max is 96. Big values are good for cross-atlantic but may increase HDD fragmentation on some FS. Disable this optimization with [1,1,1]
u2sz: 1,64,96 # default
# web-client: default setting for when to replace/overwrite existing files; [0]=never, [1]=if-client-newer, [2]=always
# 📂 also available as volflag "u2ow"
u2ow: 0 # default
# upload order; [s]=smallest-first, [n]=alphabetical, [fs]=force-s, [fn]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine
u2sort: s # default
# write POST reports to textfiles in working-directory
write-uplog
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// network options \\0000000000000000000000000000000000000000000000000000000000000000000000\
# IPs and/or unix-sockets to listen on, COMMA-SEPARATED LIST (see --help-bind). Default: all IPv4 and IPv6
i: 192.168.0.1,::1,unix:770:www:/dev/shm/party.sock # hint; default=::
# ports to listen on (comma/range); ignored for unix-sockets
p: 3923,4001-4005 # hint; default=3923
# include link-local IPv4/IPv6 in mDNS replies, even if the NIC has routable IPs (breaks some mDNS clients)
ll
# which ip to associate clients with; [0]=tcp, [1]=origin (first x-fwd, unsafe), [2]=outermost-proxy, [3]=second-proxy, [-1]=closest-proxy
rproxy: 1 # default
# if reverse-proxied, which http header to read the client's real ip from
xff-hdr: x-forwarded-for # default
# list of trusted reverse-proxy CIDRs (comma-separated); only accept the real-ip header (--xff-hdr) and IdP headers if the incoming connection is from an IP within either of these subnets. Specify [lan] to allow all LAN / private / non-internet IPs. Can be disabled with [any] if you are behind cloudflare (or similar) and are using --xff-hdr=cf-connecting-ip (or similar)
xff-src: 127.0.0.0/8, ::1/128 # default
# only accept connections from IP-addresses inside CIDR (comma-separated); examples: [lan] or [10.89.0.0/16, 192.168.33.0/24]
ipa: 10.89.0.0/16, 192.168.33.0/24 # hint; default is unset
# if reverse-proxying on a location instead of a dedicated domain/subdomain, provide the base location here; example: [/foo/bar]
rp-loc: /files # hint; default is unset
# set reuseaddr on listening sockets on windows; allows rapid restart of copyparty at the expense of being able to accidentally start multiple instances
reuseaddr
# allow listening on IPs which do not yet exist, for example if the network interfaces haven't finished going up. Only makes sense for IPs other than '0.0.0.0', '127.0.0.1', '::', and '::1'. May require running as root (unless net.ipv6.ip_nonlocal_bind)
freebind
# write list of listening-on ip:port to textfile at PATH when http-servers have started
wr-h-eps: /dev/shm/listening-on.txt # hint; default is unset
# write list of accessible-on ip:port to textfile at PATH when http-servers have started
wr-h-aon: /dev/shm/accessible-on.txt # hint; default is unset
# socket timeout (read request header)
s-thead: 120 # default
# socket timeout (read/write request/response bodies). Use 60 on fast servers (default is extremely safe). Disable with 0 if reverse-proxied for a 2% speed boost
s-tbody: 128 # default
# socket read size in bytes (indirectly affects filesystem writes; recommendation: keep equal-to or lower-than --iobuf)
s-rd-sz: 262144 # default
# socket write size in bytes
s-wr-sz: 262144 # default
# debug: socket write delay in seconds
s-wr-slp: 0 # default
# debug: response delay in seconds
rsp-slp: 0 # default
# debug: response delay, random duration 0..SEC
rsp-jtr: 0 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// SSL/TLS options \\0000000000000000000000000000000000000000000000000000000000000000000000\
# disable ssl/tls -- force plaintext
http-only
# disable plaintext -- force tls
https-only
# path to file containing a concatenation of TLS key and certificate chain
cert: $XDG_CONFIG_PATH/.copyparty/cert.pem # default
# set allowed ssl/tls versions; [help] shows available versions; default is what your python version considers safe
ssl-ver: ssl3,tls10 # hint; default is unset
# set allowed ssl/tls ciphers; [help] shows available ciphers
ciphers: xtea,rot13 # hint; default is unset
# dump some tls info
ssl-dbg
# log master secrets for later decryption in wireshark
ssl-log: /mnt/stash/gotem.log # hint; default is unset
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// TLS certificate generator options \\0000000000000000000000000000000000000000000000000000\
# disable automatic certificate creation
no-crt
# comma-separated list of FQDNs (domains) to add into the certificate
crt-ns: example.com,fileshare.nasa.gov
# do not add wildcard entries for each --crt-ns
crt-exact
# do not add autodetected IP addresses into cert
crt-noip
# do not add 127.0.0.1 / localhost into cert
crt-nolo
# do not add mDNS names / hostname into cert
crt-nohn
# where to save the CA cert
crt-dir: $XDG_CONFIG_PATH/.copyparty/ # default
# ca-certificate expiration time in days
crt-cdays: 3650 # default
# server-cert expiration time in days
crt-sdays: 365 # default
# CA/server-cert common-name
crt-cn: partyco # default
# override CA name
crt-cnc: --crt-cn # default = copy the above
# override server-cert name
crt-cns: --crt-cnc # default = copy the above
# backdate in hours
crt-back: 72 # default
# algorithm and keysize; one of these: ecdsa-256 rsa-4096 rsa-2048
crt-alg: ecdsa-256 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// IdP / identity provider / user authentication options \\00000000000000000000000000000000\
# bypass the copyparty authentication checks if the request-header HN contains a username to associate the request with (for use with authentik/oauth/...)
# └─WARNING: if you enable this, make sure clients are unable to specify this header themselves; must be washed away and replaced by a reverse-proxy
idp-h-usr: idp-username # hint; default is unset
# assume the request-header HN contains the groupname of the requesting user; can be referenced in config files for group-based access control
idp-h-grp: idp-groups # hint; default is unset
# optional but recommended safeguard; your reverse-proxy will insert a secret header named HN into all requests, and the other IdP headers will be ignored if this header is not present
idp-h-key: supersecretmagicword # hint; default is unset
# if there are multiple groups in --idp-h-grp, they are separated by one of the characters in RE
idp-gsep: |:;+, # default
# where to store the known IdP users/groups (if you run multiple copyparty instances, make sure they use different DBs)
idp-db: $XDG_CONFIG_PATH/.copyparty/idp.db # default
# how to use --idp-db; [0] = entirely disable, [1] = write-only (effectively disabled), [2] = remember users, [3] = remember users and groups.
# └─NOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP
idp-store: 1 # default
# comma-separated list of users allowed to use /?idp (the cache management UI)
idp-adm: ben,jerry # hint; default is unset
# generate a session-token for IdP users which is written to cookie cppws (or cppwd if plaintext), to reduce the load on the IdP server, lifetime S seconds.
# └─note: The expiration time is a client hint only; the actual lifetime of the session-token is infinite (until next restart with --ses-db wiped)
idp-cookie: 600 # hint; default=0=disabled
# disable basic-authentication support; do not accept passwords from the 'Authenticate' header at all. NOTE: This breaks support for the android app
no-bauth
# keeps basic-authentication enabled, but only as a last-resort; if a cookie is also provided then the cookie wins
bauth-last
# where to store the sessions database (if you run multiple copyparty instances, make sure they use different DBs)
ses-db: $XDG_CONFIG_PATH/.copyparty/sessions.db # default
# session key length; default is 120 bits ((20//4)*4*6)
ses-len: 20
# disable sessions; use plaintext passwords in cookies
no-ses
# REPEATABLE: users with IP matching CIDR are auto-authenticated as username USR; example: [172.16.24.0/24=dave]
ipu: CIDR=USR # placeholder
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// user-changeable passwords options \\0000000000000000000000000000000000000000000000000000\
# allow users to change their own passwords
chpw
# REPEATABLE: do not allow password-changes for this comma-separated list of usernames
chpw-no: ole,dole,doffen # hint; default is unset
# where to store the passwords database (if you run multiple copyparty instances, make sure they use different DBs)
chpw-db: $XDG_CONFIG_PATH/.copyparty/chpw.json
# minimum password length
chpw-len: 8 # default
# verbosity of summary on config load [0] = nothing at all, [1] = number of users, [2] = list users with default-pw, [3] = list all users
chpw-v: 2 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// Zeroconf options \\000000000000000000000000000000000000000000000000000000000000000000000\
# enable all zeroconf backends (mdns, ssdp)
z
# enable zeroconf ONLY on the comma-separated list of subnets and/or interface names/indexes
# └─example: eth0, wlo1, virhost0, 192.168.123.0/24, fd00:fda::/96
z-on: NETS # placeholder; default is unset
# disable zeroconf on the comma-separated list of subnets and/or interface names/indexes
z-off: NETS # placeholder; default is unset
# check for network changes every SEC seconds (0=disable)
z-chk: 10 # default
# verbose all zeroconf backends
zv
# rejoin multicast groups every SEC seconds (workaround for some switches/routers which cause mDNS to suddenly stop working after some time); try [300] or [180]
# └─note: can be due to firewalls; make sure UDP port 5353 is open in both directions (on clients too)
mc-hop: 0 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// Zeroconf-mDNS options; also see --help-zm \\00000000000000000000000000000000000000000000\
# announce the enabled protocols over mDNS (multicast DNS-SD) -- compatible with KDE, gnome, macOS, ...
zm
# enable mDNS ONLY on the comma-separated list of subnets and/or interface names/indexes
zm-on: NETS # placeholder; default is unset
# disable mDNS on the comma-separated list of subnets and/or interface names/indexes
zm-off: NETS # placeholder; default is unset
# IPv4 only -- try this if some clients can't connect
zm4
# IPv6 only
zm6
# verbose mdns
zmv
# verboser mdns
zmvv
# mute parser errors (invalid incoming MDNS packets)
zm-no-pe
# disable workaround for avahi-bug #379 (corruption in Avahi's mDNS reflection feature)
zm-nwa-1
# list of services to announce -- d=webdav h=http f=ftp s=smb -- lowercase=plaintext uppercase=TLS -- default: all enabled services except http/https (Ddfs if --ftp and --smb is set, Dd otherwise)
zms: dhf # probably default
# link a specific folder for webdav shares
zm-ld: /public/stuff # hint; default is unset (webroot)
# link a specific folder for http shares
zm-lh: /public/stuff # hint; default is unset (webroot)
# link a specific folder for ftp shares
zm-lf: /public/stuff # hint; default is unset (webroot)
# link a specific folder for smb shares
zm-ls: /public/stuff # hint; default is unset (webroot)
# merge NICs which share subnets; assume that same subnet means same network
zm-mnic
# merge subnets on each NIC -- always enabled for ipv6 -- reduces network load, but gnome-gvfs clients may stop working, and clients cannot be in subnets that the server is not
zm-msub
# disable NSEC replies -- try this if some clients don't see copyparty
zm-noneg
# send unsolicited announce every SEC; useful if clients have IPs in a subnet which doesn't overlap with the server, or to avoid some firewall issues
zm-spam: 0 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// Zeroconf-SSDP options \\0000000000000000000000000000000000000000000000000000000000000000\
# announce the enabled protocols over SSDP -- compatible with Windows
zs
# enable SSDP ONLY on the comma-separated list of subnets and/or interface names/indexes
zs-on: NETS # placeholder; default is unset
# disable SSDP on the comma-separated list of subnets and/or interface names/indexes
zs-off: NETS # placeholder; default is unset
# verbose SSDP
zsv
# location to include in the url (or a complete external URL), for example [priv/?pw=hunter2] (goes directly to /priv/ with password hunter2) or [?hc=priv&pw=hunter2] (shows mounting options for /priv/ with password)
zsl: /?hc # default
# USN (device identifier) to announce
zsid: UUID # placeholder; default is an autogenerated UUID
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// FTP options (TCP only) \\000000000000000000000000000000000000000000000000000000000000000\
# enable FTP server on PORT, for example 3921
ftp: 3921 # hint; default is unset
# enable FTPS server on PORT, for example 3990
ftps: 3990 # hint; default is unset
# verbose
ftpv
# only listen on IPv4
ftp4
# only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24]
ftp-ipa: CIDR # placeholder
# if target file exists, reject upload instead of overwrite
ftp-no-ow
# grace period for resuming interrupted uploads (any client can write to any file last-modified more recently than SEC seconds ago)
ftp-wt: 7 # default
# the NAT address to use for passive connections
ftp-nat: 192.168.1.13 # hint; default is unset
# the range of TCP ports to use for passive connections, for example 12000-13000
ftp-pr: 12000-12099 # hint; default is unset
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// WebDAV options \\00000000000000000000000000000000000000000000000000000000000000000000000\
# enable full write support, even if client may not be webdav. WARNING: This has side-effects -- PUT-operations will now OVERWRITE existing files, rather than inventing new filenames to avoid loss of data. You might want to instead set this as a volflag where needed. By not setting this flag, uploaded files can get written to a filename which the client does not expect (which might be okay, depending on client)
daw
# allow depth:infinite requests (recursive file listing); extremely server-heavy but required for spec compliance -- luckily few clients rely on this
dav-inf
# disable apple-garbage filter -- allow macos to create junk files (._* and .DS_Store, .Spotlight-*, .fseventsd, .Trashes, .AppleDouble, __MACOS)
dav-mac
# show symlink-destination's lastmodified instead of the link itself; always enabled for recursive listings
# 📂 also available as volflag "davrt"
dav-rt
# force auth for all folders (required by davfs2 when only some folders are world-readable)
# 📂 also available as volflag "davauth"
dav-auth
# regex of tricky user-agents which expect 401 from GET requests; disable with [no] or blank
dav-ua1: kioworker/ # default (KDE)
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// TFTP options (UDP only) \\00000000000000000000000000000000000000000000000000000000000000\
# enable TFTP server on PORT, for example 69 or 3969
tftp: 3969 # hint; default is unset
# only listen on IPv4
tftp4
# verbose
tftpv
# verboser
tftpvv
# debug: disable optimizations
tftp-no-fast
# return a directory listing if a file with this name is requested and it does not exist; defaults matches .ls, dir, .dir.txt, ls.txt, ...
tftp-lsf: \.?(dir|ls)(\.txt)? # default
# if someone tries to download a directory, return an error instead of showing its directory listing
tftp-nols
# only accept connections from IP-addresses inside CIDR (comma-separated); specify [any] to disable inheriting --ipa. Examples: [lan] or [10.89.0.0/16, 192.168.33.0/24]
tftp-ipa: CIDR # placeholder
# the range of UDP ports to use for data transfer, for example 12000-13000
tftp-pr: 12100-12199 # hint; default is unset
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// SMB/CIFS options \\000000000000000000000000000000000000000000000000000000000000000000000\
# enable smb (read-only) -- this requires running copyparty as root on linux and macos unless --smb-port is set above 1024 and your OS does port-forwarding from 445 to that.
# └─WARNING: this protocol is DANGEROUS and buggy! Never expose to the internet!
smb
# enable write support (please dont)
smbw
# disable SMBv2, only enable SMBv1 (CIFS)
smb1
# port to listen on -- if you change this value, you must NAT from TCP:445 to this port using iptables or similar
smb-port: 445 # default
# truncate directory listings to 64kB (~400 files); avoids impacket-0.11 bug, fixes impacket-0.12 performance
smb-nwa-1
# disable impacket workaround for filecopy globs
smb-nwa-2
# small performance boost: disable per-account permissions, enables account coalescing instead (if one user has write/delete-access, then everyone does)
smba
# verbose
smbv
# verboser
smbvv
# verbosest
smbvvv
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// handlers (see --help-handlers) \\0000000000000000000000000000000000000000000000000000000\
# REPEATABLE: handle 404s by executing PY file
on404: ~/bin/on404.py # hint; default is unset
on404: ~/bin/on404season2.py
# REPEATABLE: handle 403s by executing PY file
on403: ~/bin/on403.py # hint; default is unset
# recompile handlers on each request -- expensive but convenient when hacking on stuff
hot-handlers
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// event hooks (see --help-hooks) \\0000000000000000000000000000000000000000000000000000000\
# REPEATABLE: execute CMD before a file upload starts
xbu: ~/bin/execute-before-upload.py # hint; default is unset
# REPEATABLE: execute CMD after a file upload finishes
xau: ~/bin/execute-after-upload.py # hint; default is unset
# REPEATABLE: execute CMD after all uploads finish and volume is idle
xiu: ~/bin/execute-idle-upload.py # hint; default is unset
# REPEATABLE: execute CMD before a file copy
xbc: ~/bin/execute-before-copy.py # hint; default is unset
# REPEATABLE: execute CMD after a file copy
xac: ~/bin/execute-after-copy.py # hint; default is unset
# REPEATABLE: execute CMD before a file move/rename
xbr: ~/bin/execute-before-rename.py # hint; default is unset
# REPEATABLE: execute CMD after a file move/rename
xar: ~/bin/execute-after-rename.py # hint; default is unset
# REPEATABLE: execute CMD before a file delete
xbd: ~/bin/execute-before-delete.py # hint; default is unset
# REPEATABLE: execute CMD after a file delete
xad: ~/bin/execute-after-delete.py # hint; default is unset
# REPEATABLE: execute CMD on message
xm: ~/bin/execute-on-message.py # hint; default is unset
# REPEATABLE: execute CMD if someone gets banned (pw/404/403/url)
xban: ~/bin/execute-on-ban.py # hint; default is unset
# verbose hooks
hook-v
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// grafana/prometheus metrics endpoint \\00000000000000000000000000000000000000000000000000\
# enable openmetrics at /.cpr/metrics for admin accounts
stats
# disable disk-space metrics (used/free space)
nos-hdd
# disable volume size metrics (num files, total bytes, vmaxb/vmaxn)
nos-vol
# disable volume state metrics (indexing, analyzing, activity)
nos-vst
# disable dupe-files metrics (good idea; very slow)
nos-dup
# disable unfinished-uploads metrics
nos-unf
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// yolo options \\0000000000000000000000000000000000000000000000000000000000000000000000000\
# disable csrf protections; let other domains/sites impersonate you through cross-site requests
allow-csrf
# allow cookies from other domains (if you follow a link from another website into your server, you will arrive logged-in); this reduces protection against CSRF
cookie-lax
# permit ?move=[...] and ?delete as GET
getmod
# allow users with write-only access to upload logues and readmes without adding the _wo_ filename prefix
# 📂 also available as volflag "wo_up_readme"
wo-up-readme
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// opt-outs \\00000000000000000000000000000000000000000000000000000000000000000000000000000\
# never write anything to disk (debug/benchmark)
nw
# do not disable quick-edit-mode on windows (it is disabled to avoid accidental text selection in the terminal window, as this would pause execution)
keep-qem
# disable webdav support
no-dav
# disable delete operations
no-del
# disable move/rename operations
no-mv
# disable copy operations
no-cp
# no title hostname; don't show --name in <title>
nth
# no info hostname -- don't show in UI
nih
# no info disk-usage -- don't show in UI
nid
# no powered-by-copyparty branding in UI
nb
# reject download-as-zip if more than N files in total; optionally takes a unit suffix: [256], [9K], [4G]
# 📂 also available as volflag "zipmaxn"
zipmaxn: N # placeholder; default is unset
# reject download-as-zip if total download size exceeds SZ bytes; optionally takes a unit suffix: [256M], [4G], [2T]
# 📂 also available as volflag "zipmaxs"
zipmaxs: SZ # placeholder; default is unset
# custom errormessage when download size exceeds max
# 📂 also available as volflag "zipmaxt"
zipmaxt: TXT # placeholder; default is unset
# authenticated users bypass the zip size limit
# 📂 also available as volflag "zipmaxu"
zipmaxu
# who can download as zip/tar? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access (volflag=zip_who)
# └─WARNING: if a nested volume has a more restrictive value than a parent volume, then this will be ignored if the download is initiated from the parent, more lenient volume
zip-who: 3 # default
# regex of user-agents to reject from download-as-zip/tar; disable with [no] or blank
ua-nozip: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default
# disable download as zip/tar; same as --zip-who=0
no-zip
# disable download as compressed tar (?tar=gz, ?tar=bz2, ?tar=xz, ?tar=gz:9, ...)
no-tarcmp
# do not allow clients (or server config) to schedule an upload to be deleted after a given time
no-lifetime
# disable race-the-beam (lockstep download of files which are currently being uploaded)
# 📂 also available as volflag "nopipe"
no-pipe
# disable streaming a growing files with ?tail
# 📂 also available as volflag "notail"
no-tail
# do not write uploader-IP into the database; will also disable unpost, you may want --forget-ip instead
# 📂 also available as volflag "no_db_ip"
no-db-ip
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// safety options \\00000000000000000000000000000000000000000000000000000000000000000000000\
# increase safety: Disable thumbnails / potentially dangerous software (ffmpeg/pillow/vips), hide partial uploads, avoid crawlers.
# └─Alias of --dotpart --no-thumb --no-mtag-ff --no-robots --force-js
s
# further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s.
# └─Alias of -s --unpost=0 --no-del --no-mv --hardlink --vague-403 -nih
ss
# further increase safety: Enable logging to disk, scan for dangerous symlinks.
# └─Alias of -ss --no-dav --no-logues --no-readme -lo=cpp-%Y-%m%d-%H%M%S.txt.xz --ls=**,*,ln,p,r
sss
# do a sanity/safety check of all volumes on startup; arguments USER,VOL,FLAGS (see --help-ls); example [**,*,ln,p,r]
ls: **,*,ln,p,r # hint; default is unset
# never follow symlinks leaving the volume root, unless the link is into another volume where the user has similar access
# 📂 also available as volflag "xvol"
xvol
# stay within the filesystem of the volume root; do not descend into other devices (symlink or bind-mount to another HDD, ...)
# 📂 also available as volflag "xdev"
xdev
# disallow moving dotfiles; makes it impossible to move folders containing dotfiles
no-dot-mv
# disallow renaming dotfiles; makes it impossible to turn something into a dotfile
no-dot-ren
# disable rendering .prologue/.epilogue.html into directory listings
no-logues
# disable rendering readme/preadme.md into directory listings
no-readme
# send 404 instead of 403 (security through ambiguity, very enterprise)
vague-403
# don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore --no-robots
force-js
# adds http and html headers asking search engines to not index anything
# 📂 also available as volflag "norobots"
no-robots
# logout clients after H hours of inactivity; [0.0028]=10sec, [0.1]=6min, [24]=day, [168]=week, [720]=month, [8760]=year)
logout: 8086 # default
# more than N wrong passwords in W minutes = ban for B minutes; disable with [no]
ban-pw: 9,60,1440 # default
# more than N password-changes in W minutes = ban for B minutes; disable with [no]
ban-pwc: 5,60,1440 # default
# hitting more than N 404's in W minutes = ban for B minutes; only affects users who cannot see directory listings because their access is either g/G/h
ban-404: 50,60,1440 # default
# hitting more than N 403's in W minutes = ban for B minutes; [1440]=day, [10080]=week, [43200]=month
ban-403: 9,2,1440 # default
# hitting more than N 422's in W minutes = ban for B minutes (invalid requests, attempted exploits ++)
ban-422: 9,2,1440 # default
# hitting more than N sus URL's in W minutes = ban for B minutes; applies only to permissions g/G/h (decent replacement for --ban-404 if that can't be used)
ban-url: 9,2,1440 # default
# URLs which are considered sus / eligible for banning; disable with blank or [no]
sus-urls: \.php$|(^|/)wp-(admin|content|includes)/ # default
# harmless URLs ignored from 404-bans; disable with blank or [no]
nonsus-urls: ^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known # default
# if a client is banned, reject its connection as soon as possible; not a good idea to enable when proxied behind cloudflare since it could ban your reverse-proxy
early-ban
# if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0
aclose: 10 # default
# if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [0]
loris: 60 # default
# Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [https://1.2.3.4]. Default [*] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives
acao: * # default
# Access-Control-Allow-Methods; list of methods to accept from offsite ('*' behaves like --acao's description)
acam: GET,HEAD # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// salting options \\0000000000000000000000000000000000000000000000000000000000000000000000\
# account-pw hashing algorithm; one of these, best to worst: argon2 scrypt sha2 none (each optionally followed by alg-specific comma-sep. config)
ah-alg: argon2 # hint; default is unset
# account-pw salt; ignored if --ah-alg is none (default)
ah-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/
# generate hashed password for PW, or read passwords from STDIN if PW is [-]
ah-gen: PW # placeholder
# launch an interactive shell which hashes passwords without ever storing or displaying the original passwords
ah-cli
# per-file accesskey salt; used to generate unpredictable URLs for hidden files
fk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/
# per-directory accesskey salt; used to generate unpredictable URLs to share folders with users who only have the 'get' permission
dk-salt: shangalabangala # hint; default is autogenerated and stored in $XDG_CONFIG_PATH/.copyparty/
# up2k file-hash salt; serves no purpose, no reason to change this (but delete all databases if you do)
warksalt: hunter2 # default
# on startup, print the effective value of --ah-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified)
show-ah-salt
# on startup, print the effective value of --fk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified)
show-fk-salt
# on startup, print the effective value of --dk-salt (the autogenerated value in $XDG_CONFIG_HOME unless otherwise specified)
show-dk-salt
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// shutdown options \\000000000000000000000000000000000000000000000000000000000000000000000\
# continue running even if it's impossible to listen on some of the requested endpoints
ign-ebind
# continue running even if it's impossible to receive connections at all
ign-ebind-all
# shutdown after WHEN has finished; [cfg] config parsing, [idx] volscan + multimedia indexing
exit: WHEN # placeholder; default is unset
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// logging options \\0000000000000000000000000000000000000000000000000000000000000000000000\
# quiet; disable most STDOUT messages
q
# logfile, example: cpp-%Y-%m%d-%H%M%S.txt.xz (NB: some errors may appear on STDOUT only)
lo: PATH # placeholder
# disable colors; same as environment-variable NO_COLOR
no-ansi
# force colors; overrides environment-variable NO_COLOR
ansi
# don't flush the logfile after each write; tiny bit faster
no-logflush
# do not list volumes and permissions on startup
no-voldump
# do not use local timezone; assume the TZ env-var is UTC (tiny bit faster)
log-utc
# timestamp resolution / number of timestamp decimals
log-tdec: 3 # default
# log failed login attempt passwords: 0=terse, 1=plaintext, 2=hashed
log-badpwd: 1 # default
# debug: print tcp-server msgs
log-conn
# debug: print http-server threadpool scaling
log-htp
# print request HEADER; [*]=all
ihead: user-agent # hint; default is unset
# print response HEADER; [*]=all
ohead: set-cooke # hint; default is unset
# dont log URLs matching regex RE
lf-url: ^/\.cpr/|[?&]th=[wjp]|/\.(_|ql_|DS_Store$|localized$) # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// admin panel options \\000000000000000000000000000000000000000000000000000000000000000000\
# disable ?reload=cfg (reload users/volumes/volflags from config file)
no-reload
# disable ?scan (volume reindexing)
no-rescan
# disable ?stack (list all stacks)
no-stack
# disable ?ru (list of recent uploads)
no-ups-page
# don't show list of incoming files in controlpanel
no-up-list
# who can see active downloads in the controlpanel? [0]=nobody, [1]=admins, [2]=everyone
dl-list: 2 # default
# who can see recent uploads on the ?ru page? [0]=nobody, [1]=admins, [2]=everyone
# 📂 also available as volflag "ups_who"
ups-who: 2 # default
# let everyone see upload timestamps on the ?ru page, not just admins
ups-when
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// thumbnail options \\00000000000000000000000000000000000000000000000000000000000000000000\
# disable all thumbnails
# 📂 also available as volflag "dthumb"
no-thumb
# disable video thumbnails
# 📂 also available as volflag "dvthumb"
no-vthumb
# disable audio thumbnails (spectrograms)
# 📂 also available as volflag "dathumb"
no-athumb
# thumbnail res
# 📂 also available as volflag "thsize"
th-size: 320x256 # default
# num cpu cores to use for generating thumbnails
th-mt: 4 # hint; default is autodetect
# conversion timeout in seconds
# 📂 also available as volflag "convt"
th-convt: 60 # default
# max memory usage (GiB) permitted by thumbnailer; not very accurate
th-ram-max: 3 # hint; default is 60% of free ram at startup (some conditions apply)
# crop thumbnails to 4:3 or keep dynamic height; client can override in UI unless force. [y]=crop, [n]=nocrop, [fy]=force-y, [fn]=force-n
# 📂 also available as volflag "crop"
th-crop: y # default
# show thumbs at 3x resolution; client can override in UI unless force. [y]=yes, [n]=no, [fy]=force-yes, [fn]=force-no
# 📂 also available as volflag "th3x"
th-x3: n # default
# image decoders, in order of preference
th-dec: vips,pil,raw,ff # default
# disable jpg output
th-no-jpg
# disable webp output
th-no-webp
# force jpg output for video thumbs (avoids issues on some FFmpeg builds)
th-ff-jpg
# use swresample instead of soxr for audio thumbs (faster, lower accuracy, avoids issues on some FFmpeg builds)
th-ff-swr
# activity labeling cooldown -- avoids doing keepalive pokes (updating the mtime) on thumbnail folders more often than SEC seconds
th-poke: 300 # default
# cleanup interval; 0=disabled
th-clean: 43200 # default
# max folder age -- folders which haven't been poked for longer than --th-poke seconds will get deleted every --th-clean seconds
th-maxage: 604800 # default
# folder thumbnails to stat/look for; enabling -e2d will make these case-insensitive, and try them as dotfiles (.folder.jpg), and also automatically select thumbnails for all folders that contain pics, even if none match this pattern
th-covers: folder.png,folder.jpg,cover.png,cover.jpg # default
# image formats to decode using pillow
th-r-pil: a,very,long,list,of,file,extensions # hint
# image formats to decode using pyvips
th-r-vips: a,very,long,list,of,file,extensions # hint
# image formats to decode using rawpy
th-r-raw: a,very,long,list,of,file,extensions # hint
# image formats to decode using ffmpeg
th-r-ffi: a,very,long,list,of,file,extensions # hint
# video formats to decode using ffmpeg
th-r-ffv: a,very,long,list,of,file,extensions # hint
# audio formats to decode using ffmpeg
th-r-ffa: a,very,long,list,of,file,extensions # hint
# audio formats which provoke https://trac.ffmpeg.org/ticket/10797 (huge ram usage for s3xmodit spectrograms)
th-spec-cnv: a,very,long,list,of,file,extensions # hint
# audio/image formats to decompress before passing to ffmpeg
au-unpk: mdz=mod.zip, mdgz=mod.gz, mdxz=mod.xz, and so on
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// transcoding options \\000000000000000000000000000000000000000000000000000000000000000000\
# target bitrate for transcoding to opus; set 0 to disable
q-opus: 128 # default
# target quality for transcoding to mp3, for example [192k] (CBR) or [q0] (CQ/CRF, q0=maxquality, q9=smallest); set 0 to disable
q-mp3: q2 # default
# allow transcoding to wav (lossless, uncompressed)
allow-wav
# allow transcoding to flac (lossless, compressed)
allow-flac
# disable transcoding to caf-opus (affects iOS v12~v17), will use mp3 instead
no-caf
# disable transcoding to webm-opus (iOS v18 and later), will use mp3 instead
no-owa
# disable audio transcoding
no-acode
# disable batch audio transcoding by folder download (zip/tar)
no-bacode
# delete cached transcode output after SEC seconds
ac-maxage: 86400 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// tailing options (realtime streaming of a growing file) \\0000000000000000000000000000000\
# who can tail? [0]=nobody, [1]=admins, [2]=authenticated-with-read-access, [3]=everyone-with-read-access
# 📂 also available as volflag "tail_who"
tail-who: 2 # default
# do not allow starting a new tail if more than N active downloads
tail-cmax: 64 # default
# terminate connection after SEC seconds; [0]=never
# 📂 also available as volflag "tail_tmax"
tail-tmax: 0 # default
# check for new data every SEC seconds
# 📂 also available as volflag "tail_rate"
tail-rate: 0.2 # default
# send a zerobyte if connection is idle for SEC seconds to prevent disconnect
tail-ka: 3 # default
# check if file was replaced (new fd) if idle for SEC seconds
# 📂 also available as volflag "tail_fd"
tail-fd: 1 # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// RSS options \\00000000000000000000000000000000000000000000000000000000000000000000000000\
# enable RSS output (experimental)
# 📂 also available as volflag "rss"
rss
# default number of files to return (url-param 'nf')
rss-nf: 250 # default
# default list of file extensions to include (url-param 'fext'); blank=all
rss-fext: mp3,opus # hint; default is unset
# default sort order (url-param 'sort'); [m]=last-modified [u]=upload-time [n]=filename [s]=filesize; Uppercase=oldest-first. Note that upload-time is 0 for non-uploaded files
rss-sort: m # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// general db options \\0000000000000000000000000000000000000000000000000000000000000000000\
# enable up2k database; this enables file search, upload-undo, improves deduplication
e2d
# scan writable folders for new files on startup; sets -e2d
e2ds
# scans all folders on startup; sets -e2ds
e2dsa
# verify file integrity; rehash all files and compare with db
e2v
# on hash mismatch: update the database with the new hash
e2vu
# on hash mismatch: panic and quit copyparty
e2vp
# where to store volume data (db, thumbs); default is a folder named ".hist" inside each volume
# 📂 also available as volflag "hist"
hist: PATH # placeholder; default is unset
# override where the volume databases are to be placed; default is the same as --hist
# 📂 also available as volflag "dbpath"
dbpath: PATH # placeholder; default is unset
# regex: disable hashing of matching absolute-filesystem-paths during e2ds folder scans
# 📂 also available as volflag "nohash"
no-hash: ^/mnt/nas/linux-isos/knoppix/
# regex: disable indexing of matching absolute-filesystem-paths during e2ds folder scans
# 📂 also available as volflag "noidx"
no-idx: ^/mnt/nas/logs/
# do not show total recursive size of folders in listings, show inode size instead; slightly faster
# 📂 also available as volflag "nodirsz"
no-dirsz
# if the directory-sizes in the UI are bonkers, use this along with -e2dsa to rebuild the index from scratch
re-dirsz
# disable rescan acceleration; do full database integrity check -- makes the db ~5% smaller and bootup/rescans 3~10x slower
no-dhash
# force a cache rebuild on startup; enable this once if it gets out of sync (should never be necessary)
re-dhash
# never forget indexed files, even when deleted from disk -- makes it impossible to ever upload the same file twice -- only useful for offloading uploads to a cloud service or something
# 📂 also available as volflag "noforget"
no-forget
# remove uploader-IP from database (and make unpost impossible) MIN minutes after upload, for GDPR reasons. Default [0] is never-forget. [1440]=day, [10080]=week, [43200]=month.
# 📂 also available as volflag "forget_ip"
forget-ip: 0 # default (disabled)
# database durability profile; sets the tradeoff between robustness and speed, see --help-dbd
# 📂 also available as volflag "dbd"
dbd: wal # default
# on upload: check all volumes for dupes, not just the target volume (probably buggy, not recommended)
# 📂 also available as volflag "xlink"
xlink
# num cpu cores to use for file hashing; set 0 or 1 for single-core hashing
hash-mt: 4 # default is autodetect but max 5
# rescan filesystem for changes every SEC seconds; 0=off
# 📂 also available as volflag "scan"
re-maxage: 0 # default
# defer any scheduled volume reindexing until SEC seconds after last db write (uploads, renames, ...)
db-act: 10 # default
# search deadline -- terminate searches running for more than SEC seconds
srch-time: 45 # default
# max search results to allow clients to fetch; 125 results will be shown initially
srch-hits: 7999 # default
# regex: exclude files from search results if the file-URL matches PTN (case-sensitive)
# 📂 also available as volflag "srch_excl"
srch-excl: password|logs/[0-9] # hint (any URL containing 'password' or 'logs/DIGIT'), default is unset
# show dotfiles in search results (volflags: dotsrch | nodotsrch)
dotsrch
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// metadata db options \\000000000000000000000000000000000000000000000000000000000000000000\
# enable metadata indexing; makes it possible to search for artist/title/codec/resolution/...
e2t
# scan newly discovered files for metadata on startup; sets -e2t
e2ts
# delete all metadata from DB and do a full rescan; sets -e2ts
e2tsr
# use FFprobe for tags instead; will detect more tags
no-mutagen
# never use FFprobe as tag reader; is probably safer
no-mtag-ff
# timeout for FFprobe tag-scan
mtag-to: 60 # default
# num cpu cores to use for tag scanning
mtag-mt: 4 # hint; default is autodetect
# verbose tag scanning; print errors from mtp subprocesses and such
mtag-v
# debug mtp settings and mutagen/FFprobe parsers
mtag-vv
# REPEATABLE: add/replace metadata mapping
mtm: qux=foo,bar # hint (clone metadata-key foo to qux with bar as fallback); default is unset
# tags to index/display (comma-sep.); either an entire replacement list, or add/remove stuff on the default-list with +foo or /bar"
mte: .files,circle,album,.tn,artist,title,.bpm,key,.dur,.q,.vq,.aq,vc,ac,fmt,res,.fps,ahash,vhash # default
# tags to hide by default (comma-sep.); assign/add/remove same as -mte"
mth: .vq,.aq,vc,ac,fmt,res,.fps # default
# REPEATABLE: read tag M using program BIN to parse the file
mtp: .bpm=~/bin/audio-bpm.py # hint; default is unset
mtp: key=f,t5,~/bin/audio-key.py
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// textfile options \\000000000000000000000000000000000000000000000000000000000000000000000\
# where to store old version of markdown files; [s]=subfolder, [v]=volume-histpath, [n]=nope/disabled
# 📂 also available as volflag "md_hist"
md-hist: s # default
# the textfile editor will check for serverside changes every SEC seconds
mcr: 60 # default
# enable markdown plugins -- neat but dangerous, big XSS risk
emp
# enable textfile expansion -- replace {{self.ip}} and such; see --help-exp
# 📂 also available as volflag "exp"
exp
# comma/space-separated list of placeholders to expand in markdown files; add/remove stuff on the default list with +hdr_foo or /vf.scan
# 📂 also available as volflag "exp_md"
exp-md: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default
# comma/space-separated list of placeholders to expand in prologue/epilogue files
# 📂 also available as volflag "exp_lg"
exp-lg: self.ip self.ua self.uname self.host cfg.name cfg.logout vf.scan vf.thsize hdr.cf_ipcountry srv.itime srv.htime # default
# regex of user-agents to reject from viewing documents through ?doc=[...]; disable with [no] or blank
ua-nodoc: Barkrowler|bingbot|BLEXBot|Googlebot|GoogleOther|GPTBot|PetalBot|SeekportBot|SemrushBot|YandexBot # default
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// og / open graph / discord-embed options \\0000000000000000000000000000000000000000000000\
# disable hotlinking and return an html document instead; this is required by open-graph, but can also be useful on its own
# 📂 also available as volflag "og"
og
# only disable hotlinking / engage OG behavior if the useragent matches regex RE
# 📂 also available as volflag "og_ua"
og-ua: (Discord|Twitter|Slack)bot # hint; default is unset
# do not return the regular copyparty html, but instead load the jinja2 template at PATH (if path contains 'EXT' then EXT will be replaced with the requested file's extension)
# 📂 also available as volflag "og_tpl"
og-tpl: /var/copyparty/opengraph-EXT.j2 # hint; default is unset
# do not automatically add OG entries into <head> (useful if you're doing this yourself in a template or such)
# 📂 also available as volflag "og_no_head"
og-no-head
# thumbnail format; j=jpeg, jf=jpeg-uncropped, jf3=jpeg-uncropped-large, w=webm, ...
# 📂 also available as volflag "og_th"
og-th: jf3 # default
# fallback title if there is nothing in the -e2t database
# 📂 also available as volflag "og_title"
og-title: HEY CHECK THIS OUT # hint; default is blank
# audio title format; takes any metadata key
# 📂 also available as volflag "og_title_a"
og-title-a: 🎵 {{ artist }} - {{ title }} # default
# video title format; takes any metadata key
# 📂 also available as volflag "og_title_v"
og-title-v: {{ title }} # default
# image title format; takes any metadata key
# 📂 also available as volflag "og_title_i"
og-title-i: {{ title }} # default
# force default title; do not read from tags
# 📂 also available as volflag "og_s_title"
og-s-title
# description text; same for all files, disable with [-]
# 📂 also available as volflag "og_desc"
og-desc: bottom text # hint; default is blank
# sitename; defaults to --name, disable with [-]
# 📂 also available as volflag "og_site"
og-site: dank memes # hint; default is blank which means it'll copy the `name` global-option
# accent color (3 or 6 hex digits); may also affect safari and/or android-chrome
# 📂 also available as volflag "tcolor"
tcolor: 333 # default (copyparty gray)
# query-string parceling; translate a request for /foo/.uqe/BASE64 into /foo?TEXT, or /foo/?TEXT if the first character in TEXT is a slash. Automatically enabled for --og
uqe
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// ui options \\000000000000000000000000000000000000000000000000000000000000000000000000000\
# show grid/thumbnails by default
# 📂 also available as volflag "grid"
grid
# select files in grid by ctrl-click
# 📂 also available as volflag "gsel"
gsel
# default to local timezone instead of UTC
localtime
# language; one of the following: eng nor chi
lang: eng # default
# default theme to use (0..7)
theme: 0 # default
# number of themes installed
themes: 8 # default
# default audio/video volume percent
au-vol: 50 # default; anything 0-100
# default sort order, comma-separated column IDs (see header tooltips), prefix with '-' for descending. Examples: href -href ext sz ts tags/Album tags/.tn
# 📂 also available as volflag "sort"
sort: href # default
# default-enable natural sort of filenames with leading numbers
# 📂 also available as volflag "nsort"
nsort
# number of sorting rules to include in media URLs by default
# 📂 also available as volflag "hsortn"
hsortn: 2 # default
# default-enable seeing dotfiles; only takes effect if user has the necessary permissions
see-dots
# number of confirmations to show when deleting files (2/1/0)
qdel: 2 # default
# don't show files/folders matching REGEX in file list. WARNING: Purely cosmetic! Does not affect API calls, just the browser. Example: [\.(js|css)$]
# 📂 also available as volflag "unlist"
unlist: REGEX # placeholder
# favicon-text [ foreground [ background ] ], set blank to disable
favico: c 000 none # default
# REPEATABLE: use thumbnail-image VP for file-extension E, example: [exe=/.res/exe.png]
# 📂 also available as volflag "ext_th"
ext-th: 7z=/.icons/archive.png # hint; default is unset
ext-th: exe=/.icons/glass-of-red-liquid.png
# emoji or emoji,css Example: [🥖,padding:0]
spinner: 🌲 # default
# URL to additional CSS to include in the filebrowser html
css-browser: /.res/rice.css # hint; default is unset
# URL to additional JS to include in the filebrowser html
js-browser: /.res/mousetrail.js # hint; default is unset
# URL to additional JS to include in all other pages
js-other: /.res/snowflakes.jpg # hint; default is unset
# text to append to the <head> of all HTML pages (except for basic-browser); can be @PATH to send the contents of a file at PATH, and/or begin with % to render as jinja2 template
# 📂 also available as volflag "html_head"
html-head: <script>alert(1);</script> # hint; default is unset
# if a folder contains index.html, show that instead of the directory listing by default (can be changed in the client settings UI, or add ?v to URL for override)
ih
# file extensions to present as plaintext
textfiles: txt,nfo,diz,cue,readme # default
# max size of embedded textfiles on ?doc= (anything bigger will be lazy-loaded by JS)
txt-max: 64 # default
# title / service-name to show in html documents
doctitle: copyparty @ --name # default (--name will copy from global-option `name`)
# server name (displayed in filebrowser document title)
bname: --name # default (copy global-option `name`)
# powered-by link; disable with -nb
pb-url: https://github.com/9001/copyparty # default
# show version on the control panel (incompatible with -nb)
ver
# configure the option to enable/disable k304 on the controlpanel (workaround for buggy reverse-proxies); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on
k304: 0 # default
# configure the option to enable/disable no304 on the controlpanel (workaround for buggy caching in browsers); [0] = hidden and default-off, [1] = visible and default-off, [2] = visible and default-on
no304: 0 # default
# list of capabilities to allow in the iframe 'sandbox' attribute for README.md docs (volflag=md_sbf); see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox
md-sbf: downloads forms popups scripts top-navigation-by-user-activation # default
# list of capabilities to allow in the iframe 'sandbox' attribute for prologue/epilogue docs
# 📂 also available as volflag "lg_sbf"
lg-sbf: downloads forms popups scripts top-navigation-by-user-activation # default
# the value of the iframe 'allow' attribute for README.md docs, for example [fullscreen]
# 📂 also available as volflag "md_sba"
md-sba: fullscreen # hint; default is blank
# the value of the iframe 'allow' attribute for prologue/epilogue docs (volflag=lg_sba); see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#iframes
lg-sba: TXT # placeholder
# don't sandbox README/PREADME.md documents (volflags: no_sb_md | sb_md)
no-sb-md
# don't sandbox prologue/epilogue docs (volflags: no_sb_lg | sb_lg); enables non-js support
no-sb-lg
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// debug options \\000000000000000000000000000000000000000000000000000000000000000000000000\
# verbose config file parser (explain config)
vc
# generate config file from current config (best-effort; probably buggy)
cgen
# list information about detected optional dependencies
deps
# kernel-bug workaround: disable poll; use select instead (limits max num clients to ~700)
no-poll
# kernel-bug workaround: disable sendfile; do a safe and slow read-send-loop instead
no-sendfile
# kernel-bug workaround: disable scandir; do a listdir + stat on each file instead
no-scandir
# wait for initial filesystem indexing before accepting client requests
no-fastboot
# disable httpserver threadpool, create threads as-needed instead
no-htp
# when listening on unix-sockets, do a basic delete+bind instead of the default atomic bind
rm-sck
# explain search processing, and do some extra expensive sanity checks
srch-dbg
# use mdns-domain instead of server-ip on /?hc
rclone-mdns
# write stacktrace to Path every S second, for example --stackmon=./st/%Y-%m/%d/%H%M.xz,60
stackmon: P,S # placeholder
# list active threads every SEC
log-thrs: 0 # default
# log filekey params for files where path matches REGEX; [.] (a single dot) = all files
log-fk: /mnt/a-problematic-fuse/this-folder-breaks-filekeys/ # hint; default is unset
# [up2k] if a client uploads a bitflipped/corrupted chunk, store a copy according to --bf-nc and --bf-dir
bak-flips
# bak-flips: stop if there's more than NUM files at --kf-dir already; default: 6.3 GiB max (200*32M)
bf-nc: 200 # default
# bak-flips: store corrupted chunks at PATH; default: folder named 'bf' wherever copyparty was started
bf-dir: /srv/bitflips/ # hint; default = bf
# bak-flips: log corruption info to a textfile at PATH
bf-log: /srv/bitflips/the-history.txt # hint; default is unset
###############################################################################################
###############################################################################################
###############################################################################################
###############################################################################################
###############################################################################################
###############################################################################################
#####/
##### This is the end of the [global] config section
####/
[accounts]
foo: bar # username foo, password bar
[groups]
g1: u1, u2, u3 # group "g1" with users u1, u2, and u3
[/the/url/to/share/this/volume/on/]
/the/actual/filesystem/path/
accs:
r: username_who_gets_Read_access
w: username_who_gets_Write_access
m: username_who_gets_Move_access
d: username_who_gets_Delete_access
.: username_who_can_see_Dotfiles
g: username_who_gets_Get_access
G: username_who_gets_upGet_access
h: username_who_gets_html_access
a: username_who_gets_admin_access
A: username_who_gets_ReadWriteMoveDeleteDotfileAdmin_access
rwm: @g1 # the group "g1" gets Read+Write+Move
flags:
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// uploads, general \\000000000000000000000000000000000000000000000000000000000000000000000\
# enable symlink-based file deduplication
dedup
# enable hardlink-based file deduplication, with fallback on symlinks when that is impossible
hardlink
# dedup with hardlink only, never symlink; make a full copy if hardlink is impossible
hardlinkonly
# enable reflink-based file deduplication, with fallback on full copy when that is impossible
reflink
# verify on-disk data before using it for dedup
safededup
# take dupe data from clients, even if available on HDD
noclone
# rejects existing files (instead of linking/cloning them)
nodupe
# unix-permission for new dirs/folders
chmod_d: 755
# unix-permission for new files
chmod_f: 644
# change owner of new files/folders to unix-user 573
uid: 573
# change owner of new files/folders to unix-group 999
gid: 999
# force use of sparse files, mainly for s3-backed storage
sparse
# deny use of sparse files, mainly for slow storage
nosparse
# enable full WebDAV write support (dangerous); PUT-operations will now OVERWRITE existing files
daw
# forces all uploads into the top folder of the vfs
nosub
# enables filetype detection for nameless uploads
magic
# fallback filename for nameless uploads
put_name
# default checksum-hasher for PUT/WebDAV uploads
put_ck
# default checksum-hasher for bup/basic uploads
bup_ck
# allows server-side gzip compression of uploads with ?gz
gz
# allows server-side lzma compression of uploads with ?xz
xz
# forces server-side compression, optional arg: xz,9
pk
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// upload rules \\0000000000000000000000000000000000000000000000000000000000000000000000000\
# max 250 uploads over 15min
maxn: 250,600
# max 1 GiB over 5min (suffixes: b, k, m, g, t)
maxb: 1g,300
# total volume size max 1 GiB (suffixes: b, k, m, g, t)
vmaxb: 1g
# max 4096 files in volume (suffixes: b, k, m, g, t)
vmaxn: 4k
# return medialinks for non-up2k uploads (not hotlinks)
medialinks
# write-only users can upload logues without getting renamed
wo_up_readme
# force randomized filenames, 9 chars long by default
rand
# randomized filenames are N chars long
nrand: N
# overwrite existing files? 0=no 1=if-older 2=always
u2ow: N
# [f]orce [c]lient-last-modified or [u]pload-time
u2ts: fc
# allow aborting unfinished uploads? 0=no 1=strict 2=ip-chk 3=acct-chk
u2abort: 1
# allow filesizes between 1 KiB and 3MiB
sz: 1k-3m
# ensure 1 GiB free disk space
df: 1g
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// upload rotation -- (moves all uploads into the specified folder structure) \\00000000000\
# 3 levels of subfolders with 100 entries in each
rotn: 100,3
# date-formatted organizing
rotf: %Y-%m/%d-%H
# uploads are deleted after 1 hour
lifetime: 3600
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// database, general \\00000000000000000000000000000000000000000000000000000000000000000000\
# enable database; makes files searchable + enables upload-undo
e2d
# scan writable folders for new files on startup; also sets -e2d
e2ds
# scans all folders for new files on startup; also sets -e2d
e2dsa
# enable multimedia indexing; makes it possible to search for tags
e2t
# scan existing files for tags on startup; also sets -e2t
e2ts
# delete all metadata from DB (full rescan); also sets -e2ts
e2tsr
# disables metadata collection for existing files
d2ts
# verify integrity on startup by hashing files and comparing to db
e2v
# when e2v fails, update the db (assume on-disk files are good)
e2vu
# when e2v fails, panic and quit copyparty
e2vp
# disables onboot indexing, overrides -e2ds*
d2ds
# disables metadata collection, overrides -e2t*
d2t
# disables file verification, overrides -e2v*
d2v
# disables all database stuff, overrides -e2*
d2d
# puts thumbnails and indexes at that location
hist: /tmp/cdb
# puts indexes at that location
dbpath: /tmp/cdb
# disable db if file foo doesn't exist
landmark: foo
# scan for new files every 60sec, same as --re-maxage
scan: 60
# skips hashing file contents if path matches *.iso
nohash: \.iso$
# fully ignores the contents at paths matching *.iso
noidx: \.iso$
# don't forget files when deleted from disk
noforget
# forget uploader-IP after 30 days (GDPR)
forget_ip: 43200
# never store uploader-IP in the db; disables unpost
no_db_ip
# avoid excessive reindexing on android sdcardfs
fat32
# database speed-durability tradeoff
dbd: [acid|swal|wal|yolo]
# cross-volume dupe detection / linking (dangerous)
xlink
# do not descend into other filesystems
xdev
# do not follow symlinks leaving the volume root
xvol
# show dotfiles in search results
dotsrch
# hide dotfiles in search results (default)
nodotsrch
# exclude search results with URL matching this regex
srch_excl
# media-tags to index/display
mte: artist,title
# media-tags to hide by default
mth: fmt,res,ac
# uses the "audio-bpm.py" program to generate ".bpm" tags from uploads (f = overwrite tags)
mtp: .bpm=f,audio-bpm.py
# collects two tags at once
mtp: ahash,vhash=media-hash.py
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// thumbnails \\000000000000000000000000000000000000000000000000000000000000000000000000000\
# disables all thumbnails
dthumb
# disables video thumbnails
dvthumb
# disables audio thumbnails (spectrograms)
dathumb
# disables image thumbnails
dithumb
# compress audio waveforms 33% better
pngquant
# thumbnail res; WxH
thsize
# center-cropping (y/n/fy/fn)
crop
# 3x resolution (y/n/fy/fn)
th3x
# conversion timeout in seconds
convt
# use /b.png as thumbnail for file-extension s
ext_th: s=/b.png
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// handlers -- (better explained in --help-handlers) \\000000000000000000000000000000000000\
# handle 404s by executing PY file
on404: ~/bin/hook.py
# handle 403s by executing PY file
on403: ~/bin/hook.py
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// event hooks -- (better explained in --help-hooks) \\000000000000000000000000000000000000\
# execute CMD before a file upload starts
xbu: ~/bin/hook.py
# execute CMD after a file upload finishes
xau: ~/bin/hook.py
# execute CMD after all uploads finish and volume is idle
xiu: ~/bin/hook.py
# execute CMD before a file copy
xbc: ~/bin/hook.py
# execute CMD after a file copy
xac: ~/bin/hook.py
# execute CMD before a file rename/move
xbr: ~/bin/hook.py
# execute CMD after a file rename/move
xar: ~/bin/hook.py
# execute CMD before a file delete
xbd: ~/bin/hook.py
# execute CMD after a file delete
xad: ~/bin/hook.py
# execute CMD on message
xm: ~/bin/hook.py
# execute CMD if someone gets banned
xban: ~/bin/hook.py
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// client and ux \\000000000000000000000000000000000000000000000000000000000000000000000000\
# show grid/thumbnails by default
grid
# select files in grid by ctrl-click
gsel
# default sort order
sort
# natural-sort of leading digits in filenames
nsort
# number of sort-rules to add to media URLs
hsortn
# dont list files matching REGEX
unlist
# includes TXT in the <head>, or @PATH for file at PATH
html_head: <script>alert(1);</script>
# theme color (a hint for webbrowsers, discord, etc.)
tcolor: #fc0
# don't show total folder size
nodirsz
# allows indexing by search engines (default)
robots
# kindly asks search engines to leave
norobots
# don't list read-access in controlpanel
unlistcr
# don't list write-access in controlpanel
unlistcw
# disable js sandbox for markdown files
no_sb_md
# disable js sandbox for prologue/epilogue
no_sb_lg
# enable js sandbox for markdown files (default)
sb_md
# enable js sandbox for prologue/epilogue (default)
sb_lg
# list of markdown-sandbox safeguards to disable
md_sbf
# list of *logue-sandbox safeguards to disable
lg_sbf
# value of iframe allow-prop for markdown-sandbox
md_sba
# value of iframe allow-prop for *logue-sandbox
lg_sba
# return html and markdown as text/html
nohtml
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// opengraph (discord embeds) \\00000000000000000000000000000000000000000000000000000000000\
# enable OG (disables hotlinking)
og
# sitename; defaults to --name, disable with '-'
og_site
# description text for all files; disable with '-'
og_desc
# thumbnail format; j / jf / jf3 / w / w3 / ...
og_th: jf
# audio title format; default: {{ artist }} - {{ title }}
og_title_a
# video title format; default: {{ title }}
og_title_v
# image title format; default: {{ title }}
og_title_i
# fallback title if there's nothing in the db
og_title: foo
# force default title; do not read from tags
og_s_title
# custom html; see --og-tpl in --help
og_tpl
# you want to add tags manually with og_tpl
og_no_head
# if defined: only send OG html if useragent matches this regex
og_ua
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// textfiles \\0000000000000000000000000000000000000000000000000000000000000000000000000000\
# where to put markdown backups; s=subfolder, v=volHist, n=nope
md_hist
# enable textfile expansion; see --help-exp
exp
# placeholders to expand in markdown files; see --help
exp_md
# placeholders to expand in prologue/epilogue; see --help
exp_lg
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// tailing \\000000000000000000000000000000000000000000000000000000000000000000000000000000\
# disable ?tail (download a growing file continuously)
notail
# check if file was replaced (new fd) every 1 sec
tail_fd: 1
# check for new data every 0.2 sec
tail_rate: 0.2
# kill connection after 30 sec
tail_tmax: 30
# restrict ?tail access (1=admins,2=authed,3=everyone)
tail_who: 2
###000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\
###// others \\0000000000000000000000000000000000000000000000000000000000000000000000000000000\
# allow all users with read-access to enable the option to show dotfiles in listings
dots
# generates per-file accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes
fk: 8
# generates slightly weaker per-file accesskeys, which are then required at the "g" permission; not affected by filesize or inode numbers
fka: 8
# generates per-directory accesskeys, which are then required at the "g" permission; keys are invalidated if filesize or inode changes
dk: 8
# per-directory accesskeys allow browsing into subdirs
dks
# allow seeing files (not folders) inside a specific folder with "g" perm, and does not require a valid dirkey to do so
dky
# allow '?rss' URL suffix (experimental)
rss
# expensive analysis for mimetype accuracy
rmagic
# restrict viewing the list of recent uploads
ups_who: 2
# restrict access to download-as-zip/tar
zip_who: 2
# reject download-as-zip if more than 9000 files
zipmaxn: 9k
# reject download-as-zip if size over 2 GiB
zipmaxs: 2g
# reply with 'no' if download-as-zip exceeds max
zipmaxt: no
# zip-size-limit does not apply to authenticated users
zipmaxu
# disable race-the-beam (download unfinished uploads)
nopipe
# ms-windows: timeout for renaming busy files
mv_retry
# ms-windows: timeout for deleting busy files
rm_retry
# ask webdav clients to login for all folders
davauth
# show lastmod time of symlink destination, not the link itself (note: this option is always enabled for recursive listings)
davrt
Reference in a new issue View git blame Copy permalink