wopiserver.conf

#
# wopiserver.conf
#
# Default configuration file for the WOPI server for CERNBox
#
##############################################################

[general]
# Storage access layer to be loaded in order to operate this WOPI server
# Supported values: local, xroot, cs3.
#storagetype =

# Port where to listen for WOPI requests
port = 8880

# The internal server engine to use (defaults to flask).
# Set to waitress for production installations.
#internalserver = flask

# Logging level. Debug enables the Flask debug mode as well.
# Valid values are: Debug, Info, Warning, Error.
loglevel = Info

# Logging handler. Sets the log handler to use.
# Valid values are: file, stream.
loghandler = file

# Logging destination.
# Valid values if 'loghandler = file' are: any existing file path.
# Valid values if 'loghandler = stream' are: stdout, stderr.
#logdest = /var/log/wopi/wopiserver.log

# URL of your WOPI server or your HA proxy in front of it
#wopiurl = https://your-wopi-server.org:8443

# Branding name of your EFSS service. When configured,
# Microsoft Office displays it as the Location on the
# status popup below the filename.
#brandingname =

# URL of your EFSS service for the branding name. When configured,
# Microsoft Office shows the branding name as an href.
#brandingurl =

# URL for direct download of files. The complete URL that is sent
# to WOPI apps will include the access_token argument.
# A route to the /wopi/iop/download endpoint could be used for this,
# though WOPI apps also work without this route configured.
#downloadurl =

# Optional URL to display a file sharing dialog. This enables
# a 'Share' button within the application. The URL may contain
# any of the `<path>`, `<endpoint>`, `<fileid>`, and `<app>`
# placeholders, which are dynamically replaced with actual values
# for the opened file.
#filesharingurl = https://your-efss-server.org/fileshare?filepath=<path>&app=<app>&fileId=<endpoint>!<fileid>

# URLs for the pages that embed the application in edit mode and
# preview mode. By default, the appediturl and appviewurl are used,
# but it is recommended to configure here a URL that displays apps
# within an iframe on your EFSS.
# Placeholders `<path>`, `<endpoint>`, `<fileid>`, and `<app>` are
# dynamically replaced similarly to the above. The suggested example
# reflects the ownCloud web implementation.
#hostediturl = https://your-efss-server.org/external?app=<app>&fileId=<endpoint>!<fileid>
#hostviewurl = https://your-efss-server.org/external?app=<app>&fileId=<endpoint>!<fileid>&viewmode=VIEW_MODE_PREVIEW

# Optional URL prefix for WebDAV access to the files. This enables
# a 'Edit in Desktop client' action on Windows-based clients
#webdavurl = https://your-efss-server.org/webdav

# Optional URL to a privacy notice for this service
#privacyurl = https://your-organization/path/to/privacy-notice

# List of file extensions deemed incompatible with LibreOffice:
# interoperable locking will be disabled for such files
nonofficetypes = .md .zmd .txt

# List of file extensions supported by Collabora
codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key

# WOPI access token expiration time [seconds]
#tokenvalidity = 86400

# WOPI lock expiration time [seconds]
# Note that Microsoft specifications state that WOPI locks MUST expire after 30 minutes,
# therefore the default value SHALL NOT be changed in production environments.
#wopilockexpiration = 1800

# WOPI lock strict check: if True (default), WOPI locks will be compared according to specs,
# that is their representation must match. False allows for a more relaxed comparison,
# which compensates incorrect lock requests from Microsoft Office Online 2016-2018
# on-premise setups.
#wopilockstrictcheck = True

# Enable support of rename operations from WOPI apps. This is currently
# disabled by default because the implementation is not complete,
# and it is to be enabled for testing purposes only for the time being.
#enablerename = False

# Detection of external Microsoft Office or LibreOffice locks. By default, lock files
# compatible with Office for Desktop applications are detected, assuming that the
# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock
# and SetLock operations return such locks and prevent online apps from entering edit mode.
# This feature can be disabled, to operate a WOPI server with full control on the storage.
#detectexternallocks = True

# Detection of external modifications to locked files. By default, on PutFile operations
# the system checks against a previously set extended attribute, and if missing or older
# than the current file's mtime, PutFile is failed. This allows to operate on shared
# storage systems that do not honour WOPI locks. Similarly to the above, this
# feature can be disabled for storages where WOPI locking is fully honoured.
#detectexternalmodifications = True

# Location of the user's personal space, used as a fall back location when storing
# PutRelative targets or webconflict files. Normally, such files are stored in the same
# path as the original file. If that fails (e.g. because of missing permissions),
# an attempt is made to store such files in this path if specified, otherwise
# the system falls back to the recovery space (cf. io|recoverypath) for web conflicts
# whereas PutRelative operations are just failed.
# The keywords <user_initial> and <username> are replaced with the actual username's
# initial letter and the actual username, respectively, so you can use e.g.
# /your_storage/home/user_initial/username
#homepath = /home/username

# Disable write ability (i.e. force read-only) when an open is requested for an ODF
# file with a Microsoft Office app. This allows to use MS Office as a pure viewer,
# without the risk to corrupt the file as it has been observed that MS Office may
# not preserve the correct formatting of ODF files.
#disablemswriteodf = False

# ownCloud's WOPI proxy configuration. Disabled by default.
#wopiproxy = https://external-wopi-proxy.com
#wopiproxysecretfile = /path/to/your/shared-key-file
#proxiedappname = Name of your proxied app

# A flag to disable the business flow with Microsoft Office 365 as detailed in:
# https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/online/scenarios/business
# Note that this must stay enabled if this wopiserver is to serve Microsoft Office 365.
#businessflow = True

# Configure the regional compliance domain for Microsoft, as detailed in:
# https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/files/checkfileinfo/checkfileinfo-csppp#compliancedomainprefix
# The default value is the EU area.
#compliancedomain = euc

# A flag to enable early features with Microsoft Office
#earlyfeatures = False


[security]
# Location of the secret files. Requires a restart of the
# WOPI server when either the files or their content change.
wopisecretfile = /etc/wopi/wopisecret
iopsecretfile = /etc/wopi/iopsecret

# Use https as opposed to http (requires certificate)
usehttps = no

# Certificate and key for https. Requires a restart
# to apply a change.
wopicert = /etc/grid-security/host.crt
wopikey = /etc/grid-security/host.key


[bridge]
# SSL certificate check for the connected apps
#sslverify = True

# Minimum time interval between two consecutive save operations [seconds]
#saveinterval = 200

# Minimum time interval before a closed file is WOPI-unlocked [seconds]
#unlockinterval = 90

# CodiMD: disable creating zipped bundles when files contain pictures
#disablezip = False


[io]
# Size used for buffered reads [bytes]
chunksize = 4194304

# Path to a recovery space in case of I/O errors when reaching to the remote storage.
# This is expected to be a local path, and it is provided in order to ease user support.
# Defaults to the indicated spool folder.
#recoverypath = /var/spool/wopirecovery


[xroot]
# URL of the default remote xroot storage server. This can be overridden
# if the end-point is passed on the /wopi/cbox/open call
#storageserver = root://your-xrootd-server.org

# Optional EOS top-level path that will be prepended to all user paths. Useful
# to map the cloud files in a subfolder of the underlying EOS storage. By default,
# this is not used and storagehomepath is empty.
#storagehomepath = /your/top/storage/path

# Optional timeout value [seconds] applied to all xroot requests.
# Note that for such value to be enforced you also need to override
# the timeout resolution time (15 [seconds] by default) by setting
# the XRD_TIMEOUTRESOLUTION environment variable.
#timeout = 10


[local]
# Location of the folder or mount point used as local storage
#storagehomepath = /mnt/your_local_storage


[cs3]
# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint
#revagateway = your-reva-gateway-server.org:port

# SSL certificate check for the gateway
#sslverify = True

# Optional timeout value for GRPC requests [seconds].
#grpctimeout = 10

# Optional timeout value for HTTP requests [seconds].
#httptimeout = 10

# This option enables storing the lock payload as arbitrary metadata (extended
# attributes), without using the CS3 Lock API. This may be useful to enable
# the usage of apps when the storage does not implement the locking semantic.
# The flip side is that there's no guaranteed protection against external
# concurrent edits, so this option is to be used with care, and it is strongly
# recommended to keep detectexternalmodifications = True.
# By default, it is assumed the Lock API is available.
#lockasattr = False