diff --git a/source/administration-guide/configure/authentication-configuration-settings.rst b/source/administration-guide/configure/authentication-configuration-settings.rst index 24fa2ae8850..569f4bf0570 100644 --- a/source/administration-guide/configure/authentication-configuration-settings.rst +++ b/source/administration-guide/configure/authentication-configuration-settings.rst @@ -1712,6 +1712,47 @@ Login button text | String input. Default is **SAML**. | - Environment variable: ``MM_SAMLSETTINGS_LOGINBUTTONTEXT`` | +---------------------------------------------------------------------------+-------------------------------------------------------------------+ +config.json-only settings +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following SAML configuration settings are only available by editing the ``config.json`` file. + +.. config:setting:: scoping-idp-provider-id + :displayname: Scoping IDP provider ID (SAML) + :systemconsole: N/A + :configjson: ScopingIDPProviderId + :environment: N/A + :description: Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. + +Scoping IDP provider ID +~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. + ++---------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | ++---------------------------------------------------------------------------------------------+ + +.. config:setting:: scoping-idp-provider-name + :displayname: Scoping IDP provider name (SAML) + :systemconsole: N/A + :configjson: ScopingIDPName + :environment: N/A + :description: Adds the name associated with a user's Scoping Identity Provider ID. + +Scoping IDP provider name +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Adds the name associated with a user's Scoping Identity Provider ID. + ++---------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | ++---------------------------------------------------------------------------------------+ + ---- OAuth 2.0 @@ -1876,6 +1917,25 @@ GitLab OAuth 2.0 Token endpoint | String input. | | +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------+ +.. config:setting:: oauth-gitlabscope + :displayname: GitLab scope (OAuth - GitLab) + :systemconsole: N/A + :configjson: .GitLabSettings.Scope + :environment: MM_GITLABSETTINGS_SCOPE + :description: Standard setting for OAuth to determine the scope of information shared with the OAuth client. Not currently supported by GitLab OAuth. + +GitLab scope +'''''''''''' + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-------------------------------------------------------------+ +| Standard setting for OAuth to determine the scope of | - System Config path: N/A | +| information shared with the OAuth client. | - ``config.json`` setting: ``GitLabSettings`` > ``Scope`` | +| | - Environment variable: ``MM_GITLABSETTINGS_SCOPE`` | +| String input. Not currently supported by GitLab OAuth. | | ++---------------------------------------------------------------+-------------------------------------------------------------+ + Google OAuth 2.0 settings ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1980,6 +2040,25 @@ Google OAuth 2.0 Token endpoint | String input. | - Environment variable: ``MM_GOOGLESETTINGS_TOKENENDPOINT`` | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------+ +.. config:setting:: oauth-googlescope + :displayname: Google scope (OAuth - Google) + :systemconsole: N/A + :configjson: .GoogleSettings.Scope + :environment: MM_GOOGLESETTINGS_SCOPE + :description: Standard setting for OAuth to determine the scope of information shared with the OAuth client. Default value is **profile email**. + +Google scope +'''''''''''' + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-------------------------------------------------------------+ +| Standard setting for OAuth to determine the scope of | - System Config path: N/A | +| information shared with the OAuth client. | - ``config.json`` setting: ``GoogleSettings`` > ``Scope`` | +| | - Environment variable: ``MM_GOOGLESETTINGS_SCOPE`` | +| String input. Recommended setting is ``profile email``. | | ++---------------------------------------------------------------+-------------------------------------------------------------+ + Entra ID OAuth 2.0 settings ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -2112,6 +2191,25 @@ Entra ID OAuth 2.0 Token endpoint | String input. | - Environment variable: ``MM_OFFICE365SETTINGS_TOKENENDPOINT`` | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------+ +.. config:setting:: oauth-entra-id-scope + :displayname: Entra ID scope (OAuth - Entra ID) + :systemconsole: N/A + :configjson: .Office365Settings.Scope + :environment: MM_OFFICE365SETTINGS_SCOPE + :description: Standard setting for OAuth to determine the scope of information shared with the OAuth client. Recommended setting is **User.Read**. + +Entra ID scope +'''''''''''''' + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+---------------------------------------------------------------+ +| Standard setting for OAuth to determine the scope of | - System Config path: N/A | +| information shared with the OAuth client. | - ``config.json`` setting: ``Office365Settings`` > ``Scope`` | +| | - Environment variable: ``MM_OFFICE365SETTINGS_SCOPE`` | +| String input. Recommended setting is ``User.Read``. | | ++---------------------------------------------------------------+---------------------------------------------------------------+ + ---- OpenID Connect diff --git a/source/administration-guide/configure/compliance-configuration-settings.rst b/source/administration-guide/configure/compliance-configuration-settings.rst index 0740e41453d..e69902f498a 100644 --- a/source/administration-guide/configure/compliance-configuration-settings.rst +++ b/source/administration-guide/configure/compliance-configuration-settings.rst @@ -297,6 +297,25 @@ The SMTP server port that will receive your Global Relay EML file when a `custom | This feature's ``config.json`` setting is ``".MessageExportSettings.GlobalRelaySettings.CustomSMTPPort": "25"`` with string input. | +------------------------------------------------------------------------------------------------------------------------------------+ +.. config:setting:: global-relay-smtp-server-timeout + :displayname: Global Relay SMTP server timeout (Compliance Export - Global Relay EML) + :systemconsole: N/A + :configjson: .MessageExportSettings.GlobalRelaySettings.SMTPServerTimeout + :environment: MM_MESSAGEEXPORTSETTINGS_GLOBALRELAYSETTINGS_SMTPSERVERTIMEOUT + :description: The number of seconds that can elapse before the connection attempt to the SMTP server is abandoned. Default is **1800** seconds. + +Global Relay SMTP server timeout +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------+ +| The number of seconds that can elapse before the connection | - System Config path: N/A | +| attempt to the SMTP server is abandoned. | - ``config.json`` setting: ``MessageExportSettings.GlobalRelaySettings.SMTPServerTimeout`` > ``1800`` | +| | - Environment variable: ``MM_MESSAGEEXPORTSETTINGS_GLOBALRELAYSETTINGS_SMTPSERVERTIMEOUT`` | +| Numeric value. Default is **1800** seconds. | | ++---------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------+ + .. config:setting:: message-export-batch-size :displayname: Message export batch size (Compliance Export) :systemconsole: N/A @@ -315,6 +334,49 @@ Determines how many new posts are batched together to a compliance export file. | This feature's ``config.json`` setting is ``"BatchSize": 10000`` with numerical input. | +---------------------------------------------------------------------------------------------+ +.. config:setting:: export-from-timestamp + :displayname: Export from timestamp (Compliance Export) + :systemconsole: N/A + :configjson: .MessageExportSettings.ExportFromTimestamp + :environment: MM_MESSAGEEXPORTSETTINGS_EXPORTFROMTIMESTAMP + :description: Set the Unix timestamp (seconds since epoch, UTC) to export data from. Default is **0**. + +Export from timestamp +~~~~~~~~~~~~~~~~~~~~~ + +.. include:: ../../_static/badges/ent-plus.rst + :start-after: :nosearch: + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+--------------------------------------------------------------------------------------------+ +| Set the Unix timestamp (seconds since epoch, UTC) to export | - System Config path: N/A | +| data from. | - ``config.json`` setting: ``MessageExportSettings.ExportFromTimestamp`` > ``0`` | +| | - Environment variable: ``MM_MESSAGEEXPORTSETTINGS_EXPORTFROMTIMESTAMP`` | +| Numeric value. Default is **0**. | | ++---------------------------------------------------------------+--------------------------------------------------------------------------------------------+ + +.. config:setting:: file-location + :displayname: File location (Compliance Export) + :systemconsole: N/A + :configjson: FileLocation + :environment: N/A + :description: Set the file location of the compliance exports. Default value is **export**. + +File location +~~~~~~~~~~~~~ + +.. include:: ../../_static/badges/ent-plus.rst + :start-after: :nosearch: + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Set the file location of the compliance exports. By default, they are written to the ``exports`` subdirectory of the configured :ref:`Local Storage directory `. + ++-------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | ++-------------------------------------------------------------------------------------------+ + Run compliance export job now ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/administration-guide/configure/deprecated-configuration-settings.rst b/source/administration-guide/configure/deprecated-configuration-settings.rst index 8c239c5f073..0e4a8111b77 100644 --- a/source/administration-guide/configure/deprecated-configuration-settings.rst +++ b/source/administration-guide/configure/deprecated-configuration-settings.rst @@ -32,30 +32,54 @@ Bleve settings *Bleve search has been deprecated from Mattermost v11.0. We recommend using Elasticsearch or OpenSearch for enterprise search capabilities.* +.. config:setting:: enable-bleve-indexing + :displayname: Enable Bleve indexing (Deprecated) + :systemconsole: N/A + :configjson: EnableIndexing + :environment: N/A + + - **true**: The indexing of new posts occurs automatically. + - **false**: **(Default)** The indexing of new posts does not occur automatically. + Enable Bleve indexing ~~~~~~~~~~~~~~~~~~~~~ -*Deprecated from Mattermost v11.0* +*Deprecated in Mattermost v11.0* This setting was available in the System Console by going to **Experimental > Bleve**, or by editing the ``config.json`` file. +Bleve search was deprecated in favor of database search and Elasticsearch. Use database search (default) or configure Elasticsearch for large deployments. + **True**: The indexing of new posts occurs automatically. **False**: The indexing of new posts does not occur automatically. +This setting is no longer functional. + +------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | +------------------------------------------------------------------------------------------------------------+ +.. config:setting:: index-directory + :displayname: Index directory (Deprecated) + :systemconsole: N/A + :configjson: IndexDir + :environment: N/A + :description: Directory path to use for storing bleve indexes. + Index directory ~~~~~~~~~~~~~~~ -*Deprecated from Mattermost v11.0* +*Deprecated in Mattermost v11.0* This setting was available in the System Console by going to **Experimental > Bleve**, or by editing the ``config.json`` file. +Bleve search was deprecated in favor of database search and Elasticsearch. Use database search (default) or configure Elasticsearch for large deployments. + Directory path to use for storing bleve indexes. +This setting is no longer functional. + +-----------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | +-----------------------------------------------------------------------------------------------------------+ @@ -71,41 +95,57 @@ Purge indexes Select **Purge Index** to remove the contents of the Bleve index directory. Search results may be incomplete until a bulk index of the existing database is rebuilt. .. config:setting:: enable-bleve-indexingsearch - :displayname: Enable Bleve for search queries (Experimental) - :systemconsole: Experimental > Bleve + :displayname: Enable Bleve for search queries (Deprecated) + :systemconsole: N/A :configjson: EnableSearching :environment: N/A - **true**: Search queries will use bleve search. - **false**: **(Default)** Search queries will not use bleve search. - Enable Bleve for search queries ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -*Deprecated from Mattermost v11.0* +*Deprecated in Mattermost v11.0* This setting was available in the System Console by going to **Experimental > Bleve**, or by editing the ``config.json`` file. +Bleve search was deprecated in favor of database search and Elasticsearch. Use database search (default) or configure Elasticsearch for large deployments. + **True**: Search queries will use bleve search. **False**: Search queries will not use bleve search. +This setting is no longer functional. + +--------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | +--------------------------------------------------------------------------------------------------------------+ +.. config:setting:: enable-bleve-indexingautocomplete + :displayname: Enable Bleve for autocomplete queries (Deprecated) + :systemconsole: N/A + :configjson: EnableAutocomplete + :environment: N/A + + - **true**: Autocomplete queries will use bleve search. + - **false**: **(Default)** Autocomplete queries will not use bleve search. + Enable Bleve for autocomplete queries ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -*Deprecated from Mattermost v11.0* +*Deprecated in Mattermost v11.0* This setting was available in the System Console by going to **Experimental > Bleve**, or by editing the ``config.json`` file. +Bleve search was deprecated in favor of database search and Elasticsearch. Use database search (default) or configure Elasticsearch for large deployments. + **True**: Autocomplete queries will use bleve search. **False**: Autocomplete queries will not use bleve search. +This setting is no longer functional. + +-----------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | +-----------------------------------------------------------------------------------------------------------------+ diff --git a/source/administration-guide/configure/environment-configuration-settings.rst b/source/administration-guide/configure/environment-configuration-settings.rst index 89fd4f5c35a..f188d2f73a7 100644 --- a/source/administration-guide/configure/environment-configuration-settings.rst +++ b/source/administration-guide/configure/environment-configuration-settings.rst @@ -649,6 +649,55 @@ Maximum payload size | Numerical value. Default is **300000** (300 kB). | | +-----------------------------------------------------------+--------------------------------------------------------------------------------------------+ +config.json-only settings +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following configuration settings are only accessible through ``config.json``. + +.. config:setting:: websocket-secure-port + :displayname: Websocket secure port (Web Server) + :systemconsole: N/A + :configjson: .ServiceSettings.WebsocketSecurePort + :environment: MM_SERVICESETTINGS_WEBSOCKETSECUREPORT + :description: This setting defines the port on which the secured WebSocket will listen using the wss protocol. Default is **443**. + +**Websocket secure port** + +This setting isn't available in the System Console and can only be set in ``config.json``. Changes to this setting require a server restart before taking effect. + ++---------------------------------------------------------------+--------------------------------------------------------------------------------------+ +| This setting defines the port on which the secured WebSocket | - System Config path: N/A | +| is listening using the ``wss`` protocol. | - ``config.json`` setting: ``ServiceSettings`` > ``WebsocketSecurePort`` > ``443`` | +| | - Environment variable: ``MM_SERVICESETTINGS_WEBSOCKETSECUREPORT`` | +| Numeric value. Default is **443**. | | ++---------------------------------------------------------------+--------------------------------------------------------------------------------------+ + +.. note:: + + This is a client-only override that doesn't affect the listening port of the server process, which is controlled by the :ref:`Web server listen address ` setting. It is highly recommended that production deployments only operate under HTTPS and WSS. + +.. config:setting:: websocket-port + :displayname: Websocket port (Web Server) + :systemconsole: N/A + :configjson: .ServiceSettings.WebsocketPort + :environment: MM_SERVICESETTINGS_WEBSOCKETPORT + :description: This setting defines the port on which the unsecured WebSocket will listen using the ws protocol. Default is **80**. + +**Websocket port** + +This setting isn't available in the System Console and can only be set in ``config.json``. Changes to this setting require a server restart before taking effect. + ++---------------------------------------------------------------+------------------------------------------------------------------------------+ +| This setting defines the port on which the unsecured | - System Config path: N/A | +| WebSocket is listening using the ``ws`` protocol. | - ``config.json`` setting: ``ServiceSettings`` > ``WebsocketPort`` > ``80`` | +| | - Environment variable: ``MM_SERVICESETTINGS_WEBSOCKETPORT`` | +| Numeric value. Default is **80**. | | ++---------------------------------------------------------------+------------------------------------------------------------------------------+ + +.. note:: + + This is a client-only override that doesn't affect the listening port of the server process, which is controlled by the :ref:`Web server listen address ` setting. It is highly recommended that production deployments only operate under HTTPS and WSS. + ---- Database @@ -1893,11 +1942,78 @@ Trace | template creation or search query that returns an error as part | | | of the error message. | | | - **all**: Creates the three traces (error, trace and info) | | -| for the driver and doesn’t print the queries because they | | +| for the driver and doesn't print the queries because they | | | will be part of the trace log level of the driver. | | | - **not specified**: **(Default)** No error trace is created. | | +---------------------------------------------------------------------+--------------------------------------------------------------------------+ +config.json-only settings +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following search configuration settings are only available by editing the ``config.json`` file. + +.. config:setting:: enable-post-search + :displayname: Enable post search (Enterprise Search) + :systemconsole: N/A + :configjson: EnablePostSearch + :environment: N/A + :description: If this setting is enabled, users can search messages. Default is **true**. + +Enable post search +~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +If this setting is enabled, users can search for messages in their Mattermost instance. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePostSearch": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------+ + +.. note:: + + Disabling this experimental configuration setting in larger deployments may improve server performance in the following areas: + + - Reduced Database Load: When post search is enabled, every search query adds additional load to the database. Disabling search reduces these queries, leading to better database performance and lower response times for other operations. + - Lower Memory Usage: Search functionality often requires indexing of posts, which consumes memory. By disabling search, the memory required for maintaining these indexes is freed up for other uses, improving overall system performance. + - Faster Write Operations: When post search is enabled, indexing has to be updated with every new post, edit, or deletion. Disabling search avoids this overhead, allowing for faster write operations. + - Performance Consistency: Without the search feature, the application avoids potential performance bottlenecks and can maintain more consistent performance levels, especially under heavy usage scenarios with a high number of posts. + - Simplified System Maintenance: Managing search indexes can be complex and resource-intensive. Disabling search simplifies this aspect of system maintenance, potentially reducing the risk of performance issues related to search index corruption or degradation. + - However, the ability to search messages in Mattermost is a critical feature for many users, and disabling this feature will result in users seeing an error if they attempt to use the Mattermost Search box. It's important to balance performance improvements with the needs of your organization and users. + +.. config:setting:: enable-file-search + :displayname: Enable file search (Enterprise Search) + :systemconsole: N/A + :configjson: EnableFileSearch + :environment: N/A + :description: This configuration setting enables users to search documents attached to messages by filename. Default is **true**. + +Enable file search +~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +.. important:: + + This experimental configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our :ref:`Enable Document Search by Content ` documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. + +**True**: Supported document types are searchable by their filename. + +**False**: File-based searches are disabled. + ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFileSearch": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------+ + +.. note:: + + Disabling this experimental configuration setting in larger deployments may improve server performance in the following areas: + + - Less Data to Index: Indexing files in addition to messages adds to the amount of data that needs to be processed and stored in the search index. + - Fewer Complex Queries: Searching through files can require more complex queries, which can be more resource-intensive and time-consuming as compared to searching through messages alone. + - Lower IO Operations: Searching files can generate more input/output operations, impacting the overall disk performance, especially if the system handles a large volume of file uploads and searches. + - However, the ability to search for files in Mattermost is a critical feature for many users, and disabling this feature will result in users seeing an error if they attempt to use the Mattermost Search box. It's important to balance performance improvements with the needs of your organization and users. + ---- File storage @@ -2398,6 +2514,51 @@ Initial font | **nunito-bold.ttf**. | | +---------------------------------------------------------------+-----------------------------------------------------------------------------------------+ +.. config:setting:: maximum-image-resolution + :displayname: Maximum image resolution (File Storage) + :systemconsole: N/A + :configjson: .FileSettings.MaxImageResolution + :environment: MM_FILESETTINGS_MAXIMAGERESOLUTION + :description: Maximum image resolution size for message attachments in pixels. Default value is **33177600** pixels. + +Maximum image resolution +~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+---------------------------------------------------------------------------------------------+ +| Maximum image resolution size for message attachments | - System Config path: N/A | +| in pixels. | - ``config.json`` setting: ``FileSettings`` > ``MaxImageResolution`` > ``33177600`` | +| | - Environment variable: ``MM_FILESETTINGS_MAXIMAGERESOLUTION`` | +| Numeric value. Default is 33177600 pixels. | | ++---------------------------------------------------------------+---------------------------------------------------------------------------------------------+ + +.. config:setting:: maximum-image-decoder-concurrency + :displayname: Maximum image decoder concurrency (File Storage) + :systemconsole: N/A + :configjson: .FileSettings.MaxImageDecoderConcurrency + :environment: MM_FILESETTINGS_MAXIMAGEDECODERCONCURRENCY + :description: Indicates how many images can be decoded concurrently at once. The default value of **-1** configures Mattermost to automatically use the number of CPUs present. + +Maximum image decoder concurrency +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| Indicates how many images can be decoded concurrently | - System Config path: N/A | +| at once. The default value of ``-1`` configures Mattermost | - ``config.json`` setting: ``FileSettings`` > ``MaxImageDecoderConcurrency`` > ``-1`` | +| to automatically use the number of CPUs present. | - Environment variable: ``MM_FILESETTINGS_MAXIMAGEDECODERCONCURRENCY`` | +| | | +| Numeric value. Default is -1. | | ++---------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + +.. note:: + + - This configuration setting affects the total memory consumption of the server. The maximum memory of a single image is dictated by ``MaxImageResolution * 24 bytes``, where the default maximum image resolution value is 33MB. + - Therefore, a good rule of thumb to follow is that ``33MB * MaxImageDecoderConcurrency * 24`` should be less than the total memory for the server. + - For example, if you have a 4-core server, you should leave aside at least ``33 * 4 * 24 = 3168MB`` memory for image processing. Otherwise, adjust the `MaxImageResolution <#maximum-image-resolution>`_ configuration setting to adjust the amount of memory needed for image processing. + ---- Image proxy @@ -4073,6 +4234,97 @@ Enable notification monitoring See the :ref:`performance monitoring ` documentation to learn more about Mattermost Notification Health metrics. +config.json-only settings +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following configuration settings are only accessible through ``config.json``. + +.. config:setting:: run-jobs + :displayname: Run jobs (Performance Monitoring) + :systemconsole: N/A + :configjson: .JobSettings.RunJobs + :environment: MM_JOBSETTINGS_RUNJOBS + :description: Set whether this Mattermost server will handle tasks created by the scheduler. Default is **true**. + +**Run jobs** + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+------------------------------------------------------------------------+ +| Set whether this Mattermost server will handle tasks created | - System Config path: N/A | +| by the scheduler. When running Mattermost on a single | - ``config.json`` setting: ``JobSettings`` > ``RunJobs`` > ``true`` | +| machine, this setting should always be enabled. | - Environment variable: ``MM_JOBSETTINGS_RUNJOBS`` | +| | | +| - **true**: **(Default)** Server handles scheduled tasks. | | +| - **false**: Server doesn't handle scheduled tasks. | | ++---------------------------------------------------------------+------------------------------------------------------------------------+ + +When running Mattermost in :doc:`High Availability mode `, one or more servers should have this setting enabled. We recommend that your High Availability cluster-based deployment has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. + +.. config:setting:: run-scheduler + :displayname: Run scheduler (Performance Monitoring) + :systemconsole: N/A + :configjson: .JobSettings.RunScheduler + :environment: MM_JOBSETTINGS_RUNSCHEDULER + :description: Set whether this Mattermost server will schedule tasks to be completed by a Worker. Default is **true**. + +**Run scheduler** + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+----------------------------------------------------------------------------+ +| Set whether this Mattermost server will schedule tasks to be | - System Config path: N/A | +| completed by a Worker. When running Mattermost on a single | - ``config.json`` setting: ``JobSettings`` > ``RunScheduler`` > ``true`` | +| machine, this setting should always be enabled. | - Environment variable: ``MM_JOBSETTINGS_RUNSCHEDULER`` | +| | | +| - **true**: **(Default)** Server schedules tasks. | | +| - **false**: Server doesn't schedule tasks. | | ++---------------------------------------------------------------+----------------------------------------------------------------------------+ + +When running Mattermost in :doc:`High Availability mode `, this setting should always be enabled. In a High Availability cluster-based deployment, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. + +.. warning:: + + We strongly recommend that you not change this setting from the default setting of ``true`` as this prevents the ``ClusterLeader`` from being able to run the scheduler. As a result, recurring jobs such as LDAP sync, Compliance Export, and data retention will no longer be scheduled. + +.. config:setting:: clean-up-old-database-jobs + :displayname: Clean up old database jobs (Performance Monitoring) + :systemconsole: N/A + :configjson: .JobSettings.CleanupJobsThresholdDays + :environment: MM_JOBSETTINGS_CLEANUPJOBSTHRESHOLDDAYS + :description: Defines the threshold in days beyond which older completed database jobs are removed. Must be set to a value greater than or equal to 0 to be enabled. Default is **-1** (disabled). + +**Clean up old database jobs** + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-----------------------------------------------------------------------------------------+ +| Defines the threshold in days beyond which older completed | - System Config path: N/A | +| database jobs are removed. This setting is disabled by | - ``config.json`` setting: ``JobSettings`` > ``CleanupJobsThresholdDays`` > ``-1`` | +| default, and must be set to a value greater than or equal | - Environment variable: ``MM_JOBSETTINGS_CLEANUPJOBSTHRESHOLDDAYS`` | +| to 0 to be enabled. | | +| | | +| Numeric value. Default is **-1** (disabled). | | ++---------------------------------------------------------------+-----------------------------------------------------------------------------------------+ + +.. config:setting:: clean-up-outdated-database-entries + :displayname: Clean up outdated database entries (Performance Monitoring) + :systemconsole: N/A + :configjson: .JobSettings.CleanupConfigThresholdDays + :environment: MM_JOBSETTINGS_CLEANUPCONFIGTHRESHOLDDAYS + :description: Defines the threshold in days beyond which outdated configurations are removed from the database. Default is **30** days. + +**Clean up outdated database entries** + +This setting only applies to configuration in the database. It isn't available in the System Console and can be set via mmctl or changed in the database. + ++---------------------------------------------------------------+-------------------------------------------------------------------------------------------+ +| Defines the threshold in days beyond which outdated | - System Config path: N/A | +| configurations are removed from the database. | - ``config.json`` setting: ``JobSettings`` > ``CleanupConfigThresholdDays`` > ``30`` | +| | - Environment variable: ``MM_JOBSETTINGS_CLEANUPCONFIGTHRESHOLDDAYS`` | +| Numeric value. Default is **30** days. | | ++---------------------------------------------------------------+-------------------------------------------------------------------------------------------+ + ---- Developer @@ -4196,7 +4448,84 @@ Some examples of when you may want to modify this setting include: - Use whitespaces instead of commas to list the hostnames, IP addresses, or CIDR ranges. For example: ``webhooks.internal.example.com``, ``127.0.0.1``, or ``10.0.16.0/28``. - IP address and domain name rules are applied before host resolution. - CIDR rules are applied after host resolution, and only CIDR rules require DNS resolution. - - Mattermost attempts to match IP addresses and hostnames without even resolving. If that fails, Mattermost resolve using the local resolver (by reading the ``/etc/hosts`` file first), then checking for matching CIDR rules. For example, if the domain “webhooks.internal.example.com” resolves to the IP address ``10.0.16.20``, a webhook with the URL ``https://webhooks.internal.example.com/webhook`` can be whitelisted using ``webhooks.internal.example.com``, or ``10.0.16.16/28``, but not ``10.0.16.20``. + - Mattermost attempts to match IP addresses and hostnames without even resolving. If that fails, Mattermost resolve using the local resolver (by reading the ``/etc/hosts`` file first), then checking for matching CIDR rules. For example, if the domain "webhooks.internal.example.com" resolves to the IP address ``10.0.16.20``, a webhook with the URL ``https://webhooks.internal.example.com/webhook`` can be whitelisted using ``webhooks.internal.example.com``, or ``10.0.16.16/28``, but not ``10.0.16.20``. + +config.json-only settings +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following configuration settings are only accessible through ``config.json``. + +.. config:setting:: enable-local-mode-for-mmctl + :displayname: Enable local mode for mmctl (Developer) + :systemconsole: N/A + :configjson: .ServiceSettings.EnableLocalMode + :environment: MM_SERVICESETTINGS_ENABLELOCALMODE + :description: Enable or disable local mode for mmctl. Default is **false**. + + - **true**: Enables local mode for mmctl. + - **false**: **(Default)** Prevents local mode for mmctl. + +**Enable local mode for mmctl** + +This self-hosted deployment setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ +| Enable or disable local mode for mmctl. | - System Config path: N/A | +| | - ``config.json`` setting: ``ServiceSettings`` > ``EnableLocalMode`` > ``false`` | +| - **true**: Enables local mode for mmctl. | - Environment variable: ``MM_SERVICESETTINGS_ENABLELOCALMODE`` | +| - **false**: **(Default)** Prevents local mode for mmctl. | | ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ + +.. tip:: + + When trying to use local mode with mmctl, ensure you're using the same user when running the server and mmctl, or clean up the socket file before switching to a new user. + +.. config:setting:: enable-local-mode-socket-location + :displayname: Enable local mode socket location (Developer) + :systemconsole: N/A + :configjson: .ServiceSettings.LocalModeSocketLocation + :environment: MM_SERVICESETTINGS_LOCALMODESOCKETLOCATION + :description: The path for the socket that the server will create for mmctl to connect and communicate through local mode. Default value is **/var/tmp/mattermost_local.socket**. + +**Enable local mode socket location** + +This self-hosted deployment setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+---------------------------------------------------------------------------------------------+ +| The path for the socket that the server will create for | - System Config path: N/A | +| mmctl to connect and communicate through local mode. | - ``config.json`` setting: ``ServiceSettings`` > ``LocalModeSocketLocation`` | +| | - Environment variable: ``MM_SERVICESETTINGS_LOCALMODESOCKETLOCATION`` | +| String input. Default is **/var/tmp/mattermost_local.socket** | | ++---------------------------------------------------------------+---------------------------------------------------------------------------------------------+ + +If the default value for this key is changed, you will need to point mmctl to the new socket path when in local mode, using the ``--local-socket-path /new/path/to/socket`` flag in addition to the ``--local`` flag. + +.. config:setting:: developer-flags + :displayname: Developer flags (Developer) + :systemconsole: N/A + :configjson: DeveloperFlags + :environment: N/A + :description: This configuration setting specifies a list of strings where each string is a flag used to set the content security policy (CSP) for the Mattermost Web App. + +Developer flags +~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +This configuration setting specifies a list of strings where each string is a flag used to set the content security policy (CSP) for the Mattermost Web App. Each flag must be in the format ``flag=true`` (e.g. ``unsafe-eval=true,unsafe-inline=true``). Not recommended for production environments. + +The following values are currently supported: + +- ``unsafe-eval``: Adds the ``unsafe-eval`` CSP directive to the root webapp, allowing increased debugging in developer environments. +- ``unsafe-inline``: Adds the ``unsafe-inline`` CSP directive to the root webapp, allowing increased debugging in developer environments. + +This configuration setting is disabled by default and requires :ref:`developer mode ` to be enabled. + ++----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DeveloperFlags": ""`` with string input. | ++----------------------------------------------------------------------------------------+ + +---- Mobile security --------------- @@ -4652,6 +4981,84 @@ Enable webhub channel iteration | Disabled by default. | | +------------------------------------------------------+--------------------------------------------------------------------------------------------------+ +.. config:setting:: import-input-directory + :displayname: Import input directory + :systemconsole: N/A + :configjson: .ImportSettings.Directory + :environment: MM_IMPORTSETTINGS_DIRECTORY + :description: The directory where the imported files are stored. The path is relative to the FileSettings directory. Default value is **./import**. + +Import input directory +~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+------------------------------------------------------------------------------------+ +| The directory where the imported files are stored. | - System Config path: N/A | +| The path is relative to the ``FileSettings`` directory. | - ``config.json`` setting: ``ImportSettings`` > ``Directory`` > ``"./import"`` | +| | - Environment variable: ``MM_IMPORTSETTINGS_DIRECTORY`` | +| String input. Default is **./import**. | | +| By default, imports are stored under ``./data/import``. | | ++---------------------------------------------------------------+------------------------------------------------------------------------------------+ + +.. config:setting:: import-retention-days + :displayname: Import retention days + :systemconsole: N/A + :configjson: .ImportSettings.RetentionDays + :environment: MM_IMPORTSETTINGS_RETENTIONDAYS + :description: The number of days to retain the imported files before deleting them. Default is **30** days. + +Import retention days +~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ +| The number of days to retain the imported files before | - System Config path: N/A | +| deleting them. | - ``config.json`` setting: ``ImportSettings`` > ``RetentionDays`` > ``30`` | +| | - Environment variable: ``MM_IMPORTSETTINGS_RETENTIONDAYS`` | +| Numeric value. Default is **30** days. | | ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ + +.. config:setting:: export-output-directory + :displayname: Export output directory + :systemconsole: N/A + :configjson: .ExportSettings.Directory + :environment: MM_EXPORTSETTINGS_DIRECTORY + :description: The directory where the exported files are stored. The path is relative to the FileSettings directory. Default value is **./export**. + +Export output directory +~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+------------------------------------------------------------------------------------+ +| The directory where the exported files are stored. | - System Config path: N/A | +| The path is relative to the ``FileSettings`` directory. | - ``config.json`` setting: ``ExportSettings`` > ``Directory`` > ``"./export"`` | +| | - Environment variable: ``MM_EXPORTSETTINGS_DIRECTORY`` | +| String input. Default is **./export**. | | +| By default, exports are stored under ``./data/export``. | | ++---------------------------------------------------------------+------------------------------------------------------------------------------------+ + +.. config:setting:: export-retention-days + :displayname: Export retention days + :systemconsole: N/A + :configjson: .ExportSettings.RetentionDays + :environment: MM_EXPORTSETTINGS_RETENTIONDAYS + :description: The number of days to retain the exported files before deleting them. Default value is **30** days. + +Export retention days +~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ +| The number of days to retain the exported files before | - System Config path: N/A | +| deleting them. | - ``config.json`` setting: ``ExportSettings`` > ``RetentionDays`` > ``30`` | +| | - Environment variable: ``MM_EXPORTSETTINGS_RETENTIONDAYS`` | +| Numeric value. Default is **30** days. | | ++---------------------------------------------------------------+-----------------------------------------------------------------------------------+ + .. config:setting:: enable-dedicated-export-filestore-target :displayname: Enable dedicated export filestore target :systemconsole: N/A diff --git a/source/administration-guide/configure/experimental-configuration-settings.rst b/source/administration-guide/configure/experimental-configuration-settings.rst index 6dffca1b7de..d8bbefc9cae 100644 --- a/source/administration-guide/configure/experimental-configuration-settings.rst +++ b/source/administration-guide/configure/experimental-configuration-settings.rst @@ -4,12 +4,11 @@ Experimental configuration settings .. include:: ../../_static/badges/all-commercial.rst :start-after: :nosearch: -Review and manage the following :ref:`experimental ` configuration options in the System Console by selecting the **Product** |product-list| menu, selecting **System Console**, and then selecting **Experimental > Features**: +This document contains approximately 45 experimental configuration settings organized into three categories. Most settings can be managed through the System Console by selecting the **Product** |product-list| menu, selecting **System Console**, and then selecting **Experimental > Features**. -- `Experimental System Console configuration settings <#experimental-system-console-configuration-settings>`__ -- `Experimental audit logging configuration settings <#experimental-audit-logging-configuration-settings>`__ -- `Experimental job configuration settings <#experimental-job-configuration-settings>`__ -- `Experimental configuration settings for self-hosted deployments only <#experimental-configuration-settings-for-self-hosted-deployments-only>`__ +- `Experimental System Console configuration settings <#experimental-system-console-configuration-settings>`__ - Settings with System Console UI access +- `Experimental audit logging configuration settings <#experimental-audit-logging-configuration-settings>`__ - Audit logging configuration options +- `Experimental config.json-only configuration settings <#experimental-config-json-only-configuration-settings>`__ - Settings only accessible via config.json file .. tip:: @@ -625,108 +624,31 @@ This setting resolves issues where YouTube video previews display as unavailable | This feature's ``config.json`` setting is ``"ExperimentalSettings.YoutubeReferrerPolicy": false`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------------------------------------+ ----- - -Experimental Bleve configuration settings ------------------------------------------ - -.. include:: ../../_static/badges/all-commercial.rst - :start-after: :nosearch: - -.. important:: - **From Mattermost v11, Bleve search has been deprecated.** These configuration settings are only available for Mattermost versions prior to v11.0. For v11.0 and later, :doc:`Elasticsearch ` or :doc:`OpenSearch ` for :doc:`enterprise search ` capabilities. - -Access the following configuration settings in the System Console by going to **Experimental > Bleve**, or by editing the ``config.json`` file as described in the following tables: - -.. config:setting:: enable-bleve-indexing - :displayname: Enable Bleve indexing (Experimental) - :systemconsole: Experimental > Bleve - :configjson: EnableIndexing - :environment: N/A - - - **true**: The indexing of new posts occurs automatically. - - **false**: **(Default)** The indexing of new posts does not occur automatically. - -Enable Bleve indexing -~~~~~~~~~~~~~~~~~~~~~ - -**True**: The indexing of new posts occurs automatically. Search queries will not use bleve search until :ref:`Enable Bleve for search queries ` is enabled. - -**False**: The indexing of new posts does not occur automatically. - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: index-directory - :displayname: Index directory (Experimental) - :systemconsole: Experimental > Bleve - :configjson: IndexDir - :environment: N/A - :description: Directory path to use for storing bleve indexes. - -Index directory +Disable app bar ~~~~~~~~~~~~~~~ -Directory path to use for storing bleve indexes. - -.. tip:: - - The bleve index directory path isn't required to exist within the ``mattermost`` directory. When it exists outside of the ``mattermost`` directory, no additional steps are needed to preserve or reindex these files as part of a Mattermost upgrade. See our :doc:`Upgrading Mattermost Server ` documentation for details. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IndexDir": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------+ +This setting disables the app bar (channel header) in the Mattermost web and desktop app. -Bulk index now -~~~~~~~~~~~~~~ +**True**: The app bar is hidden, providing a more streamlined interface with additional screen space for messages. -Select **Index Now** to index all users, channels, and posts in the database from oldest to newest. Bleve is available during indexing, but search results may be incomplete until the indexing job is complete. - -Purge indexes -~~~~~~~~~~~~~ - -Select **Purge Index** to remove the contents of the Bleve index directory. Search results may be incomplete until a bulk index of the existing database is rebuilt. - -.. config:setting:: enable-bleve-indexingsearch - :displayname: Enable Bleve for search queries (Experimental) - :systemconsole: Experimental > Bleve - :configjson: EnableSearching - :environment: N/A +**False**: (Default) The app bar is displayed at the top of the channel, showing channel information, favorite status, and action buttons. - - **true**: Search queries will use bleve search. - - **false**: **(Default)** Search queries will not use bleve search. - -Enable Bleve for search queries -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**True**: Search queries will use bleve search. - -**False**: Search queries will not use bleve search. - -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: enable-bleve-indexingautocomplete - :displayname: Enable Bleve for autocomplete queries (Experimental) - :systemconsole: Experimental > Bleve - :configjson: EnableAutocomplete - :environment: N/A ++-------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalSettings.DisableAppBar": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------+ - - **true**: Autocomplete queries will use bleve search. - - **false**: **(Default)** Autocomplete queries will not use bleve search. +View archived channels +~~~~~~~~~~~~~~~~~~~~~~ -Enable Bleve for autocomplete queries -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +This setting controls the default behavior for viewing archived channels. -**True**: Autocomplete queries will use bleve search. +**default_on**: Users can view archived channels by default. Users can change this in **Settings > Advanced > View Archived Channels**. -**False**: Autocomplete queries will not use bleve search. +**default_off**: (Default) Users cannot view archived channels by default. Users can enable this in **Settings > Advanced > View Archived Channels**. -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------+ ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalSettings.ExperimentalViewArchivedChannels": "default_off"`` with options ``"default_on"`` and ``"default_off"``. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ---- @@ -906,17 +828,17 @@ Cloud Enterprise customers can upload and manage a certificate for audit logging Upload the certificate PEM file in the System Console by going to **System Console > Audit Log Settings > Certificate** and selecting **File/Remove Certificate**. The certificate file can be stored in the filestore or stored locally on the filesystem. -.. config:setting:: advanced-logging +.. config:setting:: advanced-logging-selfhosted :displayname: Advanced Logging (Audit Logging > Self-Hosted) :systemconsole: Experimental > Features :configjson: AdvancedLoggingJSON :environment: N/A :description: Output log and audit records to any combination of console, local file, syslog, and TCP socket targets for a Mattermost self-hosted deployment. -Experimental configuration settings for self-hosted deployments only --------------------------------------------------------------------- +Experimental config.json-only configuration settings +---------------------------------------------------- -Access the following self-hosted configuration settings by editing the ``config.json`` file as described in the following tables. These configuration settings are not accessible through the System Console. +Access the following configuration settings by editing the ``config.json`` file as described in the following tables. These configuration settings are not accessible through the System Console. .. tip:: @@ -925,87 +847,6 @@ Access the following self-hosted configuration settings by editing the ``config. - If using a tool such as `jq `__, you'd enter: ``cat config/config.json | jq '.ServiceSettings.SiteURL'`` - When working with the ``config.json`` file manually, look for the key ``ServiceSettings``, then within that object, find the key ``SiteURL``. -.. config:setting:: allowed-themes - :displayname: Allowed themes (Experimental) - :systemconsole: N/A - :configjson: AllowedThemes - :environment: N/A - :description: Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. - -Allowed themes -~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowedThemes": []`` with string array input consisting of the options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``, such as ``["mattermostDark", "windows10"]``. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: file-location - :displayname: File location (Experimental) - :systemconsole: N/A - :configjson: FileLocation - :environment: N/A - :description: Set the file location of the compliance exports. Default value is **export**. - -File Location -~~~~~~~~~~~~~ - -.. include:: ../../_static/badges/ent-plus.rst - :start-after: :nosearch: - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Set the file location of the compliance exports. By default, they are written to the ``exports`` subdirectory of the configured :ref:`Local Storage directory `. - -+-------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | -+-------------------------------------------------------------------------------------------+ - -.. config:setting:: push-notification-buffer - :displayname: Push notification buffer (Experimental) - :systemconsole: N/A - :configjson: PushNotificationBuffer - :environment: N/A - :description: Used to control the buffer of outstanding Push Notification messages to be sent. Default is **1000** notifications. - -Push notification buffer -~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Used to control the buffer of outstanding Push Notification messages to be sent. If the number of messages exceeds that number, then the request making the Push Notification will be blocked until there's room. - -+---------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"PushNotificationBuffer": 1000"`` with numerical input. | -+---------------------------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: restrict-system-admin - :displayname: File configuration settings - :systemconsole: N/A - :configjson: FileEnabled - :environment: N/A - :description: Enable this setting to write audit files locally, specifying size, backup interval, compression, maximum age to manage file rotation, and timestamps. Default value is **false**. - -Restrict system admin -~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -**True**: **(Default for Cloud deployments)** Restricts the system admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the system admin role to users but restricting certain actions only for Cloud Admins. - -**False**: **(Default for self-host deployments)** No restrictions are applied to the system admin role. - -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictSystemAdmin": "false"`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------+ - -.. note:: - - The ability to restrict the system admin from viewing and modifying a subset of server configuration settings is currently in :ref:`Beta `. - .. config:setting:: enable-client-side-certification :displayname: Enable client-side certification (Experimental) @@ -1063,414 +904,8 @@ This configuration setting is used in combination with the ``ClientSideCertEnabl | This feature's ``config.json`` setting is ``"ClientSideCertCheck": "secondary"`` with options ``"primary"`` and ``"secondary"``. | +----------------------------------------------------------------------------------------------------------------------------------+ -.. config:setting:: export-output-directory - :displayname: Export output directory (Experimental) - :systemconsole: N/A - :configjson: .ExportSettings.Directory - :environment: N/A - :description: The directory where the exported files are stored. The path is relative to the ``FileSettings`` directory. Default value is **./export**. - -Export output directory -~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The directory where the exported files are stored. The path is relative to the ``FileSettings`` directory. By default, exports are stored under ``./data/export``. - -+---------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``Directory: ./export`` with string input. | -+---------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: export-retention-days - :displayname: Export retention days (Experimental) - :systemconsole: N/A - :configjson: .ExportSettings.RetentionDays - :environment: N/A - :description: The number of days to retain the exported files before deleting them. Default value is **30** days. - -Export retention days -~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The number of days to retain the exported files before deleting them. - -+----------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ExportSettings`` section is ``RetentionDays: 30`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: maximum-image-resolution - :displayname: Maximum image resolution (Experimental) - :systemconsole: N/A - :configjson: MaxImageResolution - :environment: N/A - :description: Maximum image resolution size for message attachments in pixels. Default value is **33177600** pixels. - -Maximum image resolution -~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Maximum image resolution size for message attachments in pixels. - -+--------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxImageResolution": 33177600`` with numerical input. | -+--------------------------------------------------------------------------------------------------------+ - -.. config:setting:: maximum-image-decoder-concurrency - :displayname: Maximum image decoder concurrency (Experimental) - :systemconsole: N/A - :configjson: MaxImageDecoderConcurrency - :environment: N/A - :description: Indicates how many images can be decoded concurrently at once. The default value of **-1** configures Mattermost to automatically use the number of CPUs present. - -Maximum image decoder concurrency -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Indicates how many images can be decoded concurrently at once. The default value of ``-1`` configures Mattermost to automatically use the number of CPUs present. - -.. note:: - - - This configuration setting affects the total memory consumption of the server. The maximum memory of a single image is dictated by ``MaxImageResolution * 24 bytes``, where the default maximum image resolution value is 33MB. - - Therefore, a good rule of thumb to follow is that ``33MB * MaxImageDecoderConcurrency * 24`` should be less than the total memory for the server. - - For example, if you have a 4-core server, you should leave aside at least ``33 * 4 * 24 = 3168MB`` memory for image processing. Otherwise, adjust the `MaxImageResolution <#maximum-image-resolution>`_ configuration setting to adjust the amount of memory needed for image processing. - -+--------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxImageDecoderConcurrency": "-1"`` with numerical input. | -+--------------------------------------------------------------------------------------------------------+ - -.. config:setting:: initial-font - :displayname: Initial font (Experimental) - :systemconsole: N/A - :configjson: InitialFont - :environment: N/A - :description: Font used in auto-generated profile pics with colored backgrounds. Default value is **luximbi.ttf**. - -Initial font -~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Font used in auto-generated profile pics with colored backgrounds. - -+-----------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"InitialFont": "luximbi.ttf"`` with string input. | -+-----------------------------------------------------------------------------------------------+ - -.. config:setting:: amazon-s3-signature-v2 - :displayname: Amazon S3 signature v2 (Experimental) - :systemconsole: N/A - :configjson: AmazonS3SignV2 - :environment: N/A - - - **true**: Use Signature Version 2 Signing Process. - - **false**: **(Default)** Use Signature Version 4 Signing Process. - -Amazon S3 signature v2 -~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -By default, Mattermost uses Signature V4 to sign API calls to AWS, but under some circumstances, V2 is required. For more information about when to use V2, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html. - -**True**: Use Signature Version 2 Signing Process. - -**False**: Use Signature Version 4 Signing Process. - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3SignV2": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: amazon-s3-path - :displayname: Amazon S3 path (Experimental) - :systemconsole: N/A - :configjson: AmazonS3PathPrefix - :environment: N/A - :description: Allows using the same S3 bucket for multiple deployments. - -Amazon S3 path -~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Allows using the same S3 bucket for multiple deployments. - -+------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"AmazonS3PathPrefix: ""`` with string input. | -+------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: gitlab-scope - :displayname: GitLab scope (Experimental) - :systemconsole: N/A - :configjson: Scope - :environment: N/A - :description: Standard setting for OAuth to determine the scope of information shared with OAuth client. Not currently supported by GitLab OAuth. - -GitLab scope -~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Not currently supported by GitLab OAuth. - -+------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": ""`` with string input. | -+------------------------------------------------------------------------------+ - -.. config:setting:: global-relay-smtp-server-timeout - :displayname: Global relay SMTP server timeout (Experimental) - :systemconsole: N/A - :configjson: GlobalRelaySettings.SMTPServerTimeout - :environment: N/A - :description: The number of seconds that can elapse before the connection attempt to the SMTP server is abandoned. Default is **1800** seconds. - -Global relay SMTP server timeout -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: ../../_static/badges/ent-plus.rst - :start-after: :nosearch: - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The number of seconds that can elapse before the connection attempt to the SMTP server is abandoned. The default value is 1800 seconds. This setting is currently not available in the System Console and can only be set in ``config.json``. - -+-----------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GlobalRelaySettings.SMTPServerTimeout": "1800"`` with numerical input. | -+-----------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: google-scope - :displayname: Google scope (Experimental) - :systemconsole: N/A - :configjson: Scope - :environment: N/A - :description: Standard setting for OAuth to determine the scope of information shared with OAuth client. Default value is **profile email**. - -Google scope -~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``profile email``. - -+-------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": "profile email"`` with string input. | -+-------------------------------------------------------------------------------------------+ - -.. config:setting:: import-input-directory - :displayname: Import input directory (Experimental) - :systemconsole: N/A - :configjson: ImportSettings.Directory - :environment: N/A - :description: The directory where the imported files are stored. The path is relative to the ``FileSettings`` directory. Default value is **./import**. - -Import input directory -~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The directory where the imported files are stored. The path is relative to the ``FileSettings`` directory. By default, imports are stored under ``./data/import``. - -+---------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``Directory: ./import`` with string input. | -+---------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: import-retention-days - :displayname: Import retention days (Experimental) - :systemconsole: N/A - :configjson: ImportSettings.RetentionDays - :environment: N/A - :description: The number of days to retain the imported files before deleting them. Default is **30** days. - -Import retention days -~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The number of days to retain the imported files before deleting them. - -+----------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting under the ``ImportSettings`` section is ``RetentionDays: 30`` with numerical input. | -+----------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: export-from-timestamp - :displayname: Export from timestamp (Experimental) - :systemconsole: N/A - :configjson: ExportFromTimestamp - :environment: N/A - :description: Set the Unix timestamp (seconds since epoch, UTC) to export data from. Default is **0**. - -Export from timestamp -~~~~~~~~~~~~~~~~~~~~~ - -.. include:: ../../_static/badges/ent-plus.rst - :start-after: :nosearch: - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Set the Unix timestamp (seconds since epoch, UTC) to export data from. - -+----------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExportFromTimestamp": 0`` with numerical input. | -+----------------------------------------------------------------------------------------------+ - - -.. config:setting:: entra-id-scope - :displayname: Entra ID scope (Experimental) - :systemconsole: N/A - :configjson: Scope - :environment: N/A - :description: Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``User.Read``. - -Entra ID Scope -~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Standard setting for OAuth to determine the scope of information shared with OAuth client. Recommended setting is ``User.Read``. - -+---------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Scope": "User.Read"`` with string input. | -+---------------------------------------------------------------------------------------+ - -.. config:setting:: enable-plugin-uploads - :displayname: Enable plugin uploads (Experimental) - :systemconsole: N/A - :configjson: EnableUploads - :environment: N/A - - - **true**: Enables plugin uploads by system admins at **Plugins > Management**. - - **false**: **(Default)** Disables plugin uploads on your Mattermost server. - -Enable plugin uploads -~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -**True**: Enables plugin uploads by system admins at **Plugins > Management**. If you do not plan to upload a plugin, set to ``false`` to control which plugins are installed on your server. See `documentation `__ to learn more. - -**False**: Disables plugin uploads on your Mattermost server. - -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUploads": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------+ - -.. config:setting:: allow-insecure-download-url - :displayname: Allow insecure download URL (Experimental) - :systemconsole: N/A - :configjson: AllowInsecureDownloadUrl - :environment: N/A - - - **true**: Enables downloading and installing a plugin from a remote URL. - - **false**: **(Default)** Disables downloading and installing a plugin from a remote URL. - -Allow insecure download URL -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -**True**: Enables downloading and installing a plugin from a remote URL. - -**False**: Disables downloading and installing a plugin from a remote URL. - -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowInsecureDownloadUrl": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: enable-plugin-health-check - :displayname: Enable plugin health check (Experimental) - :systemconsole: N/A - :configjson: EnableHealthCheck - :environment: N/A - - - **true**: **(Default)** Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. - - **false**: Disables plugin health check on your Mattermost server. - -Enable plugin health check -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -**True**: Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. The health check runs every 30 seconds. If the plugin is detected to fail 3 times within an hour, the Mattermost server attempts to restart it. If the restart fails 3 successive times, it's automatically disabled. - -**False**: Disables plugin health check on your Mattermost server. - -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableHealthCheck": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: plugin-directory - :displayname: Plugin directory (Experimental) - :systemconsole: N/A - :configjson: Directory - :environment: N/A - :description: The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. Default value is **./plugins**. - -Plugin directory -~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: client-plugin-directory - :displayname: Client plugin directory (Experimental) - :systemconsole: N/A - :configjson: ClientDirectory - :environment: N/A - :description: The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. Default value is **./client/plugins**. - -Client plugin directory -~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClientDirectory": "./client/plugins"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: scoping-idp-provider-id - :displayname: Scoping IDP provider ID (Experimental) - :systemconsole: N/A - :configjson: ScopingIDPProviderId - :environment: N/A - :description: Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. - -Scoping IDP provider ID -~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. - -+---------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | -+---------------------------------------------------------------------------------------------+ - -.. config:setting:: scoping-idp-provider-name - :displayname: Scoping IDP provider name (Experimental) - :systemconsole: N/A - :configjson: ScopingIDPName - :environment: N/A - :description: Adds the name associated with a user's Scoping Identity Provider ID. - -Scoping IDP provider name -~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. -Adds the name associated with a user's Scoping Identity Provider ID. -+---------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | -+---------------------------------------------------------------------------------------+ .. config:setting:: group-unread-channels :displayname: Group unread channels (Experimental) @@ -1542,200 +977,6 @@ This setting isn't available in the System Console and can only be set in ``conf | This feature's ``config.json`` setting is ``"ExperimentalStrictCSRFEnforcement": false`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------------------------+ -.. config:setting:: developer-flags - :displayname: Developer flags (Experimental) - :systemconsole: N/A - :configjson: DeveloperFlags - :environment: N/A - :description: This configuration setting specifies a list of strings where each string is a flag used to set the content security policy (CSP) for the Mattermost Web App. - -Developer flags -~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -This configuration setting specifies a list of strings where each string is a flag used to set the content security policy (CSP) for the Mattermost Web App. Each flag must be in the format ``flag=true`` (e.g. ``unsafe-eval=true,unsafe-inline=true``). Not recommended for production environments. - -The following values are currently supported: - -- ``unsafe-eval``: Adds the ``unsafe-eval`` CSP directive to the root webapp, allowing increased debugging in developer environments. -- ``unsafe-inline``: Adds the ``unsafe-inline`` CSP directive to the root webapp, allowing increased debugging in developer environments. - -This configuration setting is disabled by default and requires :ref:`developer mode ` to be enabled. - -+----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DeveloperFlags": ""`` with string input. | -+----------------------------------------------------------------------------------------+ - -.. config:setting:: enable-post-search - :displayname: Enable post search (Experimental) - :systemconsole: N/A - :configjson: EnablePostSearch - :environment: N/A - :description: If this setting is enabled, users can search messages. Default is **true**. - -Enable post search -~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -If this setting is enabled, users can search for messages in their Mattermost instance. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostSearch": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------+ - -.. note:: - - Disabling this experimental configuration setting in larger deployments may improve server performance in the following areas: - - - Reduced Database Load: When post search is enabled, every search query adds additional load to the database. Disabling search reduces these queries, leading to better database performance and lower response times for other operations. - - Lower Memory Usage: Search functionality often requires indexing of posts, which consumes memory. By disabling search, the memory required for maintaining these indexes is freed up for other uses, improving overall system performance. - - Faster Write Operations: When post search is enabled, indexing has to be updated with every new post, edit, or deletion. Disabling search avoids this overhead, allowing for faster write operations. - - Performance Consistency: Without the search feature, the application avoids potential performance bottlenecks and can maintain more consistent performance levels, especially under heavy usage scenarios with a high number of posts. - - Simplified System Maintenance: Managing search indexes can be complex and resource-intensive. Disabling search simplifies this aspect of system maintenance, potentially reducing the risk of performance issues related to search index corruption or degradation. - - However, the ability to search messages in Mattermost is a critical feature for many users, and disabling this feature will result in users seeing an error if they attempt to use the Mattermost Search box. It’s important to balance performance improvements with the needs of your organization and users. - -.. config:setting:: enable-file-search - :displayname: Enable file search (Experimental) - :systemconsole: N/A - :configjson: EnableFileSearch - :environment: N/A - :description: This configuration setting enables users to search documents attached to messages by filename. Default is **true**. - -Enable file search -~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -.. important:: - - This experimental configuration setting enables users to search documents attached to messages by filename. To enable users to search documents by their content, you must also enable the ``ExtractContent`` configuration setting. See our :ref:`Enable Document Search by Content ` documentation for details. Document content search is available in Mattermost Server from v5.35, with mobile support coming soon. - -**True**: Supported document types are searchable by their filename. - -**False**: File-based searches are disabled. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableFileSearch": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------+ - -.. note:: - - Disabling this experimental configuration setting in larger deployments may improve server performance in the following areas: - - - Less Data to Index: Indexing files in addition to messages adds to the amount of data that needs to be processed and stored in the search index. - - Fewer Complex Queries: Searching through files can require more complex queries, which can be more resource-intensive and time-consuming as compared to searching through messages alone. - - Lower IO Operations: Searching files can generate more input/output operations, impacting the overall disk performance, especially if the system handles a large volume of file uploads and searches. - - However, the ability to search for files in Mattermost is a critical feature for many users, and disabling this feature will result in users seeing an error if they attempt to use the Mattermost Search box. It’s important to balance performance improvements with the needs of your organization and users. - -.. config:setting:: enable-user-status-updates - :displayname: Enable user status updates (Experimental) - :systemconsole: N/A - :configjson: EnableUserStatuses - :environment: N/A - :description: Turn status updates off to improve performance. Default is **true**. - -Enable user status updates -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Turn status updates off to improve performance. When status updates are off, users appear online only for brief periods when posting a message, and only to members of the channel in which the message is posted. - -+---------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserStatuses": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: websocket-secure-port - :displayname: Websocket secure port (Experimental) - :systemconsole: N/A - :configjson: WebsocketSecurePort - :environment: N/A - :description: This setting defines the port on which the secured WebSocket will listen using the ``wss`` protocol. Default is **443**. - -Websocket secure port -~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. Changes to this setting require a server restart before taking effect. - -(Optional) This setting defines the port on which the secured WebSocket is listening using the ``wss`` protocol. Defaults to ``443``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. - -+------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"WebsocketSecurePort": 443`` with numerical input. | -+------------------------------------------------------------------------------------------------+ - -.. note:: - This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. - -.. config:setting:: websocket-port - :displayname: Websocket port (Experimental) - :systemconsole: N/A - :configjson: WebsocketPort - :environment: N/A - :description: This setting defines the port on which the unsecured WebSocket will listen using the ``ws`` protocol. Default is **80**. - -Websocket port -~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. Changes to this setting require a server restart before taking effect. - -(Optional) This setting defines the port on which the unsecured WebSocket is listening using the ``ws`` protocol. Defaults to ``80``. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. - -+----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``WebsocketPort": 80`` with numerical input. | -+----------------------------------------------------------------------------------------+ - -.. note:: - This is a client only override that doesn't affect the listening port of the server process which is controlled by the :ref:`Web server listen address ` setting. - - -.. config:setting:: enable-local-mode-for-mmctl - :displayname: Enable local mode for mmctl (Experimental) - :systemconsole: N/A - :configjson: EnableLocalMode - :environment: N/A - - - **true**: Enables local mode for mmctl. - - **false**: **(Default)** Prevents local mode for mmctl. - -Enable local mode for mmctl -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This self-hosted deployment setting isn't available in the System Console and can only be set in ``config.json``. - -**True**: Enables local mode for mmctl. - -**False**: Prevents local mode for mmctl. - -+-------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLocalMode": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------+ - -.. tip:: - - When trying to use local mode with mmctl, ensure you're using the same user when running the server and mmctl, or clean up the socket file before switching to a new user. If you encounter an error like ``socket file "/var/tmp/mattermost_local.socket" doesn't exists, please check the server configuration for local mode``, this can be resolved by setting this configuration setting to ``true``. - -.. config:setting:: enable-local-mode-socket-location - :displayname: Enable local mode socket location (Experimental) - :systemconsole: N/A - :configjson: LocalModeSocketLocation - :environment: N/A - :description: The path for the socket that the server will create for mmctl to connect and communicate through local mode. Default value is **/var/tmp/mattermost_local.socket**. - -Enable local mode socket location -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This self-hosted deployment setting isn't available in the System Console and can only be set in ``config.json``. - -The path for the socket that the server will create for mmctl to connect and communicate through local mode. If the default value for this key is changed, you will need to point mmctl to the new socket path when in local mode, using the ``--local-socket-path /new/path/to/socket`` flag in addition to the ``--local`` flag. - -If nothing is specified, the default path that both the server and mmctl assumes is ``/var/tmp/mattermost_local.socket``. - -+--------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket"`` with string input. | -+--------------------------------------------------------------------------------------------------------------------------------+ - .. config:setting:: default-channels :displayname: Default channels (Experimental) :systemconsole: N/A @@ -1762,92 +1003,3 @@ When not set, every user is added to the ``town-square`` channel by default. ---- -Experimental job configuration settings ---------------------------------------- - -With self-hosted deployments, you can configure how Mattermost schedules and completes periodic tasks such as the deletion of old posts with Data Retention enabled or indexing posts with Elasticsearch. These settings control which Mattermost servers are designated as a Scheduler, a server that queues the tasks at the correct times, and as a Worker, a server that completes the given tasks. - -When running Mattermost on a single machine, both ``RunJobs`` and ``RunScheduler`` should be enabled. Without both of these enabled, Mattermost will not function properly. - -When running Mattermost in High Availability mode, ``RunJobs`` should be enabled on one or more servers while ``RunScheduler`` should be enabled on all servers under normal circumstances. A High Availability cluster-based deployment will have one Scheduler and one or more Workers. See the below sections for more information. - -.. config:setting:: run-jobs - :displayname: Run jobs (Experimental) - :systemconsole: N/A - :configjson: RunJobs - :environment: N/A - :description: Set whether or not this Mattermost server will handle tasks created by the Scheduler. Default is **true**. - -Run jobs -~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Set whether or not this Mattermost server will handle tasks created by the Scheduler. When running Mattermost on a single machine, this setting should always be enabled. - -When running Mattermost in :doc:`High Availablity mode `, one or more servers should have this setting enabled. We recommend that your High Availability cluster-based deployment has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. - -+------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: run-scheduler - :displayname: Run scheduler (Experimental) - :systemconsole: N/A - :configjson: RunScheduler - :environment: N/A - :description: Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. Default is **true**. - -Run scheduler -~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. When running Mattermost on a single machine, this setting should always be enabled. - -When running Mattermost in :doc:`High Availablity mode `, this setting should always be enabled. In a High Availability cluster-based deployment, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See :doc:`High Availability documentation ` for more details. - -.. warning:: - - We strongly recommend that you not change this setting from the default setting of ``true`` as this prevents the ``ClusterLeader`` from being able to run the scheduler. As a result, recurring jobs such as LDAP sync, Compliance Export, and data retention will no longer be scheduled. In previous Mattermost Server versions, and this documentation, the instructions stated to run the Job Server with ``RunScheduler: false``. The cluster design has evolved and this is no longer the case. - -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunScheduler": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: clean-up-old-database-jobs - :displayname: Clean up old database jobs (Experimental) - :systemconsole: N/A - :configjson: .JobSettings.CleanupJobsThresholdDays - :environment: N/A - :description: Defines the threshold in hours beyond which older completed database jobs are removed. Must be set to a value greater than or equal to ``0`` to be enabled. Default value is **-1** - -Clean up old database jobs -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting isn't available in the System Console and can only be set in ``config.json``. - -Defines the threshold in days beyond which older completed database jobs are removed. This setting is disabled by default, and must be set to a value greater than or equal to ``0`` to be enabled. - -+--------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"JobSettings.CleanupJobsThresholdDays": -1`` with numerical input. | -+--------------------------------------------------------------------------------------------------------------------+ - -.. config:setting:: clean-up-outdated-database-entries - :displayname: Clean up outdated database entries (Experimental) - :systemconsole: N/A - :configjson: .JobSettings.CleanupConfigThresholdDays - :environment: N/A - :description: Defines the threshold in days beyond which outdated configurations are removed from the database. Default is **30** days. - -Clean up outdated database entries -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This setting only applies to configuration in the database. It isn't available in the System Console and can be set via mmctl or changed in the database. - -Defines the threshold in days beyond which outdated configurations are removed from the database. - -+--------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"JobSettings.CleanupConfigThresholdDays": 30`` with numerical input. | -+--------------------------------------------------------------------------------------------------------------------+ - diff --git a/source/administration-guide/configure/plugins-configuration-settings.rst b/source/administration-guide/configure/plugins-configuration-settings.rst index fa3af1501ba..75d7be07b78 100644 --- a/source/administration-guide/configure/plugins-configuration-settings.rst +++ b/source/administration-guide/configure/plugins-configuration-settings.rst @@ -2143,3 +2143,99 @@ Specify the `Chimera `__ URL used by Matt +-------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ChimeraOAuthProxyUrl": {}`` with string input. | +-------------------------------------------------------------------------------------------------------------------------+ + +.. config:setting:: enable-plugin-uploads + :displayname: Enable plugin uploads (Plugins) + :systemconsole: N/A + :configjson: EnableUploads + :environment: N/A + + - **true**: Enables plugin uploads by system admins at **Plugins > Management**. + - **false**: **(Default)** Disables plugin uploads on your Mattermost server. + +Enable plugin uploads +~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Enables plugin uploads by system admins at **Plugins > Management**. If you do not plan to upload a plugin, set to ``false`` to control which plugins are installed on your server. See the `plugins admin guide `__ documentation for details. + ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUploads": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------+ + +.. config:setting:: allow-insecure-download-url + :displayname: Allow insecure download URL (Plugins) + :systemconsole: N/A + :configjson: AllowInsecureDownloadUrl + :environment: N/A + + - **true**: Enables downloading and installing a plugin from a remote URL. + - **false**: **(Default)** Disables downloading and installing a plugin from a remote URL. + +Allow insecure download URL +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Enables downloading and installing a plugin from a remote URL. + ++-----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowInsecureDownloadUrl": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------------------------------+ + +.. config:setting:: enable-plugin-health-check + :displayname: Enable plugin health check (Plugins) + :systemconsole: N/A + :configjson: EnableHealthCheck + :environment: N/A + + - **true**: **(Default)** Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. + - **false**: Disables plugin health check on your Mattermost server. + +Enable plugin health check +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. The health check runs every 30 seconds. If the plugin is detected to fail 3 times within an hour, the Mattermost server attempts to restart it. If the restart fails 3 successive times, it's automatically disabled. + ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableHealthCheck": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------+ + +.. config:setting:: plugin-directory + :displayname: Plugin directory (Plugins) + :systemconsole: N/A + :configjson: Directory + :environment: N/A + :description: The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. + +Plugin directory +~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +The location of the plugin files. If blank, they are stored in the ``./plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ + +.. config:setting:: client-plugin-directory + :displayname: Client plugin directory (Plugins) + :systemconsole: N/A + :configjson: ClientDirectory + :environment: N/A + :description: The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. + +Client plugin directory +~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +The location of client plugin files. If blank, they are stored in the ``./client/plugins`` directory. The path that you set must exist and Mattermost must have write permissions in it. + ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClientDirectory": "./client/plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ diff --git a/source/administration-guide/configure/push-notification-server-configuration-settings.rst b/source/administration-guide/configure/push-notification-server-configuration-settings.rst index 1769807d1ec..c79ac498193 100644 --- a/source/administration-guide/configure/push-notification-server-configuration-settings.rst +++ b/source/administration-guide/configure/push-notification-server-configuration-settings.rst @@ -138,3 +138,26 @@ Maximum notifications per channel - **Improved User Experience**: An overload of notifications can lead to performance lags and a cluttered experience for users. Limiting the number ensures that users receive only the most important notifications, which can enhance usability and response times. - **Network Bandwidth**: High numbers of notifications can consume a lot of bandwidth, particularly if they are being sent to many users. Fewer notifications can lead to lower overall network usage and potentially faster delivery of critical messages. - **Server Load Balancing**: By reducing the number of notifications, the workload can be more evenly distributed across the servers, leading to better load balancing and preventing any single server from becoming a bottleneck. + +config.json-only settings +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following push notification configuration settings are only available by editing the ``config.json`` file. + +.. config:setting:: push-notification-buffer + :displayname: Push notification buffer (Push Notifications) + :systemconsole: N/A + :configjson: PushNotificationBuffer + :environment: N/A + :description: Used to control the buffer of outstanding Push Notification messages to be sent. Default is **1000** notifications. + +Push notification buffer +~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Used to control the buffer of outstanding Push Notification messages to be sent. If the number of messages exceeds that number, then the request making the Push Notification will be blocked until there's room. + ++---------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PushNotificationBuffer": 1000"`` with numerical input. | ++---------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/source/administration-guide/configure/site-configuration-settings.rst b/source/administration-guide/configure/site-configuration-settings.rst index efe0f0d011c..86bf7597bf2 100644 --- a/source/administration-guide/configure/site-configuration-settings.rst +++ b/source/administration-guide/configure/site-configuration-settings.rst @@ -451,9 +451,27 @@ Mobile external browser .. note:: - - This setting is applicable to self-hosted deployments only. + - This setting is applicable to self-hosted deployments only. - We recommend enabling this configuration setting when there are issues with the mobile app SSO redirect flow. +.. config:setting:: allowed-themes + :displayname: Allowed themes (Customization) + :systemconsole: N/A + :configjson: AllowedThemes + :environment: N/A + :description: Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. + +Allowed themes +~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Select the themes that can be chosen by users when ``EnableThemeSelection`` is set to ``true``. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowedThemes": []`` with string array input consisting of the options ``"default"``, ``"organization"``, ``"mattermostDark"``, and ``"windows10"``, such as ``["mattermostDark", "windows10"]``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + ---- Localization @@ -855,6 +873,29 @@ User statistics update time | Default is **00:00**. | | +--------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ +config.json-only settings +^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following user management configuration settings are only available by editing the ``config.json`` file. + +.. config:setting:: enable-user-status-updates + :displayname: Enable user status updates (Users and Teams) + :systemconsole: N/A + :configjson: EnableUserStatuses + :environment: N/A + :description: Turn status updates off to improve performance. Default is **true**. + +Enable user status updates +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +Turn status updates off to improve performance. When status updates are off, users appear online only for brief periods when posting a message, and only to members of the channel in which the message is posted. + ++---------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserStatuses": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------+ + ---- Notifications diff --git a/source/administration-guide/configure/user-management-configuration-settings.rst b/source/administration-guide/configure/user-management-configuration-settings.rst index 584284a1de1..3a56fe5f9a5 100644 --- a/source/administration-guide/configure/user-management-configuration-settings.rst +++ b/source/administration-guide/configure/user-management-configuration-settings.rst @@ -676,3 +676,34 @@ System roles | See the :doc:`delegated granular administration ` | | documentation for details | +----------------------------------------------------------------------+------------------------------------------------------------+ + +---- + +config.json-only settings +-------------------------- + +The following user management configuration settings are only available by editing the ``config.json`` file. + +.. config:setting:: restrict-system-admin + :displayname: Restrict system admin (User Management) + :systemconsole: N/A + :configjson: FileEnabled + :environment: N/A + :description: Enable this setting to restrict the system admin from viewing and modifying a subset of server configuration settings from the System Console. Default value is **false**. + +Restrict system admin +~~~~~~~~~~~~~~~~~~~~~ + +This setting isn't available in the System Console and can only be set in ``config.json``. + +**True**: **(Default for Cloud deployments)** Restricts the system admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the system admin role to users but restricting certain actions only for Cloud Admins. + +**False**: **(Default for self-host deployments)** No restrictions are applied to the system admin role. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictSystemAdmin": "false"`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------+ + +.. note:: + + The ability to restrict the system admin from viewing and modifying a subset of server configuration settings is currently in :ref:`Beta `.