# ============================================================================= # OxiCloud Environment Configuration # ============================================================================= # Copy this file to .env and modify as needed for your deployment. # cp example.env .env # # All variables have sensible defaults. Only override what you need. # ============================================================================= # ----------------------------------------------------------------------------- # SERVER CONFIGURATION # ----------------------------------------------------------------------------- # Root directory for file storage (default: ./storage) OXICLOUD_STORAGE_PATH=./storage # Path to static files directory (default: ./static) OXICLOUD_STATIC_PATH=./static # Server port (default: 8086) OXICLOUD_SERVER_PORT=8086 # Server bind address (default: 127.0.0.1) # Use 0.0.0.0 to bind to all interfaces in Docker OXICLOUD_SERVER_HOST=127.0.0.1 # Public base URL for generating share links and external URLs # If not set, defaults to http://{OXICLOUD_SERVER_HOST}:{OXICLOUD_SERVER_PORT} # Example: https://cloud.example.com #OXICLOUD_BASE_URL=https://cloud.example.com # ----------------------------------------------------------------------------- # DATABASE CONFIGURATION # ----------------------------------------------------------------------------- # PostgreSQL connection string # Format: postgres://USER:PASSWORD@HOST:PORT/DATABASE # For Docker: use 'postgres' as the hostname (the docker-compose service name) # For local development: use 'localhost:5432' OXICLOUD_DB_CONNECTION_STRING=postgres://postgres:postgres@postgres/oxicloud # Maximum number of database connections in the pool (default: 20) #OXICLOUD_DB_MAX_CONNECTIONS=20 # Minimum number of database connections to maintain (default: 5) #OXICLOUD_DB_MIN_CONNECTIONS=5 # Maximum connections for the maintenance pool (background/batch tasks). # This pool is isolated from user requests, preventing background operations # (verify_integrity, garbage_collect, storage recalculation) from starving # interactive traffic. Default: 5 #OXICLOUD_DB_MAINTENANCE_MAX_CONNECTIONS=5 # Minimum connections for the maintenance pool. Default: 1 #OXICLOUD_DB_MAINTENANCE_MIN_CONNECTIONS=1 # Build-time database URL for SQLx compile-time checks # Only needed during compilation, not at runtime DATABASE_URL=postgres://postgres:postgres@localhost:5432/oxicloud # ----------------------------------------------------------------------------- # AUTHENTICATION CONFIGURATION # ----------------------------------------------------------------------------- # JWT secret key for signing authentication tokens # If not set, a secure secret is auto-generated and persisted to # /.jwt_secret so tokens survive container restarts. # You only need to set this if you want to share the same secret # across multiple OxiCloud instances or control it externally. # Generate a custom secret with: openssl rand -hex 32 #OXICLOUD_JWT_SECRET= # Access token lifetime in seconds (default: 3600 = 1 hour) #OXICLOUD_ACCESS_TOKEN_EXPIRY_SECS=3600 # Refresh token lifetime in seconds (default: 2592000 = 30 days) #OXICLOUD_REFRESH_TOKEN_EXPIRY_SECS=2592000 # ----------------------------------------------------------------------------- # FEATURE FLAGS # ----------------------------------------------------------------------------- # Enable/disable authentication system (default: true) #OXICLOUD_ENABLE_AUTH=true # Enable per-user storage quotas (default: false) #OXICLOUD_ENABLE_USER_STORAGE_QUOTAS=false # Enable file/folder sharing (default: true) #OXICLOUD_ENABLE_FILE_SHARING=true # Enable trash/recycle bin functionality (default: true) #OXICLOUD_ENABLE_TRASH=true # Enable search functionality (default: true) #OXICLOUD_ENABLE_SEARCH=true # ----------------------------------------------------------------------------- # OPENID CONNECT (OIDC) / SSO CONFIGURATION # ----------------------------------------------------------------------------- # Enable OIDC authentication (default: false) OXICLOUD_OIDC_ENABLED=false # OIDC provider issuer URL (required if OIDC enabled) # Example: https://auth.example.com/application/o/oxicloud/ #OXICLOUD_OIDC_ISSUER_URL= # OIDC client ID (required if OIDC enabled) #OXICLOUD_OIDC_CLIENT_ID= # OIDC client secret (required if OIDC enabled) #OXICLOUD_OIDC_CLIENT_SECRET= # Callback URL after OIDC authentication (must match IdP config) # Default: http://localhost:8086/api/auth/oidc/callback #OXICLOUD_OIDC_REDIRECT_URI=http://localhost:8086/api/auth/oidc/callback # OIDC scopes to request (default: openid profile email) #OXICLOUD_OIDC_SCOPES=openid profile email # Frontend URL to redirect after successful OIDC login # Default: http://localhost:8086 #OXICLOUD_OIDC_FRONTEND_URL=http://localhost:8086 # Auto-create users on first OIDC login (JIT provisioning) (default: true) #OXICLOUD_OIDC_AUTO_PROVISION=true # Comma-separated list of OIDC groups that grant admin role # Example: admins,cloud-admins #OXICLOUD_OIDC_ADMIN_GROUPS= # Disable password-based login entirely when OIDC is active (default: false) #OXICLOUD_OIDC_DISABLE_PASSWORD_LOGIN=false # Display name for the OIDC provider shown in UI (default: SSO) #OXICLOUD_OIDC_PROVIDER_NAME=SSO # ----------------------------------------------------------------------------- # WOPI (WEB APPLICATION OPEN PLATFORM INTERFACE) CONFIGURATION # ----------------------------------------------------------------------------- # Enable WOPI integration for office document editing (default: false) # Used with Collabora, OnlyOffice, or other WOPI-compatible editors OXICLOUD_WOPI_ENABLED=false # URL to the WOPI client's discovery endpoint # Example for Collabora: http://collabora:9980/hosting/discovery # Example for OnlyOffice: http://onlyoffice/hosting/discovery #OXICLOUD_WOPI_DISCOVERY_URL= # Secret key for signing WOPI access tokens # Falls back to OXICLOUD_JWT_SECRET if not set #OXICLOUD_WOPI_SECRET= # WOPI access token lifetime in seconds (default: 86400 = 24 hours) #OXICLOUD_WOPI_TOKEN_TTL_SECS=86400 # WOPI lock expiration in seconds (default: 1800 = 30 minutes) #OXICLOUD_WOPI_LOCK_TTL_SECS=1800 # ----------------------------------------------------------------------------- # MEMORY ALLOCATOR TUNING (IMPORTANT FOR RAM USAGE) # ----------------------------------------------------------------------------- # OxiCloud uses mimalloc as its global memory allocator for performance. # By default, mimalloc RETAINS freed memory in internal free-lists instead of # returning it to the operating system. This causes the process RSS to grow # over time (e.g., after large file uploads or password hashing) and never # shrink back — even though the application has already freed that memory. # # In containerized / memory-constrained environments (Docker, K8s, VPS with # limited RAM), this is critical: without these settings, the container can # appear to "leak" hundreds of MiB that are actually just retained by the # allocator. # # These variables are read directly by the mimalloc C library at startup. # They are NOT OxiCloud-specific — they are part of mimalloc's official API. # Docs: https://microsoft.github.io/mimalloc/environment.html # MIMALLOC_PURGE_DELAY: Delay (in ms) before freed memory is returned to the OS. # 0 = return immediately (RECOMMENDED for Docker / limited RAM) # -1 = never return (maximum performance, highest RAM usage) # 10 = mimalloc default (slight delay for reuse optimization) # Setting this to 0 can reduce idle RAM by 80-120 MiB in typical deployments. MIMALLOC_PURGE_DELAY=0 # MIMALLOC_ALLOW_LARGE_OS_PAGES: Use 2 MiB huge pages for allocations. # 0 = disabled (RECOMMENDED for Docker — avoids RSS inflation from THP) # 1 = enabled (better TLB performance on bare-metal servers with plenty of RAM) # When enabled with Linux Transparent Huge Pages (THP), partially-used 2 MiB # pages inflate the reported RSS by up to 20-30 MiB. MIMALLOC_ALLOW_LARGE_OS_PAGES=0