Server Configuration File

In this article you will find all available settings which can be set in the server configuration file. Most of those settings can also be set in the web interface.

Location and Format

The PowerFolder.config server configuration file location depends on the operating system:

Windows 7/8/10/2008 R2/2012 R2/2016: C:\ProgramData\PowerFolder\PowerFolder.config
Linux and Mac: ~/.PowerFolder/PowerFolder.config

The format is a simple text base formats with key=value formatted lines. Comments can be inserted with by adding a # (dash) in front of each line.

General Settings

Admin Account Settings

Web Setting	Config File Parameter	Config File Default Value	Restart Required	Description
Admin username	`plugin.webinterface.username`	admin	Yes	The username of the account which has full control over the server and all its settings. When inserting the parameter into the config file, the server will rename the current admin to the specified name and remove the parameter afterwards.
Current password				The password of the account specified above.
New password	`plugin.webinterface.password`	password	Yes	The new password for the account specified above (required when the password should be changed). When inserting the parameter into the config file, the server will set the specified password for the the current admin and remove the parameter afterwards.
Confirm new password				The confirmation for the new password for the account specified above (required when the password should be changed).

Licensing

Web Setting	Config File Parameter	Config File Possible Values	Restart Required	Description
PowerFolder.com E-Mail			Yes	PowerFolder.com account of the licensee for PowerFolder Server. This account also holds the microcredit purchased with the product. Usually this field is already filled due to the initial activation of PowerFolder Server.
PowerFolder.com Password			Yes	PowerFolder.com password of the account specified above.
Limit users per Server	license.limit.user	Any numeric value	Yes	To limit the maximum number of users.

Logging

Web Setting	Config Setting	Config Default Value	Config Possible Values	Restart Required	Description
Console Log Level	`log.console.level`	`INFO`	`FINER` `FINE` `INFO` `WARNING` `SEVERE` `OFF`	Yes	Sets the log detail level for the web console. High log levels result in reducing overall system speed.
File Log Level	`log.file.level`	`INFO`	`FINER` `FINE` `INFO` `WARNING` `SEVERE` `OFF`	Yes	Sets the log detail level for the log files. High log levels result in reducing overall system speed.
Enable log file rotation	`log.file.rotate`	`true`	`true` `false`	Yes	Controls if the log files should be rotated after a specified number of days. If enabled, the oldest log file will be deleted after it expired.
Log file rotation days	`log.file.keep.days`	`31`	A valid positive number	Yes	Defines the number of days after the oldest log file will be deleted.
Syslog server hostname	`log.syslog.host`		A valid hostname	Yes	Defines the hostname of a Syslog server to log to. If a hostname will be defined, the logging will be automatically enabled.
Syslog server port	`log.syslog.port`	`514`	1-65535	Yes	Defines the port of a Syslog server to log to.
Syslog server level	`log.syslog.level`	`INFO`	`FINER` `FINE` `INFO` `WARNING` `SEVERE` `OFF`	Yes	Defines the level of log output for the Syslog server. High log levels result in reducing overall system speed.
Log transfers	`plugin.pro.monitor.transfer.use_csv plugin.pro.monitor.transfer.use_sql`	`false`	`true` `false`	Yes	Defines if data transfers of files and directories should be logged. This setting has three values: Disabled - No transfers are logged CSV file - All transfers will be logged in comma separated files in sub-directories named after the current date. Database: All transfers will be logged in the internal/external database table TransferLogEntry. Transfer Monitoring is described in an extra article in our documentation.
Log active threads	`log.active_threads`	`false`	`true` `false`	Yes	Will log all active threads. Only enable this option our support requests you to do so. Might reduce system speed significantly!
Log web requests	`web.dump.requests`	`false`	`true` `false`	Yes	Will log all web requests. Only enable this option if our support requests you to do so.

Database Settings

The following entries got introduced in version 14.2.13

There are many more entries but you might only see the following ones if you used a database prior v. 14.2.13.

Please review hibernate and c3p0 documentation for all possible configuration entries

Please be cautious changing these settings since it might result in corrupted databases or not working database connections!

Setting Setting not available via web	Config File Parameter	Restart Required
Database Connection URL	hibernate.connection.url	Yes
Database user	hibernate.connection.username	Yes
Passeword for database user	hibernate.connection.password	Yes
Max Connection Pool Size	hibernate.c3p0.max_size	Yes
Log SQL queries to log file	hibernate.show_sql	Yes
Format SQL queries	hibernate.format_sql	Yes
Do NOT change this setting as this may damage your system.	hibernate.dialect	Yes
How many new pooled connection get created	hibernate.c3p0.acquire_increment	Yes
How long should the server wait until it tests the sql connectivity	hibernate.c3p0.idle_test_period	Yes
Minimum size for the connection pool	hibernate.c3p0.min_size	Yes
Do NOT change this setting as this may damage your system.	hibernate.c3p0.timeout	Yes
Do NOT change this setting as this may damage your system.	hibernate.cache.provider_class	Yes
Do NOT change this setting as this may damage your system.	hibernate.cache.use_query_cache	Yes
Do NOT change this setting as this may damage your system.	hibernate.cache.use_second_level_cache	Yes
Do NOT change this setting as this may damage your system.	hibernate.connection.driver_class	Yes
Do NOT change this setting as this may damage your system.	hibernate.connection.provider_class	Yes
Do NOT change this setting as this may damage your system.	hibernate.connection.release_mode	Yes
Do NOT change this setting as this may damage your system.	hibernate.current_session_context_class	Yes

Maintenance Folder

Setting Config File Parameter Config File Default Value Config File Possible Values Restart Required Description

Maintenance Folder Path

*Cannot *be changed with reload (requires restart)

Yes

Shows the current location of the Server Maintenance Folder.

Maintenance Folder ID

*Cannot *be changed with reload (requires restart)

plugin.server.maintenancefolderid

Yes

Defines the ID of the Server Maintenance Folder. Please only modify the value if preparing the servers to run in a high availability setup.

Cluster Config Synchronisation

Setting not yet available via web

*Cannot *be changed with reload (requires restart)

config.cluster

true

true
false

Yes

Enables synchronisation of cluster settings via Server Maintenance Folder (Cluster.config).

Proxy

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
HTTP proxy host	`http.proxy.host`		A valid hostname	No	Proxy server to connect to for outbound HTTP/S connections.
HTTP proxy port	`http.proxy.port`	`80`	1-65535	No	Proxy server port.
HTTP proxy username	`http.proxy.username`			No	Username required to access the proxy server.
HTTP proxy password	`http.proxy.password`			No	Username required to access the proxy server.

User Accounts

Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Database user account defaults				No	A link to the profile for database users.
LDAP user account defaults				No	A link to the profile for LDAP users.
RADIUS user account defaults				No	A link to the profile for RADIUS users.
Account validity (days)	`server.register.os.days`	`-1`	Setting server.register.os.days to 0 or -1 will result in no valid till date being set -> Accounts are valid from now on forever Setting server.register.os.days to a number > 0 will set a valid till date of number of days in the future Setting server.register.os.days to a number < -1 will set a valid till date of number of days in the past, resulting in a disabled account	No	Defines the default number of days a new account should be valid.
Register language Setting not yet available via web	server.register.language	Not set, uses system language	See description	Yes	Can be set to a two letter language code to set language for new accounts e.g. server.register.language=de
Login script to use	`login.script`		A full path to an executable script	No	Will be executed after each user login / authentication via client or web portal. Example: login.script=http://myserver/process_login.php The server will add an entry to the log if the script was executed successfully or not. On Linux it's possible to pass messages to stdout and stderr, so they will be added to the logs. Example: echo This is a stdout test >&1 echo This is a stderr test >&2
Wait for login script	`login.script.wait`	`false`	`true` `false`	No	Controls if other server processes will wait for the login script to finish.
Login type to use	`server.username.isemail`	`both`	`true`: Field label will be "Email", login field only accepts logins containing an 'at' (@) and a "dot" (.) sign after that. The first email from LDAP will be set as username. `false`: Field label will be "Username", login field doesn't check the format. `both`: Field label will be "Username/Email", login field doesn't check the format. `<custom>`: Field label will be the value specied (replace `<custom>` with a label of your choice), login field doesn't check the format.	No	Controls: if usernames are allowed, which don't include an 'at' (@) and a "dot" (.) sign after that. what kind of label the login field in the web and client interface has The setting also applies to LDAP, so users are forced to use either the mail or userPrincipalName attribute (or any other attribute including an email-like value) if `true` is specified.
Invites per email	server.invite.validate_email.enabled	`false`	`true` `false`	No	Controls that the invitations should only be send to email addresses not usernames only
Message if user account has expired	`server.register.account_expired`	`Your account is invalid`	Any text message	No	A message to the user, if his/her account has expired.
Message if user account is not yet valid	`server.register.account_not_yet_valid`	`Your account is not valid yet`	Any text message	No	A message to the user, if his/her account is not yet valid.

Authentication Settings

LDAP / Active Directory

LDAP configuration entries available with version 11.5. Please also watch New LDAP configuration files

<index> priorizes the LDAP Server. The server requests the LDAP servers sorted by these numbers.

For PowerFolder versions pre 11.5 watch our old LDAP Configuration entries

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Only a visual entry in Web UI	`ldap.<index>.server.name`	LDAP 0, LDAP 1, LDAP 2, ...	Any string	Yes	Describing name for the UI.
LDAP hostname	`ldap.<index>.`server.url		LDAP Server URL starting with ldap:// or ldaps:// Examples: ldap://ldap.example.com ldap://ldap.example.com:389	Yes	Contains the hostname, port and SSL settings of the directory server server.
Username suffixes	ldap.<index>.server.username_suffixes		Examples: example.com ldap.local	Yes	Comma-separated string of the user name suffixes to establish a mapping between user groups and an LDAP/AD server.
LDAP username	ldap.<index>.search.username		Example: administrator@example.com	Yes	The distinguished name of the user to use when connecting to the directory server.
Setting not available via web	`ldap.<index>.search.passwordobf`		Must not be set by user.	Yes	The hidden password of the search.user. Is generated automatically.
LDAP password	ldap.<index>.password			Yes	The password of the search.user. Is transferred to search.passwordobf and then deleted from the configuration file.
Search context	`ldap.<index>.search.base`	dc=company,dc=local		Yes	Description of the accounts in the LDAP tree, below which you want to search for users, groups, and organizations.
Mapping of organization	`ldap.<index>.search.org.depth`	0	0=No organisation mapping 1=Single Domain mapping 2=Multi Domain Mapping	Yes	To what depth below the search.base you want to search for and import organizations.
Search match criteria	`ldap.<index>.search.expression`	(\|(sAMAccountName=$username)(mail=$username)(userPrincipalName=$username)(uid=$username)(distinguishedName=$username))		Yes	Search filter used to identify the user. $username is a placeholder replaced by the name of the user.
Search context for groups	`ldap.<index>.`search.expression.groups	(\|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group))		Yes	Search filters that identify the groups.
Attribute identifying the member in a group	`ldap.<index>.`search.groups.member	member		Yes	Attribute that identifies the members of a group. In an ActiveDirectory, a group contains the member attributes.
Attribute identifying a group of a user	ldap.<index>.search.groups.member_of	memberOf		Yes	Attribute that identifies the groups of a user. In an ActiveDirectory, a user contains the memberOf attributes.
Synchronize LDAP	`ldap.<index>.sync.type`	0	0=No users 1=Only already imported users 2=All users in LDAP	Yes	Rule how users should be imported from an LDAP/AD.
Synchronize LDAP	ldap.<index>.sync.time	0		Yes	Time interval in hours between automatic user imports.
Match accounts by mail attribute	`ldap.<index>.accounts.match_email`	true	true false	Yes	Should users known to the PowerFolder server be merged with information from LDAP/AD if the e-mail address matches?
Setting not available via web	`ldap.<index>.sync_groups.enabled`	false	true false	Yes	Should groups be imported from LDAP/AD?
Import match criteria	`ldap.<index>.import.expression`		Example: `(objectClass=person)` `(&(objectClass=person)(!(objectClass=computer)))`	Yes	Filters that identify users. For OpenLDAP `(objectClass=person)` and for ActiveDirectory `(&(objectClass=person)(!(objectClass=computer)))`
Mapping of additional E-Mail addresses	ldap.<index>.mapping.mail_addresses	mail,mailAddresses,proxyAddresses		Yes	Comma-separated string containing the attributes to be added to a user as e-mails.
Mapping of account name	`ldap.<index>.mapping.username`	sAMAccountName,uid		Yes	Comma-separated string containing the attributes that identify a user name. The first appropriate attribute is used to set the user name.
Mapping of given name	`ldap.<index>.mapping.given_name`	givenName		Yes	Comma-separated string of attributes that identify the first name.
Mapping of common name	`ldap.<index>.mapping.common_name`	cn,commonName		Yes	Comma-separated string of the attributes representing the common name, e. g. the full name, if it is a person.
Mapping of middle name	`ldap.<index>.mapping.middle_name`	middleName		Yes	Comma-separated string of the attributes containing the middle names.
Mapping of surname	`ldap.<index>.mapping.surname`	sn,surname		Yes	Comma-separated string of attributes containing the last name.
Mapping of the display name	`ldap.<index>.display_name`	displayName,name		Yes	Comma-separated string of attributes containing the display name.
Mapping of telephone number	`ldap.<index>.mapping.telephone`	mobileTelephoneNumber,telephoneNumber,mobile		Yes	Comma-separated string of attributes containing telephone numbers.
Mapping of account expiration date	`ldap.<index>.mapping.expiration`	accountExpires		Yes	Comma-separated string of the attributes that contain an expiration date for a user.
Mapping of date the account is valid from	`ldap.<index>.mapping.valid_from`	validFrom		Yes	Comma-separated string of the attributes that contain a validity date for a user.
Mapping of the account quota	`ldap.<index>.mapping.quota`	quota		Yes	Comma-separated string of the attributes that contain the quota for a user.
Setting not available via web	`ldap.<index>.mapping.quota.unit`	GB	TB GB MB	Yes	Size unit for the quota of a user.
MFA	mfa.enabled	true	true false	No	Controls to activate the MFA for all accounts (admin + user)

Kerberos SSO

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Enable Single Sign-On via Kerberos	`kerberos.sso.enabled`	`false`	`true` `false`	Yes	Controls if Kerberos support for server and client is enabled or not.
Domain	`kerberos.sso.realm`	`WORKGROUP`	A valid Active Directory domain name	Yes	Specifies the Active Directory Domain name.
Key Distribution Center	`kerberos.sso.kdc`		A valid KDC	Yes	Specifies the Active Directory Key Distribution Center (KDC). Most likely this will be your domain controller.
Service Principal Name	`kerberos.sso.service_name`	`domain/hostname`	A valid registered SPN	Yes	Specifies the Service Prinicipal Name created for the machine which is running PowerFolder Server.

RADIUS

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Enable RADIUS authentication				Yes	Controls if RADIUS support will be enabled in the server.
RADIUS hostname	`radius.server`		Example: `radius.example.com:1812`	Yes	Specifies the hostname and (optional) port for the RADIUS server.
RADIUS shared secret	`radius.sharedsecret`			Yes	Specifies the shared secret for communication with the RADIUS server.
RADIUS protocol	`radius.auth`	`PEAP`	`EAPMD5` `EAPMSCHAPV2` `EAPTLS` `EAPTTLS` `PEAP` `MSCHAPV1` `MSCHAPV2` `CHAP` `PAP`	Yes	Specifies the proctol to use for communication with the RADIUS server.
RADIUS timeout	`radius.timeout.seconds`	`30`		Yes	Specifies when RADIUS server communication should time out.

Shibboleth

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Enable Shibboleth authentication	`shibboleth.enabled`	`false`	true false	Yes	Controls if Shibboleth support will be enabled in the server.
Federation Metadata URL	`shibboleth.metadata.url`		A valid URL, e.g. https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml	Yes	Defines the URL to receive the Metadata from.
Discovery Feed URL	`shibboleth.serviceprovider.url`		A valid URL (optional)	Yes	Defines the URL to the Discovery Feed.
Enable organization mapping	`shibboleth.create.organizations`	`true`	`true` `false`	Yes	Controls if Shibboleth organizations should be mapped to PowerFolder organizations.
Organization attribute	`shibboleth.organizations.attribute`	`o`	A valid organization attribute	Yes	Defines the organization attribute.
Auto-create organizations on login	`shibboleth.create.organizations`	`true`	true false	Yes	Controls if organizations created automatically on login.
Session-Identifier (ID) attribute	`shibboleth.attribute.sessionid`	`Shib-Session-ID`	A valid Session-Identifier (ID) attribute	Yes	Defines the Session-Identifier attribute.
Persistent-Identifier (ID) attribute	`shibboleth.attribute.persistentid`	`persistent-id,uniqueID`	A valid Persistent-Identifier (ID) attribute	Yes	Defines the Persistent-Identifier (ID) attribute.
Username attribute	`shibboleth.attribute.username`	`eppn,EPPN,eduPersonPrincipalName`	A valid Username attribute	Yes	Defines the Username attribute.
Mail attribute	`shibboleth.attribute.mail`	`mail,email`	A valid Mail attribute	Yes	Defines the Mail attribute.
Match accounts by mail attribute	`shibboleth.accounts.match_email`	`true`	true false	Yes	Controls if accounts are matched by mail attribute.
Given name attribute	`shibboleth.attribute.givenname`	`givenName`	A valid Given name attribute	Yes	Defines the Given name attribute.
Surname attribute	`shibboleth.attribute.surname`	`surname,sn`	A valid Surname attribute	Yes	Defines the Surname attribute.
Expiration attribute	`shibboleth.attribute.expiration`		A valid Expiration attribute	Yes	Defines the Expiration attribute.
Custom attribute 1	`shibboleth.attribute.custom1`	`affiliation,eduPersonScopedAffiliation`	A valid Custom attribute 1	Yes	Defines the Custom attribute 1.
Custom attribute 2	`shibboleth.attribute.custom2`		A valid Custom attribute 2	Yes	Defines the Custom attribute 2.
Custom attribute 3	`shibboleth.attribute.custom3`		A valid Custom attribute 3	Yes	Defines the Custom attribute 3.
Discovery feed URL	server.idp.disco_feed.url		A valid URL.	Yes	Loads the identity provider list from this URL. Identity providers are selectable by end-users for login.
Names of external organizations	`server.idp.external_names`		Default is empty Comma separated list of names to be displayed in IdP dropdown list as "other external" users Example: server.idp.external_names=Gastkennungen/Guests,!Org Beispiel 1,!Org Beispiel 2,!Org Beispiel 3,!Firma aus M\u00FCnchen,!KEIN_RECOVERY,MIT_RECOVERY	Yes	Defines the names of external organizations added to the identity provider list loaded from the discovery feed. Selecting any organization of this list during login will authenticate the user vs. non-SAML sources, such as LDAP, Database or RADIUS if setup. If an exclamation mark is added in front of the organization name, password recovery won't be available for that organization (e.g. LDAP).

Authentication Order

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Authentication order Cannot be changed with reload (requires restart)	`security.auth.order`		`ldap` `rad` `shibboleth` `db`	Yes	Defines in which order the server will contact different authentication sources to authenticate users.
Activating federated login	server.federation.login_enabled		true false	Yes	Defines, if the server is acting as a central login page for federated services to search for the provider that hosts and forwards to the external service.
Activating federated sharing	server.federation.sharing_enabled	true	true false	Yes	Federation setup is possible, but sharing/invites not yet. Useful with AccountsAPI findDuplicatesInFederation
Activate merging of duplicate accounts in federation	server.federation.auto_merge_accounts	false	true false	Yes	Automatically finds and merges accounts, which have same email addresses but on different services within the federation. This check is performed during login and periodically in the background.

Storage Settings

Storage

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Default storage path	`foldersbase`	Windows: `C:\ProgramData\PowerFolder\PowerFolders` Linux: `~/PowerFolders`	Example: `foldersbase=D:\PowerFolders` `foldersbase=\\exampleserver\PowerFolders\` `foldersbase=/home/user/PowerFolders`	Yes	The directory on your disk, which is used by PowerFolder Server to store new folders.
Add new folders in the default storage path automatically	`look.for.folder.candidates`	`false`	`true` `false`	No	Controls if a new folder in the default storage path should be automatically managed by the server.
Create user-based directory scheme	`create.folder.path.pattern`	`$username/$foldername`	Example: `$username/$foldername` `$username` `$foldername` `$username/PowerFolders/$foldername`	No	Sub-directory pattern relative to the folderbase directory of the server. Two placeholders are possible: `$username` will be replaced by the username of the user who creates a folder. `$foldername` will be replaced by the name of the folder the user creates.
Delete non-managed folders from default storage path	`plugin.server.folders.auto_remove`	`false`	`true` `false`	Yes	Controls if the server should move unused folders (not assigned to any existing user) from its folderbase to a sub-directory in the folderbase, which is called `BACKUP_REMOVE`. The check runs every hour. The contents of the `BACKUP_REMOVE` directory have to be deleted manually.
Move folders to backup directory when users delete them	`server.folders.delete_data`	`true`	`true` `false`	No	Controls how to handle removals of folders by a user (owner or admin of a folder) in the client or the web interface. By default the server moves the contents/files to a directory called `BACKUP_REMOVE`. Set this option to `false` to prevent any file system changes when a user deletes a folder.
Mount folders dynamically in high-availability setups Cannot be changed with reload (requires restart)	`folders.mount.dynamic`	`false`	`true` `false`	Yes	Controls if folders will only be actively managed if the folder is really served by the same node. Not compatible with create.folder.use.existing=FALSE Data loss occurs!
Mount folders after user log in	`folders.mount.keep.seconds`	`3600`		No	Mounts the folder two hours after user login.
Use existing folders with the same name	`create.folder.use.existing`	`true`	`true` `false`	No	Controls if the server should delete an existing folder if a client tries to create a new one with the same name. Otherwise the server creates new empty directories appending numbers, like (2),(3),... Does not backup the contents of the existing folder if enabled.
Preserve NTFS filesystem permissions	`folder.copy_after_transfer.enabled`	`false`	`true` `false`	No	Controls if a transfered file is moved from the temporary transfer directory. If enabled the transfered file will be copied and deleted from the temporary transfer directory.
Use filesystem API to watch for changes Cannot be changed with reload (requires restart)	`folder.watcher.enabled`	`true`	`true` `false`	Yes	Controls if folder changes will be recognized using filesystem APIs. If disabled, changes will be detected only if the folder is accessed by a client.
Setting not yet available via web	`storage.stickyness.accounts`	`true`	`true` `false`	Yes	Keeps one user account sticked to the same storage path, if multiple storage paths are configured.
Setting not yet available via web	folder.storage.path.check=	true	`true` `false`	Yes	Controls that the user folder will remain in the same folder base path when there are more than one base paths available in a cluster or single-server Checks periodically if the folder path on server storage still is correctly for this user. E.G. If the ownership rights of a folder are transferred to another user, this function moves the folder into the correct directory on the server to keep the data structure clear for administrative purposes
Setting not yet available via web	folder.storage.path.report	false	true false	Yes	Only writes the log entries but doesn't move files or folders, it is basically a reporting feature.

Archiving

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Archiving	`default.archive.versions`	`5`	A valid number of version	No	Controls the default number of versions of new folders kept on the server
Archiving duration	`archive.cleanup.days`	`0`	A valid number of days	No	Controls how many days archived file is kept. (0 = infinite number of days).
Archived files in client	filedb.deleted.maxage	93312000		No	Prevents old archive files uploaded to server

Customization Settings

Download URLs

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Android App URL	`web.android.client.url`	`https://market.android.com/details?id=de.goddchen.android.powerfolder.A`		No	Specifies the link to the Android app in the Google Play Store
iOS App URL	`web.ios.client.url`	`https://itunes.apple.com/de/app/powerfolder/id536214931?mt=8`		No	Specifies the link to the iOS app in the Apple Store
Windows Client URL	`web.download.client.url`	`client_deployment/PowerFolder_Latest_Installer.exe`		No	Specifies where clients can download the latest Windows version of the PowerFolder Client.
Windows x64 .msi URL	web.download.client.x64.msi.url	`client_deployment/PowerFolder_Latest_Installer_x64.msi`		No	Specifies where clients can download the latest Windows version MSI 64 Bit of the PowerFolder Client.
Mac Client URL	`web.mac.client.url`	`client_deployment/PowerFolder_Latest_Mac.dmg`		No	Specifies where clients can download the latest Mac version of the PowerFolder Client.
Linux .tar.gz URL	`web.linux.client.url`	`client_deployment/PowerFolder_Latest_Linux.tar.gz`		No	Specifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Linux x86 .deb URL	`web.linux.client.deb32.url`	`client_deployment/PowerFolder_Latest_i386.deb`		No	Specifies where clients can download the latest Linux .deb (i386) version of the PowerFolder Client.
Linux x64 .deb URL	`web.linux.client.deb64.url`	`client_deployment/PowerFolder_Latest_amd64.deb`		No	Specifies where clients can download the latest Linux .deb (amd64) version of the PowerFolder Client.
Linux x86 .rpm URL	`web.linux.client.rpm32.url`	`client_deployment/PowerFolder_Latest.i386.rpm`		No	Specifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Linux x64 .rpm URL	`web.linux.client.rpm64.url`	`client_deployment/PowerFolder_Latest.x86_64.deb`		No	Specifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Versioncheck URL	`web.checkversion.client.url`	`client_deployment/PowerFolderPro_LatestVersion.txt`		No	Specifies where clients can check for the latest version number to show an update dialogue to the user.
Force update of clients if new version is available	`update.force` (must be set in the Default.config!)	`true`	`true` `false`	No	When the client starts it check if it's on the latest version. If not, it will issue a notification to the user. It's also possible to force users to update. If they don't, the client will not continue working.

Information URLs

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
URL / Homepage	`provider.url.main`			No
URL / Shop	`provider.url.buy`			No
URL / Support	`provider.url.support`	https://wiki.powerfolder.com	Test	No	URL of the PowerFolder Support
URL / Support / Setting	`provider.url.support.show_in_menu`	false	true false	No	Whether to show the support link in application menu
URL / Quickstart Guide	`provider.url.quickstart`			No
URL / Documentation	`provider.url.wiki`	Shows Link to PF WIKI	URL	No
URL / Contact Page	`provider.url.contact`			No
URL / Ticket	`provider.url.ticket`			No
URL / Company Page	`provider.url.about`			No
URL / Accessibility Page	provider.url.accessibility	false	true false	No	Server admin can link the accessibitly policy of the service provider in web settings

Network Settings

Hostname and Ports

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Hostname/IP	`hostname`		A valid hostname or IP address	Yes	DNS hostname or IP of the PowerFolder Server, which are also used by the clients to connect.
Data port (TCP)	`port`	`1337`	1-65535	Yes	The port on which PowerFolder Server listens for incoming data connections.
AJP port	`ajp.port`		1-65535	Yes	Apache JServ Protocol port. If this setting is not added to the configuration file, the port is disabled by default.
HTTP port	`plugin.webinterface.port`	`8080`	1-65535	Yes	TCP port under which the web interface will be served.
HTTPS/SSL port	`ssl.port`		1-65535	Yes	TCP port under which the SSL protected web interface will be served. This field will only be used if the SSL Configuration Wizard has been used to import the SSL certificate. When running behind an external webserver, like Apache or Nginx, you should set this to`-1`.
Bind to specific IP	`net.bindaddress`		A valid IP address of a local interface	Yes	IP address to which PowerFolder Server should be restricted to.

Network ID

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Network ID	`networkid`			Yes	The network ID will automatically be generated on the first start of the server. It separates the server from other PowerFolder installations. PowerFolder Clients or Server will only exchange data with other servers or clients which are using the same network ID. Usually it's NOT necessary or recommended to change the ID. It is only required in high-availability setups.

Server Name

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Internal server name	`nick`			Yes	The server name will be displayed in some views of the client, in log files or in the server overview. Changing it will NOT have an influence on any functions.

Server URLs

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Web base URL	`web.base.url`			Yes	The URL on which the web interface can be reached by the clients. This parameter is only necessary if the server fails the detection test (e.g. when using a reverse proxy or NAT) of the web interface. If this parameter is used, it is also required to set the `provider.url.httptunnel` parameter!
Web tunnel URL	`provider.url.httptunnel`			Yes	The URL on which PowerFolder Server is listening for HTTP tunneled connections. This parameter is required when using the `web.base.url` parameter.
Setting not yet available via web	`http.tunnel.service.enabled`	`true`	`true` `false`	Yes	If the server side HTTP tunnel service should be available. URI: `/rpc`
Setting not yet available via web	http.tunnel.service.restricted	true	`true` `false`	Yes	Restricts HTTP tunnel

Security Settings

Folder Security

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Setting not available via web for security reasons!	`security.permissions.server_admin_folder_access`	`true`	`true` `false`	Yes	Defines, if an Administrator is allowed to access all folders of a server installation. If set to `false`, the Administrator will only be shown the folders, he/she has a permission to. His/her username will be shown in auto-complete fields.
Automatically remove folder that are not synced to the server	server.sync.mandatory=	`true`	`true` `false`	No	Controls that no unnecessary folder be synced to the server
Allow passing folder ownership	`folder.change_owner.allowed`	`true`	`true` `false`	No	Controls if it is allowed to change the owner of a folder.
Enable folder admin role	`security.permissions.show_folder_admin`	`true`	`true` `false`	No	Controls if the ADMIN permission on folder level should be available in the web interface and clients. Existing permissions will be left untouched when changing the value.
Enable group admin role	`security.permissions.group_admin.enabled`	`true`	`true` `false`	No	Controls if group admin role is enabled.
Enable folder sharing	`server.invite.enabled`	`true`	`true` `false`	No	Defines if it should be possible for users to invite other users to their folders.
Enable accepting new folder shares	`folder.agree.invitation.enabled`	`false`	`true` `false`	No	Controls if users need to accept invitations first, before they are being added to the members list and have the folder listed under their folders.
Enable link sharing	`web.public.allowed`	`true`	`true` `false`	No	Controls if it's possible to share public links.
Allow sharing on social networks	`social.networks.enabled`	`true`	`true` `false`	No	Controls if sharing on social networks is enabled.
Folder delete permission	`security.folder.delete.permission`	`ADMIN`	`READ` `READ_WRITE` `ADMIN` `OWNER`	No	Defines minimum right for folder deletion.
File history restore permission	`security.folder.archive.permission`	`READ_WRITE`	`READ` `READ_WRITE` `ADMIN` `OWNER`	No	Defines minimum right for restore.
Permission for shared folder via profiles	`security.folder.shared.permission`	`READ_WRITE`	`READ` `READ_WRITE` `ADMIN` `OWNER`	No	Defines default right for folders shared via profile.
Highest permission for limited users	`security.folder.limited_user.permission`	`READ`	`READ` `READ_WRITE` `ADMIN` `OWNER`	No	Defines highest possible permission for limited user.

User Account Security

Web Setting Config File Parameter Config File Default Value Config File Possible Values Restart Required Description

Allow merging user accounts

server.merge_accounts.enabled

false

true
false

No

Defines if users are allowed to merge existing accounts.

If this feature is turned on, user can add an e-mail address to their account. There are two alternative ways to do that:

If this e-mail address is not yet associated with any other account, the user will receive an e-mail to confirm that he/she can access the e-mail account.
If the e-mail address is already associated with anotther account, the user will be redirected to the login page, to enter the password for this account.

In the first case, the e-mail address is simply added to the list of e-mail addresses of the account.

In the second case, both existing accounts will be merged:

The username of the account associated with the e-mail address will become an e-mail address, if it is valid
All e-mails are merged
All licenses are merged
All permissions are merged
All groups are merged
All computers/devices are merged
All notes are merged
If one or both accounts are member of an organization, they are merged according to the table below

Merging account

Account to merge

Not member of an organization

Member of an organization

Not member of an organization

Accounts are merged according to the list above.

Accounts are merged according to the list above. All Folder
the account to merge is owner of will be added to the merging
account's organization. All Folder the account to merge is not
owner of won't be accessible for the merging account.

Member of an organization

The merging account will be added to the organization
of the account to merge. All Folder the merging account
is owner of, will be added to the organization. All Folder
the merging account is not owner of won't be accessible
for the merging account.

The merging account will stay a member of the organization
he/she was in before. All Folder the account to merge is owner of
will be added to the merging account's organization. All Folder
the account to merge is not owner of won't be accessible for
the merging account.

Allow password recovery for users

server.recover.password.enabled

true

true
false

No

Defines if exisiting users should be able to recover their password.

Create user accounts when sharing

server.invite.new_users.enabled

true

true
false

No

Defines if existing users are allowed to invite new users, which doesn't exist in the database yet. On invitation the server will automatically create a new user account for them.

Enable group admin role

security.permissions.group_admin.enabled

false

true
false

No

Enabling the Group Administrator Role lets standard users create groups.
The creator of a group will be a Group Administrator and can invite users to the group.

Enable user self-registration

server.register.enabled

false

true
false

No

Defines if users can register themselves an account.

This option should be only enabled, if you are a Cloud Service Provider and offer trial accounts to new users.

Enable web login for users

web.login.allowed

true

true
false

No

Defines if non-admin users are allowed to login to the webinterface.

Enable auto-complete when sharing

web.invite.auto_complete

true

true
false

No

Controls if auto-complete using all known accounts on that server will be available when inviting someone via web. It's recommended to disable this setting when running a public cloud or when this might be forbidden due to privacy policies.

Enable auto-complete on organizations only

web.invite.auto_complete.org.only

false

true
false

No

Controls if auto-complete using all known accounts on that server will be available for non-organization User when inviting someone via web. If true only User with an organization will be able to use auto-complete.

Enable Extended Securtiy Control

security.permissions.strict

false

true
false

No

Enables Extended Security Control for server and client. Administrators are able to restrict access to certain client functions on the user level:

Open / change preferences
Setup / remove new folders
Change folder settings

Restrict admin login to certain IP Address ranges

login.admin.iplist

172.16.0.0-172.16.255.255
10.16.17.18-11.12.13.15,192.168.1.0-192.168.1.255

No

Allow administrative users to only log in with computers that have a certain IP address.

This configuration entry may contain one or more IP address ranges specified by a dash ('-') between the starting and ending IP address and separated by a comma (',').

Secure login tokens

Web

Mobile apps

Client

security.tokens.enabled

true

true
false

No

Defines if token-based authentication is enabled and the validity period of tokens.

Individual login tokens for:

Web

Mobile apps

Client

security.tokens.web.valid.time.seconds

security.tokens.apps.valid.time.seconds

security.tokens.client.valid.time.seconds

2592000

31536000

No

Server admins can provide indiidual login token duration in seconds.

Organization Security

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Allow organization admin access to folders	`security.permissions.org_admin_folder_access`	`true`	`true` `false`	No	Defines, if an Administrator of an organization is allowed to access all folders of a server installation. If set to `false` , the Administrator will only be shown the folders, he/she has a permission to. His/her username will be shown in auto-complete fields.
Allow organizations created by users	`web.org.create_by_user`	`false`	`true` `false`	No	Controls if a user is allowed to create an own organization.
Maximum number of users in organization	`server.register.org.max_users`	999	Number between 0 and 999	No	The maximum of users in organization created by a user. Must be less than the number of users of your license.
Setting not yet available via web	`server.register.org.inherit`	true	true false	Yes	If changed to server.register.org.inherit=false a new invited user is not belonging to the same organisation as the invitor

File Link Security

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Create random file links	file_link.random_ids.enabled=	true	true false	No	Allow user to create always a new random file link after deletion of the old one.
Validity time default (days)	`file_link.validity.default`		`0` 39	No	Set a default value of days a newly generated file link should be valid. Remove value if no default should be specified.
Validity time maximum (days)	`file_link.validity.maximum`		0 39	No	Set a maximum value of days that can be set for file links. If no default value is specified, the maximum value will be taken as default. Remove value if no maximum should be specified. Also sets the maximum validity of Upload Forms.
Number of downloads default	`file_link.max_downloads.default`		0 82	No	Set a default value of downloads for a file link. Remove value if no default should be specified.
Numer of downloads maximum	`file_link.max_downloads.maximum`		0 82	No	Set a maximum value of downloads for a file link. If no default value is specified, the maximum value will be taken as default. Remove value if no maximum should be specified.
Password Policy	`file_link.password_policy`	`OPTIONAL`	`OPTIONAL` `RECOMMENDED` `REQUIRED`	No	Specify if a password is `optional` (file links don't need a password set), `recommended` (file links don't need a password but the user is asked to set one anyway, the "More options" panel is opened automatically) or `required` (file links need a password, the "More options" panel is opened automatically)
Allow Upload Links	file_link.allow_uploads	false	true false	No	Allows external users to upload files in generated file links without registration. Available with version 11.4 or higher
Setting not yet available via web	file_link.upload_mails		Valid mail address	Yes	Allows the server administrator to monitor the usage of the upload forms feature. A mail is sent to the specified mail address when a user upload any data to an upload forms. Available with version 11.4 or higher
Validation days for file upload links	file_link.validation_days	1		No	Sets validation days for upload links.

SMTP Settings

SMTP Server Settings

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
SMTP hostname	`mail.smtp.host`			Yes	Defines the hostname of the SMTP server. It's possible to append a port number, if the SMTP server uses a port other than 25: `mail.smtp.host=smtp.example.com:465`
SMTP username	`mail.smtp.user`			Yes	Defines the username used to authenticate against the SMTP server.
SMTP password	`mail.smtp.password`			Yes	Defines the password of the username used to authenticate against the SMTP server.
Enable TLS support	`mail.smtp.starttls.enable`	`false`	`true` `false`	Yes	Controls if the connection to the SMTP server should use TLS.
Enable Microsoft Exchange support	`mail.smtp.exchange`	`false`	`true` `false`	Yes	Defines if the mail server is a Microsoft Exchange server.

SMTP Headers

Web Setting	Config File Parameter	Restart Required	Description
Admin email	`mail.admin.email`	No	Defines the email address of the administrator for server notifications.
From email	`mail.defaultfrom.email`	No	Defines which email address should be used in the From header in emails sent to users.
From name	`mail.defaultfrom.name`	No	Defines which name should be used in the From header in emails sent to users.
Reply-to email	`mail.defaultreplyto.email`	No	Defines which email address should be used in the Reply-to header in emails sent to users.
Reply-to name	`mail.defaultreplyto.name`	No	Defines which name should be used in the Reply-to header in emails sent to users.

Mail Settings

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Send introduction mail to new users	`mail.send.registration`	`true`	`true` `false`	No	Controls if users should get a welcome mail when a new user account is registered. It's possible to disable sending welcome registration mails.

Web Settings

Appearance

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Browser title	`web.title`			No	Sets the browser title which will be displayed on on the PowerFolder Server web interface.
Select skin	`plugin.webinterface.skin`			No	The drop-down will offer a list of skins found in the skins folder.
Create skin				No	When filled and saved, a new sub-directory with the given will be created in the skins folder, which will contain a copy of the default skin.
Primary color	`web.color.primary`			No	Sets the primary color used in the web interface.
Secondary color	`web.color.secondary`			No	Sets the secondary color used in the web interface.
Button text color	`web.color.background`			No	Sets the button text color used in the web interface.
Border color	`web.color.border`			No	Sets the border color used in the web interface.
Text color	`web.color.text`			No	Sets the text color used in the web interface.
Version of the Terms of Service Allow LDAP accounts to skip Terms Of Service	server.tos.version server.tos.skip.ldap	false	Number true	No No	Terms of service When set to true, accounts authenticated by LDAP are not required to accept the Terms Of Service.

Features

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Set minumun client version to connect Setting not yet available via web	net.version.minimum	empty	17.4.100	Yes	Controls that a minum version is comaptible with server and allowed to connect.
Set lenght of the words in the web search Setting not yet available via web	web.invite.auto_complete.minimum_input_length	empty	1 and onwards	Yes	Controls the lenght of words that are used for search in web (file links, groups and organisation)
Enable Client Download	`web.download_app.enabled`	`true`	`true` `false`	Yes	Controls if it's possible to download the clients on the web interface.
Enable Music Player	`web.musicplayer.enabled`	`true`	`true` `false`	Yes	Controls if the music player will be available when browsing folders.
Enable News	`web.news.enabled`	`true`	`true` `false`	Yes	Controls if the web interface should offer a News tab to show recently changed folder content.
Enable Telephone Fields	`web.telephone.enabled`	`true`	`true` `false`	Yes	Controls if users are allowed to enter their telephone number.
Enable WebDAV	`web.dav.enabled`	`true`	`true` `false`	Yes	Controls if it's possible for users to access their folders via WebDAV.
Enable ZIP compression	`web.zip.compression`	`true`	`true` `false`	Yes	Controls if HTTP ZIP compression is activated. It might be useful to disable if a proxy is used which already compresses HTTP elements.
Setting not yet available via web	file_link.upload_landing_page	false	true false	Yes	Activates the Upload Forms Feature. It enables the possibility for the user to create a landing page for a folder where user can upload files.
Location display in user account devices tab Setting not yet available via web	web.location.enabled	true	true false	Yes	Displays device location on devices tab in user accounts

Document Viewing

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
Enable external document viewers	`web.inline_view`	`false`	`true` `false`	No	Controls if certain filetypes will be displayed inline by an external document viewer, which can be either Google Docs or Microsoft Office Documents Online Viewer. Which of those providers will be used depends on the file extension: `.doc`,`.docx`,`.xls`,`.xlsx`,`.ppt` and `.pptx` will be opened using Microsoft Office Documents Online Viewer. `.ai`,`.eps`,`.pages`,`.ps`,`.psd`,`.svg`,`.tif` and `.tiff` will be openend using Google Docus Online Viewer. Please note that this function will make the viewed document temporarily available to the providers of those two services.
Browser extensions	`web.inline_view.in_browser.extensions`	`pdf\|txt`	Pipe-separated list of extensions	No	Controls which extensions should be handled by the browser instead of the external document viewers.
Google Docs API	`web.inline_view.google`	`http://docs.google.com/viewer?url=%URL%&embedded=true`		No	Sets the URL to the Google Docs Document Viewer API.
Google Docs extensions	`web.inline_view.google.extensions`	`pages\|ai\|psd\|tif\|tiff\|eps\|ps\|svg`	Pipe-separated list of extensions	No	Controls which extensions will be displayed inline by the Google Docus Document Viewer.
Microsoft Office API	`web.inline_view.ms_office`	`https://view.officeapps.live.com/op/embed.aspx?src=%URL%`		No	Sets the URL to the Microsoft Office Document Viewer API.
Microsoft Office extensions	`web.inline_view.ms_office.extensions`	`doc\|docx\|xls\|xlsx\|ppt\|pptx`	Pipe-separated list of extensions	No	Controls which extensions will displayed inline by the Microsoft Office Document Viewer.
Enable gallery viewer	`web.inline_view.gallery`	`true`	`true` `false`	No	Controls if pictures should be displayed in the gallery view or if they should be downloaded.
ONLYOFFICE URL	web.inline_view.onlyoffice.url	https://docapi.powerfolder.com		No	URL to OnlyOffice server
ONLYOFFICE Extensions	web.inline_view.onlyoffice.extensions	pptx\|xlsx\|ppt\|doc\|odp\|odt\|xls\|docx\|ods	Pipe-separated list of extensions	No	Extensions to open with OnlyOffice
ONLYOFFICE Session Timeout (sec)	web.inline_view.onlyoffice.session.timeout.seconds	86400	Every value > 0	No	Timeout for OnlyOffice sessions
Setting not yet available via web	web.inline_view.browser.whitelist	txt\|png\|jpg\|jpeg\|gif\|pdf	Every File extensions that is save to open in web.	Yes	Controlls if a file can get opened in web by adding ?inline to the URI. Prevents users to share malware via html for example and send a link that opens directly in browser.

Web Server configuration

(Please read the following article for more information: https://www.eclipse.org/jetty/documentation/9.3.x/high-load.html )

Web Setting

Config File Parameter

Config File Default Value

Config File Possible Values

Restart Required

Description

n/a

web.threadpool.min

0

e.g. 50

Yes

Web worker threadpool minimum size

n/a

web.threadpool.max

254

e.g. 500

Yes

Web worker threadpool maximum size
Thread Pool

Configure with goal of limiting memory usage maximum available. Typically this is >50 and <500

n/a

web.acceptors

2

e.g. 8

Yes

Number of acceptors and selectors:
Acceptors

The standard rule of thumb for the number of Accepters to configure is one per CPU on a given machine.

Files API configuration

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values	Restart Required	Description
n/a	overwrite=true		true false	Yes	overwrite files from versioning if currently existing