Server Configuration File

In this article you will find all available settings which can be set in the server configuration file. Most of those settings can also be set in the web interface.


Location and Format

The PowerFolder.config server configuration file location depends on the operating system:

  • Windows 7/8/10/2008 R2/2012 R2/2016: C:\ProgramData\PowerFolder\PowerFolder.config
  • Linux and Mac: ~/.PowerFolder/PowerFolder.config

The format is a simple text base formats with key=value formatted lines. Comments can be inserted with by adding a # (dash) in front of each line.


General Settings

Admin Account Settings

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Admin usernameplugin.webinterface.usernameadmin
 Yes

The username of the account which has full control over the server and all its settings.

(Info) When inserting the parameter into the config file, the server will rename the current admin to the specified name and remove the parameter afterwards.

Current password



The password of the account specified above.
New passwordplugin.webinterface.passwordpassword

Yes

The new password for the account specified above (required when the password should be changed).

(Info) When inserting the parameter into the config file, the server will set the specified password for the the current admin and remove the parameter afterwards.

Confirm new password



The confirmation for the new password for the account specified above (required when the password should be changed).

Licensing

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
PowerFolder.com E-Mail


YesPowerFolder.com account of the licensee for PowerFolder Server. This account also holds the microcredit purchased with the product. Usually this field is already filled due to the initial activation of PowerFolder Server.
PowerFolder.com Password


Yes

PowerFolder.com password of the account specified above.

Limit users per Server
license.limit.user

Any numeric valueYesTo limit the maximum number of users.

Logging

Web SettingConfig SettingConfig Default ValueConfig Possible ValuesRestart RequiredDescription

Console Log Level

log.console.levelINFO
  • FINER
  • FINE
  • INFO
  • WARNING
  • SEVERE
  • OFF
Yes

Sets the log detail level for the web console.

(warning) High log levels result in reducing overall system speed.

File Log Level


log.file.levelINFO
  • FINER
  • FINE
  • INFO
  • WARNING
  • SEVERE
  • OFF
Yes

Sets the log detail level for the log files.

(warning) High log levels result in reducing overall system speed.

Enable log file rotation


log.file.rotatetrue
  • true
  • false
YesControls if the log files should be rotated after a specified number of days. If enabled, the oldest log file will be deleted after it expired.

Log file rotation days


log.file.keep.days31
  • A valid positive number
Yes

Defines the number of days after the oldest log file will be deleted.

Syslog server hostname

log.syslog.host
  • A valid hostname
YesDefines the hostname of a Syslog server to log to. If a hostname will be defined, the logging will be automatically enabled.

Syslog server port


log.syslog.port514
  • 1-65535
YesDefines the port of a Syslog server to log to.

Syslog server level


log.syslog.levelINFO
  • FINER
  • FINE
  • INFO
  • WARNING
  • SEVERE
  • OFF
Yes

Defines the level of log output for the Syslog server.

(warning) High log levels result in reducing overall system speed.

Log transfers


plugin.pro.monitor.transfer.use_csv
plugin.pro.monitor.transfer.use_sql 
false
  • true
  • false
Yes

Defines if data transfers of files and directories should be logged. This setting has three values:

  • Disabled - No transfers are logged
  • CSV file - All transfers will be logged in comma separated files in sub-directories named after the current date.
  • Database: All transfers will be logged in the internal/external database table TransferLogEntry.

(Info) Transfer Monitoring is described in an extra article in our documentation.

Log active threads

log.active_threads

false


  • true
  • false
Yes

Will log all active threads. Only enable this option our support requests you to do so.

(warning) Might reduce system speed significantly!

Log web requests

web.dump.requestsfalse
  • true
  • false
YesWill log all web requests. Only enable this option if our support requests you to do so.

Database Settings

The following entries got introduced in version 14.2.13

There are many more entries but you might only see the following ones if you used a database prior v. 14.2.13.

Please review hibernate and c3p0 documentation for all possible configuration entries

(info) Please be cautious changing these settings since it might result in corrupted databases or not working database connections!

Setting (warning) Setting not available via webConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Database Connection URL

hibernate.connection.url

Yes

Database user

hibernate.connection.username

Yes

Passeword for database user

hibernate.connection.password

Yes

Max Connection Pool Size

hibernate.c3p0.max_size

Yes

Log SQL queries to log file

hibernate.show_sql

Yes

Format SQL queries 

hibernate.format_sql

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.dialect

Yes
How many new pooled connection get createdhibernate.c3p0.acquire_increment

Yes

How long should the server wait until it tests the sql connectivity

hibernate.c3p0.idle_test_period

Yes

Minimum size for the connection pool

hibernate.c3p0.min_size

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.c3p0.timeout

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.cache.provider_class

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.cache.use_query_cache

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.cache.use_second_level_cache

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.connection.driver_class

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.connection.provider_class

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.connection.release_mode

Yes

(Fehler) Do NOT change this setting as this may damage your system.

hibernate.current_session_context_class

Yes

Maintenance Folder

SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Maintenance Folder Path

*Cannot *be changed with reload (requires restart)




Yes

Shows the current location of the Server Maintenance Folder.

Maintenance Folder ID

*Cannot *be changed with reload (requires restart)

plugin.server.maintenancefolderid

YesDefines the ID of the Server Maintenance Folder. Please only modify the value if preparing the servers to run in a high availability setup.

Cluster Config Synchronisation

(Fehler) Setting not yet available via web

*Cannot *be changed with reload (requires restart)

config.clustertrue
  • true
  • false
YesEnables synchronisation of cluster settings via Server Maintenance Folder (Cluster.config).

Proxy

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
HTTP proxy hosthttp.proxy.host
  • A valid hostname
No

Proxy server to connect to for outbound HTTP/S connections.

HTTP proxy porthttp.proxy.port80
  • 1-65535
NoProxy server port.
HTTP proxy usernamehttp.proxy.username

NoUsername required to access the proxy server.
HTTP proxy passwordhttp.proxy.password

No

Username required to access the proxy server.

User Accounts

SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Database user account defaults


NoA link to the profile for database users.
LDAP user account defaults


NoA link to the profile for LDAP users.
RADIUS user account defaults


NoA link to the profile for RADIUS users.
Account validity (days)server.register.os.days-1
  • Setting server.register.os.days to 0 or -1 will result in no valid till date being set -> Accounts are valid from now on forever
  • Setting server.register.os.days to a number > 0 will set a valid till date of number of days in the future
  • Setting server.register.os.days to a number < -1 will set a valid till date of number of days in the past, resulting in a disabled account
NoDefines the default number of days a new account should be valid.

Register language

(Fehler) Setting not yet available via web

server.register.languageNot set, uses system languageSee descriptionYesCan be set to a two letter language code to set language for new accounts e.g.
server.register.language=de
Login script to uselogin.script
  • A full path to an executable script
No

Will be executed after each user login / authentication via client or web portal. Example:

login.script=http://myserver/process_login.php

(Glühbirne) The server will add an entry to the log if the script was executed successfully or not. On Linux it's possible to pass messages to stdout and stderr, so they will be added to the logs. Example:

echo This is a stdout test >&1
echo This is a stderr test >&2
Wait for login scriptlogin.script.waitfalse
  • true
  • false
NoControls if other server processes will wait for the login script to finish.
Login type to useserver.username.isemailboth
  • true: Field label will be "Email", login field only accepts logins containing an 'at' (@) and a "dot" (.) sign after that. The first email from LDAP will be set as username.
  • false: Field label will be "Username", login field doesn't check the format.
  • both: Field label will be "Username/Email", login field doesn't check the format.
  • <custom>: Field label will be the value specied (replace <custom> with a label of your choice), login field doesn't check the format.
No

Controls:

  • if usernames are allowed, which don't include an 'at' (@) and a "dot" (.) sign after that.
  • what kind of label the login field in the web and client interface has

(Info) The setting also applies to LDAP, so users are forced to use either the mail or userPrincipalName attribute (or any other attribute including an email-like value) if true is specified.

Invites per email

server.invite.validate_email.enabled

  • false
  • true
  • false
NoControls that the invitations should only be send to email addresses not usernames only
Message if user account has expiredserver.register.account_expiredYour account is invalid
  • Any text message
NoA message to the user, if his/her account has expired.
Message if user account is not yet validserver.register.account_not_yet_validYour account is not valid yet
  • Any text message
NoA message to the user, if his/her account is not yet valid.

Authentication Settings

LDAP / Active Directory

LDAP configuration entries available with version 11.5. Please also watch New LDAP configuration files

<index> priorizes the LDAP Server. The server requests the LDAP servers sorted by these numbers.

For PowerFolder versions pre 11.5 watch our old LDAP Configuration entries

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Only a visual entry in Web UIldap.<index>.server.nameLDAP 0, LDAP 1, LDAP 2, ...Any stringYes

Describing name for the UI.

LDAP hostname
ldap.<index>.server.url

LDAP Server URL starting with ldap:// or ldaps://

Examples:

Yes

Contains the hostname, port and SSL settings of the directory server server.

Username suffixes

ldap.<index>.server.username_suffixes

Examples:

YesComma-separated string of the user name suffixes to establish a mapping between user groups and an LDAP/AD server.

LDAP username

ldap.<index>.search.username

Example:

administrator@example.com

Yes

The distinguished name of the user to use when connecting to the directory server.

(Fehler) Setting not available via web

ldap.<index>.search.passwordobf

Must not be set by user.

YesThe hidden password of the search.user. Is generated automatically.
LDAP password
ldap.<index>.password


Yes

The password of the search.user. Is transferred to search.passwordobf and then deleted from the configuration file.


Search contextldap.<index>.search.base dc=company,dc=local
Yes

Description of the accounts in the LDAP tree, below which you want to search for users, groups, and organizations.

Mapping of organization

ldap.<index>.search.org.depth 0

0=No organisation mapping

1=Single Domain mapping

2=Multi Domain Mapping

Yes
To what depth below the search.base you want to search for and import organizations.

Search match criteria

ldap.<index>.search.expression

(|(sAMAccountName=$username)(mail=$username)(userPrincipalName=$username)(uid=$username)(distinguishedName=$username))


YesSearch filter used to identify the user. $username is a placeholder replaced by the name of the user.
Search context for groups
ldap.<index>.search.expression.groups
(|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group))
YesSearch filters that identify the groups.

Attribute identifying the member in a group

ldap.<index>.search.groups.member
 member
YesAttribute that identifies the members of a group. In an ActiveDirectory, a group contains the member attributes.
Attribute identifying a group of a user
ldap.<index>.search.groups.member_of

memberOf


YesAttribute that identifies the groups of a user. In an ActiveDirectory, a user contains the memberOf attributes.

Synchronize LDAP

ldap.<index>.sync.type

0

0=No users

1=Only already imported users

2=All users in LDAP

Yes

Rule how users should be imported from an LDAP/AD.

Synchronize LDAP
ldap.<index>.sync.time

0


YesTime interval in hours between automatic user imports.
Match accounts by mail attributeldap.<index>.accounts.match_email

true

  • true
  • false
Yes

Should users known to the PowerFolder server be merged with information from LDAP/AD if the e-mail address matches?

(Fehler) Setting not available via web

ldap.<index>.sync_groups.enabledfalse
  • true
  • false
YesShould groups be imported from LDAP/AD?
Import match criterialdap.<index>.import.expression

Example:

  • (objectClass=person)
  • (&(objectClass=person)(!(objectClass=computer)))
YesFilters that identify users. For OpenLDAP (objectClass=person) and for ActiveDirectory (&(objectClass=person)(!(objectClass=computer)))

Mapping of additional E-Mail addresses

ldap.<index>.mapping.mail_addresses
 mail,mailAddresses,proxyAddresses
YesComma-separated string containing the attributes to be added to a user as e-mails.

Mapping of account name

ldap.<index>.mapping.usernamesAMAccountName,uid
YesComma-separated string containing the attributes that identify a user name. The first appropriate attribute is used to set the user name.

Mapping of given name

ldap.<index>.mapping.given_name

givenName


YesComma-separated string of attributes that identify the first name.

Mapping of common name

ldap.<index>.mapping.common_name

cn,commonName


YesComma-separated string of the attributes representing the common name, e. g. the full name, if it is a person.

Mapping of middle name

ldap.<index>.mapping.middle_name

middleName


YesComma-separated string of the attributes containing the middle names.

Mapping of surname

ldap.<index>.mapping.surname

sn,surname


YesComma-separated string of attributes containing the last name.

Mapping of the display name

ldap.<index>.display_name

displayName,name


YesComma-separated string of attributes containing the display name.

Mapping of telephone number

ldap.<index>.mapping.telephone

mobileTelephoneNumber,telephoneNumber,mobile


YesComma-separated string of attributes containing telephone numbers.

Mapping of account expiration date

ldap.<index>.mapping.expiration

accountExpires


YesComma-separated string of the attributes that contain an expiration date for a user.

Mapping of date the account is valid from

ldap.<index>.mapping.valid_from

validFrom


YesComma-separated string of the attributes that contain a validity date for a user.
Mapping of the account quotaldap.<index>.mapping.quota

quota


YesComma-separated string of the attributes that contain the quota for a user.

(Fehler) Setting not available via web

ldap.<index>.mapping.quota.unit

GB
  • TB
  • GB
  • MB
YesSize unit for the quota of a user.
MFAmfa.enabled
  • true
  • true
  • false
NoControls to activate the MFA for all accounts (admin + user)

Kerberos SSO

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Enable Single Sign-On via Kerberoskerberos.sso.enabledfalse
  • true
  • false
Yes

Controls if Kerberos support for server and client is enabled or not.

Domainkerberos.sso.realmWORKGROUP
  • A valid Active Directory domain name
YesSpecifies the Active Directory Domain name.
Key Distribution Centerkerberos.sso.kdc
  • A valid KDC
YesSpecifies the Active Directory Key Distribution Center (KDC). Most likely this will be your domain controller.
Service Principal Namekerberos.sso.service_namedomain/hostname
  • A valid registered SPN
Yes

Specifies the Service Prinicipal Name created for the machine which is running PowerFolder Server.

RADIUS

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Enable RADIUS authentication


Yes

Controls if RADIUS support will be enabled in the server.

RADIUS hostnameradius.server

Example:

YesSpecifies the hostname and (optional) port for the RADIUS server.
RADIUS shared secretradius.sharedsecret

YesSpecifies the shared secret for communication with the RADIUS server.
RADIUS protocolradius.authPEAP
  • EAPMD5
  • EAPMSCHAPV2
  • EAPTLS
  • EAPTTLS
  • PEAP
  • MSCHAPV1
  • MSCHAPV2
  • CHAP
  • PAP
YesSpecifies the proctol to use for communication with the RADIUS server.
RADIUS timeoutradius.timeout.seconds30
YesSpecifies when RADIUS server communication should time out.

Shibboleth

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Enable Shibboleth authenticationshibboleth.enabledfalse
  • true
  • false
Yes

Controls if Shibboleth support will be enabled in the server.

Federation Metadata URLshibboleth.metadata.url
YesDefines the URL to receive the Metadata from.
Discovery Feed URLshibboleth.serviceprovider.url
  • A valid URL (optional)
YesDefines the URL to the Discovery Feed.

Enable organization mapping

shibboleth.create.organizationstrue
  • true
  • false
YesControls if Shibboleth organizations should be mapped to PowerFolder organizations.

Organization attribute

shibboleth.organizations.attributeo
  • A valid organization attribute
YesDefines the organization attribute.
Auto-create organizations on loginshibboleth.create.organizationstrue
  • true
  • false
YesControls if organizations created automatically on login.
Session-Identifier (ID) attribute shibboleth.attribute.sessionidShib-Session-ID
  • A valid Session-Identifier (ID) attribute
YesDefines the Session-Identifier attribute.
Persistent-Identifier (ID) attributeshibboleth.attribute.persistentidpersistent-id,uniqueID
  • A valid Persistent-Identifier (ID) attribute
YesDefines the Persistent-Identifier (ID) attribute.
Username attributeshibboleth.attribute.usernameeppn,EPPN,eduPersonPrincipalName
  • A valid Username attribute
YesDefines the Username attribute.
Mail attributeshibboleth.attribute.mailmail,email
  • A valid Mail attribute
YesDefines the Mail attribute.
Match accounts by mail attributeshibboleth.accounts.match_emailtrue
  • true
  • false
YesControls if accounts are matched by mail attribute.
Given name attributeshibboleth.attribute.givennamegivenName
  • A valid Given name attribute
YesDefines the Given name attribute.
Surname attributeshibboleth.attribute.surnamesurname,sn
  • A valid Surname attribute
YesDefines the Surname attribute.
Expiration attributeshibboleth.attribute.expiration
  • A valid Expiration attribute
YesDefines the Expiration attribute.
Custom attribute 1shibboleth.attribute.custom1affiliation,eduPersonScopedAffiliation
  • A valid Custom attribute 1
YesDefines the Custom attribute 1.
Custom attribute 2shibboleth.attribute.custom2
  • A valid Custom attribute 2
YesDefines the Custom attribute 2.
Custom attribute 3shibboleth.attribute.custom3
  • A valid Custom attribute 3
YesDefines the Custom attribute 3.
Discovery feed URL
server.idp.disco_feed.url

A valid URL.YesLoads the identity provider list from this URL. Identity providers are selectable by end-users for login.
Names of external organizationsserver.idp.external_names
  • Default is empty
  • Comma separated list of names to be displayed in IdP dropdown list as "other external" users
    Example:
    server.idp.external_names=Gastkennungen/Guests,!Org Beispiel 1,!Org Beispiel 2,!Org Beispiel 3,!Firma aus M\u00FCnchen,!KEIN_RECOVERY,MIT_RECOVERY
Yes

Defines the names of external organizations added to the identity provider list loaded from the discovery feed. Selecting any organization of this list during login will authenticate the user vs. non-SAML sources, such as LDAP, Database or RADIUS if setup.

If an exclamation mark is added in front of the organization name, password recovery won't be available for that organization (e.g. LDAP).

Authentication Order

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Authentication order

*Cannot *be changed with reload (requires restart)

security.auth.order
  • ldap
  • rad
  • shibboleth
  • db
Yes

Defines in which order the server will contact different authentication sources to authenticate users.

Activating federated login
server.federation.login_enabled

  • true
  • false
Yes

Defines, if the server is acting as a central login page for federated services to search for the provider that hosts and forwards to the external service.

Activating federated sharingserver.federation.sharing_enabledtrue
  • true
  • false
YesFederation setup is possible, but sharing/invites not yet.
Useful with AccountsAPI findDuplicatesInFederation
Activate merging of duplicate accounts in federationserver.federation.auto_merge_accountsfalse
  • true
  • false
YesAutomatically finds and merges accounts, which have same email addresses but on different services within the federation. This check is performed during login and periodically in the background.

Storage Settings

Storage

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Default storage pathfoldersbase
  • Windows: C:\ProgramData\PowerFolder\PowerFolders
  • Linux: ~/PowerFolders

Example:

  • foldersbase=D:\PowerFolders
  • foldersbase=\\exampleserver\PowerFolders\
  • foldersbase=/home/user/PowerFolders
Yes

The directory on your disk, which is used by PowerFolder Server to store new folders.

Add new folders in the default storage path automatically

look.for.folder.candidatesfalse
  • true
  • false
NoControls if a new folder in the default storage path should be automatically managed by the server.
Create user-based directory schemecreate.folder.path.pattern$username/$foldername

Example:

  • $username/$foldername
  • $username
  • $foldername
  • $username/PowerFolders/$foldername
NoSub-directory pattern relative to the folderbase directory of the server. Two placeholders are possible: $username will be replaced by the username of the user who creates a folder. $foldername will be replaced by the name of the folder the user creates.
Delete non-managed folders from default storage pathplugin.server.folders.auto_removefalse
  • true
  • false
YesControls if the server should move unused folders (not assigned to any existing user) from its folderbase to a sub-directory in the folderbase, which is called BACKUP_REMOVE. The check runs every hour. The contents of the BACKUP_REMOVE directory have to be deleted manually.
Move folders to backup directory when users delete themserver.folders.delete_datatrue
  • true
  • false
No

Controls how to handle removals of folders by a user (owner or admin of a folder) in the client or the web interface. By default the server moves the contents/files to a directory called BACKUP_REMOVE. Set this option to false to prevent any file system changes when a user deletes a folder.

Mount folders dynamically in high-availability setups

*Cannot *be changed with reload (requires restart)

folders.mount.dynamicfalse
  • true
  • false
Yes

Controls if folders will only be actively managed if the folder is really served by the same node. 

(error) Not compatible with create.folder.use.existing=FALSE Data loss occurs!

Mount folders after user log in

folders.mount.keep.seconds

3600
NoMounts the folder two hours after user login.

Use existing folders with the same name

create.folder.use.existingtrue
  • true
  • false
NoControls if the server should delete an existing folder if a client tries to create a new one with the same name. Otherwise the server creates new empty directories appending numbers, like (2),(3),...
(Warnung) Does not backup the contents of the existing folder if enabled.
Preserve NTFS filesystem permissionsfolder.copy_after_transfer.enabledfalse
  • true
  • false 
NoControls if a transfered file is moved from the temporary transfer directory. If enabled the transfered file will be copied and deleted from the temporary transfer directory.

Use filesystem API to watch for changes

*Cannot *be changed with reload (requires restart)

folder.watcher.enabledtrue
  • true
  • false 
YesControls if folder changes will be recognized using filesystem APIs. If disabled, changes will be detected only if the folder is accessed by a client.

(Fehler) Setting not yet available via web

storage.stickyness.accountstrue
  • true
  • false
YesKeeps one user account sticked to the same storage path, if multiple storage paths are configured.
(Fehler) Setting not yet available via web
folder.storage.path.check=
true
  • true
  • false
Yes

Controls that the user folder will remain in the same folder base path when there are more than one base paths available in a cluster or single-server 

Checks periodically if the folder path on server storage still is correctly for this user.

E.G. If the ownership rights of a folder are transferred to another user, this function moves the folder into the correct directory on the server to keep the data structure clear for administrative purposes

(Fehler) Setting not yet available via web

folder.storage.path.report

false
  • true
  • false
Yes

Only writes the log entries but doesn't move files or folders, it is basically a reporting feature.

Archiving

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Archivingdefault.archive.versions5
  • A valid number of version
No

Controls the default number of versions of new folders kept on the server

Archiving durationarchive.cleanup.days0
  • A valid number of days
NoControls how many days archived file is kept. (0 = infinite number of days).
Archived files in client
filedb.deleted.maxage
93312000
NoPrevents old archive files uploaded to server

Customization Settings

Download URLs

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Android App URLweb.android.client.urlhttps://market.android.com/details?id=de.goddchen.android.powerfolder.A


No

Specifies the link to the Android app in the Google Play Store

iOS App URLweb.ios.client.urlhttps://itunes.apple.com/de/app/powerfolder/id536214931?mt=8


NoSpecifies the link to the iOS app in the Apple Store
Windows Client URLweb.download.client.urlclient_deployment/PowerFolder_Latest_Installer.exe


NoSpecifies where clients can download the latest Windows version of the PowerFolder Client.
Windows x64 .msi URL
web.download.client.x64.msi.url
client_deployment/PowerFolder_Latest_Installer_x64.msi
NoSpecifies where clients can download the latest Windows version MSI 64 Bit of the PowerFolder Client.
Mac Client URLweb.mac.client.urlclient_deployment/PowerFolder_Latest_Mac.dmg
NoSpecifies where clients can download the latest Mac version of the PowerFolder Client.
Linux .tar.gz URLweb.linux.client.urlclient_deployment/PowerFolder_Latest_Linux.tar.gz
NoSpecifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Linux x86 .deb URLweb.linux.client.deb32.urlclient_deployment/PowerFolder_Latest_i386.deb
NoSpecifies where clients can download the latest Linux .deb (i386) version of the PowerFolder Client.
Linux x64 .deb URLweb.linux.client.deb64.urlclient_deployment/PowerFolder_Latest_amd64.deb
NoSpecifies where clients can download the latest Linux .deb (amd64) version of the PowerFolder Client.
Linux x86 .rpm URLweb.linux.client.rpm32.urlclient_deployment/PowerFolder_Latest.i386.rpm
NoSpecifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Linux x64 .rpm URLweb.linux.client.rpm64.urlclient_deployment/PowerFolder_Latest.x86_64.deb
NoSpecifies where clients can download the latest Linux .tar.gz version of the PowerFolder Client.
Versioncheck URLweb.checkversion.client.urlclient_deployment/PowerFolderPro_LatestVersion.txt
NoSpecifies where clients can check for the latest version number to show an update dialogue to the user.
Force update of clients if new version is available

update.force

(Warnung) (must be set in the Default.config!)

true
  • true
  • false
NoWhen the client starts it check if it's on the latest version. If not, it will issue a notification to the user. It's also possible to force users to update. If they don't, the client will not continue working.

Information URLs

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
URL / Homepageprovider.url.main


No


URL / Shop

provider.url.buy



No
URL / Supportprovider.url.support https://wiki.powerfolder.com TestNoURL of the PowerFolder Support
URL / Support / Settingprovider.url.support.show_in_menufalse
  • true
  • false
NoWhether to show the support link in application menu
URL / Quickstart Guideprovider.url.quickstart

No
URL / Documentationprovider.url.wikiShows Link to PF WIKIURLNo
URL / Contact Pageprovider.url.contact

No
URL / Ticketprovider.url.ticket

No
URL / Company Pageprovider.url.about

No
URL / Accessibility Page provider.url.accessibilityfalse
  • true
  • false
NoServer admin can link the accessibitly policy of the service provider in web settings

Network Settings

Hostname and Ports

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Hostname/IP

hostname
  • A valid hostname or IP address
Yes

DNS hostname or IP of the PowerFolder Server, which are also used by the clients to connect.

Data port (TCP)

port1337
  • 1-65535
YesThe port on which PowerFolder Server listens for incoming data connections.

AJP port

ajp.port
  • 1-65535
YesApache JServ Protocol port. If this setting is not added to the configuration file, the port is disabled by default.

HTTP port

plugin.webinterface.port8080
  • 1-65535
YesTCP port under which the web interface will be served.

HTTPS/SSL port

ssl.port
  • 1-65535
Yes

TCP port under which the SSL protected web interface will be served.

(Info) This field will only be used if the SSL Configuration Wizard has been used to import the SSL certificate. When running behind an external webserver, like Apache or Nginx, you should set this to-1.

Bind to specific IP

net.bindaddress
  • A valid IP address of a local interface
YesIP address to which PowerFolder Server should be restricted to.

Network ID

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Network ID

networkid


Yes

The network ID will automatically be generated on the first start of the server. It separates the server from other PowerFolder installations. PowerFolder Clients or Server will only exchange data with other servers or clients which are using the same network ID. Usually it's NOT necessary or recommended to change the ID. It is only required in high-availability setups.

Server Name

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Internal server namenick


Yes

The server name will be displayed in some views of the client, in log files or in the server overview. Changing it will NOT have an influence on any functions.

Server URLs

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Web base URL

web.base.url


Yes

The URL on which the web interface can be reached by the clients. This parameter is only necessary if the server fails the detection test (e.g. when using a reverse proxy or NAT) of the web interface.
(Warnung) If this parameter is used, it is also required to set the provider.url.httptunnel parameter!

Web tunnel URL

provider.url.httptunnel


YesThe URL on which PowerFolder Server is listening for HTTP tunneled connections. This parameter is required when using the web.base.url parameter.

(Fehler) Setting not yet available via web

http.tunnel.service.enabledtrue
  • true
  • false
YesIf the server side HTTP tunnel service should be available. URI: /rpc
(Fehler) Setting not yet available via webhttp.tunnel.service.restrictedtrue
  • true
  • false
YesRestricts HTTP tunnel

Security Settings

Folder Security

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

(Fehler) Setting not available via web for security reasons!

security.permissions.server_admin_folder_accesstrue
  • true
  • false
Yes

Defines, if an Administrator is allowed to access all folders of a server installation.

If set to false, the Administrator will only be shown the folders, he/she has a permission to. His/her username will be shown in auto-complete fields.

Automatically remove folder that are not synced to the server
server.sync.mandatory=
true
  • true
  • false
NoControls that no unnecessary folder be synced to the server
Allow passing folder ownershipfolder.change_owner.allowedtrue
  • true
  • false


No

Controls if it is allowed to change the owner of a folder.

Enable folder admin role

security.permissions.show_folder_admintrue
  • true
  • false
No

Controls if the ADMIN permission on folder level should be available in the web interface and clients.

(Info) Existing permissions will be left untouched when changing the value.

Enable group admin rolesecurity.permissions.group_admin.enabledtrue
  • true
  • false
No

Controls if group admin role is enabled.

Enable folder sharingserver.invite.enabledtrue
  • true
  • false
NoDefines if it should be possible for users to invite other users to their folders.
Enable accepting new folder sharesfolder.agree.invitation.enabledfalse
  • true
  • false
NoControls if users need to accept invitations first, before they are being added to the members list and have the folder listed under their folders.
Enable link sharingweb.public.allowedtrue
  • true
  • false
No

Controls if it's possible to share public links.

Allow sharing on social networkssocial.networks.enabledtrue
  • true
  • false
No

Controls if sharing on social networks is enabled.

Folder delete permissionsecurity.folder.delete.permissionADMIN
  • READ
  • READ_WRITE
  • ADMIN
  • OWNER
No

Defines minimum right for folder deletion.

File history restore permissionsecurity.folder.archive.permissionREAD_WRITE
  • READ
  • READ_WRITE
  • ADMIN
  • OWNER
No

Defines minimum right for restore.


Permission for shared folder via profilessecurity.folder.shared.permissionREAD_WRITE
  • READ
  • READ_WRITE
  • ADMIN
  • OWNER
No

Defines default right for folders shared via profile.


Highest permission for limited userssecurity.folder.limited_user.permissionREAD
  • READ
  • READ_WRITE
  • ADMIN
  • OWNER
No

Defines highest possible permission for limited user.


User Account Security

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Allow merging user accounts

server.merge_accounts.enabledfalse
  • true
  • false
No

Defines if users are allowed to merge existing accounts.

If this feature is turned on, user can add an e-mail address to their account. There are two alternative ways to do that:

  1. If this e-mail address is not yet associated with any other account, the user will receive an e-mail to confirm that he/she can access the e-mail account.
  2. If the e-mail address is already associated with anotther account, the user will be redirected to the login page, to enter the password for this account.

In the first case, the e-mail address is simply added to the list of e-mail addresses of the account.

In the second case, both existing accounts will be merged:

  • The username of the account associated with the e-mail address will become an e-mail address, if it is valid
  • All e-mails are merged
  • All licenses are merged
  • All permissions are merged
  • All groups are merged
  • All computers/devices are merged
  • All notes are merged
  • If one or both accounts are member of an organization, they are merged according to the table below

Merging account


Account to merge

Not member of an organizationMember of an organization
Not member of an organizationAccounts are merged according to the list above.Accounts are merged according to the list above. All Folder
the account to merge is owner of will be added to the merging
account's organization. All Folder the account to merge is not
owner of won't be accessible for the merging account.
Member of an organizationThe merging account will be added to the organization
of the account to merge. All Folder the merging account
is owner of, will be added to the organization. All Folder
the merging account is not owner of won't be accessible
for the merging account.
The merging account will stay a member of the organization
he/she was in before. All Folder the account to merge is owner of
will be added to the merging account's organization. All Folder
the account to merge is not owner of won't be accessible for
the merging account.
Allow password recovery for usersserver.recover.password.enabledtrue
  • true
  • false
No

Defines if exisiting users should be able to recover their password.

Create user accounts when sharingserver.invite.new_users.enabledtrue
  • true
  • false
NoDefines if existing users are allowed to invite new users, which doesn't exist in the database yet. On invitation the server will automatically create a new user account for them.
Enable group admin rolesecurity.permissions.group_admin.enabledfalse
  • true
  • false
NoEnabling the Group Administrator Role lets standard users create groups.
The creator of a group will be a Group Administrator and can invite users to the group.
Enable user self-registrationserver.register.enabledfalse
  • true
  • false
No

Defines if users can register themselves an account.

(Warnung) This option should be only enabled, if you are a Cloud Service Provider and offer trial accounts to new users.

Enable web login for usersweb.login.allowedtrue
  • true
  • false
No

Defines if non-admin users are allowed to login to the webinterface.

Enable auto-complete when sharingweb.invite.auto_completetrue
  • true
  • false
NoControls if auto-complete using all known accounts on that server will be available when inviting someone via web. It's recommended to disable this setting when running a public cloud or when this might be forbidden due to privacy policies.
Enable auto-complete on organizations onlyweb.invite.auto_complete.org.onlyfalse
  • true
  • false
NoControls if auto-complete using all known accounts on that server will be available for non-organization User when inviting someone via web. If true only User with an organization will be able to use auto-complete.
Enable Extended Securtiy Controlsecurity.permissions.strictfalse
  • true
  • false
No

Enables Extended Security Control for server and client. Administrators are able to restrict access to certain client functions on the user level:

  • Open / change preferences
  • Setup / remove new folders
  • Change folder settings
Restrict admin login to certain IP Address rangeslogin.admin.iplist
  • 172.16.0.0-172.16.255.255
  • 10.16.17.18-11.12.13.15,192.168.1.0-192.168.1.255
No

Allow administrative users to only log in with computers that have a certain IP address.

This configuration entry may contain one or more IP address ranges specified by a dash ('-') between the starting and ending IP address and separated by a comma (',').

Secure login tokens


Web

Mobile apps

Client

security.tokens.enabled

true


  • true
  • false
No

Defines if token-based authentication is enabled and the validity period of tokens.


Individual login tokens for:

Web

Mobile apps

Client


security.tokens.web.valid.time.seconds

security.tokens.apps.valid.time.seconds

security.tokens.client.valid.time.seconds


2592000

2592000

31536000


NoServer admins can provide indiidual login token duration in seconds.

Organization Security

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Allow organization admin access to folderssecurity.permissions.org_admin_folder_accesstrue
  • true
  • false


No

Defines, if an Administrator of an organization is allowed to access all folders of a server installation.

If set to false , the Administrator will only be shown the folders, he/she has a permission to. His/her username will be shown in auto-complete fields.

Allow organizations created by usersweb.org.create_by_userfalse
  • true
  • false
NoControls if a user is allowed to create an own organization.
Maximum number of users in organizationserver.register.org.max_users

999Number between 0 and 999NoThe maximum of users in organization created by a user. Must be less than the number of users of your license.
 (Fehler) Setting not yet available via webserver.register.org.inherittrue
  • true
  • false
YesIf changed to server.register.org.inherit=false a new invited user is not belonging to the same organisation as the invitor

File Link Security

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Create random file links 
file_link.random_ids.enabled=
true 
  • true
  • false
NoAllow user to create always a new random file link after deletion of the old one.
Validity time default (days)file_link.validity.default
  • 0
  • 39
No

Set a default value of days a newly generated file link should be valid.

Remove value if no default should be specified.

Validity time maximum (days)file_link.validity.maximum
  • 0
  • 39
No

Set a maximum value of days that can be set for file links.

If no default value is specified, the maximum value will be taken as default.

Remove value if no maximum should be specified.

Also sets the maximum validity of Upload Forms.

Number of downloads defaultfile_link.max_downloads.default
  • 0
  • 82
No

Set a default value of downloads for a file link.

Remove value if no default should be specified.

Numer of downloads maximumfile_link.max_downloads.maximum
  • 0
  • 82
No

Set a maximum value of downloads for a file link.

If no default value is specified, the maximum value will be taken as default.

Remove value if no maximum should be specified.

Password Policyfile_link.password_policyOPTIONAL
  • OPTIONAL
  • RECOMMENDED
  • REQUIRED
No

Specify if a password is

  • optional (file links don't need a password set),
  • recommended (file links don't need a password but the user is asked to set one anyway, the "More options" panel is opened automatically)
  • or required (file links need a password, the "More options" panel is opened automatically)
Allow Upload Linksfile_link.allow_uploadsfalse
  • true
  • false
NoAllows external users to upload files in generated file links without registration. (warning) Available with version 11.4 or higher

(Fehler) Setting not yet available via web

file_link.upload_mails
Valid mail addressYesAllows the server administrator to monitor the usage of the upload forms feature. A mail is sent to the specified mail address when a user upload any data to an upload forms. (warning) Available with version 11.4 or higher
Validation days for file upload links
file_link.validation_days
1
NoSets validation days for upload links.

SMTP Settings

SMTP Server Settings

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
SMTP hostnamemail.smtp.host


Yes

Defines the hostname of the SMTP server.

(Info) It's possible to append a port number, if the SMTP server uses a port other than 25: mail.smtp.host=smtp.example.com:465

SMTP usernamemail.smtp.user


YesDefines the username used to authenticate against the SMTP server.
SMTP passwordmail.smtp.password

YesDefines the password of the username used to authenticate against the SMTP server.
Enable TLS supportmail.smtp.starttls.enablefalse
  • true
  • false
Yes

Controls if the connection to the SMTP server should use TLS.

Enable Microsoft Exchange supportmail.smtp.exchangefalse
  • true
  • false
YesDefines if the mail server is a Microsoft Exchange server.

SMTP Headers

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Admin emailmail.admin.email


No

Defines the email address of the administrator for server notifications.

From emailmail.defaultfrom.email


NoDefines which email address should be used in the From header in emails sent to users.
From namemail.defaultfrom.name

NoDefines which name should be used in the From header in emails sent to users.
Reply-to emailmail.defaultreplyto.email

No

Defines which email address should be used in the Reply-to header in emails sent to users.

Reply-to namemail.defaultreplyto.name

NoDefines which name should be used in the Reply-to header in emails sent to users.

Mail Settings

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Send introduction mail to new usersmail.send.registrationtrue
  • true
  • false
No

Controls if users should get a welcome mail when a new user account is registered. It's possible to disable sending welcome registration mails.

Web Settings

Appearance

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Browser titleweb.title


No

Sets the browser title which will be displayed on on the PowerFolder Server web interface.

Select skinplugin.webinterface.skin


NoThe drop-down will offer a list of skins found in the skins folder.
Create skin


NoWhen filled and saved, a new sub-directory with the given will be created in the skins folder, which will contain a copy of the default skin.
Primary colorweb.color.primary

No

Sets the primary color used in the web interface.

Secondary colorweb.color.secondary

NoSets the secondary color used in the web interface.
Button text colorweb.color.background

NoSets the button text color used in the web interface.
Border colorweb.color.border

NoSets the border color used in the web interface.
Text colorweb.color.text

NoSets the text color used in the web interface.

Version of the Terms of Service


Allow LDAP accounts to skip Terms Of Service

server.tos.version


server.tos.skip.ldap



false

Number


true

No


No

Terms of service


When set to true, accounts authenticated by LDAP are not required to accept the Terms Of Service.

Features

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription

Set minumun client version to connect

(error) Setting not yet available via web

net.version.minimum
empty
17.4.100
YesControls that a minum version is comaptible with server and allowed to connect.

Set lenght of the words in the web search

(error) Setting not yet available via web

web.invite.auto_complete.minimum_input_length
empty1 and onwardsYesControls the lenght of words that are used for search in web (file links, groups and organisation) 
Enable Client Downloadweb.download_app.enabledtrue
  • true
  • false
Yes

Controls if it's possible to download the clients on the web interface.

Enable Music Playerweb.musicplayer.enabledtrue
  • true
  • false
YesControls if the music player will be available when browsing folders.
Enable Newsweb.news.enabledtrue
  • true
  • false
YesControls if the web interface should offer a News tab to show recently changed folder content.
Enable Telephone Fieldsweb.telephone.enabled true
  • true
  • false
YesControls if users are allowed to enter their telephone number. 
Enable WebDAVweb.dav.enabled true
  • true
  • false
YesControls if it's possible for users to access their folders via WebDAV. 
Enable ZIP compressionweb.zip.compression true
  • true
  • false 
YesControls if HTTP ZIP compression is activated. It might be useful to disable if a proxy is used which already compresses HTTP elements. 

(Fehler) Setting not yet available via web

file_link.upload_landing_pagefalse
  • true
  • false
Yes

Activates the Upload Forms Feature. It enables the possibility for the user to create a landing page for a folder where user can upload files.

Location display in user account devices tab

(Fehler) Setting not yet available via web

web.location.enabledtrue
  • true
  • false
YesDisplays device location on devices tab in user accounts

Document Viewing

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
Enable external document viewersweb.inline_viewfalse
  • true
  • false
No

Controls if certain filetypes will be displayed inline by an external document viewer, which can be either Google Docs or Microsoft Office Documents Online Viewer. Which of those providers will be used depends on the file extension:

(Info) Please note that this function will make the viewed document temporarily available to the providers of those two services.

Browser extensionsweb.inline_view.in_browser.extensionspdf|txt

Pipe-separated list of extensions

NoControls which extensions should be handled by the browser instead of the external document viewers.
Google Docs APIweb.inline_view.googlehttp://docs.google.com/viewer?url=%URL%&embedded=true
NoSets the URL to the Google Docs Document Viewer API.
Google Docs extensionsweb.inline_view.google.extensionspages|ai|psd|tif|tiff|eps|ps|svgPipe-separated list of extensionsNo

Controls which extensions will be displayed inline by the Google Docus Document Viewer.

Microsoft Office APIweb.inline_view.ms_officehttps://view.officeapps.live.com/op/embed.aspx?src=%URL%
NoSets the URL to the Microsoft Office Document Viewer API.  
Microsoft Office extensionsweb.inline_view.ms_office.extensions doc|docx|xls|xlsx|ppt|pptxPipe-separated list of extensions NoControls which extensions will displayed inline by the Microsoft Office Document Viewer. 
Enable gallery viewerweb.inline_view.gallery true
  • true
  • false
NoControls if pictures should be displayed in the gallery view or if they should be downloaded. 
ONLYOFFICE URLweb.inline_view.onlyoffice.urlhttps://docapi.powerfolder.com
NoURL to OnlyOffice server
ONLYOFFICE Extensionsweb.inline_view.onlyoffice.extensionspptx|xlsx|ppt|doc|odp|odt|xls|docx|odsPipe-separated list of extensionsNoExtensions to open with OnlyOffice
ONLYOFFICE Session Timeout (sec)web.inline_view.onlyoffice.session.timeout.seconds86400 Every value > 0NoTimeout for OnlyOffice sessions

(Fehler) Setting not yet available via web

web.inline_view.browser.whitelisttxt|png|jpg|jpeg|gif|pdfEvery File extensions that is save to open in web.YesControlls if a file can get opened in web by adding ?inline to the URI. Prevents users to share malware via html for example and send a link that opens directly in browser.

Web Server configuration

(Please read the following article for more information: https://www.eclipse.org/jetty/documentation/9.3.x/high-load.html )

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
n/aweb.threadpool.min0e.g. 50YesWeb worker threadpool minimum size
n/aweb.threadpool.max254e.g. 500Yes

Web worker threadpool maximum size
Thread Pool

Configure with goal of limiting memory usage maximum available. Typically this is >50 and <500

n/aweb.acceptors2e.g. 8Yes

Number of acceptors and selectors:
Acceptors

The standard rule of thumb for the number of Accepters to configure is one per CPU on a given machine.

Files API configuration

Web SettingConfig File ParameterConfig File Default ValueConfig File Possible ValuesRestart RequiredDescription
n/aoverwrite=true
  • true
  • false
Yesoverwrite files from versioning if currently existing