Skip to main content

Server Configuration

All Sync-in server configuration options are defined in the environment.yaml file.

This file allows you to customize how your Sync-in instance behaves: networking, authentication, database, caching, email, and more.

🧱 Sections​

πŸ–₯️ server​

  • host: IP address the server will listen on (default: 0.0.0.0)
  • port: Port used for the web interface (default: 8080)
  • workers: Number of worker processes.
    • Use auto to utilize all CPU cores.
    • Regardless of the value, at least 2 workers are always started β€” 1 is reserved for scheduled tasks.
  • trustProxy: Enables proxy support (true, false, or IP range)
  • restartOnFailure: Automatically restart workers if they crash (true or false)

πŸ“‹ logger​

  • level: Logging level (trace, debug, info, warn, error, fatal)
  • stdout: Outputs logs to the console (true) or writes them to a file (false)
  • colorize: Enables log colorization (default: true)
  • filePath: Path to the log file used when stdout is set to false.

🐬 mysql​

  • url: MySQL connection URL (e.g., mysql://user:password@localhost:3306/database)
  • logQueries: Enables logging of SQL queries to the database (true or false)

⚑ cache​

  • adapter: Cache system (mysql by default, or redis)
  • ttl: Default time-to-live for cached entries (in seconds)
  • redis: Redis connection URL (used when adapter: redis)

πŸ”„ websocket​

  • adapter: WebSocket adapter (cluster or redis)
    • cluster: uses Node.js workers for inter-process communication (default)
    • redis: enables communication between distributed instances; recommended for multi-server setups
  • corsOrigin: Allowed origin(s) for WebSocket connections (e.g., "*")
  • redis: Redis connection URL (used when adapter: redis)

πŸ“§ mail​

  • host: SMTP server host
  • port: SMTP server port (e.g., 587)
  • sender: Sender email address (e.g., Sync-in<notification@sync-in.com>)
  • auth:
    • user: SMTP username
    • pass: SMTP password
  • secure: Use SSL connection (true or false)
  • logger: Enable SMTP logging (true or false)
  • debug: Enable debug mode (true or false)

πŸ” auth​

  • method: Authentication method (mysql or ldap)
  • sameSite: SameSite cookie policy (lax, strict)
  • token:
    • access:
      • name: Access token cookie name
      • secret: JWT secret for access tokens
      • expiration: Access token lifespan (e.g., 30m)
      • cookieMaxAge: Cookie lifetime
    • refresh:
      • name: Refresh token cookie name
      • secret: JWT secret for refresh tokens
      • expiration: Refresh token lifespan (e.g., 4h)
      • cookieMaxAge: Cookie lifetime
  • ldap (if method: ldap):
    • servers: List of LDAP server URLs
    • baseDN: Base distinguished name (e.g., ou=people,dc=example,dc=com)
    • filter: LDAP filter (optional)
    • loginAttribute: Login attribute (uid or mail)

🧩 applications​

πŸ“ files​

  • dataPath: Path to store user data
  • maxUploadSize: Maximum allowed file upload size (default: 5 GB)
  • showHiddenFiles: Show files starting with a dot in the file explorer (default: false)
  • πŸ“ onlyoffice:
    • enabled: Enable OnlyOffice integration (true or false)
    • externalServer: OnlyOffice server URL (e.g., https://onlyoffice.domain.com)
    • secret: Shared JWT secret with OnlyOffice
    • verifySSL: Enforce SSL verification (true or false)

πŸ›οΈ appStore​

  • repository: Choice of repository for application client releases: public (default) or local

🌱 Environment variables​

All Sync-in server configuration parameters can be set using environment variables prefixed with SYNCIN_.

For example, the following configuration :

auth:
  token:
    access:
      secret: "changeAccessWithStrongSecret"
    refresh:
      secret: "changeRefreshWithStrongSecret"
mysql:
  url: mysql://root:MySQLRootPassword@mariadb:3306/sync_in

Can be replicated with environment variables as follows:

SYNCIN_AUTH_TOKEN_ACCESS_SECRET="changeAccessWithStrongSecret"
SYNCIN_AUTH_TOKEN_REFRESH_SECRET="changeAccessWithStrongSecret"
SYNCIN_MYSQL_URL="mysql://root:MySQLRootPassword@mariadb:3306/sync_in"
info

For boolean values, use true or false.
Numeric values are parsed automatically

πŸ“Œ Example​

server:
  host: 0.0.0.0
  port: 3000
  # workers: auto (use all cpus) | number
  # regardless of the value, starts with at least 2 workers, 1 worker is dedicated to scheduled tasks
  workers: 4
  # trust proxy: true | false | 127.0.0.1,192.168.1.1/24
  trustProxy: false
  # restartOnFailure : automatically restart workers if they are killed or die
  restartOnFailure: true
logger:
  # level: trace | debug | info | warn | error | fatal
  level: trace
  # stdout : if false logs are written to the run directory (default: true)
  stdout: true
  # path to the log file used when stdout is set to false
  filePath: /var/log/sync-in/server.log
mysql:
  url: mysql://user:password@localhost:3306/database
  logQueries: false
cache:
  # adapter: mysql (default) | redis (requires optional dependency: redis)
  adapter: mysql
  # default ttl in seconds
  ttl: 60
  # redis adapter url
  redis: redis://127.0.0.1:6379
websocket:
  # adapter: cluster (Node.js Workers: default) | redis (requires optional dependency: @socket.io/redis-adapter)
  adapter: cluster
  # cors origin allowed
  corsOrigin: '*'
  # redis adapter url
  redis: redis://127.0.0.1:6379
mail:
  host: smtp.server.com
  port: 587
  sender: 'Sync-in<notification@sync-in.com>'
  auth:
    user: user
    pass: password
  # secure: defines if the connection should use SSL (if true) or not (if false)
  secure: false
  # enable logger
  logger: false
  # set log level to debug
  debug: false
auth:
  # adapter : mysql (default) | ldap
  method: mysql
  # sameSite (cookie settings) : lax | strict
  sameSite: strict
  token:
    access:
      name: sync-in-access
      # used for token & cookie signatures
      secret: changeAccessWithStrongSecret
      expiration: 30m
      cookieMaxAge: 30m
    refresh:
      name: sync-in-refresh
      # used for token & cookie signatures
      secret: changeRefreshWithStrongSecret
      expiration: 4h
      cookieMaxAge: 4h
  ldap:
    # e.g: [ldap://localhost:389, ldaps://localhost:636] (array required)
    servers: []
    # baseDN: distinguished name, e.g: (ou=people,dc=ldap,dc=sync-in,dc=com)
    baseDN:
    # filter, e.g: (acl=admin)
    filter:
    # login attribute: uid (default) or mail
    loginAttribute:
applications:
  files:
    dataPath: /home/sync-in
    # Default to 5 GB if not specified
    maxUploadSize: 5368709120
    # Show files starting with a dot in the file explorer (default: false)
    showHiddenFiles: false
    onlyoffice:
      enabled: false
      # for an external server (e.g: https://onlyoffice.domain.com), remember the url must be accessible from browser !
      # if externalServer is empty (case of official docker compose), we use the local instance
      externalServer:
      # secret used for jwt tokens, it must be the same on the onlyoffice server
      secret: onlyOfficeSecret
      # if you use https, set to true
      verifySSL: false
  appStore:
    # repository: public (default) | local
    repository: public