From 997a6d96e78cd75f6b86e3b3ae9047f52f43a2fe Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sat, 25 May 2019 12:04:50 +0530 Subject: [PATCH 01/35] Reword initial sentence for bulk export tool Fix https://github.com/mattermost/docs/issues/2731. --- source/administration/bulk-export.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/administration/bulk-export.rst b/source/administration/bulk-export.rst index 066d9236b8d..bbc7c1babb6 100644 --- a/source/administration/bulk-export.rst +++ b/source/administration/bulk-export.rst @@ -4,8 +4,12 @@ Bulk Export Tool ================= -Data from one Mattermost instance into another can be exported in the `JSONL -`__ file using the `bulk loading feature `__. This tool is useful if you have created a server for a proof of concept, have created another server for production use and now want to retain the history from the proof of concept instance. +Moving data from one Mattermost instance into another begins with exporting data +to a JSONL file `JSONL `__ file using the +`bulk loading feature `__. +This tool is useful if you have created a server for a proof of concept, have +created another server for production use and now want to retain the history +from the proof of concept instance. You can export the following data types: From 7368905daf26edb8e812a0b7dd217b6863e77466 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 16:38:16 +0530 Subject: [PATCH 02/35] List fields encrypted using AtRestEncryptKey Fix https://github.com/mattermost/docs/issues/2231. --- source/administration/config-settings.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 4c80366c99c..17997916328 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -3027,6 +3027,15 @@ A 32-character key for encrypting and decrypting sensitive fields in the databas When using High Availability, the salt must be identical in each instance of Mattermost. +The following fields are encrypted using this key +- ``SqlSettings.DriverName`` +- ``SqlSettings.DataSource`` +- ``SqlSettings.MaxIdleConns`` +- ``SqlSettings.MaxOpenConns`` +- ``SqlSettings.Trace`` +- ``SqlSettings.QueryTimeout`` +- ``SqlSettings.ConnMaxLifetimeMilliseconds`` + +------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"AtRestEncryptKey": ""`` with string input. | +------------------------------------------------------------------------------------------+ From ec7a33f528a32f29ace4e49e6c0b9e3a4a1917b0 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 17:04:46 +0530 Subject: [PATCH 03/35] User Guide TOC is too long Fix https://github.com/mattermost/docs/issues/1582. --- source/help/getting-started/signing-in.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source/help/getting-started/signing-in.rst b/source/help/getting-started/signing-in.rst index c49cb7a3ad8..407afe7f0fc 100644 --- a/source/help/getting-started/signing-in.rst +++ b/source/help/getting-started/signing-in.rst @@ -8,6 +8,11 @@ To sign in, navigate to the Mattermost sign-in page. You can get the URL of the After signing in, the team that appears first on your team sidebar will open. If you have not joined a team, the Team Selection page opens where you can view a list of teams that you can join. +.. contents:: + :depth: 2 + :local: + :backlinks: entry + Sign In Methods --------------- From d99823b3ad77725e5f79f85fe42f35bb38d6ae38 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 18:03:45 +0530 Subject: [PATCH 04/35] Write settings controlling SAML session lengths Fixes https://github.com/mattermost/docs/issues/2041. --- source/administration/config-settings.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 17997916328..fca8b1b49dd 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -3751,6 +3751,18 @@ Specify the color of the SAML login button for white labeling purposes. Use a he | This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | +-------------------------------------------------------------------------------------------------------------------------------+ +SAML session lengths +^^^^^^^^^^^^^^^^^^^^^^ + +SAML session length is defined per + +- ``url`` : ``environment/session_lengths`` +- ``title`` : ``admin.sidebar.sessionLengths`` +- ``type`` : ``TYPE_NUMBER`` +- ``label`` : ``mobileSessionDays`` +- ``help_text`` : ``admin.service.ssoSessionDaysDesc`` +- ``placeholder``: ``sessionIdleTimeout`` + Login Button Border Color ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. From 463bbba92a66839c9d1a41c81a87b9edea63eae8 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 18:16:42 +0530 Subject: [PATCH 05/35] Use alt tag for all images Fix https://github.com/mattermost/docs/issues/1511. --- source/help/messaging/formatting-text.rst | 14 +++++++++++++- source/process/sg_rest_markup.rst | 4 +++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/source/help/messaging/formatting-text.rst b/source/help/messaging/formatting-text.rst index edde5b79041..7a30867e4f9 100644 --- a/source/help/messaging/formatting-text.rst +++ b/source/help/messaging/formatting-text.rst @@ -13,6 +13,7 @@ Open the emoji autocomplete by typing ``:`` followed by two characters of the wo Renders as: .. image:: ../../images/Emoji1.PNG + :alt: Sample Emoji Text Style ---------- @@ -26,8 +27,10 @@ You can use either ``_`` or ``*`` around a word to make it italic. Use two to ma .. |bold_italics| image:: ../../images/bold_italics.PNG :width: 100px + :alt: Bold Italics .. |strikethrough| image:: ../../images/strikethrough.PNG :width: 100px + :alt: Strike Through Links ----- @@ -52,6 +55,7 @@ Make a heading by typing # and a space before your title. For smaller headings, Renders as: .. image:: ../../images/Headings1.PNG + :alt: Large Heading Alternatively, you can underline the text using ``===`` or ``---`` to create headings. @@ -63,6 +67,7 @@ Alternatively, you can underline the text using ``===`` or ``---`` to create hea Renders as: .. image:: ../../images/Headings2.PNG + :alt: Smaller Heading Lists ----- @@ -122,6 +127,7 @@ Make a task list by including square brackets: Renders as: .. image:: ../../images/checklist.PNG + :alt: List Code Block ---------- @@ -178,19 +184,22 @@ Renders as: **GitHub Theme** .. image:: ../../images/syntax-highlighting-github.PNG + :alt: Syntax Highlighting in GitHub **Solarized Dark Theme** .. image:: ../../images/syntax-highlighting-sol-dark.PNG + :alt: Syntax Highlighting Dark **Solarized Light Theme** .. image:: ../../images/syntax-highlighting-sol-light.PNG + :alt: Syntax Highlighting Light **Monokai Theme** .. image:: ../../images/syntax-highlighting-monokai.PNG - + :alt: Syntax Highlighting Monokai In-line Code ------------ @@ -242,6 +251,7 @@ Inline image with link Renders as: .. image:: ../../images/icon-76x76.png + :alt: MatterMost Icon 76X76 :alt: Mattermost :target: https://github.com/mattermost/mattermost-server @@ -304,6 +314,7 @@ Create a table by placing a dashed line under the header row and separating the Renders as: .. image:: ../../images/markdownTable1.PNG + :alt: Markdown Table Sample Math Formulas @@ -321,3 +332,4 @@ Create formulas by using LaTeX in a ``latex`` `Code Block`_ Renders as: .. image:: ../../images/markdownMath.PNG + :alt: Markdown Math Sample diff --git a/source/process/sg_rest_markup.rst b/source/process/sg_rest_markup.rst index 4b649d74c76..4ff57199b94 100644 --- a/source/process/sg_rest_markup.rst +++ b/source/process/sg_rest_markup.rst @@ -161,7 +161,9 @@ Use the following construct to insert an image: .. image:: ../images/choices.png -You can also add the following image options: `alt`, `height`, `width`, `scale`, `align`, and `target`. For example: +You should use `alt` tag for all images. + +You can also add the following image options: `height`, `width`, `scale`, `align`, and `target`. For example: .. code-block:: none From 48f6acb1e4c007af7b0f746d85db6033b2fd8934 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 18:20:24 +0530 Subject: [PATCH 06/35] Add troubleshooting guide for MySQL installation --- source/install/trouble_mysql.rst | 282 +++++++++++++++++++++++++++++++ 1 file changed, 282 insertions(+) create mode 100644 source/install/trouble_mysql.rst diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst new file mode 100644 index 00000000000..bf167f82573 --- /dev/null +++ b/source/install/trouble_mysql.rst @@ -0,0 +1,282 @@ +MySQL Installation Troubleshooting +================================== + + Before you can run the Mattermost server, you must first install and +configure a database. You start Mattermost by navigating to the +``/opt/mattermost/bin`` directory and entering the command +``sudo -u mattermost ./platform``. If the Mattermost server cannot +connect to the database, it will fail to start. This section deals with +MySQL database issues that you may encounter when you start up +Mattermost for the first time. + + How you install MySQL varies depending upon which Linux distribution you +use. But once MySQL is installed the configuration instructions are the +same. For all distributions you must create a ``mattermost`` database +and a ``mattermost`` database user. Failure to create these database +objects or improperly referencing them from the Mattermost configuration +file, ``/opt/mattermost/config/config.jason``, causes Mattermost to +fail. The troubleshooting tips given here deal with these specific +issues. + + Before proceeding confirm that your MySQL server is running. You can do +this by issuing the command: ``mysqladmin -u root -p status``. When +prompted, enter your password. If MySQL is running you should see output +like the following: + + :: + + Uptime: 877134 Threads: 1 Questions: 9902 Slow queries: 0 Opens: 522 + Flush tables: 1 Open tables: 371 Queries per second avg: 0.011 + + If MySQL is not running, review the instructions for installation on +your distribution. + + **Warning** + + Some of the commands used in this section alter the database. **Use + these commands only if your Mattermost installation has failed.** Do + not directly manipulating the MySQL database for a working + Mattermost installation. + + The mattermost Database +----------------------- + + The database created during installation is named ``mattermost``. If you +fail to create this database or you misname it, when you attempt to +start the Mattermost server you will see an error such as: + + :: + + [2017/09/20 17:11:37 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:11:37 EDT] [EROR] Failed to ping DB retrying in 10 seconds + err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost' + + Note that MySQL is specifically denying access to the ``mattermost`` +database. This may mean that you have failed to create a database named +``mattermost`` or you may have incorrectly referenced this database from +the ``/opt/mattermost/config/config.json`` file. + + **Checking that the Database Exists** + + To confirm that the ``mattermost`` database exists, open MySQL as root +by executing ``mysql -u root -p``. When prompted, enter your +password and then issue the command ``show databases;``. This command +displays all the databases. You should see something similar to the +following: + + :: + + +--------------------+ + | Database | + +--------------------+ + | information_schema | + | mattermost | + | mysql | + | performance_schema | + | sys | + +--------------------+ + 5 rows in set (0.03 sec) + + **No mattermost Database** + + If the ``mattermost`` database doesn't exist, create a database named +``mattermost`` by opening MySQL as root and issuing the command: +``create database mattermost;``. + + If you accidentally created a database with the wrong name, you can +remove it by issuing the command: :samp:`drop database {misnamed};` + + After creation of the database, attempt to restart the Mattermost server +by navigating to the ``/opt/mattermost/bin`` directory and entering the +command ``sudo -u mattermost ./platform``. + + **The mattermost Database Exists** + + If the ``mattermost`` database does exist, confirm that you have defined +the database driver correctly in the +``/opt/mattermost/config/config.json`` file. Open this file in a text +editor, and review the value of ``"DataSource"``. It should be: + + :: + + "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" + + You should also confirm that ``DriverName`` element (found immediately +above the ``DataSource`` element) is set to ``mysql``. + + If you correct an error, restart the Mattermost server by navigating to +the ``/opt/mattermost/bin`` directory and entering the command +``sudo -u mattermost ./platform``. + + The Database User +----------------- + + During installation you create a MySQL database user from the *mysql* +prompt by issuing the command +:samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The +``mmuser-password`` value is a placeholder for the password you chose. +You may also have specified an IP address rather than the wild card +``%``. + + **Note** + + A MySQL user is fully defined by their username and the host that + they access MySQL from. These elements are separated by the ``@`` + sign. The ``%`` character is a wild card indicating that the user + can access MySQL from any IP address. If the user you created + accesses MySQL from a specific IP address such as ``10.10.10.2``, + please adjust your actions accordingly. + + If the user and host combination that you created does not exist, you +will see an error such as: + + :: + + [2017/09/20 17:06:18 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:06:18 EDT] [EROR] Failed to ping DB retrying in 10 seconds + err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) + + **Checking that mmuser Exists** + + To check that this user exists log in to MySQL as root: +``mysql -u root -p``. + + When prompted, enter the root password that you created when installing +MySQL. From the ``mysql`` prompt enter the command +``select User, Host from mysql.user;``. You should see something +like the following + + :: + + +------------------+-----------+ + | User | Host | + +------------------+-----------+ + | mmuser | % | + | debian-sys-maint | localhost | + | mysql.session | localhost | + | mysql.sys | localhost | + | root | localhost | + +------------------+-----------+ + 5 rows in set (0.00 sec) + + **User Doesn't Exist** + + If ``'mmuser'@'%'`` does not exist, create this user by logging into +MySQL as root and issuing the command: +:samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. + + After creating a user, ensure that this user has rights to the +``mattermost`` database by following the instructions given in +:ref:`mysql_grants`. + + **User Exists** + + If the user ``mmuser`` exists, the DataSource element of the +``/opt/mattermost/config/config.jason`` file may be incorrect. Open this +file and search for ``DataSource``. It's value should be: + + :: + + "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" + + If you correct an error, restart the Mattermost server by navigating to +the ``/opt/mattermost/bin`` directory and issuing the command: +``sudo -u mattermost ./platform``. + + The User Password +----------------- + + Mattermost will fail if you use an incorrect password for ``mmuser``. An +incorrect password displays an error message such as the following: + + :: + + [2017/09/20 17:09:10 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:09:10 EDT] [EROR] Failed to ping DB retrying in 10 seconds + err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) + + **The Password in config.jason** + + The DataSource element of the ``/opt/mattermost/config/config.jason`` +file references the ``mmuser`` password. Open this file and search for +``DataSource``. It's value should be: + + :: + + "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" + + Check that the password is correct. If you correct an error, restart the +Mattermost server by navigating to ``/opt/mattermost/bin`` and issuing +the command: ``sudo -u mattermost ./platform``. + + **Unsure of Password** + + If you are not sure that the ``mmuser`` password is correct, attempt to +log in to MySQL as ``mmuser`` by issuing the command +``mysql -u mmuser -p``. You will be prompted for your password. If your +login fails, you are not using the correct password. + + With a new database installation, the easiest solution for an unknown +password is to remove the existing ``mmuser`` and then recreate that +user. You do this by logging in to MySQL as root and issuing the +following commands: + + 1. ``drop user mmuser;`` + + 2. ``flush privileges;`` + + 3. :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';` + + If you recreate ``mmuser``, ensure that this user has rights to the +``mattermost`` database by following the instructions given in +:ref: `mysql_grants`. + + Insufficient User Privileges +---------------------------- + + If the database exists and the username and password are correct, the +``mmuser`` may not have sufficient rights to access the ``mattermost`` +database. If this is the case, you may see an error message such as: + + :: + + [2017/09/20 17:20:53 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:20:53 EDT] [EROR] Failed to ping DB retrying in 10 seconds + err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost + + **Note** + + Examine the error message closely. The user name displayed in the + error message is the user identified in the ``DataSource`` element + of the ``/opt/mattermost/config/config.jason`` file. For example, if + the error message reads + ``Access denied for user 'muser'@'%' ...`` you will know + that you have misidentified the user as ``muser`` in the + ``config.jason`` file. + + You can check if the user ``mmuser`` has access to the ``mattermost`` +database by logging in to MySQL as ``mmuser`` and issuing the command: +``show databases;``. If this user does not have rights to view the +``mattermost`` database, you will not see it in the output. + + :: + + +--------------------+ + | Database | + +--------------------+ + | information_schema | + +--------------------+ + 1 rows in set (0.00 sec) + + .. _mysql_grants: + + **Granting Privileges to mmuser** + + If the ``mattermost`` database exists and ``mmuser`` cannot view it, +exit from MySQL and then log in again as root. Issue the command +``grant all privileges on mattermost.* to 'mmuser'@'%';`` to grant +all rights on ``mattermost`` to ``mmuser``. + + Restart the Mattermost server by navigating to the +``/opt/mattermost/bin`` directory and entering the command +``sudo -u mattermost ./platform``. From 18fcfef979c209b379e72544b1184a348396c943 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Sun, 26 May 2019 19:36:25 +0530 Subject: [PATCH 07/35] Remove all & and replace w/ and Fix https://github.com/mattermost/docs/issues/1592. sed -i 's/ & / and /g' .*.rst --- benefits-us.rst | 2 +- source/administration/backup.rst | 2 +- source/administration/bulk-export-data.rst | 2 +- source/administration/bulk-export.rst | 2 +- source/administration/telemetry.rst | 2 +- source/deployment/bulk-loading.rst | 4 +- .../getting-started/implementation_plan.rst | 4 +- source/help/apps/desktop-changelog.rst | 2 +- source/help/getting-started/signing-in.rst | 2 +- source/install/i18n.rst | 4 +- source/install/prod-windows-2012.rst | 4 +- source/install/requirements.rst | 2 +- source/overview/product.rst | 2 +- source/overview/security.rst | 2 +- source/overview/vpat.rst | 162 +++++++++--------- source/process/benefits-us.rst | 2 +- source/process/integrations-directory.rst | 2 +- source/process/marketing-guidelines.rst | 2 +- source/process/training.rst | 18 +- source/process/working-at-mattermost.rst | 10 +- 20 files changed, 116 insertions(+), 116 deletions(-) diff --git a/benefits-us.rst b/benefits-us.rst index f02df4f1f50..5c05c153663 100644 --- a/benefits-us.rst +++ b/benefits-us.rst @@ -17,7 +17,7 @@ This overview is a quick reference guide and does not replace the documentation The Company covers health insurance up the following contribution caps: -**Insurance & Company Contribution Cap** +**Insurance and Company Contribution Cap** - Medical Employee Only: $362.00 - Medical Employee + Spouse: $797.00 diff --git a/source/administration/backup.rst b/source/administration/backup.rst index 79e6a4d03f4..ee5a01a5341 100644 --- a/source/administration/backup.rst +++ b/source/administration/backup.rst @@ -1,4 +1,4 @@ -Backup & Disaster Recovery +Backup and Disaster Recovery ========================== Options to protect your Mattermost server from different types of failures range from simple backup to sophisticated disaster recovery deployments and automation. diff --git a/source/administration/bulk-export-data.rst b/source/administration/bulk-export-data.rst index 8d8e8f98fb4..aeab71acef4 100644 --- a/source/administration/bulk-export-data.rst +++ b/source/administration/bulk-export-data.rst @@ -5,7 +5,7 @@ At this time, the export supports attributes of the objects listed below. All Ma You can export the following data types: - Teams -- Channels (Public & Private) +- Channels (Public and Private) - Users - Users' Team memberships - Users' Channel memberships diff --git a/source/administration/bulk-export.rst b/source/administration/bulk-export.rst index bbc7c1babb6..ec8e0dd7614 100644 --- a/source/administration/bulk-export.rst +++ b/source/administration/bulk-export.rst @@ -14,7 +14,7 @@ from the proof of concept instance. You can export the following data types: - Teams -- Channels (Public & Private) +- Channels (Public and Private) - Users - Users' Team memberships - Users' Channel memberships diff --git a/source/administration/telemetry.rst b/source/administration/telemetry.rst index 0c9d14519a7..562c3951ceb 100644 --- a/source/administration/telemetry.rst +++ b/source/administration/telemetry.rst @@ -73,7 +73,7 @@ Non-personally Identifiable Error Information Non-personally Identifiable Diagnostic Information Boolean when the following events occur: - - *Team and Account Setup Diagnostics:* Account creation via email, invite or UI, account creation page view, account creation completion; tutorial step & tip completion or opt out, team creation page view, team name and URL entry, team creation completion + - *Team and Account Setup Diagnostics:* Account creation via email, invite or UI, account creation page view, account creation completion; tutorial step and tip completion or opt out, team creation page view, team name and URL entry, team creation completion - *Sign-in Diagnostics:* Login succeeded or failed for email, LDAP or SAML/SSO; logout succeeded; switched authentication method from email to LDAP or SAML/SSO or vice versa; reset password; updated password - *Navigation Discovery Diagnostics:* Joined a channel from the "More" list, through an invite or by clicking a public link; created a channel, direct, or group direct message conversation; renamed, joined, left or deleted an existing channel; updated header or purpose; added or removed members; updated channel notification preferences; loaded more messages in a channel; switched a channel or a team; opened the "More" modal for channels or direct message conversations; updated team name; invited members; updated account settings - *Core Feature Discovery Diagnostics:* Created, edited or deleted a message; posted a message containing a hashtag, link, mention or file attachment; searched for a term; searched for flagged posts or recent mentions diff --git a/source/deployment/bulk-loading.rst b/source/deployment/bulk-loading.rst index f9234900598..f9e361db1fb 100644 --- a/source/deployment/bulk-loading.rst +++ b/source/deployment/bulk-loading.rst @@ -10,7 +10,7 @@ Large quantities of data can be imported from a `JSONL You can import the following data types: - Teams -- Channels (Public & Private) +- Channels (Public and Private) - Users - Users' Team memberships - Users' Channel memberships @@ -33,4 +33,4 @@ Importing additional types of posts is not yet supported. .. include:: bulk-loading-about.rst .. include:: bulk-loading-data.rst -.. include:: bulk-loading-data-format.rst \ No newline at end of file +.. include:: bulk-loading-data-format.rst diff --git a/source/getting-started/implementation_plan.rst b/source/getting-started/implementation_plan.rst index e2703b7b91a..e040a8c7fca 100644 --- a/source/getting-started/implementation_plan.rst +++ b/source/getting-started/implementation_plan.rst @@ -184,7 +184,7 @@ Large quantities of data can be imported from a JSON file into Mattermost at the You can import the following data types: - Teams - - Channels (Public & Private) + - Channels (Public and Private) - Users - Users’ Team memberships - Users’ Channel memberships @@ -237,7 +237,7 @@ Train administrators on the tasks required to manage Mattermost. **Reference**: https://docs.mattermost.com/guides/administrator.html -3.3.13 Update Legal & Support Settings +3.3.13 Update Legal and Support Settings ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Mattermost has configuration settings for the terms of service, privacy policy, and support URLs and emails. It is highly recommended that you modify these in your configuration so that your users have the correct legal information and can contact administrators to resolve account issues. You can find these under **System Console > Legal and Support**. diff --git a/source/help/apps/desktop-changelog.rst b/source/help/apps/desktop-changelog.rst index 7133babed76..eba64b6b7e0 100644 --- a/source/help/apps/desktop-changelog.rst +++ b/source/help/apps/desktop-changelog.rst @@ -974,7 +974,7 @@ All platforms - Should execute following command to take over ``config.json``. - Windows: - ``mkdir %APPDATA%\Mattermost & copy %APPDATA%\electron-mattermost\config.json %APPDATA%\Mattermost\config.json`` + ``mkdir %APPDATA%\Mattermost and copy %APPDATA%\electron-mattermost\config.json %APPDATA%\Mattermost\config.json`` - OS X: ``ditto ~/Library/Application\ Support/electron-mattermost/config.json ~/Library/Application\ Support/Mattermost/config.json`` - Linux: diff --git a/source/help/getting-started/signing-in.rst b/source/help/getting-started/signing-in.rst index 407afe7f0fc..7a73278bd8c 100644 --- a/source/help/getting-started/signing-in.rst +++ b/source/help/getting-started/signing-in.rst @@ -67,7 +67,7 @@ account using a one-click sign in option. AD/LDAP Sign In ~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E10 & E20* +*Available in Enterprise Edition E10 and E20* When enabled by your System Admin, you can sign in with your AD/LDAP credentials. This lets you use the same username and password for diff --git a/source/install/i18n.rst b/source/install/i18n.rst index f54fe6f1ed9..b3a9c52724e 100644 --- a/source/install/i18n.rst +++ b/source/install/i18n.rst @@ -1,9 +1,9 @@ .. _i18n: -Chinese, Japanese & Korean Search +Chinese, Japanese and Korean Search ================================= -Enabling search for Chinese, Japanese & Korean (CJK) requires special configuration, since these languages do not contain spaces. +Enabling search for Chinese, Japanese and Korean (CJK) requires special configuration, since these languages do not contain spaces. - See `database requirements documentation `__ for how to setup search for these languages. diff --git a/source/install/prod-windows-2012.rst b/source/install/prod-windows-2012.rst index 25c177105f7..8c71e0310c2 100644 --- a/source/install/prod-windows-2012.rst +++ b/source/install/prod-windows-2012.rst @@ -14,7 +14,7 @@ Install Windows Server 2012+ ---------------------------- 1. Set up 3 machines with any edition of Windows Server 2012+ (except core) with 2GB of RAM or more. The - servers will be used for the Web Proxy & SSL Termination, Mattermost, and Database. The screenshots + servers will be used for the Web Proxy and SSL Termination, Mattermost, and Database. The screenshots used in this guide are from Microsoft Server 2012, but similar steps should work for other versions. - **Optional:** You can also use a single machine for all 3 @@ -31,7 +31,7 @@ Set up Database Server 1. Login to the database server. For the purposes of this guide we will assume this server has an IP address of 10.0.0.1. -Install & Configure MySQL +Install and Configure MySQL ^^^^^^^^^^^^^^^^^^^^^^^^^ 2. `Download the MySQL 5.6+ `__ installer, or (PostgreSQL 9.3+). diff --git a/source/install/requirements.rst b/source/install/requirements.rst index 2a16ff52697..2256b756788 100644 --- a/source/install/requirements.rst +++ b/source/install/requirements.rst @@ -1,6 +1,6 @@ .. _requirements: -Software & Hardware Requirements +Software and Hardware Requirements ================================ This guide outlines minimum software and hardware requirements for deploying Mattermost. Requirements may vary based on utilization and observing performance of pilot projects is recommended prior to scale out. diff --git a/source/overview/product.rst b/source/overview/product.rst index 9ab66a864fc..016b2f15e15 100644 --- a/source/overview/product.rst +++ b/source/overview/product.rst @@ -42,7 +42,7 @@ Details of each offering are as follows: - Extensive integration support via `webhooks, APIs, drivers `__ and `third party extensions `__ - Easily scalable from dozens to hundreds of users - New improvements released every two months -- Languages include U.S. English, Chinese (Simplified & Traditional), Dutch, French, German, Italian, Japanese, Korean, Polish, Brazilian Portuguese, Russian, Turkish, Spanish, and Ukrainian. +- Languages include U.S. English, Chinese (Simplified and Traditional), Dutch, French, German, Italian, Japanese, Korean, Polish, Brazilian Portuguese, Russian, Turkish, Spanish, and Ukrainian. To get started, `download the open source Mattermost Team Edition server `__ under an MIT license. diff --git a/source/overview/security.rst b/source/overview/security.rst index 256e8b378da..412f79025c6 100644 --- a/source/overview/security.rst +++ b/source/overview/security.rst @@ -41,7 +41,7 @@ Transmission Security - Option to `exclude message contents from push notifications `__ to comply with strict compliance policies, such as US HIPAA standards. - Ability to exclude or include the `contents of messages in push notifications `__ to avoid disclosure on locked mobile screens, and via relay servers from Apple and Google when sending notifications to iOS or Android mobile apps (relevant to compliance standards such as HIPAA) -Integrity & Audit Controls +Integrity and Audit Controls ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - By default, Mattermost stores a complete history of messages, including edits and deletes, along with all files uploaded. User interface actions for "deleting" messages and channels remove the data only from the user interface; the data is retained within your database. If your compliance guidelines require it, you can turn off users' ability to edit and delete their messages after they are posted. diff --git a/source/overview/vpat.rst b/source/overview/vpat.rst index 82b38f55e0a..48d1adfad3d 100644 --- a/source/overview/vpat.rst +++ b/source/overview/vpat.rst @@ -20,49 +20,49 @@ A summary of Mattermost's support of 508 compliance standards is as follows: Section 1194.21 Software Applications and Operating Systems -- **Level of Support & Supporting Features**: SUPPORTS for 10 criteria, NOT APPLICABLE for 1 criteria, SUPPORTS THROUGH EQUIVALENT FACILITATION for 1 criteria. +- **Level of Support and Supporting Features**: SUPPORTS for 10 criteria, NOT APPLICABLE for 1 criteria, SUPPORTS THROUGH EQUIVALENT FACILITATION for 1 criteria. - **Remarks and Explanations**: NOT APPLICABLE criteria references requirements for animations, which are not used in the product. SUPPORTS THROUGH EQUIVALENT FACILITATION references the use of a user's contrast and color settings at as an equivalent Mattermost can reproduce contrast and color settings in its web interface, though--like any web application--it does not draw them from a user's PC settings. Section 1194.22 Web-based Intranet and Internet information and Applications -- **Level of Support & Supporting Features**: SUPPORTS for 5 criteria, NOT APPLICABLE for 9 criteria, SUPPORTS WITH EXCEPTION for 1 criteria, DOES NOT SUPPORT for 1 criteria. +- **Level of Support and Supporting Features**: SUPPORTS for 5 criteria, NOT APPLICABLE for 9 criteria, SUPPORTS WITH EXCEPTION for 1 criteria, DOES NOT SUPPORT for 1 criteria. - **Remarks and Explanations**: SUPPORTS WITH EXCEPTION refers to having 80-90% coverage of text equivalents for every non-text element, with plans to increase coverage in 2018 release. DOES NOT SUPPORT refers to readability without associated style sheet with plan to address this issue in 2018 release. Section 1194.23 Telecommunications Products -- **Level of Support & Supporting Features**: NOT APPLICABLE for 14 criteria. +- **Level of Support and Supporting Features**: NOT APPLICABLE for 14 criteria. - **Remarks and Explanations**: Mattermost is not a telecommunications product. Section 1194.24 Video and Multi-media Products -- **Level of Support & Supporting Features**: NOT APPLICABLE for 5 criteria. +- **Level of Support and Supporting Features**: NOT APPLICABLE for 5 criteria. - **Remarks and Explanations**: Mattermost is not a video or multi-media product. Section 1194.25 Self-Contained, Closed Products -- **Level of Support & Supporting Features**: NOT APPLICABLE for 14 criteria. +- **Level of Support and Supporting Features**: NOT APPLICABLE for 14 criteria. - **Remarks and Explanations**: Mattermost is not a closed prduct. Section 1194.26 Desktop and Portable Computers -- **Level of Support & Supporting Features**: NOT APPLICABLE for 4 criteria. +- **Level of Support and Supporting Features**: NOT APPLICABLE for 4 criteria. - **Remarks and Explanations**: Mattermost is not a desktop or portable computer. Section 1194.31 Functional Performance Criteria -- **Level of Support & Supporting Features**: SUPPORTS for 4 criteria, NOT APPLICABLE for 2 criteria. +- **Level of Support and Supporting Features**: SUPPORTS for 4 criteria, NOT APPLICABLE for 2 criteria. - **Remarks and Explanations**: NOT APPLICABLE due to no audio-entry for Mattermost. Section 1194.41 Information, Documentation and Support -- **Level of Support & Supporting Features**: SUPPORTS for 3 criteria. +- **Level of Support and Supporting Features**: SUPPORTS for 3 criteria. - **Remarks and Explanations**: No additional comments. @@ -71,73 +71,73 @@ Section 1194.21 Software Applications and Operating Systems - Detail (a) When software is designed to run on a system that has a keyboard, product functions shall be executable from a keyboard where the function itself or the result of performing a function can be discerned textually. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Web-based application has extensive keyboard shortcut controls along with support for tabbed interface allowing operating using keyboard only. `Definitions of keyboard shortcuts are available in product documentation `__. Keyboard functionality is under continually review for opportunities for improvement. (b) Applications shall not disrupt or disable activated features of other products that are identified as accessibility features, where those features are developed and documented according to industry standards. Applications also shall not disrupt or disable activated features of any operating system that are identified as accessibility features where the application programming interface for those accessibility features has been documented by the manufacturer of the operating system and is available to the product developer. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (c) A well-defined on-screen indication of the current focus shall be provided that moves among interactive interface elements as the input focus changes. The focus shall be programmatically exposed so that Assistive Technology can track focus and focus changes. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (d) Sufficient information about a user interface element including the identity, operation and state of the element shall be available to Assistive Technology. When an image represents a program element, the information conveyed by the image must also be available in text. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (e) When bitmap images are used to identify controls, status indicators, or other programmatic elements, the meaning assigned to those images shall be consistent throughout an application's performance. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (f) Textual information shall be provided through operating system functions for displaying text. The minimum information that shall be made available is text content, text input caret location, and text attributes. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (g) Applications shall not override user selected contrast and color selections and other individual display attributes. -- **Level of Support & Supporting Features**: SUPPORTS THROUGH EQUIVALENT FACILITATION +- **Level of Support and Supporting Features**: SUPPORTS THROUGH EQUIVALENT FACILITATION - **Remarks and Explanations**: Mattermost web application can be used in high contrast mode with support for use selected colors and contrast options. (h) When animation is displayed, the information shall be displayable in at least one non-animated presentation mode at the option of the user. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: No core functionality in the product relies on animations. While some loading indicators are animated, failure to load is documented in text with error messages. (i) Color coding shall not be used as the only means of conveying information, indicating an action, prompting a response, or distinguishing a visual element. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: No indicators rely on color alone. (j) When a product permits a user to adjust color and contrast settings, a variety of color selections capable of producing a range of contrast levels shall be provided. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: See `full documentation `__. (k) Software shall not use flashing or blinking text, objects, or other elements having a flash or blink frequency greater than 2 Hz and lower than 55 Hz. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (l) When electronic forms are used, the form shall allow people using Assistive Technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. @@ -146,97 +146,97 @@ Section 1194.22 Web-based Intranet and Internet information and Applications - D (a) A text equivalent for every non-text element shall be provided (e.g., via "alt", "longdesc", or in element content). -- **Level of Support & Supporting Features**: SUPPORTS WITH EXCEPTION +- **Level of Support and Supporting Features**: SUPPORTS WITH EXCEPTION - **Remarks and Explanations**: 80-90% supported, full supported expected in 2018 release. (b) Equivalent alternatives for any multimedia presentation shall be synchronized with the presentation. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (c) Web pages shall be designed so that all information conveyed with color is also available without color, for example from context or markup. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (d) Documents shall be organized so they are readable without requiring an associated style sheet. -- **Level of Support & Supporting Features**: DOES NOT SUPPORT +- **Level of Support and Supporting Features**: DOES NOT SUPPORT - **Remarks and Explanations**: This functionality is planned for 2018 release. (e) Redundant text links shall be provided for each active region of a server-side image map. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (f) Client-side image maps shall be provided instead of server-side image maps except where the regions cannot be defined with an available geometric shape. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (g) Row and column headers shall be identified for data tables. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (h) Markup shall be used to associate data cells and header cells for data tables that have two or more logical levels of row or column headers. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (i) Frames shall be titled with text that facilitates frame identification and navigation -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j) Pages shall be designed to avoid causing the screen to flicker with a frequency greater than 2 Hz and lower than 55 Hz. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (k) A text-only page, with equivalent information or functionality, shall be provided to make a web site comply with the provisions of this part, when compliance cannot be accomplished in any other way. The content of the text-only page shall be updated whenever the primary page changes. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Compliance criteria is supported, therefore text-only page is not provided. (l) When pages utilize scripting languages to display content, or to create interface elements, the information provided by the script shall be identified with functional text that can be read by Assistive Technology. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (m) When a web page requires that an applet, plug-in or other application be present on the client system to interpret page content, the page must provide a link to a plug-in or applet that complies with 1194.21(a) through (l). -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (n) When electronic forms are designed to be completed on-line, the form shall allow people using Assistive Technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Nothing to add. (o) A method shall be provided that permits users to skip repetitive navigation links. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Keyboard shortcuts can skip repetitive navigation links. (p) When a timed response is required, the user shall be alerted and given sufficient time to indicate more time is required. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. There are no timed responses used in the system. @@ -245,85 +245,85 @@ Section 1194.23 Telecommunications Products - Detail (a) Telecommunications products or systems which provide a function allowing voice communication and which do not themselves provide a TTY functionality shall provide a standard non-acoustic connection point for TTYs. Microphones shall be capable of being turned on and off to allow the user to intermix speech with TTY use. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (b) Telecommunications products which include voice communication functionality shall support all commonly used cross-manufacturer non-proprietary standard TTY signal protocols. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (c) Voice mail, auto-attendant, and interactive voice response telecommunications systems shall be usable by TTY users with their TTYs. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (d) Voice mail, messaging, auto-attendant, and interactive voice response telecommunications systems that require a response from a user within a time interval, shall give an alert when the time interval is about to run out, and shall provide sufficient time for the user to indicate more time is required. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (e) Where provided, caller identification and similar telecommunications functions shall also be available for users of TTYs, and for users who cannot see displays. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (f) For transmitted voice signals, telecommunications products shall provide a gain adjustable up to a minimum of 20 dB. For incremental volume control, at least one intermediate step of 12 dB of gain shall be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (g) If the telecommunications product allows a user to adjust the receive volume, a function shall be provided to automatically reset the volume to the default level after every use. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (h) Where a telecommunications product delivers output by an audio transducer which is normally held up to the ear, a means for effective magnetic wireless coupling to hearing technologies shall be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (i) Interference to hearing technologies (including hearing aids, cochlear implants, and assistive listening devices) shall be reduced to the lowest possible level that allows a user of hearing technologies to utilize the telecommunications product. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j) Products that transmit or conduct information or communication, shall pass through cross-manufacturer, non-proprietary, industry-standard codes, translation protocols, formats or other information necessary to provide the information or communication in a usable format. Technologies which use encoding, signal compression, format transformation, or similar techniques shall not remove information needed for access or shall restore it upon delivery. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (k)(1) Products which have mechanically operated controls or keys shall comply with the following: Controls and Keys shall be tactilely discernible without activating the controls or keys. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (k)(2) Products which have mechanically operated controls or keys shall comply with the following: Controls and Keys shall be operable with one hand and shall not require tight grasping, pinching, twisting of the wrist. The force required to activate controls and keys shall be 5 lbs. (22.2N) maximum. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (k)(3) Products which have mechanically operated controls or keys shall comply with the following: If key repeat is supported, the delay before repeat shall be adjustable to at least 2 seconds. Key repeat rate shall be adjustable to 2 seconds per character. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (k)(4) Products which have mechanically operated controls or keys shall comply with the following: The status of all locking or toggle controls or keys shall be visually discernible, and discernible either through touch or sound. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. @@ -332,31 +332,31 @@ Section 1194.24 Video and Multi-media Products - Detail a) All analog television displays 13 inches and larger, and computer equipment that includes analog television receiver or display circuitry, shall be equipped with caption decoder circuitry which appropriately receives, decodes, and displays closed captions from broadcast, cable, videotape, and DVD signals. As soon as practicable, but not later than July 1, 2002, widescreen digital television (DTV) displays measuring at least 7.8 inches vertically, DTV sets with conventional displays measuring at least 13 inches vertically, and stand-alone DTV tuners, whether or not they are marketed with display screens, and computer equipment that includes DTV receiver or display circuitry, shall be equipped with caption decoder circuitry which appropriately receives, decodes, and displays closed captions from broadcast, cable, videotape, and DVD signals. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (b) Television tuners, including tuner cards for use in computers, shall be equipped with secondary audio program playback circuitry. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (c) All training and informational video and multimedia productions which support the agency's mission, regardless of format, that contain speech or other audio information necessary for the comprehension of the content, shall be open or closed captioned. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (d) All training and informational video and multimedia productions which support the agency's mission, regardless of format, that contain visual information necessary for the comprehension of the content, shall be audio described. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (e) Display or presentation of alternate text presentation or audio descriptions shall be user-selectable unless permanent. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. @@ -365,79 +365,79 @@ Section 1194.25 Self-Contained, Closed Products - Detail (a) Self contained products shall be usable by people with disabilities without requiring an end-user to attach Assistive Technology to the product. Personal headsets for private listening are not Assistive Technology. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (b) When a timed response is required, the user shall be alerted and given sufficient time to indicate more time is required. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (c) Where a product utilizes touchscreens or contact-sensitive controls, an input method shall be provided that complies with 1194.23 -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (d) When biometric forms of user identification or control are used, an alternative form of identification or activation, which does not require the user to possess particular biological characteristics, shall also be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (e) When products provide auditory output, the audio signal shall be provided at a standard signal level through an industry standard connector that will allow for private listening. The product must provide the ability to interrupt, pause, and restart the audio at anytime. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (f) When products deliver voice output in a public area, incremental volume control shall be provided with output amplification up to a level of at least 65 dB. Where the ambient noise level of the environment is above 45 dB, a volume gain of at least 20 dB above the ambient level shall be user selectable. A function shall be provided to automatically reset the volume to the default level after every use. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (g) Color coding shall not be used as the only means of conveying information, indicating an action, prompting a response, or distinguishing a visual element. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (h) When a product permits a user to adjust color and contrast settings, a range of color selections capable of producing a variety of contrast levels shall be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (i) Products shall be designed to avoid causing the screen to flicker with a frequency greater than 2 Hz and lower than 55 Hz. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j) (1) Products which are freestanding, non-portable, and intended to be used in one location and which have operable controls shall comply with the following: The position of any operable control shall be determined with respect to a vertical plane, which is 48 inches in length, centered on the operable control, and at the maximum protrusion of the product within the 48 inch length on products which are freestanding, non-portable, and intended to be used in one location and which have operable controls. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j)(2) Products which are freestanding, non-portable, and intended to be used in one location and which have operable controls shall comply with the following: Where any operable control is 10 inches or less behind the reference plane, the height shall be 54 inches maximum and 15 inches minimum above the floor. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j)(3) Products which are freestanding, non-portable, and intended to be used in one location and which have operable controls shall comply with the following: Where any operable control is more than 10 inches and not more than 24 inches behind the reference plane, the height shall be 46 inches maximum and 15 inches minimum above the floor. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (j)(4) Products which are freestanding, non-portable, and intended to be used in one location and which have operable controls shall comply with the following: Operable controls shall not be more than 24 inches behind the reference plane. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. @@ -447,25 +447,25 @@ Section 1194.26 Desktop and Portable Computers - Detail (a) All mechanically operated controls and keys shall comply with 1194.23 (k) (1) through (4). -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (b) If a product utilizes touchscreens or touch-operated controls, an input method shall be provided that complies with 1194.23 (k) (1) through (4). -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (c) When biometric forms of user identification or control are used, an alternative form of identification or activation, which does not require the user to possess particular biological characteristics, shall also be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. (d) Where provided, at least one of each type of expansion slots, ports and connectors shall comply with publicly available industry standards -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: Functionality described in this requirement is not included in the product. @@ -475,37 +475,37 @@ Section 1194.31 Functional Performance Criteria – Detail (a) At least one mode of operation and information retrieval that does not require user vision shall be provided, or support for Assistive Technology used by people who are blind or visually impaired shall be provided. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Made available via browser. (b) At least one mode of operation and information retrieval that does not require visual acuity greater than 20/70 shall be provided in audio and enlarged print output working together or independently, or support for Assistive Technology used by people who are visually impaired shall be provided. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Increasing Zoom level in Mattermost web app can be used to fulfill this requirement. (c) At least one mode of operation and information retrieval that does not require user hearing shall be provided, or support for Assistive Technology used by people who are deaf or hard of hearing shall be provided -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: There is no functionality relying on audio only. (d) Where audio information is important for the use of a product, at least one mode of operation and information retrieval shall be provided in an enhanced auditory fashion, or support for assistive hearing devices shall be provided. -- **Level of Support & Supporting Features**: NOT APPLICABLE +- **Level of Support and Supporting Features**: NOT APPLICABLE - **Remarks and Explanations**: There is no functionality relying on audio only. (e) At least one mode of operation and information retrieval that does not require user speech shall be provided, or support for Assistive Technology used by people with disabilities shall be provided. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: No speech-only interfaces in Mattermost. (f) At least one mode of operation and information retrieval that does not require fine motor control or simultaneous actions and that is operable with limited reach and strength shall be provided. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: System can be operated with computer keyboard only, which can meet stated requirements when in accessibility mode. @@ -514,18 +514,18 @@ Section 1194.41 Information, Documentation and Support – Detail (a) Product support documentation provided to end-users shall be made available in alternate formats upon request, at no additional charge -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Full documentation publicly available at https://docs.mattermost.com (b) End-users shall have access to a description of the accessibility and compatibility features of products in alternate formats or alternate methods upon request, at no additional charge. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: This documentation include links to all relevant accessibility and compatibility options, including theme colors and keyboard shortcuts. (c) Support services for products shall accommodate the communication needs of end-users with disabilities. -- **Level of Support & Supporting Features**: SUPPORTS +- **Level of Support and Supporting Features**: SUPPORTS - **Remarks and Explanations**: Mattermost Enterprise Edition support available via email. diff --git a/source/process/benefits-us.rst b/source/process/benefits-us.rst index e4dce34a148..029b6732838 100644 --- a/source/process/benefits-us.rst +++ b/source/process/benefits-us.rst @@ -17,7 +17,7 @@ This overview is a quick reference guide and does not replace the documentation The Company pays 100% of premiums for medical, 100% of premiums for dental and 100% of premiums for vision coverage for employee. In addition, the Company funds 50% of premiums for medical, 50% of premiums for dental and 50% of premiums for vision coverage for spouse, dependent, and domestic partner. These contribution amounts are capped at: -**Insurance & Company Contribution Cap** +**Insurance and Company Contribution Cap** - Medical Employee Only: $593.00 - Medical Employee + Spouse: $981.50 diff --git a/source/process/integrations-directory.rst b/source/process/integrations-directory.rst index 811300c2f7a..bc335586732 100644 --- a/source/process/integrations-directory.rst +++ b/source/process/integrations-directory.rst @@ -4,7 +4,7 @@ How to Update Integrations Directory This document outlines the internal process for updating https://integrations.mattermost.com/. -New integrations get submitted in the `Integrations & Apps channel `_ +New integrations get submitted in the `Integrations and Apps channel `_ via `this form `_. Initial Steps diff --git a/source/process/marketing-guidelines.rst b/source/process/marketing-guidelines.rst index e854941a09e..cf6599c1d6e 100644 --- a/source/process/marketing-guidelines.rst +++ b/source/process/marketing-guidelines.rst @@ -37,7 +37,7 @@ In order to achieve these goals, our writing must be: 2. **Appealing to secondary audiences.** These include open source and in-house developers and end users at highly regulated companies. 3. **Part of our brand.** Our style and message must be consistent over the long term. Therefore, all of our content, irrespective of purpose or subject-matter, must pull the reader in the same direction and reinforce our key messages. 4. **High quality.** Quality in writing reflects the professionalism of our organization. We pay attention to the rules of grammar and spelling. - 5. **Clear & transparent.** We aim to communicate simply, using language that is familiar to our audiences. People don't buy what they don't understand! + 5. **Clear and transparent.** We aim to communicate simply, using language that is familiar to our audiences. People don't buy what they don't understand! 6. **International.** Mattermost has customers around the world and in many cases English is their second language. Use standard American English but do not use metaphors or expressions that people outside of North America are unlikely to understand. 7. **Avoiding unintentional controversy.** We might want to stir up a bit of controversy now and again – but only on relevant technological and business topics. Avoid subjects or analogies that might provoke an emotional or hostile response: religion, politics, warfare, personal relationships etc. 8. **Fit for purpose.** Is your content designed to persuade (e.g. an opinion piece), promote (e.g. a product description) or instruct (e.g. to guide a user through procedural steps)? Adjust your tone and your language accordingly. diff --git a/source/process/training.rst b/source/process/training.rst index 7291fb6f77a..2c63365e611 100644 --- a/source/process/training.rst +++ b/source/process/training.rst @@ -25,20 +25,20 @@ Important things to know Hiring --------------------------------------------------------- -- (People Ops & New Hire) Offer letter accepted via click-sign -- (Logistics) Mail track jacket & socks +- (People Ops and New Hire) Offer letter accepted via click-sign +- (Logistics) Mail track jacket and socks T-minus 1-3 weeks --------------------------------------------------------- -- (People Ops & New Hire) People Ops should find out new hire's preference for laptop, either to be purchased or taken from stock and shipped by People Ops or purchased locally by new hire and expensed. Windows laptops generally cost less than Macs so budget is based on Macs. For non-developers, budget is cost of a Macbook in your local area, for developers budget is cost of a Macbook Pro. Since these items are company property, you do not need to buy insurance or extended warranties for them, but you do need to report any loss or damage to People@mattermost.com as soon as it occurs. +- (People Ops and New Hire) People Ops should find out new hire's preference for laptop, either to be purchased or taken from stock and shipped by People Ops or purchased locally by new hire and expensed. Windows laptops generally cost less than Macs so budget is based on Macs. For non-developers, budget is cost of a Macbook in your local area, for developers budget is cost of a Macbook Pro. Since these items are company property, you do not need to buy insurance or extended warranties for them, but you do need to report any loss or damage to People@mattermost.com as soon as it occurs. - (New Hire) Read the entirety of Onboarding page for info on meetings, mindsets, terminology and training materials. - (People Ops) Send email invite to New Hire to set up an @mattermost.com email address. New Hire should use this email address on community.mattermost.com (replace personal email with company email if already registered there). `FIRST_NAME.LAST_NAME@mattermost.com` is the standard naming convention. T-minus 1 week --------------------------------------------------------- -- (People Ops & New Hire) Set up payroll. +- (People Ops and New Hire) Set up payroll. - US FTE, receive email to complete TriNet sign-up, payroll, benefits enrollment, I-9 form, banking information, personal information, tax forms. - Non-US Employee/Non-Canada Employee, complete bank info form for monthly wire transfer. - Non-US Resident Contractor, complete W8-BEN form. @@ -187,7 +187,7 @@ Procedure: 3. (Vice Chair) Start Zoom recording at 8:00am Palo Alto time. -3. (Chair & Co-Chairs) Run through the agenda, which comprises one or more of the following items: +3. (Chair and Co-Chairs) Run through the agenda, which comprises one or more of the following items: - **Introduction**: One of the founders does an introduction to the meeting. - **Week 2 Welcomes of new team members**: @@ -211,7 +211,7 @@ Procedure: 2. (Vice Chair) Post recording to Cust Obs Prep channel, with timecode of co-founder's introduction. -3. (Chair & Co-Chairs) Review recording and decide if the introduction is converted to a YouTube video and included in onboarding documentation. Sample recordings include discussions of leadership principles, mission and core values. +3. (Chair and Co-Chairs) Review recording and decide if the introduction is converted to a YouTube video and included in onboarding documentation. Sample recordings include discussions of leadership principles, mission and core values. Frequently Asked Questions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -305,7 +305,7 @@ Procedure: :: #### @channel A reminder to prepare your items for R&D meeting [DATE]: - 1. @[name], @[name] & @[name] - you're up for ice-breaker + 1. @[name], @[name] and @[name] - you're up for ice-breaker 2. Reminder for team member responsible for this week's team update to include it [in the notes](LINK) 3. If you'll be giving a demo, please queue it [in the meeting notes](link) ##### Everyone is encouraged to bring up items for discussion. If the discussion is `time-copped` during the meeting, please be sure to add a `next step` to the notes and post a link to where the conversation can be continued. ~platform channel is usually a good place to continue discussions. @@ -408,7 +408,7 @@ Consider when two rational people disagree, the cause often comes from one of th While the emotions, assumptions, priority mindset won't work for everyone in every case, it's helped resolve complex decisions in our company's history. -Likes & Wishes +Likes and Wishes --------------------------------------------- An easy way to check in with team members about how things are going. @@ -675,7 +675,7 @@ Software Strategy System Security ^^^^^^^^^^^^^^^ -Papers & Course Materials +Papers and Course Materials 1. `Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology `__ - Standards for internal Mattermost security processes and safeguards. 2. `Computer Security in the Real World. Butler Lampson `__ - Fundamental challenges with system security. diff --git a/source/process/working-at-mattermost.rst b/source/process/working-at-mattermost.rst index cf2bfb22bb8..4c621f9adda 100644 --- a/source/process/working-at-mattermost.rst +++ b/source/process/working-at-mattermost.rst @@ -117,12 +117,12 @@ Please take off holidays relevant to your culture, resident country and preferen We're headquartered in the US and have a large Canadian contingent, so below are holidays we're expecting people from those countries to take off: -US & Canadian Holidays for 2019: +US and Canadian Holidays for 2019: -- US & Canadian New Year's (1/1/2019) +- US and Canadian New Year's (1/1/2019) - US MLK Jr. Day (1/21/2019) -- Canadian Family Day & US Presidents' Day (2/18/2019) -- US & Canadian Good Friday (4/19/2019) +- Canadian Family Day and US Presidents' Day (2/18/2019) +- US and Canadian Good Friday (4/19/2019) - Canadian Victoria Day (5/20/2019) - US Memorial Day (5/27/2019) - Canada Day (7/1/2019) @@ -132,7 +132,7 @@ US & Canadian Holidays for 2019: - US Labor Day, Canadian Labour Day (9/2/2019) - Canadian Thanksgiving (10/14/2019) - US Thanksgiving (11/28/2019) -- US & Canadian Christmas Day (12/25/2019) +- US and Canadian Christmas Day (12/25/2019) - Canadian Boxing Day (12/26/2019) From f177decc86bc0629b8e2434d2f28cc6f775cd63e Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Mon, 27 May 2019 22:30:03 +0530 Subject: [PATCH 08/35] minor review fixes Update source/install/trouble_mysql.rst Co-Authored-By: amyblais Update source/install/trouble_mysql.rst Co-Authored-By: amyblais add comma Co-Authored-By: amyblais remove colon Co-Authored-By: amyblais Replace w/ proper rst formatting r/**Warning**/.. warning:: Co-Authored-By: amyblais Left shift word Co-Authored-By: amyblais left shift word Co-Authored-By: amyblais left shift word remove extra whitespace Co-Authored-By: amyblais left shift word remove extra whitespace Co-Authored-By: amyblais code format mattermost word r/mattermost/``mattermost`` Co-Authored-By: amyblais proper rst formatting for word r/mattermost/``mattermost`` Co-Authored-By: amyblais Merge branch 'minor-docs-fixes' of github.com:tapaswenipathak/docs into minor-docs-fixes --- source/administration/bulk-export.rst | 2 +- source/administration/config-settings.rst | 1 + source/install/trouble_mysql.rst | 98 +++++++++++------------ 3 files changed, 51 insertions(+), 50 deletions(-) diff --git a/source/administration/bulk-export.rst b/source/administration/bulk-export.rst index ec8e0dd7614..d3262b49323 100644 --- a/source/administration/bulk-export.rst +++ b/source/administration/bulk-export.rst @@ -5,7 +5,7 @@ Bulk Export Tool ================= Moving data from one Mattermost instance into another begins with exporting data -to a JSONL file `JSONL `__ file using the +to a `JSONL `__ file using the `bulk loading feature `__. This tool is useful if you have created a server for a proof of concept, have created another server for production use and now want to retain the history diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index fca8b1b49dd..428951e568c 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -3028,6 +3028,7 @@ A 32-character key for encrypting and decrypting sensitive fields in the databas When using High Availability, the salt must be identical in each instance of Mattermost. The following fields are encrypted using this key + - ``SqlSettings.DriverName`` - ``SqlSettings.DataSource`` - ``SqlSettings.MaxIdleConns`` diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index bf167f82573..2718d484d20 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -1,7 +1,7 @@ MySQL Installation Troubleshooting ================================== - Before you can run the Mattermost server, you must first install and +Before you can run the Mattermost server, you must first install and configure a database. You start Mattermost by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. If the Mattermost server cannot @@ -9,7 +9,7 @@ connect to the database, it will fail to start. This section deals with MySQL database issues that you may encounter when you start up Mattermost for the first time. - How you install MySQL varies depending upon which Linux distribution you +How you install MySQL varies depending upon which Linux distribution you use. But once MySQL is installed the configuration instructions are the same. For all distributions you must create a ``mattermost`` database and a ``mattermost`` database user. Failure to create these database @@ -18,47 +18,47 @@ file, ``/opt/mattermost/config/config.jason``, causes Mattermost to fail. The troubleshooting tips given here deal with these specific issues. - Before proceeding confirm that your MySQL server is running. You can do +Before proceeding confirm that your MySQL server is running. You can do this by issuing the command: ``mysqladmin -u root -p status``. When prompted, enter your password. If MySQL is running you should see output like the following: :: - Uptime: 877134 Threads: 1 Questions: 9902 Slow queries: 0 Opens: 522 + Uptime: 877134 Threads: 1 Questions: 9902 Slow queries: 0 Opens: 522 Flush tables: 1 Open tables: 371 Queries per second avg: 0.011 - If MySQL is not running, review the instructions for installation on +If MySQL is not running, review the instructions for installation on your distribution. - **Warning** +.. warning:: - Some of the commands used in this section alter the database. **Use - these commands only if your Mattermost installation has failed.** Do - not directly manipulating the MySQL database for a working - Mattermost installation. + Some of the commands used in this section alter the database. **Use + these commands only if your Mattermost installation has failed.** Do + not directly manipulating the MySQL database for a working + Mattermost installation. - The mattermost Database + The ``mattermost`` Database ----------------------- - The database created during installation is named ``mattermost``. If you +The database created during installation is named ``mattermost``. If you fail to create this database or you misname it, when you attempt to start the Mattermost server you will see an error such as: :: - [2017/09/20 17:11:37 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:11:37 EDT] [INFO] Pinging SQL master database [2017/09/20 17:11:37 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost' - Note that MySQL is specifically denying access to the ``mattermost`` +Note that MySQL is specifically denying access to the ``mattermost`` database. This may mean that you have failed to create a database named ``mattermost`` or you may have incorrectly referenced this database from the ``/opt/mattermost/config/config.json`` file. **Checking that the Database Exists** - To confirm that the ``mattermost`` database exists, open MySQL as root +To confirm that the ``mattermost`` database exists, open MySQL as root by executing ``mysql -u root -p``. When prompted, enter your password and then issue the command ``show databases;``. This command displays all the databases. You should see something similar to the @@ -66,7 +66,7 @@ following: :: - +--------------------+ + +--------------------+ | Database | +--------------------+ | information_schema | @@ -77,22 +77,22 @@ following: +--------------------+ 5 rows in set (0.03 sec) - **No mattermost Database** + **No ``mattermost`` Database** - If the ``mattermost`` database doesn't exist, create a database named +If the ``mattermost`` database doesn't exist, create a database named ``mattermost`` by opening MySQL as root and issuing the command: ``create database mattermost;``. - If you accidentally created a database with the wrong name, you can +If you accidentally created a database with the wrong name, you can remove it by issuing the command: :samp:`drop database {misnamed};` - After creation of the database, attempt to restart the Mattermost server +After creation of the database, attempt to restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. - **The mattermost Database Exists** +**The mattermost Database Exists** - If the ``mattermost`` database does exist, confirm that you have defined +If the ``mattermost`` database does exist, confirm that you have defined the database driver correctly in the ``/opt/mattermost/config/config.json`` file. Open this file in a text editor, and review the value of ``"DataSource"``. It should be: @@ -101,17 +101,17 @@ editor, and review the value of ``"DataSource"``. It should be: "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - You should also confirm that ``DriverName`` element (found immediately +You should also confirm that ``DriverName`` element (found immediately above the ``DataSource`` element) is set to ``mysql``. - If you correct an error, restart the Mattermost server by navigating to +If you correct an error, restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. - The Database User +The Database User ----------------- - During installation you create a MySQL database user from the *mysql* +During installation you create a MySQL database user from the *mysql* prompt by issuing the command :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The ``mmuser-password`` value is a placeholder for the password you chose. @@ -120,19 +120,19 @@ You may also have specified an IP address rather than the wild card **Note** - A MySQL user is fully defined by their username and the host that + A MySQL user is fully defined by their username and the host that they access MySQL from. These elements are separated by the ``@`` sign. The ``%`` character is a wild card indicating that the user can access MySQL from any IP address. If the user you created accesses MySQL from a specific IP address such as ``10.10.10.2``, please adjust your actions accordingly. - If the user and host combination that you created does not exist, you +If the user and host combination that you created does not exist, you will see an error such as: :: - [2017/09/20 17:06:18 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:06:18 EDT] [INFO] Pinging SQL master database [2017/09/20 17:06:18 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) @@ -141,14 +141,14 @@ will see an error such as: To check that this user exists log in to MySQL as root: ``mysql -u root -p``. - When prompted, enter the root password that you created when installing +When prompted, enter the root password that you created when installing MySQL. From the ``mysql`` prompt enter the command ``select User, Host from mysql.user;``. You should see something like the following :: - +------------------+-----------+ + +------------------+-----------+ | User | Host | +------------------+-----------+ | mmuser | % | @@ -161,17 +161,17 @@ like the following **User Doesn't Exist** - If ``'mmuser'@'%'`` does not exist, create this user by logging into +If ``'mmuser'@'%'`` does not exist, create this user by logging into MySQL as root and issuing the command: :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. - After creating a user, ensure that this user has rights to the +After creating a user, ensure that this user has rights to the ``mattermost`` database by following the instructions given in :ref:`mysql_grants`. **User Exists** - If the user ``mmuser`` exists, the DataSource element of the +If the user ``mmuser`` exists, the DataSource element of the ``/opt/mattermost/config/config.jason`` file may be incorrect. Open this file and search for ``DataSource``. It's value should be: @@ -179,25 +179,25 @@ file and search for ``DataSource``. It's value should be: "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - If you correct an error, restart the Mattermost server by navigating to +If you correct an error, restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and issuing the command: ``sudo -u mattermost ./platform``. The User Password ----------------- - Mattermost will fail if you use an incorrect password for ``mmuser``. An +Mattermost will fail if you use an incorrect password for ``mmuser``. An incorrect password displays an error message such as the following: :: - [2017/09/20 17:09:10 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:09:10 EDT] [INFO] Pinging SQL master database [2017/09/20 17:09:10 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) **The Password in config.jason** - The DataSource element of the ``/opt/mattermost/config/config.jason`` +The DataSource element of the ``/opt/mattermost/config/config.jason`` file references the ``mmuser`` password. Open this file and search for ``DataSource``. It's value should be: @@ -205,18 +205,18 @@ file references the ``mmuser`` password. Open this file and search for "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - Check that the password is correct. If you correct an error, restart the +Check that the password is correct. If you correct an error, restart the Mattermost server by navigating to ``/opt/mattermost/bin`` and issuing the command: ``sudo -u mattermost ./platform``. **Unsure of Password** - If you are not sure that the ``mmuser`` password is correct, attempt to +If you are not sure that the ``mmuser`` password is correct, attempt to log in to MySQL as ``mmuser`` by issuing the command ``mysql -u mmuser -p``. You will be prompted for your password. If your login fails, you are not using the correct password. - With a new database installation, the easiest solution for an unknown +With a new database installation, the easiest solution for an unknown password is to remove the existing ``mmuser`` and then recreate that user. You do this by logging in to MySQL as root and issuing the following commands: @@ -231,22 +231,22 @@ following commands: ``mattermost`` database by following the instructions given in :ref: `mysql_grants`. - Insufficient User Privileges +Insufficient User Privileges ---------------------------- - If the database exists and the username and password are correct, the +If the database exists and the username and password are correct, the ``mmuser`` may not have sufficient rights to access the ``mattermost`` database. If this is the case, you may see an error message such as: :: - [2017/09/20 17:20:53 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:20:53 EDT] [INFO] Pinging SQL master database [2017/09/20 17:20:53 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost **Note** - Examine the error message closely. The user name displayed in the + Examine the error message closely. The user name displayed in the error message is the user identified in the ``DataSource`` element of the ``/opt/mattermost/config/config.jason`` file. For example, if the error message reads @@ -254,14 +254,14 @@ database. If this is the case, you may see an error message such as: that you have misidentified the user as ``muser`` in the ``config.jason`` file. - You can check if the user ``mmuser`` has access to the ``mattermost`` +You can check if the user ``mmuser`` has access to the ``mattermost`` database by logging in to MySQL as ``mmuser`` and issuing the command: ``show databases;``. If this user does not have rights to view the ``mattermost`` database, you will not see it in the output. :: - +--------------------+ + +--------------------+ | Database | +--------------------+ | information_schema | @@ -272,11 +272,11 @@ database by logging in to MySQL as ``mmuser`` and issuing the command: **Granting Privileges to mmuser** - If the ``mattermost`` database exists and ``mmuser`` cannot view it, +If the ``mattermost`` database exists and ``mmuser`` cannot view it, exit from MySQL and then log in again as root. Issue the command ``grant all privileges on mattermost.* to 'mmuser'@'%';`` to grant all rights on ``mattermost`` to ``mmuser``. - Restart the Mattermost server by navigating to the +Restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. From ab8af5e2af041b67cb95753705bd2682ba401323 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Mon, 27 May 2019 22:30:03 +0530 Subject: [PATCH 09/35] minor review fixes Update source/install/trouble_mysql.rst Co-Authored-By: amyblais Update source/install/trouble_mysql.rst Co-Authored-By: amyblais add comma Co-Authored-By: amyblais remove colon Co-Authored-By: amyblais Replace w/ proper rst formatting r/**Warning**/.. warning:: Co-Authored-By: amyblais Left shift word Co-Authored-By: amyblais left shift word Co-Authored-By: amyblais left shift word remove extra whitespace Co-Authored-By: amyblais left shift word remove extra whitespace Co-Authored-By: amyblais code format mattermost word r/mattermost/``mattermost`` Co-Authored-By: amyblais proper rst formatting for word r/mattermost/``mattermost`` Co-Authored-By: amyblais Merge branch 'minor-docs-fixes' of github.com:tapaswenipathak/docs into minor-docs-fixes --- source/administration/bulk-export.rst | 2 +- source/administration/config-settings.rst | 1 + source/install/trouble_mysql.rst | 98 +++++++++++------------ 3 files changed, 51 insertions(+), 50 deletions(-) diff --git a/source/administration/bulk-export.rst b/source/administration/bulk-export.rst index ec8e0dd7614..d3262b49323 100644 --- a/source/administration/bulk-export.rst +++ b/source/administration/bulk-export.rst @@ -5,7 +5,7 @@ Bulk Export Tool ================= Moving data from one Mattermost instance into another begins with exporting data -to a JSONL file `JSONL `__ file using the +to a `JSONL `__ file using the `bulk loading feature `__. This tool is useful if you have created a server for a proof of concept, have created another server for production use and now want to retain the history diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index fca8b1b49dd..428951e568c 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -3028,6 +3028,7 @@ A 32-character key for encrypting and decrypting sensitive fields in the databas When using High Availability, the salt must be identical in each instance of Mattermost. The following fields are encrypted using this key + - ``SqlSettings.DriverName`` - ``SqlSettings.DataSource`` - ``SqlSettings.MaxIdleConns`` diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index bf167f82573..2718d484d20 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -1,7 +1,7 @@ MySQL Installation Troubleshooting ================================== - Before you can run the Mattermost server, you must first install and +Before you can run the Mattermost server, you must first install and configure a database. You start Mattermost by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. If the Mattermost server cannot @@ -9,7 +9,7 @@ connect to the database, it will fail to start. This section deals with MySQL database issues that you may encounter when you start up Mattermost for the first time. - How you install MySQL varies depending upon which Linux distribution you +How you install MySQL varies depending upon which Linux distribution you use. But once MySQL is installed the configuration instructions are the same. For all distributions you must create a ``mattermost`` database and a ``mattermost`` database user. Failure to create these database @@ -18,47 +18,47 @@ file, ``/opt/mattermost/config/config.jason``, causes Mattermost to fail. The troubleshooting tips given here deal with these specific issues. - Before proceeding confirm that your MySQL server is running. You can do +Before proceeding confirm that your MySQL server is running. You can do this by issuing the command: ``mysqladmin -u root -p status``. When prompted, enter your password. If MySQL is running you should see output like the following: :: - Uptime: 877134 Threads: 1 Questions: 9902 Slow queries: 0 Opens: 522 + Uptime: 877134 Threads: 1 Questions: 9902 Slow queries: 0 Opens: 522 Flush tables: 1 Open tables: 371 Queries per second avg: 0.011 - If MySQL is not running, review the instructions for installation on +If MySQL is not running, review the instructions for installation on your distribution. - **Warning** +.. warning:: - Some of the commands used in this section alter the database. **Use - these commands only if your Mattermost installation has failed.** Do - not directly manipulating the MySQL database for a working - Mattermost installation. + Some of the commands used in this section alter the database. **Use + these commands only if your Mattermost installation has failed.** Do + not directly manipulating the MySQL database for a working + Mattermost installation. - The mattermost Database + The ``mattermost`` Database ----------------------- - The database created during installation is named ``mattermost``. If you +The database created during installation is named ``mattermost``. If you fail to create this database or you misname it, when you attempt to start the Mattermost server you will see an error such as: :: - [2017/09/20 17:11:37 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:11:37 EDT] [INFO] Pinging SQL master database [2017/09/20 17:11:37 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost' - Note that MySQL is specifically denying access to the ``mattermost`` +Note that MySQL is specifically denying access to the ``mattermost`` database. This may mean that you have failed to create a database named ``mattermost`` or you may have incorrectly referenced this database from the ``/opt/mattermost/config/config.json`` file. **Checking that the Database Exists** - To confirm that the ``mattermost`` database exists, open MySQL as root +To confirm that the ``mattermost`` database exists, open MySQL as root by executing ``mysql -u root -p``. When prompted, enter your password and then issue the command ``show databases;``. This command displays all the databases. You should see something similar to the @@ -66,7 +66,7 @@ following: :: - +--------------------+ + +--------------------+ | Database | +--------------------+ | information_schema | @@ -77,22 +77,22 @@ following: +--------------------+ 5 rows in set (0.03 sec) - **No mattermost Database** + **No ``mattermost`` Database** - If the ``mattermost`` database doesn't exist, create a database named +If the ``mattermost`` database doesn't exist, create a database named ``mattermost`` by opening MySQL as root and issuing the command: ``create database mattermost;``. - If you accidentally created a database with the wrong name, you can +If you accidentally created a database with the wrong name, you can remove it by issuing the command: :samp:`drop database {misnamed};` - After creation of the database, attempt to restart the Mattermost server +After creation of the database, attempt to restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. - **The mattermost Database Exists** +**The mattermost Database Exists** - If the ``mattermost`` database does exist, confirm that you have defined +If the ``mattermost`` database does exist, confirm that you have defined the database driver correctly in the ``/opt/mattermost/config/config.json`` file. Open this file in a text editor, and review the value of ``"DataSource"``. It should be: @@ -101,17 +101,17 @@ editor, and review the value of ``"DataSource"``. It should be: "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - You should also confirm that ``DriverName`` element (found immediately +You should also confirm that ``DriverName`` element (found immediately above the ``DataSource`` element) is set to ``mysql``. - If you correct an error, restart the Mattermost server by navigating to +If you correct an error, restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. - The Database User +The Database User ----------------- - During installation you create a MySQL database user from the *mysql* +During installation you create a MySQL database user from the *mysql* prompt by issuing the command :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The ``mmuser-password`` value is a placeholder for the password you chose. @@ -120,19 +120,19 @@ You may also have specified an IP address rather than the wild card **Note** - A MySQL user is fully defined by their username and the host that + A MySQL user is fully defined by their username and the host that they access MySQL from. These elements are separated by the ``@`` sign. The ``%`` character is a wild card indicating that the user can access MySQL from any IP address. If the user you created accesses MySQL from a specific IP address such as ``10.10.10.2``, please adjust your actions accordingly. - If the user and host combination that you created does not exist, you +If the user and host combination that you created does not exist, you will see an error such as: :: - [2017/09/20 17:06:18 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:06:18 EDT] [INFO] Pinging SQL master database [2017/09/20 17:06:18 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) @@ -141,14 +141,14 @@ will see an error such as: To check that this user exists log in to MySQL as root: ``mysql -u root -p``. - When prompted, enter the root password that you created when installing +When prompted, enter the root password that you created when installing MySQL. From the ``mysql`` prompt enter the command ``select User, Host from mysql.user;``. You should see something like the following :: - +------------------+-----------+ + +------------------+-----------+ | User | Host | +------------------+-----------+ | mmuser | % | @@ -161,17 +161,17 @@ like the following **User Doesn't Exist** - If ``'mmuser'@'%'`` does not exist, create this user by logging into +If ``'mmuser'@'%'`` does not exist, create this user by logging into MySQL as root and issuing the command: :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. - After creating a user, ensure that this user has rights to the +After creating a user, ensure that this user has rights to the ``mattermost`` database by following the instructions given in :ref:`mysql_grants`. **User Exists** - If the user ``mmuser`` exists, the DataSource element of the +If the user ``mmuser`` exists, the DataSource element of the ``/opt/mattermost/config/config.jason`` file may be incorrect. Open this file and search for ``DataSource``. It's value should be: @@ -179,25 +179,25 @@ file and search for ``DataSource``. It's value should be: "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - If you correct an error, restart the Mattermost server by navigating to +If you correct an error, restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and issuing the command: ``sudo -u mattermost ./platform``. The User Password ----------------- - Mattermost will fail if you use an incorrect password for ``mmuser``. An +Mattermost will fail if you use an incorrect password for ``mmuser``. An incorrect password displays an error message such as the following: :: - [2017/09/20 17:09:10 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:09:10 EDT] [INFO] Pinging SQL master database [2017/09/20 17:09:10 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) **The Password in config.jason** - The DataSource element of the ``/opt/mattermost/config/config.jason`` +The DataSource element of the ``/opt/mattermost/config/config.jason`` file references the ``mmuser`` password. Open this file and search for ``DataSource``. It's value should be: @@ -205,18 +205,18 @@ file references the ``mmuser`` password. Open this file and search for "mmuser:*mmuser-password*@tcp(*host-name-or-IP*:3306)/mattermost?charset-utf8mb4,utf8&readTimeout-30s&writeTimeout-30s" - Check that the password is correct. If you correct an error, restart the +Check that the password is correct. If you correct an error, restart the Mattermost server by navigating to ``/opt/mattermost/bin`` and issuing the command: ``sudo -u mattermost ./platform``. **Unsure of Password** - If you are not sure that the ``mmuser`` password is correct, attempt to +If you are not sure that the ``mmuser`` password is correct, attempt to log in to MySQL as ``mmuser`` by issuing the command ``mysql -u mmuser -p``. You will be prompted for your password. If your login fails, you are not using the correct password. - With a new database installation, the easiest solution for an unknown +With a new database installation, the easiest solution for an unknown password is to remove the existing ``mmuser`` and then recreate that user. You do this by logging in to MySQL as root and issuing the following commands: @@ -231,22 +231,22 @@ following commands: ``mattermost`` database by following the instructions given in :ref: `mysql_grants`. - Insufficient User Privileges +Insufficient User Privileges ---------------------------- - If the database exists and the username and password are correct, the +If the database exists and the username and password are correct, the ``mmuser`` may not have sufficient rights to access the ``mattermost`` database. If this is the case, you may see an error message such as: :: - [2017/09/20 17:20:53 EDT] [INFO] Pinging SQL master database + [2017/09/20 17:20:53 EDT] [INFO] Pinging SQL master database [2017/09/20 17:20:53 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1044: Access denied for user 'mmuser'@'%' to database 'mattermost **Note** - Examine the error message closely. The user name displayed in the + Examine the error message closely. The user name displayed in the error message is the user identified in the ``DataSource`` element of the ``/opt/mattermost/config/config.jason`` file. For example, if the error message reads @@ -254,14 +254,14 @@ database. If this is the case, you may see an error message such as: that you have misidentified the user as ``muser`` in the ``config.jason`` file. - You can check if the user ``mmuser`` has access to the ``mattermost`` +You can check if the user ``mmuser`` has access to the ``mattermost`` database by logging in to MySQL as ``mmuser`` and issuing the command: ``show databases;``. If this user does not have rights to view the ``mattermost`` database, you will not see it in the output. :: - +--------------------+ + +--------------------+ | Database | +--------------------+ | information_schema | @@ -272,11 +272,11 @@ database by logging in to MySQL as ``mmuser`` and issuing the command: **Granting Privileges to mmuser** - If the ``mattermost`` database exists and ``mmuser`` cannot view it, +If the ``mattermost`` database exists and ``mmuser`` cannot view it, exit from MySQL and then log in again as root. Issue the command ``grant all privileges on mattermost.* to 'mmuser'@'%';`` to grant all rights on ``mattermost`` to ``mmuser``. - Restart the Mattermost server by navigating to the +Restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. From b978527af3d914dd2bd9f29734b559ab121c49e8 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:48:16 +0530 Subject: [PATCH 10/35] proper word formatting r/mattermost/``mattermost`` Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 2718d484d20..a141bca2b59 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -90,7 +90,7 @@ After creation of the database, attempt to restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. -**The mattermost Database Exists** +**The ``mattermost`` Database Exists** If the ``mattermost`` database does exist, confirm that you have defined the database driver correctly in the From c8410ac19cd61269f810ab45154060d210016373 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:48:48 +0530 Subject: [PATCH 11/35] fix rst formatting r/**Note**/.. note:: Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index a141bca2b59..7cd6f66ed3c 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -118,7 +118,7 @@ prompt by issuing the command You may also have specified an IP address rather than the wild card ``%``. - **Note** +.. note:: A MySQL user is fully defined by their username and the host that they access MySQL from. These elements are separated by the ``@`` From 92dcf3f548782b9f894ec013c1975c53996a22d6 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:49:15 +0530 Subject: [PATCH 12/35] left shift line Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 7cd6f66ed3c..db19c744b27 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -120,7 +120,7 @@ You may also have specified an IP address rather than the wild card .. note:: - A MySQL user is fully defined by their username and the host that + A MySQL user is fully defined by their username and the host that they access MySQL from. These elements are separated by the ``@`` sign. The ``%`` character is a wild card indicating that the user can access MySQL from any IP address. If the user you created From 4c35c08639d380c16e6286ebe8779270e9adc117 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:49:44 +0530 Subject: [PATCH 13/35] proper code tag formatting r/mmuser/``mmuser`` Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index db19c744b27..96e0cb95d18 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -136,7 +136,7 @@ will see an error such as: [2017/09/20 17:06:18 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) - **Checking that mmuser Exists** + **Checking that ``mmuser`` Exists** To check that this user exists log in to MySQL as root: ``mysql -u root -p``. From 0d1434b7f4addcbfceb3c8b8fe1edb448e60d0c4 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:49:54 +0530 Subject: [PATCH 14/35] add comma Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 96e0cb95d18..fa4b915085e 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -138,7 +138,7 @@ will see an error such as: **Checking that ``mmuser`` Exists** - To check that this user exists log in to MySQL as root: + To check that this user exists, log in to MySQL as root: ``mysql -u root -p``. When prompted, enter the root password that you created when installing From 3bada9c70ae02fdc9bf57b86184f55d15fad7544 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:51:17 +0530 Subject: [PATCH 15/35] fix rst formatting for word r/config.jason/``config.jason`` Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index fa4b915085e..cb7ca216929 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -195,7 +195,7 @@ incorrect password displays an error message such as the following: [2017/09/20 17:09:10 EDT] [EROR] Failed to ping DB retrying in 10 seconds err-Error 1045: Access denied for user 'mmuser'@'localhost' (using password: YES) - **The Password in config.jason** + **The Password in ``config.jason``** The DataSource element of the ``/opt/mattermost/config/config.jason`` file references the ``mmuser`` password. Open this file and search for From e40bf01a851bd511cdaeb27dea46827ac0bc490a Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 04:51:48 +0530 Subject: [PATCH 16/35] Update source/install/trouble_mysql.rst Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index cb7ca216929..8cc04072a92 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -218,7 +218,7 @@ login fails, you are not using the correct password. With a new database installation, the easiest solution for an unknown password is to remove the existing ``mmuser`` and then recreate that -user. You do this by logging in to MySQL as root and issuing the +user. You can do this by logging in to MySQL as root and issuing the following commands: 1. ``drop user mmuser;`` From b46a9fb3251e5bfbf8a91bd81a05a08a5980e149 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:10:56 +0530 Subject: [PATCH 17/35] Update source/install/trouble_mysql.rst Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index d669bfe01ba..53164fb618f 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -2,7 +2,7 @@ MySQL Installation Troubleshooting ================================== Before you can run the Mattermost server, you must first install and -configure a database. You start Mattermost by navigating to the +configure a database. You can start Mattermost by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. If the Mattermost server cannot connect to the database, it will fail to start. This section deals with From 9b4542d5b5e4a1cf4fc64b54977522560ef1cf3a Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:11:06 +0530 Subject: [PATCH 18/35] Update source/install/trouble_mysql.rst Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 53164fb618f..0ec9cec06e8 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -10,7 +10,7 @@ MySQL database issues that you may encounter when you start up Mattermost for the first time. How you install MySQL varies depending upon which Linux distribution you -use. But once MySQL is installed the configuration instructions are the +use. However, once MySQL is installed, the configuration instructions are the same. For all distributions you must create a ``mattermost`` database and a ``mattermost`` database user. Failure to create these database objects or improperly referencing them from the Mattermost configuration From 48b4747af6dc02c792c9d603fc3f815a7934d6ad Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:11:22 +0530 Subject: [PATCH 19/35] add comma Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 0ec9cec06e8..de55d937382 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -18,7 +18,7 @@ file, ``/opt/mattermost/config/config.json``, causes Mattermost to fail. The troubleshooting tips given here deal with these specific issues. -Before proceeding confirm that your MySQL server is running. You can do +Before proceeding, confirm that your MySQL server is running. You can do this by issuing the command: ``mysqladmin -u root -p status``. When prompted, enter your password. If MySQL is running you should see output like the following: From 29c1777d5e650d080a760bef793d5461638f287c Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:11:33 +0530 Subject: [PATCH 20/35] add colon Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index de55d937382..f1c731db6c3 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -19,7 +19,7 @@ fail. The troubleshooting tips given here deal with these specific issues. Before proceeding, confirm that your MySQL server is running. You can do -this by issuing the command: ``mysqladmin -u root -p status``. When +this by issuing the command ``mysqladmin -u root -p status``. When prompted, enter your password. If MySQL is running you should see output like the following: From 2bb38ea3d73cb17071e2e1f3741fb3062bea21c0 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:12:27 +0530 Subject: [PATCH 21/35] r/manipulating/manipulate Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index f1c731db6c3..94f8c0d165f 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -35,7 +35,7 @@ your distribution. Some of the commands used in this section alter the database. **Use these commands only if your Mattermost installation has failed.** Do - not directly manipulating the MySQL database for a working + not directly manipulate the MySQL database for a working Mattermost installation. The ``mattermost`` Database From 5e75c3b3d5f85d0101026cea632a57229ad9381d Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:13:28 +0530 Subject: [PATCH 22/35] add period (.) Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 94f8c0d165f..907a9cfb65e 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -84,7 +84,7 @@ If the ``mattermost`` database doesn't exist, create a database named ``create database mattermost;``. If you accidentally created a database with the wrong name, you can -remove it by issuing the command: :samp:`drop database {misnamed};` +remove it by issuing the command: :samp:`drop database {misnamed};`. After creation of the database, attempt to restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the From 56e4eb97fbff515d9842e07bf80e86f0f16ca343 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:13:45 +0530 Subject: [PATCH 23/35] r/creation/creating Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 907a9cfb65e..282d8fe3f3b 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -86,7 +86,7 @@ If the ``mattermost`` database doesn't exist, create a database named If you accidentally created a database with the wrong name, you can remove it by issuing the command: :samp:`drop database {misnamed};`. -After creation of the database, attempt to restart the Mattermost server +After creating of the database, attempt to restart the Mattermost server by navigating to the ``/opt/mattermost/bin`` directory and entering the command ``sudo -u mattermost ./platform``. From 4d54b19f49abcbce14d458345aaac8b94cef3156 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:14:00 +0530 Subject: [PATCH 24/35] Update source/install/trouble_mysql.rst Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 282d8fe3f3b..bbf55150ac1 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -111,7 +111,7 @@ the ``/opt/mattermost/bin`` directory and entering the command The Database User ----------------- -During installation you create a MySQL database user from the *mysql* +During the installation you should create a MySQL database user from the *mysql* prompt by issuing the command :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The ``mmuser-password`` value is a placeholder for the password you chose. From d253978fb8ceb813e512ba1926716f18edf4536d Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:14:23 +0530 Subject: [PATCH 25/35] add colon Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index bbf55150ac1..fc88143ce2d 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -144,7 +144,7 @@ To check that this user exists, log in to MySQL as root: When prompted, enter the root password that you created when installing MySQL. From the ``mysql`` prompt enter the command ``select User, Host from mysql.user;``. You should see something -like the following +like the following: :: From 904e24c4dbede26467bd173286e6754101cbe076 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:14:45 +0530 Subject: [PATCH 26/35] r/It's/Its Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index fc88143ce2d..410eb2fec14 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -173,7 +173,7 @@ After creating a user, ensure that this user has rights to the If the user ``mmuser`` exists, the DataSource element of the ``/opt/mattermost/config/config.json`` file may be incorrect. Open this -file and search for ``DataSource``. It's value should be: +file and search for ``DataSource``. Its value should be: :: From 6d1faf4cf8b76dca1eada50086a69a2c9993b3c7 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:14:59 +0530 Subject: [PATCH 27/35] r/recreate/recreating Co-Authored-By: amyblais --- source/install/trouble_mysql.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 410eb2fec14..6d64e093f2b 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -217,7 +217,7 @@ log in to MySQL as ``mmuser`` by issuing the command login fails, you are not using the correct password. With a new database installation, the easiest solution for an unknown -password is to remove the existing ``mmuser`` and then recreate that +password is to remove the existing ``mmuser`` and then recreating that user. You can do this by logging in to MySQL as root and issuing the following commands: From 0cf1f37251eadabbcf3ff948396098db9ccd2a74 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 28 May 2019 19:22:17 +0530 Subject: [PATCH 28/35] few more formatting fixes --- source/install/trouble_mysql.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index 6d64e093f2b..a56b4404ad0 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -42,8 +42,8 @@ The ``mattermost`` Database ----------------------- The database created during installation is named ``mattermost``. If you -fail to create this database or you misname it, when you attempt to -start the Mattermost server you will see an error such as: +fail to create this database or you misname it, you will see an error such +as the following when you attempt to start the Mattermost server: :: @@ -113,6 +113,7 @@ The Database User During the installation you should create a MySQL database user from the *mysql* prompt by issuing the command + :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The ``mmuser-password`` value is a placeholder for the password you chose. You may also have specified an IP address rather than the wild card @@ -163,6 +164,7 @@ like the following: If ``'mmuser'@'%'`` does not exist, create this user by logging into MySQL as root and issuing the command: + :samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. After creating a user, ensure that this user has rights to the From 9bc63b774a821053f46356395b16ccfd4a78445a Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Wed, 29 May 2019 19:23:07 +0530 Subject: [PATCH 29/35] Moved the word on separate line --- source/install/trouble_mysql.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source/install/trouble_mysql.rst b/source/install/trouble_mysql.rst index a56b4404ad0..48e7c3419e8 100644 --- a/source/install/trouble_mysql.rst +++ b/source/install/trouble_mysql.rst @@ -114,8 +114,9 @@ The Database User During the installation you should create a MySQL database user from the *mysql* prompt by issuing the command -:samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. The -``mmuser-password`` value is a placeholder for the password you chose. +:samp: `create user 'mmuser'@'%' identified by '{mmuser-password}';`. + +The ``mmuser-password`` value is a placeholder for the password you chose. You may also have specified an IP address rather than the wild card ``%``. From 2f72bc2cb12cabdaa6c4f309732c6ba5e4bba0b2 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Wed, 29 May 2019 21:48:12 +0530 Subject: [PATCH 30/35] Add trouble_mysql.rst in table of contents --- source/guides/administrator.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/source/guides/administrator.rst b/source/guides/administrator.rst index d891dbfa618..69578369ed2 100644 --- a/source/guides/administrator.rst +++ b/source/guides/administrator.rst @@ -40,6 +40,7 @@ Learn how to get Mattermost running on your environment. /install/deploy-cloudron* Installing Mattermost Team Edition in GitLab Helm Chart /install/troubleshooting* + /install/trouble_mysql.rst /install/desktop* /install/desktop-msi-gpo* /install/smtp* From b003f0a63fed3103bad3cd584c83a9049f9ff50b Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Fri, 31 May 2019 00:51:10 +0530 Subject: [PATCH 31/35] @jasonblais review comments/fixes --- source/administration/config-settings.rst | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 428951e568c..37ddefb6465 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -1604,6 +1604,8 @@ Set the number of days from the last time a user entered their credentials to th After changing this setting, the new session length will take effect after the next time the user enters their credentials. +This defines the SAML session length. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionLengthWebInDays" : 180`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1624,6 +1626,8 @@ Set the number of days from the last time a user entered their credentials to th After changing this setting, the setting will take effect after the next time the user enters their credentials. +If the authentication method is SAML, this defines the SAML session length. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1642,6 +1646,8 @@ The number of minutes from the last time a user was active on the system to the Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. +This defines the SAML session length. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -3752,18 +3758,6 @@ Specify the color of the SAML login button for white labeling purposes. Use a he | This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | +-------------------------------------------------------------------------------------------------------------------------------+ -SAML session lengths -^^^^^^^^^^^^^^^^^^^^^^ - -SAML session length is defined per - -- ``url`` : ``environment/session_lengths`` -- ``title`` : ``admin.sidebar.sessionLengths`` -- ``type`` : ``TYPE_NUMBER`` -- ``label`` : ``mobileSessionDays`` -- ``help_text`` : ``admin.service.ssoSessionDaysDesc`` -- ``placeholder``: ``sessionIdleTimeout`` - Login Button Border Color ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. From d99ca634d0031dbfd289c1d4b5c1c83f5ae3b43a Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 4 Jun 2019 05:41:07 -0600 Subject: [PATCH 32/35] SAML Session length doc fixes - @jasonblais --- source/administration/config-settings.rst | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 37ddefb6465..3ae94daa611 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -1604,8 +1604,6 @@ Set the number of days from the last time a user entered their credentials to th After changing this setting, the new session length will take effect after the next time the user enters their credentials. -This defines the SAML session length. - +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionLengthWebInDays" : 180`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -1632,6 +1630,18 @@ If the authentication method is SAML, this defines the SAML session length. | This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Session length for SSO authentication (days) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defines the session length for SSO authentication, such as GitLab and SAML. + +Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML or GitLab, the user may automatically be logged back in to Mattermost if they are already logged in to SAML or GitLab. + +After changing this setting, the setting will take effect after the next time the user enters their credentials. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Session Cache (minutes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Set the number of minutes to cache a session in memory. @@ -1646,8 +1656,6 @@ The number of minutes from the last time a user was active on the system to the Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. -This defines the SAML session length. - +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From 59008e478652af4fa493d5f580a581e12c422d16 Mon Sep 17 00:00:00 2001 From: amyblais Date: Wed, 5 Jun 2019 10:57:29 -0400 Subject: [PATCH 33/35] Update config-settings.rst --- source/administration/config-settings.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 3ae94daa611..9d4b5a1279c 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -1657,7 +1657,7 @@ The number of minutes from the last time a user was active on the system to the Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | +| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ________ From 4e7081a22a293981549ed45281ec7155edca9d2b Mon Sep 17 00:00:00 2001 From: amyblais Date: Wed, 5 Jun 2019 11:01:33 -0400 Subject: [PATCH 34/35] Update config-settings.rst --- source/administration/config-settings.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index 9d4b5a1279c..e55a6db02f5 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -1638,6 +1638,7 @@ This setting defines the session length for SSO authentication, such as GitLab a Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML or GitLab, the user may automatically be logged back in to Mattermost if they are already logged in to SAML or GitLab. After changing this setting, the setting will take effect after the next time the user enters their credentials. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From 0af57098ab097a72e9b9646d56ef847c72cc8639 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 18 Jun 2019 03:16:32 +0530 Subject: [PATCH 35/35] Separate config-settings.rst, merge recent commits @amyblais --- source/administration/config-settings.rst | 4634 +++++++++++---------- 1 file changed, 2336 insertions(+), 2298 deletions(-) diff --git a/source/administration/config-settings.rst b/source/administration/config-settings.rst index e55a6db02f5..ae02d6ecf3f 100644 --- a/source/administration/config-settings.rst +++ b/source/administration/config-settings.rst @@ -1,6 +1,9 @@ Configuration Settings ====================== +.. note:: + The order of the configuration settings below are reflective of a reorganization of the System Console in v5.12 released on June 16th, 2019. To view the configuration settings based on the organization of the System Console in versions prior to v5.12, please see this `documentation `_. + Mattermost configuration settings are maintained in the configuration file ``config.json``, located in the ``mattermost/config`` directory. You can modify the configuration file using the System Console, or by using a text editor to modify it directly. The default location of ``config.json`` is in the ``mattermost/config`` directory. Mattermost must have write permissions to ``config.json``, otherwise changes made in the System Console will have no effect. @@ -26,12 +29,68 @@ For any setting that is not set in ``config.json`` or in environment variables, :local: :backlinks: entry -General +About ------- -General settings for server configuration, language defaults, user and team management, privacy, compliance reporting and logs. +Settings for managing the edition and license for Mattermost Enterprise Edition. + +Edition and License +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Edition +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +View the edition of the Mattermost deployment. + +License +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +View subscription details including the number of users and expiry date of your Mattermost License. + +License Key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Upload or remove license files. For more information on Mattermost Licensing, please see our `frequently asked questions about licensing `_. + +Reporting +--------- +View statistics for your overall deployment and specific teams as well as access server logs. + +Site Statistics +~~~~~~~~~~~~~~~~~~~~~~~~~ +View statistics on active users, teams, channels, sessions, webhooks, and connections. + +Team Statistics +~~~~~~~~~~~~~~~~~~~~~~~~~ +View statistics per team on number of active users, as well as public and private channels. + +Server Logs +~~~~~~~~~~~~~~~~~~~~~~~~~ +View logging of server-side events. + +User Management +--------------- +Settings for managing users, user access, and permissions. + +Users +~~~~~~~~~~~~~~~~~~~~~~~~~ +View and manage active and inactive users. + +Groups +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* + +Groups offers admins a way to manage default teams and channels by linking AD/LDAP groups to Mattermost groups. See `Groups documentation `__ for more details. -Configuration +Permissions ~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E10 and higher* + +Advanced permissions offers Admins a way to restrict actions in Mattermost to authorized users only. See `permissions documentation `__ for more details. + +Environment +----------- +Settings for configuring the network environment in which Mattermost is deployed. + +Web Server +~~~~~~~~~~~~~~~~~~~~~~~~~ +Changing properties in this section will require a server restart before taking effect. Site URL ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -46,10 +105,12 @@ If Site URL is not set, the following features will operate incorrectly: - email notifications will contain broken links, and email batching will not work - authentication via OAuth 2.0, including GitLab, Google and Office 365, will fail - plugins may not work as expected + +Changes to this setting require a server restart before taking effect. -+----------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SiteURL": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SiteURL": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ Listen Address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -60,6 +121,8 @@ If you choose a port of a lower level (called "system ports" or "well-known port On Linux you can use: ``sudo setcap cap_net_bind_service=+ep ./bin/mattermost`` to allow Mattermost to bind to well-known ports. +Changes to this setting require a server restart before taking effect. + +-------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ListenAddress": ":8065"`` with string input | +-------------------------------------------------------------------------------------------+ @@ -70,6 +133,8 @@ Forward port 80 to 443 **False**: When using a proxy such as NGINX in front of Mattermost this setting is unnecessary and should be set to `false`. +Changes to this setting require a server restart before taking effect. + +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"Forward80To443": false`` with options ``true`` and ``false`` for above settings respectively. | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -81,6 +146,8 @@ Connection Security **TLS**: Encrypts the communication between Mattermost and your server. See `documentation `__ for more details. +Changes to this setting require a server restart before taking effect. + +---------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""`` and ``TLS`` for the above settings respectively | +---------------------------------------------------------------------------------------------------------------------------------------------+ @@ -89,6 +156,8 @@ TLS Certificate File ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The path to the certificate file to use for TLS connection security. +Changes to this setting require a server restart before taking effect. + +------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"TLSCertFile": ""`` with string input | +------------------------------------------------------------------------------------+ @@ -97,6 +166,8 @@ TLS Key File ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The path to the TLS key file to use for TLS connection security. +Changes to this setting require a server restart before taking effect. + +-----------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"TLSKeyFile": ""`` with string input | +-----------------------------------------------------------------------------------+ @@ -107,6 +178,8 @@ Use Let's Encrypt **False**: Manual certificate specification based on the **TLS Certificate File** and **TLS Key File** specified above. +Changes to this setting require a server restart before taking effect. + +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"UseLetsEncrypt": false`` with options ``true`` and ``false`` for above settings respectively. | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -118,6 +191,8 @@ Let's Encrypt Certificate Cache File ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The path to the file where certificates and other data about the Let's Encrypt service will be stored. +Changes to this setting require a server restart before taking effect. + +-----------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache"`` with string input. | +-----------------------------------------------------------------------------------------------------------------------------------+ @@ -126,6 +201,8 @@ Read Timeout ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Maximum time allowed from when the connection is accepted to when the request body is fully read. +Changes to this setting require a server restart before taking effect. + +-------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"ReadTimeout": 300`` with string input | +-------------------------------------------------------------------------------------+ @@ -134,6 +211,8 @@ Write Timeout ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If using HTTP (insecure), this is the maximum time allowed from the end of reading the request headers until the response is written. If using HTTPS, it is the total time from when the connection is accepted until the response is written. +Changes to this setting require a server restart before taking effect. + +--------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"WriteTimeout": 300`` with string input | +--------------------------------------------------------------------------------------+ @@ -150,7 +229,9 @@ Set to false to disable all version 3 endpoints of the REST API. Integrations th Webserver Mode ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -gzip compression applies to the HTML, CSS, Javascript, and other static content files that make up the Mattermost web client. It is recommended to enable gzip to improve performance unless your environment has specific restrictions, such as a web proxy that distributes gzip files poorly. This setting requires a server restart to take effect. +gzip compression applies to the HTML, CSS, Javascript, and other static content files that make up the Mattermost web client. It is recommended to enable gzip to improve performance unless your environment has specific restrictions, such as a web proxy that distributes gzip files poorly. + +Changes to this setting require a server restart before taking effect. **gzip**: The Mattermost server will serve static files compressed with gzip to improve performance. @@ -158,29 +239,46 @@ gzip compression applies to the HTML, CSS, Javascript, and other static content **Disabled**: The Mattermost server will not serve static files. +Changes to this setting require a server restart before taking effect. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"WebserverMode": "gzip"`` with options ``gzip``, ``uncompressed`` and ``disabled`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Enable Insecure Outgoing Connections +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Outgoing HTTPS requests can accept unverified, self-signed certificates. For example, outgoing webhooks to a server with a self-signed TLS certificate, using any domain, will be allowed. + +**False**: Only secure HTTPS requests are allowed. + +Security note: Enabling this feature makes these connections susceptible to man-in-the-middle attacks. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableInsecureOutgoingConnections": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Reload Configuration from Disk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ *Available in Enterprise Edition E20* This button resets the configuration settings by reloading the settings from the disk. The server will still need to be restarted if a setting requiring server restart was changed. -The workflow for failover without downing the server is to change the database line in the config.json file, click **Reload Configuration from Disk** then click **Recycle Database Connections** in the Advanced > Database section. +The workflow for failover without downing the server is to change the database line in the config.json file, click **Reload Configuration from Disk** then click **Recycle Database Connections** in the **Advanced > Database section**. Purge All Caches ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This button purges all the in-memory caches for sessions, accounts and channels. Deployments using High Availability will attempt to purge all the servers in the cluster. Purging the caches may adversely impact performance. -________ - -Localization +Database ~~~~~~~~~~~~~~~~~~~~~~~~~ + +Changes to properties in this section will require a server restart before taking effect. + Default Server Language ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Default language for system messages and logs. Changing this will require a server restart before taking effect. +Default language for system messages and logs. + +Changes to this setting require a server restart before taking effect. +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"DefaultServerLocale": "en"`` with options ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | @@ -194,473 +292,606 @@ Default language for newly created users and pages where the user hasn't logged | This feature's ``config.json`` setting is ``"DefaultClientLocale": "en"`` with options ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | +-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Available Languages +Driver Name ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Sets which languages are available for users in **Account Settings** > **Display** > **Languages**. Leave the field blank to add new languages automatically by default, or add new languages using the dropdown menu manually as they become available. If you're manually adding new languages, the **Default Client Language** must be added before saving the setting. +This setting can only be changed from ``config.json`` file, it cannot be changed from the System Console user interface. -.. note:: - Servers which upgraded to v3.1 need to manually set this field blank to have new languages added by default. +``mysql``: enables driver to MySQL database. -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AvailableLocales": ""`` with options ``""``, ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +``postgres``: enables driver to PostgreSQL database. -________ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DriverName": "mysql"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Users and Teams -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable Account Creation +Data Source ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Ability to create new accounts is enabled via inviting new members or sharing the team invite link. +This is the connection string to the master database. When **DriverName** is set to ``postgres``, use a connection string in the form ``postgres://mmuser:password@localhost:5432/mattermost_test?sslmode=disable&connect_timeout=10``. This setting can only be changed from ``config.json`` file. -**False**: Ability to create accounts is disabled. The **Create Account** button displays an error when trying to signup via an email invite or team invite link. +.. note:: + To enable SSL, add ``&tls=true`` to your database connection string if your SQL driver supports it. Add ``&tls=skip-verify`` if you use self-signed certificates. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserCreation": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"DataSource": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Account Deactivation +Maximum Idle Connections ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Ability for users to deactivate their own account from **Account Settings > Advanced**. If a user deactivates their own account, they will get an email notification confirming they were deactivated. - -**False**: Ability for users to deactivate their own account is disabled. +Maximum number of idle connections held open to the database. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserDeactivation": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"MaxIdleConns": 10`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Team Creation +Maximum Open Connections ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* +Maximum number of open connections held open to the database. -**True**: Ability to create a new team is enabled for all users. ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxOpenConns": 10`` with whole number input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Only System Administrators can create teams from the team selection page. The **Create A New Team** button is hidden in the main menu UI. +Query Timeout +^^^^^^^^^^^^^^^^^ +The number of seconds to wait for a response from the database after opening a connection and sending the query. Errors that you see in the UI or in the logs as a result of a query timeout can vary depending on the type of query. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTeamCreation": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"QueryTimeout": 30`` with whole number input. | ++-------------------------------------------------------------------------------------------------------------------------+ -Max Users Per Team -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Maximum number of users per team, excluding inactive users. +Maximum Connection Lifetime +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Maximum lifetime for a connection to the database, in milliseconds. Use this setting to configure the maximum amount of time a connection to the database may be reused. Defaults to an hour (3,600,000 milliseconds). ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnMaxLifetimeMilliseconds": 3600000`` with whole number input. | ++-------------------------------------------------------------------------------------------------------------------------+ -The **Max Users Per Team** refers to the size of the "team site" which is workspace a "team of people" inhabits. A team of people is considered a small organization where people work closely together towards a specific shared goal and share the same etiquette. In the physical world, a team of people could typically be seated around a single table to have a meal and discuss their project. +Minimum Hashtag Length +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Minimum number of characters in a hashtag. This must be greater than or equal to 2. MySQL databases must be configured to support searching strings shorter than three characters, see `documentation `_. -The default maximum of 50 people, is at the extreme high end of a single team of people. At this point organizations are more often "multiple teams of people" and investments in explicitly defining etiquette, such as `channel organization `__ or turning on `policy features `__ in Enterprise Edition, are often used to scale the high levels of productivity found in a team of people using Mattermost to multiple teams of people. ++-------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MinimumHashtagLength": 3`` with whole number input. | ++-------------------------------------------------------------------------------------------------------------------------+ -In terms of technical performance, `with appropriate hardware, Mattermost can easily scale to hundreds and even thousands of users `__, and provided the administrator believes the appropriate etiquette is in place, they should feel free to increase the default value. +At Rest Encrypt Key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +A 32-character key for encrypting and decrypting sensitive fields in the database. You can generate your own cryptographically random alphanumeric string, or you can go to **System Console > Environment > Database** and click **Regenerate**, which displays the value until you click **Save**. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxUsersPerTeam": 50`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +When using High Availability, the salt must be identical in each instance of Mattermost. -Max Channels Per Team ++------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AtRestEncryptKey": ""`` with string input. | ++------------------------------------------------------------------------------------------+ + +Trace ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Executing SQL statements are written to the log for development. -Maximum number of channels per team, including both active and deleted channels. +**False**: SQL statements are not written to the log. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxChannelsPerTeam": 2000`` with whole number input.                                                                    | +| This feature's ``config.json`` setting is ``"Trace": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Max Notifications Per Channel +Recycle Database Connections ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E20* -Maximum total number of users in a channel before @all, @here, and @channel no longer send notifications to maximize performance. +This button reconnects to the database listed in the configuration settings. All old connections are closed after 20s. -If you want to increase this value, the recommendation is to increase it a little at a time and monitor system health with `performance monitoring metrics `__. We also recommend only increasing this value if large channels have restricted permissions for who can post to the channel (for instance, a read-only Town Square channel). +The workflow for failover without downing the server is to change the database line in the config.json file, click **Reload Configuration from Disk** in the **Environment > Database** section, then click **Recycle Database Connections**. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxNotificationsPerChannel": 1000`` with whole number input.                                                                    | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Elasticsearch +~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* -Show @channel and @all confirmation dialog -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Changes to properties in this section will require a server restart before taking effect. -**True**: Users will be prompted to confirm when posting @channel and @all in channels with over five members. +Enable Elasticsearch Indexing +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True:** indexing of new posts occurs automatically. Search queries will use database search until "Enable Elasticsearch for search queries" is enabled. `Learn more about Elasticsearch in our documentation `__. -**False**: No confirmation is required. +**False:** Elasticsearch indexing is disabled and new posts are not indexed. If indexing is disabled and re-enabled after an index is created, it is recommended to purge and rebuild the index to ensure complete search results. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableConfirmNotificationsToChannel": true`` with options ``true`` and ``false`` for above settings respectively.              | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Restrict account creation to specified email domains -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Teams and user accounts can only be created by a verified email from this list of comma-separated domains (e.g. "corp.mattermost.com, mattermost.org"). +Server Connection Address +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. -This setting only affects email login. ++------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionUrl": ""`` with string input. | ++------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Server Username +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The username to authenticate to the Elasticsearch server. -Restrict Team Names -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Username": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ -*Removed in November 16th, 2016 release* +Server Password +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The password to authenticate to the Elasticsearch server. + ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Password": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------+ -**True**: Newly created team names cannot contain the following restricted words: www, web, admin, support, notify, test, demo, mail, team, channel, internal, localhost, dockerhost, stag, post, cluster, api, oauth. +Enable Cluster Sniffing +^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Sniffing finds and connects to all data nodes in your cluster automatically. -**False**: Newly created team names are not restricted. +**False**: Sniffing is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictTeamNames": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"Sniff": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable users to open Direct Message channels with -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Bulk Indexing +^^^^^^^^^^^^^^^^^^^^^^^^ +This button starts a bulk index of all existing posts in the database. If the indexing process is cancelled the index and search results will be incomplete. -**Any user on the Mattermost server**: The Direct Messages "More" menu has the option to open a Direct Message channel with any user on the server. +Purge Indexes +^^^^^^^^^^^^^^^^^^^^^^^^ +This button purges the entire Elasticsearch index. Typically only used if the index has corrupted and search is not behaving as expected. After purging the index a new index can be created with the **Bulk Index** button. -**Any member of the team**: The Direct Messages "More" menu only has the option to open a Direct Message channel with users on the current team, and CTRL/CMD+K channel switcher only lists users on the current team. If a user belongs to multiple teams, direct messages will still be received regardless of what team they are currently on. +Enable Elasticsearch for search queries +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Elasticsearch will be used for all search queries using the latest index. Search results may be incomplete until a bulk index of the existing post database is finished. -This setting only affects the UI, not permissions on the server. For instance, a Direct Message channel can be created with anyone on the server regardless of this setting. +**False**: Database search is used for search queries. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictDirectMessage": "any"`` with options ``any`` and ``team`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Allow Team Administrators to edit others posts -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*This permission is stored in the database and can be modified using the System Console user interface.* +Enable Elasticsearch for autocomplete queries +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Elasticsearch will be used for all autocompletion queries on users and channels using the latest index. Autocompletion results may be incomplete until a bulk index of the existing users and channels database is finished. -**True**: Team Administrators and System Administrators can edit other users' posts. +**False**: Database autocomplete is used. -**False**: Only System Administrators can edit other users' posts. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableAutocomplete": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. note:: -This setting is only available for Team Edition servers. Enterprise Edition servers can use `Advanced Permissions `__ to configure this permission. +File Storage +~~~~~~~~~~~~~~~~~~~~~~~~~ +Mattermost currently supports storing files on the local filesystem and Amazon S3 or S3 compatible containers. +.. note:: + We have tested Mattermost with `Minio `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. -Enable Team Directory +File Storage System ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in May 16th, 2016 release* -**True**: Teams that are configured to appear in the team directory will appear on the system main page. Teams can configure this setting from **Team Settings > Include this team in the Team Directory**. ++-------------------------+---------------------+ +| ``config.json`` setting | ``DriverName`` | ++-------------------------+---------------------+ +| Allowed Values | ``local`` (default) | +| | ``amazons3`` | ++-------------------------+---------------------+ -**False**: Team directory on the system main page is disabled. +This selects which file storage system is used, Local File System or Amazon S3. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTeamListing": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Local File System**: Files and images are stored in the specified local file directory. -Teammate Name Display -^^^^^^^^^^^^^^^^^^^^^ -Specifies how names are displayed in the user interface. +**Amazon S3**: Files and images are stored on Amazon S3 based on the provided access key, bucket and region fields. The ``amazons3`` driver is compatible with Minio (Beta) and Digital Ocean Spaces based on the provided access key, bucket and region fields. -**Show username**: Displays the user's username. +Local Storage Directory +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The local directory to which files are written when the File Storage System is set to ``local``. This is relative to the directory Mattermost is installed to and defaults to ``./data`` When File Storage System is set to S3 this setting has no effect. -**Show nickname if one exists**: Displays the user's nickname. If the user does not have a nickname, their full name is displayed. If the user does not have a full name, their username is displayed. ++-------------------------+--------------------------------------------------------------------------------------+ +| ``config.json`` setting | ``Directory`` | ++-------------------------+--------------------------------------------------------------------------------------+ +| Allowed Values | Any directory writeable by the user Mattermost is running as. Default is ``./data/`` | ++-------------------------+--------------------------------------------------------------------------------------+ -**Show first and last name**: Displays the user's full name. If the user does not have a full name, their username is displayed. Recommended when using SAML or LDAP if first name and last name attributes are configured. +Maximum File Size +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Maximum file size for message attachments entered in megabytes in the System Console UI. Converted to bytes in ``config.json`` at 1048576 bytes per megabyte. -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TeammateNameDisplay": "username"`` with options ``username``, ``nickname_full_name``, and ``full_name``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxFileSize": 52428800`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +.. warning:: Verify server memory can support your setting choice. Large file sizes increase the risk of server crashes and failed uploads due to network disruptions. -Policy -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Removed in June 16, 2018 release* +Amazon S3 Bucket +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The name of the bucket for your S3 compatible object storage instance. -Permission policy settings are available in Enterprise Edition E10 and E20. In v5.0 and later, these settings are found in the `Advanced Permissions `__ page instead of configuration settings. ++-------------------------+---------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Bucket`` | ++-------------------------+---------------------------------------------+ +| Allowed Values | A string with the S3-compatible bucket name | ++-------------------------+---------------------------------------------+ -Enable sending team invites from +Amazon S3 Region ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +AWS region you selected when creating your S3 bucket. If no region is set, Mattermost attempts to get the appropriate region from AWS, or sets it to 'us-east-1' if none found. For Minio or Digital Ocean Spaces leave this setting empty. -*Removed in June 16, 2018 release* ++-------------------------+---------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Region`` | ++-------------------------+---------------------------------------------+ +| Allowed Values | A string with the S3-compatible bucket name | ++-------------------------+---------------------------------------------+ -Set policy on who can invite others to a team using the **Send Email Invite**, **Get Team Invite Link**, and **Add Members to Team** options on the main menu. If **Get Team Invite Link** is used to share a link, you can expire the invite code from **Team Settings > Invite Code** after the desired users have joined the team. Options include: +Amazon S3 Access Key ID +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the access key ID. -**All team members**: Allows any team member to invite others using an email invitation, team invite link or by adding members to the team directly. ++-------------------------+---------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3AccessKeyId`` | ++-------------------------+---------------------------------------------------------------------+ +| Allowed Values | A string with the access key for the S3-compatible storage instance | ++-------------------------+---------------------------------------------------------------------+ -**Team and System Admins**: Hides the email invitation, team invite link, and the add members to team buttons in the Main Menu from users who are not Team Admins or System Admins. +Amazon S3 Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Hostname of your S3-compatible instance. Defaults to "s3.amazonaws.com". -**System Admins**: Hides the email invitation, team invite link, and add members to team buttons in the Main Menu from users who are not System Admins. +.. note:: + For Digital Ocean Spaces, the hostname should be set to ````.digitaloceanspaces.com, where ```` is the abbreviation for the region you chose when setting up the Space. It can be ``nyc3``, ``ams3``, or ``sgp1``. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictTeamInvite": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------+------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Endpoint`` | ++-------------------------+------------------------------------------------------------------+ +| Allowed Values | A string with the hostname of the S3-compatible storage instance | ++-------------------------+------------------------------------------------------------------+ -Enable public channel creation for +Amazon S3 Secret Access Key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The secret access key associated with your Amazon S3 Access Key ID. -*Removed in June 16, 2018 release* - -Restrict the permission level required to create public channels. ++-------------------------+----------------------------------------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SecretAccessKey`` | ++-------------------------+----------------------------------------------------------------------------+ +| Allowed Values | A string with the secret access key for the S3-compatible storage instance | ++-------------------------+----------------------------------------------------------------------------+ -**All team members**: Allow all team members to create public channels. +Enable Secure Amazon S3 Connections +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**Team Admins and System Admins**: Restrict creating public channels to Team Admins and System Admins. +**True**: Enables only secure Amazon S3 Connections. -**System Admins**: Restrict creating public channels to System Admins. +**False**: Allows insecure connections to Amazon S3. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelCreation": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------+--------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SSL`` | ++-------------------------+--------------------------------------------+ +| Allowed Values | ``true`` or ``false``, default is ``true`` | ++-------------------------+--------------------------------------------+ -Enable public channel renaming for +Enable Server-Side Encryption for Amazon S3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E20* -*Removed in June 16, 2018 release* - -Restrict the permission level required to rename and set the header or purpose for public channels. - -**All channel members**: Allow all channel members to rename public channels. - -**Channel Admins, Team Admins, and System Admins**: Restrict renaming public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. +**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. -**Team Admins and System Admins**: Restrict renaming public channels to Team Admins and System Admins who are members of the channel. +**False**: Doesn't encrypt files in Amazon S3. -**System Admins**: Restrict renaming public channels to System Admins who are members of the channel. +.. note:: + Server-Side Encryption only works with Amazon S3 -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelManagement": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------+---------------------------------------------+ +| ``config.json`` setting | ``AmazonS3SS3`` | ++-------------------------+---------------------------------------------+ +| Allowed Values | ``true`` or ``false``, default is ``false`` | ++-------------------------+---------------------------------------------+ -Enable public channel deletion for +Enable Amazon S3 Debugging ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: When true, log additional debugging information to the system logs. Typically set to `false` in production. -*Removed in June 16, 2018 release* +**False**: No Amazon S3 debugging information is included in the system logs. -Restrict the permission level required to delete public channels. Deleted channels can be recovered from the database using a `command line tool `__. ++-------------------------+---------------------------------------------+ +| ``config.json`` setting | ``AmazonS3Trace`` | ++-------------------------+---------------------------------------------+ +| Allowed Values | ``true`` or ``false``, default is ``false`` | ++-------------------------+---------------------------------------------+ -**All channel members**: Allow all channel members to delete public channels. +Test Connection +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Ensures that the user can access the server and that the settings are valid. -**Channel Admins, Team Admins, and System Admins**: Restrict deleting public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. +Image Proxy +~~~~~~~~~~~~~~~~~~~~~~~~~ -**Team Admins and System Admins**: Restrict deleting public channels to Team Admins and System Admins who are members of the channel. +Enable Image Proxy +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**System Admins**: Restrict deleting public channels to System Admins who are members of the channel. +When true, enables an image proxy for loading external images. The image proxy is used by the Mattermost apps to prevent them from connecting directly to remote servers. This anonymizes their connections and prevents them from accessing insecure content. -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPublicChannelDeletion": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +See the :doc:`documentation ` to learn more. -Enable private channel creation for -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ -*Removed in June 16, 2018 release* +Image Proxy Type +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Restrict the permission level required to create private channels. +The type of image proxy used by Mattermost. There are two options: -**All team members**: Allow all team members to create private channels. +**local**: The Mattermost server itself acts as the image proxy. This is the default option. -**Team Admins and System Admins**: Restrict creating private channels to Team Admins and System Admins. +**atmos/camo**: An external `atmos/camo `_ image proxy is used. -**System Admins**: Restrict creating private channels to System Admins. +See the `documentation `_ to learn more. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelCreation": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ImageProxyType": "local"``, with options ``local`` and ``atmos/camo`` for above settings respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable private channel renaming for +Remote Image Proxy URL ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in June 16, 2018 release* +The URL of the ``atmos/camo`` proxy. This setting is not needed when using the local image proxy. -Restrict the permission level required to rename and set the header or purpose for private channels. ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteImageProxyURL": ""`` with string input. | ++---------------------------------------------------------------------------------------------------------------------+ -**All channel members**: Allow all channel members to rename private channels. +Remote Image Proxy Options +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**Channel Admins, Team Admins, and System Admins**: Restrict renaming private channels to Channel Admins, Team Admins, and System Admins who are members of the private channel. +The URL signing key passed to an ``atmos/camo`` image proxy. This setting is not needed when using the local image proxy. -**Team Admins and System Admins**: Restrict renaming private channels to Team Admins and System Admins who are members of the private channel. +See the `documentation `_ to learn more. -**System Admins**: Restrict renaming private channels to System Admins who are members of the private channel. ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RemoteImageProxyOptions": ""`` with string input. | ++---------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManagement": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +SMTP +~~~~~~~~~~~~~~ -Enable managing of private channel members for +SMTP Server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Location of SMTP email server. -*Removed in June 16, 2018 release* ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPServer": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Set policy on who can add and remove members from private channels. +SMTP Server Port +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Port of SMTP email server. -**All team members**: Allow all team members to add and remove members. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPPort": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Team Admins, Channel Admins, and System Admins**: Allow only Team Admins, Channel Admins, and System Admins to add and remove members. +Enable SMTP Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**Team Admins, and System Admins**: Allow only Team Admins and System Admins to add and remove members. +**True**: SMTP username and password are used for authenticating to the SMTP server. -**System Admins**: Allow only System Admins to add and remove members. +**False**: Mattermost doesn't attempt to authenticate to the SMTP server. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManageMembers": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSMTPAuth": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable private channel deletion for +SMTP Server Username ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The username for authenticating to the SMTP server. -*Removed in June 16, 2018 release* ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPUsername": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Restrict the permission level required to delete private channels. Deleted channels can be recovered from the database using a `command line tool `__. +SMTP Server Password +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The password associated with the SMTP username. -**All channel members**: Allow all channel members to delete private channels. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SMTPPassword": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Channel Admins, Team Admins, and System Admins**: Restrict deleting private channels to Channel Admins, Team Admins, and System Admins who are members of the private channel. +.. _email-tls: -**Team Admins and System Admins**: Restrict deleting private channels to Team Admins and System Admins who are members of the private channel. +Connection Security +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +``None``: Send email over an unsecure connection. -**System Admins**: Restrict deleting private channels to System Admins who are members of the private channel. +``TLS``: Communication between Mattermost and your email server is encrypted. -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPrivateChannelDeletion": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +``STARTTLS``: Attempts to upgrade an existing insecure connection to a secure connection using TLS. -Allow which users to delete messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``TLS`` and ``STARTTLS`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -*Removed in June 16, 2018 release* +Skip Server Certificate Verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Restrict the permission level required to delete messages. Team Admins, Channel Admins, and System Admins can delete messages only in channels where they are members. Messages can be deleted anytime. +**True**: Mattermost will not verify the email server certificate. -**Message authors can delete their own messages, and Administrators can delete any message**: Allow authors to delete their own messages, and allow Team Admins, Channel Admins, and System Admins to delete any message. +**False**: Mattermost will verify the email server certificate. -**Team Admins and System Admins**: Allow only Team Admins and System Admins to delete messages. - -**System Admins**: Allow only System Admins to delete messages. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictPostDelete": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``false` and ``true`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Allow users to edit their messages +Enable Security Alerts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in June 16, 2018 release* - -Set the time limit that users have to edit their messages after posting. +**True**: Enable System Admins to be notified by email if a relevant security fix alert is announced. Requires email to be enabled. To learn more about this feature, see :doc:`telemetry`. -**Any time**: Allow users to edit their messages at any time after posting. +**False**: Security alerts are disabled. -**Never**: Do not allow users to edit their messages. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSecurityFixAlert": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**{n} seconds after posting**: Users can edit their messages within the specified time limit after posting. The time limit is applied using the config.json setting ``"PostEditTimeLimit"`` described below. +Push Notification Server +~~~~~~~~~~~~~~~~~~~~~~~~~ +Enable Push Notifications +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Your Mattermost server sends mobile push notifications to the server specified in **PushNotificationServer**. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowEditPost": "always"`` with options ``always``, ``never``, and ``time_limit`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Mobile push notifications are disabled. -Post edit time limit -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SendPushNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -When post editing is permitted, setting ``"PostEditTimeLimit": -1`` allows editing anytime, or setting ``"PostEditTimeLimit"`` to a positive integer restricts editing time in seconds. If post editing is disabled, this setting does not apply. +Push Notification Server +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Location of Mattermost Push Notification Service (MPNS), which re-sends push notifications from Mattermost to services like Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM). -+--------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PostEditTimeLimit": -1`` with whole number input. | -+--------------------------------------------------------------------------------------------------+ +To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__: -Privacy -~~~~~~~~~~~~~~~~~~~~~~~~~ -Settings to configure the name and email privacy of users on your system. +- For Enterprise Edition, enter ``https://push.mattermost.com`` for the push notification server hosted in the United States. If you prefer to use a push notification server hosted in Germany, enter ``https://hpns-de.mattermost.com/`` +- For Team Edition, enter ``https://push-test.mattermost.com`` -Show Email Address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Show email address of all users. +Please review full documentation on `push Notifications and mobile applications `__ including guidance on compiling your own mobile apps and MPNS before deploying to production. -**False**: Hide email address of users from other users in the user interface, including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Administrators will still be able to see email addresses in the UI. +.. note:: + The ``https://push-test.mattermost.com`` provided for testing push notifications prior to compiling your own service please make sure `to read about its limitations `_. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ShowEmailAddress": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"PushNotificationServer": "https://push-test.mattermost.com"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Show Full Name +Max Notifications Per Channel ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Show full name of all users. -**False**: hide full name of users from other users including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Administrators will still be able to see full names in the UI. +Maximum total number of users in a channel before @all, @here, and @channel no longer send notifications to maximize performance. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ShowFullName": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +If you want to increase this value, the recommendation is to increase it a little at a time and monitor system health with `performance monitoring metrics `__. We also recommend only increasing this value if large channels have restricted permissions for who can post to the channel (for instance, a read-only Town Square channel). -________ ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxNotificationsPerChannel": 1000`` with whole number input.                                                                    | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Compliance -~~~~~~~~~~~~~~~~~~~~~~~~~ +**Troubleshooting Push Notifications** + +To confirm push notifications are working: + +1. Go to **System Console > Notifications > Mobile Push > Send Push Notifications** and select **Use TPNS connection to send notifications to iOS and Android apps**. +2. Set **Push Notification Server** to *https://push.mattermost.com* if using Enterprise Edition. If using Team Edition, set the value to *https://push-test.mattermost.com*. +3. To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__ and log in to your team site. +4. Close the app on your device, and close any other connections to your team site. +5. Wait 5 minutes and have another team member send you a direct message, which should trigger a push notification to the Mattermost app on your mobile device. +6. You should receive a push notification on your device alerting you of the direct message. + +If you did not receive an alert: + +1. Set **System Console > General > Logging > File Log Level** to *DEBUG* (make sure to set this back to *INFO* after troubleshooting to save disk space). +2. Repeat the above steps. +3. Go to **System Console > Logs** and copy the log output into a file. +4. For Enterprise Edition customers, `submit a support request with the file attached `__. For Team Edition users, please start a thread in the `Troubleshooting forum `__ for peer-to-peer support. + +.. _high-availability: + +High Availability +~~~~~~~~~~~~~~~~~~ *Available in Enterprise Edition E20* -Settings used to enable and configure Mattermost compliance reports. +Changes to properties in this section will require a server restart before taking effect. -Enable Compliance Reporting -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Compliance reporting is enabled in Mattermost. +When High Availability mode is enabled, the System Console is set to read-only and settings can only be changed by editing the configuration file directly. However, for testing and validating a High Availability setup, you can set *ReadOnlyConfig* to ``false``, which allows changes made in the System Console to be saved back to the configuration file. -**False**: Compliance reporting is disabled. +To learn more about configuring High Availability, see `High Availability Cluster `_. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Enable High Availability Mode +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: The Mattermost Server will attempt inter-node communication with the other servers in the cluster that have the same Cluster Name. This sets the System Console to read-only mode to keep the servers ``config.json`` files in sync. -Compliance Report Directory -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Sets the directory where compliance reports are written. +**False**: Mattermost high availability is disabled. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./data/"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------+ -Enable Daily Report -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost generates a daily compliance report. +Cluster Name +^^^^^^^^^^^^ +The cluster to join by name. Only nodes with the same cluster name will join together. This is to support Blue-Green deployments or staging pointing to the same database. -**False**: Daily reports are not generated. ++------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ClusterName": ""`` with string input. | ++------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDaily": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Override Hostname +^^^^^^^^^^^^^^^^^ +If blank, Mattermost attempts to get the Hostname from the OS or use the IP Address. You can override the hostname of this server with this property. It is not recommended to override the Hostname unless needed. This property can also be set to a specific IP Address if needed. Also see `cluster discovery `_ for more details. -________ ++-----------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"OverrideHostname": ""`` with string input. | ++-----------------------------------------------------------------------------------------+ -Logging -~~~~~~~~~~~~~~~~~~~~~~~~~ -Output logs to console -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Use IP Address +^^^^^^^^^^^^^^ +**True**: The cluster attempts to communicate using the IP Address. -.. note:: - Logs are rotated once the log file reaches a size of 100 MB or more. +**False**: The cluster attempts to communicate using the hostname. -**True**: Output log messages to the console based on **ConsoleLevel** option. The server writes messages to the standard output stream (stdout). ++---------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseIpAddress": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------+ -**False**: Output log messages are not written to the console. +Use Experimental Gossip +^^^^^^^^^^^^^^^^^^^^^^^ +**True**: The server attempts to communicate via the gossip protocol over the gossip port. -Changing this setting requires a server restart before taking effect. +**False**: The server attempts to communicate over the streaming port. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableConsole": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Changes to this setting require a server restart before taking effect. -Console Log Level -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Level of detail at which log events are written to the console when **EnableConsole** = ``true``. +Note that the gossip port and gossip protocol are used to determine cluster health even when this setting is ``false``. -**DEBUG**: Prints high detail for developers debugging issues. ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseExperimentalGossip": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------+ -**ERROR**: Outputs only error messages. +Read Only Config +^^^^^^^^^^^^^^^^ +**True**: Changes made to settings in the System Console are ignored. -**INFO**: Outputs error messages and information around startup and initialization. +**False**: Changes made to settings in the System Console are written to ``config.json``. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConsoleLevel": "DEBUG"`` with options ``DEBUG``, ``ERROR`` and ``INFO`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +When running in production it is recommended to set this to true. -Output logs to file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Typically set to true in production. When true, logged events are written to the ``mattermost.log`` file in the directory specified by the **FileLocation** setting. The logs are archived to a file in the same directory, and given a name with a datestamp and serial number. For example, ``mattermost.2017-03-31.001``. ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReadOnlyConfig": true`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------+ -Changing this setting requires a server restart before taking effect. +Gossip Port +^^^^^^^^^^^ +The port used for the gossip protocol. Both UDP and TCP should be allowed on this port. + ++-------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"GossipPort": 8074`` with whole number input. | ++-------------------------------------------------------------------------------------------+ + +Streaming Port +^^^^^^^^^^^^^^ +The port used for streaming data between servers. **True**: Log files are written to files specified in **FileLocation**. -**False**: Log files are not written. ++----------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"StreamingPort": 8075`` with whole number input. | ++----------------------------------------------------------------------------------------------+ + +Inter-Node Listen Address +^^^^^^^^^^^^^^^^^^^^^^^^^ +*Deprecated. Not used in version 4.0 and later* + +The address the Mattermost Server will listen on for inter-node communication. When setting up your network you should secure the listen address so that only machines in the cluster have access to that port. This can be done in different ways, for example, using IPsec, security groups, or routing tables. + +Changes to this setting require a server restart before taking effect. +----------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"EnableFile": true`` with options ``true`` and ``false`` for above settings respectively. | @@ -668,907 +899,863 @@ Changing this setting requires a server restart before taking effect. Output console logs as JSON ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. Changing this setting requires a server restart before taking effect. +Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. -**True**: Logged events are written in a machine readable JSON format. ++-----------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"InterNodeListenAddress": ":8075"`` with string input. | ++-----------------------------------------------------------------------------------------------------+ -**False**: Logged events are written in plaint text. +Inter-Node URLs +^^^^^^^^^^^^^^^ +*Deprecated. Not used in version 4.0 and later* -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConsoleJson": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------+ +A list of all the machines in the cluster, separated by commas, for example, ``["http://10.10.10.2", "http://10.10.10.4"]``. It is recommended to use the internal IP addresses so all the traffic can be secured. -File Log Level -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Level of detail at which log events are written to log files when **EnableFile** = ``true``. +Changes to this setting require a server restart before taking effect. -**ERROR**: Outputs only error messages. ++--------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"InterNodeUrls": []`` with string input. | ++--------------------------------------------------------------------------------------+ -**INFO**: Outputs error messages and information around startup and initialization. +Rate Limiting +~~~~~~~~~~~~~~~~~~~~~~~~~ +Changes to properties in this section will require a server restart before taking effect. -**DEBUG**: Prints high detail for developers debugging issues. +Enable Rate Limiting +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: APIs are throttled at the rate specified by **PerSec**. + +**False**: APIs are not throttled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLevel": "INFO"`` with options ``DEBUG``, ``ERROR`` and ``INFO`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -File Log Directory +Maximum Queries per Second ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Throttle API at this number of requests per second if rate limiting is enabled. + The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. -Changing this setting requires a server restart before taking effect. +Changes to this setting require a server restart before taking effect. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileLocation": ""`` with string input. | +| This feature's ``config.json`` setting is ``"PerSec": 10`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Output file logs as JSON +Maximum Burst Size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. Changing this setting requires a server restart before taking effect. +Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. -**True**: Logged events are written in a machine readable JSON format. - -**False**: Logged events are written in plain text. +Maximum number of requests allowed beyond the per second query limit. -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FileJson": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MaxBurst": 100`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Webhook Debugging +Memory Store Size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Contents of incoming webhooks are printed to log files for debugging. +Maximum number of user sessions connected to the system as determined by **VaryByRemoteAddr** and **VaryByHeader** variables. -**False**: Contents of incoming webhooks are not printed to log files. +Typically set to the number of users in the system. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableWebhookDebugging": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"MemoryStoreSize": 10000`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Diagnostics and Error Reporting +Vary rate limit by remote address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Rate limit API access by IP address. Recommended to set to ``true`` if you're using a proxy. -**True**: To improve the quality and performance of future Mattermost updates, this option sends error reporting and diagnostic information to Mattermost, Inc. All diagnostics and error reporting is encrypted in transit and does not include personally identifiable information or message contents. To learn more about this feature, see :doc:`telemetry`. - -**False**: Diagnostics and error reporting are disabled. +**False**: Rate limiting does not vary by IP address. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDiagnostics": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"VaryByRemoteAddr": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Vary rate limit by user +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Rate limit API access by user authentication token. Recommended to set to ``true`` if you're using a proxy. -Advanced Permissions -------------------------------- -*Available in Enterprise Edition E10 and higher* +**False**: Rate limiting does not vary by user authentication token. -Advanced permissions offers Admins a way to restrict actions in Mattermost to authorized users only. See `permissions documentation `__ for more details. ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"VaryByUser": false`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Vary rate limit by HTTP header +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Vary rate limiting by HTTP header field specified (e.g. when configuring Ngnix set to "X-Real-IP", when configuring AmazonELB set to "X-Forwarded-For"). Recommended to be set if you're using a proxy. -Authentication -------------------------------- -Authentication settings to enable account creation and sign in with email, GitLab, Google or Office 365 OAuth, AD/LDAP, or SAML. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"VaryByHeader": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Email Authentication +Logging ~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable account creation with email +Output logs to console ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Allow team creation and account signup using email and password. +.. note:: + Logs are rotated once the log file reaches a size of 100 MB or more. -**False**: Email signup is disabled. This limits signup to single sign-on services like OAuth or AD/LDAP. +**True**: Output log messages to the console based on **ConsoleLevel** option. The server writes messages to the standard output stream (stdout). + +**False**: Output log messages are not written to the console. + +Changing this setting requires a server restart before taking effect. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSignUpWithEmail": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableConsole": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable sign-in with email +Console Log Level ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Level of detail at which log events are written to the console when **EnableConsole** = ``true``. -**True**: Mattermost allows account creation using email and password. +**DEBUG**: Prints high detail for developers debugging issues. -**False**: Sign in with email is disabled and does not appear on the login screen. Use this value when you want to limit sign up to a single sign-on service like AD/LDAP, SAML or GitLab. +**ERROR**: Outputs only error messages. + +**INFO**: Outputs error messages and information around startup and initialization. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSignInWithEmail": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"ConsoleLevel": "DEBUG"`` with options ``DEBUG``, ``ERROR`` and ``INFO`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable sign-in with username +Output console logs as JSON ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. -**True**: Mattermost allows users with email login to sign in using their username and password. This setting does not affect AD/LDAP login. - -**False**: Sign in with username is disabled and does not appear on the login screen. +**True**: Logged events are written in a machine readable JSON format. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EnableSignInWithUsername": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Logged events are written in plaint text. -________ +Changes to this setting require a server restart before taking effect. -OAuth 2.0 -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E10 and higher* ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ConsoleJson": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------+ -Settings to configure OAuth login for account creation and login. +Output logs to file +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Typically set to true in production. When true, logged events are written to the ``mattermost.log`` file in the directory specified by the **FileLocation** setting. The logs are archived to a file in the same directory, and given a name with a datestamp and serial number. For example, ``mattermost.2017-03-31.001``. -Select OAuth 2.0 service provider: -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Choose whether OAuth can be used for account creation and login. Options include: +**True**: Log files are written to files specified in **FileLocation**. - - **Do not allow sign-in via an OAuth 2.0 provider** - - **GitLab** (see `GitLab Settings `__ for more detail) - - **Google Apps** (see `Google Settings `__ for more detail) - - **Office 365 (Beta)** (see `Office 365 Settings `__ for more detail) +**False**: Log files are not written. -This feature's setting does not appear in ``config.json``. +Changes to this setting require a server restart before taking effect. -________ ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFile": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------+ -GitLab -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable authentication with GitLab +File Log Level ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Allow team creation and account signup using GitLab OAuth. To configure, input the **Secret** and **Id** credentials. - -**False**: GitLab OAuth cannot be used for team creation or account signup. +Level of detail at which log events are written to log files when **EnableFile** = ``true``. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**ERROR**: Outputs only error messages. -**Note**: For Enterprise, GitLab settigs can be found under **OAuth 2.0** +**INFO**: Outputs error messages and information around startup and initialization. -Application ID -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by logging into your GitLab account. Go to Profile Settings > Applications > New Application, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. +**DEBUG**: Prints high detail for developers debugging issues. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | +| This feature's ``config.json`` setting is ``"FileLevel": "INFO"`` with options ``DEBUG``, ``ERROR`` and ``INFO`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Application Secret Key +Output file logs as JSON ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by logging into your GitLab account. Go to Profile Settings > Applications > New Application, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. +Typically set to true in production. When true, logged events are written in a machine readable JSON format. Otherwise they are printed as plain text. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**True**: Logged events are written in a machine readable JSON format. -User API Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Enter ``https:///api/v3/user`` (example: ``https://example.com:3000/api/v3/user``). Use HTTP or HTTPS depending on how your server is configured. +**False**: Logged events are written in plain text. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Changes to this setting require a server restart before taking effect. -Auth Endpoint ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FileJson": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +File Log Directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Enter ``https:///oauth/authorize`` (example: ``https://example.com:3000/oauth/authorize``). Use HTTP or HTTPS depending on how your server is configured. +The location of the log files. If blank, they are stored in the ``./logs`` directory. The path that you set must exist and Mattermost must have write permissions in it. + +Changes to this setting require a server restart before taking effect. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": ""`` with string input. | +| This feature's ``config.json`` setting is ``"FileLocation": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Token Endpoint +Enable Webhook Debugging ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Enter ``https:///oauth/token`` (example: ``https://example.com:3000/oauth/token``). Use HTTP or HTTPS depending on how your server is configured. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**True**: Contents of incoming webhooks are printed to log files for debugging. -________ +**False**: Contents of incoming webhooks are not printed to log files. -Google -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableWebhookDebugging": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable authentication with Google by selecting ``Google Apps`` from **OAuth 2.0 > Select OAuth 2.0 service provider** +Enable Diagnostics and Error Reporting +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Allow team creation and account signup using Google OAuth. To configure, input the **Client ID** and **Client Secret** credentials. See `Documentation `__ for more detail. +**True**: To improve the quality and performance of future Mattermost updates, this option sends error reporting and diagnostic information to Mattermost, Inc. All diagnostics and error reporting is encrypted in transit and does not include personally identifiable information or message contents. To learn more about this feature, see :doc:`telemetry`. -**False**: Google OAuth cannot be used for team creation or account signup. +**False**: Diagnostics and error reporting are disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableDiagnostics": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Client ID +Session Lengths +~~~~~~~~~~~~~~~~~~~~~~~~~ +User sessions are cleared when a user tries to log in. Additionally, a job runs every 24 hours to clear sessions from the sessions database table. + +Session length for email and AD/LDAP authentication (days) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by registering Mattermost as an application in your Google account. +Set the number of days from the last time a user entered their credentials to the expiry of the user's session on email and AD/LDAP authentication. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +After changing this setting, the new session length will take effect after the next time the user enters their credentials. -Client Secret ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthWebInDays" : 180`` with whole number input. | ++--------------------------------------------------------------------------------------------------------------+ + +Session length for mobile apps (days) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by registering Mattermost as an application in your Google account. +Set the number of days from the last time a user entered their credentials to the expiry of the user's session on mobile apps. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +After changing this setting, the new session length will take effect after the next time the user enters their credentials. -User API Endpoint ++-------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionLengthMobileInDays" : 180`` with whole number input. | ++-------------------------------------------------------------------------------------------------------------+ + +Session length for SSO authentication (days) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://www.googleapis.com/plus/v1/people/me` as the User API Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML or GitLab, the user may automatically be logged back in to Mattermost if they are already logged in to SAML or GitLab. + +After changing this setting, the setting will take effect after the next time the user enters their credentials. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://www.googleapis.com/plus/v1/people/me"`` with string input. | +| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Auth Endpoint +Session Cache (minutes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://accounts.google.com/o/oauth2/v2/auth` as the Auth Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +Set the number of minutes to cache a session in memory. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth"`` with string input. | +| This feature's ``config.json`` setting is ``"SessionCacheInMinutes" : 10`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Token Endpoint +Session Idle Timeout (minutes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://www.googleapis.com/oauth2/v4/token` as the Token Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +The number of minutes from the last time a user was active on the system to the expiry of the user's session. Once expired, the user will need to log in to continue. Minimum is 5 minutes, and 0 is unlimited. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. -________ ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | ++-----------------------------------------------------------------------------------------------------------------+ -Office 365 +Performance Monitoring ~~~~~~~~~~~~~~~~~~~~~~~~~ *Available in Enterprise Edition E20* -.. note:: - In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. +Changes to properties in this section require a server restart before taking effect. +Enable Performance Monitoring +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost enables performance monitoring collection and profiling. Please see `documentation `__ to learn more about configuring performance monitoring for Mattermost. -Enable authentication with Office 365 by selecting ``Office 365 (Beta)`` from **OAuth 2.0 > Select OAuth 2.0 service provider** +**False**: Mattermost performance monitoring is disabled. -**True**: Allow team creation and account signup using Office 365 OAuth. To configure, input the **Application ID** and **Application Secret Password** credentials. See `Documentation `__ for more detail. ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Office 365 OAuth cannot be used for team creation or account signup. +Listen Address +^^^^^^^^^^^^^^^^^^ +The address the Mattermost server will listen on to expose performance metrics. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"InterNodeListenAddress": ":8067"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Application ID +Developer +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Enable Testing Commands ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. +**True**: `/test` slash command is enabled to load test accounts and test data. + +**False**: `/test` slash command is disabled. + +Changes to this setting require a server restart before taking effect. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableTesting": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Application Secret Password +Enable Developer Mode ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Obtain this value by registering Mattermost as an application in your Microsoft or Office account. +**True**: Javascript errors are shown in a purple bar at the top of the user interface. Not recommended for use in production. + +**False**: Users are not alerted to Javascript errors. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableDeveloper": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -User API Endpoint +Allow untrusted internal connections to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://graph.microsoft.com/v1.0/me` as the User API Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +This setting limits the ability for the Mattermost server to make untrusted requests within its local network. A request is considered "untrusted" when it's made on behalf of a client. The following features make untrusted requests and are affected by this setting: -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://graph.microsoft.com/v1.0/me"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +- Integrations using webhooks, slash commands or message actions. This prevents them from requesting endpoints within the local network. +- Link previews. When a link to a local network address is posted in a chat message, this prevents a link preview from being displayed. +- The `local image proxy `_. If the local image proxy is enabled, images located on the local network cannot be used by integrations or posted in chat messages. -Auth Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://accounts.google.com/o/oauth2/v2/auth` as the Auth Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +Requests that can only be configured by admins are considered trusted and will not be affected by this setting. Trusted URLs include ones used for OAuth login or for sending push notifications. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +.. warning:: + This setting is intended to prevent users located outside your local network from using the Mattermost server to request confidential data from inside your network. Care should be used when configuring this setting to prevent unintended access to your local network. -Token Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -It is recommended to use `https://login.microsoftonline.com/common/oauth2/v2.0/token` as the Token Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +Some examples of when you may want to modify this setting include: + +- When installing a plugin that includes its own images, such as `Matterpoll `__, you will need to add the Mattermost server's domain name to this list. +- When running a bot or webhook-based integration on your local network, you will need to add the hostname of the bot/integration to this list. +- If your network is configured in such a way that publicly accessible webpages or images are accessed by the Mattermost server using their internal IP address, the hostnames for those servers must be added to this list. + +This setting is a whitelist of local network addresses that can be requested by the Mattermost server. It is configured as a whitespace separated list of hostnames, IP addresses and CIDR ranges that can be accessed such as ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``. Since v5.9 the public IP of the Mattermost application server itself is also considered a reserved IP. + +IP address and domain name rules are applied before host resolution. CIDR rules are applied after host resolution. For example, if the domain "webhooks.internal.example.com" resolves to the IP address 10.0.16.20, a webhook with the URL "https://webhooks.internal.example.com/webhook" can be whitelisted using ``webhooks.internal.example.com`` or ``10.0.16.16/28``, but not ``10.0.16.20``. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token"`` with string input. | +| This feature's ``config.json`` setting is ``"AllowedUntrustedInternalConnections": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Site Configuration +------------------- +Settings for customizing your Mattermost deployment. -AD/LDAP +Customization ~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E10 and higher* -Enable sign-in with AD/LDAP +Site Name ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost allows login using AD/LDAP or Active Directory. - -**False**: Login with AD/LDAP is disabled. +Name of service shown in login screens and UI. Maximum 30 characters. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"SiteName": "Mattermost"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Synchronization with AD/LDAP +Site Description ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost periodically synchronizes users from AD/LDAP. - -**False**: AD/LDAP synchronization is disabled. +Description of service shown in login screens and UI. When not specified, "All team communication in one place, searchable and accessible anywhere" is displayed. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSync": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"CustomDescriptionText": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -AD/LDAP Server +Enable Custom Branding ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The domain or IP address of the AD/LDAP server. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LdapServer": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* -AD/LDAP Port -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The port Mattermost will use to connect to the AD/LDAP server. Default is 389. +**True**: Enables custom branding to show a JPG image some custom text on the server login page. + +**False**: Custom branding is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LdapPort": 389`` with numerical input. | +| This feature's ``config.json`` setting is ``"EnableCustomBrand": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Connection Security +Custom Brand Image ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The type of connection security Mattermost uses to connect to AD/LDAP. -**None**: No encryption, Mattermost will not attempt to establish an encrypted connection to the AD/LDAP server. +Custom JPG image is displayed on left side of server login page. Recommended maximum image size is less than 2 MB because image will be loaded for every user who logs in. -**TLS**: Encrypts the communication between Mattermost and your server using TLS. ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This features has no ``config.json`` setting and must be set in the System Console user interface. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**STARTTLS**: Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS. +Custom Brand Text +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If the "No encryption" option is selected it is highly recommended that the AD/LDAP connection is secured outside of Mattermost, for example, by adding a stunnel proxy. +Custom text will be shown below custom brand image on left side of server login page. Maximum 500 characters allowed. You can format this text using the same `Markdown formatting codes `__ as using in Mattermost messages. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``TLS`` and ``STARTTLS`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"CustomBrandText": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Skip Certificate Verification +Help link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the AD/LDAP server that will be used to populate the nickname of users in Mattermost. +Configurable link to a Help page your organization may provide to end users. By default, links to Mattermost help documentation hosted on `docs.mattermost.com `__. -**True**: Skips the certificate verification step for TLS or STARTTLS connections. Not recommended for production environments where TLS is required. For testing only. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"HelpLink": "https://about.mattermost.com/default-help/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Mattermost does not skip certificate verification. +Support Email +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Set an email for feedback or support requests. + +So you don't miss messages, please make sure to change this value to an email your system administrator receives, example: `support@yourcompany.com`. This address is displayed on email notifications and during the Getting Started tutorial for end users to ask support questions. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipCertificateVerification": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"SupportEmail":"feedback@mattermost.com"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Base DN +Terms of Service link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The **Base Distinguished Name** of the location where Mattermost should start its search for users in the AD/LDAP tree. +Configurable link to Terms of Service your organization may provide to end users. By default, links to a Terms of Service page hosted on about.mattermost.com. If changing the link to a different Terms of Service, make sure to include the "Mattermost Conditions of Use" notice to end users that must also be shown to users from the "Terms of Service" link. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BaseDN": ""`` with string input. | +| This feature's ``config.json`` setting is ``"TermsOfServiceLink": "https://about.mattermost.com/default-terms/"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Bind Username +Privacy Policy link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The username used to perform the AD/LDAP search. This should be an account created specifically for use with Mattermost Its permissions should be limited to read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. When using Active Directory, **Bind Username** should specify domain in ``DOMAIN/username`` format. This field is required, and anonymous bind is not currently supported. +Configurable link to Privacy Policy your organization may provide to end users. By default, links to a Privacy Policy page hosted on about.mattermost.com. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BindUsername": ""`` with string input. | +| This feature's ``config.json`` setting is ``"PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Bind Password +About link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Password of the user given in **Bind Username**. Anonymous bind is not currently supported. +Configurable link to an About page describing your organization may provide to end users. By default, links to an About page hosted on about.mattermost.com. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BindPassword": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AboutLink": "https://about.mattermost.com/default-about/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -User Filter +Report a Problem link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) Enter an AD/LDAP Filter to use when searching for user objects (accepts `general syntax `__). Only the users selected by the query will be able to access Mattermost. +Set the link for the support website. -Sample filters for Active Directory: ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/"`` with string input. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -- To filter out disabled users: ``(&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`` -- To filter out by group membership, determine the distinguishedName of your group, then use the group membership general syntax format as your filter. +Mattermost Apps Download Page Link +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Configurable link to a download page for Mattermost Apps. When a link is present, an option to "Download Apps" will be added in the Main Menu so users can find the download page. Leave this field blank to hide the option from the Main Menu. Defaults to a page on about.mattermost.com where users can download the iOS, Android, and Desktop clients. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to a customized download page where users can find the correct apps. - * For example, if the security group distinguishedName is ``CN=group1,OU=groups,DC=example,DC=com``, then the user filter to use is: ``(memberOf=CN=group1,OU=groups,DC=example,DC=com)``. Note that the user must explicitly belong to this group for the filter to apply. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AppDownloadLink": "https://about.mattermost.com/downloads/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -This filter uses the permissions of the **Bind Username** account to execute the search. Administrators should make sure to use a specially created account for Bind Username with read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. +Android App Download Link +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Configurable link to download the Android app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserFilter": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/"`` with string input. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Group Filter +iOS App Download Link ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) Enter an AD/LDAP Filter to use when searching for group objects (accepts `general syntax `__). Only the groups selected by the query will be able accessible to Mattermost. +Configurable link to download the iOS app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. -This filter is defaulted to ```(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))``` when blank. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"`` with string input. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. note:: - This filter is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). +Localization +~~~~~~~~~~~~~~~~~~~~~~~~~ +Default Server Language +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Default language for system messages and logs. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupFilter": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Changes to this setting require a server restart before taking effect. -Group Display Name Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Required) Enter an AD/LDAP Group Display name attribute used to populate Mattermost Group names. ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultServerLocale": "en"`` with options ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. note:: - This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). +Default Client Language +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Default language for newly created users and pages where the user hasn't logged in. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupDisplayNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultClientLocale": "en"`` with options ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Group Id Attribute +Available Languages ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Required) Enter an AD/LDAP Group ID attribute to use as a unique identifier for Groups. This should be an AD/LDAP value that does not change. +Sets which languages are available for users in **Account Settings** > **Display** > **Languages**. Leave the field blank to add new languages automatically by default, or add new languages using the dropdown menu manually as they become available. If you're manually adding new languages, the **Default Client Language** must be added before saving the setting. .. note:: - This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GroupIdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Servers which upgraded to v3.1 need to manually set this field blank to have new languages added by default. -First Name Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the AD/LDAP server used to populate the first name of users in Mattermost. When set, users cannot edit their first name, since it is synchronized with the LDAP server. When left blank, users can set their first name in Account Settings. ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AvailableLocales": ""`` with options ``""``, ``de``, ``en``, ``es``, ``fr``, ``it``, ``ja``, ``ko``, ``nl``, ``pl``, ``pt-br``, ``ro``, ``ru``, ``tr``, ``zh_CN`` and ``zh_TW`` | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Users and Teams +~~~~~~~~~~~~~~~~~~~~~~~~~ -Last Name Attribute +Max Users Per Team ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the AD/LDAP server used to populate the last name of users in Mattermost. When set, users cannot edit their last name, since it is synchronized with the LDAP server. When left blank, users can set their last name in Account Settings. +Maximum number of users per team, excluding inactive users. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Nickname Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the AD/LDAP server used to populate the nickname of users in Mattermost. When set, users cannot edit their nickname, since it is synchronized with the LDAP server. When left blank, users can set their nickname in Account Settings. +The **Max Users Per Team** refers to the size of the "team site" which is workspace a "team of people" inhabits. A team of people is considered a small organization where people work closely together towards a specific shared goal and share the same etiquette. In the physical world, a team of people could typically be seated around a single table to have a meal and discuss their project. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +The default maximum of 50 people, is at the extreme high end of a single team of people. At this point organizations are more often "multiple teams of people" and investments in explicitly defining etiquette, such as `channel organization `__ or turning on `policy features `__ in Enterprise Edition, are often used to scale the high levels of productivity found in a team of people using Mattermost to multiple teams of people. -Position Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the AD/LDAP server used to populate the position field in Mattermost. When set, users cannot edit their position, since it is synchronized with the LDAP server. When left blank, users can set their position in Account Settings. +In terms of technical performance, `with appropriate hardware, Mattermost can easily scale to hundreds and even thousands of users `__, and provided the administrator believes the appropriate etiquette is in place, they should feel free to increase the default value. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | +| This feature's ``config.json`` setting is ``"MaxUsersPerTeam": 50`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Email Attribute +Max Channels Per Team ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the AD/LDAP server used to populate the email address field in Mattermost. -Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings choosen by the System Admin. +Maximum number of channels per team, including both active and deleted channels. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | +| This feature's ``config.json`` setting is ``"MaxChannelsPerTeam": 2000`` with whole number input.                                                                    | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Username Attribute +Enable users to open Direct Message channels with ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the AD/LDAP server used to populate the username field in Mattermost. This may be the same as the Login ID Attribute. -This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. +**Any user on the Mattermost server**: The Direct Messages "More" menu has the option to open a Direct Message channel with any user on the server. -The **Username Attribute** may be set to the same value used to sign-in to the system, called a **Login ID Attribute**, or it can be mapped to a different value. +**Any member of the team**: The Direct Messages "More" menu only has the option to open a Direct Message channel with users on the current team, and CTRL/CMD+K channel switcher only lists users on the current team. If a user belongs to multiple teams, direct messages will still be received regardless of what team they are currently on. + +This setting only affects the UI, not permissions on the server. For instance, a Direct Message channel can be created with anyone on the server regardless of this setting. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | +| This feature's ``config.json`` setting is ``"RestrictDirectMessage": "any"`` with options ``any`` and ``team`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -ID Attribute +Allow Team Administrators to edit others posts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the AD/LDAP server used as a unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change. +*This permission is stored in the database and can be modified using the System Console user interface.* -If a user's ID Attribute changes, it will create a new Mattermost account unassociated with their old one. +**True**: Team Administrators and System Administrators can edit other users' posts. -If you need to change this field after users have already logged in, use the `mattermost ldap idmigrate `__ CLI tool. +**False**: Only System Administrators can edit other users' posts. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +.. note:: + This setting is only available for Team Edition servers. Enterprise Edition servers can use `Advanced Permissions `__ to configure this permission. -Login ID Attribute + +Enable Team Directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the AD/LDAP server used to log in to Mattermost. Normally this attribute is the same as the "Username Attribute" field above. +*Removed in May 16th, 2016 release* -If your team typically uses domain\username to log in to other services with AD/LDAP, you may enter domain\username in this field to maintain consistency between sites. +**True**: Teams that are configured to appear in the team directory will appear on the system main page. Teams can configure this setting from **Team Settings > Include this team in the Team Directory**. + +**False**: Team directory on the system main page is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginIdAttribute": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableTeamListing": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Login Field Name -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The placeholder text that appears in the login field on the login page. Typically this would be whatever name is used to refer to AD/LDAP credentials in your company, so it is recognizable to your users. Defaults to **AD/LDAP Username**. +Teammate Name Display +^^^^^^^^^^^^^^^^^^^^^ +Specifies how names are displayed in the user interface. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginFieldName": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Show username**: Displays the user's username. -Synchronization Interval (minutes) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set how often Mattermost accounts synchronize attributes with AD/LDAP, in minutes. When synchronizing, Mattermost queries AD/LDAP for relevant account information and updates Mattermost accounts based on changes to attributes (first name, last name, and nickname). When accounts are disabled in AD/LDAP users are made inactive in Mattermost, and their active sessions are revoked once Mattermost synchronizes attributes. To synchronize immediately after disabling an account, use the "AD/LDAP Synchronize Now" button. +**Show nickname if one exists**: Displays the user's nickname. If the user does not have a nickname, their full name is displayed. If the user does not have a full name, their username is displayed. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SyncIntervalMinutes": 60`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Show first and last name**: Displays the user's full name. If the user does not have a full name, their username is displayed. Recommended when using SAML or LDAP if first name and last name attributes are configured. -Maximum Page Size ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TeammateNameDisplay": "username"`` with options ``username``, ``nickname_full_name``, and ``full_name``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Show Email Address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The maximum number of users the Mattermost server will request from the AD/LDAP server at one time. Use this setting if your AD/LDAP server limits the number of users that can be requested at once. 0 is unlimited. +**True**: Show email address of all users. + +**False**: Hide email address of users from other users in the user interface, including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Administrators will still be able to see email addresses in the UI. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxPageSize": 0`` with whole number input. | +| This feature's ``config.json`` setting is ``"ShowEmailAddress": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Query Timeout (seconds) +Show Full Name ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The timeout value for queries to the AD/LDAP server. Increase this value if you are getting timeout errors caused by a slow AD/LDAP server. +**True**: Show full name of all users. + +**False**: hide full name of users from other users including Team Admins. This is designed for managing teams where users choose to keep their contact information private. System Administrators will still be able to see full names in the UI. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"QueryTimeout": 60`` with whole number input. | +| This feature's ``config.json`` setting is ``"ShowFullName": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -AD/LDAP Test -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This button can be used to test the connection to the AD/LDAP server. If the test is successful, it shows a confirmation message and if there is a problem with the configuration settings it will show an error message. +Notifications +~~~~~~~~~~~~~~~~~~~~~~~~~ -AD/LDAP Synchronize Now +Show @channel and @all confirmation dialog ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This button causes AD/LDAP synchronization to occur as soon as it is pressed. Use it whenever you have made a change in the AD/LDAP server you want to take effect immediately. After using the button, the next AD/LDAP synchronization will occur after the time specified by the Synchronization Interval. - -You can monitor the status of the synchronization job in the table below this button. - -.. note:: - If synchronization **Status** displays as ``Pending`` and does not complete, make sure that the **Enable Synchronization with AD/LDAP** setting is set to ``true``. - -.. figure:: ../images/ldap-sync-table.png - -________ - -.. _saml-enterprise: -SAML -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* +**True**: Users will be prompted to confirm when posting @channel and @all in channels with over five members. -.. note:: - In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. +**False**: No confirmation is required. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableConfirmNotificationsToChannel": true`` with options ``true`` and ``false`` for above settings respectively.              | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Login With SAML +Enable Email Notifications ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost allows login using SAML. Please see `documentation `__ to learn more about configuring SAML for Mattermost. +**True**: Enables sending of email notifications. -**False**: Login with SAML is disabled. +**False**: Disables email notifications for developers who may want to skip email setup for faster development. To remove the **Preview Mode: Email notifications have not been configured** banner, also set **Enable Preview Mode Banner** to ``false``. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"SendEmailNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Synchronizing SAML Accounts With AD/LDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost periodically synchronizes SAML user attributes, including user deactivation and removal, with AD/LDAP. Enable and configure synchronization settings at Authentication > AD/LDAP. See `documentation `__ to learn more. +.. _email-preview-mode-banner-config: -**False**: Synchronization of SAML accounts with AD/LDAP is disabled. +Enable Preview Mode Banner +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Preview Mode banner is displayed to all users when ``"SendEmailNotifications": false`` so users are aware that email notifications are disabled. + +**False**: Preview Mode banner is not displayed to users. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSyncWithLdap": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnablePreviewModeBanner": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Override SAML Bind Data with AD/LDAP Information +Enable Email Batching ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost overrides the SAML ID attribute with the AD/LDAP ID attribute if configured or overrides the SAML Email attribute with the AD/LDAP Email attribute if SAML ID attribute is not present. See `documentation `__ to learn more. - -**False**: Mattermost uses the email attribute to bind users to SAML. +**True**: Users can select how often to receive email notifications, and multiple notifications within that timeframe will be combined into a single email. Batching will occur at a default interval of 15 minutes, configurable in **Account Settings** > **Notifications**. .. note:: - Moving from true to false will prevent the override from happening. To prevent the disabling of user accounts, SAML IDs must match the LDAP IDs when this feature is enabled. This setting should be set to false unless LDAP sync is enabled. + Email batching cannot be enabled unless the `SiteURL `__ is configured. Email batching in `High Availability mode `__ is planned but not yet supported. + +**False**: If email notifications are enabled in Account Settings, emails will be sent individually for every mention or direct message received. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSyncWithLdapIncludeAuth": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableEmailBatching": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -SAML SSO URL +Email Notification Contents ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The URL where Mattermost sends a SAML request to start login sequence. +*Available in Enterprise Edition E20* -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpURL": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Send full message contents**: Sender name and channel are included in email notifications. -Identity Provider Issuer URL -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The issuer URL for the Identity Provider you use for SAML requests. +**Send generic description with only sender name**: The team name and name of the person who sent the message, with no information about channel name or message contents, is included in email notifications. Typically used for compliance reasons if Mattermost contains confidential information and policy dictates it cannot be stored in email. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpDescriptorUrl": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailNotificationContentsType": "full"`` with options ``full`` and ``generic`` for above settings respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Identity Provider Public Certificate +Notification Display Name ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The public authentication certificate issued by your Identity Provider. +Name displayed on email account used when sending notification emails from Mattermost system. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdpCertificateFile": ""`` with string input. | +| This feature's ``config.json`` setting is ``"FeedbackName": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Verify Signature +Notification From Address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL. +Address displayed on email account used when sending notification emails from Mattermost system. -**False**: Not recommended for production environments. For testing only. +So you don't miss messages, please make sure to change this value to an email your system administrator receives, example: `admin@yourcompany.com`. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Verify": true`` with options ``true`` and ``false``. | +| This feature's ``config.json`` setting is ``"FeedbackEmail": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Service Provider Login URL +Notification Reply-To Address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Enter ``https:///login/sso/saml`` (example: ``https://example.com/login/sso/saml``). Make sure you use HTTP or HTTPS in your URL depending on your server configuration. This field is also known as the Assertion Consumer Service URL. +Email address used in the Reply-To header when sending notification emails from Mattermost. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AssertionConsumerServiceURL": ""`` with string input. | +| This feature's ``config.json`` setting is ``"ReplyToAddress": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Encryption +Notification Footer Mailing Address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate. - -**False**: Not recommended for production environments. For testing only. +Organization name and mailing address displayed in the footer of email notifications from Mattermost, such as "© ABC Corporation, 565 Knight Way, Palo Alto, California, 94305, USA". If the field is left empty, the organization name and mailing address will not be displayed. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Encrypt": true`` with options ``true`` and ``false``. | +| This feature's ``config.json`` setting is ``"FeedbackOrganization": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Service Provider Private Key +Push Notification Contents ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The private key used to decrypt SAML Assertions from the Identity Provider. +**Send generic description with only sender name**: Push notifications include only the name of the person who sent the message but no information about channel name or message text. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Send generic description with user and channel names**: Push notifications include names of users and channels but no specific details from the message text. -Service Provider Public Certificate -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The certificate file used to generate the signature on a SAML request to the Identity Provider for a service provider initiated SAML login, when Mattermost is the Service Provider. +**Send full message snippet**: Selecting "Send full message snippet" sends excerpts from messages triggering notifications with specifics and may include confidential information sent in messages. If your Push Notification Service is outside your firewall, it is HIGHLY RECOMMENDED this option only be used with an "https" protocol to encrypt the connection. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PushNotificationContents": "generic"`` with options ``generic_no_channel``, ``generic`` and ``full`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Email Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the SAML Assertion that will be used to populate the email addresses of users in Mattermost. +Announcement Banner +~~~~~~~~~~~~~~~~~~~~~~~~~ -Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings choosen by the System Admin. +Enable Announcement Banner +^^^^^^^^^^^^^^^^^^^^^^^^^^ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Enable an announcement banner across all teams. The banner is displayed at the top of the screen and is the entire width of the screen. By default, users can dismiss the banner until you either change the text of the banner or until you re-enable the banner after it has been disabled. You can prevent users from dismissing the banner, and you can control the text color and the background color. -Username Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The attribute in the SAML Assertion that will be used to populate the username field in Mattermost user interface. This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. +**True**: Enable the announcement banner. The banner is displayed only if ``BannerText`` has a value. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Disable the announcement banner. -Id Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion used to bind users from SAML to users in Mattermost. ++-----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableBanner": false`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Banner Text +^^^^^^^^^^^ -First Name Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion that will be used to populate the first name of users in Mattermost. +The text of the announcement banner. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BannerText": ""`` with string input. | ++------------------------------------------------------------------------------------+ -Last Name Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion that will be used to populate the last name of users in Mattermost. +Banner Color +^^^^^^^^^^^^ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +The background color of the announcement banner. -Nickname Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion that will be used to populate the nickname of users in Mattermost. ++---------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``""BannerColor": "#f2a93b"`` with string input. | ++---------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Banner Text Color +^^^^^^^^^^^^^^^^^ -Position Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion that will be used to populate the position field for users in Mattermost (typically used to describe a person's job title or role at the company). +The color of the text in the announcement banner. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``""BannerTextColor": "#333333"`` with string input. | ++-------------------------------------------------------------------------------------------------+ -Preferred Language Attribute -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The attribute in the SAML Assertion that will be used to populate the language of users in Mattermost. +Allow Banner Dismissal +^^^^^^^^^^^^^^^^^^^^^^ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LocaleAttribute": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**True**: Users can dismiss the banner until the next time they log in or the banner is updated. -Login Button Text -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The text that appears in the login button on the login page. Defaults to ``SAML``. +**False**: The banner is permanently visible until it is turned off by the System Admin. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonText": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Scoping IDP Provider Id -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. ++-------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``""AllowBannerDismissal": true`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Emoji +~~~~~~~~~~~~~~~~~~~~~~~~~ +Enable Emoji Picker +^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Enables an emoji picker that allows users to select emoji to add as reactions or use in messages. Enabling the emoji picker with a large number of custom emoji may slow down performance. -Scoping IDP Name -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Adds the name associated with a user's Scoping Identity Provider ID. +**False**: Emoji picker is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableCustomEmoji": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - - -MFA -~~~~~~~~~~~~~~~~~~~~~~~~~ -Configure security settings for multi-factor authentication. - -The default recommendation for secure deployment is to host Mattermost within your own private network, with VPN clients on mobile, so everything works under your existing security policies and authentication protocols, which may already include multi-factor authentication. - -If you choose to run Mattermost outside your private network, bypassing your existing security protocols, it is recommended you set up a multi-factor authentication service specifically for accessing Mattermost. - - -Enable Multi-factor Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: When true, users with LDAP and email authentication will be given the option to require a phone-based passcode, in addition to their password-based authentication, to sign-in to the Mattermost server. Specifically, they will be asked to download the `Google Authenticator `__ app to their iOS or Android mobile device, connect the app with their account, and then enter a passcode generated by the app on their phone whenever they log in to the Mattermost server. +Enable Custom Emoji +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Enables a Custom Emoji option in the Main Menu, where users can go to create customized emoji. -**False**: Multi-factor authentication is disabled. +**False**: Custom emojis are disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMultifactorAuthentication": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableCustomEmoji": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enforce Multi-factor Authentication -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* - -**True**: When true, `multi-factor authentication (MFA) `__ is required for login. New users will be required to configure MFA on sign-up. Logged in users without MFA configured are redirected to the MFA setup page until configuration is complete. If your system has users with login options other than AD/LDAP and email, MFA must be enforced with the authentication provider outside of Mattermost. +Restrict Custom Emoji Creation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* -**False**: Multi-factor authentication is optional. +*Available in Enterprise Edition E10 and higher* -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Allow everyone to create custom emoji**: Allows everyone to create custom emoji from the **Main Menu** > **Custom Emoji**. -________ +**Allow System and Team Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System or Team Admins. +**Only allow System Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System Admins. -Security --------------------------------- -Configure security settings for account creation, login, public links and connection requests. ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictCustomEmojiCreation": "all"`` with options ``all``, ``admin`` and ``system_admin`` for above settings respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Sign Up +Posts ~~~~~~~~~~~~~~~~~~~~~~~~~ -Require Email Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Require email verification after account creation prior to allowing login. +Enable Link Previews +^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Enables users to display a preview of website content below the message, if available. When true, website previews can be enabled from Account Settings > Display > Website Link Previews. -**False**: Users do not need to verify their email address prior to login. Developers may set this field to false so skip sending verification emails for faster development. +**False**: Website link previews are disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RequireEmailVerification": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableLinkPreviews": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Open Server -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Users can sign up to the server from the root page without an invite. - -**False**: Users can only sign up to the server if they receive an invite. +Custom URL Schemes +^^^^^^^^^^^^^^^^^^^^^^^^^ +A list of URL schemes that are used for autolinking in message text. ``http``, ``https``, ``ftp``, ``tel`` and ``mailto`` always create links. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOpenServer": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"CustomUrlSchemes": []`` which takes an array of URL schemes such as ``["git", "smtp"]`. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Email Invitations +Google API Key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Mattermost offers the ability to embed YouTube videos from URLs shared by end users. Set this key and add YouTube Data API v3 as a service to your key to enable the display of titles for embedded YouTube video previews. Without the key, YouTube previews will still be created based on hyperlinks appearing in messages or comments but they will not show the video title. If Google detects the number of views is exceedingly high, they may throttle embed access. Should this occur, you can remove the throttle by registering for a Google Developer Key and entering it in this field following these instructions: https://www.youtube.com/watch?v=Im69kzhpR3I. Your Google Developer Key is used in client-side Javascript. -**True**: Users can invite others to the Mattermost system by email. - -**False**: Email invitations are disabled. +Using a Google API Key allows Mattermost to detect when a video is no longer available and display the post with a *Video not found* label. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"EnableEmailInvitations": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"GoogleDeveloperKey": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +File Sharing and Downloads +~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Password -~~~~~~~~~~~~~~~~~~~~~~~~~ -Minimum Password Length +Allow File Sharing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +When false, disables file sharing on the server. All file and image uploads on messages are forbidden across clients and devices, including mobile. -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -Minimum number of characters required for a valid password. Must be a whole number greater than or equal to 5 and less than or equal to 64. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MinimumLength": 5"`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableFileAttachments": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ -Password Requirements +Allow File Uploads on Mobile ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E20* -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -Set the required character types to be included in a valid password. Defaults to allow any characters unless otherwise specified by the checkboxes. The error messasage previewed in the System Console will appear on the account creation page if a user enters an invalid password. - -- **At least one lowercase letter**: Select this checkbox if a valid password must contain at least one lowercase letter. -- **At least one uppercase letter**: Select this checkbox if a valid password must contain at least one uppercase letter. -- **At least one number**: Select this checkbox if a valid password must contain at least one number. -- **At least one symbol**: Select this checkbox if a valid password must contain at least one symbol. Valid symbols include: ``!"#$%&'()*+,-./:;<=>?@[]^_`|~`` - -This feature's ``config.json`` settings are, respectively: - -.. list-table:: - :widths: 80 +When false, disables file uploads on mobile apps. All file and image uploads on messages are forbidden across clients and devices, including mobile. - * - ``"Lowercase": false`` with options ``true`` and ``false`` - * - ``"Number": false`` with options ``true`` and ``false`` - * - ``"Uppercase": false`` with options ``true`` and ``false`` - * - ``"Symbol": false`` with options ``true`` and ``false`` ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMobileUpload": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ -Maximum Login Attempts +Allow File Downloads on Mobile ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Failed login attempts allowed before a user is locked out and required to reset their password via email. +*Available in Enterprise Edition E20* -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaximumLoginAttempts": 10`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +When false, disables file downloads on mobile apps. Users can still download files from a mobile web browser. -________ ++---------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMobileDownload": true`` with options ``true`` and ``false``. | ++---------------------------------------------------------------------------------------------------------------------+ Public Links ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1592,1010 +1779,1021 @@ Public Link Salt | This feature's ``config.json`` setting is ``"PublicLinkSalt": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -_________ +Authentication +--------------- +Authentication settings to enable account creation and sign in with email, GitLab, Google or Office 365 OAuth, AD/LDAP, or SAML. -Sessions +Signup ~~~~~~~~~~~~~~~~~~~~~~~~~ -User sessions are cleared when a user tries to log in. Additionally, a job runs every 24 hours to clear sessions from the sessions database table. -Session length for email and AD/LDAP authentication (days) +Enable Account Creation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the number of days from the last time a user entered their credentials to the expiry of the user's session on email and AD/LDAP authentication. +**True**: Ability to create new accounts is enabled via inviting new members or sharing the team invite link. -After changing this setting, the new session length will take effect after the next time the user enters their credentials. +**False**: Ability to create accounts is disabled. The **Create Account** button displays an error when trying to signup via an email invite or team invite link. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthWebInDays" : 180`` with whole number input. | +| This feature's ``config.json`` setting is ``"EnableUserCreation": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Session length for mobile apps (days) +Restrict account creation to specified email domains ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the number of days from the last time a user entered their credentials to the expiry of the user's session on mobile apps. +Teams and user accounts can only be created by a verified email from this list of comma-separated domains (e.g. "corp.mattermost.com, mattermost.org"). -After changing this setting, the new session length will take effect after the next time the user enters their credentials. +This setting only affects email login. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthMobileInDays" : 180`` with whole number input. | +| This feature's ``config.json`` setting is ``"RestrictCreationToDomains": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Session length for GitLab SSO authentication (days) +Enable Open Server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML or GitLab, the user may automatically be logged back in to Mattermost if they are already logged in to SAML or GitLab. - -After changing this setting, the setting will take effect after the next time the user enters their credentials. +**True**: Users can sign up to the server from the root page without an invite. -If the authentication method is SAML, this defines the SAML session length. +**False**: Users can only sign up to the server if they receive an invite. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +| This feature's ``config.json`` setting is ``"EnableOpenServer": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Session length for SSO authentication (days) +Enable Email Invitations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting defines the session length for SSO authentication, such as GitLab and SAML. - -Set the number of days from the last time a user entered their credentials to the expiry of the user's session. If the authentication method is SAML or GitLab, the user may automatically be logged back in to Mattermost if they are already logged in to SAML or GitLab. +**True**: Users can invite others to the Mattermost system by email. -After changing this setting, the setting will take effect after the next time the user enters their credentials. +**False**: Email invitations are disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionLengthSSOInDays" : 30`` with whole number input. | +| This feature’s ``config.json`` setting is ``"EnableEmailInvitations": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Session Cache (minutes) +Invalidate pending email invites ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the number of minutes to cache a session in memory. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionCacheInMinutes" : 10`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +This button invalidates active email invitations that have not been accepted by the user. By default email invitations expire after 48 hours. -Session Idle Timeout (minutes) +Enable Team Creation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The number of minutes from the last time a user was active on the system to the expiry of the user's session. Once expired, the user will need to log in to continue. Minimum is 5 minutes, and 0 is unlimited. +*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* -Applies to the desktop app and browsers. For mobile apps, use an EMM provider to lock the app when not in use. In High Availability mode, enable IP hash load balancing for reliable timeout measurement. +**True**: Ability to create a new team is enabled for all users. + +**False**: Only System Administrators can create teams from the team selection page. The **Create A New Team** button is hidden in the main menu UI. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SessionIdleTimeoutInMinutes" : 43200`` with whole number input. | +| This feature's ``config.json`` setting is ``"EnableTeamCreation": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -Connections +Email ~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable cross-origin requests from + +Enable account creation with email ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Enable HTTP cross-origin requests from specific domains separated by spaces. Type ``*`` to allow CORS from any domain or leave it blank to disable it. -.. note:: - Please make sure you have entered your Site URL before enabling this setting to prevent losing access to the System Console after saving. If you experience lost access to the System Console after changing this setting, you can set your `Site URL `__ through the ``config.json`` file. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowCorsFrom": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**True**: Allow team creation and account signup using email and password. -CORS Exposed Headers -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Whitelist of headers that will be accessible to the requester. +**False**: Email signup is disabled. This limits signup to single sign-on services like OAuth or AD/LDAP. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsExposedHeaders": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableSignUpWithEmail": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -CORS Allow Credentials +Require Email Verification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Requests that pass validation will include the ``Access-Control-Allow-Credentials`` header. +**True**: Require email verification after account creation prior to allowing login. -**False**: Requests won't include the ``Access-Control-Allow-Credentials`` header. +**False**: Users do not need to verify their email address prior to login. Developers may set this field to false so skip sending verification emails for faster development. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsAllowCredentials": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"RequireEmailVerification": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -CORS Debug +Enable sign-in with email ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Prints messages to the logs to help when developing an integration that uses CORS. These messages will include the structured key value pair ``"source":"cors"``. -**False**: Debug messages not printed to the logs. +**True**: Mattermost allows account creation using email and password. + +**False**: Sign in with email is disabled and does not appear on the login screen. Use this value when you want to limit sign up to a single sign-on service like AD/LDAP, SAML or GitLab. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CorsDebug": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableSignInWithEmail": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Insecure Outgoing Connections +Enable sign-in with username ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Outgoing HTTPS requests can accept unverified, self-signed certificates. For example, outgoing webhooks to a server with a self-signed TLS certificate, using any domain, will be allowed. -**False**: Only secure HTTPS requests are allowed. +**True**: Mattermost allows users with email login to sign in using their username and password. This setting does not affect AD/LDAP login. -Security note: Enabling this feature makes these connections susceptible to man-in-the-middle attacks. +**False**: Sign in with username is disabled and does not appear on the login screen. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableInsecureOutgoingConnections": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``EnableSignInWithUsername": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Password +~~~~~~~~~~~~~~~~~~~~~~~~~ +Minimum Password Length +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Notifications --------------------------------- -Settings to configure email and mobile push notifications. +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* -Email -~~~~~~~~~~~~~~~~~~~~~~~~~ +Minimum number of characters required for a valid password. Must be a whole number greater than or equal to 5 and less than or equal to 64. -.. _email-notification-config: ++----------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"MinimumLength": 10”`` with whole number input. | ++----------------------------------------------------------------------------------------------------------+ -Enable Email Notifications +Password Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Enables sending of email notifications. -**False**: Disables email notifications for developers who may want to skip email setup for faster development. To remove the **Preview Mode: Email notifications have not been configured** banner, also set **Enable Preview Mode Banner** to ``false``. +*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SendEmailNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Set the required character types to be included in a valid password. Defaults to allow any characters unless otherwise specified by the checkboxes. The error messasage previewed in the System Console will appear on the account creation page if a user enters an invalid password. -.. _email-preview-mode-banner-config: +- **At least one lowercase letter**: Select this checkbox if a valid password must contain at least one lowercase letter. +- **At least one uppercase letter**: Select this checkbox if a valid password must contain at least one uppercase letter. +- **At least one number**: Select this checkbox if a valid password must contain at least one number. +- **At least one symbol**: Select this checkbox if a valid password must contain at least one symbol. Valid symbols include: ``!"#$%&'()*+,-./:;<=>?@[]^_`|~`` -Enable Preview Mode Banner -^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Preview Mode banner is displayed to all users when ``"SendEmailNotifications": false`` so users are aware that email notifications are disabled. +This feature's ``config.json`` settings are, respectively: -**False**: Preview Mode banner is not displayed to users. +.. list-table:: + :widths: 80 + + * - ``"Lowercase": true`` with options ``true`` and ``false`` + * - ``"Number": true`` with options ``true`` and ``false`` + * - ``"Uppercase": true`` with options ``true`` and ``false`` + * - ``"Symbol": true`` with options ``true`` and ``false`` + +Maximum Login Attempts +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Failed login attempts allowed before a user is locked out and required to reset their password via email. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePreviewModeBanner": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"MaximumLoginAttempts": 10`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Email Batching -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Users can select how often to receive email notifications, and multiple notifications within that timeframe will be combined into a single email. Batching will occur at a default interval of 15 minutes, configurable in **Account Settings** > **Notifications**. +MFA +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure security settings for multi-factor authentication. -.. note:: - Email batching cannot be enabled unless the `SiteURL `__ is configured. Email batching in `High Availability mode `__ is planned but not yet supported. +The default recommendation for secure deployment is to host Mattermost within your own private network, with VPN clients on mobile, so everything works under your existing security policies and authentication protocols, which may already include multi-factor authentication. -**False**: If email notifications are enabled in Account Settings, emails will be sent individually for every mention or direct message received. +If you choose to run Mattermost outside your private network, bypassing your existing security protocols, it is recommended you set up a multi-factor authentication service specifically for accessing Mattermost. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableEmailBatching": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Notification Contents +Enable Multi-factor Authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E20* -**Send full message contents**: Sender name and channel are included in email notifications. +**True**: When true, users with LDAP and email authentication will be given the option to require a phone-based passcode, in addition to their password-based authentication, to sign-in to the Mattermost server. Specifically, they will be asked to download the `Google Authenticator `__ app to their iOS or Android mobile device, connect the app with their account, and then enter a passcode generated by the app on their phone whenever they log in to the Mattermost server. -**Send generic description with only sender name**: The team name and name of the person who sent the message, with no information about channel name or message contents, is included in email notifications. Typically used for compliance reasons if Mattermost contains confidential information and policy dictates it cannot be stored in email. +**False**: Multi-factor authentication is disabled. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EmailNotificationContentsType": "full"`` with options ``full`` and ``generic`` for above settings respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMultifactorAuthentication": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Notification Display Name +Enforce Multi-factor Authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Name displayed on email account used when sending notification emails from Mattermost system. +*Available in Enterprise Edition E10 and higher* + +**True**: When true, `multi-factor authentication (MFA) `__ is required for login. New users will be required to configure MFA on sign-up. Logged in users without MFA configured are redirected to the MFA setup page until configuration is complete. If your system has users with login options other than AD/LDAP and email, MFA must be enforced with the authentication provider outside of Mattermost. + +**False**: Multi-factor authentication is optional. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackName": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnforceMultifactorAuthentication": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Notification From Address +AD/LDAP +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E10 and higher* + +Enable sign-in with AD/LDAP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Address displayed on email account used when sending notification emails from Mattermost system. +**True**: Mattermost allows login using AD/LDAP or Active Directory. -So you don't miss messages, please make sure to change this value to an email your system administrator receives, example: `admin@yourcompany.com`. +**False**: Login with AD/LDAP is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackEmail": ""`` with string input. | +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Notification Reply-To Address +Enable Synchronization with AD/LDAP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Email address used in the Reply-To header when sending notification emails from Mattermost. +**True**: Mattermost periodically synchronizes users from AD/LDAP. + +**False**: AD/LDAP synchronization is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReplyToAddress": ""`` with string input. | +| This feature's ``config.json`` setting is ``"EnableSync": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Notification Footer Mailing Address +AD/LDAP Server ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Organization name and mailing address displayed in the footer of email notifications from Mattermost, such as "© ABC Corporation, 565 Knight Way, Palo Alto, California, 94305, USA". If the field is left empty, the organization name and mailing address will not be displayed. +The domain or IP address of the AD/LDAP server. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"FeedbackOrganization": ""`` with string input. | +| This feature's ``config.json`` setting is ``"LdapServer": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -SMTP Server +AD/LDAP Port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Location of SMTP email server. +The port Mattermost will use to connect to the AD/LDAP server. Default is 389. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPServer": ""`` with string input. | +| This feature's ``config.json`` setting is ``"LdapPort": 389`` with numerical input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -SMTP Server Port +Connection Security ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Port of SMTP email server. +The type of connection security Mattermost uses to connect to AD/LDAP. + +**None**: No encryption, Mattermost will not attempt to establish an encrypted connection to the AD/LDAP server. + +**TLS**: Encrypts the communication between Mattermost and your server using TLS. + +**STARTTLS**: Takes an existing insecure connection and attempts to upgrade it to a secure connection using TLS. + +If the "No encryption" option is selected it is highly recommended that the AD/LDAP connection is secured outside of Mattermost, for example, by adding a stunnel proxy. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPPort": ""`` with string input. | +| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``TLS`` and ``STARTTLS`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable SMTP Authentication +Skip Certificate Verification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the AD/LDAP server that will be used to populate the nickname of users in Mattermost. -**True**: SMTP username and password are used for authenticating to the SMTP server. +**True**: Skips the certificate verification step for TLS or STARTTLS connections. Not recommended for production environments where TLS is required. For testing only. -**False**: Mattermost doesn't attempt to authenticate to the SMTP server. +**False**: Mattermost does not skip certificate verification. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSMTPAuth": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"SkipCertificateVerification": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -SMTP Server Username +Base DN ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The username for authenticating to the SMTP server. +The **Base Distinguished Name** of the location where Mattermost should start its search for users in the AD/LDAP tree. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPUsername": ""`` with string input. | +| This feature's ``config.json`` setting is ``"BaseDN": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -SMTP Server Password +Bind Username ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The password associated with the SMTP username. +The username used to perform the AD/LDAP search. This should be an account created specifically for use with Mattermost Its permissions should be limited to read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. When using Active Directory, **Bind Username** should specify domain in ``DOMAIN/username`` format. This field is required, and anonymous bind is not currently supported. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SMTPPassword": ""`` with string input. | +| This feature's ``config.json`` setting is ``"BindUsername": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. _email-tls: - -Connection Security +Bind Password ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``None``: Send email over an unsecure connection. +Password of the user given in **Bind Username**. Anonymous bind is not currently supported. -``TLS``: Communication between Mattermost and your email server is encrypted. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"BindPassword": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -``STARTTLS``: Attempts to upgrade an existing insecure connection to a secure connection using TLS. +User Filter +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) Enter an AD/LDAP Filter to use when searching for user objects (accepts `general syntax `__). Only the users selected by the query will be able to access Mattermost. -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionSecurity": ""`` with options ``""``, ``TLS`` and ``STARTTLS`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Sample filters for Active Directory: -Skip Server Certificate Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +- To filter out disabled users: ``(&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`` +- To filter out by group membership, determine the distinguishedName of your group, then use the group membership general syntax format as your filter. -**True**: Mattermost will not verify the email server certificate. + * For example, if the security group distinguishedName is ``CN=group1,OU=groups,DC=example,DC=com``, then the user filter to use is: ``(memberOf=CN=group1,OU=groups,DC=example,DC=com)``. Note that the user must explicitly belong to this group for the filter to apply. -**False**: Mattermost will verify the email server certificate. +This filter uses the permissions of the **Bind Username** account to execute the search. Administrators should make sure to use a specially created account for Bind Username with read-only access to the portion of the AD/LDAP tree specified in the **Base DN** field. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``false` and ``true`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"UserFilter": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Security Alerts +Group Filter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) Enter an AD/LDAP Filter to use when searching for group objects (accepts `general syntax `__). Only the groups selected by the query will be able accessible to Mattermost. -**True**: Enable System Admins to be notified by email if a relevant security fix alert is announced. Requires email to be enabled. To learn more about this feature, see :doc:`telemetry`. +This filter is defaulted to ```(|(objectClass=group)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))``` when blank. -**False**: Security alerts are disabled. +.. note:: + This filter is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSecurityFixAlert": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"GroupFilter": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -Mobile Push -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable Push Notifications +Group Display Name Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Your Mattermost server sends mobile push notifications to the server specified in **PushNotificationServer**. +(Required) Enter an AD/LDAP Group Display name attribute used to populate Mattermost Group names. -**False**: Mobile push notifications are disabled. +.. note:: + This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SendPushNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"GroupDisplayNameAttribute": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Push Notification Server +Group Id Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Location of Mattermost Push Notification Service (MPNS), which re-sends push notifications from Mattermost to services like Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM). - -To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__: - -- For Enterprise Edition, enter ``https://push.mattermost.com`` for the push notification server hosted in the United States. If you prefer to use a push notification server hosted in Germany, enter ``https://hpns-de.mattermost.com/`` -- For Team Edition, enter ``https://push-test.mattermost.com`` - -Please review full documentation on `push Notifications and mobile applications `__ including guidance on compiling your own mobile apps and MPNS before deploying to production. +(Required) Enter an AD/LDAP Group ID attribute to use as a unique identifier for Groups. This should be an AD/LDAP value that does not change. .. note:: - The ``https://push-test.mattermost.com`` provided for testing push notifications prior to compiling your own service please make sure `to read about its limitations `_. + This attribute is used only when AD/LDAP Group Sync is enabled. See `AD/LDAP Group Sync documentation `_ for more information on enabling and configuring AD/LDAP Group Sync (*Available in Enterprise Edition E20 and higher*). +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PushNotificationServer": "https://push-test.mattermost.com"`` with string input. | +| This feature's ``config.json`` setting is ``"GroupIdAttribute": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Push Notification Contents +First Name Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**Send generic description with only sender name**: Push notifications include only the name of the person who sent the message but no information about channel name or message text. +(Optional) The attribute in the AD/LDAP server used to populate the first name of users in Mattermost. When set, users cannot edit their first name, since it is synchronized with the LDAP server. When left blank, users can set their first name in Account Settings. -**Send generic description with user and channel names**: Push notifications include names of users and channels but no specific details from the message text. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Send full message snippet**: Selecting "Send full message snippet" sends excerpts from messages triggering notifications with specifics and may include confidential information sent in messages. If your Push Notification Service is outside your firewall, it is HIGHLY RECOMMENDED this option only be used with an "https" protocol to encrypt the connection. +Last Name Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the AD/LDAP server used to populate the last name of users in Mattermost. When set, users cannot edit their last name, since it is synchronized with the LDAP server. When left blank, users can set their last name in Account Settings. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PushNotificationContents": "generic"`` with options ``generic_no_channel``, ``generic`` and ``full`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Troubleshooting Push Notifications** +Nickname Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the AD/LDAP server used to populate the nickname of users in Mattermost. When set, users cannot edit their nickname, since it is synchronized with the LDAP server. When left blank, users can set their nickname in Account Settings. -To confirm push notifications are working: ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -1. Go to **System Console > Notifications > Mobile Push > Send Push Notifications** and select **Use TPNS connection to send notifications to iOS and Android apps**. -2. Set **Push Notification Server** to *https://push.mattermost.com* if using Enterprise Edition. If using Team Edition, set the value to *https://push-test.mattermost.com*. -3. To confirm push notifications are working, connect to the `Mattermost iOS App on iTunes `__ or the `Mattermost Android App on Google Play `__ and log in to your team site. -4. Close the app on your device, and close any other connections to your team site. -5. Wait 5 minutes and have another team member send you a direct message, which should trigger a push notification to the Mattermost app on your mobile device. -6. You should receive a push notification on your device alerting you of the direct message. +Position Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the AD/LDAP server used to populate the position field in Mattermost. When set, users cannot edit their position, since it is synchronized with the LDAP server. When left blank, users can set their position in Account Settings. -If you did not receive an alert: ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -1. Set **System Console > General > Logging > File Log Level** to *DEBUG* (make sure to set this back to *INFO* after troubleshooting to save disk space). -2. Repeat the above steps. -3. Go to **System Console > Logs** and copy the log output into a file. -4. For Enterprise Edition customers, `submit a support request with the file attached `__. For Team Edition users, please start a thread in the `Troubleshooting forum `__ for peer-to-peer support. +Email Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The attribute in the AD/LDAP server used to populate the email address field in Mattermost. -________ +Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings chosen by the System Admin. -Integrations --------------------------------- -Settings to configure webhooks, slash commands and external integration services. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Custom Integrations -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable Incoming Webhooks +Username Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Developers building integrations can create webhook URLs for public channels and private channels. Please see our `documentation page `__ to learn about creating webhooks, view samples, and to let the community know about integrations you have built. - -**True**: Incoming webhooks will be allowed. To manage incoming webhooks, go to **Account Settings > Integrations**. The webhook URLs created in Account Settings can be used by external applications to create posts in any public or private channels that you have access to. +The attribute in the AD/LDAP server used to populate the username field in Mattermost. This may be the same as the Login ID Attribute. -**False**: The Integrations > Incoming Webhooks section of Account Settings is hidden and all incoming webhooks are disabled. +This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. -Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. +The **Username Attribute** may be set to the same value used to sign-in to the system, called a **Login ID Attribute**, or it can be mapped to a different value. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIncomingWebhooks": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Outgoing Webhooks +ID Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Developers building integrations can create webhook tokens for public channels. Trigger words are used to fire new message events to external integrations. For security reasons, outgoing webhooks are only available in public channels. Please see our `documentation page `__ to learn about creating webhooks and view samples. - -**True**: Outgoing webhooks will be allowed. To manage outgoing webhooks, go to **Account Settings > Integrations**. +The attribute in the AD/LDAP server used as a unique identifier in Mattermost. It should be an AD/LDAP attribute with a value that does not change. -**False**: The Integrations > Outgoing Webhooks section of Account Settings is hidden and all outgoing webhooks are disabled. +If a user's ID Attribute changes, it will create a new Mattermost account unassociated with their old one. -Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. +If you need to change this field after users have already logged in, use the `mattermost ldap idmigrate `__ CLI tool. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOutgoingWebhooks": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Custom Slash Commands +Login ID Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Slash commands send events to external integrations that send a response back to Mattermost. - -**True**: Allow users to create custom slash commands from **Main Menu** > **Integrations** > **Commands**. +The attribute in the AD/LDAP server used to log in to Mattermost. Normally this attribute is the same as the "Username Attribute" field above. -**False**: Slash Commands are hidden in the **Integrations** user interface. +If your team typically uses domain\username to log in to other services with AD/LDAP, you may enter domain\username in this field to maintain consistency between sites. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCommands": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"LoginIdAttribute": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable OAuth 2.0 Service Provider -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost acts as an OAuth 2.0 service provider allowing Mattermost to authorize API requests from external applications. - -**False**: Mattermost does not function as an OAuth 2.0 service provider. +Login Field Name +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The placeholder text that appears in the login field on the login page. Typically this would be whatever name is used to refer to AD/LDAP credentials in your company, so it is recognizable to your users. Defaults to **AD/LDAP Username**. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"EnableOAuthServiceProvider": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"LoginFieldName": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Restrict managing integrations to Admins +Synchronization Interval (minutes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* - -**True**: When true, webhooks and slash commands can only be created, edited and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin. - -**False**: Any team members can create webhooks, slash commands and OAuth 2.0 applications from **Main Menu** > **Integrations**. - -.. note:: - OAuth 2.0 applications can be authorized by all users if they have the **Client ID** and **Client Secret** for an app setup on the server. +Set how often Mattermost accounts synchronize attributes with AD/LDAP, in minutes. When synchronizing, Mattermost queries AD/LDAP for relevant account information and updates Mattermost accounts based on changes to attributes (first name, last name, and nickname). When accounts are disabled in AD/LDAP users are made inactive in Mattermost, and their active sessions are revoked once Mattermost synchronizes attributes. To synchronize immediately after disabling an account, use the "AD/LDAP Synchronize Now" button. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableOnlyAdminIntegrations": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"SyncIntervalMinutes": 60`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable integrations to override usernames +Maximum Page Size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Webhooks, slash commands, OAuth 2.0 apps, and other integrations such as `Zapier `__, will be allowed to change the username they are posting as. If no username is present, the username for the post is the same as it would be for a setting of **False**. - -**False**: Custom slash commands can only post as the username of the user who used the slash command. OAuth 2.0 apps can only post as the username of the user who set up the integration. For incoming webhooks and outgoing webhooks, the username is "webhook". See http://mattermost.org/webhooks for more details. +The maximum number of users the Mattermost server will request from the AD/LDAP server at one time. Use this setting if your AD/LDAP server limits the number of users that can be requested at once. 0 is unlimited. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostUsernameOverride": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"MaxPageSize": 0`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable integrations to override profile picture icons +Query Timeout (seconds) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Webhooks, slash commands and other integrations, such as `Zapier `__, will be allowed to change the profile picture they post with. - -**False**: Webhooks, slash commands and OAuth 2.0 apps can only post with the profile picture of the account they were set up with. See http://mattermost.org/webhooks for more details. +The timeout value for queries to the AD/LDAP server. Increase this value if you are getting timeout errors caused by a slow AD/LDAP server. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnablePostIconOverride": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"QueryTimeout": 60`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Personal Access Tokens +AD/LDAP Test ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: When true, users can create `personal access tokens `__ for integrations in **Account Settings > Security**. They can be used to authenticate against the API and give full access to the account. +This button can be used to test the connection to the AD/LDAP server. If the test is successful, it shows a confirmation message and if there is a problem with the configuration settings it will show an error message. -To manage who can create personal access tokens or to search users by token ID, go to the **System Console > Users** page. +AD/LDAP Synchronize Now +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This button causes AD/LDAP synchronization to occur as soon as it is pressed. Use it whenever you have made a change in the AD/LDAP server you want to take effect immediately. After using the button, the next AD/LDAP synchronization will occur after the time specified by the Synchronization Interval. -**False**: Personal access tokens are disabled on the server. +You can monitor the status of the synchronization job in the table below this button. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserAccessTokens": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +.. note:: + If synchronization **Status** displays as ``Pending`` and does not complete, make sure that the **Enable Synchronization with AD/LDAP** setting is set to ``true``. -________ +.. figure:: ../images/ldap-sync-table.png + +.. _saml-enterprise: -External Services +SAML ~~~~~~~~~~~~~~~~~~~~~~~~~ -Google API Key +*Available in Enterprise Edition E20* + +.. note:: + In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. + + +Enable Login With SAML ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Mattermost offers the ability to embed YouTube videos from URLs shared by end users. Set this key and add YouTube Data API v3 as a service to your key to enable the display of titles for embedded YouTube video previews. Without the key, YouTube previews will still be created based on hyperlinks appearing in messages or comments but they will not show the video title. If Google detects the number of views is exceedingly high, they may throttle embed access. Should this occur, you can remove the throttle by registering for a Google Developer Key and entering it in this field following these instructions: https://www.youtube.com/watch?v=Im69kzhpR3I. Your Google Developer Key is used in client-side Javascript. +**True**: Mattermost allows login using SAML. Please see `documentation `__ to learn more about configuring SAML for Mattermost. -Using a Google API Key allows Mattermost to detect when a video is no longer available and display the post with a *Video not found* label. +**False**: Login with SAML is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GoogleDeveloperKey": ""`` with string input. | +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Enable Synchronizing SAML Accounts With AD/LDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost periodically synchronizes SAML user attributes, including user deactivation and removal, with AD/LDAP. Enable and configure synchronization settings at **Authentication > AD/LDAP**. See `documentation `__ to learn more. -Plugins (Beta) --------------------------------- -Settings to configure plugins. +**False**: Synchronization of SAML accounts with AD/LDAP is disabled. -Management -~~~~~~~~~~~~~~~~~~~~~~~~~ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableSyncWithLdap": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Plugins +Override SAML Bind Data with AD/LDAP Information ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost overrides the SAML ID attribute with the AD/LDAP ID attribute if configured or overrides the SAML Email attribute with the AD/LDAP Email attribute if SAML ID attribute is not present. See `documentation `__ to learn more. -**True**: Enables plugins on your Mattermost server. Use plugins to integrate with third-party systems, extend functionality or customize the user interface of your Mattermost server. See `documentation `__ to learn more. +**False**: Mattermost uses the email attribute to bind users to SAML. -**False**: Disables plugins on your Mattermost server. +.. note:: + Moving from true to false will prevent the override from happening. To prevent the disabling of user accounts, SAML IDs must match the LDAP IDs when this feature is enabled. This setting should be set to false unless LDAP sync is enabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableSyncWithLdapIncludeAuth": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Upload Plugin +SAML SSO URL ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Upload a plugin for your Mattermost server. See `documentation `__ to learn more. +The URL where Mattermost sends a SAML request to start login sequence. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Plugins": {}`` with string input. | +| This feature's ``config.json`` setting is ``"IdpURL": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Installed Plugins +Identity Provider Issuer URL ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Lists installed plugins on your Mattermost server. Pre-packaged plugins are installed by default, and can be deactivated but not removed. +The issuer URL for the Identity Provider you use for SAML requests. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PluginStates": {}`` with string input. | +| This feature's ``config.json`` setting is ``"IdpDescriptorUrl": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -JIRA (Beta) -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable JIRA +Identity Provider Public Certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: You can configure JIRA webhooks to post message in Mattermost. To help combat phishing attacks, all posts are labelled by a BOT tag. - -**False**: JIRA webhook integration is not enabled. +The public authentication certificate issued by your Identity Provider. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enabled": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"IdpCertificateFile": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -User +Verify Signature ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost verifies that the signature sent from the SAML Response matches the Service Provider Login URL. -Select the username that this integration is attached to. +**False**: Not recommended for production environments. For testing only. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UserName": ""`` with string input | +| This feature's ``config.json`` setting is ``"Verify": true`` with options ``true`` and ``false``. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Secret +Service Provider Login URL ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The secret used to authenticate to Mattermost. Regenerating the secret for the webhook URL endpoint invalidates your existing JIRA integrations. +Enter ``https:///login/sso/saml`` (example: ``https://example.com/login/sso/saml``). Make sure you use HTTP or HTTPS in your URL depending on your server configuration. This field is also known as the Assertion Consumer Service URL. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Secret": ""`` with string input | +| This feature's ``config.json`` setting is ``"AssertionConsumerServiceURL": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Note that to set up a JIRA integration via ``config.json``, you can use the following format in ``"PluginSettings:``: - - .. code-block:: text - - "Plugins": { - "jira": { - "Enabled": true, - "Secret": "k-ZtjoTrmIdPs7eAGjalDEK_3Q8r3gXJ", - "UserName": "jira" - } - } +Enable Encryption +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost will decrypt SAML Assertions encrypted with your Service Provider Public Certificate. -where ``Enabled``, ``Secret`` and ``UserName`` are specified above. +**False**: Not recommended for production environments. For testing only. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Encrypt": true`` with options ``true`` and ``false``. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Service Provider Private Key +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The private key used to decrypt SAML Assertions from the Identity Provider. -________ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PrivateKeyFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Files --------------------------------- -Mattermost currently supports storing files on the local filesystem and Amazon S3 or S3 compatible containers. +Service Provider Public Certificate +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The certificate file used to generate the signature on a SAML request to the Identity Provider for a service provider initiated SAML login, when Mattermost is the Service Provider. -.. note:: - We have tested Mattermost with `Minio `__ and `Digital Ocean Spaces `_ products but not all S3 compatible containers on the market. If you are looking to use other S3 compatible containers we advise completing your own testing. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PublicCertificateFile": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Storage -~~~~~~~~~~~~~~~~~~~~~~~~~ -File Storage System +Email Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The attribute in the SAML Assertion that will be used to populate the email addresses of users in Mattermost. -+-------------------------+---------------------+ -| ``config.json`` setting | ``DriverName`` | -+-------------------------+---------------------+ -| Allowed Values | ``local`` (default) | -| | ``amazons3`` | -+-------------------------+---------------------+ +Email notifications will be sent to this email address, and this email address may be viewable by other Mattermost users depending on privacy settings choosen by the System Admin. -This selects which file storage system is used, Local File System or Amazon S3. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EmailAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Local File System**: Files and images are stored in the specified local file directory. +Username Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The attribute in the SAML Assertion that will be used to populate the username field in Mattermost user interface. This attribute will be used within the Mattermost user interface to identify and mention users. For example, if a Username Attribute is set to **john.smith** a user typing ``@john`` will see ``@john.smith`` in their auto-complete options and posting a message with ``@john.smith`` will send a notification to that user that they've been mentioned. -**Amazon S3**: Files and images are stored on Amazon S3 based on the provided access key, bucket and region fields. The ``amazons3`` driver is compatible with Minio (Beta) and Digital Ocean Spaces based on the provided access key, bucket and region fields. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UsernameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Local Storage Directory +Id Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the SAML Assertion used to bind users from SAML to users in Mattermost. -+-------------------------+--------------------------------------------------------------------------------------+ -| ``config.json`` setting | ``Directory`` | -+-------------------------+--------------------------------------------------------------------------------------+ -| Allowed Values | Any directory writeable by the user Mattermost is running as. Default is ``./data/`` | -+-------------------------+--------------------------------------------------------------------------------------+ - -The local directory to which files are written when the File Storage System is set to ``local``. This is relative to the directory Mattermost is installed to and defaults to ``./data`` When File Storage System is set to S3 this setting has no effect. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IdAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Amazon S3 Bucket +First Name Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The name of the bucket for your S3 compatible object storage instance. - -+-------------------------+---------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Bucket`` | -+-------------------------+---------------------------------------------+ -| Allowed Values | A string with the S3-compatible bucket name | -+-------------------------+---------------------------------------------+ +(Optional) The attribute in the SAML Assertion that will be used to populate the first name of users in Mattermost. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"FirstNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Amazon S3 Region +Last Name Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -AWS region you selected when creating your S3 bucket. If no region is set, Mattermost attempts to get the appropriate region from AWS, or sets it to 'us-east-1' if none found. For Minio or Digital Ocean Spaces leave this setting empty - -+-------------------------+---------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Region`` | -+-------------------------+---------------------------------------------+ -| Allowed Values | A string with the S3-compatible bucket name | -+-------------------------+---------------------------------------------+ +(Optional) The attribute in the SAML Assertion that will be used to populate the last name of users in Mattermost. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LastNameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Amazon S3 Endpoint +Nickname Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Hostname of your S3-compatible instance. Defaults to "s3.amazonaws.com". +(Optional) The attribute in the SAML Assertion that will be used to populate the nickname of users in Mattermost. -.. note:: - For Digital Ocean Spaces, the hostname should be set to ````.digitaloceanspaces.com, where ```` is the abbreviation for the region you chose when setting up the Space. It can be ``nyc3``, ``ams3``, or ``sgp1``. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"NicknameAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+-------------------------+------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Endpoint`` | -+-------------------------+------------------------------------------------------------------+ -| Allowed Values | A string with the hostname of the S3-compatible storage instance | -+-------------------------+------------------------------------------------------------------+ +Position Attribute +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +(Optional) The attribute in the SAML Assertion that will be used to populate the position field for users in Mattermost (typically used to describe a person's job title or role at the company). ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PositionAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Amazon S3 Access Key ID +Preferred Language Attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This is required for access unless you are using an `Amazon S3 IAM Role `__ with Amazon S3. Your EC2 administrator can supply you with the access key ID. +(Optional) The attribute in the SAML Assertion that will be used to populate the language of users in Mattermost. -+-------------------------+---------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3AccessKeyId`` | -+-------------------------+---------------------------------------------------------------------+ -| Allowed Values | A string with the access key for the S3-compatible storage instance | -+-------------------------+---------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LocaleAttribute": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Amazon S3 Secret Access Key +Login Button Text ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The secret access key associated with your Amazon S3 Access Key ID. +(Optional) The text that appears in the login button on the login page. Defaults to ``SAML``. -+-------------------------+----------------------------------------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SecretAccessKey`` | -+-------------------------+----------------------------------------------------------------------------+ -| Allowed Values | A string with the secret access key for the S3-compatible storage instance | -+-------------------------+----------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonText": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Secure Amazon S3 Connections -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Scoping IDP Provider Id +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Allows an authenticated user to skip the initial login page of their federated Azure AD server, and only require a password to log in. -**True**: Enables only secure Amazon S3 Connections. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPProviderId": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Allows insecure connections to Amazon S3. +Scoping IDP Name +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Adds the name associated with a user's Scoping Identity Provider ID. -+-------------------------+--------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SSL`` | -+-------------------------+--------------------------------------------+ -| Allowed Values | ``true`` or ``false``, default is ``true`` | -+-------------------------+--------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ScopingIDPName": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Server-Side Encryption for Amazon S3 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +OAuth 2.0 +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E10 and higher* -*Available in Enterprise Edition E20* +Settings to configure OAuth login for account creation and login. -**True**: Encrypts files in Amazon S3 using server-side encryption with `Amazon S3-managed keys `__. +Select OAuth 2.0 service provider: +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Choose whether OAuth can be used for account creation and login. Options include: -**False**: Doesn't encrypt files in Amazon S3. + - **Do not allow sign-in via an OAuth 2.0 provider** + - **GitLab** (see `GitLab Settings `__ for more detail) + - **Google Apps** (see `Google Settings `__ for more detail) + - **Office 365 (Beta)** (see `Office 365 Settings `__ for more detail) -.. note:: - Server-Side Encryption only works with Amazon S3 +This feature's setting does not appear in ``config.json``. -+-------------------------+---------------------------------------------+ -| ``config.json`` setting | ``AmazonS3SS3`` | -+-------------------------+---------------------------------------------+ -| Allowed Values | ``true`` or ``false``, default is ``false`` | -+-------------------------+---------------------------------------------+ +________ -Enable Amazon S3 Debugging +GitLab +~~~~~~~~~~~~~~~~~~~~~~~~~ +Enable authentication with GitLab ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: When true, log additional debugging information to the system logs. Typically set to `false` in production. +**True**: Allow team creation and account signup using GitLab OAuth. To configure, input the **Secret** and **Id** credentials. -**False**: No Amazon S3 debugging information is included in the system logs. +**False**: GitLab OAuth cannot be used for team creation or account signup. -+-------------------------+---------------------------------------------+ -| ``config.json`` setting | ``AmazonS3Trace`` | -+-------------------------+---------------------------------------------+ -| Allowed Values | ``true`` or ``false``, default is ``false`` | -+-------------------------+---------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Test Connection -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Ensures that the user can access the server and that the settings are valid. +**Note**: For Enterprise, GitLab settigs can be found under **OAuth 2.0** -Allow File Sharing +Application ID ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -When false, disables file sharing on the server. All file and image uploads on messages are forbidden across clients and devices, including mobile. +Obtain this value by logging into your GitLab account. Go to Profile Settings > Applications > New Application, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableFileAttachments": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Allow File Uploads on Mobile +Application Secret Key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E20* - -When false, disables file uploads on mobile apps. All file and image uploads on messages are forbidden across clients and devices, including mobile. +Obtain this value by logging into your GitLab account. Go to Profile Settings > Applications > New Application, enter a Name, then enter Redirect URLs ``https:///login/gitlab/complete`` (example: ``https://example.com:8065/login/gitlab/complete`` and ``https:///signup/gitlab/complete``. -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMobileUpload": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Allow File Downloads on Mobile +User API Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E20* +Enter ``https:///api/v3/user`` (example: ``https://example.com:3000/api/v3/user``). Use HTTP or HTTPS depending on how your server is configured. -When false, disables file downloads on mobile apps. Users can still download files from a mobile web browser. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserApiEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMobileDownload": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ +Auth Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Enter ``https:///oauth/authorize`` (example: ``https://example.com:3000/oauth/authorize``). Use HTTP or HTTPS depending on how your server is configured. -Maximum File Size ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AuthEndpoint": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Token Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Maximum file size for message attachments entered in megabytes in the System Console UI. Converted to bytes in ``config.json`` at 1048576 bytes per megabyte. +Enter ``https:///oauth/token`` (example: ``https://example.com:3000/oauth/token``). Use HTTP or HTTPS depending on how your server is configured. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxFileSize": 52428800`` with whole number input. | +| This feature's ``config.json`` setting is ``"TokenEndpoint": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -.. warning:: Verify server memory can support your setting choice. Large file sizes increase the risk of server crashes and failed uploads due to network disruptions. +Google +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* -Enable Image Proxy -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Enable authentication with Google by selecting ``Google Apps`` from **OAuth 2.0 > Select OAuth 2.0 service provider** -When true, enables an image proxy for loading external images. The image proxy is used by the Mattermost apps to prevent them from connecting directly to remote servers. This anonymizes their connections and prevents them from accessing insecure content. +**True**: Allow team creation and account signup using Google OAuth. To configure, input the **Client ID** and **Client Secret** credentials. See `documentation `__ for more detail. -See the :doc:`documentation ` to learn more. +**False**: Google OAuth cannot be used for team creation or account signup. -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Image Proxy Type +Client ID ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Obtain this value by registering Mattermost as an application in your Google account. -The type of image proxy used by Mattermost. There are two options: ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**local**: The Mattermost server itself acts as the image proxy. This is the default option. +Client Secret +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Obtain this value by registering Mattermost as an application in your Google account. -**atmos/camo**: An external `atmos/camo `_ image proxy is used. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -See the `documentation `_ to learn more. +User API Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +It is recommended to use `https://www.googleapis.com/plus/v1/people/me` as the User API Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. -+-----------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ImageProxyType": "local"``, with options ``local`` and ``atmos/camo`` for above settings respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://www.googleapis.com/plus/v1/people/me"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Remote Image Proxy URL +Auth Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +It is recommended to use `https://accounts.google.com/o/oauth2/v2/auth` as the Auth Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. -The URL of the ``atmos/camo`` proxy. This setting is not needed when using the local image proxy. - -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteImageProxyURL": ""`` with string input. | -+---------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Remote Image Proxy Options +Token Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +It is recommended to use `https://www.googleapis.com/oauth2/v4/token` as the Token Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. -The URL signing key passed to an ``atmos/camo`` image proxy. This setting is not needed when using the local image proxy. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -See the `documentation `_ to learn more. +Office 365 +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* -+---------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RemoteImageProxyOptions": ""`` with string input. | -+---------------------------------------------------------------------------------------------------------------------+ +.. note:: + In line with Microsoft ADFS guidance we recommend `configuring intranet forms-based authentication for devices that do not support WIA `_. -________ -Images -~~~~~~~~~~~~~~~~~~~~~~~~~ -Attachment Thumbnail Width -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* +Enable authentication with Office 365 by selecting ``Office 365 (Beta)`` from **OAuth 2.0 > Select OAuth 2.0 service provider**. -Width of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. +**True**: Allow team creation and account signup using Office 365 OAuth. To configure, input the **Application ID** and **Application Secret Password** credentials. See `Documentation `__ for more detail. + +**False**: Office 365 OAuth cannot be used for team creation or account signup. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ThumbnailWidth": 120`` with whole number input. | +| This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Attachment Thumbnail Height +Application ID ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* - -Height of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ThumbnailHeight": 100`` with whole number input. | +| This feature's ``config.json`` setting is ``"Id": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Image Preview Width +Application Secret Password ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* - -Maximum width of preview image. Updating this value changes how preview images render in future, but does not change images created in the past. +Obtain this value by registering Mattermost as an application in your Microsoft or Office account. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PreviewWidth": 1024`` with whole number input. | +| This feature's ``config.json`` setting is ``"Secret": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Image Preview Height +User API Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* - -Maximum height of preview image ("0": Sets to auto-size). Updating this value changes how preview images render in future, but does not change images created in the past. +It is recommended to use `https://graph.microsoft.com/v1.0/me` as the User API Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PreviewHeight": 0`` with whole number input. | +| This feature's ``config.json`` setting is ``"UserApiEndpoint": "https://graph.microsoft.com/v1.0/me"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Profile Picture Width +Auth Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* - -The width to which profile pictures are resized after being uploaded via Account Settings. +It is recommended to use `https://accounts.google.com/o/oauth2/v2/auth` as the Auth Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ProfileWidth": 128`` with whole number input. | +| This feature's ``config.json`` setting is ``"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Profile Picture Height +Token Endpoint ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in July 16th, 2017 release* - -The height to which profile pictures are resized after being uploaded via Account Settings. +It is recommended to use `https://login.microsoftonline.com/common/oauth2/v2.0/token` as the Token Endpoint. Otherwise, enter a custom endpoint in `config.json` with HTTP or HTTPS depending on how your server is configured. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ProfileHeight": 128`` with whole number input. | +| This feature's ``config.json`` setting is ``"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -Customization +Plugins (Beta) -------------------------------- -Settings to customize your deployment with custom branding and legal and support links. +Settings to configure plugins. -Custom Branding +Plugin Management ~~~~~~~~~~~~~~~~~~~~~~~~~ -Site Name +Enable Plugins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Name of service shown in login screens and UI. Maximum 30 characters. + +**True**: Enables plugins on your Mattermost server. Use plugins to integrate with third-party systems, extend functionality or customize the user interface of your Mattermost server. See `documentation `__ to learn more. + +**False**: Disables plugins on your Mattermost server. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SiteName": "Mattermost"`` with string input. | +| This feature's ``config.json`` setting is ``"Enable": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Custom Branding +Upload Plugin ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*This feature was moved to Team Edition in Mattermost v5.0, released June 16th, 2018. In previous versions, this feature is available in Enterprise Edition E10 and higher.* - -**True**: Enables custom branding to show a JPG image some custom text on the server login page. - -**False**: Custom branding is disabled. +Upload a plugin for your Mattermost server. See `documentation `__ to learn more. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomBrand": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"Plugins": {}`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Custom Brand Image +Installed Plugins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Custom JPG image is displayed on left side of server login page. Recommended maximum image size is less than 2 MB because image will be loaded for every user who logs in. +Lists installed plugins on your Mattermost server. Pre-packaged plugins are installed by default, and can be deactivated but not removed. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This features has no ``config.json`` setting and must be set in the System Console user interface. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PluginStates": {}`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Custom Brand Text -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Autolink +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -Custom text will be shown below custom brand image on left side of server login page. Maximum 500 characters allowed. You can format this text using the same `Markdown formatting codes `__ as using in Mattermost messages. +Custom User Attributes +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomBrandText": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Github +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -Site Description -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Description of service shown in login screens and UI. When not specified, "All team communication in one place, searchable and accessible anywhere" is displayed. +Jira +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"CustomDescriptionText": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Net Promoter Score +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -________ +Welcome Bot +~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -Announcement Banner +Zoom ~~~~~~~~~~~~~~~~~~~~~~~~~ +Configure this plugin directly in the config.json file. Learn more `in our documentation `_. -Enable Announcement Banner -^^^^^^^^^^^^^^^^^^^^^^^^^^ +Integrations +-------------------------------- +Settings to configure webhooks, slash commands and external integration services. -Enable an announcement banner across all teams. The banner is displayed at the top of the screen and is the entire width of the screen. By default, users can dismiss the banner until you either change the text of the banner or until you re-enable the banner after it has been disabled. You can prevent users from dismissing the banner, and you can control the text color and the background color. +Integration Management +~~~~~~~~~~~~~~~~~~~~~~~~~ -**True**: Enable the announcement banner. The banner is displayed only if ``BannerText`` has a value. +Enable Incoming Webhooks +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Developers building integrations can create webhook URLs for public channels and private channels. Please see our `documentation page `__ to learn about creating webhooks, view samples, and to let the community know about integrations you have built. -**False**: Disable the announcement banner. +**True**: Incoming webhooks will be allowed. To manage incoming webhooks, go to **Account Settings > Integrations**. The webhook URLs created in Account Settings can be used by external applications to create posts in any public or private channels that you have access to. -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableBanner": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------+ +**False**: The Integrations > Incoming Webhooks section of Account Settings is hidden and all incoming webhooks are disabled. -Banner Text -^^^^^^^^^^^ +Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. -The text of the announcement banner. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableIncomingWebhooks": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"BannerText": ""`` with string input. | -+------------------------------------------------------------------------------------+ +Enable Outgoing Webhooks +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Developers building integrations can create webhook tokens for public channels. Trigger words are used to fire new message events to external integrations. For security reasons, outgoing webhooks are only available in public channels. Please see our `documentation page `__ to learn about creating webhooks and view samples. -Banner Color -^^^^^^^^^^^^ +**True**: Outgoing webhooks will be allowed. To manage outgoing webhooks, go to **Account Settings > Integrations**. -The background color of the announcement banner. +**False**: The Integrations > Outgoing Webhooks section of Account Settings is hidden and all outgoing webhooks are disabled. -+---------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``""BannerColor": "#f2a93b"`` with string input. | -+---------------------------------------------------------------------------------------------+ +Security note: By enabling this feature, users may be able to perform `phishing attacks `__ by attempting to impersonate other users. To combat these attacks, a BOT tag appears next to all posts from a webhook. Enable at your own risk. -Banner Text Color -^^^^^^^^^^^^^^^^^ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableOutgoingWebhooks": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -The color of the text in the announcement banner. +Enable Custom Slash Commands +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Slash commands send events to external integrations that send a response back to Mattermost. -+-------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``""BannerTextColor": "#333333"`` with string input. | -+-------------------------------------------------------------------------------------------------+ +**True**: Allow users to create custom slash commands from **Main Menu** > **Integrations** > **Commands**. -Allow Banner Dismissal -^^^^^^^^^^^^^^^^^^^^^^ +**False**: Slash Commands are hidden in the **Integrations** user interface. -**True**: Users can dismiss the banner until the next time they log in or the banner is updated. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableCommands": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: The banner is permanently visible until it is turned off by the System Admin. +Enable OAuth 2.0 Service Provider +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost acts as an OAuth 2.0 service provider allowing Mattermost to authorize API requests from external applications. -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``""AllowBannerDismissal": true`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------+ +**False**: Mattermost does not function as an OAuth 2.0 service provider. -________ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"EnableOAuthServiceProvider": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Emoji -~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable Emoji Picker -^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Enables an emoji picker that allows users to select emoji to add as reactions or use in messages. Enabling the emoji picker with a large number of custom emoji may slow down performance. +Restrict managing integrations to Admins +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* -**False**: Emoji picker is disabled. +**True**: When true, webhooks and slash commands can only be created, edited and viewed by Team and System Admins, and OAuth 2.0 applications by System Admins. Integrations are available to all users after they have been created by the Admin. + +**False**: Any team members can create webhooks, slash commands and OAuth 2.0 applications from **Main Menu** > **Integrations**. + +.. note:: + OAuth 2.0 applications can be authorized by all users if they have the **Client ID** and **Client Secret** for an app setup on the server. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomEmoji": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableOnlyAdminIntegrations": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Custom Emoji -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Enables a Custom Emoji option in the Main Menu, where users can go to create customized emoji. +Enable integrations to override usernames +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Webhooks, slash commands, OAuth 2.0 apps, and other integrations such as `Zapier `__, will be allowed to change the username they are posting as. If no username is present, the username for the post is the same as it would be for a setting of **False**. -**False**: Custom emojis are disabled. +**False**: Custom slash commands can only post as the username of the user who used the slash command. OAuth 2.0 apps can only post as the username of the user who set up the integration. For incoming webhooks and outgoing webhooks, the username is "webhook". See http://mattermost.org/webhooks for more details. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableCustomEmoji": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnablePostUsernameOverride": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Restrict Custom Emoji Creation -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*This permission has been migrated to the database and changing the config.json value no longer takes effect after upgrading to v4.9, released on April 16th, 2018. This permission can be modified using the System Console user interface.* +Enable integrations to override profile picture icons +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Webhooks, slash commands and other integrations, such as `Zapier `__, will be allowed to change the profile picture they post with. -*Available in Enterprise Edition E10 and higher* +**False**: Webhooks, slash commands and OAuth 2.0 apps can only post with the profile picture of the account they were set up with. See http://mattermost.org/webhooks for more details. -**Allow everyone to create custom emoji**: Allows everyone to create custom emoji from the **Main Menu** > **Custom Emoji**. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnablePostIconOverride": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**Allow System and Team Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System or Team Admins. +Enable Bot Account Creation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: When true, users can create bot accounts for integrations in **Integrations > Bot Accounts**. Bot accounts are similar to user accounts except they cannot be used to log in. See `documentation `_ to learn more. -**Only allow System Admins to create custom emoji**: The Custom Emoji option is hidden from the Main Menu for users who are not System Admins. +**False**: Bot accounts cannot be created through the user interface or the RESTful API. Plugins can still create and manage bot accounts. -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RestrictCustomEmojiCreation": "all"`` with options ``all``, ``admin`` and ``system_admin`` for above settings respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableBotAccountCreation": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Enable Personal Access Tokens +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: When true, users can create `personal access tokens `__ for integrations in **Account Settings > Security**. They can be used to authenticate against the API and give full access to the account. + +To manage who can create personal access tokens or to search users by token ID, go to the **System Console > Users** page. +**False**: Personal access tokens are disabled on the server. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserAccessTokens": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ GIF (Beta) ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -2629,163 +2827,70 @@ The API secret generated by Gfycat for your API key. When blank, uses the defaul | This feature's ``config.json`` setting is ``"GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof"`` with string input. | +---------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -Posts +CORS ~~~~~~~~~~~~~~~~~~~~~~~~~ -Enable Link Previews -^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Enables users to display a preview of website content below the message, if available. When true, website previews can be enabled from Account Settings > Display > Website Link Previews. -**False**: Website link previews are disabled. +Enable cross-origin requests from +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Enable HTTP cross-origin requests from specific domains separated by spaces. Type ``*`` to allow CORS from any domain or leave it blank to disable it. +.. note:: + Please make sure you have entered your Site URL before enabling this setting to prevent losing access to the System Console after saving. If you experience lost access to the System Console after changing this setting, you can set your `Site URL `__ through the ``config.json`` file. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableLinkPreviews": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"AllowCorsFrom": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Custom URL Schemes -^^^^^^^^^^^^^^^^^^^^^^^^^ -A list of URL schemes that are used for autolinking in message text. ``http``, ``https``, ``ftp``, ``tel`` and ``mailto`` always create links. +CORS Exposed Headers +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Whitelist of headers that will be accessible to the requester. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"CustomUrlSchemes": []`` which takes an array of URL schemes such as ``["git", "smtp"]`. | +| This feature's ``config.json`` setting is ``"CorsExposedHeaders": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -.. _legal-support-links: -Legal and Support -~~~~~~~~~~~~~~~~~~~~~~~~~ -Legal and Support links will be hidden in the user interface if these fields are left blank. - -Terms of Service link +CORS Allow Credentials ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to Terms of Service your organization may provide to end users. By default, links to a Terms of Service page hosted on about.mattermost.com. If changing the link to a different Terms of Service, make sure to include the "Mattermost Conditions of Use" notice to end users that must also be shown to users from the "Terms of Service" link. +**True**: Requests that pass validation will include the ``Access-Control-Allow-Credentials`` header. + +**False**: Requests won't include the ``Access-Control-Allow-Credentials`` header. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TermsOfServiceLink": "https://about.mattermost.com/default-terms/"`` with string input. | +| This feature's ``config.json`` setting is ``"CorsAllowCredentials": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Privacy Policy link +CORS Debug ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to Privacy Policy your organization may provide to end users. By default, links to a Privacy Policy page hosted on about.mattermost.com. +**True**: Prints messages to the logs to help when developing an integration that uses CORS. These messages will include the structured key value pair ``"source":"cors"``. + +**False**: Debug messages not printed to the logs. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/"`` with string input. | +| This feature's ``config.json`` setting is ``"CorsDebug": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -About link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to an About page describing your organization may provide to end users. By default, links to an About page hosted on about.mattermost.com. +Compliance +-------------------------------- -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AboutLink": "https://about.mattermost.com/default-about/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Data Retention Policy +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* -Help link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to a Help page your organization may provide to end users. By default, links to Mattermost help documentation hosted on `docs.mattermost.com `__ . +Changes to properties in this section will require a server restart before taking effect. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"HelpLink": "https://about.mattermost.com/default-help/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +.. warning:: Once a message or a file is deleted, the action is irreversible. Please be careful when setting up a custom data retention policy. -Report a Problem link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the link for the support website. +Message Retention +^^^^^^^^^^^^^^^^^^ +Set how long Mattermost keeps messages in channels and direct messages. -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/"`` with string input. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +If **Keep messages for a set amount of time** is chosen, set how many days messages are kept in Mattermost. Messages, including file attachments older than the duration you set will be deleted nightly. The minimum time is one day. -Support Email -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set an email for feedback or support requests. ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableMessageDeletion": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -So you don't miss messages, please make sure to change this value to an email your system administrator receives, example: `support@yourcompany.com`. This address is displayed on email notifications and during the Getting Started tutorial for end users to ask support questions. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SupportEmail":"feedback@mattermost.com"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Custom Terms of Service -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20*. - -Enable Custom Terms of Service -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - - This page can only be modified using the System Console user interface. - -**True**: When true, new users must accept the terms of service before accessing any Mattermost teams on desktop, web or mobile. Existing users must accept them after login or a page refresh. To update terms of service link displayed in account creation and login pages, go to **System Console > Legal and Support > Terms of Service Link**. - -**False**: During account creation or login, users can review terms of service by accessing the link configured via **System Console > Legal and Support > Terms of Service link**. - -Custom Terms of Service Text -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Text that will appear in your custom Terms of Service. Supports Markdown-formatted text. - -Re-Acceptance Period -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The number of days before Terms of Service acceptance expires, and the terms must be re-accepted. - -Defaults to 365 days. 0 indicates the terms do not expire. - -________ - -Mattermost App Links -~~~~~~~~~~~~~~~~~~~~~~~~~ - -Mattermost Apps Download Page Link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to a download page for Mattermost Apps. When a link is present, an option to "Download Apps" will be added in the Main Menu so users can find the download page. Leave this field blank to hide the option from the Main Menu. Defaults to a page on about.mattermost.com where users can download the iOS, Android, and Desktop clients. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to a customized download page where users can find the correct apps. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AppDownloadLink": "https://about.mattermost.com/downloads/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Android App Download Link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to download the Android app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/"`` with string input. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -iOS App Download Link -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Configurable link to download the iOS app. When a link is present, users who access the site on a mobile web browser will be prompted with a page giving them the option to download the app. Leave this field blank to prevent the page from appearing. If you are using an `Enterprise App Store `__ for your mobile apps, change this link to point to the correct app. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/"`` with string input. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -________ - -Compliance --------------------------------- - -Data Retention Policy -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* - -Changing properties in this section will require a server restart before taking effect. - -.. warning:: Once a message or a file is deleted, the action is irreversible. Please be careful when setting up a custom data retention policy. - -Message Retention -^^^^^^^^^^^^^^^^^^ -Set how long Mattermost keeps messages in channels and direct messages. - -If **Keep messages for a set amount of time** is chosen, set how many days messages are kept in Mattermost. Messages, including file attachments older than the duration you set will be deleted nightly. The minimum time is one day. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableMessageDeletion": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -and +and +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"MessageRetentionDays": 365`` with whole number input. | @@ -2893,448 +2998,473 @@ This button initiates a Compliance Export job immediately. You can monitor the status of the job in the compliance export job table below this button. -Advanced --------------------------------- -Advanced settings to configure rate limiting, databases and developer options. - -Rate Limiting +Compliance Monitoring ~~~~~~~~~~~~~~~~~~~~~~~~~ -Changing properties in this section will require a server restart before taking effect. +*Available in Enterprise Edition E20* -Enable Rate Limiting +Settings used to enable and configure Mattermost compliance reports. + +Enable Compliance Reporting ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: APIs are throttled at the rate specified by **PerSec**. +**True**: Compliance reporting is enabled in Mattermost. -**False**: APIs are not throttled. +**False**: Compliance reporting is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Maximum Queries per Second +Compliance Report Directory ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Throttle API at this number of requests per second if rate limiting is enabled. +Sets the directory where compliance reports are written. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"PerSec": 10`` with whole number input. | +| This feature's ``config.json`` setting is ``"Directory": "./data/"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Maximum Burst Size +Enable Daily Report ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Mattermost generates a daily compliance report. -Maximum number of requests allowed beyond the per second query limit. +**False**: Daily reports are not generated. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxBurst": 100`` with whole number input. | +| This feature's ``config.json`` setting is ``"EnableDaily": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Memory Store Size -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Maximum number of user sessions connected to the system as determined by **VaryByRemoteAddr** and **VaryByHeader** variables. - -Typically set to the number of users in the system. +Custom Terms of Service (Beta) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MemoryStoreSize": 10000`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Custom Terms of Service +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20*. -Vary rate limit by remote address +Enable Custom Terms of Service ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Rate limit API access by IP address. Recommended to set to ``true`` if you're using a proxy. -**False**: Rate limiting does not vary by IP address. +.. note:: -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByRemoteAddr": true`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + This page can only be modified using the System Console user interface. -Vary rate limit by HTTP header -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Vary rate limiting by HTTP header field specified (e.g. when configuring Ngnix set to "X-Real-IP", when configuring AmazonELB set to "X-Forwarded-For"). Recommended to be set if you're using a proxy. +**True**: When true, new users must accept the terms of service before accessing any Mattermost teams on desktop, web or mobile. Existing users must accept them after login or a page refresh. To update terms of service link displayed in account creation and login pages, go to **System Console > Legal and Support > Terms of Service Link**. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByHeader": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: During account creation or login, users can review terms of service by accessing the link configured via **System Console > Legal and Support > Terms of Service link**. -Vary rate limit by user +Custom Terms of Service Text ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Rate limit API access by user authentication token. Recommended to set to ``true`` if you're using a proxy. +Text that will appear in your custom Terms of Service. Supports Markdown-formatted text. -**False**: Rate limiting does not vary by user authentication token. +Re-Acceptance Period +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The number of days before Terms of Service acceptance expires, and the terms must be re-accepted. -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"VaryByUser": false`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Defaults to 365 days. 0 indicates the terms do not expire. +Experimental +------------- +There are a number of settings considered "experimental" that are configurable from the System Console. These may be replaced or removed in a future release. -Database +Features ~~~~~~~~~~~~~~~~~~~~~~~~~ -Changing properties in this section will require a server restart before taking effect. -Driver Name -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting can only be changed from config.json file, it cannot be changed from the System Console user interface. +AD/LDAP Settings +^^^^^^^^^^^^^^^^^^^^^^^^^^^ -``mysql``: enables driver to MySQL database. +AD/LDAP Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the AD/LDAP login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -``postgres``: enables driver to PostgreSQL database. ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DriverName": "mysql"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +AD/LDAP Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the AD/LDAP login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -Data Source -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This is the connection string to the master database. When **DriverName** is set to ``postgres``, use a connection string in the form ``postgres://mmuser:password@localhost:5432/mattermost_test?sslmode=disable&connect_timeout=10``. This setting can only be changed from ``config.json`` file. ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -.. note:: - To enable SSL, add ``&tls=true`` to your database connection string if your SQL driver supports it. Add ``&tls=skip-verify`` if you use self-signed certificates. +AD/LDAP Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the AD/LDAP login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DataSource": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -Maximum Idle Connections +Allow Authentication Transfer (Experimental) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Maximum number of idle connections held open to the database. +*Available in Enterprise Edition E10 and higher* + +**True**: Users can change their sign-in method to any that is enabled on the server, either via Account Settings or the APIs. + +**False**: Users cannot change their sign-in method, regardless of which authentication options are enabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxIdleConns": 10`` with whole number input. | +| This feature’s ``config.json`` setting is ``"ExperimentalEnableAuthenticationTransfer": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Maximum Open Connections +Autoclose Direct Messages in Sidebar (Experimental) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Maximum number of open connections held open to the database. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MaxOpenConns": 10`` with whole number input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**True**: By default, direct message conversations with no activity for 7 days will be hidden from the sidebar. This can be disabled in **Account Settings** > **Sidebar**. -SQL Query Timeout -^^^^^^^^^^^^^^^^^ -The number of seconds to wait for a response from the database after opening a connection and sending the query. Errors that you see in the UI or in the logs as a result of a query timeout can vary depending on the type of query. +**False**: Conversations remain in the sidebar until they are manually closed. -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"QueryTimeout": 30`` with whole number input. | -+-------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"CloseUnusedDirectMessages": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Maximum Connection Lifetime -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Maximum lifetime for a connection to the database, in milliseconds. Use this setting to configure the maximum amount of time a connection to the database may be reused. Defaults to an hour (3,600,000 milliseconds). +Link Metadata Timeout +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnMaxLifetimeMilliseconds": 3600000`` with whole number input. | -+-------------------------------------------------------------------------------------------------------------------------+ +Adds a configurable timeout for requests made to return link metadata. If the metadata is not returned before this timeout expires, the message will post without requiring metadata. This timeout covers the failure cases of broken URLs and bad content types on slow network connections. -Minimum Hashtag Length -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Minimum number of characters in a hashtag. This must be greater than or equal to 2. MySQL databases must be configured to support searching strings shorter than three characters, see `documentation `_. ++---------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LinkMetadataTimeoutMilliseconds": 5000`` with whole number input | ++---------------------------------------------------------------------------------------------------------------------------------+ -+-------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"MinimumHashtagLength": 3`` with whole number input. | -+-------------------------------------------------------------------------------------------------------------------------+ +Email Settings +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Email Batching Buffer Size +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the maximum number of notifications batched into a single email. -At Rest Encrypt Key -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -A 32-character key for encrypting and decrypting sensitive fields in the database. You can generate your own cryptographically random alphanumeric string, or you can go to **System Console > Advanced > Database** and click **Regenerate**, which displays the value until you click **Save**. ++--------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``EmailBatchingBufferSize": 256`` with whole number input | ++--------------------------------------------------------------------------------------------------------------------------+ -When using High Availability, the salt must be identical in each instance of Mattermost. +Email Batching Interval +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the maximum frequency, in seconds, which the batching job checks for new notifications. Longer batching intervals will increase performance. -The following fields are encrypted using this key ++-----------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``EmailBatchingInterval": 30`` with whole number input | ++-----------------------------------------------------------------------------------------------------------------------+ -- ``SqlSettings.DriverName`` -- ``SqlSettings.DataSource`` -- ``SqlSettings.MaxIdleConns`` -- ``SqlSettings.MaxOpenConns`` -- ``SqlSettings.Trace`` -- ``SqlSettings.QueryTimeout`` -- ``SqlSettings.ConnMaxLifetimeMilliseconds`` +Skip Server Certificate Verification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AtRestEncryptKey": ""`` with string input. | -+------------------------------------------------------------------------------------------+ +**True**: Do not validate SMTP servers when connecting to them. -Trace -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Executing SQL statements are written to the log for development. +**False**: Validate SMTP servers when connecting to them. -**False**: SQL statements are not written to the log. ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``true`` and ``false``. | ++-------------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Trace": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Email Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the email login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -Recycle Database Connections -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E20* ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -This button reconnects to the database listed in the configuration settings. All old connections are closed after 20s. +Email Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the email login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -The workflow for failover without downing the server is to change the database line in the config.json file, click **Reload Configuration from Disk** in the General > Configuration section then click **Recycle Database Connections**. ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -________ +Email Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the email login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -Elasticsearch -~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -Changing properties in this section will require a server restart before taking effect. +Enable Account Deactivation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Ability for users to deactivate their own account from **Account Settings > Advanced**. If a user deactivates their own account, they will get an email notification confirming they were deactivated. -Enable Elasticsearch Indexing -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True:** indexing of new posts occurs automatically. Search queries will use database search until "Enable Elasticsearch for search queries" is enabled. `Learn more about Elasticsearch in our documentation `__. +**False**: Ability for users to deactivate their own account is disabled. -**False:** Elasticsearch indexing is disabled and new posts are not indexed. If indexing is disabled and re-enabled after an index is created, it is recommended to purge and rebuild the index to ensure complete search results. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserDeactivation": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableIndexing": false`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Enable Automatic Replies (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Server Connection Address -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The address of the Elasticsearch server. `Learn more about Elasticsearch in our documentation `__. +**True**: Users can enable Automatic Replies in **Account Settings > Notifications**. Users set a custom message that will be automatically sent in response to Direct Messages. -+------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ConnectionUrl": ""`` with string input. | -+------------------------------------------------------------------------------------------------------------------------+ +**False**: Disables the Automatic Direct Message Replies feature and hides it from Account Settings. -Server Username -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The username to authenticate to the Elasticsearch server. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalEnableAutomaticReplies": false`` with options ``true`` and ``false`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Username": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------+ +Enable Channel Viewed WebSocket Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This setting determines whether channel_viewed WebSocket events are sent, which synchronize unread notifications across clients and devices. Disabling the setting in larger deployments may improve server performance. -Server Password -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -(Optional) The password to authenticate to the Elasticsearch server. ++------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableChannelViewedMessages": true`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------------+ -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Password": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------+ +Enable Client-Side Certification +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E20* -Enable Cluster Sniffing -^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Sniffing finds and connects to all data nodes in your cluster automatically. +**True**: Enables client-side certification for your Mattermost server. See `documentation `__ to learn more. -**False**: Sniffing is disabled. +**False**: Client-side certification is disabled. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Sniff": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"ClientSideCertEnable": false`` with options ``true`` and ``false`` for the above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Bulk Indexing -^^^^^^^^^^^^^^^^^^^^^^^^ -This button starts a bulk index of all existing posts in the database. If the indexing process is cancelled the index and search results will be incomplete. +Client-Side Certification Login Method +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E20* -Purge Indexes -^^^^^^^^^^^^^^^^^^^^^^^^ -This button purges the entire Elasticsearch index. Typically only used if the index has corrupted and search is not behaving as expected. After purging the index a new index can be created with the **Bulk Index** button. +Used in combination with the ``ClientSideCertEnable`` setting. -Enable Elasticsearch for search queries -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Elasticsearch will be used for all search queries using the latest index. Search results may be incomplete until a bulk index of the existing post database is finished. +**Primary**: After the client side certificate is verified, user's email is retrieved from the certificate and is used to log in without a password. -**False**: Database search is used for search queries. +**Secondary**: After the client side certificate is verified, user's email is retrieved from the certificate and matched against the one supplied by the user. If they match, the user logs in with regular email/password credentials. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableSearching": false`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"ClientSideCertCheck": secondary`` with options ``primary`` and ``secondary`` for the above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ +Enable Default Channel Leave/Join System Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This setting determines whether team leave/join system messages are posted in the default ``town-square`` channel. +**True**: Enables leave/join system messages in the default ``town-square`` channel. -Developer -~~~~~~~~~~~~~~~~~~~~~~~~~ +**False**: Disables leave/join messages from the default ``town-square`` channel. These system messages won't be added to the database either. -Enable Testing Commands ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalEnableDefaultChannelLeaveJoinMessages": true`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Hardened Mode (Experimental) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: `/test` slash command is enabled to load test accounts and test data. -**False**: `/test` slash command is disabled. +**True**: Enables a hardened mode for Mattermost that makes user experience trade-offs in the interest of security. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableTesting": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Disables hardened mode. -Enable Developer Mode +Changes made when hardened mode is enabled: + + - Failed login returns a generic error message instead of a specific message for username and password. + - If `multi-factor authentication (MFA) `__ is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. + - Password reset does not inform the user that they can not reset their SSO account through Mattermost and instead claims to have sent the password reset email. + - Mattermost sanitizes all 500 errors before returned to the client. Use the supplied ``request_id`` to match user facing errors with the server logs. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalEnableHardenedMode": false`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable AD/LDAP Group Sync (Experimental) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Javascript errors are shown in a purple bar at the top of the user interface. Not recommended for use in production. +*Available in Enterprise Edition E20 and higher* -**False**: Users are not alerted to Javascript errors. +**True**: Enables AD/LDAP Group Sync configurable under **Access Controls > Groups**. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableDeveloper": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Disables AD/LDAP Group Sync and removes the **Access Controls > Groups** from the System Console. -Allow untrusted internal connections to +For more information on AD/LDAP Group Sync, please see the `AD/LDAP Group Sync documentation `_. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalLdapGroupSync": false`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable Preview Features (Experimental) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting limits the ability for the Mattermost server to make untrusted requests within its local network. A request is considered "untrusted" when it's made on behalf of a client. The following features make untrusted requests and are affected by this setting: -- Integrations using webhooks, slash commands or message actions. This prevents them from requesting endpoints within the local network. -- Link previews. When a link to a local network address is posted in a chat message, this prevents a link preview from being displayed. -- The `local image proxy `_. If the local image proxy is enabled, images located on the local network cannot be used by integrations or posted in chat messages. +**True**: Preview features can be enabled from **Account Settings** > **Advanced** > **Preview pre-release features**. -Requests that can only be configured by admins are considered trusted and will not be affected by this setting. Trusted URLs include ones used for OAuth login or for sending push notifications. +**False**: Disables and hides preview features from **Account Settings** > **Advanced** > **Preview pre-release features**. -.. warning:: - This setting is intended to prevent users located outside your local network from using the Mattermost server to request confidential data from inside your network. Care should be used when configuring this setting to prevent unintended access to your local network. ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"EnablePreviewFeatures": true`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Some examples of when you may want to modify this setting include: +Enable Theme Selection +^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* -- When installing a plugin that includes its own images, such as `Matterpoll `__, you will need to add the Mattermost server's domain name to this list. -- When running a bot or webhook-based integration on your local network, you will need to add the hostname of the bot/integration to this list. -- If your network is configured in such a way that publicly accessible webpages or images are accessed by the Mattermost server using their internal IP address, the hostnames for those servers must be added to this list. +**True:** Enables the **Display** > **Theme** tab in Account Settings so users can select their theme. -This setting is a whitelist of local network addresses that can be requested by the Mattermost server. It is configured as a whitespace separated list of hostnames, IP addresses and CIDR ranges that can be accessed such as ``webhooks.internal.example.com 127.0.0.1 10.0.16.0/28``. Since v5.9 the public IP of the Mattermost application server itself is also considered a reserved IP. +**False:** Users cannot select a different theme. The **Display** > **Theme** tab is hidden in Account Settings. -IP address and domain name rules are applied before host resolution. CIDR rules are applied after host resolution. For example, if the domain "webhooks.internal.example.com" resolves to the IP address 10.0.16.20, a webhook with the URL "https://webhooks.internal.example.com/webhook" can be whitelisted using ``webhooks.internal.example.com`` or ``10.0.16.16/28``, but not ``10.0.16.20``. ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableThemeSelection": true`` with options ``true`` and ``false``. | ++-----------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowedUntrustedInternalConnections": ""`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________________________________________________________________________________________________________________________________________________________________________ +Allow Custom Themes +^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* -.. _high-availability: +**True:** Enables the **Display** > **Theme** > **Custom Theme** section in Account Settings. -High Availability -~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* +**False:** Users cannot use a custom theme. The **Display** > **Theme** > **Custom Theme** section is hidden in Account Settings. -Changing properties in this section will require a server restart before taking effect. ++--------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowCustomThemes": true`` with options ``true`` and ``false``. | ++--------------------------------------------------------------------------------------------------------------+ -When High Availability mode is enabled, the System Console is set to read-only and settings can only be changed by editing the configuration file directly. However, for testing and validating a High Availability setup, you can set *ReadOnlyConfig* to ``false``, which allows changes made in the System Console to be saved back to the configuration file. +Default Theme +^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* -To learn more about configuring High Availability, see `High Availability Cluster <../deployment/cluster.html>`__. +Set a default theme that applies to all new users on the system. -Enable High Availability Mode -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: The Mattermost Server will attempt inter-node communication with the other servers in the cluster that have the same Cluster Name. This sets the System Console to read-only mode to keep the servers ``config.json`` files in sync. ++-----------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DefaultTheme": "default"`` with options ``default``, ``organization``, ``mattermostDark`` and ``windows10``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Mattermost high availability is disabled. +Enable Tutorial (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+-----------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------+ +**True**: Users are prompted with a tutorial when they open Mattermost for the first time after account creation. -Cluster Name -^^^^^^^^^^^^ -The cluster to join by name. Only nodes with the same cluster name will join together. This is to support Blue-Green deployments or staging pointing to the same database. +**False**: The tutorial is disabled. Users are placed in Town Square when they open Mattermost for the first time after account creation. -+------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClusterName": ""`` with string input. | -+------------------------------------------------------------------------------------+ ++--------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"EnableTutorial": true`` with options ``true`` and ``false`` for above settings respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------+ -Override Hostname -^^^^^^^^^^^^^^^^^ -If blank, Mattermost attempts to get the Hostname from the OS or use the IP Address. You can override the hostname of this server with this property. It is not recommended to override the Hostname unless needed. This property can also be set to a specific IP Address if needed. Also see `cluster discovery `_ for more details. +Enable User Typing Messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This setting determines whether "user is typing..." messages are displayed below the message box. Disabling the setting in larger deployments may improve server performance. -+-----------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"OverrideHostname": ""`` with string input. | -+-----------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableUserTypingMessages": "true"`` with string input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Use IP Address -^^^^^^^^^^^^^^ -**True**: The cluster attempts to communicate using the IP Address. +Time Between User Typing Updates (User Typing Timeout) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This setting defines how frequently "user is typing..." messages are updated, measured in milliseconds. -**False**: The cluster attempts to communicate using the hostname. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"TimeBetweenUserTypingUpdatesMilliseconds": 5000`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+---------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseIpAddress": true`` with options ``true`` and ``false``. | -+---------------------------------------------------------------------------------------------------------+ +Enable X to Leave Channels from Left-Hand Sidebar (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Users can leave Public and Private Channels by clicking the "x" beside the channel name. -Use Experimental Gossip -^^^^^^^^^^^^^^^^^^^^^^^ -**True**: The server attempts to communicate via the gossip protocol over the gossip port. +**False**: Users must use the **Leave Channel** option from the channel menu to leave channels. -**False**: The server attempts to communicate over the streaming port. ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"EnableXToLeaveChannelsFromLHS": false`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Note that the gossip port and gossip protocol are used to determine cluster health even when this setting is ``false``. +Primary Team (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The primary team of which users on the server are members. When a primary team is set, the options to join other teams or leave the primary team are disabled. -+-------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseExperimentalGossip": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------+ +If the team URL of the primary team is https://example.mattermost.com/myteam/, then set the value to ``myteam`` in ``config.json``. -Read Only Config -^^^^^^^^^^^^^^^^ -**True**: Changes made to settings in the System Console are ignored. ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalPrimaryTeam": ""`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ -**False**: Changes made to settings in the System Console are written to ``config.json``. +SAML Settings +^^^^^^^^^^^^^^^^^^^^^^^^^^^ -When running in production it is recommended to set this to true. +SAML Login Button Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the SAML login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -+-----------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ReadOnlyConfig": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -Gossip Port -^^^^^^^^^^^ -The port used for the gossip protocol. Both UDP and TCP should be allowed on this port. +SAML Login Button Border Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -+-------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"GossipPort": 8074`` with whole number input. | -+-------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -Streaming Port -^^^^^^^^^^^^^^ -The port used for streaming data between servers. +SAML Login Button Text Color +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Specify the color of the SAML login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. -+----------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"StreamingPort": 8075`` with whole number input. | -+----------------------------------------------------------------------------------------------+ ++-------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | ++-------------------------------------------------------------------------------------------------------------------------------+ -Inter-Node Listen Address +Sidebar Organization (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables channel sidebar organization options in **Account Settings** > **Sidebar** > **Channel grouping and sorting** including options for grouping unread channels, sorting channels by most recent post and combining all channel types into a single list. + +**False**: Hides the channel sidebar organization options in **Account Settings** > **Sidebar** > **Channel grouping and sorting**. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalChannelOrganization": false`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Timezone ^^^^^^^^^^^^^^^^^^^^^^^^^ -*Deprecated. Not used in version 4.0 and later* +Select the timezone used for timestamps in the user interface and email notifications. -The address the Mattermost Server will listen on for inter-node communication. When setting up your network you should secure the listen address so that only machines in the cluster have access to that port. This can be done in different ways, for example, using IPsec, security groups, or routing tables. +**True** The Timezone setting is visible in the Account Settings and a time zone is automatically assigned in the next active session. -+-----------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"InterNodeListenAddress": ":8075"`` with string input. | -+-----------------------------------------------------------------------------------------------------+ +**False** The Timezone setting is hidden in the Account Settings. -Inter-Node URLs -^^^^^^^^^^^^^^^ -*Deprecated. Not used in version 4.0 and later* ++------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalTimezone": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------------+ -A list of all the machines in the cluster, separated by commas, for example, ``["http://10.10.10.2", "http://10.10.10.4"]``. It is recommended to use the internal IP addresses so all the traffic can be secured. +Town Square is Hidden in Left-Hand Sidebar (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* -+--------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"InterNodeUrls": []`` with string input. | -+--------------------------------------------------------------------------------------+ +**True**: Hides Town Square in the left-hand sidebar if there are no unread messages in the channel. -________________________________________________________________________________________________________________________________________________________________________ +**False**: Town Square is always visible in the left-hand sidebar even if all messages have been read. -Performance Monitoring -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalHideTownSquareinLHS": false`` with options ``true`` and ``false`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Enable Performance Monitoring -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Mattermost enables performance monitoring collection and profiling. Please see `documentation `__ to learn more about configuring performance monitoring for Mattermost. +Town Square is Read-Only (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* -**False**: Mattermost performance monitoring is disabled. +**True**: Only System Admins can post in Town Square. Other members are not able to post, reply, upload files, emoji react or pin messages to Town Square, nor are they able to change the channel name, header or purpose. -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"Enable": false`` with options ``true`` and ``false`` for above settings respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Anyone can post in Town Square. ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalTownSquareIsReadOnly": false`` with options ``true`` and ``false`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Listen Address -^^^^^^^^^^^^^^^^^^ -The address the Mattermost server will listen on to expose performance metrics. +Use Channel Name in Email Notifications (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: Channel and team name appears in email notification subject lines. Useful for servers using only one team. -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"InterNodeListenAddress": ":8067"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**False**: Only team name appears in email notification subject line. ------- ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"UseChannelInEmailNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Settings configurable only in config.json ------------------------------------------ +User Status Away Timeout +^^^^^^^^^^^^^^^^^^^^^^^^^ + +This setting defines the number of seconds after which the user's status indicator changes to "Away", when they are away from Mattermost. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"UserStatusAwayTimeout": 300`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Settings configurable only in config.json +------------------------------------------- There are a number of settings customizable in ``config.json`` unavailable in the System Console and require updating from the file itself. @@ -3369,6 +3499,19 @@ This setting only takes effect if you are using the built-in server binary direc | This feature's ``config.json`` setting is ``"TLSMinVer": "1.2"`` with string input. | +-------------------------------------------------------------------------------------+ +Trusted Proxy IP Header +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Specified headers that will be checked one by one for IP addresses (order is important). All other headers are ignored. + +New configs after v5.12 will have this set by default to ``[]``, meaning that no header will be trusted. Configs prior to v5.12 without the config entry will have it set to ``X-Forwarded-By``, ``X-Real-Ip`` to maintain backwards compatibility as an authority to what the client's IP address is. + +We recommend keeping the default setting when Mattermost is running without a proxy, to avoid the client sending the headers and bypassing rate limiting and/or the audit log. For environments that use a reverse proxy this problem does not exist, if the headers are set by NGINX itself. In those environments only explicitly whitelist the header that is set by the reverse proxy and no additional values. + ++---------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``TrustedProxyIPHeader`` with string array input. | ++---------------------------------------------------------------------------------------------------+ + Enable Strict Transport Security (HSTS) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -3441,22 +3584,6 @@ If this setting is enabled, users can search messages. Disabling search can resu | This feature's ``config.json`` setting is ``"EnablePostSearch": true`` with options ``true`` and ``false``. | +-------------------------------------------------------------------------------------------------------------+ -Enable User Typing Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting determines whether "user is typing..." messages are displayed below the message box. Disabling the setting in larger deployments may improve server performance. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableUserTypingMessages": "true"`` with string input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Time Between User Typing Updates -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting defines how frequently "user is typing..." messages are updated, measured in milliseconds. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"TimeBetweenUserTypingUpdatesMilliseconds": 5000`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - Enable User Status Updates ^^^^^^^^^^^^^^^^^^^^^^^^^^ Turn status updates off to improve performance. When status updates are off, users appear online only for brief periods when posting a message, and only to members of the channel in which the message is posted. @@ -3465,14 +3592,6 @@ Turn status updates off to improve performance. When status updates are off, use | This feature's ``config.json`` setting is ``"EnableUserStatuses": true`` with options ``true`` and ``false``. | +---------------------------------------------------------------------------------------------------------------+ -Enable Channel Viewed WebSocket Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting determines whether channel_viewed WebSocket events are sent, which synchronize unread notifications across clients and devices. Disabling the setting in larger deployments may improve server performance. - -+------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableChannelViewedMessages": true`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------------+ - Segment Write Key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -3489,6 +3608,8 @@ WebSocket Secure Port (Optional) This setting defines the port on which the secured WebSocket will listen using the `wss` protocol. Otherwise it defaults to `443`. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. +Changes to this setting require a server restart before taking effect. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"WebsocketSecurePort" : 443`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -3498,6 +3619,8 @@ WebSocket Port (Optional) This setting defines the port on which the unsecured WebSocket will listen using the `ws` protocol. Otherwise it defaults to `80`. When the client attempts to make a WebSocket connection it first checks to see if the page is loaded with HTTPS. If so, it will use the secure WebSocket connection. If not, it will use the unsecure WebSocket connection. IT IS HIGHLY RECOMMENDED PRODUCTION DEPLOYMENTS ONLY OPERATE UNDER HTTPS AND WSS. +Changes to this setting require a server restart before taking effect. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature’s ``config.json`` setting is ``WebsocketPort": 80`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -3513,6 +3636,17 @@ Enable API Team Deletion | This feature’s ``config.json`` setting is ``"EnableAPITeamDeletion": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Disable Bots When Owner Is Deactivated +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Bot accounts managed by a user are disabled by default upon user deactivation. Those with permissions to manage bot accounts can re-enable them in **Main Menu > Integrations > Bot Accounts**. + +**False**: Bot accounts managed by a user stay enabled upon user deactivation. We strongly recommend creating new tokens for the bot to ensure the user who was deactivated no longer has access to read or write data in the system via the bot access token. + ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"DisableBotsWhenOwnerIsDeactivated": true`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + SQL Settings ~~~~~~~~~~~~ @@ -3551,7 +3685,9 @@ The queries above rebuild the materialized `PublicChannels` table without modify Read Replicas (Enterprise Edition) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specifies the connection strings for the read replica databases. Each string must be in the same form as used for the `Data Source`_ setting. A server restart is required for changes to this setting to take effect. +Specifies the connection strings for the read replica databases. Each string must be in the same form as used for the `Data Source`_ setting. + +Changes to this setting require a server restart before taking effect. +---------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"DataSourceReplicas": []`` with a comma-separated list of database connection strings as input. | @@ -3559,26 +3695,14 @@ Specifies the connection strings for the read replica databases. Each string mus Search Replicas (Enterprise Edition) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specifies the connection strings for the search replica databases. A search replica is similar to a read replica, but is used only for handling search queries. Each string must be in the same form as used for the `Data Source`_ setting. A server restart is required for changes to this setting to take effect. +Specifies the connection strings for the search replica databases. A search replica is similar to a read replica, but is used only for handling search queries. Each string must be in the same form as used for the `Data Source`_ setting. + +Changes to this setting require a server restart before taking effect. +---------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"DataSourceSearchReplicas": []`` with a comma-separated list of database connection strings as input. | +---------------------------------------------------------------------------------------------------------------------------------------------------+ -Team Settings -~~~~~~~~~~~~~~~~~~~~~~~~~ - -User Status Away Timeout -^^^^^^^^^^^^^^^^^^^^^^^^^ - -This setting defines the number of seconds after which the user's status indicator changes to "Away", when they are away from Mattermost. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"UserStatusAwayTimeout": 300`` with whole number input. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -________ - File Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ Initial Font @@ -3608,88 +3732,33 @@ Amazon S3 Location Constraint *Removed in November 16th, 2016 release* +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3LocationConstraint": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Lowercase Bucket -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: S3 bucket names are fully lowercase. - -**False**: S3 bucket names may contain uppercase and lowercase letters. - -*Removed in November 16th, 2016 release* - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3LowercaseBucket": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Amazon S3 Signature V2 -^^^^^^^^^^^^^^^^^^^^^^ - -By default, Mattermost uses Signature V4 to sign API calls to AWS, but under some circumstances, V2 is required. For more information about when to use V2, see http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html - -**True**: Use Signature Version 2 Signing Process - -**False**: Use Signature Version 4 Signing Process - -+------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AmazonS3SignV2": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------+ - -Email Settings -~~~~~~~~~~~~~~~~~~~~~~~~~ -Email Batching Buffer Size -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the maximum number of notifications batched into a single email. - -+--------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EmailBatchingBufferSize": 256`` with whole number input | -+--------------------------------------------------------------------------------------------------------------------------+ - -Email Batching Interval -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the maximum frequency, in seconds, which the batching job checks for new notifications. Longer batching intervals will increase performance. - -+-----------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``EmailBatchingInterval": 30`` with whole number input | -+-----------------------------------------------------------------------------------------------------------------------+ - -Skip Server Certificate Verification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -**True**: Do not validate SMTP servers when connecting to them. +| This feature's ``config.json`` setting is ``"AmazonS3LocationConstraint": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Validate SMTP servers when connecting to them. +Amazon S3 Lowercase Bucket +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**True**: S3 bucket names are fully lowercase. -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SkipServerCertificateVerification": false`` with options ``true`` and ``false``. | -+-------------------------------------------------------------------------------------------------------------------------------+ +**False**: S3 bucket names may contain uppercase and lowercase letters. -Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the email login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. +*Removed in November 16th, 2016 release* -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3LowercaseBucket": false`` with options ``true`` and ``false`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the email login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. +Amazon S3 Signature V2 +^^^^^^^^^^^^^^^^^^^^^^ -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ +By default, Mattermost uses Signature V4 to sign API calls to AWS, but under some circumstances, V2 is required. For more information about when to use V2, see http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html -Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the email login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. +**True**: Use Signature Version 2 Signing Process -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ +**False**: Use Signature Version 4 Signing Process -________ ++------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AmazonS3SignV2": false`` with options ``true`` and ``false``. | ++------------------------------------------------------------------------------------------------------------+ GitLab Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -3701,8 +3770,6 @@ Standard setting for OAuth to determine the scope of information shared with OAu | This feature's ``config.json`` setting is ``"Scope": ""`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - Google Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ Scope @@ -3713,8 +3780,6 @@ Standard setting for OAuth to determine the scope of information shared with OAu | This feature's ``config.json`` setting is ``"Scope": "profile email"`` with string input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - Office 365 Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ Scope @@ -3725,66 +3790,6 @@ Standard setting for OAuth to determine the scope of information shared with OAu | This feature's ``config.json`` setting is ``"Scope": "User.Read"`` with string input | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - -AD/LDAP Settings -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the AD/LDAP login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the AD/LDAP login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the AD/LDAP login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -________ - -SAML Settings -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Login Button Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the SAML login button for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Login Button Border Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the SAML login button border for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonBorderColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -Login Button Text Color -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Specify the color of the SAML login button text for white labeling purposes. Use a hex code with a #-sign before the code. This setting only applies to the mobile apps. - -+-------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LoginButtonTextColor": ""`` with string input. | -+-------------------------------------------------------------------------------------------------------------------------------+ - -________ - Cluster Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ Maximum Idle Connections @@ -3811,8 +3816,6 @@ The number of milliseconds to leave an idle connection open between servers in t | This feature's ``config.json`` setting is ``"IdleConnTimeoutMilliseconds": 90000`` with whole number input. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -________ - Metrics Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ Block Profile Rate @@ -3823,35 +3826,185 @@ The profiler aims to sample an average of one blocking event per rate nanosecond To include every blocking event in the profile, set the rate to 1. To turn off profiling entirely, set the rate to 0. +Changes to this setting require a server restart before taking effect. + +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"BlockProfileRate": "0"`` with decimal and whole number input between 0 and 1. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Experimental Settings -~~~~~~~~~~~~~~~~~~~~~~~~~ -*Available in Enterprise Edition E20* +Experimental Settings only in config.json +----------------------------------------- -Enable Client-Side Certification -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Enables client-side certification for your Mattermost server. See `documentation `__ to learn more. +Service Settings +~~~~~~~~~~~~~~~~~ +Group Unread Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in December 16, 2018 release and replaced by a new ExperimentalChannelOrganization setting* -**False**: Client-side certification is disabled. +**Disabled**: Unread channels section is disabled for all users. + +**Default On**: Enables the unread channels sidebar section by default. Users can turn it off in **Account Settings** > **Sidebar**. + +**Default Off**: Disables the unread channels sidebar section by default. Users can turn it on in **Account Settings** > **Sidebar**. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalGroupUnreadChannels": "disabled"`` with options ``disabled``, ``default_on`` and ``default_off`` for above settings respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Strict CSRF Token Enforcement (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Enables CSRF protection tokens for additional hardening compared to the currently used custom header. When the user logs in, an additional cookie is created with the CSRF token contained. + +**False**: Disables CSRF protection tokens. + ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalStrictCSRFEnforcement": false`` with options ``true`` and ``false`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Limit Access to Config Settings Prior to Login +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in December 16, 2018 release* + +Enable this setting to limit the number of config settings sent to users prior to login. + +Supported for Mattermost server v5.1.0 and later, and Mattermost Mobile apps v1.10.0 and later. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"ExperimentalLimitClientConfig": "false"`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Disable Legacy MFA API Endpoint +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Disables the legacy ``checkMfa`` endpoint, which is only required for Mattermost Mobile Apps on version 1.16 or earlier when using multi-factor authentication (MFA). Recommended to set to ``true`` for additional security hardening. + +**False**: Keeps the legacy ``checkMfa`` endpoint enabled to support mobile versions 1.16 and earlier. Keeping the endpoint enabld creates an information disclosure about whether a user has set up MFA. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"DisableLegacyMFA": true,`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Restrict System Admin (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Restricts the System Admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the System Admin role to users but restricting certain actions only for Cloud Administrators. + +**False**: No restrictions are applied to the System Admin role. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature’s ``config.json`` setting is ``"RestrictSystemAdmin": false,`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Team Settings +~~~~~~~~~~~~~~ + +Default Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Default channels every user is added to automatically after joining a new team. Only applies to public channels, but affects all teams on the server. + +When not set, every user is added to ``off-topic`` and ``town-square`` channel by default. + +Note that even if ``town-square`` is not listed, every user is added to that channel after joining a new team. + ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ExperimentalDefaultChannels": ""`` which takes an array of channel names such as ``["announcement", "developers"]``. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Allow Users to View Archived Channels (Experimental) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**True**: Allows users to view permalinks and search for content of channels that have been archived. Users can only view the content in channels of which they were a member before the channel was archived. + +**False**: Users are unable to view permalinks and search for content of channels that have been archived. + ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ViewArchivedChannels": false`` with options ``true`` and ``false`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Email Settings +~~~~~~~~~~~~~~ + +Client Requirement Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Latest Android Version +^^^^^^^^^^^^^^^^^^^^^^^^^ +The latest version of the Android React Native app that is recommended for use. + ++-----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++-----------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum Android Version +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The minimum version of the Android React Native app that is required to be used. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AndroidMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +Latest Desktop Version +^^^^^^^^^^^^^^^^^^^^^^^^^^ +The latest version of the desktop app that is recommended for use. + ++-------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DesktopLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++-------------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum Destop Version +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The minimum version of the desktop app that is required to be used. + ++----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"DesktopMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++----------------------------------------------------------------------------------------------------------------------------------------+ + +Latest iOS Version +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The latest version of the iOS app that is recommended for use. + ++---------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++---------------------------------------------------------------------------------------------------------------------------------------+ + +Minimum iOS Version +^^^^^^^^^^^^^^^^^^^^^ +The minimum version of the iOS React Native app that is required to be used. + ++------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"IosMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | ++------------------------------------------------------------------------------------------------------------------------------------+ + +Theme Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Allowed Themes +^^^^^^^^^^^^^^^^^^^^^^^^^ +*Available in Enterprise Edition E10 and higher* + +Select the themes that can be chosen by users when ``"EnableThemeSelection"`` is set to ``true``. + ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowedThemes": "default"`` with options ``default``, ``organization``, ``mattermostDark`` and ``windows10`` optionally separated by commas. For example, ``["mattermostDark", "windows10"]`` | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClientSideCertEnable": false`` with options ``true`` and ``false`` for the above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Display Settings (Experimental) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Client-Side Certification Login Method -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Used in combination with the ``ClientSideCertEnable`` setting. +Supported Timezones Path +^^^^^^^^^^^^^^^^^^^^^^^^^^ +Set the path of the JSON file that lists supported timezones when ``ExperimentalTimezone`` is set to true. -**Primary**: After the client side certificate is verified, user's email is retrieved from the certificate and is used to log in without a password. +The file must be in the same directory as your ``config.json`` file if you set a relative path. Defaults to ``timezones.json``. -**Secondary**: After the client side certificate is verified, user's email is retrieved from the certificate and matched against the one supplied by the user. If they match, the user logs in with regular email/password credentials. ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"SupportedTimezonesPath": "timezones.json"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ClientSideCertCheck": secondary`` with options ``primary`` and ``secondary`` for the above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Experimental Settings +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Available in Enterprise Edition E20* Disable Post Metadata ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -3864,15 +4017,6 @@ Disable Post Metadata | This feature's ``config.json`` setting is ``"DisablePostMetadata": false`` with options ``true`` and ``false`` for the above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Link Metadata Timeout -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Adds a configurable timeout for requests made to return link metadata. If the metadata is not returned before this timeout expires, the message will post without requiring metadata. This timeout covers the failure cases of broken URLs and bad content types on slow network connections. - -+---------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"LinkMetadataTimeoutMilliseconds": 5000`` with whole number input | -+---------------------------------------------------------------------------------------------------------------------------------+ - Analytics Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ *Available in Enterprise Edition E10 and higher* @@ -3948,14 +4092,12 @@ Timeout in seconds for Elasticseaerch calls. Bulk Indexing Time Window ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting servers as a performance optimisation for installs with over ~10 millioin posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. +Determines the maximum time window for a batch of posts being indexed by the Bulk Indexer. This setting servers as a performance optimisation for installs with over ~10 million posts in the database. Approximate this value based on the average number of seconds for 2,000 posts to be added to the database on a typical day in production. Setting this value too low will cause Bulk Indexing jobs to run slowly. +-----------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"BulkIndexingTimeWindowSeconds": 3600`` with whole number input | +-----------------------------------------------------------------------------------------------------------------+ -________ - Message Export Settings ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -3971,7 +4113,7 @@ File Location ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Set the file location of the compliance exports. -By default, they are written to the `exports` subdirectory of the configured `Local Storage directory `. +By default, they are written to the `exports` subdirectory of the configured `Local Storage directory `_. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | This feature's ``config.json`` setting is ``"FileLocation": "export"`` with string input. | @@ -3999,429 +4141,325 @@ Enable Plugin Uploads | This feature's ``config.json`` setting is ``"EnableUploads": false`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Directory -^^^^^^^^^^ -The location of the plugin files. If blank, they are stored in the ./plugins directory. The path that you set must exist and Mattermost must have write permissions in it. - -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ - ------- - -Experimental settings ------------------------------------------ - -There are a number of settings considered "experimental" and these may be replaced or removed in a future release. - -Service Settings -~~~~~~~~~~~~~~~~~ - -Enable Tutorial (Experimental) +Enable Plugin Health Check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Users are prompted with a tutorial when they open Mattermost for the first time after account creation. - -**False**: The tutorial is disabled. Users are placed in Town Square when they open Mattermost for the first time after account creation. - -+--------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"EnableTutorial": true`` with options ``true`` and ``false`` for above settings respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------+ - -Enable Default Channel Leave/Join System Messages -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This setting determines whether team leave/join system messages are posted in the default ``town-square`` channel. - -**True**: Enables leave/join system messages in the default ``town-square`` channel. - -**False**: Disables leave/join messages from the default ``town-square`` channel. These system messages won't be added to the database either. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalEnableDefaultChannelLeaveJoinMessages": true`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Allow Authentication Transfer (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* +**True**: Enables plugin health check to ensure all plugins are periodically monitored, and restarted or deactivated based on their health status. -**True**: Users can change their sign-in method to any that is enabled on the server, either via Account Settings or the APIs. +The health check runs every 30 seconds. If the plugin is detected to fail 3 times within an hour, the Mattermost server attempts to restart it. If the restart fails 3 successive times, it is automatically disabled. -**False**: Users cannot change their sign-in method, regardless of which authentication options are enabled. +**False**: Disables plugin health check on your Mattermost server. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalEnableAuthenticationTransfer": true`` with options ``true`` and ``false`` for above settings respectively. | +| This feature's ``config.json`` setting is ``"EnableHealthCheck": true`` with options ``true`` and ``false`` for above settings respectively. | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Autoclose Direct Messages in Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Directory +^^^^^^^^^^ +The location of the plugin files. If blank, they are stored in the ./plugins directory. The path that you set must exist and Mattermost must have write permissions in it. -**True**: By default, direct message conversations with no activity for 7 days will be hidden from the sidebar. This can be disabled in **Account Settings** > **Sidebar**. ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ -**False**: Conversations remain in the sidebar until they are manually closed. +Client Directory +^^^^^^^^^^^^^^^^^^ +The location of client plugin files. If blank, they are stored in the ./client/plugins directory. The path that you set must exist and Mattermost must have write permissions in it. -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"CloseUnusedDirectMessages": false`` with options ``true`` and ``false`` for above settings respectively. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"Directory": "./client/plugins"`` with string input. | ++-----------------------------------------------------------------------------------------------------------------+ -Enable Preview Features (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Jobs +~~~~~~~~~~~~~~~~~~~~~~~~~ -**True**: Preview features can be enabled from **Account Settings** > **Advanced** > **Preview pre-release features**. +Settings to configure the how Mattermost schedules and completes periodic tasks such as the deletion of old posts with Data Retention enabled or indexing of posts with Elasticsearch. These settings control which Mattermost servers are designated as a Scheduler, a server that queues the tasks at the correct times, and as a Worker, a server that completes the given tasks. -**False**: Disables and hides preview features from **Account Settings** > **Advanced** > **Preview pre-release features**. +When running Mattermost on a single machine, both ``RunJobs`` and ``RunScheduler`` should be enabled. Without both of these enabled, Mattermost will not function properly. -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"EnablePreviewFeatures": true`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +When running Mattermost in High Availability mode, ``RunJobs`` should be enabled on one or more servers while ``RunScheduler`` should be enabled on all servers under normal circumstances. A High Availability cluster will have one Scheduler and one or more Workers. See the below sections for more information. -Sidebar Organization (Experimental) +Run Jobs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Set whether or not this Mattermost server will handle tasks created by the Scheduler. -**True**: Enables channel sidebar organization options in **Account Settings** > **Sidebar** > **Channel grouping and sorting** including options for grouping unread channels, sorting channels by most recent post and combining all channel types into a single list. +When running Mattermost on a single machine, this setting should always be enabled. -**False**: Hides the channel sidebar organization options in **Account Settings** > **Sidebar** > **Channel grouping and sorting**. +When running Mattermost in High Availablity mode, one or more servers should have this setting enabled. It is recommended that a High Availability cluster has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalChannelOrganization": false`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------+ -Group Unread Channels (Experimental) +Run Scheduler ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in December 16, 2018 release and replaced by a new ExperimentalChannelOrganization setting* - -**Disabled**: Unread channels section is disabled for all users. - -**Default On**: Enables the unread channels sidebar section by default. Users can turn it off in **Account Settings** > **Sidebar**. - -**Default Off**: Disables the unread channels sidebar section by default. Users can turn it on in **Account Settings** > **Sidebar**. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalGroupUnreadChannels": "disabled"`` with options ``disabled``, ``default_on`` and ``default_off`` for above settings respectively. | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. -Enable Hardened Mode (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +When running Mattermost on a single machine, this setting should always be enabled. -**True**: Enables a hardened mode for Mattermost that makes user experience trade-offs in the interest of security. +When running Mattermost in High Availablity mode, this setting should always be enabled. In a High Availability cluster, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See `High Availability documentation `__ for more details. -**False**: Disables hardened mode. ++-----------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RunScheduler": true`` with options ``true`` and ``false`` for above settings respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------+ -Changes made when hardened mode is enabled: +Deprecated Configuration Settings +----------------------------------- - - Failed login returns a generic error message instead of a specific message for username and password. - - If `multi-factor authentication (MFA) `__ is enabled, the route to check if a user has MFA enabled always returns true. This causes the MFA input screen to appear even if the user does not have MFA enabled. The user may enter any value to pass the screen. Note that hardened mode does not affect user experience when MFA is enforced. - - Password reset does not inform the user that they can not reset their SSO account through Mattermost and instead claims to have sent the password reset email. - - Mattermost sanitizes all 500 errors before returned to the client. Use the supplied ``request_id`` to match user facing errors with the server logs. +Policy +~~~~~~~~~~~~~~~~~~~~~~~~~ +*Removed in June 16, 2018 release* -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalEnableHardenedMode": false`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Permission policy settings are available in Enterprise Edition E10 and E20. In v5.0 and later, these settings are found in the `Advanced Permissions `__ page instead of configuration settings. -Enable AD/LDAP Group Sync (Experimental) +Enable sending team invites from ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E20 and higher* - -**True**: Enables AD/LDAP Group Sync configurable under **Access Controls > Groups**. - -**False**: Disables AD/LDAP Group Sync and removes the **Access Controls > Groups** from the System Console. -For more information on AD/LDAP Group Sync, please see the `AD/LDAP Group Sync documentation `_. +*Removed in June 16, 2018 release* -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalLdapGroupSync": false`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Set policy on who can invite others to a team using the **Send Email Invite**, **Get Team Invite Link**, and **Add Members to Team** options on the main menu. If **Get Team Invite Link** is used to share a link, you can expire the invite code from **Team Settings > Invite Code** after the desired users have joined the team. Options include: -Strict CSRF Token Enforcement (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**All team members**: Allows any team member to invite others using an email invitation, team invite link or by adding members to the team directly. -**True**: Enables CSRF protection tokens for additional hardening compared to the currently used custom header. When the user logs in, an additional cookie is created with the CSRF token contained. +**Team and System Admins**: Hides the email invitation, team invite link, and the add members to team buttons in the Main Menu from users who are not Team Admins or System Admins. -**False**: Disables CSRF protection tokens. +**System Admins**: Hides the email invitation, team invite link, and add members to team buttons in the Main Menu from users who are not System Admins. -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalStrictCSRFEnforcement": false`` with options ``true`` and ``false`` for above settings respectively. | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictTeamInvite": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Limit Access to Config Settings Prior to Login +Enable public channel creation for ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Removed in December 16, 2018 release* - -Enable this setting to limit the number of config settings sent to users prior to login. - -Supported for Mattermost server v5.1.0 and later, and Mattermost Mobile apps v1.10.0 and later. -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"ExperimentalLimitClientConfig": "false"`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +*Removed in June 16, 2018 release* -Disable Legacy MFA API Endpoint -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Restrict the permission level required to create public channels. -**True**: Disables the legacy ``checkMfa`` endpoint, which is only required for Mattermost Mobile Apps on version 1.16 or earlier when using multi-factor authentication (MFA). Recommended to set to ``true`` for additional security hardening. +**All team members**: Allow all team members to create public channels. -**False**: Keeps the legacy ``checkMfa`` endpoint enabled to support mobile versions 1.16 and earlier. Keeping the endpoint enabld creates an information disclosure about whether a user has set up MFA. +**Team Admins and System Admins**: Restrict creating public channels to Team Admins and System Admins. -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"DisableLegacyMFA": true,`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**System Admins**: Restrict creating public channels to System Admins. -Restrict System Admin (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelCreation": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**True**: Restricts the System Admin from viewing and modifying a subset of server configuration settings from the System Console. Not recommended for use in on-prem installations. This is intended to support Mattermost Private Cloud in giving the System Admin role to users but restricting certain actions only for Cloud Administrators. +Enable public channel renaming for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**False**: No restrictions are applied to the System Admin role. +*Removed in June 16, 2018 release* -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature’s ``config.json`` setting is ``"RestrictSystemAdmin": false,`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Restrict the permission level required to rename and set the header or purpose for public channels. -Team Settings -~~~~~~~~~~~~~~ +**All channel members**: Allow all channel members to rename public channels. -Primary Team (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The primary team of which users on the server are members. When a primary team is set, the options to join other teams or leave the primary team are disabled. +**Channel Admins, Team Admins, and System Admins**: Restrict renaming public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. -If the team URL of the primary team is https://example.mattermost.com/myteam/, then set the value to ``myteam`` in ``config.json``. +**Team Admins and System Admins**: Restrict renaming public channels to Team Admins and System Admins who are members of the channel. -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalPrimaryTeam": ""`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ +**System Admins**: Restrict renaming public channels to System Admins who are members of the channel. -Default Channels (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Default channels every user is added to automatically after joining a new team. Only applies to public channels, but affects all teams on the server. ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelManagement": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -When not set, every user is added to ``off-topic`` and ``town-square`` channel by default. +Enable public channel deletion for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Note that even if ``town-square`` is not listed, every user is added to that channel after joining a new team. +*Removed in June 16, 2018 release* -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalDefaultChannels": ""`` which takes an array of channel names such as ``["announcement", "developers"]``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +Restrict the permission level required to delete public channels. Deleted channels can be recovered from the database using a `command line tool `__. -Enable X to Leave Channels from Left-Hand Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Users can leave Public and Private Channels by clicking the "x" beside the channel name. +**All channel members**: Allow all channel members to delete public channels. -**False**: Users must use the **Leave Channel** option from the channel menu to leave channels. +**Channel Admins, Team Admins, and System Admins**: Restrict deleting public channels to Channel Admins, Team Admins, and System Admins who are members of the channel. -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableXToLeaveChannelsFromLHS": false`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**Team Admins and System Admins**: Restrict deleting public channels to Team Admins and System Admins who are members of the channel. -Town Square is Read-Only (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* +**System Admins**: Restrict deleting public channels to System Admins who are members of the channel. -**True**: Only System Admins can post in Town Square. Other members are not able to post, reply, upload files, emoji react or pin messages to Town Square, nor are they able to change the channel name, header or purpose. ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPublicChannelDeletion": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | ++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -**False**: Anyone can post in Town Square. +Enable private channel creation for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalTownSquareIsReadOnly": false`` with options ``true`` and ``false`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +*Removed in June 16, 2018 release* -Town Square is Hidden in Left-Hand Sidebar (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* +Restrict the permission level required to create private channels. -**True**: Hides Town Square in the left-hand sidebar if there are no unread messages in the channel. +**All team members**: Allow all team members to create private channels. -**False**: Town Square is always visible in the left-hand sidebar even if all messages have been read. +**Team Admins and System Admins**: Restrict creating private channels to Team Admins and System Admins. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalHideTownSquareinLHS": false`` with options ``true`` and ``false`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**System Admins**: Restrict creating private channels to System Admins. -Allow Users to View Archived Channels (Experimental) ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelCreation": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +Enable private channel renaming for ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Allows users to view permalinks and search for content of channels that have been archived. Users can only view the content in channels of which they were a member before the channel was archived. +*Removed in June 16, 2018 release* -**False**: Users are unable to view permalinks and search for content of channels that have been archived. +Restrict the permission level required to rename and set the header or purpose for private channels. -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ViewArchivedChannels": false`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------+ +**All channel members**: Allow all channel members to rename private channels. -Enable Automatic Replies (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +**Channel Admins, Team Admins, and System Admins**: Restrict renaming private channels to Channel Admins, Team Admins, and System Admins who are members of the private channel. -**True**: Users can enable Automatic Replies in Account Settings > Notifications. Users set a custom message that will be automatically sent in response to Direct Messages. +**Team Admins and System Admins**: Restrict renaming private channels to Team Admins and System Admins who are members of the private channel. -**False**: Disables the Automatic Direct Message Replies feature and hides it from Account Settings. +**System Admins**: Restrict renaming private channels to System Admins who are members of the private channel. -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalEnableAutomaticReplies": false`` with options ``true`` and ``false`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManagement": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Email Settings -~~~~~~~~~~~~~~ +Enable managing of private channel members for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Use Channel Name in Email Notifications (Experimental) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**True**: Channel and team name appears in email notification subject lines. Useful for servers using only one team. +*Removed in June 16, 2018 release* -**False**: Only team name appears in email notification subject line. +Set policy on who can add and remove members from private channels. -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"UseChannelInEmailNotifications": false`` with options ``true`` and ``false`` for above settings respectively. | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +**All team members**: Allow all team members to add and remove members. -Client Requirement Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +**Team Admins, Channel Admins, and System Admins**: Allow only Team Admins, Channel Admins, and System Admins to add and remove members. -Latest Android Version -^^^^^^^^^^^^^^^^^^^^^^^^^ -The latest version of the Android React Native app that is recommended for use. +**Team Admins, and System Admins**: Allow only Team Admins and System Admins to add and remove members. -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+-----------------------------------------------------------------------------------------------------------------------------------------+ +**System Admins**: Allow only System Admins to add and remove members. -Minimum Android Version -^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The minimum version of the Android React Native app that is required to be used. ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelManageMembers": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | ++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AndroidMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+----------------------------------------------------------------------------------------------------------------------------------------+ +Enable private channel deletion for +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Latest Desktop Version -^^^^^^^^^^^^^^^^^^^^^^^^^^ -The latest version of the desktop app that is recommended for use. +*Removed in June 16, 2018 release* -+-------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DesktopLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+-------------------------------------------------------------------------------------------------------------------------------------------+ +Restrict the permission level required to delete private channels. Deleted channels can be recovered from the database using a `command line tool `__. -Minimum Destop Version -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The minimum version of the desktop app that is required to be used. +**All channel members**: Allow all channel members to delete private channels. -+----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DesktopMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+----------------------------------------------------------------------------------------------------------------------------------------+ +**Channel Admins, Team Admins, and System Admins**: Restrict deleting private channels to Channel Admins, Team Admins, and System Admins who are members of the private channel. -Latest iOS Version -^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The latest version of the iOS app that is recommended for use. +**Team Admins and System Admins**: Restrict deleting private channels to Team Admins and System Admins who are members of the private channel. -+---------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosLatestVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+---------------------------------------------------------------------------------------------------------------------------------------+ +**System Admins**: Restrict deleting private channels to System Admins who are members of the private channel. -Minimum iOS Version -^^^^^^^^^^^^^^^^^^^^^ -The minimum version of the iOS React Native app that is required to be used. ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPrivateChannelDeletion": "all"`` with options ``all``, ``channel_admin``, ``team_admin``, and ``system_admin`` for above settings respectively. | ++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"IosMinVersion": ""`` with whole number and decimal input. For example, `1.2.0` | -+------------------------------------------------------------------------------------------------------------------------------------+ +Allow which users to delete messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Theme Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +*Removed in June 16, 2018 release* -Enable Theme Selection -^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* +Restrict the permission level required to delete messages. Team Admins, Channel Admins, and System Admins can delete messages only in channels where they are members. Messages can be deleted anytime. -**True:** Enables the **Display** > **Theme** tab in Account Settings so users can select their theme. +**Message authors can delete their own messages, and Administrators can delete any message**: Allow authors to delete their own messages, and allow Team Admins, Channel Admins, and System Admins to delete any message. -**False:** Users cannot select a different theme. The **Display** > **Theme** tab is hidden in Account Settings. +**Team Admins and System Admins**: Allow only Team Admins and System Admins to delete messages. -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"EnableThemeSelection": true`` with options ``true`` and ``false``. | -+-----------------------------------------------------------------------------------------------------------------+ +**System Admins**: Allow only System Admins to delete messages. -Default Theme -^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"RestrictPostDelete": "all"`` with options ``all``, ``team_admin`` and ``system_admin`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Set a default theme that applies to all new users on the system. +Allow users to edit their messages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"DefaultTheme": "default"`` with options ``default``, ``organization``, ``mattermostDark`` and ``windows10``. | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------+ +*Removed in June 16, 2018 release* -Allow Custom Themes -^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* +Set the time limit that users have to edit their messages after posting. -**True:** Enables the **Display** > **Theme** > **Custom Theme** section in Account Settings. +**Any time**: Allow users to edit their messages at any time after posting. -**False:** Users cannot use a custom theme. The **Display** > **Theme** > **Custom Theme** section is hidden in Account Settings. +**Never**: Do not allow users to edit their messages. -+--------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowCustomThemes": true`` with options ``true`` and ``false``. | -+--------------------------------------------------------------------------------------------------------------+ +**{n} seconds after posting**: Users can edit their messages within the specified time limit after posting. The time limit is applied using the config.json setting ``"PostEditTimeLimit"`` described below. -Allowed Themes -^^^^^^^^^^^^^^^^^^^^^^^^^ -*Available in Enterprise Edition E10 and higher* ++------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"AllowEditPost": "always"`` with options ``always``, ``never``, and ``time_limit`` for above settings respectively. | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Select the themes that can be chosen by users when ``"EnableThemeSelection"`` is set to ``true``. +Post edit time limit +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"AllowedThemes": "default"`` with options ``default``, ``organization``, ``mattermostDark`` and ``windows10`` optionally separated by commas. For example, ``["mattermostDark", "windows10"]`` | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +When post editing is permitted, setting ``"PostEditTimeLimit": -1`` allows editing anytime, or setting ``"PostEditTimeLimit"`` to a positive integer restricts editing time in seconds. If post editing is disabled, this setting does not apply. -Display Settings (Experimental) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++--------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PostEditTimeLimit": -1`` with whole number input. | ++--------------------------------------------------------------------------------------------------+ -Timezone -^^^^^^^^^^^^^^^^^^^^^^^^^ -Select the timezone used for timestamps in the user interface and email notifications. +Images +~~~~~~~~~~~~~~~~~~~~~~~~~ +Attachment Thumbnail Width +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in July 16th, 2017 release* -**True** The Timezone setting is visible in the Account Settings and a time zone is automatically assigned in the next active session. +Width of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. -**False** The Timezone setting is hidden in the Account Settings. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ThumbnailWidth": 120`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"ExperimentalTimezone": false`` with options ``true`` and ``false``. | -+------------------------------------------------------------------------------------------------------------------+ +Attachment Thumbnail Height +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in July 16th, 2017 release* -Supported Timezones Path -^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set the path of the JSON file that lists supported timezones when ``ExperimentalTimezone`` is set to true. +Height of thumbnails generated from uploaded images. Updating this value changes how thumbnail images render in future, but does not change images created in the past. -The file must be in the same directory as your ``config.json`` file if you set a relative path. Defaults to ``timezones.json``. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ThumbnailHeight": 100`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+-----------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"SupportedTimezonesPath": "timezones.json"`` with string input. | -+-----------------------------------------------------------------------------------------------------------------+ +Image Preview Width +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in July 16th, 2017 release* -Jobs -~~~~~~~~~~~~~~~~~~~~~~~~~ +Maximum width of preview image. Updating this value changes how preview images render in future, but does not change images created in the past. -Settings to configure the how Mattermost schedules and completes periodic tasks such as the deletion of old posts with Data Retention enabled or indexing of posts with Elasticsearch. These settings control which Mattermost servers are designated as a Scheduler, a server that queues the tasks at the correct times, and as a Worker, a server that completes the given tasks. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PreviewWidth": 1024`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -When running Mattermost on a single machine, both ``RunJobs`` and ``RunScheduler`` should be enabled. Without both of these enabled, Mattermost will not function properly. +Image Preview Height +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in July 16th, 2017 release* -When running Mattermost in High Availability mode, ``RunJobs`` should be enabled on one or more servers while ``RunScheduler`` should be enabled on all servers under normal circumstances. A High Availability cluster will have one Scheduler and one or more Workers. See the below sections for more information. +Maximum height of preview image ("0": Sets to auto-size). Updating this value changes how preview images render in future, but does not change images created in the past. -Run Jobs -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set whether or not this Mattermost server will handle tasks created by the Scheduler. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"PreviewHeight": 0`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -When running Mattermost on a single machine, this setting should always be enabled. +Profile Picture Width +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +*Removed in July 16th, 2017 release* -When running Mattermost in High Availablity mode, one or more servers should have this setting enabled. It is recommended that a High Availability cluster has one or more dedicated Workers with this setting enabled while the remaining Mattermost app servers have it disabled. +The width to which profile pictures are resized after being uploaded via Account Settings. -+------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunJobs": true`` with options ``true`` and ``false`` for above settings respectively. | -+------------------------------------------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ProfileWidth": 128`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -Run Scheduler +Profile Picture Height ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Set whether or not this Mattermost server will schedule tasks that will be completed by a Worker. +*Removed in July 16th, 2017 release* -When running Mattermost on a single machine, this setting should always be enabled. +The height to which profile pictures are resized after being uploaded via Account Settings. -When running Mattermost in High Availablity mode, this setting should always be enabled. In a High Availability cluster, exactly one of the servers will be designated as the Scheduler at a time to ensure that duplicate tasks aren't created. See `High Availability documentation `__ for more details. ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| This feature's ``config.json`` setting is ``"ProfileHeight": 128`` with whole number input. | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -+-----------------------------------------------------------------------------------------------------------------------------------------+ -| This feature's ``config.json`` setting is ``"RunScheduler": true`` with options ``true`` and ``false`` for above settings respectively. | -+-----------------------------------------------------------------------------------------------------------------------------------------+