# Vendor config: DO NOT TOUCH! # # See sample.config.toml to override. datadir = '/var/lib/xo-server/data' # Delay for which a resource is cached resourceCacheDelay = '5m' # Should users be created on first sign in? # # Necessary for external authentication providers. createUserOnFirstSignin = true # XAPI does not support chunked encoding in HTTP requests which is necessary # when the content length is not know which is the case for many backup related # operations in XO. # # It's possible to work-around this for VHDs because it's possible to guess # their size just by looking at the beginning of the stream. # # But it is a guess, not a certainty, it depends on how the VHDs are formatted # by XenServer. # # This has been tested for 5 months, therefore it's enabled by default but can # be disabled specifically for a user if necessary. guessVhdSizeOnImport = true # Whether API logs should contains the full request/response on # errors. # # This is disabled by default for performance (lots of data) and # security concerns (avoiding sensitive data in the logs) but can # be turned for investigation by the administrator. verboseApiLogsOnErrors = false # if no events could be fetched during this delay, the server will be marked as disconnected xapiMarkDisconnectedDelay = '5 minutes' # https:#github.com/websockets/ws#websocket-compression [apiWebSocketOptions] perMessageDeflate = { threshold = 524288 } # 512kiB [authentication] defaultTokenValidity = '30 days' maxTokenValidity = '0.5 year' # 2020-09-29 # Helpful to smoothly transition from old to new LDAP plugin implementation # See https://github.com/vatesfr/xen-orchestra/pull/5279 # This will be removed in 1 year # # When a user logs in using an authentication provider, but another user with the # same username is found in XO: # - if true: the 2 users will be merged # - if false: the user will not be able to log in. mergeProvidersUsers = true # This setting determines the duration for which cookies and their related # authentication tokens remain valid after a user logs in with the 'Remember me' # option selected. # # Defaults to `defaultTokenValidity`. #permanentCookieValidity = '30 days' # This setting determines the validity period of authentication tokens when the # 'Remember me' option is not checked. # # Cookies will be sent without an explicit expiration date, causing them to # expire automatically once the browser window closes. However, this behavior # may not always occur if the browser is set to restore the session (including # tabs) on startup. # # https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Set-Cookie#Session_cookie sessionCookieValidity = '10 hours' # This is the page where unauthenticated users will be redirected to. # # For instance, it can be changed to `/signin/saml` if that's the provider that # should be used by default. defaultSignInPage = '/signin' # Minimum delay between two password authentication attempts for a specific user. # # This is used to mitigate bruteforce attacks without being visible to users. throttlingDelay = '2 seconds' # This [backups] section and its subsections ([backups.defaultSettings], [backups.vm.defaultSettings], [backups.metadata.defaultSettings]) are passed to @xen-orchestra/backups # See https://github.com/vatesfr/xen-orchestra/blob/master/%40xen-orchestra/backups/README.md#changing-the-default-backup-configuration [backups] autoUnmountPartitionDelay = '24h' # Disables VHD merges running in background disableMergeWorker = false # Mode to use for newly created backup directories # # https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation dirMode = 0o700 snapshotNameLabelTpl = '[XO Backup {job.name}] {vm.name_label}' # Delay for which backups listing on a remote is cached listingDebounce = '1 min' # settings when using Vhd directories ( s3 , encryption ) # you should use 'none' if your fs is already compressed # changing this setting will generate new full backups vhdDirectoryCompression = 'brotli' # how many block can be merged in parallel per backup running # increase to increase performance, reduce if you have timeout during merge mergeBlockConcurrency = 2 # how many block can be uploaded in parallel # increase to increase performance, reduce if you have timeout or memory error during transfer writeBlockConcurrency = 16 # https://github.com/naugtur/blocked-at#params-and-return-value [blockedAtOptions] enabled = false threshold = 1000 [http] useForwardedHeaders = false # Helmet handles HTTP security via headers # # https://helmetjs.github.io/docs/ #[http.helmet.hsts] #includeSubDomains = false # Each `http.listen.` entry defines a specific listening configuration for # the HTTP server. # # `` can be freely chosen. # # Historically, `http.listen` was an array with the first config for HTTP and # the second for HTTPS. To avoid breaking existing user configs, this convention # is kept. [http.listen.0] port = 80 # These options are applied to all listen entries. [http.listenOptions] # Number of milliseconds allowed to receive the entire request. # # The default value changed from no limit to 5 minutes in Node 18.0 to mitigate # Slowloris attacks. # # This breaks a number of XO use cases, for instance uploading a VDI via the # REST API, therefore it's changed to 1 day. # # Completely disabled for now because it appears to be broken: # https://github.com/nodejs/node/issues/46574 requestTimeout = 0 # These mount points are exposed without needing to be authenticated. [http.publicMounts] '/robots.txt' = './robots.txt' # These mount points are exposed only when authenticated. [http.mounts] # Uncomment to setup a default version. # Otherwise, XO5 will be the default for stable channel and XO6 for latest and source # '/' = '../xo-web/dist/' '/v5' = '../xo-web/dist/' '/v6' = '../../@xen-orchestra/web/dist/' [http.proxies] # [port] is used to reuse the same port declared in [http.listen.0] '/v5/api' = '[protocol]//localhost:[port]/api' '/v5/api/updater' = 'ws://localhost:9001' '/v5/rest' = '[protocol]//localhost:[port]/rest' '/v5/netdata' = '[protocol]//localhost:[port]/netdata' '/openmetrics' = 'http://localhost:9004' [logs] # Display all logs matching this filter, regardless of their level #filter = 'xo:load-balancer' # Display all logs with level >=, regardless of their namespace level = 'info' [logs.transport.console] [netbox] checkNetboxVersion = true [plugins] lookupPaths = ['./node_modules', '../', '/usr/local/lib/node_modules'] [plugins.sdn-controller] useDirectChannel = true [remoteOptions] mountsDir = '/run/xo-server/mounts' # timeout in milliseconds (set to 0 to disable) timeout = 600e3 # see https:#github.com/vatesfr/xen-orchestra/issues/3419 # useSudo = false [selfService] # If true, a snapshot of a Self Service VM will consume as much resources as a # normal VM would ignoreVmSnapshotResources = false [xapiOptions] # The duration XO will wait for a host to be live before assuming it failed to # restart restartHostTimeout = '20 minutes' maxUncoalescedVdis = 1 vdiExportConcurrency = 12 vmEvacuationConcurrency = 3 vmExportConcurrency = 2 vmSnapshotConcurrency = 2 vdiDelayBeforeRemovingCloudConfigDrive = '5 min' poolMarkingInterval = '6 hours' poolMarkingMaxAge = '48 hours' poolMarkingPrefix = 'xo:clientInfo:' [xo-proxy] callTimeout = '1 min' channel = 'xo-proxy-appliance-{xoChannel}' namespace = 'xoProxyAppliance' proxyName = 'Proxy {date}' licenseProductId = 'xo-proxy' vmName = 'XOA Proxy {date}' # The duration for which we can wait for the VM networks to be defined vmNetworksTimeout = '5 min' vmTag = 'XOA Proxy' # The duration for which we can wait for the XOA to be upgraded xoaUpgradeTimeout = '5 min' [rest-api] dashboardCacheTimeout = '1 min' dashboardCacheExpiresIn = '1 min' # Allow to set a a limit of memory per SSE client # before destroying the client. Based on the XOA RAM # in percent (0.5 = 0.5%) percentOfRamAllocatedPerSseClient = 0.5 [jsonrpc-api]