Page Contents


Feature List

Previous topic

Setting the OMERO_HOME environment variable

Next topic

Syslog configuration

This Page


This documentation is for the new OMERO 5.3 version. See the latest OMERO 5.2.x version or the previous versions page to find documentation for the OMERO version you are using if you have not upgraded yet.

Configuration properties glossary


The primary form of configuration is via the use of key/value properties, stored in etc/grid/config.xml and read on server startup. Backing up and copying these properties is as easy as copying this file to a new server version.

The etc/ file of your distribution defines all the default configuration properties used by the server. Changes made to the file are not recognized by the server. Instead, configuration options can be set using the omero config set command:

$ bin/omero config set <parameter> <value>

When supplying a value with spaces or multiple elements, use single quotes. The quotes will not be saved as part of the value (see below).

To remove a configuration option (to return to default values where mentioned), simply omit the value:

$ bin/omero config set <parameter>

These options will be stored in a file: etc/grid/config.xml which you can read for reference. DO NOT edit this file directly.

You can also review all your settings by using:

$ bin/omero config get

which should return values without quotation marks.

A final useful option of omero config edit is:

$ bin/omero config edit

which will allow for editing the configuration in a system-default text editor.


Please use the escape sequence \" for nesting double quotes (e.g. "[\"foo\", \"bar\"]") or wrap with ' (e.g. '["foo", "bar"]').

Examples of doing this are on the server installation page, as well as the LDAP installation page.

Mandatory properties

The following properties need to be correctly set for all installations of the OMERO.server. Depending on your set-up, default values may be sufficient.

Binary repository


Checksum algorithms supported by the server for new file uploads, being any comma-separated non-empty subset of:

  • Adler-32
  • CRC-32
  • MD5-128
  • Murmur3-32
  • Murmur3-128
  • SHA1-160
  • File-Size-64

In negotiation with clients, this list is interpreted as being in descending order of preference.

Default: SHA1-160, MD5-128, Murmur3-128, Murmur3-32, CRC-32, Adler-32, File-Size-64

Default: /OMERO/


Template for FS managed repository paths. Allowable elements are:

%user%         bob
%userId%       4
%group%        bobLab
%groupId%      3
%year%         2011
%month%        01
%monthname%    January
%day%          01
%time%         15-13-54.014
%institution%  University of Dundee
%hash%         0D2D8DB7
%increment%    14
%subdirs%      023/613
%session%      c3fdd5d8-831a-40ff-80f2-0ba5baef448a
%sessionId%    592
%perms%        rw----
/              path separator
//             end of root-owned directories

These are described further at FS configuration options

The path must be unique per fileset to prevent upload conflicts, which is why %time% includes milliseconds.

A // may be used as a path separator: the directories preceding it are created with root ownership, the remainder are the user’s. At least one user-owned directory must be included in the path.

The template path is created below omero.managed.dir, e.g. /OMERO/ManagedRepository/$omero.fs.repo.path/

Default: %user%_%userId%//%year%-%month%/%day%/%time%


Rules to apply to judge the acceptability of FS paths for writing into omero.managed.dir, being any comma-separated non-empty subset of:

  • Windows required
  • Windows optional
  • UNIX required
  • UNIX optional
  • local required
  • local optional

Minimally, the “required” appropriate for the server is recommended. Also applying “optional” rules may make sysadmin tasks easier, but may be more burdensome for users who name their files oddly. “local” means “Windows” or “UNIX” depending on the local platform, the latter being applied for Linux and Mac OS X.

Default: Windows required, UNIX required


Default: ${}/ManagedRepository



The default thumbnail size

Default: 96


Clients disable download as jpg/png/tiff above max pixel count.

Default: 144000000


Server-side scripts used in IScript service Clients shouldn’t display.

Default: /omero/figure_scripts/, /omero/figure_scripts/, /omero/figure_scripts/, /omero/figure_scripts/, /omero/export_scripts/, /omero/import_scripts/

Flag to show/hide colleagues

Default: true

Client dropdown menu colleagues label.

Default: Members

Flag to show/hide all users.

Default: true

Client dropdown menu all users label.

Default: All Members

Flag to show/hide leader.

Default: true

Client dropdown menu leader label.

Default: Owners


Description of the “Orphaned images” container.

Default: This is a virtual container with orphaned images. These images are not linked anywhere. Just drag them to the selected container.


Flag to show/hide “Orphaned images” container. Only accept “true” or “false”

Default: true

Name of the “Orphaned images” container located in client tree data manager.

Default: Orphaned Images


Client tree type order rank list first type is ranked 1 (the highest), last is the lowest if set to ‘false’ empty list allows mixing all types and sorting them by default client ordering strategy

Default: tagset, tag, project, dataset, screen, plate, acquisition, image


Initial client image viewer zoom level for big images

Default: 0


Client viewers interpolate pixels by default.

Default: true


Client viewers roi limit.

Default: 2000

Absolute omeroweb host http(s)://your_domain/prefix/

Default: [empty]



The string that will be used as the base for LSIDs in all exported OME objects including OME-XML and OME-TIFF. It’s usually not necessary to modify this value since the database UUID (stored in the database) is sufficient to uniquely identify the source.



Implementation of the org.hibernate.dialect.Dialect interface which will be used to convert HQL queries and save operations into SQL SELECTs and DML statements.

(PostgreSQL default)

Default: ome.util.PostgresqlDialect


JDBC driver used to access the database. Other drivers can be configured which wrap this driver to provide logging, monitoring, etc.

(PostgreSQL default)

Default: org.postgresql.Driver

The host name of the machine on which the database server is running. A TCP port must be accessible from the server on which OMERO is running.

Default: localhost

The name of the database instance to which OMERO will connect.

Default: omero


The password to use to connect to the database server

Default: omero


The patch version of the database which is in use. This value need not match the patch version of the server that is is being used with. Any changes by developers to the database schema will result in a bump to this value.

Default: 0


Sets the number of database server connections which will be used by OMERO. Your database installation will need to be configured to accept at least as many, preferably more, connections as this value.

Default: 10


TCP port on which the database server is listening for connections. Used by the JDBC driver to access the database. Use of a local UNIX socket is not supported.

(PostgreSQL default)

Default: 5432


Default: 10


Default values for the current profile will be hard-coded into the file in the model-*.jar. By using a different jar, you can modify the defaults.

Note: some other properties are defined in the file etc/profiles/$omero.db.profile Especially of importance is omero.db.port

Default: psql


Implementation of the ome.util.SqlAction interface which will be used to perform all direct SQL actions, i.e. without Hibernate.

(PostgreSQL default)

Default: ome.util.actions.PostgresSqlAction


Whether JMX statistics are collected for DB usage (by Hibernate, etc)

Default: true


The username to use to connect to the database server

Default: omero


Version of the database which is in use. This value typically matches the major.minor version of the server that it is being used with. Typically, only developers will change this version to bump to a new major version.

Default: OMERO5.3



Default: false


Default: nullRedirector


registry_timeout is the milliseconds which the registry and other services will wait on remote services to respond.

Default: 5000



Disable IPv6 by setting to 0. Only needed in certain situations.

Default: 1



Contains other parameters which should be passed to the JVM. The value of “append” is treated as if it were on the command line so will be separated on whitespace. For example, ‘-XX:-PrintGC -XX:+UseCompressedOops’ would results in two new arguments. Note that when using config set from the command line one may need to give a prior option to prevent a value starting with - from already being parsed as an option, and values may need quoting to prevent whitespace or other significant characters from being interpreted prematurely.

Default: [empty]


Toggles on or off heap dumps on OOMs. Default is “off”. The special value “tmp” will create the heap dumps in your temp directory.

Default: [empty]


Explicit value for the -Xmx argument, e.g. “1g”

Default: [empty]


Suggestion for strategies as to the maximum memory that they will use for calculating JVM settings (MB).

Default: 48000


Suggestion for strategies as to the minimum memory that they will use for calculating JVM settings (MB).

Default: 3414


Used only by the percent strategy. An integer between 0 and 100 which is the percent of active memory that will be used by the service.

Default: [empty]


Explicit value for the MaxPermSize argument to the JVM, e.g. “500M”. Ignored for Java8+

Default: [empty]


Memory strategy which will be used by default. Options include: percent, manual

Default: percent


Manual override of the total system memory that OMERO will think is present on the local OS (MB). If unset, an attempt will be made to detect the actual amount: first by using the Python library psutil and if that is not installed, by running a Java tool. If neither works, 4.0GB is assumed.

Default: [empty]



LDAP server base search DN, i.e. the filter that is applied to all users. (can be empty in which case any LDAP user is valid)

Default: ou=example, o=com


Enable or disable LDAP (true or false).

Default: false


Default: (objectClass=groupOfNames)


Default: name=cn


Without a prefix the “new_user_group” property specifies the name of a single group which all new users will be added to. Other new_user_group strings are prefixed with :x: and specify various lookups which should take place to find one or more target groups for the new user.

:ou: uses the final organizational unit of a user’s dn as the single OMERO group e.g. omero.ldap.new_user_group=:ou:

:attribute: uses all the values of the specified attribute as the name of multiple OMERO groups. e.g. omero.ldap.new_user_group=:attribute:memberOf

Like :attribute:, :filtered_attribute: uses all the values of the specified attribute as the name of multiple OMERO groups but the attribute must pass the same filter as :query: does. e.g. omero.ldap.new_user_group=:filtered_attribute:memberOf

Similar to :attribute:, :dn_attribute: uses all the values of the specified attribute as the DN of multiple OMERO groups. e.g. omero.ldap.new_user_group=:dn_attribute:memberOf

A combination of filtered_attribute and dn_attribute, :filtered_dn_attribute: uses all of the values of the specified attribute as the DN of multiple OMERO groups but the attribute must pass the same filter as :query: e.g. omero.ldap.new_user_group=:filtered_dn_attribute:memberOf

:query: performs a query for groups. The “name” property will be taken as defined by omero.ldap.group_mapping and the resulting filter will be AND’ed with the value group_filter (above) e.g. omero.ldap.new_user_group=:query:(member=@{dn})

:bean: looks in the server’s context for a bean with the given name which implements e.g. omero.ldap.new_user_group=:bean:myNewUserGroupMapperBean

Default: default


A query element to check if user who is being created via the new_user_group setting should be made a “manager”, i.e. owner, of the queried group. E.g. omero.ldap.new_user_group_owner=(owner=@{dn}) will use the ‘manager’ attribute to set the ‘owner’ flag in the database. This query element is appened to any query used by new_user_group with an AND.

This property is not used by new_user_group type ‘default’ and only potentially by :bean:.

Default: [empty]


LDAP server bind password (if required; can be empty)

Default: [empty]


Available referral options are: “ignore”, “follow”, or “throw” as per the JNDI referral documentation.

Default: ignore


Whether or not values from LDAP will be synchronized to OMERO on each login. This includes not just the username, email, etc, but also the groups that the user is a member of.


Admin actions carried out in the clients may not survive this synchronization e.g. LDAP users removed from an LDAP group in the UI will be re-added to the group when logging in again after the synchronization.

Default: false


Set the URL of the LDAP server. A SSL URL for this property would be of the form: ldaps://

Default: ldap://localhost:389


Default: (objectClass=person)


Default: omeName=cn, firstName=givenName, lastName=sn, email=mail, institution=department, middleName=middleName


LDAP server bind DN (if required; can be empty)

Default: [empty]



Mail sender properties

Default: defaultMailSender


Enable or disable mail sender (true or false).

Default: false


the email address used for the “from” field

Default: omero@${}

the hostname of smtp server

Default: localhost


the password to connect to the smtp server (if required; can be empty)

Default: [empty]


the port of smtp server

Default: 25


see javax.mail.Session properties

Default: false


Default: 60000


Default: false




Default: false


Default: ${omero.mail.port}


Default: false


Default: 60000


other smtp parameters; see org.springframework.mail.javamail.JavaMailSenderImpl

Default: smtp


the username to connect to the smtp server (if required; can be empty)

Default: [empty]



Which bean to use: nullMetrics does nothing defaultMetrics uses the properties defined below

Default: defaultMetrics


Address for Metrics to send server data

Default: [empty]


Number of minutes to periodically print to slf4j 0 or lower disables the printout.

Default: 60



Default: 0


Default: 1800000


Default: 120000


Sets the duration of inactivity in milliseconds after which a login is required.

Default: 600000


Default: 5000


Default: 5000


Default: 50


Default: 5


Time in milliseconds after which a single method invocation will print a ERROR statement to the server log. If ERRORs are frequently being printed to your logs, you may want to increase this value after checking that no actual problem exists. Values of more than 60000 (1 minute) are not advised.

Default: 20000


Value for the indexer is extended to 1 day

Default: 86400000


Time in milliseconds after which a single method invocation will print a WARN statement to the server log.

Default: 5000


Value for the indexer is extended to 1 hour

Default: 3600000


Default: 1000


Default: 1000


Default: 10000



Name of the spring bean which will be used to calculate the backoff (in ms) that users should wait for an image to be ready to view.



Number of instances indexed per indexing. (Ignored by pixelDataEventLogQueue)

Default: 50


Polling frequency of the pixeldata processing. Set empty to disable pixeldata processing.

Cron Format: seconds minutes hours day-of-month month day-of-week year (optional). For example, “0,30 * * * * ?” is equivalent to running every 30 seconds. For more information download the latest 1.x version of the Quartz Job Scheduler and review docs/api/org/quartz/CronExpression.html within the distribution.

Default: */4 * * * * ?


Whether the PixelData.dispose() method should try to clean up ByteBuffer instances which may lead to memory exceptions. See ticket #11675 for more information. Note: the property is set globally for the JVM.

Default: true


EventLogLoader that will be used for loading EventLogs for the action “PIXELDATA”. Choices include: pixelDataEventLogQueue and the older pixelDataPersistentEventLogLoader

Default: pixelDataEventLogQueue


Default: 3192


Default: 3192


Maximum time in milliseconds that file parsing can take without the parsed metadata being cached to BioFormatsCache.

Default: 0


Instead, it is possible to tell the server to run more pixeldata repetitions, each of which gets completely committed before the next. This will only occur when there is a substantial backlog of pixels to process.

(Ignored by pixelDataEventLogQueue; uses threads instead)

Default: 1


How many pixel pyramids will be generated at a single time. The value should typically not be set to higher than the number of cores on the server machine.

Default: 2


Default: 256


Default sizes for tiles are provided by a implementation. By default the bean (“configuredTileSizes”) uses the properties provided here.

Default: configuredTileSizes


Default: 256



Instance of the PolicyService interface which will be responsible for checking certain server actions made by a user.

Default: defaultPolicyService


Configuration for the policy of whether users can access binary files from disk. Binary access includes all attempts to download a file from the UI.

The individual components of the string include:

  • write - whether or not users who have WRITE access to the objects can access the binary. This includes group and system administrators.
  • read - whether or not users who have READ access to the objects can access the binary.
  • image - whether or not images are to be considered accessible as a rule.
  • plate - whether or not plates and contained HCS objects are to be considered accessible as a rule. This includes wells, well samples, and plate runs.

Though the order of the components of the property are not important, the order that they are listed above roughly corresponds to their priority. E.g. a -write value will override +plate.

Example 1: “-read,+write,+image,-plate” only owners of an image and admins can download it.

Example 2: “-read,-write,-image,-plate” no downloading is possible.

Configuration properties of the same name can be applied to individual groups as well. E.g. adding, omero.policy.binary_access=-read to a group, you can prevent group-members from downloading original files.

Configuration is pessimistic: if there is a negative either on the group or at the server-level, the restriction will be applied. A missing value at the server restricts the setting but allows the server to override.

Default: +read, +write, +image



The prefix to apply to all port numbers (SSL, TCP, registry) used by the server

Default: [empty]


The IceGrid registry port number to use

Default: 4061


The Glacier2 SSL port number to use

Default: 4064


The Glacier2 TCP port number to use

Default: 4063



Executable on the PATH which will be used for scripts with the mimetype ‘text/x-jython’.

Default: jython


Executable on the PATH which will be used for scripts with the mimetype ‘text/x-matlab’.

Default: matlab


Executable on the PATH which will be used for scripts with the mimetype ‘text/x-python’.

No value implies use sys.executable

Default: [empty]


Server implementation which will be used for scripts with the mimetype ‘text/x-jython’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.ProcessI


Server implementation which will be used for scripts with the mimetype ‘text/x-matlab’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.MATLABProcessI


Server implementation which will be used for scripts with the mimetype ‘text/x-python’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.ProcessI


Frequency to reload script params. By default, once a day at midnight.

Cron Format: seconds minutes hours day-of-month month day-of-week year (optional). For example, “0,30 * * * * ?” is equivalent to running every 30 seconds. For more information download the latest 1.x version of the Quartz Job Scheduler and review docs/api/org/quartz/CronExpression.html within the distribution.

Default: 0 0 0 * * ?


Guava LoadingCache spec for configuring how many script JobParams will be kept in memory for how long.

For more information, see

Default: maximumSize=1000


Default: 3600000


Default: groupChmodStrategy

Default: (int8and(permissions, %s) = %s)

A keystore is a database of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. A keystore is mostly needed if you are doing client-side certificates for authentication against your LDAP server.

Default: [empty]

Sets the password of the keystore

Default: [empty]

Default: 1

Default: 3000

Implementation of PasswordProvider that will be used to authenticate users. Typically, a chained password provider will be used so that if one form of authentication (e.g. LDAP) does not work, other attempts will be made.

Default: chainedPasswordProvider

Controls whether the server will allow creation of user accounts with an empty password. If set to true (default, strict mode), empty passwords are disallowed. This still allows the guest user to interact with the server.

Default: true

A truststore is a database of trusted entities and their associated X.509 certificate chains authenticating the corresponding public keys. The truststore contains the Certificate Authority (CA) certificates and the certificate(s) of the other party to which this entity intends to send encrypted (confidential) data. This file must contain the public key certificates of the CA and the client’s public key certificate.

Default: [empty]

Sets the password of the truststore

Default: [empty]



A list of people who get code error notifications whenever the application identifies a broken link or raises an unhandled exception that results in an internal server error. This gives the administrators immediate notification of any errors, see OMERO.mail. Example:'[["Full Name", "email address"]]'.

Default: []


OMERO.web is configured to run in Gunicorn as a generic WSGI application by default. If you are using Apache change this to “wsgi” before generating your web server configuration. Available options: “wsgi-tcp” (Gunicorn), “wsgi” (Apache)

Default: wsgi-tcp

Upstream application host



The maximum number of requests a worker will process before restarting.

Default: 0


Upstream application port

Default: 4080


Add additional Django applications. For example, see Creating an app

Default: []


OMERO.web offers alternative session backends to automatically delete stale data using the cache session store backend, see Django cached session documentation for more details.

Default: {“default”: {“BACKEND”: “django.core.cache.backends.dummy.DummyCache”}}


Size, in bytes, of the “chunk”

Default: 1048576


Default: {}


A boolean that turns on/off debug mode.

Default: false


Define template used as an index page http://your_host/omero/.If None user is automatically redirected to the login page.For example use ‘webclient/index.html’.

Default: None


A path to the custom log directory.

Default: /home/omero/OMERO.server/var/log


Redirect to the given location after logging in. It only supports arguments for Django reverse function. For example: '{"redirect": ["webindex"], "viewname": "load_template", "args":["userdata"], "query_string": {"experimenter": -1}}'

Default: {}


Default: weblogin


A list of viewers that can be used to display selected Images or other objects. Each viewer is defined as ["Name", "url", options]. Url is reverse(url). Selected objects are added to the url as ?image=:1&image=2Objects supported must be specified in options with e.g. {"supported_objects":["images"]} to enable viewer for one or more images.

Default: [[“Image viewer”, “webindex”, {“supported_objects”: [“image”],”script_url”: “webclient/javascript/ome.openwith_viewer.js”}]]


Number of images displayed within a dataset or ‘orphaned’ container to prevent from loading them all at once.

Default: 200


Timeout interval between ping invocations in seconds

Default: 60000


Compressor class to be applied to CSS files. If empty or None, CSS files won’t be compressed.

Default: None


Compressor class to be applied to JavaScript files. If empty or None, JavaScript files won’t be compressed.

Default: None


The file storage engine to use when collecting static files with the collectstatic management command. See the documentation for more details.



Used as the value of the SCRIPT_NAME environment variable in any HTTP request.

Default: None


Default: false


Default: omero.web.public.cache.key


Default: 86400


Enable and disable the OMERO.web public user functionality.

Default: false


Password to use during authentication.

Default: None


Server to authenticate against.

Default: 1


Set a URL filter for which the OMERO.web public user is allowed to navigate. The idea is that you can create the public pages yourself (see OMERO.web framework since we do not provide public pages.

Default: ^/(?!webadmin)


Username to use during authentication.

Default: None


A boolean that sets SECRET_KEY for a particular Django installation.

Default: None


A tuple representing a HTTP header/value combination that signifies a request is secure. Example '["HTTP_X_FORWARDED_PROTO_OMERO_WEB", "https"]'. For more details see secure proxy ssl header.

Default: []


A list of servers the Web client can connect to.

Default: [[“localhost”, 4064, “omero”]]


Controls where Django stores session data. See Configuring the session engine for more details.

Default: omeroweb.filesessionstore


A boolean that determines whether to expire the session when the user closes their browser. See Django Browser-length sessions vs. persistent sessions documentation for more details.

Default: true


The absolute path to the directory where collectstatic will collect static files for deployment. If the staticfiles contrib app is enabled (default) the collectstatic management command will collect static files into this directory.

Default: /home/omero/OMERO.server/lib/python/omeroweb/static


URL to use when referring to static files. Example: '/static/' or ''. Used as the base path for asset definitions (the Media class) and the staticfiles app. It must end in a slash if set to a non-empty value.

Default: /static/


Defines the additional locations the staticfiles app will traverse if the FileSystemFinder finder is enabled, e.g. if you use the collectstatic or findstatic management command or use the static file serving view.

Default: []


List of locations of the template source files, in search order. Note that these paths should use Unix-style forward slashes.

Default: []


Add plugins to the center panels. Plugins are ['Channel overlay', 'webtest/webclient_plugins/center_plugin.overlay.js.html', 'channel_overlay_panel']. The javascript loads data into $('#div_id').

Default: []


Manage Metadata pane accordion. This functionality is limited to the exiting sections.

Default: [{“name”: “tag”, “label”: “Tags”, “index”: 1},{“name”: “map”, “label”: “Key-Value Pairs”, “index”: 2},{“name”: “table”, “label”: “Tables”, “index”: 3},{“name”: “file”, “label”: “Attachments”, “index”: 4},{“name”: “comment”, “label”: “Comments”, “index”: 5},{“name”: “rating”, “label”: “Ratings”, “index”: 6},{“name”: “other”, “label”: “Others”, “index”: 7}]


Add plugins to the right-hand panel. Plugins are ['Label', 'include.js', 'div_id']. The javascript loads data into $('#div_id').

Default: [[“Acquisition”, “webclient/data/includes/right_plugin.acquisition.js.html”, “metadata_tab”],[“Preview”, “webclient/data/includes/right_plugin.preview.js.html”, “preview_tab”]]


Specifies whether to use the X-Forwarded-Host header in preference to the Host header. This should only be enabled if a proxy which sets this header is in use.

Default: false


Django view which handles display of, or redirection to, the desired full image viewer.

Default: omeroweb.webclient.views.image_viewer


Default: None


A string representing Gunicorn additional arguments. Check Gunicorn Documentation

Default: None


Workers silent for more than this many seconds are killed and restarted. Check Gunicorn Documentation

Default: 60


The number of worker processes for handling requests. Check Gunicorn Documentation

Default: 5