Configuration properties glossary

Introduction

The primary form of configuration is via the use of key/value properties, stored in etc/grid/config.xml and read on server startup. Backing up and copying these properties is as easy as copying this file to a new server version.

The etc/omero.properties file of your distribution defines all the default configuration properties used by the server. Changes made to the file are not recognized by the server. Instead, configuration options can be set using the omero config set command:

$ omero config set <parameter> <value>

When supplying a value with spaces or multiple elements, use single quotes. The quotes will not be saved as part of the value (see below).

To remove a configuration option (to return to default values where mentioned), simply omit the value:

$ omero config set <parameter>

These options will be stored in a file: etc/grid/config.xml which you can read for reference. DO NOT edit this file directly.

You can also review all your settings by using:

$ omero config get

which should return values without quotation marks.

A final useful option of omero config edit is:

$ omero config edit

which will allow for editing the configuration in a system-default text editor.

Note

Please use the escape sequence \" for nesting double quotes (e.g. "[\"foo\", \"bar\"]") or wrap with ' (e.g. '["foo", "bar"]').

Examples of doing this are on the server installation page, as well as the LDAP installation page.

Mandatory properties

The following properties need to be correctly set for all installations of the OMERO.server. Depending on your set-up, default values may be sufficient.

Binary repository

omero.checksum.supported

Checksum algorithms supported by the server for new file uploads, being any comma-separated non-empty subset of:

  • Adler-32

  • CRC-32

  • MD5-128

  • Murmur3-32

  • Murmur3-128

  • SHA1-160

  • File-Size-64

In negotiation with clients, this list is interpreted as being in descending order of preference.

Default: SHA1-160, MD5-128, Murmur3-128, Murmur3-32, CRC-32, Adler-32, File-Size-64

omero.data.dir

Default: /OMERO/

omero.fs.repo.path

Template for FS managed repository paths. Allowable elements are:

%user%         bob
%userId%       4
%group%        bobLab
%groupId%      3
%year%         2011
%month%        01
%monthname%    January
%day%          01
%time%         15-13-54.014
%institution%  University of Dundee
%hash%         0D2D8DB7
%increment%    14
%subdirs%      023/613
%session%      c3fdd5d8-831a-40ff-80f2-0ba5baef448a
%sessionId%    592
%perms%        rw----
%thread%       Blitz-0-Ice.ThreadPool.Server-3
/              path separator
//             end of root-owned directories

These are described further at FS configuration options

The path must be unique per fileset to prevent upload conflicts, which is why %time% includes milliseconds.

A // may be used as a path separator: the directories preceding it are created with root ownership, the remainder are the user’s. At least one user-owned directory must be included in the path.

The template path is created below omero.managed.dir, e.g. /OMERO/ManagedRepository/$omero.fs.repo.path/

Default: %user%_%userId%//%year%-%month%/%day%/%time%

omero.fs.repo.path_rules

Rules to apply to judge the acceptability of FS paths for writing into omero.managed.dir, being any comma-separated non-empty subset of:

  • Windows required

  • Windows optional

  • UNIX required

  • UNIX optional

  • local required

  • local optional

Minimally, the “required” appropriate for the server is recommended. Also applying “optional” rules may make sysadmin tasks easier, but may be more burdensome for users who name their files oddly. “local” means “Windows” or “UNIX” depending on the local platform, the latter being applied for Linux and Mac OS X.

Default: Windows required, UNIX required

omero.managed.dir

Default: ${omero.data.dir}/ManagedRepository

Client

omero.client.browser.thumb_default_size

The default thumbnail size

Default: 96

omero.client.download_as.max_size

Clients disable download as jpg/png/tiff above max pixel count.

Default: 144000000

omero.client.icetransports

Comma separated list of Ice transports available to clients. The default value (“ssl,tcp”) instructs Ice to open the ports specified by the omero.ports.ssl and omero.ports.tcp properties. Restricting to “ssl” will prevent all non-encrypted connections to the OMERO server.

Additionally, there are two experimental values for using websockets: “ws” and “wss” for unencrypted and encrypted, respectively. The ports that are opened are controlled by the omero.ports.ws and omero.ports.wss properties. To enable all possible protocols use: “ssl,tcp,wss,ws”.

Note: When using websockets behind a web server like nginx, additional configuration may be needed.

Default: ssl, tcp

omero.client.scripts_to_ignore

Server-side scripts used in IScript service Clients shouldn’t display.

Default: /omero/figure_scripts/Movie_Figure.py, /omero/figure_scripts/Split_View_Figure.py, /omero/figure_scripts/Thumbnail_Figure.py, /omero/figure_scripts/ROI_Split_Figure.py, /omero/export_scripts/Make_Movie.py, /omero/import_scripts/Populate_ROI.py

omero.client.ui.menu.dropdown.colleagues.enabled

Flag to show/hide colleagues

Default: true

omero.client.ui.menu.dropdown.colleagues.label

Client dropdown menu colleagues label.

Default: Members

omero.client.ui.menu.dropdown.everyone.enabled

Flag to show/hide all users.

Default: true

omero.client.ui.menu.dropdown.everyone.label

Client dropdown menu all users label.

Default: All Members

omero.client.ui.menu.dropdown.leaders.enabled

Flag to show/hide leader.

Default: true

omero.client.ui.menu.dropdown.leaders.label

Client dropdown menu leader label.

Default: Owners

omero.client.ui.tree.orphans.description

Description of the “Orphaned images” container.

Default: This is a virtual container with orphaned images. These images are not linked anywhere. Just drag them to the selected container.

omero.client.ui.tree.orphans.enabled

Flag to show/hide “Orphaned images” container. Only accept “true” or “false”

Default: true

omero.client.ui.tree.orphans.name

Name of the “Orphaned images” container located in client tree data manager.

Default: Orphaned Images

omero.client.ui.tree.type_order

Client tree type order rank list first type is ranked 1 (the highest), last is the lowest if set to ‘false’ empty list allows mixing all types and sorting them by default client ordering strategy

Default: tagset, tag, project, dataset, screen, plate, acquisition, image

omero.client.viewer.initial_zoom_level

Initial client image viewer zoom level for big images

Default: 0

omero.client.viewer.interpolate_pixels

Client viewers interpolate pixels by default.

Default: true

omero.client.viewer.roi_limit

Client viewers roi limit.

Default: 2000

omero.client.web.host

Absolute omeroweb host http(s)://your_domain/prefix/

Default: [empty]

Database

omero.db.authority

The string that will be used as the base for LSIDs in all exported OME objects including OME-XML and OME-TIFF. It’s usually not necessary to modify this value since the database UUID (stored in the database) is sufficient to uniquely identify the source.

Default: export.openmicroscopy.org

omero.db.dialect

Implementation of the org.hibernate.dialect.Dialect interface which will be used to convert HQL queries and save operations into SQL SELECTs and DML statements.

(PostgreSQL default)

Default: ome.util.PostgresqlDialect

omero.db.driver

JDBC driver used to access the database. Other drivers can be configured which wrap this driver to provide logging, monitoring, etc.

(PostgreSQL default)

Default: org.postgresql.Driver

omero.db.host

The host name of the machine on which the database server is running. A TCP port must be accessible from the server on which OMERO is running.

Default: localhost

omero.db.name

The name of the database instance to which OMERO will connect.

Default: omero

omero.db.pass

The password to use to connect to the database server

Default: omero

omero.db.patch

The patch version of the database which is in use. This value need not match the patch version of the server that is is being used with. Any changes by developers to the database schema will result in a bump to this value.

Default: 0

omero.db.poolsize

Sets the number of database server connections which will be used by OMERO.

A sizeable increase in this value, e.g. to 100, will significantly increase the performance of your server, but your database installation will need to be configured to accept at least as many, preferably more, connections as this value.

The related values omero.threads.max_threads and omero.threads.background_threads do not need to be increased by the same amount. A system will be more stable if background_threads is less than max_threads and max_threads is less than poolsize.

Default: 10

omero.db.port

TCP port on which the database server is listening for connections. Used by the JDBC driver to access the database. Use of a local UNIX socket is not supported.

(PostgreSQL default)

Default: 5432

omero.db.prepared_statement_cache_size

Default: 10

omero.db.profile

Default values for the current profile will be hard-coded into the hibernate.properties file in the model-*.jar. By using a different jar, you can modify the defaults.

Note: some other properties are defined in the file etc/profiles/$omero.db.profile Especially of importance is omero.db.port Set during the build

Default: psql

omero.db.properties

Properties to set on OMERO.server’s JDBC connection to the database. See https://jdbc.postgresql.org/documentation/head/connect.html

Default: [empty]

omero.db.sql_action_class

Implementation of the ome.util.SqlAction interface which will be used to perform all direct SQL actions, i.e. without Hibernate.

(PostgreSQL default)

Default: ome.util.actions.PostgresSqlAction

omero.db.statistics

Whether JMX statistics are collected for DB usage (by Hibernate, etc)

Default: true

omero.db.url

The URL specifying how the Java driver connects to the database system.

Default: jdbc:postgresql://${omero.db.host}:${omero.db.port}/${omero.db.name}?ApplicationName=OMERO.${omero.name}&${omero.db.properties}

omero.db.user

The username to use to connect to the database server

Default: omero

omero.db.version

Version of the database which is in use. This value typically matches the major.minor version of the server that it is being used with. Typically, only developers will change this version to bump to a new major version.

Default: OMERO5.4

Glacier2

omero.glacier2.IceSSL

Glacier2Template IceSSL defaults and overrides, see https://doc.zeroc.com/ice/3.6/property-reference/icessl. Any property beginning omero.glacier2.IceSSL. will be used to update the corresponding IceSSL. property.

Default: [empty]

omero.glacier2.IceSSL.Ciphers

Glacier2Template SSL allowed cipher suites

Default: ADH:!LOW:!MD5:!EXP:!3DES:@STRENGTH

omero.glacier2.IceSSL.ProtocolVersionMax

Glacier2Template SSL maximum allowed protocol (mac bug)

Default: tls1_1

omero.glacier2.IceSSL.Protocols

Glacier2Template SSL allowed protocols

Default: tls1

omero.glacier2.IceSSL.VerifyPeer

Glacier2Template SSL verification requirements

Default: 0

Grid

omero.cluster.read_only

Deprecated. If true, will override both the db and repo properties to be true.

Default: false

omero.cluster.read_only.db

If access to the database is read-only: no writes should be attempted. A “false” may be overridden by omero.cluster.read_only above.

Default: false

omero.cluster.read_only.repo

If access to the binary repo is read-only: no writes should be attempted. A “false” may be overridden by omero.cluster.read_only above.

Default: false

omero.cluster.redirector

Default: nullRedirector

omero.grid.registry_timeout

registry_timeout is the milliseconds which the registry and other services will wait on remote services to respond.

Default: 5000

Ice

Ice.IPv6

Disable IPv6 by setting to 0. Only needed in certain situations.

Default: 1

JVM

omero.jvmcfg.append

Contains other parameters which should be passed to the JVM. The value of “append” is treated as if it were on the command line so will be separated on whitespace. For example, ‘-XX:-PrintGC -XX:+UseCompressedOops’ would results in two new arguments. Note that when using config set from the command line one may need to give a prior option to prevent a value starting with - from already being parsed as an option, and values may need quoting to prevent whitespace or other significant characters from being interpreted prematurely.

Default: [empty]

omero.jvmcfg.heap_dump

Toggles on or off heap dumps on OOMs. Default is “off”. The special value “tmp” will create the heap dumps in your temp directory.

Default: [empty]

omero.jvmcfg.heap_size

Explicit value for the -Xmx argument, e.g. “1g”

Default: [empty]

omero.jvmcfg.max_system_memory

Suggestion for strategies as to the maximum memory that they will use for calculating JVM settings (MB).

Default: 48000

omero.jvmcfg.min_system_memory

Suggestion for strategies as to the minimum memory that they will use for calculating JVM settings (MB).

Default: 3414

omero.jvmcfg.percent

Used only by the percent strategy. An integer between 0 and 100 which is the percent of active memory that will be used by the service.

Default: [empty]

omero.jvmcfg.perm_gen

Explicit value for the MaxPermSize argument to the JVM, e.g. “500M”. Ignored for Java8+

Default: [empty]

omero.jvmcfg.strategy

Memory strategy which will be used by default. Options include: percent, manual

Default: percent

omero.jvmcfg.system_memory

Manual override of the total system memory that OMERO will think is present on the local OS (MB). If unset, an attempt will be made to detect the actual amount: first by using the Python library psutil and if that is not installed, by running a Java tool. If neither works, 4.0GB is assumed.

Default: [empty]

LDAP

omero.ldap.base

LDAP server base search DN, i.e. the filter that is applied to all users. (can be empty in which case any LDAP user is valid)

Default: ou=example, o=com

omero.ldap.config

Enable or disable LDAP (true or false).

Default: false

omero.ldap.connect_timeout

Sets com.sun.jndi.ldap.connect.timeout on the Spring LDAP default security context source environment. The context source is responsible for interacting with JNDI/LDAP.

This timeout is specified in milliseconds and controls the amount of time JNDI/LDAP will wait for a connection to be established.

A timeout less than or equal to zero means that no timeout will be observed and that the OMERO server will wait indefinitely for LDAP connections to be established. Such a timeout should be used with extreme caution as connectivity issues may then cause your server to no longer be able to create new sessions.

For more information on what this JNDI/LDAP property does, see https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/create.html

Default: 5000

omero.ldap.group_filter

Default: (objectClass=groupOfNames)

omero.ldap.group_mapping

Default: name=cn

omero.ldap.new_user_group

Without a prefix the “new_user_group” property specifies the name of a single group which all new users will be added to. Other new_user_group strings are prefixed with :x: and specify various lookups which should take place to find one or more target groups for the new user.

:ou: uses the final organizational unit of a user’s dn as the single OMERO group e.g. omero.ldap.new_user_group=:ou:

:attribute: uses all the values of the specified attribute as the name of multiple OMERO groups. e.g. omero.ldap.new_user_group=:attribute:memberOf

Like :attribute:, :filtered_attribute: uses all the values of the specified attribute as the name of multiple OMERO groups but the attribute must pass the same filter as :query: does. e.g. omero.ldap.new_user_group=:filtered_attribute:memberOf

Similar to :attribute:, :dn_attribute: uses all the values of the specified attribute as the DN of multiple OMERO groups. e.g. omero.ldap.new_user_group=:dn_attribute:memberOf

A combination of filtered_attribute and dn_attribute, :filtered_dn_attribute: uses all of the values of the specified attribute as the DN of multiple OMERO groups but the attribute must pass the same filter as :query: e.g. omero.ldap.new_user_group=:filtered_dn_attribute:memberOf

:query: performs a query for groups. The “name” property will be taken as defined by omero.ldap.group_mapping and the resulting filter will be AND’ed with the value group_filter (above) e.g. omero.ldap.new_user_group=:query:(member=@{dn})

:bean: looks in the server’s context for a bean with the given name which implements ome.security.auth.NewUserGroupBean e.g. omero.ldap.new_user_group=:bean:myNewUserGroupMapperBean

Default: default

omero.ldap.new_user_group_owner

A query element to check if user who is being created via the new_user_group setting should be made a “manager”, i.e. owner, of the queried group. E.g. omero.ldap.new_user_group_owner=(owner=@{dn}) will use the ‘manager’ attribute to set the ‘owner’ flag in the database. This query element is appended to any query used by new_user_group with an AND.

This property is not used by new_user_group type ‘default’ and only potentially by :bean:.

Default: [empty]

omero.ldap.password

LDAP server bind password (if required; can be empty)

Default: [empty]

omero.ldap.read_timeout

Sets com.sun.jndi.ldap.read.timeout on the Spring LDAP default security context source environment. The context source is responsible for interacting with JNDI/LDAP.

This timeout is specified in milliseconds and controls the amount of time JNDI/LDAP will wait for a response from the LDAP server. When connecting to a server using SSL this timeout also applies to the SSL handshake process.

A timeout less than or equal to zero means that no timeout will be observed and that the OMERO server will wait indefinitely for LDAP replies. Such a timeout should be used with extreme caution, especially when using SSL and/or without a connection pool, as connectivity issues may then cause your server to no longer be able to create new sessions.

For more information on what this JNDI/LDAP property does, see https://docs.oracle.com/javase/tutorial/jndi/newstuff/readtimeout.html

Default: 5000

omero.ldap.referral

Available referral options are: “ignore”, “follow”, or “throw” as per the JNDI referral documentation.

Default: ignore

omero.ldap.sync_on_login

Whether or not values from LDAP will be synchronized to OMERO on each login. This includes not just the username, email, etc, but also the groups that the user is a member of.

Note

Admin actions carried out in the clients may not survive this synchronization e.g. LDAP users removed from an LDAP group in the UI will be re-added to the group when logging in again after the synchronization.

Default: false

omero.ldap.urls

Set the URL of the LDAP server. A SSL URL for this property would be of the form: ldaps://ldap.example.com:636

Default: ldap://localhost:389

omero.ldap.user_filter

Default: (objectClass=person)

omero.ldap.user_mapping

Default: omeName=cn, firstName=givenName, lastName=sn, email=mail, institution=department, middleName=middleName

omero.ldap.username

LDAP server bind DN (if required; can be empty)

Default: [empty]

Mail

omero.mail.bean

Mail sender properties

Default: defaultMailSender

omero.mail.config

Enable or disable mail sender (true or false).

Default: false

omero.mail.from

the email address used for the “from” field

Default: omero@${omero.mail.host}

omero.mail.host

the hostname of smtp server

Default: localhost

omero.mail.password

the password to connect to the smtp server (if required; can be empty)

Default: [empty]

omero.mail.port

the port of smtp server

Default: 25

omero.mail.smtp.auth

see javax.mail.Session properties

Default: false

omero.mail.smtp.connectiontimeout

Default: 60000

omero.mail.smtp.debug

Default: false

omero.mail.smtp.socketFactory.class

Default: javax.net.SocketFactory

omero.mail.smtp.socketFactory.fallback

Default: false

omero.mail.smtp.socketFactory.port

Default: ${omero.mail.port}

omero.mail.smtp.starttls.enable

Default: false

omero.mail.smtp.timeout

Default: 60000

omero.mail.transport.protocol

other smtp parameters; see org.springframework.mail.javamail.JavaMailSenderImpl

Default: smtp

omero.mail.username

the username to connect to the smtp server (if required; can be empty)

Default: [empty]

Metrics

omero.metrics.bean

Which bean to use: nullMetrics does nothing defaultMetrics uses the properties defined below

Default: defaultMetrics

omero.metrics.graphite

Address for Metrics to send server data

Default: [empty]

omero.metrics.slf4j_minutes

Number of minutes to periodically print to slf4j 0 or lower disables the printout.

Default: 60

Name

omero.name

Name of the OMERO component that is running in this process.

Default: Server

Performance

omero.sessions.max_user_time_to_idle

Sets the maximum duration in milliseconds a user can request before a login is required due to inactivity.

Default: 6000000

omero.sessions.max_user_time_to_live

Sets the maximum duration in milliseconds a user can request before a login is required (0 signifies never).

Default: 0

omero.sessions.maximum

Sets the default duration before a login is required; 0 signifies never.

Default: 0

omero.sessions.sync_force

Default: 1800000

omero.sessions.sync_interval

Default: 120000

omero.sessions.timeout

Sets the default duration of inactivity in milliseconds after which a login is required.

Default: 600000

omero.threads.background_threads

Number of threads from the max_threads pool that can be used at any given time for background tasks like import.

Default: 10

omero.threads.background_timeout

Number of milliseconds to wait for a slot in the background queue before a rejection error will be raised.

Default: 3600000

omero.threads.cancel_timeout

Default: 5000

omero.threads.idle_timeout

Default: 5000

omero.threads.max_threads

Maximum number of threads that can simultaneously run at the “USER” priority level. Internal system threads may still run.

Default: 50

omero.threads.min_threads

Number of threads that will be kept waiting at all times.

Default: 5

omero.throttling.method_time.error

Time in milliseconds after which a single method invocation will print a ERROR statement to the server log. If ERRORs are frequently being printed to your logs, you may want to increase this value after checking that no actual problem exists. Values of more than 60000 (1 minute) are not advised.

Default: 20000

omero.throttling.method_time.error.indexer

Value for the indexer is extended to 1 day

Default: 86400000

omero.throttling.method_time.warn

Time in milliseconds after which a single method invocation will print a WARN statement to the server log.

Default: 5000

omero.throttling.method_time.warn.indexer

Value for the indexer is extended to 1 hour

Default: 3600000

omero.throttling.objects_read_interval

Default: 1000

omero.throttling.objects_written_interval

Default: 1000

omero.throttling.servants_per_session

Default: 10000

Pixeldata

omero.pixeldata.backoff

Name of the spring bean which will be used to calculate the backoff (in ms) that users should wait for an image to be ready to view.

Default: ome.io.nio.SimpleBackOff

omero.pixeldata.backoff.default

A default value for the backoff time.

Default: 1000

omero.pixeldata.backoff.maxpixels

The maximum number of pixels (in any dimension), if exceeded the default value will be used.

Default: 1000000

omero.pixeldata.batch

Number of instances indexed per indexing. (Ignored by pixelDataEventLogQueue)

Default: 50

omero.pixeldata.cron

Polling frequency of the pixeldata processing. Set empty to disable pixeldata processing.

Cron Format: seconds minutes hours day-of-month month day-of-week year (optional). For example, “0,30 * * * * ?” is equivalent to running every 30 seconds. For more information download the latest 1.x version of the Quartz Job Scheduler and review docs/api/org/quartz/CronExpression.html within the distribution.

Default: */4 * * * * ?

omero.pixeldata.dispose

Whether the PixelData.dispose() method should try to clean up ByteBuffer instances which may lead to memory exceptions. See ticket #11675 for more information. Note: the property is set globally for the JVM.

Default: true

omero.pixeldata.event_log_loader

EventLogLoader that will be used for loading EventLogs for the action “PIXELDATA”. Choices include: pixelDataEventLogQueue and the older pixelDataPersistentEventLogLoader

Default: pixelDataEventLogQueue

omero.pixeldata.max_plane_height

With omero.pixeldata.max_plane_width, specifies the plane size cutoff above which a pixel pyramid will be generated by the pixeldata service unless subresolutions can be read from the file format. These values will be ignored for floating or double pixel data types where no pyramid will be generated.

Default: 3192

omero.pixeldata.max_plane_width

With omero.pixeldata.max_plane_height, specifies the plane size cutoff above which a pixel pyramid will be generated by the pixeldata service unless subresolutions can be read from the file format. These values will be ignored for floating or double pixel data types where no pyramid will be generated.

Default: 3192

omero.pixeldata.max_projection_bytes

Specifies the maximum number of bytes the server will allow to be projected in real time with the rendering engine.

Default: 268435456

omero.pixeldata.memoizer.dir

The directory in which Bio-Formats may create memo files for images from the managed repository.

Default: ${omero.data.dir}/BioFormatsCache

omero.pixeldata.memoizer.dir.local

For read-only servers set this to a local read-write directory so that memo files can be created and used. Activates only if the binary repository is read-only.

Default: [empty]

omero.pixeldata.memoizer_wait

Maximum time in milliseconds that file parsing can take without the parsed metadata being cached to omero.pixeldata.memoizer.dir.

Default: 0

omero.pixeldata.repetitions

Instead, it is possible to tell the server to run more pixeldata repetitions, each of which gets completely committed before the next. This will only occur when there is a substantial backlog of pixels to process.

(Ignored by pixelDataEventLogQueue; uses threads instead)

Default: 1

omero.pixeldata.threads

How many pixel pyramids will be generated at a single time. The value should typically not be set to higher than the number of cores on the server machine.

Default: 2

omero.pixeldata.tile_height

Default: 256

omero.pixeldata.tile_sizes_bean

Default sizes for tiles are provided by a ome.io.nio.TileSizes implementation. By default the bean (“configuredTileSizes”) uses the properties provided here.

Default: configuredTileSizes

omero.pixeldata.tile_width

Default: 256

Policy

omero.policy.bean

Instance of the PolicyService interface which will be responsible for checking certain server actions made by a user.

Default: defaultPolicyService

omero.policy.binary_access

Configuration for the policy of whether users can access binary files from disk. Binary access includes all attempts to download a file from the UI.

The individual components of the string include:

  • write - whether or not users who have WRITE access to the objects can access the binary. This includes group and system administrators.

  • read - whether or not users who have READ access to the objects can access the binary.

  • image - whether or not images are to be considered accessible as a rule.

  • plate - whether or not plates and contained HCS objects are to be considered accessible as a rule. This includes wells, well samples, and plate runs.

Though the order of the components of the property are not important, the order that they are listed above roughly corresponds to their priority. E.g. a -write value will override +plate.

Example 1: “-read,+write,+image,-plate” only owners of an image and admins can download it.

Example 2: “-read,-write,-image,-plate” no downloading is possible.

Configuration properties of the same name can be applied to individual groups as well. E.g. adding, omero.policy.binary_access=-read to a group’s config property, you can prevent group-members from downloading original files, as at https://docs.openmicroscopy.org/latest/omero/sysadmins/customization.html#download-restrictions

Configuration is pessimistic: if there is a negative either on the group or at the server-level, the restriction will be applied. A missing value at the server restricts the setting but allows the server to override.

Default: +read, +write, +image

Ports

omero.ports.prefix

The prefix to apply to all port numbers (SSL, TCP, registry) used by the server

Default: [empty]

omero.ports.registry

The IceGrid registry port number to use

Default: 4061

omero.ports.ssl

The Glacier2 SSL port number to use

Default: 4064

omero.ports.tcp

The Glacier2 TCP port number to use (unencrypted)

Default: 4063

Query

omero.query.timeout

For the query service how many seconds before a query times out.

Default: 1000

omero.query.timeout.admin

How many seconds before a query times out for administrative users.

Default: ${omero.query.timeout}

Scripts

omero.launcher.jython

Executable on the PATH which will be used for scripts with the mimetype ‘text/x-jython’.

Default: jython

omero.launcher.matlab

Executable on the PATH which will be used for scripts with the mimetype ‘text/x-matlab’.

Default: matlab

omero.launcher.python

Executable on the PATH which will be used for scripts with the mimetype ‘text/x-python’.

No value implies use sys.executable

Default: [empty]

omero.process.jython

Server implementation which will be used for scripts with the mimetype ‘text/x-jython’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.ProcessI

omero.process.matlab

Server implementation which will be used for scripts with the mimetype ‘text/x-matlab’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.MATLABProcessI

omero.process.python

Server implementation which will be used for scripts with the mimetype ‘text/x-python’. Changing this value requires that the appropriate class has been installed on the server.

Default: omero.processor.ProcessI

omero.scripts.cache.cron

Frequency to reload script params. By default, once a day at midnight.

Cron Format: seconds minutes hours day-of-month month day-of-week year (optional). For example, “0,30 * * * * ?” is equivalent to running every 30 seconds. For more information download the latest 1.x version of the Quartz Job Scheduler and review docs/api/org/quartz/CronExpression.html within the distribution.

Default: 0 0 0 * * ?

omero.scripts.cache.spec

Guava LoadingCache spec for configuring how many script JobParams will be kept in memory for how long.

For more information, see https://google.github.io/guava/releases/27.1-jre/api/docs/com/google/common/cache/CacheBuilderSpec.html

Default: maximumSize=1000

omero.scripts.timeout

Default: 3600000

Security

omero.security.chmod_strategy

Default: groupChmodStrategy

omero.security.filter.bitand

Default: (int8and(permissions, %s) = %s)

omero.security.keyStore

A keystore is a database of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. A keystore is mostly needed if you are doing client-side certificates for authentication against your LDAP server.

Default: [empty]

omero.security.keyStorePassword

Sets the password of the keystore

Default: [empty]

omero.security.login_failure_throttle_count

Default: 1

omero.security.login_failure_throttle_time

Default: 3000

omero.security.password_provider

Implementation of PasswordProvider that will be used to authenticate users. Typically, a chained password provider will be used so that if one form of authentication (e.g. LDAP) does not work, other attempts will be made.

Default: chainedPasswordProvider

omero.security.password_required

Controls whether the server will allow creation of user accounts with an empty password. If set to true (default, strict mode), empty passwords are disallowed. This still allows the guest user to interact with the server.

Default: true

omero.security.trustStore

A truststore is a database of trusted entities and their associated X.509 certificate chains authenticating the corresponding public keys. The truststore contains the Certificate Authority (CA) certificates and the certificate(s) of the other party to which this entity intends to send encrypted (confidential) data. This file must contain the public key certificates of the CA and the client’s public key certificate.

Default: [empty]

omero.security.trustStorePassword

Sets the password of the truststore

Default: [empty]

Version

omero.version

Value dynamically set during the build

Default: 5.6.3

Web

omero.web.admins

A list of people who get code error notifications whenever the application identifies a broken link or raises an unhandled exception that results in an internal server error. This gives the administrators immediate notification of any errors, see OMERO.mail. Example:'[["Full Name", "email address"]]'.

Default: []

omero.web.application_server

OMERO.web is configured to run in Gunicorn as a generic WSGI (TCP)application by default. Available options: wsgi-tcp (Gunicorn, default), wsgi (Advanced users only, e.g. manual Apache configuration with mod_wsgi).

Default: wsgi-tcp

omero.web.application_server.host

The front-end webserver e.g. NGINX can be set up to run on a different host from OMERO.web. The property ensures that OMERO.web is accessible on an external IP. It requires copying all the OMERO.web static files to the separate NGINX server.

Default: 127.0.0.1

omero.web.application_server.max_requests

The maximum number of requests a worker will process before restarting.

Default: 0

omero.web.application_server.port

Upstream application port

Default: 4080

omero.web.apps

Add additional Django applications. For example, see Creating an app

Default: []

omero.web.base_include_template

Template to be included in every page, at the end of the <body>

Default: None

omero.web.caches

OMERO.web offers alternative session backends to automatically delete stale data using the cache session store backend, see Django cached session documentation for more details.

Default: {\”default\”: {\”BACKEND\”: \”django.core.cache.backends.dummy.DummyCache\”}}

omero.web.chunk_size

Size, in bytes, of the “chunk”

Default: 1048576

omero.web.cors_origin_allow_all

If True, cors_origin_whitelist will not be used and all origins will be authorized to make cross-site HTTP requests.

Default: false

omero.web.cors_origin_whitelist

A list of origin hostnames that are authorized to make cross-site HTTP requests. Used by the django-cors-headers app as described at https://github.com/ottoyiu/django-cors-headers

Default: []

omero.web.databases

Default: {}

omero.web.debug

A boolean that turns on/off debug mode. Use debug mode only in development, not in production, as it logs sensitive and confidential information in plaintext.

Default: false

omero.web.django_additional_settings

Additional Django settings as list of key-value tuples. Use this to set or override Django settings that aren’t managed by OMERO.web. E.g. ["CUSTOM_KEY", "CUSTOM_VALUE"]

Default: []

omero.web.feedback.comment.enabled

Enable the feedback form for comments. These comments are sent to the URL in omero.qa.feedback (OME team by default).

Default: true

omero.web.feedback.error.enabled

Enable the feedback form for errors. These errors are sent to the URL in omero.qa.feedback (OME team by default).

Default: true

omero.web.html_meta_referrer

Default content for the HTML Meta referrer tag. See https://www.w3.org/TR/referrer-policy/#referrer-policies for allowed values and https://caniuse.com/#feat=referrer-policy for browser compatibility. Warning: Internet Explorer 11 does not support the default value of this setting, you may want to change this to “origin” after reviewing the linked documentation.

Default: origin-when-crossorigin

omero.web.index_template

Define template used as an index page http://your_host/omero/.If None user is automatically redirected to the login page.For example use ‘webclient/index.html’.

Default: None

omero.web.logdir

A path to the custom log directory.

Default: /home/omero/OMERO.server/var/log

omero.web.login.client_downloads_base

GitHub repository containing the Desktop client downloads

Default: ome/omero-insight

omero.web.login.show_client_downloads

Whether to link to official client downloads on the login page

Default: true

omero.web.login_incorrect_credentials_text

The error message shown to users who enter an incorrect username or password.

Default: Connection not available, please check your user name and password.

omero.web.login_redirect

Redirect to the given location after logging in. It only supports arguments for Django reverse function. For example: '{"redirect": ["webindex"], "viewname": "load_template", "args":["userdata"], "query_string": {"experimenter": -1}}'

Default: {}

omero.web.login_view

The Django view name used for login. Use this to provide an alternative login workflow.

Default: weblogin

omero.web.maximum_multifile_download_size

Prevent multiple files with total aggregate size greater than this value in bytes from being downloaded as a zip archive.

Default: 1073741824

omero.web.middleware

Warning: Only system administrators should use this feature. List of Django middleware classes in the form [{“class”: “class.name”, “index”: FLOAT}]. See Django middleware. Classes will be ordered by increasing index

Default: [{\”index\”: 1, \”class\”: \”django.middleware.common.BrokenLinkEmailsMiddleware\”},{\”index\”: 2, \”class\”: \”django.middleware.common.CommonMiddleware\”},{\”index\”: 3, \”class\”: \”django.contrib.sessions.middleware.SessionMiddleware\”},{\”index\”: 4, \”class\”: \”django.middleware.csrf.CsrfViewMiddleware\”},{\”index\”: 5, \”class\”: \”django.contrib.messages.middleware.MessageMiddleware\”},{\”index\”: 6, \”class\”: \”django.middleware.clickjacking.XFrameOptionsMiddleware\”}]

omero.web.nginx_server_extra_config

Extra configuration lines to add to the Nginx server block. Lines will be joined with n. Remember to terminate lines with; when necessary.

Default: []

omero.web.open_with

A list of viewers that can be used to display selected Images or other objects. Each viewer is defined as ["Name", "url", options]. Url is reverse(url). Selected objects are added to the url as ?image=:1&image=2Objects supported must be specified in options with e.g. {"supported_objects":["images"]} to enable viewer for one or more images.

Default: [[\”Image viewer\”, \”webgateway\”, {\”supported_objects\”: [\”image\”],\”script_url\”: \”webclient/javascript/ome.openwith_viewer.js\”}]]

omero.web.page_size

Number of images displayed within a dataset or ‘orphaned’ container to prevent from loading them all at once.

Default: 200

omero.web.ping_interval

Timeout interval between ping invocations in seconds

Default: 60000

omero.web.pipeline_css_compressor

Compressor class to be applied to CSS files. If empty or None, CSS files won’t be compressed.

Default: None

omero.web.pipeline_js_compressor

Compressor class to be applied to JavaScript files. If empty or None, JavaScript files won’t be compressed.

Default: None

omero.web.pipeline_staticfile_storage

The file storage engine to use when collecting static files with the collectstatic management command. See the documentation for more details.

Default: pipeline.storage.PipelineStorage

omero.web.prefix

Used as the value of the SCRIPT_NAME environment variable in any HTTP request.

Default: None

omero.web.public.cache.enabled

Default: false

omero.web.public.cache.key

Default: omero.web.public.cache.key

omero.web.public.cache.timeout

Default: 86400

omero.web.public.enabled

Enable and disable the OMERO.web public user functionality.

Default: false

omero.web.public.get_only

Restrict public users to GET requests only

Default: true

omero.web.public.password

Password to use during authentication.

Default: None

omero.web.public.server_id

Server to authenticate against.

Default: 1

omero.web.public.url_filter

Set a regular expression that matches URLs the public user is allowed to access. If this is not set, no URLs will be publicly available.

Default: (?#This regular expression matches nothing)a^

omero.web.public.user

Username to use during authentication.

Default: None

omero.web.redirect_allowed_hosts

If you wish to allow redirects to an external site, the domains must be listed here. For example [“openmicroscopy.org”].

Default: []

omero.web.root_application

Override the root application label that handles /. Warning you must ensure the application’s URLs do not conflict with other applications. omero-gallery is an example of an application that can be used for this (set to gallery)

Default: [empty]

omero.web.secret_key

A boolean that sets SECRET_KEY for a particular Django installation.

Default: None

omero.web.secure

Force all backend OMERO.server connections to use SSL.

Default: false

omero.web.secure_proxy_ssl_header

A tuple representing a HTTP header/value combination that signifies a request is secure. Example '["HTTP_X_FORWARDED_PROTO_OMERO_WEB", "https"]'. For more details see secure proxy ssl header.

Default: []

omero.web.server_list

A list of servers the Web client can connect to.

Default: [[\”localhost\”, 4064, \”omero\”]]

omero.web.session_engine

Controls where Django stores session data. See Configuring the session engine for more details.

Default: omeroweb.filesessionstore

omero.web.session_expire_at_browser_close

A boolean that determines whether to expire the session when the user closes their browser. See Django Browser-length sessions vs. persistent sessions documentation for more details.

Default: true

omero.web.sharing.opengraph

Dictionary of server-name: site-name, where server-name matches a name from omero.web.server_list. For example: '{"omero": "Open Microscopy"}'

Default: {}

omero.web.sharing.twitter

Dictionary of server-name: @twitter-site-username, where server-name matches a name from omero.web.server_list. For example: '{"omero": "@openmicroscopy"}'

Default: {}

omero.web.static_root

The absolute path to the directory where collectstatic will collect static files for deployment. If the staticfiles contrib app is enabled (default) the collectstatic management command will collect static files into this directory.

Default: /home/omero/OMERO.server/var/static

omero.web.static_url

URL to use when referring to static files. Example: '/static/' or 'http://static.example.com/'. Used as the base path for asset definitions (the Media class) and the staticfiles app. It must end in a slash if set to a non-empty value.

Default: /static/

omero.web.staticfile_dirs

Defines the additional locations the staticfiles app will traverse if the FileSystemFinder finder is enabled, e.g. if you use the collectstatic or findstatic management command or use the static file serving view.

Default: []

omero.web.template_dirs

List of locations of the template source files, in search order. Note that these paths should use Unix-style forward slashes.

Default: []

omero.web.thumbnails_batch

Number of thumbnails retrieved to prevent from loading them all at once. Make sure the size is not too big, otherwise you may exceed limit request line, see https://docs.gunicorn.org/en/latest/settings.html?highlight=limit_request_line

Default: 50

omero.web.ui.center_plugins

Add plugins to the center panels. Plugins are ['Channel overlay', 'webtest/webclient_plugins/center_plugin.overlay.js.html', 'channel_overlay_panel']. The javascript loads data into $('#div_id').

Default: []

omero.web.ui.metadata_panes

Manage Metadata pane accordion. This functionality is limited to the existing sections.

Default: [{\”name\”: \”tag\”, \”label\”: \”Tags\”, \”index\”: 1},{\”name\”: \”map\”, \”label\”: \”Key-Value Pairs\”, \”index\”: 2},{\”name\”: \”table\”, \”label\”: \”Tables\”, \”index\”: 3},{\”name\”: \”file\”, \”label\”: \”Attachments\”, \”index\”: 4},{\”name\”: \”comment\”, \”label\”: \”Comments\”, \”index\”: 5},{\”name\”: \”rating\”, \”label\”: \”Ratings\”, \”index\”: 6},{\”name\”: \”other\”, \”label\”: \”Others\”, \”index\”: 7}]

omero.web.ui.right_plugins

Add plugins to the right-hand panel. Plugins are ['Label', 'include.js', 'div_id']. The javascript loads data into $('#div_id').

Default: [[\”Acquisition\”, \”webclient/data/includes/right_plugin.acquisition.js.html\”, \”metadata_tab\”],[\”Preview\”, \”webclient/data/includes/right_plugin.preview.js.html\”, \”preview_tab\”]]

omero.web.use_x_forwarded_host

Specifies whether to use the X-Forwarded-Host header in preference to the Host header. This should only be enabled if a proxy which sets this header is in use.

Default: false

omero.web.user_dropdown

Whether or not to include a user dropdown in the base template. Particularly useful when used in combination with the OMERO.web public user where logging in may not make sense.

Default: true

omero.web.viewer.view

Django view which handles display of, or redirection to, the desired full image viewer.

Default: omeroweb.webclient.views.image_viewer

omero.web.webgateway_cache

Default: None

omero.web.wsgi_args

A string representing Gunicorn additional arguments. Check Gunicorn Documentation https://docs.gunicorn.org/en/latest/settings.html

Default: None

omero.web.wsgi_timeout

Workers silent for more than this many seconds are killed and restarted. Check Gunicorn Documentation https://docs.gunicorn.org/en/stable/settings.html#timeout

Default: 60

omero.web.wsgi_workers

The number of worker processes for handling requests. Check Gunicorn Documentation https://docs.gunicorn.org/en/stable/settings.html#workers

Default: 5

omero.web.x_frame_options

Whether to allow OMERO.web to be loaded in a frame.

Default: SAMEORIGIN