|
| 1 | +--- |
| 2 | +sidebar_position: 90 |
| 3 | +id: link-password-policy |
| 4 | +title: Public Links - Password Enforcement and Configuration |
| 5 | +description: Remove the password enforcement and configure the passwords requirements for public links |
| 6 | +draft: false |
| 7 | +--- |
| 8 | + |
| 9 | +# Public Links: Password Enforcement and Policy |
| 10 | + |
| 11 | +OpenCloud provides two related controls for passwords on public links: |
| 12 | + |
| 13 | +1. Password enforcement for public links (whether a password is required at all). |
| 14 | +2. Password policy (how strong a password must be, if a password is used/required). |
| 15 | + |
| 16 | +This guide shows how to configure both via `opencloud-compose/.env`. |
| 17 | + |
| 18 | +## Configure Password Enforcement for Public Links |
| 19 | + |
| 20 | +By default, OpenCloud requires a password for public shares. You can disable that requirement globally and (optionally) still require passwords for writable public links. |
| 21 | + |
| 22 | +### Disable the password requirement for all public links |
| 23 | + |
| 24 | +```env |
| 25 | +OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD=false |
| 26 | +``` |
| 27 | + |
| 28 | +Require a password for writable public links only |
| 29 | + |
| 30 | +```env |
| 31 | +OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=true |
| 32 | +``` |
| 33 | + |
| 34 | +This setting only applies when `OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` is set to false. |
| 35 | + |
| 36 | +## Configure Password Policy for Public Link Passwords |
| 37 | + |
| 38 | +OpenCloud can enforce strong(er) passwords by requiring occurrences of characters across different classes. You can individually configure the minimum number of: |
| 39 | + |
| 40 | +- lower-case characters |
| 41 | + |
| 42 | +- upper-case characters |
| 43 | + |
| 44 | +- digits |
| 45 | + |
| 46 | +- special characters |
| 47 | + |
| 48 | +that must appear in a valid password (and also set a minimum length). |
| 49 | + |
| 50 | +Add or adjust these variables in your .env file: |
| 51 | + |
| 52 | +### Enable/disable password policy checks |
| 53 | + |
| 54 | +- true = policy disabled (no complexity requirements enforced) |
| 55 | +- false = policy enabled (requirements below are enforced) |
| 56 | + |
| 57 | +```env |
| 58 | +OC_PASSWORD_POLICY_DISABLED=false |
| 59 | +``` |
| 60 | + |
| 61 | +### Minimum password length |
| 62 | + |
| 63 | +```env |
| 64 | +OC_PASSWORD_POLICY_MIN_CHARACTERS=8 |
| 65 | +``` |
| 66 | + |
| 67 | +### Minimum character-class requirements |
| 68 | + |
| 69 | +```env |
| 70 | +OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS=1 |
| 71 | +OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS=1 |
| 72 | +OC_PASSWORD_POLICY_MIN_DIGITS=1 |
| 73 | +OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS=1 |
| 74 | +``` |
| 75 | + |
| 76 | +### Optional: Path to a 'banned passwords list' file |
| 77 | + |
| 78 | +```env |
| 79 | +OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST="" |
| 80 | +``` |
| 81 | + |
| 82 | +The password policy only applies when a password is set/required for a public link. |
| 83 | + |
| 84 | +More information is available in the [developer documentation on password policy](../../dev/server/services/frontend/information#passwords). |
| 85 | + |
| 86 | +## Edit the .env File |
| 87 | + |
| 88 | +Open the environment configuration file located in your opencloud-compose directory: |
| 89 | + |
| 90 | +```bash |
| 91 | +nano opencloud-compose/.env |
| 92 | +``` |
| 93 | + |
| 94 | +Add or modify the variables from the sections above as needed, then save the file. |
| 95 | + |
| 96 | +## Restart Docker Services |
| 97 | + |
| 98 | +After saving the file, shut down and restart the Docker containers to apply the changes: |
| 99 | + |
| 100 | +```bash |
| 101 | +docker compose down |
| 102 | +docker compose up -d |
| 103 | +``` |
| 104 | + |
| 105 | +:::note |
| 106 | +This change applies globally to all public shares created after the restart. |
| 107 | +::: |
0 commit comments