File Upload

Configure file upload and storage

Configure file uploads and storage on your workspace.

To access the menu on your workspace, navigate to Administration > Workspace > Settings > File Upload

Remember always to hit Save Changes to apply any changes made.

General Settings

• File Uploads Enabled: Use this setting to enable or restrict file uploads on your workspace

• Maximum File Upload Size (in bytes): Use this setting to define the maximum allowed file size for uploads. Set it to -1 to remove the file size limitation. Make sure the maximum file upload size matches that of your proxy if any is used.

• Accepted Media Types: Use this setting to define the files the users can upload.

  Comma-separated list of media types. Leave it blank for accepting all media types.

• Blocked Media Types: Define what types of files are blocked on the workspace.

  Comma-separated list of media types. This setting has priority over the Accepted Media Types.

• Protect Uploaded Files

  • Yes: Only authenticated users can have access to the uploaded files.

  • No: If in possession of the uploaded file's URL, unauthenticated users can access and download said files.

• Restrict files to rooms' members: Restrict the access of files uploaded on rooms to the rooms' members only.

• Rotate images on upload: Turn on to enable image rotation. This affects the image quality.

  • Enable JSON Web Tokens protection to file uploads: Turn on to enable JWT protection on file uploads.

• File Upload Json Web Token Secret: Set the JWT secret to be used.

• Storage Type

  • AmazonS3: Uses the Amazon S3 storage type

  • Google Cloud Storage: Uses the Google Cloud Storage storage type

  • WebDAV: Uses the WebDav storage type

  • FileSystem: Uses the FileSystem storage type

• File Uploads Enabled in Direct Messages: Use this setting to enable or restrict file uploads on Direct Messages

Amazon S3

You can find a more detailed guide on how to set up your Amazon S3 server here.

• Bucket name: The bucket name you've created on Amazon S3

• Acl(Optional): A Canned ACL configuration (see a complete list here)

• Access Key: Your Amazon Access Key ID (optional)

• Secret Key: Your Amazon Secret Access Key (optional)

  Note: If no AWSAccessKeyId and AWSSecretAccessKey are set, the underlying AWS SDK the will fallback to trying to retrieve credentials from the usual locations.

• CDN Domain for Downloads(Optional): If you had set a CDN for your bucket, put it here

• Region(Optional): If you have created your bucket on region different from the US Standard, you have to set their code here (see a list of region codes here)

• Bucket URL(Optional): Override the URL to which files are uploaded. This URL is also used for downloads unless a CDN is given

• Signature Version: Identifies the version of AWS Signature that you want to support for authenticated requests.

• Force Path Style: Enable force path style.

• URLs Expiration Timespan: Time after which Amazon S3 generated URLs are no longer valid (in seconds). If set to less than 5 seconds, this field is ignored.

  If you run into issues with files not loading consistently for some users located further from server location. Increasing this time might help.

• Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL

• Proxy Uploads: Proxy upload file transmissions through your server instead of direct access to the asset's URL

Amazon S3 CORS Configuration

Set the following CORS Configuration to your bucket.

XML format (if using the old AWS console Interface):

[
    {
        "AllowedHeaders": [
            "*"  
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET",
            "HEAD"
        ],  
        "AllowedOrigins": [
            "*ROCKET_CHAT_DOMAIN*"
        ],  
        "ExposeHeaders": [], 
        "MaxAgeSeconds": 3000
    } 
]

JSON format (if using the new AWS console Interface):

[
  {
    "AllowedHeaders": [
        "*"
    ],
    "AllowedMethods": [
        "PUT",
        "POST",
        "GET",
        "HEAD"
    ],
    "AllowedOrigins": [
        "*ROCKET_CHAT_DOMAIN*"
    ],
    "ExposeHeaders": [],
    "MaxAgeSeconds": 3000
  }
]

Note: Replace *ROCKET_CHAT_DOMAIN* with the domain of your Rocket.Chat installation, e.g. https://chat.example.com. Setting CORS to * posses a security risk because it allows for requests from any host on the Internet.

FileSystem

• System Path: The local path for where the uploaded files are stored.

Google Cloud Storage

The settings used when configuring a Google Cloud Storage server. You can find more details here.

• Google Storage Bucket Name: The bucket name to which the files should be uploaded.

• Google Storage Access Id: The access ID (or username) of the service account which has access to your Cloud Storage bucket.

  The Access Id is generally in an email format, for example: "example-test@example.iam.gserviceaccount.com"

• Google Storage Secret: A .pem containing your private key and certificate.

  You can find a guide here on how to get your keys.

• Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL

• Proxy Uploads: Proxy upload file transmissions through your server instead of direct access to the asset's URL

More Information

About Google Storage Secret

The value here takes an argument of a PEM file to connect to your Cloud Storage bucket. When you create a service account, you have the ability to download a JSON file that contains a number of variables. You need the unescaped private key, along with one of the certificates linked at the bottom of the JSON.

Syntax then looks just like a regular PEM file:

-----BEGIN PRIVATE KEY-----
unescaped private key goes here
-----END PRIVATE KEY-----
----BEGIN CERTIFICATE-----
first certificate goes here
-----END CERTIFICATE-----

Enter this into Rocket.Chat to allow the authentication with Google and store items in the bucket.

WebDAV

The settings used for WebDAV as a storage server.

• Upload Folder Path: WebDAV folder path to which files are uploaded to.

• WebDAV Server Access URL: The URL of the WebDAV server (WebDAV URLs of Common Cloud Storage Services).

• WebDAV Username: Username for the remote WebDav server.

• WebDAV Password: Password for the remote WebDAV server.

• Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL.

• Proxy Uploads: Proxy uploads file transmissions through your server instead of directly accessing the asset's URL.