File Upload
    • Dark
      Light
    • PDF

    File Upload

    • Dark
      Light
    • PDF

    Article summary

    Configure file uploads and storage on your workspace. To access the menu on your workspace, go to Administration > Workspace > Settings > File Upload.

    Remember to hit Save Changes to apply any changes made.

    General settings

    • File Uploads Enabled: Use this setting to enable or restrict file uploads on your workspace

    • Maximum File Upload Size (in bytes): This setting defines the maximum allowed file size for uploads. Set it to -1 to remove the file size limitation. Ensure the maximum file upload size matches your proxy's if any is used.

    • Accepted Media Types: This setting defines the files users can upload.

      Comma-separated list of media types. Leave it blank for accepting all media types.

    • Blocked Media Types: Specify the types of files to block in the workspace by entering the MIME types, separated by commas (with or without spaces). This setting has priority over the Accepted Media Types. For example, adding text/plain,image/jpeg,video/mp4 blocks .txt, .jpeg, .jpg and, .mp4 files.

    • Protect Uploaded Files

      • Yes: Only authenticated users can access the uploaded files.

      • No: If in possession of the uploaded file's URL, unauthenticated users can access and download said files.

    • Restrict files to rooms' members: Restrict the access of files uploaded on rooms to the rooms' members only.

    • Restrict files access to users who can access room: Allows users with access to a room (such as those with Livechat manager or monitor roles or agents with special permissions to view closed rooms) to download files.

    • Rotate images on upload: Turn on to enable image rotation. This affects the image quality.

    • Enable JSON Web Tokens protection to file uploads: Turn on to enable JWT protection on file uploads.

    • File Upload Json Web Token Secret: Set the JWT secret to be used.

    • Storage Type

    • File Uploads Enabled in Direct Messages: Use this setting to enable or restrict file uploads on Direct Messages

    Amazon S3

    You can find a more detailed guide on how to set up your Amazon S3 server here.

    • Bucket name: The bucket name you've created on Amazon S3

    • Acl(Optional): A Canned ACL configuration (see a complete list here)

    • Access Key: Your Amazon Access Key ID.

    • Secret Key: Your Amazon Secret Access Key.

      Note: If no AWSAccessKeyId and AWSSecretAccessKey are set, the underlying AWS SDK will fallback to trying to retrieve credentials from the usual locations.

    • CDN Domain for Downloads(Optional): If you had set a CDN for your bucket, put it here

    • Region(Optional): If you have created your bucket in a region different from the US Standard, you have to set their code here (see a list of region codes here)

    • Bucket URL(Optional): Override the URL to which files are uploaded. This URL is also used for downloads unless a CDN is given

    • Signature Version: Identifies the version of AWS Signature that you want to support for authenticated requests.

    • Force Path Style: Enable force path style.

    • URLs Expiration Timespan: Time after which Amazon S3 generated URLs are no longer valid (in seconds). If set to less than 5 seconds, this field is ignored.

      If you run into issues with files not loading consistently for some users located further from server location. Increasing this time might help.

    • Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL.

    • Proxy Uploads: Proxy upload file transmissions through your server instead of direct access to the asset's URL.

    • Proxy User Data Files: Proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.

    Amazon S3 CORS Configuration

    Set the following CORS Configuration to your bucket.

    XML format (if using the old AWS console Interface):

    [
        {
            "AllowedHeaders": [
                "*"  
            ],
            "AllowedMethods": [
                "PUT",
                "POST",
                "GET",
                "HEAD"
            ],  
            "AllowedOrigins": [
                "*ROCKET_CHAT_DOMAIN*"
            ],  
            "ExposeHeaders": [], 
            "MaxAgeSeconds": 3000
        } 
    ]

    JSON format (if using the new AWS console Interface):

    [
      {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*ROCKET_CHAT_DOMAIN*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
      }
    ]

    Note: Replace *ROCKET_CHAT_DOMAIN* with the domain of your Rocket.Chat installation, e.g. https://chat.example.com. Setting CORS to * posses a security risk because it allows for requests from any host on the Internet.

    FileSystem

    • System Path: The local path for where the uploaded files are stored.

    Check the Recommendations for File Upload to know more about FileSystem.

    Google cloud storage

    The settings used when configuring a Google cloud storage server. You can find more details here.

    • Google Storage Bucket Name: The bucket name to which the files should be uploaded.

    • Google Storage Access ID: The access ID (or username) of the service account that has access to your Cloud Storage bucket.

      The Access Id is generally in an email format, for example: "[email protected]"

    • Google Storage Secret: A .pem containing your private key and certificate.

      You can find a guide here on how to get your keys.

    • Project ID: The project ID from the Google Developer's Console

    • Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL

    • Proxy Uploads: Proxy upload file transmissions through your server instead of direct access to the asset's URL

    • Proxy User Data Files: Proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.

    More information about Google Storage Secret

    The value here takes an argument of a PEM file to connect to your Cloud Storage bucket. When you create a service account, you can download a JSON file that contains several variables. You need the unescaped private key and one of the certificates linked at the bottom of the JSON.

    Syntax then looks just like a regular PEM file:

    -----BEGIN PRIVATE KEY-----
    unescaped private key goes here
    -----END PRIVATE KEY-----
    ----BEGIN CERTIFICATE-----
    first certificate goes here
    -----END CERTIFICATE-----

    Enter this into Rocket.Chat to allow the authentication with Google and store items in the bucket.

    WebDAV

    The settings used for WebDAV as a storage server.

    • Upload Folder Path: WebDAV folder path to which files are uploaded.

    • WebDAV Server Access URL: The URL of the WebDAV server (WebDAV URLs of Common Cloud Storage Services).

    • WebDAV Username: Username for the remote WebDav server.

    • WebDAV Password: Password for the remote WebDAV server.

    • Proxy Avatars: Proxy avatar file transmissions through your server instead of direct access to the asset's URL.

    • Proxy Uploads: Proxy uploads file transmissions through your server instead of directly accessing the asset's URL.

    • Proxy User Data Files: Proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.


    Was this article helpful?

    What's Next