File Upload Settings

Configure file uploads and storage on your workspace. To access the menu on your workspace, go to Administration > Workspace > Settings > File Upload.

Remember to hit Save Changes to apply any changes made.

General file upload settings

Field	Description
File Uploads Enabled	Use this setting to enable or restrict file uploads on your workspace.
Maximum File Upload Size (in bytes)	Define the maximum allowed file size for uploads. Enter `-1` to remove the file size limitation. Ensure the maximum file upload size matches your proxy's if any is used.
Accepted Media Types	Enter the file types users can upload. Enter a comma-separated list of media types, or leave it blank to accept all media types.
Blocked Media Types	Specify the file types to block in the workspace by entering the MIME types, separated by commas (with or without spaces). This setting has priority over the Accepted Media Types. For example, adding `text/plain,image/jpeg,video/mp4` blocks `.txt`, `.jpeg`, `.jpg` and, `.mp4` files.
Protect Uploaded Files	Enabled: Only authenticated users can access the uploaded files. Disabled: Unauthenticated users can access and download files if they have access to the file’s URL.
Restrict files to rooms' members	Restrict the access of files uploaded on rooms to the rooms' members only.
Restrict files access to users who can access room	Allows users with access to a room (such as those with Livechat manager or monitor roles or agents with special permissions to view closed rooms) to download files. This option is disabled if the Restrict files to rooms' members setting is enabled.
Rotate images on upload	Enable image rotation. It may cause a loss of image quality.
Enable JSON Web Tokens protection to file uploads	Enable JWT protection on file uploads.
File Upload Json Web Token Secret	Enter the JWT secret to be used.
Storage Type	The options are as follows: GridFS: Uses the default MongoDB specification for storage. Visit Recommendations for File Upload to learn more. AmazonS3: Select this option if you have configured Amazon S3 for storage. Then, configure the S3 settings described below. Google Cloud Storage: Select this option if you want to use the Google Cloud storage type. Then, configure the Google Cloud Storage settings described below. WebDAV: Select this option if you want to use WebDAV storage type. Then, configure the WebDAV settings described below. FileSystem: Select this option if you want to use File System storage type. Then, configure the File System settings described below.
File Uploads Enabled in Direct Messages	Enable this setting to allow file uploads in DMs.

Configure Amazon S3 file storage

You can find a more detailed guide on how to set up your Amazon S3 server here.

In your workspace, go to Settings > File Upload > Amazon S3 tab and update the following settings:

Field	Description
Bucket name	Enter the bucket name you've created on Amazon S3.
Acl(Optional)	A canned ACL configuration (see a complete list here).
Access Key	Enter your Amazon access key ID.
Secret Key	Enter your Amazon secret access key. If no `AWSAccessKeyId` and `AWSSecretAccessKey` are set, the underlying AWS SDK will fallback to trying to retrieve credentials from the usual locations.
CDN Domain for Downloads(Optional)	If you have set a CDN for your bucket, enter the value here.
Region(Optional)	If you have created your bucket in a region different from the US Standard, you must set their code here (see a list of region codes here).
Bucket URL(Optional)	Override the URL to which files are uploaded. This URL is also used for downloads unless a CDN is provided.
Signature Version	Identifies the version of AWS signature that you want to support for authenticated requests.
Force Path Style	Enable force path style. See the AWS documentation for details: Virtual hosting of buckets and forcePathStyle endpoint.
URLs Expiration Timespan	Time (in seconds) after which Amazon S3 generated URLs are no longer valid. If set to less than 5 seconds, this field is ignored. If you run into issues with files not loading consistently for some users located further from server location, increasing this time might help.
Proxy Avatars	Enable proxy avatar file transmissions through your server instead of direct access to the asset's URL.
Proxy Uploads	Enable proxy upload file transmissions through your server instead of direct access to the asset's URL.
Proxy User Data Files	Proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.

Amazon S3 CORS Configuration

Set the following CORS Configuration to your bucket.

XML format (if using the old AWS console Interface):

[
    {
        "AllowedHeaders": [
            "*"  
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET",
            "HEAD"
        ],  
        "AllowedOrigins": [
            "*ROCKET_CHAT_DOMAIN*"
        ],  
        "ExposeHeaders": [], 
        "MaxAgeSeconds": 3000
    } 
]

JSON format (if using the new AWS console Interface):

[
  {
    "AllowedHeaders": [
        "*"
    ],
    "AllowedMethods": [
        "PUT",
        "POST",
        "GET",
        "HEAD"
    ],
    "AllowedOrigins": [
        "*ROCKET_CHAT_DOMAIN*"
    ],
    "ExposeHeaders": [],
    "MaxAgeSeconds": 3000
  }
]

Note: Replace *ROCKET_CHAT_DOMAIN* with the domain of your Rocket.Chat installation, e.g. https://chat.example.com. Setting CORS to * posses a security risk because it allows for requests from any host on the Internet.

Configure file system storage

In your workspace, go to Settings > File Upload > File System tab. In the System Path, enter the local path on the server where the uploaded files should be stored.

Check the Recommendations for File Upload to learn how File System works.

Configure Google cloud storage

Use these settings if you have configured a Google cloud storage server. You can find more details here.

In your workspace, go to Settings > File Upload > Google Cloud Storage tab and update the following settings:

Field	Description
Google Storage Bucket Name	Enter the bucket name to which the files should be uploaded.
Google Storage Access ID	Enter the access ID (or username) of the service account that has access to your Cloud Storage bucket. The access ID is generally in an email format, for example, `[email protected]`.
Google Storage Secret	Enter a `.pem` containing your private key and certificate. You can find a guide here on how to get your keys.
Project ID	Enter the project ID from the Google Developer's Console.
Proxy Avatars	Enable proxy avatar file transmissions through your server instead of direct access to the asset's URL.
Proxy Uploads	Enabe proxy upload file transmissions through your server instead of direct access to the asset's URL.
Proxy User Data Files	Enable proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.

More information about Google Storage Secret

The value here takes an argument of a PEM file to connect to your Cloud Storage bucket. When you create a service account, you can download a JSON file that contains several variables. You need the unescaped private key and one of the certificates linked at the bottom of the JSON.

Syntax then looks just like a regular PEM file:

-----BEGIN PRIVATE KEY-----
unescaped private key goes here
-----END PRIVATE KEY-----
----BEGIN CERTIFICATE-----
first certificate goes here
-----END CERTIFICATE-----

Enter this into Rocket.Chat to allow the authentication with Google and store items in the bucket.

Configure WebDAV storage

If you are using WebDAV as a storage server, configure these settings in your workspace from Settings > File Upload > WebDAV:

Field	Description
Upload Folder Path	Enter the WebDAV folder path to which files are uploaded.
WebDAV Server Access URL	Enter the URL of the WebDAV server (WebDAV URLs of Common Cloud Storage Services).
WebDAV Username	Enter your username for the remote WebDav server.
WebDAV Password	Enter your password for the remote WebDAV server.
Proxy Avatars	Enable proxy avatar file transmissions through your server instead of direct access to the asset's URL.
Proxy Uploads	Enabe proxy upload file transmissions through your server instead of direct access to the asset's URL.
Proxy User Data Files	Enable proxy user data file transmissions through your server instead of direct access to the asset's URL. For example, exporting a room as file.