UI configuration options#
This documentation applies to Piler enterprise edition 2.0.0
Revision #1
Publication date: 2025-SEP-09
PILER_KEY#
Default value: /etc/piler/piler.key
Description: Path to the private key file used by Piler for signing and cryptographic operations.
RETRIEVER_METHOD#
Default value: direct
Description: Defines how archived emails are retrieved. Options:
direct: Read directly from storagesocket: Use a UNIX domain socket connections3: Retrieve from Amazon S3 or compatible storage
LOG_LEVEL#
Default value: INFO
Description: Sets the logging verbosity level. Possible values: DEBUG, INFO, WARN, ERROR.
LOG_FORMAT#
Default value: json
Description: Output format of logs. Options: json, plain.
USERNAME#
Default value: ""
Description: Username for the UI to run when started as root.
LICENSE_FILE#
Default value: ./license.jwt
Description: Path to the license file containing a signed license token.
LISTEN_ADDR#
Default value: :3000
Description: Address and port where the Fiber web application will listen for HTTP requests.
TRUSTED_PROXIES#
Default value: 127.0.0.1
Description: Comma-separated list of trusted proxy IP addresses for handling forwarded headers.
PROXY_HEADER#
Default value: X-Forwarded-For
Description: HTTP header used to extract the real client IP address when behind a proxy.
RETRIEVER_SOCKET#
Default value: /var/piler/sockets/retriever.sock
Description: Path to the UNIX domain socket used when RETRIEVER_METHOD=socket.
MYSQL_USER#
Default value: piler
Description: MySQL database username.
MYSQL_PASSWORD#
Default value: piler123
Description: MySQL database password.
MYSQL_HOST#
Default value: localhost:3306
Description: Host and port of the MySQL server.
MYSQL_MAX_OPEN_CONN#
Default value: 50
Description: Maximum number of open MySQL connections per child process.
MYSQL_MAX_IDLE_CONN#
Default value: 20
Description: Maximum number of idle MySQL connections in the connection pool.
MYSQL_CONN_MAX_LIFETIME#
Default value: 300s
Description: Maximum lifetime of a MySQL connection before it is recycled.
MANTICORE_DSN#
Default value: piler:piler123@tcp(localhost:9306)/?parseTime=true
Description: DSN for connecting to Manticore search engine (read/write).
MANTICORE_READONLY_DSN#
Default value: piler:piler123@tcp(localhost:9307)/?parseTime=true
Description: DSN for connecting to Manticore search engine (read-only).
REDIS_ADDR#
Default value: 127.0.0.1:6379
Description: Redis server address.
TENANT_RATE_LIMIT_PER_MINUTE#
Default value: 20000
Description: Maximum number of requests allowed per tenant per minute.
IO_RATE_LIMIT_PER_ROUTE#
Default value: 200
Description: I/O rate limit for routes that retrieves emails or attachments from the storage, eg. view, download, attachments (requests per second).
DEV_MODE#
Default value: false
Description: Enables development mode with relaxed security and verbose logging.
NODE_TYPE#
Default value: master
Description: Role of the current node in a multi-node setup. Options: master, worker.
WORKERS#
Default value: ""
Description: List of worker node addresses (for multi-node setups).
JWT_SECRET#
Default value: ""
Description: Secret key used to sign JWT tokens.
ENABLE_CATEGORY#
Default value: true
Description: Enable or disable category handling in the UI.
ENABLE_REDACT#
Default value: true
Description: Enable or disable text redaction in the UI.
LANGUAGES#
Default value: de,en,es,fr,zh
Description: List of supported UI languages.
LOCALE#
Default value: en-US
Description: Default locale used for formatting dates and text.
LOGIN_LOGO#
Default value: /assets/images/login-logo.svg
Description: Path to the logo displayed on the login page.
HEADER_LOGO#
Default value: /assets/images/logo-header.svg
Description: Path to the logo displayed in the application header.
TOAST_LOGO#
Default value: /assets/images/logo-round.svg
Description: Path to the logo used in toast notifications.
HEADER_LINK#
Default value: ""
Description: Custom link displayed in the application header.
HEADER_LINK_TITLE#
Default value: ""
Description: Title text for the header link.
MAX_CONTENT_LENGTH_TO_DISPLAY#
Default value: 30000
Description: Maximum content size (in bytes) to render in the UI. Longer messages are truncated in the message preview, but other than that the message is still intact.
RT_INDEX#
Default value: true
Description: Enable or disable real-time indexing.
EXTRA_NOTES#
Default value: ""
Description: Custom notes displayed in the login page.
MULTITENANCY#
Default value: false
Description: Enable or disable multi-tenant mode.
MULTINODES#
Default value: false
Description: Enable or disable multi-node mode.
CSS#
Default value:
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
<link rel="stylesheet" href="/assets/css/style.css">
Description: Built-in CSS includes for styling the UI.
CUSTOM_CSS#
Default value: ""
Description: Custom CSS overrides for the UI.
ADMIN_GROUP#
Default value: ""
Description: LDAP or SSO group mapped to administrators.
AUDITOR_GROUP#
Default value: ""
Description: LDAP or SSO group mapped to auditors.
RESTRICTED_AUDITOR_GROUP#
Default value: ""
Description: LDAP or SSO group mapped to restricted auditors.
DATAOFFICER_GROUP#
Default value: ""
Description: LDAP or SSO group mapped to data officers.
ENABLE_GOOGLE_AUTH#
Default value: false
Description: Enable Google OAuth2 authentication.
GOOGLE_CLIENT_ID#
Default value: ""
Description: Google OAuth2 client ID.
GOOGLE_CLIENT_SECRET#
Default value: ""
Description: Google OAuth2 client secret.
GOOGLE_REDIRECT_URL#
Default value: ""
Description: Redirect URL for Google OAuth2 login.
ENABLE_AZURE_AUTH#
Default value: false
Description: Enable Microsoft Azure OAuth2 authentication.
AZURE_CLIENT_ID#
Default value: ""
Description: Azure OAuth2 client ID.
AZURE_CLIENT_SECRET#
Default value: ""
Description: Azure OAuth2 client secret.
AZURE_TENANT_ID#
Default value: ""
Description: Azure Active Directory tenant ID.
AZURE_REDIRECT_URL#
Default value: ""
Description: Redirect URL for Azure OAuth2 login.
ENABLE_GENERIC_OAUTH_AUTH#
Default value: false
Description: Enable generic OAuth2 authentication.
GENERIC_OAUTH_CLIENT_ID#
Default value: ""
Description: Client ID for generic OAuth2 provider.
GENERIC_OAUTH_CLIENT_SECRET#
Default value: ""
Description: Client secret for generic OAuth2 provider.
GENERIC_OAUTH_REDIRECT_URL#
Default value: ""
Description: Redirect URL for generic OAuth2 login.
GENERIC_OAUTH_AUTH_URL#
Default value: ""
Description: Authorization URL for generic OAuth2 provider.
GENERIC_OAUTH_TOKEN_URL#
Default value: ""
Description: Token URL for generic OAuth2 provider.
GENERIC_OAUTH_USERINFO_URL#
Default value: ""
Description: User info URL for generic OAuth2 provider.
ENABLE_AUTHENTICATOR#
Default value: true
Description: Enable TOTP authenticator usage for 2FA.
DATE_FORMAT#
Default value: YYYY/MM/DD
Description: Default date format used in the UI.
TIMEZONE#
Default value: Europe/Budapest
Description: Default timezone used by the application.
MAX_DOWNLOAD_MESSAGES#
Default value: 100
Description: Maximum number of messages that can be downloaded at once.
SMARTHOST#
Default value: ""
Description: SMTP relay host (smarthost) used for restoring emails.
SMARTHOST_PORT#
Default value: ""
Description: Port number for the smarthost.
NOREPLY_EMAIL_ADDRESS#
Default value: no-reply@archive.example.com
Description: Default "no-reply" email address for the UI when restoring email messages.
ENABLE_LDAP_AUTH#
Default value: false
Description: Enable LDAP authentication.
LDAP_HOST#
Default value: ""
Description: LDAP server host and port.
LDAP_BASE_DN#
Default value: ""
Description: Base DN for LDAP searches.
LDAP_BIND_DN#
Default value: ""
Description: Bind DN used for LDAP authentication.
LDAP_BIND_PASSWORD#
Default value: ""
Description: Password for LDAP bind DN.
LDAP_ACCOUNT_OBJECTCLASS#
Default value: ""
Description: LDAP object class for user accounts.
LDAP_ACCOUNT_MAIL_ATTR#
Default value: ""
Description: LDAP attribute for user email addresses.
LDAP_ACCOUNT_USERID_ATTR#
Default value: ""
Description: LDAP attribute for user ID.
LDAP_ACCOUNT_USERNAME_ATTR#
Default value: ""
Description: LDAP attribute for username.
LDAP_DISTRIBUTIONLIST_OBJECTCLASS#
Default value: ""
Description: LDAP object class for distribution lists.
LDAP_DISTRIBUTIONLIST_MAIL_ATTR#
Default value: ""
Description: LDAP attribute for distribution list email addresses.
ENABLE_IMAP_AUTH#
Default value: false
Description: Enable IMAP authentication.
RESTORE_OVER_IMAP#
Default value: true
Description: Allow restoring messages to user mailboxes over IMAP.
IMAP_SERVER#
Default value: ""
Description: IMAP server address.
IMAP_FOLDER#
Default value: INBOX
Description: IMAP folder where restored emails are delivered.
IMAP_USE_TLS#
Default value: true
Description: Use TLS for IMAP connections.
ENABLE_POP3_AUTH#
Default value: false
Description: Enable POP3 authentication.
POP3_SERVER#
Default value: ""
Description: POP3 server address.
POP3_USE_TLS#
Default value: true
Description: Use TLS for POP3 connections.
MAILCOW_HOST#
Default value: ""
Description: Mailcow server address.
MAILCOW_API_KEY#
Default value: ""
Description: API key for Mailcow integration.
CAUTION_TEXT#
Default value:
Caution: This message was sent from outside the company.<br />Please do not click links or open attachments unless you<br />recognize the source of this email and know the content is safe!
Description: Warning banner displayed on external messages.
GOTENBERG_ADDR#
Default value: ""
Description: Address of Gotenberg service used for document PDF export.
ENABLE_EXPORT#
Default value: true
Description: Enable export functionality for messages.
MIN_SIZE_TO_ENABLE_EXPORT#
Default value: 10000000000
Description: Minimum storage size (bytes) required before export is enabled.
MAX_EXPORT_MESSAGES#
Default value: 20000
Description: Maximum number of messages included in a single export.
EXPORT_TIMEOUT#
Default value: 300s
Description: Timeout duration for export jobs.
ADMIN_CAN_MANAGE_EXPORTS#
Default value: true
Description: Allow administrators to manage export jobs.
DIR_EXPORT#
Default value: /var/piler/export
Description: Directory where exported files are stored.
EXPORT_WARNING_TEXT#
Default value:
Exported files will be auto removed in 7 days. Please download them in their scheduled period
Description: Warning text shown to users about export retention.
ENABLE_DELETE#
Default value: false
Description: Enable delete functionality for messages.
NEED_TO_APPROVE_DELETE#
Default value: false
Description: Require data officer approval before message deletion.
APP_TRACE_NAME#
Default value: ""
Description: Application trace name (used for distributed tracing).
TRACE_ADDR#
Default value: ""
Description: Trace collector address (e.g., OpenTelemetry backend).
TURNSTILE_SITE_KEY#
Default value: ""
Description: Cloudflare Turnstile site key.
TURNSTILE_SECRET_KEY#
Default value: ""
Description: Cloudflare Turnstile secret key.
TIKA_URL#
Default value: http://127.0.0.1:9998/tika
Description: Apache Tika server endpoint for content extraction.
HEADER_LINE_TO_HIDE#
Default value: ""
Description: Comma separated Email header lines (without the colon!) to hide in the UI.
Example: HEADER_LINE_TO_HIDE=Received,Delivered-To#
SAML_CERT_FILE#
Default value: saml.crt
Description: Path to the SAML certificate file.
SAML_KEY_FILE#
Default value: saml.key
Description: Path to the SAML private key file.
SAML_METADATA_URL#
Default value: ""
Description: Metadata URL for SAML IdP.
TSA_PUBLIC_KEY_FILE#
Default value: ""
Description: Path to public key used to verify timestamp authority signatures.
JWT_RSA_PUBLIC_KEYS_DIR#
Default value: ""
Description: Directory containing RSA public keys for JWT validation.
CONTENT_SECURITY_POLICY#
Default value:
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-ZswfTY7H35rbv8WC7NXBoiC7WNu86vSzCDChNWwZZDM='
'sha256-Sc84R3QT4gTYLl5M2SIYCramZDi3OcEjJiog35/7ydU=' https://cdn.jsdelivr.net https://challenges.cloudflare.com ;
style-src 'self' https://cdn.jsdelivr.net; img-src 'self' data: https://cdn.jsdelivr.net https://challenges.cloudflare.com;
font-src 'self' https://cdn.jsdelivr.net; frame-src https://challenges.cloudflare.com; connect-src 'self';
object-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none';
Description: Content Security Policy (CSP) header applied by the application.
S3_ENDPOINT#
Default value: ""
Description: S3-compatible storage endpoint, eg. s3.eu-central-003.backblazeb2.com
S3_ACCESS_KEY#
Default value: ""
Description: Access key for S3 storage.
S3_SECRET_KEY#
Default value: ""
Description: Secret key for S3 storage.
S3_USE_SSL#
Default value: true
Description: Enable SSL/TLS for S3 connections.
S3_REGION#
Default value: ""
Description: S3 region name.
S3_BUCKET_PREFIX#
Default value: ""
Description: Prefix applied to S3 buckets.
S3_USE_SUBDIRS#
Default value: true
Description: Store objects in subdirectories within the S3 bucket.
DEMO_MODE#
Default value: false
Description: Enable demo mode with restricted functionality.
ALLOWED_CIDRS#
Default value: 127.0.0.0/8,172.18.0.0/16,172.19.0.0/16,172.20.0.0/16
Description: Defines CIDR blocks allowed to access the /metrics and /healthz endpoints.