Administration panel¶
A number of monitoring and configuration options are available through the admin panel to administer your instance without needing to open config files on the server.
The admin panel is available to administrator users (see Configure administrators).
User Menu (avatar at the top right) > Administration
or go to https://your-instance.com/admin/
This page repeats the comments present on the admin panels and adds a few clarifications.
General¶
Flush HTTP Cache¶
Force users to download the latest client-side assets (only if your server is in fresh mode).
This includes some configuration changes distributed via /api/config
.
Update user quotas¶
Forcing an update of user storage limits can be done any time, but is only necessary in the event of an error.
Enable remote embedding¶
Allow documents and media from this instance to be embedded on other websites. This will add an "Embed" option to the Share menu. For security reasons applications that use OnlyOffice (Sheets, Document, Presentation) cannot be embedded even if this setting is active.
Please note that by enabling this settings, you will need to adapt your Nginx configuration file, adding vector:
to pass diagnostic tests.
Mandatory Two-Factor Authentication¶
Tick the box so all users on this instance will be asked to set up two-factor authentication to log in to their account.
Admin contact email¶
This email address is displayed on the instance contact page.
This email may be used by the development team, only if Consent to contact is given, to warn of security vulnerabilities or in other cases for example matters affecting public facing instances listed in the directory.
Instance information¶
The following fields are used to describe the instance in the list of public instances:
Instance name (optional, if no name is provided the instance URL is used)
Instance description
Hosting location (country where the instance's encrypted data is hosted)
Note
This information is used on the instance front page.
User Directory¶
Close registration¶
Do not allow any new users to register.
Invitation Links¶
Invitation links create one account each, even if registration is closed. User name and email are for your identification purposes only. CryptPad will not email the invitation link (or anything else), please copy the link and send it using the secure channel of your choice.
User Directory¶
List of known accounts on this instance. Select options to add invited accounts automatically, or enter information manually using the form.
User Storage¶
This section is for managing storage limits on the instance.
Note
The values set in the admin panel override the defaults or modifications made to the configuration files.
Storage Limit¶
Maximum storage limit for CryptDrives (users and teams) when no custom rule is applied.
Apply a custom limit¶
Set custom limits for users by using their public key. You can update or remove an existing limit.
Custom limits¶
List all the custom storage limits applied to your instance.
Database¶
This section is dedicated for the database management. You will find moderation tools and specific information about the accounts registered.
Account information¶
Enter a user's public key to fetch data about their account.
Document information¶
Query a document or file via its id or URL
Login-block information¶
The login block is what allows an account to log in to CryptPad with the combination of username + password
2FA Recovery¶
Users can copy recovery data on the 2FA recovery page https://your-instance.com/recovery/ in the "Forgot recovery code" section and email it to the instance administrators. Paste recovery data below to disable 2FA for an account
Statistics¶
Launch time: Date and time at which the server was launched
Active connections: Number of active websocket connections (and unique IP addresses connected)
Active documents: Number of unique documents currently being viewed or edited
Open Files: Number of file descriptors currently open on the server
Registered users: Number of users registered on your instance
Disk usage: Amount of storage space consumed by various CryptPad resources
Avertissement
The disk usage report can be very resource intensive to run on large instances.
Support¶
To enable the Support mailbox, please see Configure support mailbox.
List of tickets sent by users to the support mailbox. All the administrators can see the messages and their answers. A closed ticket cannot be re-opened. You can only remove (hide) closed tickets, and the removed tickets are still visible by other administrators.
reply to tickets
close tickets
remove closed tickets
Broadcast¶
This section offers different ways of sending notifications to all users on the instance.
Maintenance¶
Plan a maintenance on this instance and notify all users. Limited to one active maintenance at a given time.
Survey¶
Add, update or remove a link to an external survey. Users will receive a notification and the survey will remain available from the user menu.
Broadcast Message¶
Send a message to all users on this instance. All existing and new users will receive it as a notification. Preview messages before sending them with "Preview notification". Preview notifications have a red icon and are visible only to you.
Performance¶
This section is dedicated to available measurments for checking resources consumption.
Performance¶
An overview of the total time spent executing various server-side commands
Measure disk performance¶
If enabled, a JSON API endpoint will be exposed under /api/profiling. This keeps a running measurement of disk I/O within the time window set below. This setting can impact server performance and may reveal sensitive data. It is recommended that you leave this setting disabled unless you know what you are doing.
Disk performance measurement window¶
If you have enabled disk performance measurements then the duration of the window can be configured below.
Network¶
Validate instance configuration¶
CryptPad includes a page which automatically diagnoses common configuration issues and suggests how to correct them if necessary. To visit the page use the Run Diagnostics button or visit https://your.instance/checkup/
.
The rest of this section includes options about how you and your instance communicate, or not, with the CryptPad development team.
Server telemetry¶
Opt-out of daily messages sent from the instance to the development team's server. The purpose of these messages is to count how many third-party instances of CryptPad are in operation and which version of the software they are running. The full content of the messages can be reviewed in CryptPad's server logs.
Statistical aggregation¶
You may opt-in to providing additional usage metrics to the developers, such as the approximate number of registered and daily users for your instance.
List my instance in public directories¶
Opt-in to have the instance included in the list of public instances on the CryptPad project site if it is intended for public use. We add public instances to our uptime monitoring and encourage administrators to follow updates.
In addition to this setting being enabled, the following criteria are required in order to have an instance listed:
All diagnostic tests must pass
Must not use a domain such as cryptpad.TLD as they imply a relationship with the development team and copyright holder (XWiki SAS), please use a subdomain instead
The version of CryptPad must be up to date within 90 days of the latest release
Instance information must be provided in the General tab
Server telemetry must be enabled
Absence of analytics and third-party trackers
Reasonable uptime, ±99% average availability on the previous 30 days
A working backup strategy is in place and has been tested
At least one other person must have access to the infrastructure
Commitment to give users at least 6 months of advance warning in case of shutting down
Note
The list of public instances is considered an extension of the CryptPad community. As such, the development team reserves the right to remove instances from the list if their administrators or the groups they represent are in breach of the Code of Conduct or for any other reason at their own discretion.
Consent to contact¶
Opt-in to allow the development team to contact the Admin contact email with notifications of serious problems with the software or the instance configuration. Administrator emails are never shared, sold, or used for marketing purposes.
Crowdfunding participation¶
Opt-out of advertizing CryptPad's crowdfunding campaign on the instance.
Instance purpose¶
Indicate the purpose of the instance, this is used to inform the development roadmap.
Note
Instance purpose is only sent to the development team if Server telemetry is enabled