Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Server Pro and Community Edition are both on premises versions of Overleaf. But what are the differences?
Powerful LaTeX editor
✓
✓
Full project history
✓
✓
Commenting
X
✓
Real-time track changes
X
✓
Easy internal collaboration
X
✓
Private template management system
X
✓
Git integration
X
✓
Easy user management via Admin Panel
Limited
✓
No manual upgrade of users required
X
✓
Single sign-on (SSO) via SAML 2 and LDAP
X
✓
Direct access to all user projects
✓
✓
Self-hosted
✓
✓
Automatic user registration
X
✓
(LDAP or SAML 2)
Sandboxed compiles
X
✓
Optimized version of TeX Live
X
✓
Early notification for security releases
X
✓
For people using a self-hosted Community Edition instance, support is provided by the community via GitHub Issues.
For customers using a self-hosted Server Pro instance we will provide reasonable support to assist with the resolution of technical issues relating to the installation, configuration, maintenance and general usage of Server Pro, to a single, named staff member.
Support services for Server Pro specifically exclude:
Direct support for the LaTeX language including layout, typesetting, and programming errors;
Defects or errors resulting from any modifications to Server Pro unless made, instructed, or approved by us in writing;
Support for any version of Server Pro other than:
The two (2) most current point releases of the current major version; and
The last released point release of the previous major version;
Support for any non-current version of Server Pro that is more than twenty-four (24) months old;
Any fault in the environment or in any software or hardware used in conjunction with Server Pro; and
Defects or errors caused by the use with any software products other than those specifically certified for use with Server Pro in this documentation.
Release date: 2023-10-06
Image ID: 4f2113a3c903 (Community Edition Image ID: 0038aa2cc383)
Fixes history soft retry cronjob, which was executing the operation as a hard retry.
Release date: 2023-09-25
Image ID: af3621af7b83 (Community Edition Image ID: a461cd37241b)
Workaround a bug in the History Migration Scripts when multiple updates have the same version.
Release date: 2023-08-10
Image ID: dcfec83c5091 (Community Edition Image ID: 6f8a5409f146)
Fixed a bug in the History Migration Scripts when large deleted documents exist.
Extended the History Migration Cleanup Script to free up mongo storage space.
We advise customers to re-run the script again as per the documentation.
Release date: 2023-07-20
Image ID: f83dc1e03fcf (Community Edition Image ID: 373b0b94b156)
This release includes security updates.
Release date: 2023-07-14
Image ID: d746f967e231 (Community Edition Image ID: 25aa7097b27b)
This release includes security updates.
Release date: 2023-06-29
Image ID: 03c294380d2c (Community Edition Image ID: 39d691cb806e)
Fixes a bug preventing anonymous users from adding changes to the Project History when Full Project History is enabled.
Release date: 2023-06-01
Image ID: 65cc2f2e2af6 (Community Edition Image ID: cc998380cad7)
Fixes a bug in the History Migration Scripts when using --force-clean that prevented migration reattempts in certain situations.
Release date: 2023-05-04
Image ID: 0dee80908e57 (Community Edition Image ID: 89c35e1b6ec8)
Added clean_sl_history_data script to cleanup legacy history data.
Release date: 2023-03-21
Image ID: 35bda2a2a778 (Community Edition Image ID: 9db95d7e350c)
This release fixes the shutdown sequence in Server Pro / Community Edition.
Release date: 2023-03-20
Image ID: 44d12da219d7 (Community Edition Image ID: 563d00cfad2a)
This release disables the primary email check feature in Server Pro / Community Edition.
Release date: 2023-03-07
Image ID: 8c7444b2e929 (Community Edition Image ID: 60bef8c323a5)
This release includes a performance improvement to the Full Project History migration script.
Release date: 2023-03-07
Image ID: dca7282041af (Community Edition Image ID: cd45ea2957b0)
This release includes several improvements to the Full Project History migration scripts.
Release date: 2023-02-28
Image ID: 6a64c0f67077 (Community Edition Image ID: bfa72dc4430f)
This release includes a fix for a German translation in the editor.
Release date: 2023-02-13
Image ID: f6963b4eaad9 (Community Edition Image ID: 678db4634722)
This release includes the Full Project History feature that is already available in our SaaS offering, overleaf.com and brings several improvements for users:
Tracks changes in binary files, which is unsupported in the legacy system. There is support for labelled versions. The system is in general more robust, there is less chance of data loss.
After upgrading your instance all new projects will be using Full Project History by default (unless opting-out, see environment variables in Configuring Overleaf). Existing projects will continue using the legacy History system, until they’re migrated.
Full Project History migration instructions.
This release also ships with official support for S3 compatible object storage. This could either be a self-hosted solution, like min.io or ceph.io, or AWS S3. The S3 based storage backend can optionally replaces the local fs/NFS storage backend. You can find a wiki page on setting up S3 in Server Pro and another wiki page describes the migration process for moving existing data into S3. With S3-compatible object storage support we prepared Server Pro for horizontal scaling, look out for news here soon!
Remove empty "Advanced" tab in admin panel.
Added cleanup scripts to flush redis data on container shutdown. This might increase the time it takes to stop the instance to up to 1 minute. If you're not using the Overleaf Toolkit, you need to specify the timeouts in your container configuration.
German translation coverage significantly improved (d5d3fcd)
Release date: 2023-01-11
Image ID: 07f5275feec5 (Community Edition Image ID: 009c80a8d63e)
This release includes database migrations. Please backup your database before upgrading.
New environment variable SHARELATEX_STATUS_PAGE_URL can be set to a custom status page URL. This URL is displayed when the site is closed for maintenance and on 500 errors.
Fix parsing of authnContext in passport-saml options (Server Pro).
Fix disconnect users option in site admin panel (Server Pro).
Drop limit for output.pdf requests. This should mitigate errors compiling a project several times in a short time.
Memory management improvements during file upload process. These changes reduce pressure on the disk from fewer IO operations.
Release date: 2022-11-15
Image ID: c03e78f10d6d (Community Edition Image ID: eab840a50369)
This release includes a fix for a server error that can stop the project dashboard from opening:
TypeError: (project.archived || []).some is not a function
The fix sports a new migration for converting the archived and trashed state of projects from a per-project setting to a per-user setting.
Release date: 2022-10-18
Image Id: 9194fb1de6b3 (no Community Edition image)
This release includes a security update addressing potential vulnerabilities with SAML auth provider integration.
Release date: 2022-10-13
Image ID: 56f044d08198 (Community Edition Image ID: 4c4bad165ea6)
This new release of Server Pro includes a MongoDB migration affecting several collections. Please ensure you have a database backup before upgrading.
For CE users, and Server Pro users that don't run Sandboxed Compiles there is a change in how Latex packages are installed, now requiring to run tlmgr path add again after every use of tlmgr install in order to correctly symlink all the binaries into the system path.
User/Project audit logs can now store more than 200 entries.
HTML content in Template descriptions is now sanitized using sanitize-html default options. This might affect your existing templates.
Release date: 2022-09-19
Image ID: 20e80bd600fb (Community Edition Image ID: 8552c59519a7)
Fixes TexLive package setup (non-sandboxed compiles) (https://github.com/overleaf/overleaf/issues/1044)
Release date: 2022-08-26
Image ID: 3817bd0d07a4 (Community Edition Image ID: 31cc6bc2bfa7)
Fixes source editor not being displayed (https://github.com/overleaf/overleaf/issues/1043)
Release date: 2022-08-16
Image ID: 4db483917643 (Community Edition Image ID: 1bce84a47f1f)
This new release of Server Pro includes several new features. It also requires updating Mongo version to 4.4. Upgrade instructions are available here. Please ensure you have a database backup before upgrading.
User Activity and License Usage information (with a count of active users) is now displayed in the Admin Panel.
User Dictionary entries can now be deleted from the Editor Settings panel.
TexLive 2022 is available for instances running Sandboxed Compiles. Check the documentation for instructions to upgrade. TexLive 2022 is also the default version for instances not running Sandboxed Compiles.
Fixed history diff navigation.
Release date: 2022-08-10
Image ID: eb5802bfd8a4 (Community Edition Image ID: 401c5a25016d)
Fixes history diff navigation (https://github.com/overleaf/overleaf/issues/1035)
Release date: 2022-05-17
Image ID: 699e7c990b0f (Community Edition Image ID: 9c9fe33828a0)
This release requires updating Mongo version to 4.2. Upgrade instructions are available here. Please ensure you have a database backup before upgrading.
TexLive 2021 is available for instances running Sandboxed Compiles. Check the documentation for instructions to upgrade.
The path of the application inside the container has changed from /var/www/sharelatex to /overleaf; if you have bind mounts that use the old path, they will need to be updated.
Many small improvements and bugfixes.
Release date: 2021-10-05
Image ID: 5e87b3c5ad41 (Community Edition Image ID: 9155d8a13aaa)
This major release includes migrations that update the database in a backwards incompatible format. Please ensure you have a database backup before upgrading, in case of roll-back you will not be able to read data in the new format.
This update brings general performance and stability improvements to the application, along with many small improvements and bugfixes.
We've recently updated the way we tag our docker images. In addition to 3.0.1, we're also tagging the new version as 3 and 3.0, representing the latest major and minor versions for the 3.x.x branch respectively. These new tags will be updated again when a new minor or hotfix version is published.
latest tag won't be immediately updated to this new major version. If you're using a docker-compose.yml please update your image tag to 3, 3.0 or 3.0.1. Toolkit users can continue using the bin/upgrade script as usual.
Important: before upgrading to this new major version you need to upgrade to version 2.7.1 first.
A migration may occasionally fail due to unexpected duplicate entries in a mongo collection.
If upgrading from 2.7.1 to 3.0.1 fails with messages containing MongoError: Error during migrate "20190912145029_create_tags_indexes": E11000 duplicate key error collection: sharelatex.tags index: user_id_1_name_1 dup key: {<…>} this means that one of your users has multiple tags/folders with the same name.
To recover, revert to your 2.7.1 backups and ask the user to make their tag/folder names unique. (The user id and specific tag name will be reported in the error message, so you can contact the affected user and mention the specific tag name that is problematic.) Then attempt the upgrade again.
You can also attempt to detect multiple tags in advance, before you upgrade, with the following aggregate:
If it returns no results, there are no duplicate tags, and the migration should succeed.
If you see the error MongoError: Error during migrate "20190912145001_create_contacts_indexes": E11000 duplicate key error collection: sharelatex.contacts index: user_id_1 dup key{<…>} this indicates a similar problem in the contacts collection. You can check how many entries are affected with the following command:
The contacts collection is a cache of names which appear as completions in the "Share Project" modal, it is not critical data. You can remove individual duplicate entries with the command
where the ObjectId value should be taken from the list of duplicates. When the duplicate contacts have been removed, the migration should succeed.
You might see a cert is required error when upgrading from Server Pro 2.6.2 or earlier if SHARELATEX_SAML_CERT is not provided.
If you come across the issue, please add the SHARELATEX_SAML_CERT value, and update your instance to 2.7.1 before attempting to upgrade to 3.x.x.
The 3.5.x release of the Community Edition includes the Full Project History feature that is already available in our SaaS offering, overleaf.com
After upgrading your instance to Overleaf CE 3.5.13, all new projects will be using Full Project History by default. Existing projects will continue using the legacy History system, until they’re migrated.
Note: If you upgrade to 3.5.13 and decide to downgrade to an earlier version, then you should restore from a full system backup. The history of projects created in 3.5.13 is not compatible with earlier versions of Overleaf CE.
The new Full Project History brings several improvements for users:
It tracks changes in binary files, which is unsupported in the legacy system.
There is support for labelled versions.
The system is in general more robust, there is less chance of data loss.
Check Full Project History documentation for more information about full project history.
Create a full backup of your instance with a consistent snapshot of the mongo, redis and sharelatex directories.
Ideally, you’d want to prevent users from accessing your instance while the migration takes place, to avoid data loss in case you need to restore your backup. See Offline migration for more information on how to do this.
(--force-clean clears partially migrated project history data in the new system, this allows retrying the migration for individual projects that failed in prior attempts; --fix-invalid-characters replaces non printable characters that are not supported by the new history system; --convert-large-docs-to-file converts documents that are above the 2MB editable-size threshold to a non-editable file)
The output should look like this:
If the migration is successful, you'll get an exit code of 0, and the last lines indicating no failures:
You can reopen access to your users (see next step). If there are failures, please see the troubleshooting section below. You can still reopen the site if the problems are not immediately fixed, and the unmigrated projects will remain on the legacy history system.
If you had chosen to perform an offline migration then you will need to re-open the site. If you are still logged in you will need to:
Click on the Admin button and choose Manage Site
Click the Open/Close Editor tab
Click the Reopen Editor button
If you have closed your browser then you will need to restart the site with $ bin/up.
To prevent users from being able to log in while the history migration script is running, please follow these steps:
Log into your Overleaf instance with an admin account
Click on the Admin button and choose Manage Site
Click the Open/Close Editor tab
Click on the Close Editor button
Click on the Disconnect all users button
Once this has been done, if any users are logged in they will get redirected to the maintenance page, and any new users visiting the log-in page will see the maintenance page and won't be able to log in.
It is possible to run the migration scripts while the application is still running. There are a few considerations to take into account:
The migration process is CPU intensive, you should monitor resource usage while the script is running.
With a high --concurrency value, the event loop in some services (track-changes in particular) might experience some blocking, which would lead to a degraded UX experience. We recommend starting with the default --concurrency=1 value.
You can stop the script at any time. Starting it again will resume the migration when you left it. This is useful in case you prefer to run the migration in less busy hours (e.g. at night).
Our recommendation is to close the site and run the migration offline in a maintenance window when your project count is less than 1000 projects (db.projects.count()). If the number of projects is large you can run the script and monitor its progress, then decide whether to continue running it online or offline based on your particular case.
A script to cleanup legacy history data was added in Server Pro 3.5.6, 4.0.6 and 4.1.0.
The script can be run after all the projects have been migrated. It can also be used to free some space while performing an online migration.
We will add troubleshooting advice here. Please note that while we normally offer support only to Server Pro customers, given the nature of this migration, we will also do our best to support CE customers who experience problems specific to the full project history migration.
If the full project history migration script fails (i.e. exits with an error or prints a non-zero number of failed projects), please send the following details to our support team by email support+historymigration@overleaf.com, detailing:
Subject: Full project history migration problem
Instance Type: CE or Server Pro (delete as appropriate)
Installation Type: Overleaf toolkit or docker-compose.yml or other (delete as appropriate)
Version: 3.5.x (toolkit: $ cat config/version)
Migration script output (which should be located in the container under /overleaf/services/web)
Migrated Projects: (as per migration script output)
Total Projects: (as per migration script output)
Remaining Projects: (as per migration script output)
Duration of the migration:
bin/doctor output (when using toolkit)
Toolkit version: $ git rev-parse HEAD (when using toolkit)
Consider attaching the log files for the history-v1, project-history and track-changes services to the email. You can find these at /var/log/sharelatex inside the sharelatex container and export them like this:
Please redact any sensitive information from the log files before attaching them.
The migration may fail for projects which have a malformed file tree (for example, where filenames are empty). You can find a list of these problems using the find_malformed_filetrees script which checks all projects in the database:
To fix the invalid paths, use the fix_malformed_filetree script, running the command once for each bad path:
If there is a project that has been migrated to full project history but you want to go back to the legacy history, use the downgrade_project script as follows:
We recommend that the on-site administrator of your Overleaf instance has:
We find that on-site administrators with these skills will be able to provide the best experience for users of Overleaf at your organization.
Release date: 2021-09-16
Image ID: 823f6cb592f4 (Community Edition Image ID: 4f7d059759d2)
This release includes a security update preventing editor sessions from being disconnected.
An image placeholder is displayed when a template preview is not generated (due to having ENABLE_CONVERSIONS environment variable set to false).
Release date: 2021-07-12
Image ID: e8efe0e39698 (Community Edition Image ID: 9ca6a3256fb6)
Fixed comment attribution in projects with anonymous comments
Fixed collaborators redirected out of a project when the owner edited the collaborators
Fixed redis connections in the host machine when no password authentication is defined #895
Fixed host headers in i18n installs #896
SHARELATEX_SAML_CERT is now required for SAML setup.
Many small improvements and bugfixes
Release date: 2021-05-20
Image ID: 1f1f4f1c4f02 (Community Edition Image ID: 2d8a8b6d1930)
Fixed references service crashing with .bib files larger than 6mb.
Fixed incorrect emailing attempt during user registration, which displayed an error message in the logs.
Fixed LDAP registration when firstName and lastName contain a list of variations with non-ascii characters.
Release date: 2021-04-23
Image ID: dd382a10a3e5 (Community Edition Image ID: cfd4ec616219)
This release includes performance and stability improvements for handling larger projects. These improvements are backed by changes to data structures in the Mongo database. The changes are implemented in a backwards compatible way for reading existing data, but new data is written in a backwards incompatible format. You may be able to upgrade without making any changes to the database at this time, but in case of a roll-back, you will not be able to read all the newly written data. A future release will migrate the old data to the new format. As with previous updates, please ensure you have a backup before upgrading.
This release includes important security updates. It fixes some potential XSS vulnerabilities and upgrades to node 12 ahead of node 10 reaching end of life on 30 Apr 2021.
Fallback linearisation breaks PDF/A when not using sandboxed compiles.
SAML: Add /saml/meta endpoint to fetch Service Provider Metadata.
New configuration parameters for SMTP: SHARELATEX_EMAIL_SMTP_NAME and SHARELATEX_EMAIL_SMTP_LOGGER.
Added configurable AWS Region to email settings (SHARELATEX_EMAIL_AWS_SES_REGION).
Administrators can now promote other users to administrator again.
Added ADDITIONAL_TEXT_EXTENSIONS for customisation of editable file types.
UI and performance improvements.
All services have been upgraded to Node v12 from v10.
Note: 2.6.1 is the initial release on the 2.6.x line, version 2.6.0 has not been published.
Release date: 2021-01-26
Image ID: 8afec2bb0ace (Community Edition Image ID: 62b08784fc5d)
Fixed account activation with uppercase emails (https://github.com/overleaf/overleaf/issues/819)
Release date: 2021-01-14
Image ID: e9a932e0effd (Community Edition Image ID: 5d6493ce30fe)
Fixed log rotation
Release date: 2020-11-20
Image ID: 7ae2382c68b3 (Community Edition Image ID: 6e6f3526af69)
TexLive 2020 is now available.
Mongo version updated to 4.0 (see upgrade instructions).
Fixed anonymous read/write project links redirecting to the login page.
HTML code in SHARELATEX_LEFT_FOOTER is now correctly displayed.
Fixed SHARELATEX_CUSTOM_EMAIL_FOOTER not working.
This will be the last CE/SP release where we officially support IE11. The next release in Q1 2021 will no longer be tested on IE11.
Release date: 2020-10-5
Image ID: 83c76915b65a (Community Edition Image ID: 814858a6bb38)
Fixed anonymous read/write sharing
Fixed html links in left footer
Release date: 2020-08-26
Image ID: 6cf8c22f2903 (Community Edition Image ID: 4be5fcb14878)
No changes from 2.4.0. This release is just to keep the version numbering consistent between Server Pro and Community Edition.
Release date: 2020-08-20
Image ID: 6cf8c22f2903 (Community Edition Image ID: 2ff144360052)
Audit log for users' account settings updates
This release fixes an important security issue: previously, it was possible for a specially crafted websocket request to bypass project authorization checks. https://github.com/overleaf/real-time/pull/177
Many small improvements and bugfixes
Release date: 2020-06-30
Image ID: 6fc8c7709df6 (Community Edition Image ID: 050f166647d2)
Release date: 2020-06-11
Image ID: feb1b349654b (Community Edition Image ID: 843316001077)
(when using sandboxed compiles)
Show latexmk output in compile logs
Fixed broken LuaLatex builds when not using sandboxed compiles
Fixed PDF/A validation broken when not using sandboxed compiles
Fixed project uploads from zip files with many large text files
gravatar.com service is no longer used
Deleted documents no longer count toward overall project file limit
Improvements to dashboard tag management
Many small improvements and bugfixes
Release date: 2020-03-10
Image ID: 11dce4970997
TexLive image not being persisted in project entities (project.imageName field)
Release date: 2020-02-10
Image ID: 4b4d9f8d4fad (Community Edition Image ID: 0867310d1151)
Incorrect template layout is now fixed
Node upgrade to fix CVE-2019-15605, CVE-2019-15606 and CVE-2019-15604
reCAPTCHA is now disabled
Removed external access to Google Fonts.
Other minor improvements and bugfixes.
Release date: 2020-01-21
Image ID: 23f9a28eeef2 (Community Edition Image ID: e01ae3fd29ac)
Fixed unable to share projects via email address.
Release date: 2020-01-14
Image ID: 61a994c2584f (Community Edition Image ID: 503763f211f2)
Email confirmation banner can be disabled with the new environment variable EMAIL_CONFIRMATION_DISABLED: 'true'
Project ownership can be changed from the admin panel.
Admin: improved search using regular expressions
Other minor improvements and bugfixes.
Release date: 2019-12-06
Image ID: d29f5373eca9
2.0.3 is a Server Pro-only release, no Community Edition has been published.
Fixed unable to share projects via email address.
Reenabled recaptcha, which was the root cause of the issue above.
Release date: 2019-11-26
Image ID: 9907ccc100e5 (Community Edition Image ID: de647e8b462c)
Fixed link sharing for anonymous users when SHARELATEX_ALLOW_PUBLIC_ACCESS: 'true' and SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: 'true'.
Fixed read-only access to shared projects.
Fixed SAML logout (Server Pro only).
Fixed sync between editor and pdf with synctex (Server Pro only).
Fixed track changes slow to commit.
Disabled recaptcha (Server Pro only).
Importing external files is disabled by default.
IMPORTANT: A new SYNCTEX_BIN_HOST_PATH is required when using Sibling Containers. Check the setup instructions in the wiki: https://github.com/overleaf/overleaf/wiki/Server-Pro:-sandboxed-compiles#mapping-the-location-of-synctex-in-the-host.
Release date: 2019-10-18
Image ID: cb014e03204a (Community Edition Image ID: 708b20c0a403)
Fixed admin creation using CLI.
SyncTeX not working on Sandboxed Compiles (see workaround instructions).
Release date: 2019-10-09
Image ID: 8fdd3419f5a5 (Community Edition Image ID: 2cdbdc229d4f)
A lot has changed in the last few years, with ShareLaTeX joining forces with Overleaf to create one incredible authoring platform. Now that the merge is complete it's time to release a new version of ShareLaTeX Overleaf Community Edition and Server Pro!
This release brings Community Edition and Server Pro up to date with the cloud-based version of Overleaf. A lot has changed since the last release, with too many bug fixes and small improvements to count, but here are a few highlights:
A brand new user interface theme
Improved project dashboard
A new interface for creating (or uploading) files in a project
Linked Files: import a file from another project.
Improved History view
This release of Server Pro includes a few new premium features:
Rich Text mode: write your document like a rich-text document, backed by nice clean LaTeX
Improved Sandboxed Compiles: no more fiddling with group permissions (see below)
Improved Admin Interface: now you can inspect the state of a project from the Admin page, plus many more small improvements
This release adds a few new options to the docker environment. We recommend using our updated example docker-compose.yml file and updating it to reflect your old configuration where necessary.
The new variables are:
ENABLED_LINKED_FILE_TYPES: a comma-separated list-keys, which controls which types of "linked file" are available in the New File modal. Defaults to 'url,project_file', as in the example file.
ENABLE_CONVERSIONS: If set to 'true', will enable on-the-fly file preview conversions using ImageMagick. Set to another value to disable this feature
REDIS_HOST: should be set to the name of the Redis host, same as the SHARELATEX_REDIS_HOST variable. In the case of a simple docker-compose based deployment, this will just be 'redis'. This duplication is, unfortunately, necessary in the short term while users migrate to the new Community Edition and Server Pro images, and will be resolved in a later release.
REDIS_PORT: In case we desire to use the port for Redis other than the default, we need to set the value in REDIS_PORT to be the same as in SHARELATEX_REDIS_HOST, for the same reason described above.
And for Server Pro:
DOCKER_RUNNER: set to 'true' when enabling Sandboxed Compiles with sibling containers. See the updated documentation on Sandboxed Compiles.
SYNCTEX_BIN_HOST_PATH (introduced in 2.0.2): set to <your_sharelatex_data_directory>/bin/synctex. Check Sibling Containers documentation for extra context
We've made some changes to the way the Sanboxed Compiles work. In previous versions, the administrators often needed to fiddle with user and group permissions on the docker socket to get Sibling Containers to work. In this release, we've changed all that so it's handled automatically inside the Server Pro container, so it should just work in the majority of cases.
From this release onwards we will no longer support the old "Docker-In-Docker" method of sandboxed compiles, as it has become more and more difficult to get this to work as time goes on. We strongly encourage admins to consider the newer Sibling Containers method as an alternative.
You can now opt-in to a new version of TeX Live. The default is still TeX Live 2017, but you can find instructions on how to get TeX Live 2018 or later here: https://github.com/overleaf/overleaf/wiki/Server-Pro:-sandboxed-compiles#changing-the-texlive-image
Before updating to a newer version of TexLive we strongly recommend backing up your data and update to the latest version of Server Pro available.
The following database migrations have been added, and will run automatically:
Alter the structure of the User model to support future work
Change structure of project.tokens, to enforce uniqueness on the numeric part of a read-and-write sharing token
Administrators and end-users should not notice any change in behaviour due to these migrations.
If anything seems out of place, or you run into any problems while upgrading, please get in touch with us via email at support@overleaf.com
Release date: 2025-03-21
Server Pro Image ID: dcfa08126e52
Community Edition Image ID: 8fda0e836de1
Git Bridge Image ID: 59a17a340612
This is a security release, we updated internal dependencies used by SAML integration.
Release date: 2024-08-13
Server Pro Image ID: 03df62558008
Community Edition Image ID: b455e431db42
Git Bridge Image ID: 59a17a340612
Fix for invalid URLs returning 500 instead of 400.
/metrics and /health_check now return 404.
Security update to prevent remote image loading in Visual Editor.
Release date: 2024-07-12
Server Pro Image ID: b57040dd7e45
Community Edition Image ID: 60b9c65a00a7
Git Bridge Image ID: 59a17a340612
This is a security release. We added stricter controls for accessing project invite details and locked down access to files via the LaTeX compilation service.
We strongly recommend turning on the Sandboxed Compiles feature in Server Pro.
Release date: 2024-06-20
Server Pro Image ID: e9c52f2dd6df
Community Edition Image ID: 8ac3da599b94
Git Bridge Image ID: 59a17a340612
This is a security release. We added stricter controls for creating projects from ZIP URLs.
Release date: 2024-06-11
Server Pro Image ID: cbe8a3d11874
Community Edition Image ID: 8ac3da599b94
Git Bridge Image ID: 59a17a340612
This release provides security updates, bug fixes, and performance enhancements, including:
Stricter controls to prevent arbitrary JavaScript execution in the project editor.
Stricter controls to prevent arbitrary CSS loading in the project editor.
Updated libraries to enhance security and performance.
Release date: 2024-04-17
Server Pro Image ID: 875dd6e64e96
Community Edition Image ID: ab1e82612ec9
Git Bridge Image ID: 455a8c0559a4
Server Pro 4.2.4 is a security release for the application runtime.
The Node.js runtime has been upgraded to 18.20.2. Check the release notes (18.20.1, 18.20.2) for more information.
All services are now using IPv4 in the container
Adds bin/flush-history-queues and bin/force-history-resyncs utility scripts.
Release date: 2024-02-16
Server Pro Image ID: a251a3f77aaa
Community Edition Image ID: 168968a20483
Git Bridge Image ID: 59a17a340612
Server Pro 4.2.3 is a security release for the application runtime.
The Node.js runtime has been upgraded to 18.19.1 as per the security announcement upstream. It is worth noting that only CVE-2024-22019, a Denial of Service vulnerability, is applicable to Server Pro.
If an access point to your Server Pro instance is publicly accessible via the internet, such as a login page or redirect to it, it is particularly important that you upgrade to Server Pro version 4.2.3.
Release date: 2024-02-07
Server Pro Image ID: 166a56c173a1
Community Edition Image ID: f33f1873b490
Git Bridge Image ID: 59a17a340612
This release increases security against brute force attacks on projects with link-sharing enabled.
If your Server Pro instance is configured with link-sharing enabled, using SHARELATEX_ALLOW_PUBLIC_ACCESS=true, it is particularly important that you upgrade to Server Pro version 4.2.2.
We would also like to highlight a required upgrade of MongoDB to version 5.0 for the next Server Pro release. MongoDB 4.4 reaches end of life this month, February 2024. We recommend that all customers upgrade to MongoDB 5.0 at their earliest convenience.
Release date: 2023-11-23
Server Pro Image ID: 3a75a815d297
Community Edition Image ID: ae1b8c082224
Git Bridge Image ID: 59a17a340612
This release restores public access to the /saml/meta endpoint.
Release date: 2023-11-10
Server Pro Image ID: 8bdf368e59f4
Community Edition Image ID: ae1b8c082224
Git Bridge Image ID: 59a17a340612
This release separates the web service into an internal API service and a user facing service. Most of the changes in this regard are behind the scenes. The Git integration in Server Pro talks to the Server Pro container "from the outside" and its config needs changing.
Toolkit users: please upgrade the toolkit (bin/upgrade) before upgrading to Server Pro 4.2.0.
docker-compose deployments: please update the contents of the GIT_BRIDGE_API_BASE_URL variable:
A toolbar has been added to the Code Editor, which provides buttons for basic text styling, and inserting special characters, figures, code for tables, citations, and more.
An easier way to create and edit tables is now available in Server Pro. You can also copy and paste tables and formatted text directly into Visual Editor, without losing the formatting.
Check the blog post for more information.
The new Insert figure feature allows user to upload or just copy and paste an image file from your computer directly into the editor.
Please refer to the blog post for more information.
Math symbols are now previewed along with the autocomplete options in the editor.
XeLatex is now available in the default Tex Live install when not using Sandboxed Compiles.
As announced with the previous Server Pro release, the legacy source editor has been removed from the editor. You can read more about the new editing experience on our blog.
The new release also includes the following changes:
Session length can now be configured with SHARELATEX_COOKIE_SESSION_LENGTH.
Node runtime has been updated to v18.18.2
Release date: 2023-11-02
Server Pro Image ID: e40c0df3207f
Community Edition Image ID: 50437e9a470c
Git Bridge Image ID: f499a7ef6e64
This release adds several dependency patches bringing performance improvements in different parts of the application.
Release date: 2023-10-25
Server Pro Image ID: 47246d85316b
Community Edition Image ID: d909899af648
Git Bridge Image ID: f499a7ef6e64
This release includes a bug-fix for streaming compression in the history system that could result in hanging flushes. History changes will accumulate in Redis and do not get flushed for permanent storage on disk/S3, leading to potential data-loss when Redis runs out of memory.
We advise all customers to upgrade to this release at their earliest convenience.
Release date: 2023-10-24
Server Pro Image ID: ef772a5f1148
Community Edition Image ID: 1bcb24c3b31a
Git Bridge Image ID: f499a7ef6e64
This release includes additional logging and a new config option for a request timeout.
Release date: 2023-10-06
Server Pro Image ID: 6661a336d695
Community Edition Image ID: e46e0cf12e97
Git Bridge Image ID: f499a7ef6e64
This release includes a fix for the history soft retry cronjob, which was executing the operation as a hard retry.
Release date: 2023-09-27
Server Pro Image ID: fab9def8230a
Community Edition Image ID: 1ce6ef6ea798
Git Bridge Image ID: f499a7ef6e64
This release includes security updates for the Git Bridge.
Release date: 2023-09-05
Server Pro Image ID: fab9def8230a
Community Edition Image ID: 1ce6ef6ea798
Git Bridge Image ID: e5e9753fc979
Hide tabs on user admin info pages that are only relevant for overleaf.com
Release date: 2023-08-24
Server Pro Image ID: a6c6bfe92bd1
Community Edition Image ID: 1ce6ef6ea798
Git Bridge Image ID: e5e9753fc979
Server Pro 4.1 is a security release for the application runtime.
The Node.js runtime has been upgraded from version 16 to 18 ahead of the upcoming deprecation of Node.js 16 on September 11, 2023.
Only Server Pro 4.1 will operate with Node.js 18. All other supported versions of Server Pro require Node.js 16, which is being deprecated. We recommend that all customers upgrade to Server Pro 4.1 at their earliest convenience.
If an access point to your Server Pro instance is publicly accessible via the internet, such as a login page or redirect to it, it is particularly important that you upgrade to Server Pro version 4.1 before September 11, 2023.
Reminder: History migration for Server Pro 3.5.X and earlier
If you are still using a Server Pro version before 4.0, we recommend starting with the upgrade process immediately. In Server Pro 4.0 we introduced a breaking change in the history system that requires migrating all the history data into the new system in order for Server Pro to function.
The migration process can handle the majority of project histories without any manual work. However, very old projects can contain data that require additional steps to migrate. Starting the migration process now will give our support team adequate time to take a look into your migration issues and help you finish the migration ahead of the EOL date.
Server Pro versions 3.5.11, 4.0.6 and the latest 4.1 release include an updated script that fully deletes orphaned mongo data from the old history system. It is safe to run the script again. Please refer to the documentation on how to run the cleanup script.
Server Pro 4.1 will be the last release with the legacy source editor. You can read more about the new editing experience on our blog.
The Rich Text/Visual editing experience has been improved.
The "Source" editor has been renamed to "Code Editor" and the "Rich Text" editor has been renamed to "Visual Editor".
Release date: 2023-08-10
Image ID: da6f6f617532 (Community Edition Image ID: 504b19c82c27)
Bring back the History Migration Cleanup Script with a fix to free up mongo storage space.
We advise customers to re-run the script again as per the documentation.
Release date: 2023-07-20
Server Pro Image ID: bd37a572f01a
Community Edition Image ID: 883bb853c896
Git Bridge Image ID: 9bfd98050a43
Fixes numbers replaced by underscores when downloading projects (overleaf/overleaf/issues/1133).
Security updates.
Release date: 2023-07-14
Server Pro Image ID: bcec664460d0
Community Edition Image ID: 1cf00822f942
Git Bridge Image ID: 9bfd98050a43
This release includes security updates.
Release date: 2023-06-29
Server Pro Image ID: 963eb95c3c86
Community Edition Image ID: 380e3cb72a42
Git Bridge Image ID: 9bfd98050a43
Fixes a bug preventing anonymous users from adding changes to the Project History.
Release date: 2023-06-08
Server Pro Image ID: aa27991a39a7
Community Edition Image ID: 26c75dfb6485
Git Bridge Image ID: 9bfd98050a43
Fixes a bug navigating through the documentation pages when SHARELATEX_PROXY_LEARN=true.
Release date: 2023-05-30
Server Pro Image ID: 3014d696b579
Community Edition Image ID: 26c75dfb6485
Git Bridge Image ID: 9bfd98050a43
Note: An issue was discovered with version 4.0 so it was never made public. This resulted in 4.0.1 being the first release in the 4.0 release line.
Important: Before upgrading to this new major version you will need to first upgrade your Overleaf Server Pro instance to version 3.5.10 and migrate your projects to the new Full Project History system. Server Pro 4.0.0 will fail to start unless all the projects have been migrated.
Read Full Project History migration instructions.
This major release includes database migrations. Please ensure you have a database backup before upgrading.
MongoDB now needs to run as a Replica Set. If you use an external Mongo database, you might already be running a replica set. If you use the Overleaf Toolkit you just need to pull the Toolkit's latest version. If you don't use the Toolkit, please see the instructions at the end of these release notes.
We’ve also updated the version of Redis to 6.2. This change requires no action other than updating the image version. If you’re using the Overleaf Toolkit, add the environment variable REDIS_IMAGE=redis:6.2 to config/overleaf.rc (or update the version, if it was already defined). If you’re using a custom docker-compose.yml, change the redis container image to redis:6.2.
Overleaf Git integration – See the documentation for instructions to set up the git-bridge in your Server Pro install.
Enhanced Rich Text functionality – Rich-text commenting and tracked changes.
Support documentation for horizontal scaling, which allows for increased computing resources for large deployments
A new Source editor in addition to the Legacy editor will be available to users. (The Legacy editor will eventually be retired. If users have any feedback or issues, please fill out this form.) The new Source editor provides better accessibility, and better support for non-latin text.
Deleted projects and users can be automatically cleaned up after 90 days. This is an opt-in feature that can be enabled by setting the ENABLE_CRON_RESOURCE_DELETION environment variable to true. See the configuration documentation.
TeX Live 2023 is now the default version for instances not running Sandboxed Compiles.
The limit on a project’s editable content size (the sum of sizes of all editable files) has been increased from 5MB to 7MB.
General performance and stability improvements to the application, along with many small improvements and bug fixes.
The following instructions are not necessary if you use the Overleaf Toolkit or if you use an external Mongo database already configured as a replica set.
If you run MongoDB with docker-compose, add the following command to the mongo container configuration:
Restart the mongo container then start a mongo shell with docker-compose exec mongo mongo. In that shell, run the following command to initiate the replica set:
This is where you'll find all the technical documentation for Overleaf Server Pro and Overleaf Community Edition, our on-premises versions of Overleaf.
Overleaf is a collaborative LaTeX editor loved by researchers and tech teams. Our cloud version is available at overleaf.com. These docs are specifically for people interested in setting up and maintaining Overleaf Server Pro or Community Edition.
Both Server Pro and Community Edition run in Docker containers, isolating them from other applications on the same host. This provides an additional layer of security by preventing potential cross-application attacks.
They can run on air-gapped servers, which means they can be completely isolated from other networks, including the Internet. Docker provides tooling for transferring the application from an internet-connected to an air-gapped environment.
After the initial download, no internet connection is required, significantly reducing the risk of external threats.
Subscribe to our mailing list to get updates on:
New releases and features
Enhancements
Security patches
Release date: 2025-03-21
Server Pro Image ID: 2a15214c521f
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df
This is a security release, we updated internal dependencies used by SAML integration.
Release date: 2025-03-11
Server Pro Image ID: 72f7039d52c6
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df
Fixes access to Overleaf documentation when using a proxy for external requests.
Adds rate limiters to LDAP /login endpoint
Release date: 2025-01-29
Server Pro Image ID: 6df5c59837a8
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df
OVERLEAF_LOGIN_SUPPORT_TEXT can now be used to display support information underneath the login button. The text will be shown in the login screen and can be used to direct users to internal support or provide guidance related to logging in, creating accounts, etc.
V1_HISTORY_URL_FOR_GIT_BRIDGE allows separating the history-v1 endpoint for internal traffic (web service → history-v1 service, both in sharelatex container) and external traffic (git-bridge → history-v1, running in separate containers).
Fixed a bug where account deletion fails in certain situations where email service is not available.
Improve file upload processing. The disk-IO load of large instances can drop by up-to 50%.
Security updates to the base image and installed packages, along with improvements and bugfixes.
There are some changes in the languages supported by the spelling service.
Release date: 2024-10-24
Server Pro Image ID: a1b1852ac7bd
Community Edition Image ID: e187f0ff616c
Git Bridge Image ID: f09f6dbba5ee
Note: An issue was discovered with version 5.2.0, so it was never made public. This resulted in 5.0.1 being the first release in the 5.0 release line.
The following environment variables are now available:
LDAP: OVERLEAF_LDAP_IS_ADMIN_ATT and OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE
SAML: OVERLEAF_SAML_IS_ADMIN_FIELD and OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by the identity provided contains OVERLEAF_LDAP_IS_ADMIN_ATT/OVERLEAF_SAML_IS_ADMIN_FIELD, and its value is either:
Equals to OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
An array containing OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
Chat feature can be disabled with OVERLEAF_DISABLE_CHAT=true
SAML Audience, which defaults to OVERLEAF_SAML_ISSUER can now be configured with OVERLEAF_SAML_AUDIENCE
Fixes anonymous users accessing a project via read-write link not being able to create labels in the history panel.
Fixes some scenarios where users are unable to change the TeX Live version in the editor (Server Pro only)
Admin: searching users by domain now display admins users.
Admin: a num_active_users metric with the count of active users is now available via /metrics.
Admin: editor resources checks are no longer part of the Launchpad main screen.
Many small improvements and bug fixes.
Release date: 2024-08-13
Server Pro Image ID: cb82f2debf6f
Community Edition Image ID: 28f666f253f8
Git Bridge Image ID: 4cd4bea6fb01
Fixes TexLive version selection after a version of TexLive is removed from ALL_TEX_LIVE_DOCKER_IMAGES.
Fix for invalid URLs returning 500 instead of 400.
Fix SAML SSO when using POST request to the Identity Provider when CSP are enabled.
Removed Editor Resources check from launchpad, which has been broken for a while and wasn't providing any value.
/metrics and /health_check now return 404.
Security update to prevent remote image loading in Visual Editor.
Release date: 2024-07-17
Server Pro Image ID: 7216db608356
Community Edition Image ID: 41a77f59f69e
Git Bridge Image ID: 4cd4bea6fb01
MongoDB 5 is reaching end of life on October 2024. All customers should upgrade to MongoDB 6.0. Follow the link to the official documentation for instructions.
Toolkit users now need to split the MongoDB image between MONGO_IMAGE (with just the image name) and MONGO_VERSION in their config/overleaf.rc file.
Example:
Please ensure you have a consistent database backup before upgrading.
AOF (Append Only File) persistence is now the recommended configuration for Redis persistence.
Redis documentation in the Overleaf wiki.
Toolkit users have AOF persistence enabled by default for new installs. Existing users are recommended to follow the instructions on the official documentation to switch to AOF:
docker-compose v1 has reached its End Of Life in July 2023 (https://docs.docker.com/compose/migrate/). Support for docker-compose v1 in the Overleaf Toolkit will be dropped with the release of Server Pro 5.2. We recommend upgrading to Docker Compose v2 before then.
SAML: multiple certificates are now supported. You can now set a list of comma-separated certificates in OVERLEAF_SAML_SIGNING_CERT and OVERLEAF_SAML_CERT
CSP (Content Security Policy) is now enabled by default. It can be disabled adding OVERLEAF_CSP_ENABLED=false to config/variables.env.
Fixes a bug where projects created before enabling the templates feature couldn't be published as templates.
Fixed spacing in project list footer.
Fixed post-login redirection when login after clicking the "Log in" button in the header.
Removed support for running LaTeX compiles with Docker-In-Docker in Server Pro. Sandboxed compiles using "sibling" containers is not affected by this.
TeX Live images, as used for Sandboxed Compiles, need to be pulled outside of Server Pro now. All customers have been granted read access to quay.io/sharelatex/texlive-full.
The Overleaf Toolkit is pulling all configured images as part of bin/up. You can disable the automatic pulling using SIBLING_CONTAINERS_PULL=false in your config/overleaf.rc file.
Stricter and faster graceful shutdown procedure for the Server Pro container
The environment variable SYNCTEX_BIN_HOST_PATH is no longer used by the application
We are sunsetting window properties like window.project_id. If you need access to any of these, please reach out to support@overleaf.com to discuss options.
Significant reduction in Docker image size for Server Pro and CE
Security updates to the base image and installed dependencies.
Minor improvements and bugfixes.
Release date: 2024-07-12
Server Pro Image ID: a8c301474a4d
Community Edition Image ID: 6f3e55a67fd5
Git Bridge Image ID: 455a8c0559a4
This is a security release. We added stricter controls for accessing project invite details and locked down access to files via the LaTeX compilation service.
We strongly recommend turning on the Sandboxed Compiles feature in Server Pro.
Release date: 2024-06-20
Server Pro Image ID: c9de60b06959
Community Edition Image ID: 46bb44d4215d
Git Bridge Image ID: 455a8c0559a4
This is a security release. We added stricter controls for creating projects from ZIP URLs.
Release date: 2024-06-11
Server Pro Image ID: 60da5806f83e
Community Edition Image ID: 46bb44d4215d
Git Bridge Image ID: 455a8c0559a4
This is a security release. We added stricter controls to prevent arbitrary CSS loading in the project editor.
Release date: 2024-05-24
Server Pro Image ID: b0db0405a7ce
Community Edition Image ID: abcec6efbbf7
Git Bridge Image ID: 455a8c0559a4
This release provides security updates, bug fixes, and performance enhancements, including:
Stricter controls to prevent arbitrary JavaScript execution in the browser.
Updated libraries to enhance security and performance.
Release date: 2024-04-24
Server Pro Image ID: dc88a9ade14d
Community Edition Image ID: b4712d596c75
Git Bridge Image ID: 455a8c0559a4
This release builds up on 5.0.2 and includes the second revision of the recovery process for doc versions.
If you never ran Server Pro version 5.0.1 or Community Edition version 5.0.1, or you started a brand new instance with 5.0.1, you do not need to run this recovery process. Please see the Bugfixes section for Server Pro 5.0.2 below for details on the need for a recovery and follow the updated wiki page on the recovery process.
2024-04-22: We are retracting version 5.0.2. We have identified a few corner cases in the recovery procedure for docs.
2024-04-24: Server Pro version 5.0.3 sports fixes for the previously identified corner cases.
Release date: 2024-04-22
Server Pro Image ID: 06eed5680340
Community Edition Image ID: 9f018f899ba5
Git Bridge Image ID: 455a8c0559a4
Server Pro 5.0.2 is a security release for the application runtime.
The Node.js runtime has been upgraded to 18.20.2. Check their release notes (18.20.1, 18.20.2) for more information.
Fixes database migration that resulted in the loss of doc versions. These are used by the history system and their loss resulted in the history system skipping over updates effectively resulting in no further changes to the history view and git-integration. This release fixes the database migration and also sports a recovery process for instances that ran release 5.0.1. If you ran version 5.0.1, please take a look at the dedicated doc version recovery process.
Fixes references and templates services on Docker 26 IPv6.
Adds bin/flush-history-queues and bin/force-history-resyncs utility scripts.
2024-04-18: We have identified a critical bug in a database migration that causes data loss. Please defer upgrading to release 5.0.1 until further notice on the mailing list.
2024-04-24: Server Pro 5.0.3 has been released with a fix and recovery process that does not need access to a backup. See details above.
Release date: 2024-04-02
Server Pro Image ID: 0d28770b4692
Community Edition Image ID: ee69bf0baddf
Git Bridge Image ID: 455a8c0559a4
This major release includes the following changes:
Required database upgrade from MongoDB 4 to MongoDB 5
Rebranding of SHARELATEX_* to OVERLEAF_* environment variables
Rebranding of filesystem paths from ShareLaTeX brand to Overleaf brand
Important: the Toolkit will help migrating your configuration, please follow the prompts of bin/upgrade.
MongoDB 4.4 has reached end of life on February 2024. All customers should upgrade to MongoDB 5.0 before upgrading to the 5.0 release line.
The release also includes migrations that update the database in a backwards incompatible format.
Please ensure you have a consistent database backup before upgrading. In case of roll-back, you will need to restore the database backup. Server Pro 4.x is not capable of reading the new format, which can result in data-loss or broken projects.
Environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*. Overleaf Toolkit users should be prompted to perform the migration when running bin/upgrade, and warnings will be printed when trying to run the Overleaf instance with the incorrect configuration.
Filesystem paths have also been rebranded from ShareLaTeX brand to Overleaf brand:
/var/lib/sharelatex -> /var/lib/overleaf
/var/log/sharelatex -> /var/log/overleaf
/etc/sharelatex -> /etc/overleaf
Filesystem changes are automatically handled by the Overleaf Toolkit. Otherwise, make sure bind-mount targets are updated to refer to the Overleaf equivalent, e.g.
docker-compose/yml before:
docker-compose.yml after:
Added support for using IAM credentials when using AWS S3 for project/history files
Server Pro will refuse to start when using an older version of MongoDB
Fixes a scenario in which the share project modal doesn't display the link-sharing links immediately after turning on the feature
All services are now using IPv4 in the container
Container image upgrade from Ubuntu 20.04 to 22.04 LTS
Security updates to the base image and installed packages, along with improvements and bugfixes.
Get the most from installing Overleaf by preparing thoroughly.
Before you install Overleaf, it's important to familiarize yourself with the requirements, installation process, configuration options, and upgrade sections of this documentation. It's also crucial to have a solid understanding of your organization's requirements for using Overleaf and the necessary underlying infrastructure needed for its successful operation.
Understand the requirements for running Overleaf. This involves evaluating your organization's existing server environment, network capabilities and storage resources. Ensure that your infrastructure meets or exceeds the specified requirements outlined in this documentation.
Before initiating the installation process, ensure you have administrative access to the server where you intend to deploy Overleaf. This may involve coordinating with your IT team or system administrators to obtain the necessary permissions and resources. Additionally, review any security considerations or network policies that might impact the installation.
If you encounter any problems, we recommend first consulting the troubleshooting section of the documentation as it contains common issues and required information needed by the support team if you need to reach out for assistance.
By following these steps and thoroughly reading the documentation, you'll be well-prepared to install, configure, and maintain Overleaf according to your organization's requirements. Remember that a solid understanding of your infrastructure and the installation process is key to a successful deployment.
Installing Overleaf requires the right skills, as well as particular hardware and software.
Make sure you read this section thoroughly before proceeding with any installation of Overleaf.
We strongly recommend you run Server Pro on a recent version of Ubuntu, with a recent version of Docker. It's possible to run Server Pro on many other systems, but it will be much more difficult for us to offer support for systems that are far from the default Ubuntu/Docker setup. We also can't offer support for problems with Docker itself.
(Community Edition Image ID: 8e1bae81acac)
Use both 2016 and 2017 versions of texlive, for backward compatibility
Update texlive to 2017.1
Use https for the learn-wiki proxy by default
New administration interface
Package-aware Autocomplete
Various bug fixes and performance improvements
Upgraded all internal services to latest node-js runtime
Per-User Track Changes
Improved Autocomplete
Improved Spellcheck
Fixed an issue with creating templates
Various bug-fixes and improvements
For the best experience when running Overleaf, we highly recommend using a Debian-based operating system, such as Ubuntu. This choice aligns with the software's development environment and is the preferred option among the majority of Overleaf users.
When using Server Pro with Sandboxed Compiles, it's important to note that the application requires root access to the Docker socket.
Both Server CE and Server Pro currently support the following versions of dependencies:
Docker 23.0 (ends 19 May 2025), 25.0, 26.1 and 27.2+
MongoDB 6.0
Redis 6.2
MongoDB and Redis are automatically pulled by docker compose when running Server CE or Server Pro, unless configured to use a different installation.
The Toolkit depends on the following programs:
bash
Docker
docker compose is required and is generally installed with Docker.
We recommend that you install the most recent version of Docker that is available for your operating system.
Once Docker is installed correctly, you should be able to run these commands without error:
Updates to this page:
(2024-04-22 13:40 BST): Added step "Stop new updates from getting into the system and flush all changes to MongoDB".
(2024-04-23 11:45 BST): Account for broken flushes in 5.0.1 and skip flushes when 5.0.2 was started.
The duration of the recovery will depend on the number and size of projects in your instance and the storage backend used by the history store for chunks (as defined in OVERLEAF_HISTORY_CHUNKS_BUCKET).
The recovery process will delay the application start inside the Server Pro container. The site will appear offline during that time. We only support running the recovery from a single instance of the Server Pro container, all other horizontal scaling workers need to be offline.
You can stop and resume the recovery process if needed.
Based on our performance tests, the recovery process can process approximately 10k small projects per minute on modern hardware (3GHz CPU clock speed and local NVMe storage). As an example, for an instance with 100k projects, schedule a maintenance window that allows at least 10+2min of downtime. Use the following query to estimate the number of projects in your instance:
Please read the following recovery steps in full before you start. Server Pro customers are more than welcome to reach out to support@overleaf.com with any questions.
Stop new updates from getting into the system and flush all changes to MongoDB:
Close the editor and disconnect all users manually via the admin panel on https://my-server-pro.example.com/admin#open-close-editor in the "Open/Close Editor" tab.
Stop the Websocket/real-time service.
Wait for the real-time service to exit, as indicated by down:.
Stop the git-bridge container if enabled.
If you never ran 5.0.2: Issue a manual flush for document updates and wait for it to finish with success.
You can repeat the command on error. In case you see a non-zero failureCount in successive runs, please stop the migration (restore the services via docker restart git-bridge sharelatex) and reach out to support.
If you never ran 5.0.2: Ensure that all changes have been flushed out of redis.
If you get any output from redis-cli, please stop the migration (restore the services via docker restart git-bridge sharelatex) and reach out to support.
Try to flush any pending history changes.
This will need to be a best effort flush as some projects have broken histories due to the bad database migration. Any failures will be addressed with a re-sync of the history at the end of the recovery process.
Validate the recovery process by opening the history pane for a few of the projects with previously missing history.
Expedite the resync for the projects to test (They will get processed eventually, but we do not want to wait for them to get their turn.)
(Repeat with each of the project-ids to test, replace 000000000000000000000000 with one project-id at a time.)
Open the project editor for the projects https://my-server-pro.example.com/project/000000000000000000000000
Open the "History" pane for the project and see the latest content.
Optional: Close the "History" pane again. Make a code change, such as adding a comment to the header.
Optional: Issue a re-compile to trigger a flush of the local change. Open the "History" pane again and see the change. When done, undo the change.
Please keep the instance running that executed the recovery process. It will resync the history for all projects in the background with a concurrency of 1. This will result in slightly elevated base load. (You can restart the instance, but it will need to start over with the resyncs.)
When provisioning hardware to run Overleaf, the main factor to consider is how many concurrent users will be running compiles.
For example, if you have a license for 100 total users, but only expect ~5 to be working at the same time, the minimal install will be sufficient. If you expect a higher proportion to be working (and compiling) simultaneously, you should consider provisioning a server with a higher specification.
A minimum base requirement of 2 cores and 3GB memory is required for basic operations with around 5 concurrent users. This minimum requirement will also be sufficient for larger groups where there is less concurrent usage, or where it is OK for compile times to be longer during heavier usage.
As a rule of thumb, to provide a high and consistent level of service, 1 CPU core and 1GB of memory should be added to the minimal install for every 5-10 concurrent users.
This should only be taken as a guide, as factors such as the size of typical documents (larger documents use up more compile resources), how often users compile, and what tolerance there is for longer compile times during heavy usage, all affect the level of provisioning required.
Many of our customers look to deploy Server Pro organization wide, or across large teams. In those situations, it's difficult for us to advise on specific setup requirements, because the use cases and underlying hardware available can be quite varied.
We advise against using Network File System (NFS)/Amazon EFS/Amazon EBS for project/history storage in larger setups and explicitly do not support it for horizontal scaling.
The behavior of these file systems is not providing the necessary performance and reliability that Server Pro needs when running at a high scale. When the file system cannot keep up with the load, the application stalls from too many blocking IO operations. These stalls can lead to overrun Redis-based locks, which in turn can result in corrupted project data.
By default, Overleaf Server instance limit the number of connections to 768. This includes persistent Websocket connections, top-level HTML navigation and ajax requests. Once the limit is hit, the editor might not be able to connect, the editor page might not load entirely and compile requests can fail. Nginx will return status 500 responses and log worker_connections are not enough while connecting to upstream into var/log/nginx/error.log inside the sharelatex container.
Nginx doesn't do much work compared to other parts of the system, so these limits act as a safety preventing too many connections from overwhelming the system. It's preferable to drop some excess connections early rather than slowing down every connection.
Overleaf Server instances expose environment variables for adjusting these nginx settings:
LaTeX is a single threaded program, meaning it can only utilize one CPU core at a time. The CPU is also the main limitation when compiling a document. Therefore the faster the single core performance of your CPU the faster you will be able to compile a document. More cores will only help if you are trying to compile more documents than you have free CPU cores.
Fix bug in Sibling Containers feature
Basic auto-complete for \ref{} commands
Assorted bug fixes
Fix bug with login redirect flow
Enable Track Changes for all users
Various bug fixes
Protect user settings pages with "Sudo Mode", Users will be prompted for their password when accessing the settings page.
Handle errors in History feature
Various bug fixes
Various bugfixes
Fixed an issue where logins were not being counted for LDAP users
Internal improvements to page rendering
New Launchpad page to help with first setup: (/launchpad)
Fixed an issue with project invites and Saml
Various bugfixes
Fix a bug where the /register link in nav-bar was not being hidden when using an external auth source.
Correct an issue with LDAP configuration, requiring upgrade to a new configuration format.
Add an option to restrict project invites to existing user accounts
New SAML integration option, link ShareLaTeX to SAML/Shibboleth/etc.
Improved LDAP integration, no configuration changes required
Code Check mode, shows tex errors in the editor
Improved support for plain-text emails
Show the current user email in the "Account" dropdown
Improved project search
Better cookie expiry behaviour
Improved spell-check underline effect
Old user accounts are automatically upgraded to modern feature set
All configuration of ShareLaTeX is now done via Environmental variables.
Much better LaTeX error parsing, include errors in .bbl files
Snappier feedback when changing image
Tags/folders can be deleted and renamed via side menu
Clone and zip uploads speed improvement
User is warned about overwriting files
Synctex is more acurate.
Prevention against massive projects effecting system
Multiple small bug fixes
Documents are now stored in their own collection, making projects thiner
Word count
lots of stability work including:
Better handling of poor connections over websockets
Seperation of web and api routes
0.1.3 was mostly bug fixes. The notable thing for users running upgrading from old versions in 0.1.4 is user management, and the addition and removal of some settings parameters:
Public registration is now removed in the open source version. It is a significant security risk to allow public access to a LaTeX installation on your server, and most users have request some for of private user management. See [[Creating and managing users]] for an overview of how it now works.
appName - This should be set to the name of your ShareLaTeX install. E.g. "Acme Inc's ShareLaTeX Server".
adminEmail - The contact email address of whoever is responsible for running the server.
websocketsUrl - This was the source of most problems with 0.1.2 and 0.1.3 so has been removed. The web service now proxies to the real-time service so the client does not need to know where to find it.
First make sure you actually have the real-time service installed:
You should add a new line to your config file to include the new websocketsUrl parameter:
This should be the same as your siteUrl.
In development the editor connects to the real-time service at http://localhost:3026, a separate end point from the web service, hence the need for a configurable parameter. In production you likely have a reverse proxy set up, and need to forward any requests to /socket.io onto the real-time service rather than the web service.
See the [[Nginx as a Reverse Proxy]] page for an Nginx example, particularly the location /socket.io block.
A new option, keep the pdf view in sync while you type
A new feature, replacing the public/private permissions system
Enable SES email configuration via
The includes a handy script that produces a report pointing to any unfulfilled dependency.
Consider taking a of the instance.
If you are considering using a NFS (Network File System) based file system for your small instance please have a look at this section in the section.
If you have installed Overleaf at your organization and would like to share details of your setup to help us add to this section, please .
Customers who are exceeding the limits of a single large server can take a look at for Server Pro.
We advise using instead. Slow S3 performance in turn only affects the upload/download of files, which only leads to an elevated number of open connections to your S3 provider and in turn does not affect the behavior of the rest of the application. Additionally, Server Pro can specify reasonable timeouts on S3 requests, which is not possible for file system/IO operations at the application level.
For reference, GitLab is following a similar stance of with its self-managed offering.
The setting limits the number of concurrent connections nginx will accept per worker. The number of workers is controlled by the setting and is set to 4 by default in our nginx configuration.
NGINX_WORKER_PROCESSES for (default 4)
NGINX_WORKER_CONNECTIONS for (default 768)
NGINX_KEEPALIVE_TIMEOUT for (default 65)
Default value NGINX_KEEPALIVE_TIMEOUT, use (default value in upstream) in nginx-host
Custom value NGINX_KEEPALIVE_TIMEOUT=100s, use (custom value in upstream) in nginx-host
New feature
Sandboxed Compiles with
Fix an issue with option
Option to have user details updated on every login (LDAP and SAML)
The most significant change in this update is the inclusion of a new service which handles the editor websocket connections. These were previously handled by the web service. If you are upgrading from a previous version of ShareLaTeX, there are some things you may need to update to get it all working:
If you're running a Server Pro installation for 300 total users, and regularly expect 30-60 of those users to be compiling documents at the same time, 8GB and 7 Cores (5 cores + 5GB + base of 2 cores & 3GB) should provide sufficient resources for your users to have a consistently high level of service.
To give an example of the hardware requirements for a larger deployment, a Server Pro installation for 1,000 total users has been set up successfully using a single server provisioned with two 4-core processors and 32GB of system memory. This has been sufficient for the team’s needs over the past year of usage.
The Toolkit is the recommended way to deploy and manage Overleaf Server CE and Server Pro instances.
In this section we will guide you through downloading the Toolkit from GitHub, familiarizing yourself with some of the Toolkit's commands and configuring some basic settings. By the end of this page you should have a running on-premises instance over Overleaf.
The Server Pro infrastructure comprises four primary services: sharelatex, git-bridge (optional), mongo and redis. The sharelatex service, which runs the main Server Pro application, depends on the mongo and redis services for its database and caching/real-time functionalities and the git-bridge to handle the Git integration (optional). The only port published on the host machine is port 80, which is by the sharelatex container.
Server Pro also optionally supports S3 compatible storage for project files and full project history as well as being able to proxy access to the main Overleaf documentation site. For more information, see our guide on Adding LaTeX user help pages.
For Sandboxed Compiles, the sharelatex container will orchestrate the creation of new containers to handle project compiles, it does this via the Docker socket on the host machine. You can read more about the editor and end-to-end compile/caching process here.
Communication between containers is facilitated through Docker's internal DNS resolution via a dedicated bridge network, and no firewalls are enabled. By default, the above services use their respective standard ports but are configurable by environment variables. The sharelatex container uses port 80 for external web access (served by Nginx), the mongo container uses port 27017 and redis uses port 6379.
For customers using our managed solution Overleaf Toolkit, you can optionally enable a TLS proxy for terminating HTTPS connections using Nginx via an environment variable. Alternatively, you can use your existing TLS proxy.
Outside the Docker network, only port 80 is accessible and bound to Nginx.
Note: The sharelatex container runs many services that communicate with each other via HTTP. However, these ports are not accessible from outside the Docker network.
Inside the Docker network, Overleaf services, MongoDB, Redis and Git Bridge can talk to each other freely.
Inside Sandboxed Compiles containers, no network is available.
The Overleaf Toolkit is the recommended deployment method for on-premises installations of the Community Edition and Server Pro and has been designed to work with the most common environment: a single physical server or virtual machine. The Toolkit uses docker compose to manage your server's Docker containers and provides a set of scripts which wrap docker commands to assist with the more technical side of managing an on-premises version of Overleaf.
bin/docker-compose wrapperThe bin/docker-compose script is a wrapper around docker compose. It loads configuration from the config/ directory, before invoking docker compose with whatever arguments were passed to the script.
You can treat bin/docker-compose as a transparent wrapper for the docker compose program installed on your machine.
For example, we can check which containers are running with the following:
In addition to bin/docker-compose, the Toolkit also provides a collection of convenient scripts to assist with common tasks:
bin/up: shortcut for bin/docker-compose up
bin/start: shortcut for bin/docker-compose start
bin/stop: shortcut for bin/docker-compose stop
bin/shell: starts a shell inside the sharelatex container
bin/doctor: script used to gather installation and deployment information. See Checking your server section below
bin/mongo: starts a shell inside the mongo container and switch to the correct database (sharelatex)
bin/backup-config: used to create a copy, zip or tar of your current configuration and then store in a destination directory of your choice
bin/logs: script used for easily viewing/tailing service logs
bin/error-logs: script used for easily viewing/tailing service error logs
bin/rename-env-vars-5-0: migration script used to update environment variables in config/variables.env as part of the re-branding from ShareLaTeX to Overleaf
bin/rename-rc-vars: migration script used to update environment variables in config/overleaf.rc as part of the re-branding from ShareLaTeX to Overleaf
bin/run-script: helper script used to simplify running scripts that are stored within the sharelatex container
bin/upgrade: script used to assist with instance upgrades. The script with check for updates to the Toolkit code (via git) and offer to pull any new changes. It will then check for the latest available version of the Docker image currently in use and offer to update it. The script provides step-by-step confirmation, the option to take a backup of current configuration and handles the stopping/starting of Docker services. See Upgrading your deployment for more information.
The Overleaf Toolkit includes a handy script called bin/doctor that produces a report pointing to any unfulfilled dependency.
Before we continue any further, let's run the bin/doctor script and check that everything is working correctly.
We should see some output similar to this:
First, we see some information about the host system (the machine that the Toolkit is being run on), then some information about dependencies. If any dependencies are missing, we will see a warning here. Next, the doctor checks our local configuration. At the end, the doctor will print out some warnings, if any problems were encountered. For example, if you're running end-of-life versions of Docker or Docker Compose.
If you run into problems with running the Toolkit, you should first run the bin/doctor script and check it's output for any warnings.
The recommended way to deploy and manage Overleaf Server CE and Server Pro instances is via the use of the Toolkit.
The Toolkit simplifies the creation of your Overleaf instance through the use of some custom scripts that abstract away the orchestration of required microservices. Simply run the bundled initialization script, provide a few configuration options like your persistent storage paths, and the Toolkit will take care of provisioning and connecting the microservices that make up your Overleaf Server CE or Server Pro instance.
This leaves you free to focus on customizing the user experience and implementing the specific features that make up your on-premise instance. The Toolkit handles all the complexity behind the scenes, enabling a simplified deployment of your Overleaf instance.
Inside the Overleaf container, the software runs as a set of microservices, managed by runit. Some of the more interesting files inside the container are:
/etc/service/: initialization files for the microservices.
/var/log/overleaf/: logs for each microservice.
/overleaf/services/: code for the various microservices.
/var/lib/overleaf/: the mount-point for persistent data (corresponds to the directory indicated by OVERLEAF_DATA_PATH on the host).
Overleaf depends on two external databases: MongoDB and Redis. By default, the Toolkit will provision a container for each of these databases, in addition to the Overleaf container, for a total of three Docker containers.
In this section we'll provide a broad overview for the handling of documents and the compile process.
Components/Actors:
user
A user of the application
editor
The client application running in the browser
clsi
The micro service used for compiling PDFs
document-updater
The micro service used for processing document updates
filestore
The micro service handling binary files
real-time
The micro service used for handling web sockets
web
The (not so) micro service used for handling API requests
user: loads editor page
editor: opens web socket
editor: sends request to open a document via web socket
real-time -> document-updater: document is loaded from MongoDB into Redis
editor: sends document update via web socket
real-time -> document-updater: document is updated in Redis
editor: sends more compile requests
After 5 minutes have passed since last flush (per doc):
document-updater: flush doc from Redis to MongoDB
editor: sends more updates
every 100 updates (per doc):
document-updater: flush doc history from Redis to MongoDB
user: leaves the editor/closes browser tab
5 minutes later
real-time: checks for other collaborators, if there are none:
real-time -> document-updater: flushes docs from Redis to MongoDB
document-updater -> web -> docstore: read from MongoDB
document-updater -> web -> docstore: write into MongoDB
editor: sends compile request with sync-mode set to "full" compile
web -> document-updater: any documents are flushed from redis into MongoDB
web -> docstore: all documents are downloaded from MongoDB
web -> clsi: compile request is sent to clsi, including:
the sync-mode
a hash of the file tree -> the "project state"
all docs with their content -> subject to 7MB request body limit
binary file URLs for separate downloading
clsi: check on-disk state with sync-mode and "project state"
this is a full sync, so we can ignore what was previously written
clsi: cleanup compile dir
clsi: write all docs into compile dir
clsi: write all binary files into compile dir
clsi copies the files from a per project local cache
on cache miss:
clsi->filestore: download files
clsi: write the "project state"
clsi: ensure docker container exists with desired config
build container options, includes texlive version
hash options
container name: project-<project-id>-<user-id>-<hash>
clsi: start container and stream stdout/stderr into memory -> limit 2MB
clsi: leave stopped container behind -> cleaned up after 24h
clsi: write stdout/stderr to disk
clsi: copy output files into unique output directory
build-id composed of 8 random bytes plus timestamp in ms precision
delete all but last 3 (anonymous)/ 1 (logged in user) build folders
clsi: compile was failure/timeout
delete compile cache - it may have partial files/corrupted cache
editor: downloads output.log and output.pdf
editor: sends compile request with sync-mode set to "incremental" compile
web -> document-updater: get any documents from redis
the "project state" hash is also stored in redis
web sends the hash of the file tree to document-updater and document-updater can turn the incremental compile into a full compile on mismatch
see compile process as performed when 'editor requested "full" compile'
web -> clsi: compile request is sent to clsi, including:
the sync-mode
a hash of the file tree -> the "project state"
all docs from redis with their content -> subject to 7MB request body limit
no binary fines
clsi: check on-disk state with sync-mode and "project state"
this is an incremental sync, so the "project state" must match
on mismatch: respond with 409, let web retry with "full" sync
see compile process as performed when 'editor requested "full" compile'
clsi: write updated docs into compile dir
clsi: ensure docker container exists with desired config
build container options, includes texlive version
hash options
container name: project-<project-id>-<user-id>-<hash>
clsi: start container and stream stdout/stderr into memory -> limit 2MB
clsi: leave stopped container behind -> cleaned up after 24h
clsi: write stdout/stderr to disk
clsi: copy output files into unique output directory
build-id composed of 8 random bytes plus timestamp in ms precision
delete all but last 3 (anonymous)/ 1 (logged in user) build folders
clsi: compile was failure/timeout
delete compile cache - it may have partial files/corrupted cache
editor: downloads output.log and output.pdf
editor: observes a compile failure, next compile is a "full" compile
editor: observes a compile success, next compile is an "incremental" compile
Whether you're a researcher interested in running the Community Editition in your trusted workgroup or an enterprise organisation wanting to integrate Server Pro into your existing infrastructure, to get started, we always highly recommend setting up your new instance using our Toolkit with the default Community Edition image as doing so is a great way to familiarize yourselves with the platform's requirements and helps ensure a smooth when deciding to upgrade to Server Pro.
Like the Community Edition, Server Pro comes as a Docker container and is a direct drop in replacement and additionally includes features such as SSO provided via LDAP and SAML2, improved security, tracked changes, comments, our optimized version of TeX Live, templates and administration panel.
Once you've depolyed the Community Edition using the Toolkit and familiarized yourself with the application, you can easily switch to Server Pro by following the instructions here.
The Toolkit is compatible with both the Server CE and Server Pro and is the recommend installation method. Using the Toolkit will allow you to easily get started with Server CE and seamlessly upgrade to Server Pro if required.
To install the Toolkit you'll need to navigate to the intended installation path and then clone the Overleaf Toolkit GitHub repository using this command:
Wait for the cloning process to complete then let's switch into the newly created overleaf-toolkit directory:
If you're a Server Pro customer please continue with the next steps to log into our image repository and change the Toolkit configuration to use the Server Pro image. If not, you can skip this section and move on to the personalizing your instance step.
You will have been supplied with a set of credentials when you signed up for a Server Pro license.
If you're deploying an on-premises version of Overleaf for the first time we highly recommend first setting up the Overleaf Toolkit with the Community Edition before switching to Server Pro as this will help you get familiarized with the process.
As Server Pro can be used as a drop-in replacement for the Community Edition you'll be able to use all your existing settings and customizations. When you're ready, Toolkit deployments can enable Server Pro by editing the config/overleaf.rc file and changing the SERVER_PRO environment variable to true.
The next time you run bin/up, the Toolkit will automatically download and use the Server Pro image.
If you're upgrading from the Community Edition to Server Pro you can do that now. If not, please move onto the next step in the deployment guide to personalize your instance.
Before we start your Overleaf instance for the first time we're going to update the config/variables.env configuration file with your custom information.
Open the config/variables.env file using your favourite text editor and update each of the following environment variables with the required information.
Once you have updated these environment variables, save and quit - you're now ready to start your instance for the first time.
To start your instance run the following command:
This command will download all the required images, create the containers (using your customizations) and start up the instance. You should see some log output from the various Docker containers. You can start them up again (without attaching to the log output) by running bin/start.
That's it for the initial part of installation. You can now move onto the Post installation tasks where you'll create your first administrator account and First example project.
Let's initialize our new server's configuration files with some sensible defaults by running the bundle bin/init script.
This script will not overwrite any existing configuration files.
Now let's check the contents of the config/ directory using the ls command:
If everything was successfully initialized you should see three configuration files overleaf.rc, variables.env and version. These are the main server configuration files and allow you to customize how your server operates and how your users interact with your instance.
Server Pro is distributed as a Docker image on the registry: quay.io/sharelatex/sharelatex-pro
First use your provided credentials to log in to the repository:
Then run bin/docker-compose pull to pull the Server Pro image from the registry.
These credentials do not provide access to the website.
We recommend not changing files outside of the /config folder directly. Instead, if you need to make changes, they can be done via environment variables set in either config/variables.env or config/overleaf.rc. For example, to set the mongo service image, rather than manually editing lib/docker-compose.mongo.yml file, you can set the image using the environment variable MONGO_IMAGE in config/overleaf.rc. For more information see the page.
If all goes well, you should be able view the log in page for your new Overleaf instance by navigating to or in your browser.
Depending on your network configuration and where your Overleaf instance is being hosted you may need to make some additional configuration changes. See the section for more details.
For now, it's enough to know that these files exist and where you can find them. Later in the documentation we'll go through each of the files in more detail and explain how you can customize your instance using them. If you want to skip ahead you can see a full breakdown of these configuration files on the .
bin
This folder contains a collection of scripts that help you manage your Overleaf server instance. You can read more about these scripts in our Commands section below.
config
This folder contains your own local configuration files.
lib
This folder contains base configuration files used by the Toolkit.
data
By default this folder contains the storage location for MongoDb, Redis and Overleaf. For more information see Persistent data section below.
OVERLEAF_SITE_URL
Where your instance of Overleaf is publicly available. This is used in public links, and when connecting over websockets, so must be configured correctly!
https://overleaf.lilliput.com
OVERLEAF_EMAIL_FROM_ADDRESS
This email address will be used as the from address for all outgoing emails.
no-reply@lilliput.com
OVERLEAF_ADMIN_EMAIL
The email address where users can reach the person who runs the site.
it-services@lilliput.com
overleaf.rc
The main top-level configuration file.
variables.env
Environment variables loaded into the Docker container.
version
The version of the Docker image to use.
Overleaf Community Edition and Server Pro have both been architected to work offline, which means that it may not always be possible to reach the quay.io registry to pull the required sharelatex , sharelatex-pro and TeX Live images. This is not a problem as Docker provides tooling for exporting and importing images that will help you with an offline/air-gapped deployment.
At a high level, you'll download the required images on a device with internet connectivity, export them to a portable device (or transfer them using SCP/Rsync), and import them on the air-gapped server.
To do this, you'll need to complete the following steps:
Pull all the required images (sharelatex, sharelatex-pro, git-bridge, mongo, redis + any required TeX Live images for use with Sandboxed Compiles) on a machine with internet connectivity
docker pull quay.io/sharelatex/sharelatex-pro:5.1.1
docker pull quay.io/sharelatex/git-bridge:5.1.1 (tag must be the same as sharelatex-pro)
docker pull mongo:6
docker pull redis:6.2
docker pull quay.io/sharelatex/texlive-full:2024.1
For each of the pulled images, you'll need to then export them to a .tar file. For example, docker save quay.io/sharelatex/sharelatex-pro:5.1.1 > sharelatex-pro:5.1.1.tar
Using your preferred method, transfer the .tar files from your internet-connected machine to the offline/air-gapped server
For each of the .tar files, use the docker load command to load the image from the .tar file. For example, docker load < sharelatex-pro:5.1.1.tar
Finally, run the docker images command to view/confirm the loading of images was successful and that they are available
By default, when you run the bin/up command, the Toolkit will attempt to automatically pull each of the TeX Live images set via ALL_TEX_LIVE_DOCKER_IMAGES in config/variables.env. As your deployment is air-gapped this will fail -- you can stop this by using SIBLING_CONTAINERS_PULL=false in config/overleaf.rc.
In a browser, open http://localhost/launchpad. You should see a form with email and password fields. Fill these in with the credentials you want to use as the administrator account, then click Register.
Then click the link to go to the login page (http://localhost/login). Enter the credentials. Once you're logged in, you'll see the welcome page.
Click the green button at the bottom of the page to start using Overleaf.
Open http://localhost/project in your browser and you will see a button prompting you to create your first project.
Click this button, select Example Project, and follow the on-screen instructions.
You will be taken to the new project, where you will see a text editor and a PDF preview.
To finish you can click on the Home icon to return to your projects page.
To save bandwidth, both the Overleaf Community Edition and Server Pro images only come with a minimal install of TeX Live. You can install more packages or upgrade to a complete TeX Live installation using the tlmgr command in the sharelatex container.
The following instructions only apply to Community Edition installations. We highly recommend that Server Pro users enable Sandboxed Compiles as this provides users with access to the same TeX Live images used on overleaf.com as well as providing isolation between project compiles for enhanced security.
To start a shell inside the sharelatex container, run
You will get a prompt that looks like:
In the following instructions, we will assume that you are in the container.
TeX Live is released every year around the month of April. Steps for using tlmgr are different depending on whether you are using the current release or an older one. You can check which version of TeX Live you are running with tlmgr --version. For example, this installation runs TeX Live 2021:
If you are running an older TeX Live version, you have two options. A new version of the Overleaf Docker image is usually released shortly after a TeX Live release, you can either wait for it and upgrade your deployment using bin/upgrade script, or, if you prefer to keep the older TeX Live release, you will first need to tell tlmgr to use a historic repository. You will find instructions for doing so here.
To install a complete TeX Live installation, run this command inside the sharelatex container:
You can also install individual packages manually:
From 3.3.0 release onwards running tlmgr path add is required again after every use of tlmgr install, in order to correctly symlink all the binaries into the system path.
Many more commands are available. Find out more with:
When you're done, type exit or press Control-D to exit the shell.
The changes you've just made have changed the sharelatex container, but they are ephemeral -- they will be lost if Docker Compose recreates the container, e.g. as part of updating the config.
To make them persistent, use docker commit to save the changes to a new docker image:
After committing the changes, update the config/version accordingly. Then run bin/up, to recreate the sharelatex container.
You will need to repeat these steps each time you upgrade to a new Overleaf version.
PROJECT_NAME
Sets the value of the --project-name flag supplied to docker-compose. This is useful when running multiple instances of Overleaf on one host, as each instance can have a different project name.
- Default: overleaf
Docker image as used by the Server Pro/CE application container. This is just the Docker image name, the Docker image tag is sourced from config/version.
- Default:
Server Pro: quay.io/sharelatex/sharelatex-pro
Community Edition: sharelatex/sharelatex
SERVER_PRO
When set to true, tells the Toolkit to use the Server Pro image (quay.io/sharelatex/sharelatex-pro), rather than the default Server CE image (sharelatex/sharelatex).
- Default: false
Set to true to enable the git-bridge feature (Server Pro only). For more infomration see the Git integration user documentation.
- Default: false
Docker image as used by the git-bridge container (Server Pro only). This is just the Docker image name, the Docker image tag is sourced from config/version.
- Default: quay.io/sharelatex/git-bridge
Sets the path to the directory that will be mounted into the git-bridge container (Server Pro only), and used to store the git-repositories. This can be either a full path (beginning with a /), or relative to the base directory of the Toolkit.
Configure the logging level of the git-bridge container. Available levels: TRACE, DEBUG, INFO, WARN, ERROR.
- Default: INFO
SIBLING_CONTAINERS_ENABLED
When set to true, tells the Toolkit to use the Sibling Containers technique for compiling projects in separate sandboxes, using a separate Docker container for each project. See the Sandboxed Compiles documentation for more information.
- Requires: SERVER_PRO=true
- Default: true
SIBLING_CONTAINERS_PULL
When set to true, tells the Toolkit to automatically pull all TeX Live images set using ALL_TEX_LIVE_DOCKER_IMAGES in the config/variables.env file when using the bin/up command.
- Default: true
DOCKER_SOCKET_PATH
Sets the path to the Docker socket on the host machine (the machine running the Toolkit). When SIBLING_CONTAINERS_ENABLED is true, the socket will be mounted into the container, to allow the compiler service to spawn new Docker containers on the host.
- Requires: SIBLING_CONTAINERS_ENABLED=true
- Default: /var/run/docker.sock
OVERLEAF_DATA_PATH
Sets the path to the directory that will be mounted into the main sharelatex container, and used to store compile data. This can be either a full path (beginning with a /), or relative to the base directory of the Toolkit.
- Default: data/overleaf
OVERLEAF_LISTEN_IP
Sets the host IP address(es) that the container will bind to. For example, if this is set to 0.0.0.0, then the web interface will be available on any host IP address. For direct container access the value of OVERLEAF_LISTEN_IP must be set to your public IP address. Setting OVERLEAF_LISTEN_IP to either 0.0.0.0 or the external IP of your host will typically cause errors when used in conjunction with the TLS Proxy.
- Default: 127.0.0.1
OVERLEAF_PORT
Sets the host port that the container will bind to. For example, if this is set to 8099 and OVERLEAF_LISTEN_IP is set to 127.0.0.1, then the web interface will be available on http://localhost:8099.
- Default: 80
Sets the path to the directory that will be mounted into the main sharelatex container, and used for making application logs available on the Docker host. This can be either a full path (beginning with a /), or relative to the base directory of the Toolkit.
Remove the config entry to disable the bind-mount. When not set, logs will be discarded when recreating the container. See here for information on logging.
- Default: not set
MONGO_ENABLED
When set to true, tells the Toolkit to create a MongoDB container to host the database. When set to false, this container will not be created, and the system will use the MongoDB database specified by MONGO_URL instead.
- Default: true
MONGO_URL
Specifies the MongoDB connection URL to use when MONGO_ENABLED is false
- Default: not set
MONGO_DATA_PATH
Sets the path to the directory that will be mounted into the mongo container, and used to store the MongoDB database. This can be either a full path (beginning with a /), or relative to the base directory of the toolkit. This option only affects the local mongo container that is created when MONGO_ENABLED is true.
- Default: data/mongo
Docker image as used by the MongoDB container. This is just the name of the Docker image, the Docker image tag should go into MONGO_VERSION (see below).
- Default: mongo
MongoDB version as used by the MongoDB container. The value must start with the major MongoDB version and a dot, e.g. 6.0 or 6.0-with-suffix.
- Default: 6.0
REDIS_ENABLED
When set to true, tells theToolkit to create a Redis container, to host the redis database. When set to false, this container will not be created, and the system will use the Redis database specified by REDIS_HOST and REDIS_PORT instead.
- Default: true
REDIS_HOST
Specifies the Redis host to use when REDIS_ENABLED is false
- Default: not set
REDIS_PORT
Specifies the Redis port to use when REDIS_ENABLED is false
- Default: not set
REDIS_DATA_PATH
Sets the path to the directory that will be mounted into the redis container, and used to store the Redis database. This can be either a full path beginning with a /), or relative to the base directory of the Toolkit. This option only affects the local redis container that is created when REDIS_ENABLED is true.
- Default: data/redis
Turn on AOF (Append Only File) persistence for Redis. This is the recommended configuration for Redis persistence.
For additional details, see the AOF section in Data and backups.
- Default: true
NGINX_ENABLED
When set to true, tells theToolkit to create an NGINX container, to act as a TLS Proxy.
- Default: false
NGINX_CONFIG_PATH
Path to the NGINX config file to use for the TLS Proxy.
- Default: config/nginx/nginx.conf
NGINX_TLS_LISTEN_IP
Sets the host IP address(es) that the TLS Proxy container will bind to for HTTPS. For example, if this is set to 0.0.0.0 then the HTTPS web interface will be available on any host IP address. Typically this should be set to the external IP of your host.
- Default: 127.0.1.1
NGINX_HTTP_LISTEN_IP
Sets the host IP address(es) that the TLS Proxy container will bind to for http redirect. For example, if this is set to 127.0.1.1 then HTTP connections to 127.0.1.1 will be redirected to the HTTPS web interface. Typically this should be set to the external IP of your host. Do not set it to 0.0.0.0 as this will typically cause a conflict with OVERLEAF_LISTEN_IP.
- Default: 127.0.1.1
NGINX_HTTP_PORT
Sets the host port that the TLS Proxy container will bind to for HTTP.
- Default: 80
TLS_PORT
Sets the host port that the TLS Proxy container will bind to for HTTPS.
- Default: 443
TLS_PRIVATE_KEY_PATH
Path to the private key to use for the TLS Proxy.
- Default: config/nginx/certs/overleaf_key.pem
TLS_CERTIFICATE_PATH
Path to the public certificate to use for the TLS Proxy.
- Default: config/nginx/certs/overleaf_certificate.pem
The following pages provide detailed descriptions of the various configuration files and settings that are required to configure and customize your deployment when using the Overleaf Toolkit.
Each of these files plays a specific role in the configuration process, and understanding their functions will help you to tailor your on-premises version of Overleaf to your specific needs.
This page describes the configuration files that are used by the Toolkit to configure your on-premises deployment of Overleaf.
The Overleaf Toolkit needs to store persistent data, such as the files required to compile LaTeX projects, and the contents of the MongoDB database. This is achieved by mounting a few directories from the host machine into the Docker containers, and writing the data to those directories.
The sharelatex container requires a directory in which to store data relating to LaTeX compiles. This directory is set with the OVERLEAF_DATA_PATH variable in config/overleaf.rc.
The mongo container, if it is enabled, requires a directory in which to store it's database files, and the same is true of the redis container. These directories can also be configured in config/overleaf.rc.
Because Docker runs as root, the data directories will end up being owned by the root user, even if the Toolkit is being used by a non-root user. This is not a problem, but is worth being aware of, if you intend to alter the persistent data from outside of the containers.
All user-owned configuration files are found in the config/ directory.
This directory is excluded from the git revision control system, so it will not be changed by updating the Toolkit code. The Toolkit will not change any data in the config/ directory without your permission.
overleaf.rc fileThe config/overleaf.rc file contains the most important top level configuration settings used by the Toolkit. It contains statements that set variables, in the format VARIABLE_NAME=value.
To see a breakdown of all available configuration options see our settings section.
variables.env fileThe config/variables.env file contains environment variables that are loaded into the sharelatex container, and used to configure the Overleaf microservices. These include the name of the application, as displayed in the header of the web interface, settings for sending emails, and other premium settings such as SSO for use with Server Pro.
version fileThe config/version file contains the version number of the Docker image that will be used to create the running instance of your Overleaf server.
docker-compose.override.yml fileIf present, the config/docker-compose.override.yml file will be included in the invocation to docker compose. This is useful for overriding configuration specific to Docker compose.
To see a breakdown of all available environment variables see the section.
See the for more details.
The features in this section are only available for Overleaf Server Pro.
is page describes the environment variables that are supported in the config/variables.env file for Toolkit deployments.
The config/variables.env file consists of variable definitions in the form NAME=value, lines beginning with # are treated as comments.
These environment variables are compatible with Server CE and Server Pro you with an easy migration path between these two on-premise versions. They can also be used with both Toolkit and Docker Compose deployments.
Previously these variables were called SHARELATEX_
OVERLEAF_SITE_URL
Where your instance of Overleaf is publicly available. This is used in public links, and when connecting over websockets, so must be configured correctly!
OVERLEAF_ADMIN_EMAIL
The email address where users can reach the person who runs the site.
OVERLEAF_APP_NAME
The name to display when talking about the running application. Defaults to 'Overleaf (Community Edition)'.
OVERLEAF_MONGO_URL
The URL of the Mongo database to use
OVERLEAF_REDIS_HOST and REDIS_HOST
OVERLEAF_REDIS_PORT and REDIS_PORT
OVERLEAF_REDIS_PASS and REDIS_PASSWORD
OVERLEAF_NAV_TITLE
Set the tab title of the application
OVERLEAF_SESSION_SECRET
A random string which is used to secure tokens, if load balancing this needs to be set to the same toke across boxes. If only 1 instance is being run it does not need to be set by the user.
OVERLEAF_COOKIE_SESSION_LENGTH
This environment variable allows you to override the default session cookie expiration time of 5 days. The override value provided should be specified in milliseconds. For example, to make the session last for 1 hour, set COOKIE_SESSION_LENGTH=3600000. (Added in Server Pro 4.2)
OVERLEAF_BEHIND_PROXY
Set to true if running behind a proxy like nginx/apache allowing it to correctly detect the forwarded IP address
OVERLEAF_SECURE_COOKIE
Set this to something non-zero to use a secure cookie. Only use this if your Overleaf instance is running behind a reverse proxy with SSL configured.
OVERLEAF_RESTRICT_INVITES_TO_EXISTING_ACCOUNTS
If set to true, will restrict project invites to email addresses which correspond with existing user accounts.
OVERLEAF_ALLOW_PUBLIC_ACCESS
If set to true, will allow non-authenticated users to view the site. The default is false, which means non-authenticated users will be unconditionally redirected to the login page when they try to view any part of the site. Note, setting this option does not disable authentication or security in any way. This option is necessary if your users intend to make their projects public and have non-authenticated users view those projects.
OVERLEAF_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING
If set to true, will allow anonymous users to view and edit projects shared via the new
EMAIL_CONFIRMATION_DISABLED
When set to true the banner requesting email confirmation won't be displayed.
ADDITIONAL_TEXT_EXTENSIONS
an array of strings to configure additional extensions for editable files
OVERLEAF_STATUS_PAGE_URL
Custom status page URL (Added in Server Pro 3.4.0), e.g. status.example.com
OVERLEAF_FPH_INITIALIZE_NEW_PROJECTS
set to 'false' to prevent new projects from being initialised with Full Project History (Added in Server Pro 3.5.0)
OVERLEAF_FPH_DISPLAY_NEW_PROJECTS
set to 'false' to prevent new projects from displaying Full Project History instead of the legacy history (Added inServer Pro 3.5.0)
ENABLE_CRON_RESOURCE_DELETION
Set this environment variable to true to enable the automatic clean-up of deleted projects and users after 90 days.
COMPILE_SIZE_LIMIT
Controls the maximum request body size in bytes. This is the sum of all doc file sizes within the project (main.tex, references.bib (if not linked) etc), that needs to be sent in the initial compile request to the CLSI service.
COMPILE_TIMEOUT
The host name of the Redis instance to use. Both are required (see )
The port of the Redis instance to use. Both are required (see )
The password to use when connecting to Redis (if applicable). Both environment variables need to be set. See for more infomration.
This is the amount of time in seconds allowed for a compile to complete. For more information see .
Server Pro provides LDAP server integration for user authentication and is compatible with Active Directory systems. For Toolkit deployments, the LDAP integration is configured via the config/variables.env file.
Internally, the LDAP integration uses the passport-ldapauth library. Most of these configuration options are passed through to the server config object which is used to configure passport-ldapauth. If you are having issues configuring LDAP, it is worth reading the README for passport-ldapauth to get a feel for the configuration it expects.
To enable LDAP authentication the EXTERNAL_AUTH variable must be set to ldap:
After bootstrapping Server Pro for the first time with LDAP authentication, an existing LDAP user must be given admin permissions by visiting the /launchpad page (or via CLI, but in this case ignoring password confirmation).
LDAP users will appear in Overleaf Admin Panel once they log in first time with their initial credentials.
OVERLEAF_LDAP_URL
Required, The URL of the LDAP server, E.g. ldaps://ldap.example.com:636
OVERLEAF_LDAP_EMAIL_ATT
The email attribute the LDAP server will return, defaults to mail
OVERLEAF_LDAP_NAME_ATT
The property name holding the name of the user which is used in the application
OVERLEAF_LDAP_LAST_NAME_ATT
If your LDAP server has a first and last name then this can be used in conjunction with OVERLEAF_LDAP_NAME_ATT
OVERLEAF_LDAP_PLACEHOLDER
The placeholder for the login form, defaults to Username
OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN
If set to true, will update the user first_name and last_name field on each login, and turn off the user-details form on /user/settings page. Otherwise, details will be fetched only on first login.
OVERLEAF_LDAP_BIND_DN
Optional, e.g. uid=admin,ou=people,o=planetexpress.com.
OVERLEAF_LDAP_BIND_CREDENTIALS
Password for bindDn.
OVERLEAF_LDAP_BIND_PROPERTY
Optional, default dn. Property of user to bind against client e.g. name, email
OVERLEAF_LDAP_SEARCH_BASE
The base DN from which to search for users by username. E.g. ou=people,o=planetexpress.com
OVERLEAF_LDAP_SEARCH_FILTER
LDAP search filter with which to find a user by username, e.g. (uid={{username}}). Use the literal {{username}} to have the given username be interpolated in for the LDAP search. If you are using Active Directory then the search filter (sAMAccountName={{username}}) may be more appropriate.
OVERLEAF_LDAP_SEARCH_SCOPE
Optional, default sub. Scope of the search, one of base, one, or sub.
OVERLEAF_LDAP_SEARCH_ATTRIBUTES
Optional, default all. Json array of attributes to fetch from LDAP server.
OVERLEAF_LDAP_GROUP_DN_PROPERTY
Optional, default dn. The property of user object to use in {{dn}} interpolation of groupSearchFilter.
OVERLEAF_LDAP_GROUP_SEARCH_BASE
Optional. The base DN from which to search for groups. If defined, also groupSearchFilter must be defined for the search to work.
OVERLEAF_LDAP_GROUP_SEARCH_SCOPE
Optional, default sub.
OVERLEAF_LDAP_GROUP_SEARCH_FILTER
Optional. LDAP search filter for groups. The following literals are interpolated from the found user object: {{dn}} the property configured with groupDnProperty. Optionally you can also assign a function instead, which passes a user object, from this a dynamic groupSearchFilter can be retrieved.
OVERLEAF_LDAP_GROUP_SEARCH_ATTRIBUTES
Optional, default all. Json array of attributes to fetch from LDAP server.
OVERLEAF_LDAP_CACHE
Optional, default false. If true, then up to 100 credentials at a time will be cached for 5 minutes.
OVERLEAF_LDAP_TIMEOUT
Optional, default Infinity. How long the client should let operations live for in milliseconds before timing out.
OVERLEAF_LDAP_CONNECT_TIMEOUT
Optional, default is up to the OS. How long the client should wait in milliseconds before timing out on TCP connections.
OVERLEAF_LDAP_TLS_OPTS_CA_PATH
A JSON array of paths to the CA file for TLS, must be accessible to the Docker container. E.g. -env OVERLEAF_LDAP_TLS_OPTS_CA_PATH='["/var/one.pem", "/var/two.pem"]'
OVERLEAF_LDAP_TLS_OPTS_REJECT_UNAUTH
If true, the server certificate is verified against the list of supplied CAs.
OVERLEAF_LDAP_IS_ADMIN_ATT and OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE
When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by LDAP contains OVERLEAF_LDAP_IS_ADMIN_ATT, and its value is either equals to OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE, or an array containing OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE.
Introduced: 5.2.0
At Overleaf, we test the LDAP integration against a test openldap server. The following is an example of a working configuration:
The openldap needs to run in the same network as the sharelatex container (which by default would be overleaf_default), so we'll proceed with the following steps:
Run docker network create overleaf_default (will possibly fail due to a network with name overleaf_default already exists error, that's OK).
Start openldap container with docker run --network=overleaf_default --name=ldap rroemhild/test-openldap:1.1
Edit variables.env to add the LDAP environment variables as listed above.
Run bin/up -d and you should be able to login using fry as both username and password.
As LDAP is heavily configurable and flexible by nature it can be a good starting point to have a working example with ldapsearch or even used by another application.
The following command will connect to the LDAP server at ldap on port 389. It will then bind to the server using the distinguished name (DN) admin@planetexpress.com and password password123. The base DN for the search will be ou=people,dc=planetexpress,dc=com. The search filter is set to return entries where the Common Name (CN) contains fry, and it will return the mail attribute of these entries.
When running this search command against your own service please ensure that you replace fry, password123, and planetexpress.com with your actual username, password, and domain. Also, make sure that the LDAP server is accessible and the provided details are correct:
Server Pro comes with the option to run compiles in a secured sandbox environment for enterprise security achieving sandbox isolation between projects. It does this by running every project in its own secured Docker environment. With Sandboxed Compiles you also benefit from easier package management via access to our customized TeX Live images.
Sandboxed Compiles are the recommended approach for Server Pro due to many LaTeX documents requiring/having the ability to execute arbitrary shell commands as part of the PDF compile process. If you use Sandboxed Compiles, each compile runs in a separate Docker container with limited capabilities that are not shared with any other user or project and has no access to outside resources such as the host network.
If you attempt to run Server Pro without Sandboxed Compiles, the compile runs alongside other concurrent compiles inside the main Docker container and users have full read and write access to the sharelatex container resources (filesystem, network, environment variables) when running LaTeX compiles.
Sandboxed Compiles are not available in Community Edition, which is intended for use in environments where all users are trusted. Community Edition is not appropriate for scenarios where isolation of users is required.
To avoid manually installing packages, we recommend enabling Sandboxed Compiles. This is a configurable setting within Server Pro that will provide your users with access to the same Tex Live environment as that on overleaf.com but within your own on-premise installation. TeX Live images used by Sandboxed Compiles contain the most popular packages and fonts tested against our gallery templates, ensuring maximum compatibility with on-premise projects.
Enabling Sandboxed Compiles allows you to configure which TeX Live versions users are able to choose from within their project along with setting a default TeX Live image version for new projects.
As Server Pro has been architected to work offline, there isn't an automated way to integrate overleaf.com gallery templates into your on-premise installation, it is, however, possible to do this manually on a per-template basis. For more information on how this works, please check out our transferring templates from overleaf.com guide.
When Sandboxed Compiles are enabled, the Docker socket will be mounted from the host machine into the sharelatex container, so that the compiler service in the container can create new Docker containers on the host. Then for each run of the compiler in each project, the LaTeX compiler service (CLSI) will do the following:
Write out the project files to a location inside the OVERLEAF_DATA_PATH,
Use the mounted Docker socket to create a new texlive container for the compile run
Have the texlive container read the project data from the location under OVERLEAF_DATA_PATH
Compile the project inside the texlive container
In config/overleaf.rc, set SIBLING_CONTAINERS_ENABLED=true, and ensure that the DOCKER_SOCKET_PATH setting is set to the location of the Docker socket on the host machine.
The next time you start the Docker services (with bin/up), the Toolkit will verify that it can communicate with Docker on the host machine, and will pull all configured TeX Live images set by the ALL_TEX_LIVE_DOCKER_IMAGES environment variable in the config/variables.env file.
Starting with Overleaf CE/Server Pro 5.0.3 environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*.
If you're using a 4.x version (or earlier) please make sure the variables are prefix accordingly (e.g. SHARELATEX_MONGO_URL instead of OVERLEAF_MONGO_URL)
Server Pro uses three environment variables to determine which TeX Live images to use for Sandboxed Compiles:
TEX_LIVE_DOCKER_IMAGE: name of the default image for new projects
ALL_TEX_LIVE_DOCKER_IMAGES: comma-separated list of all images in use
ALL_TEX_LIVE_DOCKER_IMAGE_NAMES: Optional: comma-separated list of user-facing friendly names for the images. If omitted, the version number will be used, for example, texlive-full:2018.1
When starting your Server Pro instance using the bin/up command, the Toolkit will automatically pull all of the images listed in ALL_TEX_LIVE_DOCKER_IMAGES.
The current default is quay.io/sharelatex/texlive-full:2017.1, but you can override these values in the config/variables.env if you are using the Toolkit or the environment section of the docker-compose.yml file if you are using Docker Compose.
Here's an example where we default to TeX Live 2024 for new projects, and keep both 2023 and 2022 in use for existing projects:
These are all the TeX Live images that can be added to TEX_LIVE_DOCKER_IMAGE and ALL_TEX_LIVE_DOCKER_IMAGES:
quay.io/sharelatex/texlive-full:2024.1
quay.io/sharelatex/texlive-full:2023.1
quay.io/sharelatex/texlive-full:2022.1
quay.io/sharelatex/texlive-full:2021.1
quay.io/sharelatex/texlive-full:2020.1 (legacy)
quay.io/sharelatex/texlive-full:2019.1 (legacy)
quay.io/sharelatex/texlive-full:2018.1 (legacy)
quay.io/sharelatex/texlive-full:2017.1 (legacy)
quay.io/sharelatex/texlive-full:2016.1 (legacy)
quay.io/sharelatex/texlive-full:2015.1 (legacy)
quay.io/sharelatex/texlive-full:2014.2 (legacy)
As Server Pro has been architected to work offline, it may not always be possible to reach the quay.io registry to pull TeX Live images. If you need to use your own image registry you can use the following steps:
Set the TEX_LIVE_IMAGE_NAME_OVERRIDE environment variable in config/variables.env to the name of the mirror. For example: your-image-repository/sharelatex (be careful not to include a trailing /)
Ensure that all TeX Live images that are set in ALL_TEX_LIVE_DOCKER_IMAGES, are pulled, correctly tagged (see note below) are then pushed to your mirror. For example:
docker pull quay.io/sharelatex/texlive-full:2024.1
docker tag quay.io/sharelatex/texlive-full:2024.1 your-image-repository/sharelatex/texlive-full:2024.1
docker push your-image-repository/sharelatex/texlive-full:2024.1
Both the TEX_LIVE_DOCKER_IMAGE and ALL_TEX_LIVE_DOCKER_IMAGES environment variables must still be set to use quay.io/sharelatex images — the value set in the TEX_LIVE_IMAGE_NAME_OVERRIDE environment variable will replace the quay.io/sharelatex component of the image name at compile time.
Set SIBLING_CONTAINERS_PULL=false in config/overleaf.rc
Recreate the sharelatex container using bin/up -d
There is a strict schema concerning how images must be tagged (the following regex applies ^[0-9]+.[0-9]+, for which the first number determines the TeX Live year and the second the patch version).
The Git integration is available since Server Pro 4.0.1.
User documentation for this feature can be found here.
If you’re using the Toolkit, the git-bridge can be enabled by setting GIT_BRIDGE_ENABLED=true in your config/overleaf.rc file.
For users running a custom docker-compose.yml, add the following container configuration to your compose file:
You’ll also need to add a link to the git-bridge container in the sharelatex container, and define new environment variables:
When authenticating a git client, users need a Personal Access Token. Users can manage the Personal Access Tokens through the application UI (see the documentation).
We recommend you monitor your host resources after enabling the git-bridge. The load increase will depend on the number of users accessing the feature and the type of projects hosted in your instance (larger projects will generally be more resource intensive).
The Git integration stores a complete git repository on disk for each project that gets cloned by a user. If you have limited disk space, you can activate a swap job that will move repositories that are less used to AWS S3. If a swapped repository is needed again, it gets moved back to the disk. The following environment variables control the swap job:
GIT_BRIDGE_SWAPSTORE_TYPE
Set this to "s3" to activate the swap job.
GIT_BRIDGE_SWAPSTORE_AWS_ACCESS_KEY
Your AWS access key
GIT_BRIDGE_SWAPSTORE_AWS_SECRET
Your AWS secret
GIT_BRIDGE_SWAPSTORE_S3_BUCKET_NAME
This bucket will contain the zipped git repositories
GIT_BRIDGE_SWAPSTORE_AWS_REGION
The bucket’s region
GIT_BRIDGE_SWAPJOB_MIN_PROJECTS
How many projects to keep on disk, at a minimum. - Default: 50
GIT_BRIDGE_SWAPJOB_LOW_GIB
Low watermark for swapping. The swap job will move projects until disk usage is below this value. - Default: 128 GB
GIT_BRIDGE_SWAPJOB_HIGH_GIB
High watermark for swapping. The swap job will start swapping when disk usage reaches this value. - Default: 256 GB
GIT_BRIDGE_SWAPJOB_INTERVAL_MILLIS
The amount of time between checking disk usage and running the swap job. - Default: 3600000 ms = 1 hour
Server Pro provides SAML 2.0 server integration for user authentication. For Toolkit deployments, the SAML 2.0 integration is configured via the config/variables.env file.
To enable the SAML 2.0 module, the EXTERNAL_AUTH variable must be set to saml:
As of Server Pro 2.7.0:
The value of the OVERLEAF_SAML_CERT environment variable cannot be empty if SAML 2.0 is enabled (with EXTERNAL_AUTH=saml, or if OVERLEAF_SAML_ENTRYPOINT is set).
As of Server Pro 2.5.0:
The value of the OVERLEAF_SAML_CERT environment variable must be passed in single-line format (without the begin and end lines from the PEM format; see below for more information).
The value of the OVERLEAF_SAML_PRIVATE_CERT environment variable should be a full path to a file which contains the private key in PEM format.
To pass a key or certificate in multi-line format, wrap the entire value in double quotes and use new line characters (\n) as usual:
Your Identity Provider (IdP) will need to be configured to recognize your Server Pro instance as a Service Provider (SP). How this is done will vary between different IdP's - we therefore recommend that you consult the documentation for your SAML 2.0 server for instructions on how to do this.
As of version 2.6.0, Server Pro includes a metadata endpoint which can be used to retrieve Service Provider Metadata from, for example https://my-overleaf-instance.com/saml/meta
Here is an example of appropriate Service Provider (SP) metadata, note the AssertionConsumerService.Location, EntityDescriptor.entityID and EntityDescriptor.ID properties, and set as appropriate.
At Overleaf, we test the SAML 2.0 integration against a SAML 2.0 test server. The following is an example of a working configuration:
The sharelatex/saml-test image needs to run in the same network as the sharelatex container (which by default would be overleaf_default), so we'll proceed with the following steps:
Run docker network create overleaf_default (will possibly fail due to a network with name overleaf_default already exists error, that's ok).
Start saml-test container with some environment parameters:
Edit variables.env to add the SAML 2.0 Environment Variables as listed above.
Restart Server Pro.
You should be able to login using sally as username and sally123 as password.
If an error occurs in any of the processes it will be written to the respective log file such as /var/log/overleaf/web.log.
Toolkit users can have a look at the logs inside the container using the bin/logs script:
You can use the bin/logs script to view logs for the following services: clsi, contacts, docstore, document-updater, filestore, git-bridge, mongo, notifications, real-time, redis, spelling, tags, track-changes, web, web-api, history-v1, project-history.
You can copy log files from the main sharelatex container to local computer using the following command:
Docker containers are ephemeral which means that any files/directories created within the container during runtime will be discarded if the container is ever recreated (for example, when running the bin/up command). This includes log files.
If you'd like to retain access to important log files between container recreation, you can set the environment variable OVERLEAF_LOG_PATH in the config/overleaf.rc file with the Toolkit. This variable should be set to the directory on the host that will be mounted to the log directory inside the sharelatex container. Once you've made this configuration change and run the bin/up command, log files will be persisted and you'll be able to access the logs directly from the Docker host.
An optional TLS proxy for terminating HTTPS connections, using NGINX.
Run bin/init --tls to initialise local configuration with NGINX proxy configuration, or to add nginx proxy configuration to an existing local configuration. A sample private key is created in config/nginx/certs/overleaf_key.pem and a dummy certificate in config/nginx/certs/overleaf_certificate.pem. Either replace these with your actual private key and certificate, or set the values of the TLS_PRIVATE_KEY_PATH and TLS_CERTIFICATE_PATH variables to the paths of your actual private key and certificate respectively.
A default config for NGINX is provided in config/nginx/nginx.conf which may be customised to your requirements. The path to the config file can be changed with the NGINX_CONFIG_PATH variable.
In order for Overleaf to run correctly behind the proxy, the following variables should be uncommented in config/variables.env
Add the following section to your config/overleaf.rc file if it is not there already:
In order to run the proxy, change the value of the NGINX_ENABLED variable in config/overleaf.rc from false to true and re-run bin/up.
By default, the HTTPS web interface will be available on https://127.0.1.1:443. Connections to http://127.0.1.1:80 will be redirected to https://127.0.1.1:443. To change the IP address that NGINX listens on, set the NGINX_HTTP_LISTEN_IP and NGINX_TLS_LISTEN_IP variables. The ports can be changed via the NGINX_HTTP_PORT and TLS_PORT variables.
If NGINX fails to start with the error message Error starting userland proxy: listen tcp4 ... bind: address already in use ensure that OVERLEAF_LISTEN_IP:OVERLEAF_PORT does not overlap with NGINX_HTTP_LISTEN_IP:NGINX_HTTP_PORT.
In this section, we'll cover how to personalize key elements of your on-premises instance. You can customize the site title, navigation links, header, footer, and logo according to your preferences.
The navigation bar title can be customized with the OVERLEAF_NAV_TITLE environment variable, this text is used in the top left corner of navigation if no logo is set.
You can add a custom logo rather than using text by setting the environment variable OVERLEAF_HEADER_IMAGE_URL. This value should point to an externally hosted image file.
Extra navigation items can be added to the navigation header by setting the OVERLEAF_HEADER_EXTRAS environment variable to a JSON array of objects. For example:
It is possible to customize both the left and smaller right footer which is found on pages like /project using the environmental variables OVERLEAF_LEFT_FOOTER and the smaller OVERLEAF_RIGHT_FOOTER
Both expect an array of JSON which will be inserted.
This data needs to be valid JSON to work, with quotes escaped when passed through as an environmental variable.
This allows users to access current documentation and learning resources by clicking the Documentation button in the navigation menu, all without leaving your instance.
In Server Pro, a single user is responsible for publishing the curated list of templates that are visible on your local template gallery /templates.
To do this, you'll need to set the environment variable OVERLEAF_TEMPLATES_USER_ID in toolkit/config/variables.env to the ID of the user who will be responsible for template management within your instance, for example:
To obtain the ID of the user you wish to publish public templates:
Log in using an Administrator account and go to Admin > Manage Users.
Search for the user using their email address and click through to their user admin page. There you will find the ID:
Copy that ID and use it to set the environment variable OVERLEAF_TEMPLATES_USER_ID.
Run bin/up -d to recreate the sharelatex container and apply the change.
Altering the configuration files of Server Pro typically necessitates the recreation of one or more containers. This procedure will cause user disconnections and lead to a period of downtime. As such, we advise implementing these modifications during prearranged maintenance periods.
If you'd like to make templates available to all of your on-premise Server Pro users you'll need to:
Log in as the templates user.
As the templates user, create or upload a project containing the template's source code and make sure it compiles.
In the editor's left-hand menu, choose Manage Template.
Enter a custom description of the template
Click the Publish button
Go to the project dashboard and tag the template with the name of the cateogry you'd like it to appear in. For example Presentations.
If you'd like to unpublish a template you'll need to:
Log in as the templates user.
Open the previously existing project containing the template's source code.
In the editor's left-hand menu, choose Manage Template.
Once the confirmation popup is displayed, click Unpublish.
Once this has been done, the template should have been removed from the templates list.
On the templates gallery page, /templates, templates are grouped together using the tag which the user assigns to the projects, e.g. Journals, Reports etc. To see all templates add /all to the URL /templates/all, which can also be used as the default URL if you do not wish to use tags for groupings.
Like-wise, you can view/link to templates within a specific category by appending the tag name to the templates URL, for example: /templates/journals.
Did you know that if you tag a project multiple times it will appear in multiple groups.
When a user creates a new project, they can be shown customized links to template categories. These links are set via the OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS environment variable in toolkit/config/variables.env, for example:
Click on the Open as Template button
Click on the project menu and choose Download Source
Next, log into the on-premise Server Pro account
Click the New Project button from the projects dashboard and choose Upload Project
Click the Select a .zip file button and choose the downloaded template zip file
The user can then use this newly uploaded template within their own account, or, as the templates user, you can publish it for other users to use.
Internally, the Overleaf SAML 2.0 integration uses the library. Most of these configuration options are passed through to the server configuration object which is used to configure passport-SAML.
If you are having issues configuring SAML 2.0, it is worth reading the for passport-SAML to get a feel for the configuration it expects.
The value of the OVERLEAF_SAML_DECRYPTION_PVK environment variable must be passed in PEM format (multi-line). (But single-line may be .)
The above private key is an example key from the library's test suite. Do not use this key.
You can enable access to Overleaf's pages within your Server Pro instance by simply adding OVERLEAF_PROXY_LEARN=true to your config/variables.env file in the Toolkit and running the bin/up command.
Your Server Pro deployment will require access to the internet so it can perform external GET requests to .
With Server Pro, you have the ability to create and publish your own templates, within your self-hosted environment, as well as re-distribute downloaded templates from the on .
Did you know that you can transfer quality, pre-built LaTeX templates that are available on the at to your on-premise instance of Server Pro? For more information see the Transferring templates section below.
As Server Pro has been architected to work offline, there isn't an automated way to integrate gallery templates into your on-premise installation, it is however possible to do this manually on a per template basis.
By default, Server Pro is configured to use a basic scheme version of TeXLive for compiles. This basic version is lightweight and only contains a very limited subset of LaTeX packages which, will most likely result in missing package errors for your users when attempting to use templates from on your local on-premise instance.
Unfortunately, whilst there isn't an automatic way to install missing packages, we do have a configurable setting within Server Pro that will allow your users to compile projects with access to more packages, and in a more secure way. This feature is called (also known as Sibling Containers).
To ensure that downloaded templates are compatible with your on-premise Server Pro instance, we highly recommend that you enable as this feature will provide your users with access to the same TeX Live environment as that on . These images contain the most popular packages and fonts and have already been tested against our gallery templates.
You can find additional information about configuring what TeX Live versions users are able to choose from within their project along with setting the default TeX Live image version for new projects in the section of our documentation.
Navigate to the on and locate the required template, for example
An account is required.
OVERLEAF_SAML_IDENTITY_SERVICE_NAME
Display name for the Identity Provider, used on the login page.
OVERLEAF_SAML_EMAIL_FIELD
Name of the Email field in user profile, defaults to nameID. Alias: OVERLEAF_SAML_EMAIL_FIELD_NAME
OVERLEAF_SAML_FIRST_NAME_FIELD
Name of the firstName field in user profile, defaults to givenName
OVERLEAF_SAML_LAST_NAME_FIELD
Name of the lastName field in user profile, defaults to lastName
OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN
If set to true, will update the users firstName and lastName fields on each login, and turn off the user-details form on /user/settings page.
OVERLEAF_SAML_ENTRYPOINT
Entrypoint URL for the SAML Identity Service
Example: https://idp.example.com/simplesaml/saml2/idp/SSOService.php
Azure: https://login.microsoftonline.com/8b26b46a-6dd3-45c7-a104-f883f4db1f6b/saml2
OVERLEAF_SAML_CALLBACK_URL
Callback URL for Overleaf service. Should be the full URL of the /saml/callback path.
Example: https://sharelatex.example.com/saml/callback
OVERLEAF_SAML_ISSUER
The issuer name
OVERLEAF_SAML_CERT
(required since 2.7.0) Identity Provider's public signing certificate, used to validate incoming SAML messages, in single-line format.
Example: MIICizCCAfQCCQCY8tKaMc0BMjANBgkqh...W==
- See more information about passing keys and certificates.
- See full documentation for more information.
- An array of certificates can be provided to support certificate rotation as of 5.1.0.
OVERLEAF_SAML_PRIVATE_CERT
Optional, path to a file containing a PEM-formatted private key used to sign auth requests sent by passport-saml.
Note: This would be better called PRIVATE_KEY_FILE, but PRIVATE_CERT is the current name.
See more information about passing keys and certificates
- See full documentation for more information.
OVERLEAF_SAML_DECRYPTION_CERT
Optional, public certificate matching the OVERLEAF_SAML_DECRYPTION_PVK, used for the metadata endpoint.
- See more information about passing keys and certificates for how to pass the certificate.
- See full documentation for more information.
OVERLEAF_SAML_SIGNING_CERT
Optional, public certificate matching OVERLEAF_SAML_PRIVATE_CERT. It's required when setting up the metadata endpoint if the strategy is configured with a OVERLEAF_SAML_PRIVATE_CERT.
- An array of certificates can be provided to support certificate rotation. When supplying an array of certificates, the first entry in the array should match the current OVERLEAF_SAML_PRIVATE_CERT.
- See more information about passing keys and certificates for how to pass the certificate.
- See full documentation for more information.
OVERLEAF_SAML_DECRYPTION_PVK
Optional, private key that will be used to attempt to decrypt any encrypted assertions that are received, in PEM (multi-line) format. - See more information about passing keys and certificates for how to pass the key in PEM format. - See full documentation for more information.
OVERLEAF_SAML_SIGNATURE_ALGORITHM
Optionally set the signature algorithm for signing requests, valid values are sha1 (default) or sha256
OVERLEAF_SAML_ADDITIONAL_PARAMS
JSON dictionary of additional query params to add to all requests
OVERLEAF_SAML_ADDITIONAL_AUTHORIZE_PARAMS
JSON dictionary of additional query params to add to 'authorize' requests.
Example: {"some_key": "some_value"}
OVERLEAF_SAML_IDENTIFIER_FORMAT
If present, name identifier format to request from identity provider (Default: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)
OVERLEAF_SAML_ACCEPTED_CLOCK_SKEW_MS
Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion condition validity timestamps. Setting to -1 will disable checking these conditions entirely. Default is 0.
OVERLEAF_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX
Optional, AttributeConsumingServiceIndex attribute to add to AuthnRequest to instruct the IdP which attribute set to attach to the response (link)
OVERLEAF_SAML_AUTHN_CONTEXT
If present, name identifier format to request auth context (Default: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport)
OVERLEAF_SAML_FORCE_AUTHN
If true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
OVERLEAF_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT
If true, do not request a specific auth context. For example, you can this this to true to allow additional contexts such as password-less logins (urn:oasis:names:tc:SAML:2.0:ac:classes:X509). Support for additional contexts is dependant on your IdP.
OVERLEAF_SAML_SKIP_REQUEST_COMPRESSION
If set to true, the SAML request from the service provider won't be compressed.
OVERLEAF_SAML_AUTHN_REQUEST_BINDING
If set to HTTP-POST, will request authentication from IDP via HTTP POST binding, otherwise defaults to HTTP Redirect
Note: If OVERLEAF_SAML_AUTHN_REQUEST_BINDING is set to HTTP-POST, then OVERLEAF_SAML_SKIP_REQUEST_COMPRESSION must also be set to true.
OVERLEAF_SAML_VALIDATE_IN_RESPONSE_TO
If truthy, then InResponseTo will be validated from incoming SAML responses
OVERLEAF_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS
Defines the expiration time when a Request ID generated for a SAML request will not be valid if seen in a SAML response in the InResponseTo field. Default is 8 hours.
OVERLEAF_SAML_CACHE_PROVIDER
Defines the implementation for a cache provider used to store request Ids generated in SAML requests as part of InResponseTo validation. Default is a built-in in-memory cache provider.
See link for more information.
OVERLEAF_SAML_LOGOUT_URL
Base address to call with logout requests
- Default: entryPoint
OVERLEAF_SAML_LOGOUT_CALLBACK_URL
The value with which to populate the Location attribute in the SingleLogoutService elements in the generated service provider metadata.
OVERLEAF_SAML_ADDITIONAL_LOGOUT_PARAMS
JSON dictionary of additional query params to add to 'logout' requests
OVERLEAF_SAML_IS_ADMIN_FIELD and OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by the SAML IdP contains OVERLEAF_SAML_IS_ADMIN_FIELD, and its value is either equals to OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE, or an array containing OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE.
- Introduced: 5.2.0
OVERLEAF_SAML_AUDIENCE
Used to set the value for the Audience used in the Server Pro metadata (/saml/meta).
- Default: When not set defaults to using OVERLEAF_SAML_ISSUER
For instances with fewer than 1000 seats we recommend using local disk storage with regular consistent backups.
For larger instances with more than 1000 seats that reach limits of their local storage (size or throughput), we recommend using a S3 compatible object storage back end over other network based storage solutions like NFS.
Here are the most popular options for S3 compatible object storage:
AWS S3, managed, we suggest picking AWS S3 when running Overleaf CE/Server Pro on AWS
MINIO, self-hosted
Ceph, self-hosted
Other hosting providers also have some kind of managed S3 compatible object storage, you may want to use these instead of running your own when already running Overleaf CE/Server Pro at such a provider.
The latency between the Server CE/Server Pro instance and your S3 compatible object storage is a big contributor to the time it takes to complete the migration. The latency also impacts the file-upload performance in Server CE/Server Pro and slow file-downloads can have a big impact on PDF compile times as well. We suggest minimizing the geo-graphical distance between your Server CE/Server Pro instance and the S3 compatible object storage. In a managed environment, this would mean provisioning a bucket in the same region, and for an on-premise solution, running the two on the same campus.
We need four "buckets" and two restricted user accounts.
Buckets should not be publicly accessible
Bucket
Usage
Service
Previously in /var/lib/overleaf/data
overleaf-user-files
project user files
filestore
user_files
overleaf-template-files
template files
filestore
template_files
overleaf-project-blobs
project history blobs
history
history/overleaf-project-blobs
overleaf-chunks
history chunks
history
history/overleaf-chunks
You may want/need to pick a different name, be sure to use the custom buckets in all the commands.
The following will use placeholders for actual credentials:
OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID
The access key/username of the restricted user of the filestore service.
OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY
The secret key/password of the restricted user of the filestore service.
OVERLEAF_HISTORY_S3_ACCESS_KEY_ID
The access key/username of the restricted user of the history service.
OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY
The secret key/password of the restricted user of the history service.
Server CE and Server Pro only needs a small set of permissions on each bucket:
create object
get object
delete object
list bucket
Here is how a policy for the filestore user could look like:
Here is how a policy for the history user could look like:
Please follow the official documentation for obtaining a copy of mc.
If you're currently using Docker Compose via a docker-compose.yml file, migrating to the Toolkit can make running an on-premises version of Overleaf easier to deploy, upgrade and maintain.
To migrate, you'll need to convert your existing Docker Compose setup into the format used by the Toolkit. This process involves copying existing configuration into the Toolkit.
This guide will walk you through each step of this process, ensuring a smooth migration from Docker Compose to the Toolkit.
First, let's clone this Toolkit repository to the host machine:
Next run the bin/init command to initialise the Toolkit with its default configuration.
In the docker-compose.yml file the image and version are defined in the component description:
When using the Toolkit, the image name is automatically resolved; the only requirement is to set SERVER_PRO=true in config/overleaf.rc to pick the Server Pro image or SERVER_PRO=false to use Community Edition.
The desired Server Pro/Community Edition version number is set in the config/version file. The Toolkit requires a specific version number like "4.2.3". In case you are using latest, you can use bin/images to find the image id of your local latest version, then use the release notes for 2.x.x, 3.x.x, 4.x.x or 5.x.x to map the image id to the version.
If you are sourcing the image from your own internal registry you can override the image the Toolkit uses by setting OVERLEAF_IMAGE_NAME. You do not need to specify the tag as the Toolkit will automatically add it based on your config/version file.
By default, Overleaf will listen on 127.0.0.1:80, only allowing traffic from the Docker host machine.
To allow external access, you’ll need to set the OVERLEAF_LISTEN_IP and OVERLEAF_PORT in the config/overleaf.rc file.
You’ll likely have a set of environment variables defined in the sharelatex service:
Each of these variables should be copied, with several exceptions we’ll list later, into the Toolkit’s config/variables.env file, ensuring the following form (note the use of = instead of :):
As mentioned above, there are several exceptions, as certain features are configured differently when using the Toolkit:
Variables starting with SANDBOXED_COMPILES_ and DOCKER_RUNNER are no longer needed. To enable Sandboxed Compiles, set SIBLING_CONTAINERS_ENABLED=true in your config/overleaf.rc file.
Variables starting with OVERLEAF_MONGO_, OVERLEAF_REDIS_ and the REDIS_HOST variable are no longer needed. MongoDB and Redis are now configured in the config/overleaf.rc file using MONGO_URL, REDIS_HOST and REDIS_PORT.
For advanced configuration options, refer to the config/overleaf.rc documentation.
For instructions on how to migrate nginx, please see TLS Proxy.
The location of the data volume for the sharelatex container will need to be set using OVERLEAF_DATA_PATH in the config/overleaf.rc file.
The location of the data volume for the mongo container will need to be set using MONGO_DATA_PATH in the config/overleaf.rc file.
The location of the data volume for the redis container will need to be set using REDIS_DATA_PATH in the config/overleaf.rc file.
Both the Overleaf Community Edition and Server Pro have been translated into multiple languages.
The language can be set via OVERLEAF_SITE_LANGUAGE with one of the following options:
en - English (default)
es - Spanish
pt - Portuguese
de - German
fr - French
cs - Czech
nl - Dutch
sv - Swedish
it - Italian
tr - Turkish
zh-CN - Chinese (simplified)
no - Norwegian
da - Danish
ru - Russian
ko - Korean
ja - Japanese
pl - Polish
fi - Finnish
Some of these are more complete than others, we always endeavor to have all supported languages fully translated, if you would like to help with our translations please get in touch!
Overleaf can support multiple languages per container. This is done via different domains configured to respond in a set language using the environment variable OVERLEAF_LANG_DOMAIN_MAPPING with an escaped JSON string.
It is important to ensure that you take a consistent backup before every major version upgrade to enable you to roll back should you require it. You can read more information about taking a consistent backup here.
The Overleaf Toolkit is a git repository, so it's easy to get new Toolkit features. Just run the bin/upgrade command and follow the on-screen prompts.
It is worth noting that the Docker image version (at config/version), is managed separately from the Toolkit code updates. Updating the Toolkit code will not automatically change the version of the Docker image that you are running. This means that in most cases, you are able to upgrade your Toolkit without upgrading your deployment.
bin/upgrade ScriptWhen you run the bin/upgrade command, the script will check if there is an available update to the Toolkit code, and offer to update your Toolkit. You can always say no to this upgrade, and nothing will change.
If you do choose to update the Toolkit code, the script will then check if the default Docker image version has changed, and offer to upgrade your local version file (at config/version) to match the new default.
If you do choose to switch versions, the script will then walk you through a process of shutting down the Docker services, taking a backup, and restarting the Docker services. Your old version file will be automatically copied to config/__old-version, just in case you need to roll back to that version of the Docker images.
The bin/upgrade command will always choose the most recent version of Server Pro/CE available to it at that time. If your upgrade cycle is infrequent, this could result in skipping major versions and potentially upgrading to a version you might not have expected.
When performing an upgrade we recommend upgrading to the latest release of the current major version before upgrading to the latest release of the next major version. For example, if you're currently running 3.3.2 and the latest version available is 5.3.1, the correct upgrade path would be:
3.3.2 -> 3.5.13
3.5.13 -> 4.2.8
4.2.8 -> 5.3.1
To avoid any upgrade issues we recommend consulting our Release notes prior to performing any upgrades as certain versions may require additional steps. Such as, making manual changes to the Toolkit, upgrading databases or running migration scripts.
If you haven't already done so, signing up to our mailing list so that you can be notified when new versions/updates are released. This would allow you to schedule regular maintenance windows that closely follow our release schedule.
If you're you're using an external Redis service and need to provide a password you can do this by setting the OVERLEAF_REDIS_PASS and REDIS_PASSWORD environment variables in the config/variables.env file and running the bin/up -d command to recreate the sharelatex container.
If you're running a local instance of Redis, you'll need to configure the redis service to start with password authentication. After setting the above environment variables, you'll also need to complete these additional steps:
Create a docker-compose.override.yml file in the config/ directory with the following content
If you have enable AOF persistence enabled, you'll need to add --appendonly yes to the command
Run bin/up -d to recreate the containers
Redis AOF (Append-Only File) persistence provides a robust way to ensure data durability by logging every write operation received by the server. Unlike RDB snapshots, which take point-in-time copies of your dataset, AOF keeps a complete record of all changes made to your data.
You can read more about enabling AOF persistence in Redis here: https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/#how-i-can-switch-to-aof-if-im-currently-using-dumprdb-snapshots
Schedule a maintenance window for the upgrade.
Stop the instance using bin/stop and take a backup of the config/ and data/ folders.
Run bin/up to start the instance
Run the command docker exec -it redis sh
Run the command redis-cli to open the Redis command line interface
In the redis-cli, run the command config set appendonly yes
Now you'll need to wait for AOF rewrite to finish persisting the data. You can do that by typing INFO persistence into the redis-cli and waiting for aof_rewrite_in_progress and aof_rewrite_scheduled to be 0, and validating that aof_last_bgrewrite_status is ok.
Exit the redis-cli by typing exit and pressing the return key
Exit the redis container by typing exit and pressing the return key
​Run the command ls ./data/redis and confirm you can see the appendonly.aof file
Edit the config/overleaf.rc file and change the REDIS_AOF_PERSISTENCE environment variable from false to true
Run bin/up -d and make sure the application works (The project editor and history pane are functional).
Overleaf supports sending email through two methods: Simple Mail Transfer Protocol (SMTP) and Amazon Simple Email Service (SES). SMTP can be used if you have an email server enabled on your localhost that is listening for local connections.
Email is configured using the following environmental variables.
OVERLEAF_EMAIL_FROM_ADDRESS
The from address e.g. 'support@mycompany.com'
- Required: yes
OVERLEAF_EMAIL_REPLY_TO
The reply to address e.g. 'noreply@mycompany.com'
OVERLEAF_EMAIL_SMTP_HOST
The hostname or IP address to connect to. Needs to be accessible from the Docker container
OVERLEAF_EMAIL_SMTP_PORT
The port to connect to
OVERLEAF_EMAIL_SMTP_SECURE
If true the connection will use TLS when connecting to server. If false or not set, then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false
OVERLEAF_EMAIL_SMTP_USER
The username that should be used to authenticate against the SMTP server
OVERLEAF_EMAIL_SMTP_PASS
The password associated with the SMTP username
OVERLEAF_EMAIL_SMTP_TLS_REJECT_UNAUTH
If 'false' this would open a connection to TLS server with self-signed or invalid TLS certificate
OVERLEAF_EMAIL_SMTP_IGNORE_TLS
When true and OVERLEAF_EMAIL_SMTP_SECURE is false then TLS is not used even if the server supports STARTTLS extension
OVERLEAF_EMAIL_SMTP_NAME
Optional hostname for TLS validation if OVERLEAF_EMAIL_SMTP_HOST was set to an IP address, defaults to hostname of the machine.
OVERLEAF_EMAIL_SMTP_LOGGER
When true prints logging messages to web.log.
You can read more about using the Amazon SES SMTP interface to send email here.
OVERLEAF_EMAIL_SMTP_HOST
The hostname or IP address to connect to. Needs to be accessible from the Docker container
OVERLEAF_EMAIL_SMTP_PORT
The port to connect to
OVERLEAF_EMAIL_SMTP_USER
The username that should be used to authenticate against the SMTP server
OVERLEAF_EMAIL_SMTP_PASS
The password associated with the SMTP username
You can read more about using the Amazon SES API to send email here.
OVERLEAF_EMAIL_AWS_SES_ACCESS_KEY_ID
If using AWS SES the access key
OVERLEAF_EMAIL_AWS_SES_SECRET_KEY
If using AWS SES the secret key
OVERLEAF_EMAIL_AWS_SES_REGION
If not set, the default region is US-EAST-1
OVERLEAF_EMAIL_DRIVER:
When this is set to ses, the email system will use the SES API method and rely on the configured instance roles to send email.
OVERLEAF_CUSTOM_EMAIL_FOOTER
Custom HTML which is appended to all emails. e.g.
Example: "<div>This system is run by department x </div> <div> If you have any questions please look at our faq <a href='https://somwhere.com'>here</a></div>"
It's possible to extend an existing TeX Live image using a new Dockerfile and configure the application to use the new image.
Here we offer some guidelines to install new packages or fonts, but the configuration of a custom image is not covered by our support terms.
The TeX Live images receive infrequent updates. We suggest rebuilding custom images when upgrading Server Pro.
The following sections apply to Server Pro and Sandboxed Compiles only.
You can use tlmgr commands such as tlmgr install and tlmgr update to manage Tex Live packages as in the following example:
tlmgr in an older TeX Live imageBy default tlmgr downloads resources from the latest TeX Live release. When patching an older TeX Live image, the downloads need to be switched to the respective archive. See the list in https://www.tug.org/historic/ for mirrors of archives.
There are different procedures to install new fonts in a Tex Live distribution, and installing a custom font might require several steps. Checking the instructions to install TeX fonts in the official Tex Live documentation is probably a good starting point.
The following Dockerfile shows an example of installing a TrueType font over an existing Tex Live 2022 image:
Use the name quay.io/sharelatex/texlive-full and a custom tag to build the new image, as in:
We can now configure Server Pro to use the new 2023.1-custom image updating the TEX_LIVE_DOCKER_IMAGE and ALL_TEX_LIVE_DOCKER_IMAGES environment variables:
In the example above new projects are set by default to use the new 2023.1-custom image, while 2023.1 is still available for when it's needed.
You should only consider updating your MongoDB version if you're planning to upgrade your instance of Server CE/Server Pro.
If you're running a MongoDB version that is newer than the recommended for your current (or target) version there's no need to make any changes.
You should never downgrade your MongoDB version.
If you experience a specific problem that you think might be related to your current version of MongoDB, feel free to raise an issue if you are a Server CE user or contact Overleaf Support if you are Server Pro a user.
Opening the mongo shell should immediately print the current version.
Overleaf Toolkit users:
Docker Compose users:
Updating the version of MongoDB during an upgrade of your Server CE/Server Pro instance is as follows:
Decide the version of Server CE/Server Pro you plan to upgrade to.
Find the version of MongoDB recommended by that specific Overleaf Server CE/Server Pro release.
Follow the instructions to upgrade MongoDB to the target version.
Upgrade Server CE/Server Pro image version and restart the instance.
Our recommendation is to always upgrade Server CE/Server Pro to the latest version available, since it's always guaranteed to be supported (Server Pro users only). In case you decide to go to an earlier version, this table shows the recommended version of MongoDB for earlier releases of Server CE/Server Pro, but you should never downgrade your MongoDB version.
2.0.x
3.4
2.1.x to 2.4.x
3.6
>=2.5.0
4.0
>=3.1.0
4.2
>=3.2.0
4.4
>=4.2.0
5.0
>=5.1.0
6.0
You can view the end-of-life status for each version of MongoDB here.
MongoDB requires step-by-step upgrades. That means you can't go straight from, let's say 4.0 to 5.0. You need first to update 4.2 to 4.4, and then 5.0.
Note that the instructions for 5.0 point to a replica set install, instead of standalone. As Server Pro/CE 4.0.1+ uses transactions, MongoDB needs to be run as a replica set.
Toolkit users
Update MONGO_VERSION, e.g. MONGO_VERSION=6.0
Docker Compose users
Update the version of the mongo image tag, e.g. services -> mongo -> image:mongo:6.0;
In most cases the update just requires setting up a compatibility setting before actually updating the version. Let's see an example.
5.0 to 6.0Let's start by making sure we're running MongoDB 5.0:
Overleaf Toolkit users:
Docker Compose users:
According to the upgrade instructions, the only requirement is to have featureCompatibilityVersion set to 5.0. We do so by opening a MongoDB shell and running the indicated command:
Overleaf Toolkit users:
Overleaf Toolkit users:
We'll then stop Server CE/Server Pro and MongoDB instances using the bin/stop command, set MONGO_VERSION=6.0 in config/overleaf.rc, and then restart the mongo service using bin/up mongo) to verify the update went smoothly.
Finally, we'll update the Server CE/Server Pro image version to our target version and recreate all the services using the bin/up -d command.
Docker Compose users:
We'll then stop Server CE/Server Pro and MongoDB instances using the docker compose down command, update docker-compose.yml file to use image: mongo:6.0, and then restart the mongo service using the docker compose up mongo command to verify the update went smoothly.
Finally, we'll update Server CE/Server Pro image version to our target version and recreate all services using the docker compose up command.
Some times we need to change the schema of data in the database as we evolve Overleaf, migration scripts are used to automate this process. They will have been run on overleaf.com first which is the largest instance of Overleaf in the world so most eventualities will have been encounter already, however we make no guarantees over your data. Please ensure that you create a consistent backup of your data before upgrading you instance.
Overleaf Community Edition and Server Pro store their data in three separate places:
MongoDB Database: This is where user and project data reside.
Redis: serves as a high-performance cache for in-flight data, primarily storing information related to project editions and collaboration.
Overleaf Filesystem: stores non-editable project files (including images) and also acts as a temporary disk cache during project compilations.
For project files and full project history data we also support S3 compatible storage backends.
See Folders in detail for more information on the folder layout on disk.
There are three stores which need to included when taking a consistent backup:
MongoDB
Redis
Overleaf Filesystem data
In order to produce a consistent backup it is mandatory to stop users from producing new data while the backup process is running. We therefore advise scheduling a maintenance window during which, users should not be able to access the instance or edit their projects.
Before you start the backup process you will need to take your instance offline. Starting with Server Pro 3.5.0 the shutdown down process automates the closing of the site and the disconnection of users.
To shutdown your instance you'll need to run bin/docker-compose stop sharelatex if you are running a Toolkit deployment or docker compose stop sharelatex if you are running Docker Compose.
Once the sharelatex container has been stopped you can start the backup process.
Once the backup process has been completed successfully you'll need to start the sharelatex container. To do this run bin/docker-compose start sharelatex if you are running a Toolkit deployment or docker compose start sharelatex if you are running Docker Compose.
Backups should be stored on a separate server from the one your Overleaf instance is running on, ideally in a different location entirely.
Replicating databases onto multiple MongoDB instances might offer some redundancy, but it doesn't safeguard against corruption.
Testing your backups is the best way to ensure they are complete and functional.
MongoDB comes with a command-line tool called mongodump which can be used to create a backup of user and project data stored in the database.
For Toolkit deployments, the path where your non-editable files are stored is specified in config/overleaf.rc using the OVERLEAF_DATA_PATH environment variable, but, depending on when your instnace was created, this might be data/sharelatex.
Using a tool such as rsync to recursively copy this directory is required to ensure a complete backup is created.
Redis stores user sessions and pending document updates before they are flushed to MongoDB.
Append Only File (AOF) persistence is the recommended configuration for Redis persistence.
Toolkit users have AOF persistence enabled by default for new installs, existing users can find more information regarding enabling AOF here.
If you decide to continue using RDB snapshots along with AOF persistence you can copy the RDB file to a secure location as a backup.
At best you do not have any valuable data in the new instance yet. We do not have a process for merging the data of instances.
Assuming the new instance has no data yet, here are some steps you could follow. On a high level, we produce a tar-ball of the mongo, redis and overleaf volumes, copy it over to the new server, and inflate it there again.
Depending on your docker-compose.yml file, you may need to adjust the paths of the mongo, redis, overleaf volumes.
~/mongo_data (b)
mongodb datadir
~/redis_data (b)
redis db datadir
~/overleaf_data
bin
synctex (d)
unused in latest release, previously a custom synctex binary was used (synctex is used for source mapping between .tex files and the pdf)
data
cache (e)
binary file cache for compiles
compiles (e)
latex compilation happens here
db.sqlite (d)
unused in latest release, previously stored clsi cache details (either moved to simple in-memory maps or we scan the disk)
db.sqlite-wal (d)
unused in latest release, see db.sqlite
output (e)
latex compilation output storage for serving to client
template_files (b)
image previews of template system (Server Pro only)
user_files (b)
binary files of projects
history (b)
full project history files
tmp
dumpFolder (e)
temporary files from handling zip files
uploads (e)
buffering of file uploads (binary file/new-project-from-zip upload)
projectHistories (e)
temporary files for full project history migrations
In Server Pro, we only support using a single method of authentication at any one time. Once SSO has been enabled, users/administrators won't be able to log in using an Overleaf password, and you won't be able to create new users from the https://{your-instance-url}/admin/user URL.
When using SAML 2.0 or LDAP authentication, user accounts are automatically provisioned through Just-in-Time (JIT) account creation. This means that the first time a user logs in with their external identity provider credentials, their account is dynamically created within the system. No manual account setup is required beforehand; the user's account infomration is populated using the information provided by the SAML 2.0 or LDAP identity source.
When SSO is enabled, all local account passwords will no longer work (setting/resetting passwords in Server Pro is disabled), meaning that all users (regular users and administrators) must be able to authenticate using SSO.
If you're creating your first administrator account we recommend visiting the https://{your-instance-url}/launchpad URL and setting up your account from there.
Alternatively, you can run the following command against you the sharelatex Docker container:
The above command will create a user with the provided email address if they don't already exist, and make them an administrator. In the command output, you will be given a URL to visit where you can set the password for this user and log in for the first time.
If you're using internal accounts for authentication and need to elevate an existing user to an instance admin or revoke existing permissions, you can do this by following these steps:
Log in as an existing administrator
Click Admin -> Manage Users
Search for the user and click on their email address
Scroll down to the Site Admin section and click on the (show) link
Check the box Is Site Admin
Click the Save button to finish
Presently, there is no provision for deactivating accounts; they either exist with retained data or don't exist at all. The recommended approach is to leave the account and its associated data within Server Pro, ensuring any projects are part of your backup process.
Log in as an administrator
Click Admin -> Manage Users
Search for the user and check the box next to their email address
Click the bin icon
Click the Delete button to confirm
User can be deleted via the following command. As mentioned above, projects will also be deleted so be careful when using this command.
The deletion script uses a hard-coded force option that ensures the deletion process continues even if the account deletion email fails to send (for example, when the users email address is no longer in service).
Providing that a user has only been soft-deleted, it's possible to restore their account along with any projects.
Log in as an administrator
Click Admin -> Manage Users
Search for the user you want to restore
Click the Display deleted users button
Click on the deleted users email address
Click on the Recover This Account button
Click on the Recover button to confirm
When ENABLE_CRON_RESOURCE_DELETION is set to true, soft-deleted accounts can be restored within a 90-day window. After 90 days, account recovery is not possible.
We understand that user metrics is crucial for effective license management. While it is possible to see how many active users your instance has via https://you-instance-url/admin/user#license — you may be looking for something a little more programmatic to you can check periodically and export to a third-party application.
When managing user accounts, the process for updating user profile information depends on whether SSO is enabled.
If SSO is not in use, administrators have the ability to modify user account information through the Admin -> Manage Users interface where they can update a users email addresses, first name and last name, and generate a password reset link, if required.
Regular users can self-serve updating their own account details via Account -> Account Settings. From there, individuals have the same options but can also change their password and generate Git authentication tokens.
For deployments using SSO, Server Pro can be optionally configured to automatically update a user's first and last name during login. This update occurs using the information received from the configured authentication system during the authentication process.
When OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN or OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN are true — the user details form on https://your-instance-url/user/settings page is disabled and can't be used to update the account information. The first name and last name can only be set in your identity managment system.
Free disk space for migrating existing data, about the current on disk size
A maintenance window for doing the actual migration
A full backup, including the config, to enable restoring from it
We can use du for calculating the current disk usage:
In case you do not have sufficient disk space available on the current server, try attaching another disk to the server.
We need to make sure that all user/template files will get migrated. It is best to shut down the instance to avoid missing newly uploaded files.
Please see our guide on performing a consistent a backup for the shutdown procedure.
We need to rewrite the directory layout of project files for uploading them to S3. The directory layout for local storage in filestore is <project-id>_<file-id> and the directory layout in S3 is <project-id>/<file-id>.
In the following, /srv/overleaf-s3-migration is used for storing the files in the new directory layout.
We can make use of tar for rewriting the layout:
Depending on your preference, you can use the minio mc S3 client or the aws cli for uploading the files to your S3 compatible object storage.
aws cli
minio mc
We are using the server alias "s3" here, you may have picked another name.
For Docker Compose deployments, you can also remove the bind-mount for the data directory from the volumes section.
You can now start the instance and validate the migration:
can preview binary files in the editor
can compile a PDF with images
can upload new files
You can roll back the migration gracefully in reversing the steps:
Shutdown the instance
Mirror back the files by flipping the sequence of source/destination
Write new files back into the local directory using an inverse transform
Restart the instance with the old configuration
Once you are logged in as an administrator, you can visit /admin/register on your Overleaf instance and create new users. If you have an in your settings file, new users will be sent an email with a URL to set their password. If not, you will have to distribute the password reset URLs manually. These are shown when you create a user.
For more information, see our configuration guides for and .
From Server Pro Server Pro 5.2.1, the admin role can be granted/revoked via the SSO login process. For me information see our configuration guides for and .
As per our guide on , in general, it's advisable not to delete accounts (unless they are no longer required), as this action would lead to the removal of the account's projects and prevent any collaborators from accessing them.
By default, accounts are soft-deleted. For information regarding permanently removing users from your instance see ENABLE_CRON_RESOURCE_DELETION in the guide.
For more information on these settings, see our configuration guides for and .
We'd love to hear from you! If you'd like to share with us how many files you migrated over, their overall volume, and how long the migration took email .
This guide will walk you through the migration from on-disk storage to an S3-compatible object storage. It refers to sections of the introduction document on the .
A S3 compatible object storage to talk to, see for options
Add all the S3 related variables to your config, as detailed in the section in the setup guide.
Please keep the in place.
Starting with version 3.5.6 Server Pro supports horizontal scaling.
This document lists the technical requirements and provides guidelines for running Server Pro in more than one node.
Starting with Server CE/Server Pro 5.0.3 environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*.
If you're using a 4.x version (or earlier) please make sure the variables are prefix accordingly (e.g. SHARELATEX_SITE_URL instead of OVERLEAF_SITE_URL)
Setting up horizontal scaling requires a significant amount of effort. We advise considering horizontal scaling only when reaching a certain scale. As an example, a Server Pro installation for 1,000 total users has been set up successfully using a single server provisioned with two 4-core processors and 32GB of system memory. See the hardware requirements documentation for recommendations.
A deployment of Server Pro with horizontal scaling involves a set of external components, such as a Load Balancer and an S3-compatible storage backend.
We can help troubleshoot errors in the Server Pro containers that might be the result of misconfiguration and provide general advice based on this document. Unfortunately, we are unable to provide assistance configuring third-party applications/systems.
Resolving technical issues specific to your hardware/software to provide the external components are not covered by our support terms.
The data storage in Server Pro can be split into four data stores:
MongoDB
Most of the data is persisted into MongoDB.
We support either a local instance or an external instance, such as MongoDB Atlas (a fully managed MongoDB service that runs within the AWS infrastructure).
Note: Unfortunately, there is no official support for MongoDB compatible databases such as CosmoDB/DocumentDB at the moment, as we have not tested Server Pro with them. While deploying Server Pro with compatible databases may be possible, we only officially support deployments using MongoDB.
Redis
Redis stores temporary data, such as pending document updates before they are flushed to MongoDB.
Redis is used for communicating document updates between different services and notifying the editor about state changes in a given project.
Redis is used for storing the user sessions.
We support either a local instance or an external instance.
Note: Unfortunately, there is no official support for Redis compatible key/values stores such as KeyDB/Valkey at the moment, as we have not tested Server Pro with them. While deploying Server Pro with compatible stores may be possible, we only officially support deployments using Redis.
Project files and History files
Non-editable project files are stored outside of MongoDB.
The new project history system (Server Pro 3.5 onwards) stores the history outside MongoDB as well.
For small single instances we support either a local file system (which could be backed by a local SSD, NFS or EBS) or a S3 compatible data storage system.
For horizontal scaling, we only support S3 compatible data storage systems.
Important: NFS/Amazon EFS/Amazon EBS are not supported for horizontal scaling. Please see the hardware storage requirements section on scaling storage in Server Pro for more details.
Ephemeral files
LaTeX compiles need to run on fast, local disks for optimal performance. The output of the compilation does not need to persisted or backed up.
Buffering of new file uploads and the creation of project zip files also benefits from using a local disk.
We strongly advise on using a local disk. Using any kind of networked disk (such as NFS or EBS) can result in unexpected compile errors and other performance issues.
The git-repositories are stored locally on disk. There are no replication options available. Git-bridge should be run as a singleton. For optimal performance, we advise on using a local disk for git-bridge data. The git-bridge data disk should be backed up regularly.
For the data storage with horizontal scaling, you need:
a central MongoDB instance that is accessible from all Server Pro instances
a central Redis instance that is accessible from all Server Pro instances
a central S3 compatible storage backend for project and history files
a local disk on each instance for ephemeral files
a local disk on the instance that hosts the git-bridge container for git-bridge data
Persistent routing, e.g. using a cookie
This requirement stems from these components:
The real-time editing capability in Server Pro uses WebSockets with a fallback to XHR polling. Each editing session has local state on the server side and the requests of a given editing session always need to be routed to the same Server Pro instance. The collaboration feature uses Redis Pub/Sub for sharing updates between multiple Server Pro instances.
The LaTeX compilation keeps the output and compile cache locally for optional performance. Upon issuing a compile request to one Server Pro instance, the following PDF/log download requests need to be routed to the same Server Pro instance.
Long request timeouts to support the compilation of large LaTeX documents
WebSocket support for optimal performance
POST payload size of 50MB
Keep-alive timeout must be lower than the Server Pro keep-alive timeout
The keep-alive timeout inServer Pro can be configured using the environment variable NGINX_KEEPALIVE_TIMEOUT. The default value is 65s.
With the default, a keep-alive timeout of 60s in the load balancer works.
With NGINX_KEEPALIVE_TIMEOUT=120, the load balancer could pick 115s.
Client IPs
Set the request header X-Forwarded-For to the client IP.
When terminating SSL
The load balancer needs to add the request header X-Forwarded-Proto: https.
The Server Pro instances need to agree on shared secrets:
WEB_API_PASSWORD (web api auth)
STAGING_PASSWORD and V1_HISTORY_PASSWORD same value (history auth)
CRYPTO_RANDOM (for session cookie)
OT_JWT_AUTH_KEY (history auth)
All of these secrets need to be configured with their own unique value and shared between the instances.
When not configured and user requests get routed to different Server Pro instances, their request will fail authentication checks and they either get redirect to the login page frequently or their actions in the UI will fail in unexpected ways.
When not configured, Server Pro uses a new random value for each secret based on 32 random bytes from /dev/urandom (256 random bits).
Point OVERLEAF_MONGO_URL (SHARELATEX_MONGO_URL for versions 4.x and earlier) at the central MongoDB instance.
Point OVERLEAF_REDIS_HOST (SHARELATEX_REDIS_HOST for versions 4.x and earlier) and REDIS_HOST at the central Redis instance.
Please see the documentation on S3 compatible storage for details.
The default bind-mount of a local SSD to /var/lib/overleaf (/var/lib/sharelatex for versions 4.x and earlier) will be sufficient. Be sure to point SANDBOXED_COMPILES_HOST_DIR at the mount point on the host.
We strongly advise using a local disk. Using any kind of networked disk (such as NFS or EBS) can result in unexpected compile errors and other performance issues.
Set OVERLEAF_BEHIND_PROXY=true (SHARELATEX_BEHIND_PROXY for versions 4.x and earlier) for accurate client IPs.
Set TRUSTED_PROXY_IPS to the IP of the load balancer (Multiple CIDRs can be specified, separated with a comma).
The git-bridge container needs a sibling Server Pro container for handling incoming git requests. This sibling container can serve regular user traffic as well. In the sample configuration, the first instance acts as sibling container for git-bridge, but any instance could function as that really.
Why do we need to designate one Server Pro container as sibling for git-bridge? Server Pro hands out download URLs for the history service to git-bridge. We need to configure these history URLs to be accessible from the git-bridge container.
Server Pro container config:
Set GIT_BRIDGE_ENABLED to 'true'
Set GIT_BRIDGE_HOST to <git-bridge container name> e.g. git-bridge
Set GIT_BRIDGE_PORT to 8000
Set V1_HISTORY_URL to http://<server-pro sibling container name>:3100/api.
Note: This is only necessary on the sibling container for the git-bridge container. The other instances can use a localhost URL, which is the default.
git-bridge container config:
Set GIT_BRIDGE_API_BASE_URL to http://<server-pro sibling container name>/api/v0, e.g. http://server-pro-ha-1/api/v0
Set GIT_BRIDGE_OAUTH2_SERVER to http://<server-pro sibling container name>, e.g. http://server-pro-ha-1
Set GIT_BRIDGE_POSTBACK_BASE_URL to http://<git-bridge container name>:8000, e.g. http://git-bridge:8000
Set GIT_BRIDGE_ROOT_DIR to the bind-mounted git-bridge data disk, e.g. /data/git-bridge
We recommend using the same hardware specifications for all the Server Pro instances that are taking part in horizontal scaling.
The general recommendations on hardware specifications for Server Pro instances apply.
As part of the upgrade process, Server Pro automatically runs database migrations. These migrations are not designed to be run from multiple instances in parallel.
The migrations need to finish before the actual web application is started. You can either check the logs for an entry of Finished migrations or wait until the application accepts traffic.
The upgrade procedure looks like this:
Schedule a maintenance window
Stop all the instances of Server Pro
Take a consistent backup as described in the documentation
Start a single instance of Server Pro with the new version
Validate that the new instance is working as expected
Bring up the other instances with the new version
From a login perspective, the primary identifier for a user is their email address. If you are migrating from locally based authentication to SSO or you're migrating from one IdP to another, you may be required to update users email addresses.
To help with this, a script is provided that will migrate user emails using a CSV file with the following format:
oldEmail,newEmail
After performing some validation checks, the script will iterate through the CSV file and update the users' email addresses from oldEmail to newEmail.
Before running the migration the <csv_file> will be checked to ensure that:
For each row, both the oldEmail and the newEmail are valid email addresses
There are no duplicate entries, for example, you are not attempting to update different users to the same new email address or you are attempting to update the same user account with an already-used email address
--commit
The inclusion of the --commit flag will actually do the migration. When omitted, the migration will happen in a dry-run mode where no changes are made but validation is still performed.
Default:false
--continue
The --continue flag will continue the migration process if a user account if the email address on the account has already been updated
--ignore-missing
The --ignore-missing flag will continue the migration process if a user account was not found
--admin-id
The --admin-id should be set to the ID of the Administrator who is performing the migration and will be used for audit log entries. Go to Admin > Manage Users and search for your email address and click on the first result to find your user-id.
<csv_file>
The <csv_file> is the file with the old and new email addresses in
While executing the migration script, depending on the flags that you have chosen will determine whether an error is logged to the console and then continues, or logged to the console and exits. If the script terminates prematurely due to an error, it will exit with code 1 to denote that it was unsuccessful.
On completion of the migration, the script will log the number of successful, failed, and skipped updates to the console. If the migration is completed successfully it will exit with code 0.
* Some larger files may remain editable under certain circumstances. However, to ensure that a file remains editable, you should limit its size to 2 MB or less.
Administrators can see an Audit Log for each project. This audit log shows events such as when link-sharing changed between private/token-based, when invites were sent/accepted and when a user joined the project using a token. Administrators can view these logs on a per-project basis via Your Instance -> Admin -> Manage Users then:
Search for the user
Click the Projects tab
Select a project
Click on the (i) icon
Click the Audit Log tab
If a project is shared with a named collaborator (using their email address), once the recipient has joined, they will be listed on the Share modal with their permission and visible to the project owner. This information will also be shown to Administrators when viewing the Project Info tab for the project via the admin panel.
Log in using your administrator credentials
Click Admin and select Manage Users
Using the search field, enter the email of the user you want to restore the doc for
Click their email address in the list of returned results to open their user info page
Click the Projects tab and use the search field to search for the project
Click on the information icon next to the project name to open the Project Info
Click on the Deleted Docs tab
Click on the Undelete button next to the deleted doc to restore it back to the users project.
The restored file will take the following format: FILENAME-TIMESTAMP.EXTENSION. For example, a restored version of main.tex will be restored to the root of the project with the file name main-2024-02-23-130441542.tex.
The admin panel in Server Pro has a dedicated page per project. You can either get to it by searching for the user on "/admin/user", then going to their Projects tab, finding the project in the list and clicking on the infomration icon; or by directly navigating to the page with a known project-id https://your-instance-url/admin/project/. On the project info page, you can find a Transfer Ownership button, which opens a modal where you can specify any user as the new owner. The new owner does not need to be an existing collaborator on the project.
The default compile timeout for projects is currently set to 180 seconds. Changing this value is possible and requires a two-step process.
First, edit the config/variables.env file and add the COMPILE_TIMEOUTenvironment variable and set it's value to the desired timeout in seconds. For example, COMPILE_TIMEOUT=300 for 5 minutes.
It's not worth pushing the timeout past 10 minutes. If you do, you'll most likely hit a timeout in another component of the application.
Once this change has been made, you'll need to recreate the sharelatex container by running the bin/up -dcommand.
Setting this environment variable will update the timeout value for new users only it won't be applied in retrospect to existing users as it is populated when the user is first created.
To adjust the timeout for existing users, you'll need to change each user record in the database. We advise being very cautious about doing this, and recommend taking a consistent backup before making any changes.
To update the compile timeout value on all existing users you'll need to run the following shell command on the Docker host:
You will need to substitute <value> in the above query with the desired timeout value in seconds.
After the command completes, you should see an acknowledgement with the number of modified records. You can then type exit and then press the enter key to return to the host shell.
It is possible to see who and when a project is loaded with the following command:
This will give both the timestamp, user_id and project_id.
Server Pro licensing is quite different from other cloud-based solutions in that there is no concept of free collaboration, any user who logs in and accesses a project is considered an active user by the system, necessitating a corresponding license.
The active/inactive flag for an account is just a high-level indicator for administrators to help indicate usage. If a user who holds a Server Pro license leaves your organization, there is no immediate requirement to delete their account and their associated projects. This action is often required for regulatory and compliance purposes, but from a licensing point of view, the license allocated to the departing user can be reassigned to their successor, allowing for a seamless transition.
Administrators can view the total number of active users on your instance via Admin > Manage Users > License Usage. An active user is defined as someone who has opened a project on your Server Pro instance in the last 12 months.
In general, it's advisable not to delete accounts (unless they are no longer required), as this action would lead to the removal of the account's projects and prevent any collaborators from accessing them.
Presently, there is no provision for deactivating accounts; they either exist with retained data or don't exist at all. The recommended approach is to leave the account and its associated data within Server Pro, ensuring any projects are part of your backup process.
Over time, unused accounts will transition to an inactive state (as they will not have accessed a project within the past 12 months), denoting that they no longer require a license, even though the accounts and associated projects are retained. In the event a user returns, they can access their account and projects, reinstating their status as an active user and once again requiring a licence.
It's important to highlight that in Server Pro, Administrators retain the capability to access the projects of any user, even after that user has left the organization. This maintains a certain degree of access and authority over projects. Additionally, Administrators hold the ability to transfer ownership of projects from one user to another, offering full control over your data.
As Server Pro is architected to work offline, we have purposely chosen not to enforce a strict user limit, and there are no restrictions that would prevent new users from being onboarded in cases where deployments are over their seat limit. This helps ensure that users can access their projects when needed and are not hindered by a temporary lack of seats.
When it comes to renewals, as Server Pro doesn't transmit usage information back to us, we rely on customers to report their user count for license compliance. As mentioned above, as Server Pro doesn't enforce a strict user limit, and there's no explicit 'inactive' setting for users -- this means that if you're aware of inactive users, you have the option to exclude them when reporting your seat count to us.
If you are using SSO, an alternative way would be to report the number of users within your authorized group rather than the total number of active users in the Server Pro instance, as the latter might encompass older, inactive accounts.
†There's no enforced limit on total project size. However, you may find some technical limitations when working with very large projects. We recommend a maximum project size of 500 MB, or less than 100 MB if using our . Projects above these sizes may work, but staying within these limits will give you the best experience.
You can find information about performing back-ups .
In cases where you go over your seat limit, we would request that you reach out to the Success team () to let us know at your earliest convenience. The Success team can then provide you with prorated pricing for adding more seats, either midterm or aligned with your subsequent renewal.
Compile timeout
Default: 180 seconds.
See Updating project compile timeout for more information about customizing this value.
Maximum number of files per project
2000
Maximum size of editable material per project
Default: 7 MB.
See Environment variables for more information about customizing this value.
Maximum size of an individual editable text file
2 MB*
Maximum size of an individual upload
50 MB
Maximum size of project
Unlimitedâ€
Maximum number of projects
Unlimited
If an individual user would like to use a template from the Template Gallery on overleaf.com they would need to:
Navigate to the Template Gallery on overleaf.com and locate the required template, for example IEEE Photonics Journal Paper Template - Example Submission
Click on the Open as Template button
Click on the project menu and choose Download Source
Next, log into their on-premise Server Pro account
Click the New Project button from the projects dashboard and choose Upload Project
Click the Select a .zip file button and choose the downloaded template zip file
The user can then use this newly uploaded template as required.
Quick guides for common issues
This page is designed to help you deal with common issues you may encounter while running your on-premises version of Overleaf.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.
