1 of 77

On-premises

Welcome

This is where you'll find all the technical documentation for Overleaf Server Pro and Overleaf Community Edition, our on-premises versions of Overleaf.

Overleaf is a collaborative LaTeX editor loved by researchers and tech teams. Our cloud version is available at overleaf.com. These docs are specifically for people interested in setting up and maintaining Overleaf Server Pro or Community Edition.

Overview of Server Pro and Community Edition

Both Server Pro and Community Edition run in Docker containers, isolating them from other applications on the same host. This provides an additional layer of security by preventing potential cross-application attacks.

They can run on air-gapped servers, which means they can be completely isolated from other networks, including the Internet. Docker provides tooling for transferring the application from an internet-connected to an air-gapped environment.

After the initial download, no internet connection is required, significantly reducing the risk of external threats.

Stay up to date

to get updates on:

New releases and features
Enhancements
Security patches

All mailing list emails originate from the email address [email protected]

Quick links

Server Pro vs. Community Edition

Server Pro and Community Edition are both on premises versions of Overleaf. But what are the differences?

Benefits for users

Feature

Community Edition

Server Pro

Release notes

Release notes 6.x.x Release notes 5.x.x Release notes 4.x.x Release notes 3.x.x Release notes 2.x.x Release notes 1.x.x Release notes 0.x.x

Server Pro version support

To remain on a supported track, you should be running one of the supported release numbers listed below in the rightmost column (Latest Patch).

Release notes 1.x.x

Server Pro 1.2.1

(Community Edition Image ID: 8e1bae81acac)

Server Pro 1.2.0

Use both 2016 and 2017 versions of texlive, for backward compatibility

Server Pro 1.1.0

Update texlive to 2017.1
Use https for the learn-wiki proxy by default

Server Pro 1.0.2

A new option, keep the pdf view in sync while you type
A new feature, replacing the public/private permissions system
New administration interface
Package-aware Autocomplete

Server Pro 1.0.0

Upgraded all internal services to latest node-js runtime
Per-User Track Changes
Improved Autocomplete
Improved Spellcheck

Getting started

Before you start

Get the most from installing Overleaf by preparing thoroughly.

Before you install Overleaf, it's important to familiarize yourself with the requirements, installation process, configuration options, and upgrade sections of this documentation. It's also crucial to have a solid understanding of your organization's requirements for using Overleaf and the necessary underlying infrastructure needed for its successful operation.

What can I do to prepare?

Understand the requirements for running Overleaf. This involves evaluating your organization's existing server environment, network capabilities and storage resources. Ensure that your infrastructure meets or exceeds the specified requirements outlined in this documentation.

Before initiating the installation process, ensure you have administrative access to the server where you intend to deploy Overleaf. This may involve coordinating with your IT team or system administrators to obtain the necessary permissions and resources. Additionally, review any security considerations or network policies that might impact the installation.

What if I have a problem?

Please note that we are not able to provide support for local installations of the free Community Edition.

If you encounter any problems, we recommend first consulting the section of the documentation as it contains common issues and required information needed by the support team if you need to reach out for assistance.

By following these steps and thoroughly reading the documentation, you'll be well-prepared to install, configure, and maintain Overleaf according to your organization's requirements. Remember that a solid understanding of your infrastructure and the installation process is key to a successful deployment.

Requirements

Installing Overleaf requires the right skills, as well as particular hardware and software.

Make sure you read this section thoroughly before proceeding with any installation of Overleaf.

Requirements for installing Server Pro and Community Edition

We strongly

Skills needed

We recommend that the on-site administrator of your Overleaf instance has:

General IT administration skills
Familiarity with Linux command line tools
General networking knowledge and troubleshooting skills
Experience backing up and restoring production systems

Software requirements

Operating systems

For the best experience when running Overleaf, we highly recommend using a Debian-based operating system, such as Ubuntu. This choice aligns with the software's development environment and is the preferred option among the majority of Overleaf users.

When using Server Pro with Sandboxed Compiles, it's

Installation

Introduction

Whether you're a researcher interested in running the Community Editition in your trusted workgroup or an enterprise organisation wanting to integrate Server Pro into your existing infrastructure, to get started, we always highly recommend setting up your new instance using our with the default Community Edition image as doing so is a great way to familiarize yourselves with the platform's requirements and helps ensure a smooth experience when deciding to upgrade to Server Pro.

Like the Community Edition, Server Pro comes as a Docker container and is a direct drop in replacement and additionally includes features such as SSO provided via LDAP and SAML2, improved security, tracked changes, comments, our optimized version of TeX Live, templates and administration panel.

Once you've depolyed the Community Edition using the Toolkit and familiarized yourself with the application, you can easily switch to Server Pro by following the instructions .

A Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.

Using the Toolkit

The Toolkit is the recommended way to deploy and manage Overleaf Server CE and Server Pro instances.

In this section we will guide you through downloading the Toolkit from GitHub, familiarizing yourself with some of the Toolkit's commands and configuring some basic settings. By the end of this page you should have a running on-premises instance over Overleaf.

1. Download the Toolkit

Downloading the Toolkit

The Toolkit is compatible with both the Server CE and Server Pro and is the recommend installation method. Using the Toolkit will allow you to easily get started with Server CE and seamlessly upgrade to Server Pro if required.

To install the Toolkit you'll need to navigate to the intended installation path and then clone the Overleaf Toolkit GitHub repository using this command:

git clone https://github.com/overleaf/toolkit.git ./overleaf-toolkit

To prevent any potential permissions issues we recommend installing the Toolkit in your users $HOME directory.

Wait for the cloning process to complete then let's switch into the newly created overleaf-toolkit directory:

2. Familiarize yourself with the Toolkit

Taking a look around

Now that we have a local copy of the Toolkit, let's take a look at the structure of the repository using the ls command:

The ls -l

3. Initialize the configuration

Initializing the configuration

Let's initialize our new server's configuration files with some sensible defaults by running the bundle bin/init script.

bin/init

This script will not overwrite any existing configuration files.

Now let's check the contents of the config/ directory using the ls command:

ls config

If everything was successfully initialized you should see three configuration files overleaf.rc, variables.env and version. These are the main server configuration files and allow you to customize how your server operates and how your users interact with your instance.

Name

Description

For now, it's enough to know that these files exist and where you can find them. Later in the documentation we'll go through each of the files in more detail and explain how you can customize your instance using them. If you want to skip ahead you can see a full breakdown of these configuration files on the .

4. Choose Community Edition or Server Pro

If you're a Server Pro customer please continue with the next steps to log into our image repository and change the Toolkit configuration to use the Server Pro image. If not, you can skip this section and move on to the personalizing your instance step.

Obtaining Server Pro Image

Server Pro is distributed as a Docker image on the quay.io registry: quay.io/sharelatex/sharelatex-pro

You will have been supplied with a set of credentials when you signed up for a Server Pro license.

First use your provided credentials to log in to the quay.io repository:

docker login quay.io
Username: <sharelatex+your_provided_username>
Password: <your_provided_password>

Then run bin/docker-compose pull to pull the Server Pro image from the registry.

These credentials do not provide access to the website.

Switching to Server Pro

If you're deploying an on-premises version of Overleaf for the first time we highly recommend first setting up the Overleaf Toolkit with the Community Edition before switching to Server Pro as this will help you get familiarized with the process.

As Server Pro can be used as a drop-in replacement for the Community Edition you'll be able to use all your existing settings and customizations. When you're ready, Toolkit deployments can enable Server Pro by editing the config/overleaf.rc file and changing the SERVER_PRO environment variable to true.

The next time you run bin/up, the Toolkit will automatically download and use the Server Pro image.

If you're upgrading from the Community Edition to Server Pro you can do that now. If not, please move onto the next step in the deployment guide to personalize your instance.

5. Personalizing your instance

Personalizing your instance

Before we start your Overleaf instance for the first time we're going to update the config/variables.env configuration file with your custom information.

Open the config/variables.env file using your favourite text editor and update each of the following environment variables with the required information.

Name

6. Post-installation tasks

Creating your first administrator account

In a browser, open . You should see a form with email and password fields. Fill these in with the credentials you want to use as the administrator account, then click Register.

Then click the link to go to the login page (). Enter the credentials. Once you're logged in, you'll see the welcome page.

Click the green button at the bottom of the page to start using Overleaf.

Upgrading TeX Live

To save bandwidth, both the Overleaf Community Edition and Server Pro images only come with a minimal install of . You can install more packages or upgrade to a complete TeX Live installation using the command in the sharelatex container.

The following instructions only apply to Community Edition installations. We highly recommend that Server Pro users enable as this provides users with access to the same TeX Live images used on as well as providing isolation between project compiles for enhanced security.

Configuration

Overleaf Toolkit

The following pages provide detailed descriptions of the various configuration files and settings that are required to configure and customize your deployment when using the Overleaf Toolkit.

Each of these files plays a specific role in the configuration process, and understanding their functions will help you to tailor your on-premises version of Overleaf to your specific needs.

Server Pro-only configuration

The features in this section are only available for Overleaf Server Pro.

Don't have Server Pro? If you're running Community Edition, switching to Server Pro is straightforward. Find out more about .

Adding LaTeX user help

You can enable access to Overleaf's Learn pages within your Server Pro instance by simply adding OVERLEAF_PROXY_LEARN=true to your config/variables.env file in the Toolkit and running the bin/up command.

This allows users to access current documentation and learning resources by clicking the Documentation button in the navigation menu, all without leaving your instance.

For Docker Compose deployments, you'll need to add the environment variable OVERLEAF_PROXY_LEARN: true to the environment section of the sharelatex service in to your docker-compose.yml file.

Your Server Pro deployment will require access to the internet so it can perform external GET requests to .

Logging

If an error occurs in any of the processes it will be written to the respective log file such as /var/log/overleaf/web.log.

Toolkit users can have a look at the logs inside the container using the bin/logs script:

You can use the bin/logs script to view logs for the following services: clsi, contacts, docstore, document-updater, filestore, git-bridge, mongo

Localization

i18n Languages

Both the Overleaf Community Edition and Server Pro have been translated into multiple languages.

The language can be set via OVERLEAF_SITE_LANGUAGE with one of the following options:

en - English (default)
es - Spanish
pt - Portuguese
de - German
fr - French
cs - Czech
nl - Dutch
sv - Swedish
it - Italian
tr - Turkish
zh-CN - Chinese (simplified)
no - Norwegian
da - Danish
ru - Russian
ko - Korean
ja - Japanese
pl - Polish
fi - Finnish

Some of these are more complete than others, we always endeavor to have all supported languages fully translated, if you would like to help with our translations please get in touch!

Multi-language support

Overleaf can support multiple languages per container. This is done via different domains configured to respond in a set language using the environment variable OVERLEAF_LANG_DOMAIN_MAPPING with an escaped JSON string.

Password restrictions

It is possible to enforce password restrictions on user accounts when using the native Overleaf login system for authentication.

It is not possible to enforce password restrictions for SSO (LDAP/SAML 2.0) logins. These must be configured in your Identity Provider (IdP).

To do so, you'll need to set the relevant environment variable in the Toolkits config/variables.env file.

Name

Description

Redis

Enabling password authentication

If you're you're using an external Redis service and need to provide a password you can do this by setting the OVERLEAF_REDIS_PASS and REDIS_PASSWORD environment variables in the config/variables.env file and running the bin/up -d command to recreate the sharelatex container.

If you're running a local instance of Redis, you'll need to configure the redis service to start with password authentication. After setting the above environment variables, you'll also need to complete these additional steps:

Maintenance

Upgrading your deployment

The is a git repository, so it's easy to get new Toolkit features. Just run the bin/upgrade command and follow the on-screen prompts.

It is worth noting that the Docker image version (at config/version), is managed separately from the Toolkit code updates. Updating the Toolkit code will not automatically change the version of the Docker image that you are running. This means that in most cases, you are able to upgrade your Toolkit version without upgrading your deployment.

The `bin/upgrade` Script

Extending TeX Live

It's possible to extend an existing TeX Live image using a new Dockerfile and configure the application to use the new image.

Here we offer some guidelines to install new packages or fonts, but the configuration of a custom image is not covered by our support terms.

The TeX Live images receive infrequent updates. We suggest rebuilding custom images when upgrading Server Pro.

The following sections apply to Server Pro and only.

User and project management

Understanding license usage

Server Pro licensing is quite different from other cloud-based solutions in that there is no concept of free collaboration, any user who logs in and accesses a project is considered an active user by the system, necessitating a corresponding license.

The active/inactive flag for an account is just a high-level indicator for administrators to help indicate usage. If a user who holds a Server Pro license leaves your organization, there is no immediate requirement to delete their account and their associated projects. This action is often required for regulatory and compliance purposes, but from a licensing point of view, the license allocated to the departing user can be reassigned to their successor, allowing for a seamless transition.

Administrators can view the total number of active users on your instance via Admin > Manage Users > License Usage. An active user is defined as someone who has opened a project on your Server Pro instance in the last 12 months.

In general, it's advisable not to delete accounts (unless they are no longer required), as this action would lead to the removal of the account's projects and prevent any collaborators from accessing them.

Presently, there is no provision for deactivating accounts; they either exist with retained data or don't exist at all. The recommended approach is to leave the account and its associated data within Server Pro, ensuring any projects are part of your backup process.

Over time, unused accounts will transition to an inactive state (as they will not have accessed a project within the past 12 months), denoting that they no longer require a license, even though the accounts and associated projects are retained. In the event a user returns, they can access their account and projects, reinstating their status as an active user and once again requiring a licence.

It's important to highlight that in Server Pro, Administrators retain the capability to access the projects of any user, even after that user has left the organization. This maintains a certain degree of access and authority over projects. Additionally, Administrators hold the ability to transfer ownership of projects from one user to another, offering full control over your data.

As Server Pro is architected to work offline, we have purposely chosen not to enforce a strict user limit, and there are no restrictions that would prevent new users from being onboarded in cases where deployments are over their seat limit. This helps ensure that users can access their projects when needed and are not hindered by a temporary lack of seats.

In cases where you go over your seat limit, we would request that you reach out to the Success team () to let us know at your earliest convenience. The Success team can then provide you with prorated pricing for adding more seats, either midterm or aligned with your subsequent renewal.

When it comes to renewals, as Server Pro doesn't transmit usage information back to us, we rely on customers to report their user count for license compliance. As mentioned above, as Server Pro doesn't enforce a strict user limit, and there's no explicit 'inactive' setting for users -- this means that if you're aware of inactive users, you have the option to exclude them when reporting your seat count to us.

If you are using SSO, an alternative way would be to report the number of users within your authorized group rather than the total number of active users in the Server Pro instance, as the latter might encompass older, inactive accounts.

Bulk transfer of project ownership

To aid with the handover for all of a users projects to another user, Server Pro includes a script for bulk transfer of project ownership.

The projects will be added to a new tag in the new project owners account. The tag is named after the current users email address and has prefix "transferred-from", example: "[email protected]".

Added in Server Pro version 5.5.3.

Usage

Support

Project limits

Feature

Limit

Support guides

Quick guides for common issues

Using templates as an individual

If an individual user would like to use a template from the Template Gallery on overleaf.com they would need to:

Navigate to the Template Gallery on overleaf.com and locate the required template, for example IEEE Photonics Journal Paper Template - Example Submission
Click on the Open as Template button
Click on the project menu and choose Download Source
Next, log into their on-premise Server Pro account
Click the New Project button from the projects dashboard and choose Upload Project
Click the Select a .zip file button and choose the downloaded template zip file

The user can then use this newly uploaded template as required.

An account is required

OVERLEAF_LANG_DOMAIN_MAPPING = '
    {
        "www": {
        "lngCode": "en",
        "url": "https:\/\/www.example.com"
        },
        "fr": {
        "lngCode": "fr",
        "url": "https:\/\/fr.example.com"
        },
        "de": {
        "lngCode": "de",
        "url": "https:\/\/de.example.com"
        },
        "sv": {
        "lngCode": "sv",
        "url": "https:\/\/sv.example.com"
        },
        "zh": {
        "lngCode": "zh-CN",
        "url": "https:\/\/zh.example.com"
        },
        "es": {
        "lngCode": "es",
        "url": "https:\/\/es.example.com"
        }
    }'

# Overleaf Toolkit setup:
# email based
toolkit$ bin/run-script modules/server-ce-scripts/scripts/transfer-all-projects-to-user.mjs [email protected] [email protected]

# user-id based
tookit$ bin/run-script modules/server-ce-scripts/scripts/transfer-all-projects-to-user.mjs --from-user=68880f000000000000000000 --to-user=68880f000000000000000001

# Legacy docker-compose.yml setup:
$ docker exec sharelatex /bin/bash -c "source /etc/overleaf/env.sh && source /etc/container_environment.sh && cd /overleaf/services/web && node ./modules/server-ce-scripts/scripts/transfer-all-projects-to-user.mjs [email protected] [email protected]"

notifications

real-time

redis

spelling

tags

track-changes

web

web-api

history-v1

project-history

# You can use the following command to view the web service logs
bin/logs web

# You can use --help for help
bin/logs --help

# You can also look at the logs for multiple services at once:
bin/logs filestore docstore web clsi

# You can follow the log output using the -f flag
bin/logs -f filestore docstore web clsi

# You can use the -n {number} flag to limit the number of lines to print (default 50)
bin/logs -n 50 web

# You can use the -n all flag to show all log lines
bin/logs -n all web

# You can use > to redirect the output to a file
bin/logs -n all web > web.log

# Shows the installed Docker version
docker --version

# docker compose plugin (v2)
docker compose version

# List the running Docker containers on your system
docker ps

CONTAINER ID   IMAGE                                     COMMAND                  CREATED        STATUS                        PORTS                NAMES
b1fadcd1dcb1   quay.io/sharelatex/sharelatex-pro:5.4.0   "/sbin/my_init"          23 hours ago   Up About a minute             0.0.0.0:80->80/tcp   sharelatex
7900ebb9ebb8   redis:6.2                                 "docker-entrypoint.s…"   45 hours ago   Up About a minute             6379/tcp             redis
fbd49d420e59   mongo:6.0                                 "docker-entrypoint.s…"   45 hours ago   Up About a minute (healthy)   27017/tcp            mongo

FROM quay.io/sharelatex/texlive-full:2022.1

RUN tlmgr option repository <MIRROR>/systems/texlive/<YEAR>/tlnet-final
# e.g. RUN tlmgr option repository ftp://tug.org/historic/systems/texlive/2022/tlnet-final

RUN tlmgr update --force ebproof

When you run the bin/upgrade command, the script will check if there is an available update to the Toolkit code, and offer to update your Toolkit. You can always say no to this upgrade, and nothing will change.

Release notes 6.x.x

Server Pro 6.0.1

Release date: 2025-11-17

Server Pro Image ID: a339d58ea444
Community Edition Image ID: 719649cd32f8
Git Bridge Image ID: 38f569f6f277

This release fixes several compile issues emerging after the latest runc updates.

The minimum MongoDB version for Server CE/Pro 6.0.1 is now MongoDB 8.0. You can view our documentation about upgrading MongoDB .

Server Pro 6.0.0

Release date: 2025-10-30

Server Pro Image ID: 579c87536b16
Community Edition Image ID: 21b21080312f
Git Bridge Image ID: 38f569f6f277

Binary file migration

This new release reduces the storage usage of binary files in half.

An online migration is included in version 5.5, allowing for minimal downtime as part of the upgrade. Before upgrading to Server Pro v6 make sure you're already running the latest version of Server Pro v5.5 () and have run the migration.

MongoDB upgrade to v8

This release bumps the minimum MongoDB version to 8.0

If you're currently using MongoDB v6 or earlier, you'd need to update your versions one major version at a time (v6 → v7 → v8).

Please ensure you have a backup before upgrading. In case of roll-back, you will need to restore the database backup.

For instructions on how to upgrade MongoDB v6 → v7 → v8 see our step-by-step guide .

Redis upgrade to v7.4

This release also bumps the minimum Redis version to 7.4.

Update your REDIS_IMAGE in your config/overleaf.rc to REDIS_IMAGE=7.4.

New Features

Link sharing now can be disabled with OVERLEAF_DISABLE_LINK_SHARING=true.
OVERLEAF_MAINTENANCE_MESSAGE and OVERLEAF_MAINTENANCE_MESSAGE_HTML are now available to customise the title and content of the Maintenance page.
OVERLEAF_USER_HARD_DELETION_DELAY and OVERLEAF_PROJECT_HARD_DELETION_DELAY

Bugfixes

Fixed footer rendering with links.
Improved error messages on SAML login errors.
Fixed audit log entry not added when a user's admin state is updated on SSO login.
Fixed History panel errors when TLS is enabled in Redis.

Other changes

All the links to the status page (set via OVERLEAF_STATUS_PAGE_URL) now use HTTPS and open in a new browser tab.

TLS proxy

An optional TLS proxy for terminating HTTPS connections, using NGINX.

Run bin/init --tls to initialise local configuration with NGINX proxy configuration, or to add NGINX proxy configuration to an existing local configuration. A sample private key is created in config/nginx/certs/overleaf_key.pem and a dummy certificate in config/nginx/certs/overleaf_certificate.pem. Either replace these with your actual private key and certificate, or set the values of the TLS_PRIVATE_KEY_PATH and TLS_CERTIFICATE_PATH variables to the paths of your actual private key and certificate respectively.

A default config for NGINX is provided in config/nginx/nginx.conf which may be customised to your requirements. The path to the config file can be changed with the NGINX_CONFIG_PATH variable.

If you have a docker-compose.yml based deployment, or manage your own NGINX reverse proxy, you can view an example nginx.conf file .

Add the following section to your config/overleaf.rc file if it is not there already:

If you are using an external TLS proxy (i.e. not managed by the Overleaf Toolkit), please ensure that OVERLEAF_TRUSTED_PROXY_IPS=loopback,<ip-of-your-tls-proxy> is set in your config/variables.env, e.g. OVERLEAF_TRUSTED_PROXY_IPS=loopback,192.168.13.37.

If you are using a subnet from 172.16.0.0/12 (default subnet for Docker networks) for your local network, you will need to set OVERLEAF_TRUSTED_PROXY_IPS=loopback,<network> in your config/variables.env. Where <network> is the IPAM -> Config -> Subnet value in docker inspect overleaf_default, e.g. OVERLEAF_TRUSTED_PROXY_IPS=loopback,172.19.0.0/16. This is to prevent the spoofing of X-Forwarded headers.

If the OVERLEAF_TRUSTED_PROXY_IPSis not set manually it defaults to loopback. If setting manually, you must ensure you include one of loopback, localhost or 127.0.0.1, which trusts the nginx instance running inside the sharelatex container.

In order to run the proxy, change the value of the NGINX_ENABLED variable in config/overleaf.rc from false to true and re-run bin/up.

By default, the HTTPS web interface will be available on https://127.0.1.1:443. Connections to http://127.0.1.1:80 will be redirected to https://127.0.1.1:443. To change the IP address that NGINX listens on, set the NGINX_HTTP_LISTEN_IP and NGINX_TLS_LISTEN_IP variables. The ports can be changed via the NGINX_HTTP_PORT and TLS_PORT variables.

If NGINX fails to start with the error message Error starting userland proxy: listen tcp4 ... bind: address already in use ensure that OVERLEAF_LISTEN_IP:OVERLEAF_PORT does not overlap with NGINX_HTTP_LISTEN_IP:NGINX_HTTP_PORT.

Migrating from Server Pro to Group Professional

Switching from a self-hosted Server Pro instance to a new cloud-based Overleaf Group Professional subscription is a big change, so to make this process as smooth as possible we've put together the following guidance.

In general, we propose a three-month overlap period starting on your renewal date. This means that:

Your existing Server Pro instance and your new Group Professional subscription will both be fully active.
Your technical team can schedule time to get the Group Professional subscription set up and decide on the future of your on-premises deployment of Server Pro.
Most importantly, your users will have ample time to copy their projects over to the new Overleaf Group Professional platform.

This quick guide will walk you through the key steps for this migration. Let’s get you started!

Phase 1: Setup and Configuration

Overleaf will create your Group Professional subscription and add your Lead Administrator.
Your group administrator will now be able to enable , configure , and .

Enabling Managed Users and implementing SSO is a required step for FedRAMP® LI-SaaS compliance. Therefore, if your organization requires FedRAMP compliance, we highly recommend that you set up Managed Users and SSO prior to inviting your end users.

Phase 2: User Migration & Data Management

This is the primary migration window and has the following responsibilities:

End-Users

Users should actively migrate any projects they wish to keep from your Server Pro instance to their new accounts on . The process involves from Server Pro and to their account on . If a user doesn't already have an account, they can make one at .

Only the project source code (LaTeX and binary files) will be transferred through this export procedure. Any existing project settings, sharing settings, comments, tracked changes, etc. won't be transferred. Users will need to re-invite their collaborators through this procedure.

Technical Staff

During this phase, your technical team should plan for the post-migration handling of your on-premises Server Pro instance and its data.
Data Backup: You can export all projects before decommissioning. This creates an archive that allows you to assist users who may have forgotten to migrate or download their work. Instructions can be found .
Server Pro Decommissioning: After the migration window closes and your license key is disabled, you have two main options for the Server Pro instance itself:

The Community Edition does not have nor /. If you need to revert back to native authentication (username/password), please see the guide .

For a comparison of Server CE vs. Server Pro see .

Phase 3: Server Pro Decommission

The Overleaf team will formally deactivate your Server Pro license key. We will send a confirmation once this is complete. This is when you will need to either uninstall Server Pro completely or switch to Community Edition as described above.

Files and locations

This page describes the configuration files that are used by the Toolkit to configure your on-premises deployment of Overleaf.

Persistent Data

The Overleaf Toolkit needs to store persistent data, such as the files required to compile LaTeX projects, and the contents of the MongoDB database. This is achieved by mounting a few directories from the host machine into the Docker containers, and writing the data to those directories.

Data Directories

The sharelatex container requires a directory in which to store data relating to LaTeX compiles. This directory is set with the OVERLEAF_DATA_PATH variable in config/overleaf.rc.

The mongo container, if it is enabled, requires a directory in which to store it's database files, and the same is true of the redis container. These directories can also be configured in config/overleaf.rc.

File Permissions

Because Docker runs as root, the data directories will end up being owned by the root user, even if the Toolkit is being used by a non-root user. This is not a problem, but is worth being aware of, if you intend to alter the persistent data from outside of the containers.

Configuration file location

All user-owned configuration files are found in the config/ directory.

This directory is excluded from the git revision control system, so it will not be changed by updating the Toolkit code. The Toolkit will not change any data in the config/ directory without your permission.

Changes to the configuration files will not be automatically applied to existing containers, even if the container is stopped and restarted (with bin/stop and bin/start). To apply the changes, run bin/up, and behind the scenes, docker compose will automatically apply the configuration changes to a new container. (Or, run bin/up -d, if you prefer to not attach to the Docker logs.)

The `overleaf.rc` file

The config/overleaf.rc file contains the most important top level configuration settings used by the Toolkit. It contains statements that set variables, in the format VARIABLE_NAME=value.

To see a breakdown of all available configuration options see our settings section.

The `variables.env` file

The config/variables.env file contains environment variables that are loaded into the sharelatex container, and used to configure the Overleaf microservices. These include the name of the application, as displayed in the header of the web interface, settings for sending emails, and other premium settings such as SSO for use with Server Pro.

To see a breakdown of all available environment variables see the section.

The `version` file

The config/version file contains the version number of the Docker image that will be used to create the running instance of your Overleaf server.

Changes to these configuration files will not be automatically applied to existing containers, even if the container is stopped and restarted (with bin/stop and bin/start).

To apply your changes, run bin/up, and the Toolkit will automatically create a new container for you with configuration changes applied.

The `docker-compose.override.yml` file

If present, the config/docker-compose.override.yml file will be included in the invocation to docker compose. This is useful for overriding configuration specific to Docker compose.

See the for more details.

Server Pro infrastructure

Services

The Server Pro infrastructure comprises four primary services: sharelatex, git-bridge (optional), mongo and redis. The sharelatex service, which runs the main Server Pro application, depends on the mongo and redis services for its database and caching/real-time functionalities and the git-bridge to handle the (optional). The only port published on the host machine is port 80, which is by the sharelatex container.

Server Pro also optionally supports for project files and full project history as well as being able to proxy access to the main . For more information, see our guide on pages.

If required, MongoDB and Redis can be externalised using environment variables to point to external services. For more information, see if you are using Docker Compose and if using the Overleaf Toolkit.

Compiling

For , the sharelatex container will orchestrate the creation of new containers to handle project compiles, it does this via the Docker socket on the host machine. You can read more about the editor and end-to-end compile/caching process .

Networking

Communication between containers is facilitated through Docker's internal DNS resolution via a dedicated bridge network, and no firewalls are enabled. By default, the above services use their respective standard ports but are configurable by environment variables. The sharelatex container uses port 80 for external web access (served by Nginx), the mongo container uses port 27017 and redis uses port 6379.

For customers using our managed solution , you can optionally for terminating HTTPS connections using Nginx via an environment variable. Alternatively, you can use your existing TLS proxy.

You can view a diagram explaining the flow of requests .

Summary

Outside the Docker network, only port 80 is accessible and bound to Nginx. Note: The sharelatex container runs many that communicate with each other via HTTP. However, these ports are not accessible from outside the Docker network.
Inside the Docker network, Overleaf services, MongoDB, Redis and Git Bridge can talk to each other freely.
Inside containers, no network is available.

drwxr-xr-x 3 fry fry  4096 Aug 30 14:16 bin
-rw-r--r-- 1 fry fry  6465 Aug 30 14:16 CHANGELOG.md
drwxr-xr-x 2 fry fry  4096 Sep  6 12:43 config
drwxr-xr-x 5 fry fry  4096 Aug 30 14:22 data
drwxr-xr-x 3 fry fry  4096 Aug 30 14:16 doc
drwxr-xr-x 3 fry fry  4096 Aug 30 14:16 lib
-rw-r--r-- 1 fry fry 34520 Aug 30 14:16 LICENSE
-rw-r--r-- 1 fry fry  1178 Aug 30 14:16 README.md

# Overleaf Toolkit users
$ bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/export-user-projects.mjs --export-all --output-dir=/var/lib/overleaf/data/exports"

# Legacy docker-compose.yml users
docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/export-user-projects.mjs --export-all --output-dir=/var/lib/overleaf/data/exports"

[
  {
    "text": "Some link",
    "url": "http://example.com/somelink",
    "class": "subdued",
    "only_when_logged_out": true
  },
  {
    "text": "Help",
    "class": "subdued",
    "dropdown": [
      {
        "text": "Documentation",
        "url": "/learn"
      },
      {
        "text": "Contact Admin",
        "url": "http://example.com/contact"
      }
    ]
  }
]

# add to toolkit/variables.env
OVERLEAF_HEADER_EXTRAS=[{"text":"Some link","url":"http://example.com/somelink","class":"subdued","only_when_logged_out":true},{"text":"Help","class":"subdued","dropdown":[{"text":"Documentation","url":"/learn"},{"text":"Contact Admin","url":"http://example.com/contact"}]}]

# add to config/variables.env
OVERLEAF_LEFT_FOOTER=[{"text": "This is an example text footer entry!"}]
OVERLEAF_RIGHT_FOOTER=["text": "This is an example URL footer link!", "url" : "/my-first-link.htm"]

docker cp <csv_file> sharelatex:/overleaf/services/web/<csv_file>
docker exec sharelatex /bin/bash -c "cd /overleaf/services/web;node ./modules/server-ce-scripts/scripts/migrate-user-emails.js [--commit] [--continue|--ignore-missing] [--admin-id=ADMIN_USER_ID] <csv_file>"

Templates

With Server Pro, you have the ability to create and publish your own templates, within your self-hosted environment, as well as re-distribute downloaded templates from the Template Gallery on overleaf.com.

Setting up the templates user

In Server Pro, a single user is responsible for publishing the curated list of templates that are visible on your local template gallery /templates.

To do this, you'll need to set the environment variable OVERLEAF_TEMPLATES_USER_ID in toolkit/config/variables.env to the ID of the user who will be responsible for template management within your instance, for example:

To obtain the ID of the user you wish to publish public templates:

Log in using an Administrator account and go to Admin > Manage Users.
Search for the user using their email address and click through to their user admin page. There you will find the ID:
Copy that ID and use it to set the environment variable OVERLEAF_TEMPLATES_USER_ID

Altering the configuration files of Server Pro typically necessitates the recreation of one or more containers. This procedure will cause user disconnections and lead to a period of downtime. As such, we advise implementing these modifications during prearranged maintenance periods.

Publishing templates

If you'd like to make templates available to all of your on-premise Server Pro users you'll need to:

Log in as the templates user.
As the templates user, create or upload a project containing the template's source code and make sure it compiles.
In the editor's left-hand menu, choose Manage Template.
Enter a custom description of the template

Did you know that you can transfer quality, pre-built LaTeX templates that are available on the at to your on-premise instance of Server Pro? For more information see the Transferring templates section below.

Unpublishing templates

If you'd like to unpublish a template you'll need to:

Log in as the templates user.
Open the previously existing project containing the template's source code.
In the editor's left-hand menu, choose Manage Template.
Once the confirmation popup is displayed, click Unpublish.

Once this has been done, the template should have been removed from the templates list.

Linking to your templates

Your gallery

On the templates gallery page, /templates, templates are grouped together using the tag which the user assigns to the projects, e.g. Journals, Reports etc. To see all templates add /all to the URL /templates/all, which can also be used as the default URL if you do not wish to use tags for groupings.

Like-wise, you can view/link to templates within a specific category by appending the tag name to the templates URL, for example: /templates/journals.

Did you know that if you tag a project multiple times it will appear in multiple groups.

When a user creates a new project, they can be shown customized links to template categories. These links are set via the OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS environment variable in toolkit/config/variables.env, for example:

Transferring templates from overleaf.com

As Server Pro has been architected to work offline, there isn't an automated way to integrate gallery templates into your on-premise installation, it is however possible to do this manually on a per template basis.

By default, Server Pro is configured to use a basic scheme version of TeXLive for compiles. This basic version is lightweight and only contains a very limited subset of LaTeX packages which, will most likely result in missing package errors for your users when attempting to use templates from on your local on-premise instance.

Unfortunately, whilst there isn't an automatic way to install missing packages, we do have a configurable setting within Server Pro that will allow your users to compile projects with access to more packages, and in a more secure way. This feature is called (also known as Sibling Containers).

To ensure that downloaded templates are compatible with your on-premise Server Pro instance, we highly recommend that you enable as this feature will provide your users with access to the same TeX Live environment as that on . These images contain the most popular packages and fonts and have already been tested against our gallery templates.

You can find additional information about configuring what TeX Live versions users are able to choose from within their project along with setting the default TeX Live image version for new projects in the section of our documentation.

Navigate to the on and locate the required template, for example
Click on the Open as Template button
Click on the project menu and choose Download Source
Next, log into the on-premise Server Pro account

The user can then use this newly uploaded template within their own account, or, as the templates user, you can publish it for other users to use.

An account is required.

Troubleshooting

This page is designed to help you deal with common issues you may encounter while running your on-premises version of Overleaf.

If you are using an earlier version please use sharelatex instead of overleaf in path names.

Running Overleaf with an NFS filesystem

Mounting a NFS filesystem in an Overleaf container is technically possible, but it's not recommended and can result in different types of performance errors.

One common error that compiles see is:

EBUSY: resource busy or locked, unlink '/var/lib/overleaf/data/compiles/62f3d57bef7cf9005c364e75-62f3d57bef7cf9005c364e7a/.nfs573663533034825247625441'

In particular we advise against using NFS backed filesystems for ephemeral data, like the directories use for compilation data. We recommend using a local scratch disk, preferably a local SSD for the following directories:

For docker-compose based setups, we suggest just overriding the bind-mount from NFS, which avoids changing paths in the application. Here's an example of a docker-compose config excerpt with the use of a scratch disk that is mounted at /scratch:

There is no need to migrate any existing files from the NFS to their new home after the update. The LaTeX compiler can recreate all the files with a full compilation run again.

Running Overleaf on Windows or macOS results in the mongoservice not starting

If you're running Overleaf on Windows or macOS, the mongo service may fail to restart, with an error:

To avoid this error, the data needs to be stored in a volume rather than a bind mounted directory (see ). To store data inside Docker volumes mounted inside the MongoDB and Redis containers, add the following to config/docker-compose.override.yml (create this file if it doesn't exist yet):

Upgrading to Redis 6.2 results in a restart loop

Use the docker logs redis command to output a copy of the logs.

`Fatal: Can't initialize Background Jobs`

The full output will look something like this:

Incorrect orientation of template gallery preview/thumbnail images

On occasion, the preview/thumbnail images generated by Server Pro can be created in the wrong orientation and require manual intervention to correct. These images are stored in /var/lib/overleaf/data/template_files/ (>= 5.0.3) and /var/lib/sharelatex/data/template_files/ (earlier).

We recommend backing up this folder before making any changes.

You'll need to follow the steps below for each affected template:

Please verify that you have enabled system calls. For pdflatex, this is 'pdflatex -shell-escape'.

The \write18 command is disabled by default in the Community Edition due to all compiles happening within the same sharelatex container, and all things considered, it is the safer default option for this particular type of installation.

Should you wish, you can enable this for pdflatex by creating a latexmkrc file in the root of your project with the content $pdflatex = 'pdflatex --shell-escape'; and then try recompiling.

git-bridge:
    restart: always
    image: quay.io/sharelatex/git-bridge:4.0.0 # tag should match the `sharelatex` container tag
    volumes:
        - ~/git_bridge_data:/data/git-bridge
    container_name: git-bridge
    expose:
        - "8000"
    environment:
        GIT_BRIDGE_API_BASE_URL: "http://sharelatex:3000/api/v0/" # "http://sharelatex/api/v0/" for version 4.1.6 and earlier
        GIT_BRIDGE_OAUTH2_SERVER: "http://sharelatex"
        GIT_BRIDGE_POSTBACK_BASE_URL: "http://git-bridge:8000"
        GIT_BRIDGE_ROOT_DIR: "/data/git-bridge"
    user: root
    command: ["/server-pro-start.sh"]

sharelatex:
    links:
        - git-bridge
    environment:         
         GIT_BRIDGE_ENABLED: true
         GIT_BRIDGE_HOST: "git-bridge"
         GIT_BRIDGE_PORT: "8000"
         V1_HISTORY_URL: "http://sharelatex:3100/api"

# TLS proxy configuration (optional)
NGINX_ENABLED=false
NGINX_CONFIG_PATH=config/nginx/nginx.conf
NGINX_HTTP_PORT=80
# Replace these IP addresses with the external IP address of your host
NGINX_HTTP_LISTEN_IP=127.0.1.1 
NGINX_TLS_LISTEN_IP=127.0.1.1
TLS_PRIVATE_KEY_PATH=config/nginx/certs/overleaf_key.pem
TLS_CERTIFICATE_PATH=config/nginx/certs/overleaf_certificate.pem
TLS_PORT=443

services:
  sharelatex:
    environment:
      SANDBOXED_COMPILES_HOST_DIR: /scratch/compiles/
    volumes:
      - nfs:/var/lib/overleaf/data
      - /scratch/cache/:/var/lib/overleaf/data/cache
      - /scratch/compiles/:/var/lib/overleaf/data/compiles
      - /scratch/output/:/var/lib/overleaf/data/output
      - /scratch/tmp/:/var/lib/overleaf/tmp

1:M 11 Feb 2024 15:19:22.609 # Server initialized
1:M 11 Feb 2024 15:19:22.609 # Fatal: Can't initialize Background Jobs.
1:C 11 Feb 2024 15:19:26.055 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo

OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS='[
   {"name":"All Templates","url":"/templates/all"},
   {"name":"All Categories","url":"/templates"},
   {"name":"Reports","url":"/templates/reports"},  
   {"name":"External","url":"https://somewhere.com/templates/reports"}
]'

====== Overleaf Doctor ======
- Host Information
    - Linux
    - Output of 'lsb_release -a':
            No LSB modules are available.
            Distributor ID:	Ubuntu
            Description:	Ubuntu 22.04.5 LTS
            Release:	22.04
            Codename:	jammy
- Dependencies
    - bash
        - status: present
        - version info: 5.1.16(1)-release
    - docker
        - status: present
        - version info: Docker version 28.0.4, build b8034c0
    - docker compose
        - status: present
        - version info: Docker Compose version v2.34.0
    - realpath
        - status: present
        - version info: realpath (GNU coreutils) 8.32
    - perl
        - status: present
        - version info: 5.034000
    - awk
        - status: present
        - version info: mawk 1.3.4 20200120
- Docker Daemon
    - status: up
====== Configuration ======
- config/version
    - status: present
    - version: 5.4.0
- config/overleaf.rc
    - status: present
    - values
        - OVERLEAF_DATA_PATH: data/overleaf
        - OVERLEAF_LOG_PATH: data/overleaf/logs
        - SERVER_PRO: true
        - SIBLING_CONTAINERS_ENABLED: true
            - logged in to quay.io: true
        - MONGO_ENABLED: true
        - REDIS_ENABLED: true
- config/variables.env
    - status: present
    - values
        - OVERLEAF_FILESTORE_BACKEND: fs
        - OVERLEAF_HISTORY_BACKEND: fs

====== Warnings ======
- None, all good
====== End ======

====== Configuration ======
- config/version
    - status: present
    - version: 5.4.0
- config/overleaf.rc
    - status: present
    - values
        - OVERLEAF_DATA_PATH: /tmp/overleaf 
        - SERVER_PRO: false
        - MONGO_ENABLED: false
        - REDIS_ENABLED: true
- config/variables.env
    - status: MISSING!

docker compose

config/

docker compose

mkdir -p /srv/overleaf-s3-migration/user_files \
         /srv/overleaf-s3-migration/template_files
docker exec sharelatex \
  tar --create --directory /var/lib/overleaf/data/user_files . \
| tar --extract --directory /srv/overleaf-s3-migration/user_files \
  --transform=sx_x/x
docker exec sharelatex \
  tar --create --directory /var/lib/overleaf/data/template_files . \
| tar --extract --directory /srv/overleaf-s3-migration/template_files \
  --transform=sx_x/xg

aws s3 sync /srv/overleaf-s3-migration/user_files s3://overleaf-user-files
aws s3 sync /srv/overleaf-s3-migration/template_files s3://overleaf-template-files

aws s3 sync /srv/overleaf-bind-mount/data/history/overleaf-project-blobs s3://overleaf-project-blobs
aws s3 sync /srv/overleaf-bind-mount/data/history/overleaf-chunks s3://overleaf-chunks

mc mirror /srv/overleaf-s3-migration/user_files s3/overleaf-user-files
mc mirror /srv/overleaf-s3-migration/template_files s3/overleaf-template-files

mc mirror /srv/overleaf-bind-mount/data/history/overleaf-project-blobs s3/overleaf-project-blobs
mc mirror /srv/overleaf-bind-mount/data/history/overleaf-chunks s3/overleaf-chunks

# When using aws cli
aws s3 sync s3://overleaf-user-files /srv/overleaf-s3-migration/user_files
aws s3 sync s3://overleaf-template-files /srv/overleaf-s3-migration/template_files
aws s3 sync s3://overleaf-project-blobs /srv/overleaf-bind-mount/data/history/overleaf-project-blobs
aws s3 sync s3://overleaf-chunks /srv/overleaf-bind-mount/data/history/overleaf-chunks

# When using minio mc
mc mirror s3/overleaf-user-files /srv/overleaf-s3-migration/user_files
mc mirror s3/overleaf-template-files /srv/overleaf-s3-migration/template_files
mc mirror s3/overleaf-project-blobs /srv/overleaf-bind-mount/data/history/overleaf-project-blobs
mc mirror s3/overleaf-chunks /srv/overleaf-bind-mount/data/history/overleaf-chunks

# Write files into local Server CE/Server Pro
tar --create --directory /srv/overleaf-s3-migration/user_files . \
| docker exec --interactive sharelatex \
    tar \
      --extract \
      --keep-old-files \
      --directory /var/lib/overleaf/data/user_files \
      --transform=sx./xx --transform=sx/x_x \
      --wildcards '*/*/*'

tar --create --directory /srv/overleaf-s3-migration/template_files . \
| docker exec --interactive sharelatex \
    tar \
      --extract \
      --keep-old-files \
      --directory /var/lib/overleaf/data/template_files \
      --transform=sx./xx --transform=sx/x_xg \
      --wildcards '*/*/*/*/pdf-converted-cache/*' \
      --wildcards '*/*/*/*/pdf' \
      --wildcards '*/*/*/*/zip'

====== Overleaf Doctor ======
- Host Information
    - Linux
    - Output of 'lsb_release -a':
            No LSB modules are available.
            Distributor ID:     Ubuntu
            Description:        Ubuntu 22.04.5 LTS
            Release:    22.04
            Codename:   jammy
- Dependencies
    - bash
        - status: present
        - version info: 5.1.16(1)-release
    - docker
        - status: present
        - version info: Docker version 27.3.1, build ce12230
    - realpath
        - status: present
        - version info: realpath (GNU coreutils) 8.32
    - perl
        - status: present
        - version info: 5.034000
    - awk
        - status: present
        - version info: GNU Awk 5.1.0, API: 3.0 (GNU MPFR 4.1.0, GNU MP 6.2.1)
    - openssl
        - status: present
        - version info: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
    - docker compose
        - status: present
        - version info: Docker Compose version v2.29.7
- Docker Daemon
    - status: up
====== Configuration ======
- config/version
    - status: present
    - version: 5.1.1
- config/overleaf.rc
    - status: present
    - values
        - OVERLEAF_DATA_PATH: data/overleaf
        - OVERLEAF_LOG_PATH: data/overleaf/logs
        - SERVER_PRO: true
            - logged in to quay.io: true
        - SIBLING_CONTAINERS_ENABLED: true
        - OVERLEAF_LISTEN_IP: 0.0.0.0
        - OVERLEAF_PORT: 80
        - MONGO_ENABLED: true
        - MONGO_IMAGE: mongo
        - MONGO_VERSION: 6.0
        - MONGO_DATA_PATH: data/mongo
        - REDIS_ENABLED: true
        - REDIS_IMAGE: redis:6.2
        - REDIS_DATA_PATH: data/redis
- config/variables.env
    - status: present
    - values
        - OVERLEAF_FILESTORE_BACKEND: fs
        - OVERLEAF_HISTORY_BACKEND: fs
====== Warnings ======
- None, all good
====== End ======

$ docker exec sharelatex sv status real-time-overleaf
run: real-time-sharelatex: (pid 394) 50s, want down, got TERM
# wait a little longer...

$ docker exec sharelatex sv status real-time-overleaf
down: real-time-sharelatex: 7s, normally up

$ docker exec sharelatex bash -c 'source /etc/container_environment.sh && source /etc/overleaf/env.sh && cd services/document-updater && LOG_LEVEL=info node scripts/flush_all.js'
...
{"name":"default","hostname":"...","pid":324,"level":30,"successCount":...,"failureCount":0,"msg":"finished flushing all projects","time":"...","v":0}
Done flushing all projects

# Overleaf Toolkit deployments:
$ bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin [email protected]"

# Legacy docker-compose.yml deployments:
$ docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin [email protected]"

# Overleaf Toolkit deployments:
$ bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user.mjs [email protected]"

# Legacy docker-compose.yml deployments:
$ docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user.mjs [email protected]"

# Total number of users
echo 'db.users.countDocuments()' | docker exec -i mongo mongosh --quiet localhost/sharelatex
# overleaf [direct: primary] sharelatex> 16

# Total number of users using metrics endpoint
docker exec sharelatex curl http://127.0.0.1:3000/metrics | grep num_active_users
# # HELP num_active_users num_active_users
# # TYPE num_active_users gauge
# num_active_users{app="web-api",host="b3ae4ff549d8"} 16

# Total number of active users
echo 'db.users.countDocuments({ lastActive: { $gte: new Date(new Date().getTime() - (365 * 24 * 60 * 60 * 1000)) } })' | docker exec -i mongo mongosh --quiet localhost/sharelatex
# overleaf [direct: primary] sharelatex> 10

bin/up

Data and backups

Some times we need to change the schema of data in the database as we evolve Overleaf, migration scripts are used to automate this process. They will have been run on overleaf.com first which is the largest instance of Overleaf in the world so most eventualities will have been encounter already, however we make no guarantees over your data. Please ensure that you create a consistent backup of your data before upgrading you instance.

When upgrading to a new Docker image, any migrations which have not yet been run will be automatically executed, this may take some time depending on the size of your dataset, tailing the logs will give tell you progress. For more information, see our Logging documentation.

Data storage

Overleaf Community Edition and Server Pro store their data in three separate places:

MongoDB Database: This is where user and project data reside.
Redis: serves as a high-performance cache for in-flight data, primarily storing information related to project editions and collaboration.
Overleaf Filesystem: stores non-editable project files (including images) and also acts as a temporary disk cache during project compilations.

This might be ~/sharelatex_data or ~/overleaf_data, depending on when you're instance was set up.

For project files and full project history data we also support S3 compatible storage backends.

See for more information on the folder layout on disk.

Performing a consistent backup

There are three stores which need to included when taking a consistent backup:

MongoDB
Redis
Overleaf Filesystem data

In order to produce a consistent backup it is mandatory to stop users from producing new data while the backup process is running. We therefore advise scheduling a maintenance window during which, users should not be able to access the instance or edit their projects.

Before you start the backup process you will need to take your instance offline. Starting with Server Pro 3.5.0 the shutdown down process automates the closing of the site and the disconnection of users.

To shutdown your instance you'll need to run bin/docker-compose stop sharelatex if you are running a Toolkit deployment or docker compose stop sharelatex if you are running Docker Compose.

Once the sharelatex container has been stopped you can start the backup process.

Once the backup process has been completed successfully you'll need to start the sharelatex container. To do this run bin/docker-compose start sharelatex if you are running a Toolkit deployment or docker compose start sharelatex if you are running Docker Compose.

Backups should be stored on a separate server from the one your Overleaf instance is running on, ideally in a different location entirely.
Replicating databases onto multiple MongoDB instances might offer some redundancy, but it doesn't safeguard against corruption.
Testing your backups is the best way to ensure they are complete and functional.

MongoDB

MongoDB comes with a command-line tool called which can be used to create a backup of user and project data stored in the database.

Overleaf Filesystem data

For Toolkit deployments, the path where your non-editable files are stored is specified in config/overleaf.rc using the OVERLEAF_DATA_PATH environment variable, but, depending on when your instnace was created, this might be data/sharelatex.

Using a tool such as rsync to recursively copy this directory is required to ensure a complete backup is created.

Redis

Redis stores user sessions and pending document updates before they are flushed to MongoDB.

Append Only File (AOF) persistence is the recommended configuration for Redis persistence.

Toolkit users have AOF persistence enabled by default for new installs, existing users can find more information regarding enabling AOF .

If you decide to continue using RDB snapshots along with AOF persistence you can copy the RDB file to a secure location as a backup.

Migrating data between servers

At best you do not have any valuable data in the new instance yet. We do not have a process for merging the data of instances.

Assuming the new instance has no data yet, here are some steps you could follow. On a high level, we produce a tar-ball of the mongo, redis and overleaf volumes, copy it over to the new server, and inflate it there again.

Toolkit

Docker Compose

Depending on your docker-compose.yml file, you may need to adjust the paths of the mongo, redis, overleaf volumes.

When running as the root user (or with sudo), tar will retain the file owner/group and permissions, which is critial when restoring the backup.

Folders in detail

The following folders have additional hints:

(b) include in backups, best when the instance is stopped to ensure consistency
(d) can be deleted

~/mongo_data (b)
- mongodb datadir
~/redis_data (b)

Microservices

The recommended way to deploy and manage Overleaf Server CE and Server Pro instances is via the use of the Toolkit.

The Toolkit simplifies the creation of your Overleaf instance through the use of some custom scripts that abstract away the orchestration of required microservices. Simply run the bundled initialization script, provide a few configuration options like your persistent storage paths, and the Toolkit will take care of provisioning and connecting the microservices that make up your Overleaf Server CE or Server Pro instance.

This leaves you free to focus on customizing the user experience and implementing the specific features that make up your on-premise instance. The Toolkit handles all the complexity behind the scenes, enabling a simplified deployment of your Overleaf instance.

For legacy reasons, the main Overleaf container is called sharelatex, and is based on the sharelatex/sharelatex Docker image. This is because the technology is based on the ShareLaTeX code base, which was merged into Overleaf. See for more details. At some point in the future, this will be renamed to match the Overleaf naming scheme.

Architecture

Inside the Overleaf container, the software runs as a set of microservices, managed by runit. Some of the more interesting files inside the container are:

/etc/service/: initialization files for the microservices.
/var/log/overleaf/: logs for each microservice.
/overleaf/services/: code for the various microservices.

The MongoDB and Redis Containers

Overleaf depends on two external databases: MongoDB and Redis. By default, the Toolkit will provision a container for each of these databases, in addition to the Overleaf container, for a total of three Docker containers.

If you would prefer to connect to an existing MongoDB or Redis instance, you can do so by setting the appropriate settings in the configuration file.

Editor and compile process

In this section we'll provide a broad overview for the handling of documents and the compile process.

This page describes the compile process with Sandboxed Compiles as available in Server Pro only. In Server CE, the compile process uses simple sub-processes -- replace the items referencing a container with a single item run compile in sub-process.

Components/Actors:

Name

Description

Redis caching

user: loads editor page
editor: opens web socket
editor: sends request to open a document via web socket
- real-time -> document-updater: document is loaded from MongoDB into Redis

Reading from MongoDB into Redis

document-updater -> web -> docstore: read from MongoDB

Flushing from Redis into MongoDB

document-updater -> web -> docstore: write into MongoDB

Compile - "full" sync-mode

editor: sends compile request with sync-mode set to "full" compile
web -> document-updater: any documents are flushed from redis into MongoDB
web -> docstore: all documents are downloaded from MongoDB
web ->

Compile - "incremental" sync-mode

editor: sends compile request with sync-mode set to "incremental" compile
web -> document-updater: get any documents from redis
- the "project state" hash is also stored in redis
- web sends the hash of the file tree to document-updater and document-updater can turn the incremental compile into a full compile on mismatch

Compile - switching between modes

editor: observes a compile failure, next compile is a "full" compile
editor: observes a compile success, next compile is an "incremental" compile

# added to variables.env

EXTERNAL_AUTH=ldap
OVERLEAF_LDAP_URL=ldap://ldap:389
OVERLEAF_LDAP_SEARCH_BASE=ou=people,dc=planetexpress,dc=com
OVERLEAF_LDAP_SEARCH_FILTER=(uid={{username}})
OVERLEAF_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com
OVERLEAF_LDAP_BIND_CREDENTIALS=GoodNewsEveryone
OVERLEAF_LDAP_EMAIL_ATT=mail
OVERLEAF_LDAP_NAME_ATT=cn
OVERLEAF_LDAP_LAST_NAME_ATT=sn
OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN=true

/var/lib/overleaf/: the mount-point for persistent data (corresponds to the directory indicated by OVERLEAF_DATA_PATH on the host).

S3

This document covers the setup of S3 in Server CE and Server Pro. A separate guide can be found on migrating existing data to S3 compatible storage.

When to consider using S3 for data storage

For instances with fewer than 1000 seats we recommend using local disk storage with regular consistent backups.

For larger instances with more than 1000 seats that reach limits of their local storage (size or throughput), we recommend using a S3 compatible object storage back end over other network based storage solutions like NFS.

S3 compatible object storage options

Here are the most popular options for S3 compatible object storage:

, managed, we suggest picking AWS S3 when running Overleaf CE/Server Pro on AWS
, self-hosted
, self-hosted
Other hosting providers also have some kind of managed S3 compatible object storage, you may want to use these instead of running your own when already running Overleaf CE/Server Pro at such a provider.

Latency considerations when picking a S3 compatible object storage

The latency between the Server CE/Server Pro instance and your S3 compatible object storage is a big contributor to the time it takes to complete the migration. The latency also impacts the file-upload performance in Server CE/Server Pro and slow file-downloads can have a big impact on PDF compile times as well. We suggest minimizing the geo-graphical distance between your Server CE/Server Pro instance and the S3 compatible object storage. In a managed environment, this would mean provisioning a bucket in the same region, and for an on-premise solution, running the two on the same campus.

S3 setup

We need four "buckets" and two restricted user accounts.

Buckets should not be publicly accessible

You may want/need to pick a different name, be sure to use the custom buckets in all the commands.

The following will use placeholders for actual credentials:

Environment variable

Description

Server CE and Server Pro only needs a small set of permissions on each bucket:

create object
get object
delete object
list bucket

Access Policies

Here is how a policy for the filestore user could look like:

Here is how a policy for the history user could look like:

Overview of variables

When using AWS S3

When using a self-hosted option

MINIO setup

MINIO_ROOT_USER and MINIO_ROOT_PASSWORD are the root credentials of the MINIO instance.

Please follow the for obtaining a copy of mc.

Binary files migration

The upcoming major version 6.0 release of Server Pro and Community Edition will reduce the storage usage of binary files in half. An online migration is included in version 5.5.6 , allowing for minimal downtime as part of the upgrade.

Since Server Pro 4.x, binary files are stored twice: in the active files storage in "filestore" and in the full project history system. Moving forward, a single copy of each file will be stored in the full project history system.

The migration to the consolidated storage system is composed of two parts: A new flag for controlling the phase of the migration and a script that processes all active and soft-deleted projects.

Phases:

OVERLEAF_FILESTORE_MIGRATION_LEVEL=0 (default), files are read and written to filestore. Files are written to history asynchronously.
OVERLEAF_FILESTORE_MIGRATION_LEVEL=1 , files are read from history with fallback to filestore and written to both filestore and the history. Downgrade to OVERLEAF_FILESTORE_MIGRATION_LEVEL=0 is possible.
OVERLEAF_FILESTORE_MIGRATION_LEVEL=2 files are read and written to history only. Downgrade to OVERLEAF_FILESTORE_MIGRATION_LEVEL=1 is not possible, unless it was performed "offline".

When storing data in and using separate service accounts for filestore (OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID) and history (OVERLEAF_HISTORY_S3_ACCESS_KEY_ID): Please grant the filestore user read access to the history bucket for blobs OVERLEAF_HISTORY_PROJECT_BLOBS_BUCKET . The filestore service will serve reads from the compiler service moving forward.

It is highly recommended to perform the binary files migration in a non-production/sandbox environment first.

If you upgrade to Server Pro/CE version 6.0 and later decide that you want to downgrade to an earlier version, then you should restore from a full system backup.

Migration procedure

Create a backup

Create a full of your instance with a consistent snapshot of the mongo, redis and sharelatex directories.

Offline migration

If you want to prevent users from being able to log in while the binary file migration script is running, please follow these steps:

Log into your Overleaf instance with an admin account
Click on the Admin button and choose Manage Site
Click the Open/Close Editor tab
Click on the Close Editor button

Once this has been done, if any users are logged in they will get redirected to the maintenance page, and any new users visiting the log-in page will see the maintenance page and won't be able to log in.

You need to repeat these steps when restarting the instance. To re-open the site, simply restart the instance.

Online migration

It is possible to run the migration scripts while the application is still running. There are a few considerations to take into account:

The migration process is IO intensive, you should monitor resource usage while the script is running.
With a high processing concurrency, the event loop in filestore service might experience some blocking, which would lead to a degraded user experience. We recommend starting with the default values of --concurrency=10 and --concurrent-batches=1 .
You can stop the script at any time. Starting it again will validate the previous projects and skip over files that have been processed already. This is useful in case you prefer to run the migration in less busy hours (e.g. at night).

Our recommendation is to close the site and run the migration offline in a maintenance window when your project count is less than 1000 projects (see output of the migration script when running with --report). If the number of projects is large you can run the script and monitor its progress, then decide whether to continue running it online or offline based on your particular case.

Clean up legacy binary file data

When you are done with the migration and verified that projects can still access all their files, you can remove the old file storage in /var/lib/overleaf/data/user_files. We highly recommend keeping these files around for a while - you can make them inaccessible to the application by renaming the folder first.

Troubleshooting

We will add troubleshooting advice here. Please note that while we normally offer support only to Server Pro customers, given the nature of this migration, we will also do our best to support CE customers who experience problems specific to the binary file migration.

If the binary file migration script fails (i.e. exits with an error or prints a non-zero number of failed projects), please send the following details to our support team by email , detailing:

Subject: Binary file migration problem

Body:

Instance Type: CE or Server Pro (delete as appropriate)
Installation Type: Overleaf toolkit or docker-compose.yml or other (delete as appropriate)
Version: 5.5.x (toolkit: $ cat config/version)

Consider attaching the log files for the filestore service to the email. You can find it at /var/log/overleaf/filestore.log inside the sharelatex container and export them like this:

Please redact any sensitive information from the log files before attaching them.

Missing files

Older versions of Server Pro/CE created file-tree entries before user uploads finished, which could cause files to appear as missing when an upload failed. You might find a few of these cases reported as errors when processing all the file-trees.

In case the number of missing files is low, consider manually reviewing these cases and delete them from the editor in the browser.

In case the number of missing files is high, consider reaching out to support, see email template above.

Finding broken file trees

The migration may fail for projects which have a malformed file tree (for example, where filenames are empty). You can find a list of these problems using the find_malformed_filetrees script which checks all projects in the database:

To fix the invalid paths, use the fix_malformed_filetree script, running the command once for each bad path:

# Gracefully shutdown the old instance
old-server$ bin/stop

# Create the tar-ball
old-server$ tar --create --file backup-old-server.tar config/ data/

# Copy the backup-old-server.tar file from the old-server to the
# new-server using any method that fits

# Gracefully shutdown new instance (if started yet)
new-server$ bin/stop

# Move new data, you can delete it too
new-server$ mkdir backup-new-server
new-server$ mv config/ data/ backup-new-server/

# Populate config/data dir again
new-server$ tar --extract --file backup-old-server.tar

# Start containers
new-server$ bin/up

# Gracefully shutdown the old instance
old-server$ docker stop sharelatex
old-server$ docker stop mongo redis

# Create the tar-ball
old-server$ tar --create --file backup-old-server.tar ~/OVERLEAF_data ~/mongo_data ~/redis_data

# Copy the backup-old-server.tar file from the old-server to
# the new-server using any method that fits

# Gracefully shutdown new instance (if started yet)
new-server$ docker stop sharelatex
new-server$ docker stop mongo redis

# Move new data, you can delete it too
new-server$ mkdir backup-new-server
new-server$ mv ~/OVERLEAF_data ~/mongo_data ~/redis_data backup-new-server/

# Populate data dirs again
new-server$ tar --extract --file backup-old-server.tar

# Start containers
new-server$ docker start mongo redis
new-server$ docker start sharelatex

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::overleaf-user-files"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::overleaf-user-files/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
      ],
      "Resource": "arn:aws:s3:::overleaf-project-blobs/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::overleaf-template-files"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::overleaf-template-files/*"
    }
  ]
}

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::overleaf-project-blobs"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::overleaf-project-blobs/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::overleaf-chunks"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::overleaf-chunks/*"
    }
  ]
}

# Enable S3 backend for filestore
OVERLEAF_FILESTORE_BACKEND=s3

# Bucket name for project files
OVERLEAF_FILESTORE_USER_FILES_BUCKET_NAME=overleaf-user-files

# Bucket name for template files
OVERLEAF_FILESTORE_TEMPLATE_FILES_BUCKET_NAME=overleaf-template-files

# Key for filestore user
OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID=...

# Secret for filestore user
OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY=...

# Bucket region you picked when creating the buckets.
OVERLEAF_FILESTORE_S3_REGION=""

# Enable S3 backend for history
OVERLEAF_HISTORY_BACKEND=s3

# Bucket name for project history blobs
OVERLEAF_HISTORY_PROJECT_BLOBS_BUCKET=overleaf-project-blobs

# Bucket name for history chunks
OVERLEAF_HISTORY_CHUNKS_BUCKET=overleaf-chunks

# Key for history user
OVERLEAF_HISTORY_S3_ACCESS_KEY_ID=...

# Secret for history user
OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY=...

# Bucket region you picked when creating the buckets.
OVERLEAF_HISTORY_S3_REGION=""

# Enable S3 backend for filestore
OVERLEAF_FILESTORE_BACKEND=s3

# Bucket name for project files
OVERLEAF_FILESTORE_USER_FILES_BUCKET_NAME=overleaf-user-files

# Bucket name for template files
OVERLEAF_FILESTORE_TEMPLATE_FILES_BUCKET_NAME=overleaf-template-files

# Key for filestore user
OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID=...

# Secret for filestore user
OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY=...

# S3 provider endpoint
OVERLEAF_FILESTORE_S3_ENDPOINT=http://10.10.10.10:9000

# Path style addressing of buckets. Most likely you need to set this to "true".
OVERLEAF_FILESTORE_S3_PATH_STYLE="true"

# Bucket region. Most likely you do not need to configure this.
OVERLEAF_FILESTORE_S3_REGION=""

# Enable S3 backend for history
OVERLEAF_HISTORY_BACKEND=s3

# Bucket name for project history blobs
OVERLEAF_HISTORY_PROJECT_BLOBS_BUCKET=overleaf-project-blobs

# Bucket name for history chunks
OVERLEAF_HISTORY_CHUNKS_BUCKET=overleaf-chunks

# Key for history user
OVERLEAF_HISTORY_S3_ACCESS_KEY_ID=...

# Secret for history user
OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY=...

# S3 provider endpoint
OVERLEAF_HISTORY_S3_ENDPOINT=http://10.10.10.10:9000

# Path style addressing of buckets. Most likely you need to set this to "true".
OVERLEAF_HISTORY_S3_PATH_STYLE="true"

# Bucket region. Most likely you do not need to configure this.
OVERLEAF_HISTORY_S3_REGION=""

mc alias set s3 http://10.10.10.10:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD

# Put the contents of the policies from the previous section in the
# respective json file policy-filestore.json and policy-history.json.
# Reminder: Replace the bucket names and credentials accordingly.

# filestore buckets, user and policy
mc mb --ignore-existing s3/overleaf-user-files
mc mb --ignore-existing s3/overleaf-template-files
mc admin user add s3 \
  OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID \
  OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY
mc admin policy create s3 overleaf-filestore policy-filestore.json
mc admin policy attach s3 overleaf-filestore \
  --user=OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID

# history buckets, user and policy
mc mb --ignore-existing s3/overleaf-project-blobs
mc mb --ignore-existing s3/overleaf-chunks
mc admin user add s3 \
  OVERLEAF_HISTORY_S3_ACCESS_KEY_ID \
  OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY
mc admin policy create s3 overleaf-history policy-history.json
mc admin policy attach s3 overleaf-history \
  --user=OVERLEAF_HISTORY_S3_ACCESS_KEY_ID

Migration script output (which should be located in the container under /var/log/overleaf)

SAML 2.0

Server Pro provides SAML 2.0 server integration for user authentication. For Toolkit deployments, the SAML 2.0 integration is configured via the config/variables.env file.

Overview

Internally, the Overleaf SAML 2.0 integration uses the passport-SAML library. Most of these configuration options are passed through to the server configuration object which is used to configure passport-SAML.

If you are having issues configuring SAML 2.0, it is worth reading the README for passport-SAML to get a feel for the configuration it expects.

To enable the SAML 2.0 module, the EXTERNAL_AUTH variable must be set to saml:

To preserve backward compatibility with older configuration files, if EXTERNAL_AUTH is not set, but OVERLEAF_SAML_ENTRYPOINT is set, then the SAML 2.0 module will be activated. We still recommend setting EXTERNAL_AUTH explicitly

Configuration

Name

Description

Passing keys and certificates

As of Server Pro 2.7.0:

The value of the OVERLEAF_SAML_CERT environment variable cannot be empty if SAML 2.0 is enabled (with EXTERNAL_AUTH=saml, or if OVERLEAF_SAML_ENTRYPOINT is set).

As of Server Pro 2.5.0:

The value of the OVERLEAF_SAML_CERT environment variable must be passed in single-line format (without the begin and end lines from the PEM format; see below for more information).
The value of the OVERLEAF_SAML_PRIVATE_CERT environment variable should be a full path to a file which contains the private key in PEM format.
The value of the OVERLEAF_SAML_DECRYPTION_PVK environment variable must be passed in PEM format (multi-line). (But single-line may be .)

To pass a key or certificate in multi-line format, wrap the entire value in double quotes and use new line characters (\n) as usual:

The above private key is an example key from the library's test suite. Do not use this key.

Metadata for the Identity Provider

Your Identity Provider (IdP) will need to be configured to recognize your Server Pro instance as a Service Provider (SP). How this is done will vary between different IdP's - we therefore recommend that you consult the documentation for your SAML 2.0 server for instructions on how to do this.

As of version 2.6.0, Server Pro includes a metadata endpoint which can be used to retrieve Service Provider Metadata from, for example https://my-overleaf-instance.com/saml/meta

Here is an example of appropriate Service Provider (SP) metadata, note the AssertionConsumerService.Location, EntityDescriptor.entityID and EntityDescriptor.ID properties, and set as appropriate.

Release notes 3.x.x

The standard Server Pro license allows you to run the application in a production environment as well as one in a non-production/sandbox environment; it is highly recommended that you provision a non-production environment for testing.

Server Pro 3.5.13

Release date: 2023-10-06

Image ID: 4f2113a3c903 (Community Edition Image ID: 0038aa2cc383)

Fixes history soft retry cronjob, which was executing the operation as a hard retry.

Server Pro 3.5.12

Release date: 2023-09-25

Image ID: af3621af7b83 (Community Edition Image ID: a461cd37241b)

Workaround a bug in the when multiple updates have the same version.

Server Pro 3.5.11

Release date: 2023-08-10

Image ID: dcfec83c5091 (Community Edition Image ID: 6f8a5409f146)

Fixed a bug in the when large deleted documents exist.
Extended the to free up mongo storage space.

We advise customers to re-run the script again as per the documentation.

Server Pro 3.5.10

Release date: 2023-07-20

Image ID: f83dc1e03fcf (Community Edition Image ID: 373b0b94b156)

This release includes security updates.

Server Pro 3.5.9

Release date: 2023-07-14

Image ID: d746f967e231 (Community Edition Image ID: 25aa7097b27b)

This release includes security updates.

Server Pro 3.5.8

Release date: 2023-06-29

Image ID: 03c294380d2c (Community Edition Image ID: 39d691cb806e)

Fixes a bug preventing anonymous users from adding changes to the Project History when Full Project History is enabled.

Server Pro 3.5.7

Release date: 2023-06-01

Image ID: 65cc2f2e2af6 (Community Edition Image ID: cc998380cad7)

Fixes a bug in the when using --force-clean that prevented migration reattempts in certain situations.

Server Pro 3.5.6

Release date: 2023-05-04

Image ID: 0dee80908e57 (Community Edition Image ID: 89c35e1b6ec8)

Added clean_sl_history_data script to .

Server Pro 3.5.5

Release date: 2023-03-21

Image ID: 35bda2a2a778 (Community Edition Image ID: 9db95d7e350c)

This release fixes the shutdown sequence in Server Pro / Community Edition.

Server Pro 3.5.4

Release date: 2023-03-20

Image ID: 44d12da219d7 (Community Edition Image ID: 563d00cfad2a)

This release disables the primary email check feature in Server Pro / Community Edition.

Server Pro 3.5.3

Release date: 2023-03-07

Image ID: 8c7444b2e929 (Community Edition Image ID: 60bef8c323a5)

This release includes a performance improvement to the .

Server Pro 3.5.2

Release date: 2023-03-07

Image ID: dca7282041af (Community Edition Image ID: cd45ea2957b0)

This release includes several improvements to the .

Server Pro 3.5.1

Release date: 2023-02-28

Image ID: 6a64c0f67077 (Community Edition Image ID: bfa72dc4430f)

This release includes a fix for a German translation in the editor.

Server Pro 3.5.0

Release date: 2023-02-13

Image ID: f6963b4eaad9 (Community Edition Image ID: 678db4634722)

This release includes the that is already available in our SaaS offering, and brings several improvements for users:

Tracks changes in binary files, which is unsupported in the legacy system. There is support for labelled versions. The system is in general more robust, there is less chance of data loss.

After upgrading your instance all new projects will be using Full Project History by default (unless opting-out, see environment variables in ). Existing projects will continue using the legacy History system, until they’re migrated.

This release also ships with official support for S3 compatible object storage. This could either be a self-hosted solution, like min.io or ceph.io, or AWS S3. The S3 based storage backend can optionally replaces the local fs/NFS storage backend. You can find a wiki page on and another wiki page describes the for moving existing data into S3. With S3-compatible object storage support we prepared Server Pro for horizontal scaling, look out for news here soon!

Bugfixes

Remove empty "Advanced" tab in admin panel.

Other changes

Added cleanup scripts to flush redis data on container shutdown. This might increase the time it takes to stop the instance to up to 1 minute. If you're not using the Overleaf Toolkit, you need to .
German translation coverage significantly improved ()

Server Pro 3.4.0

Release date: 2023-01-11

Image ID: 07f5275feec5 (Community Edition Image ID: 009c80a8d63e)

This release includes database migrations. Please before upgrading.

New Features

New environment variable SHARELATEX_STATUS_PAGE_URL can be set to a custom status page URL. This URL is displayed when the site is closed for maintenance and on 500 errors.

Bugfixes

Fix parsing of authnContext in passport-saml options (Server Pro).
Fix disconnect users option in site admin panel (Server Pro).

Other changes

Drop limit for output.pdf requests. This should mitigate errors compiling a project several times in a short time.
Memory management improvements during file upload process. These changes reduce pressure on the disk from fewer IO operations.

Server Pro 3.3.2

Release date: 2022-11-15

Image ID: c03e78f10d6d (Community Edition Image ID: eab840a50369)

This release includes a fix for a server error that can stop the project dashboard from opening:

TypeError: (project.archived || []).some is not a function

The fix sports a new migration for converting the archived and trashed state of projects from a per-project setting to a per-user setting.

As always, please take a of your database before upgrading to this release.

Server Pro 3.3.1

Release date: 2022-10-18

Image Id: 9194fb1de6b3 (no Community Edition image)

This release includes a security update addressing potential vulnerabilities with SAML auth provider integration.

Server Pro 3.3.0

Release date: 2022-10-13

Image ID: 56f044d08198 (Community Edition Image ID: 4c4bad165ea6)

This new release of Server Pro includes a MongoDB migration affecting several collections. Please ensure you have a before upgrading.

For CE users, and Server Pro users that don't run there is a change in how Latex packages are installed, now requiring to run tlmgr path add again after every use of tlmgr install in order to correctly symlink all the binaries into the system path.

New Features

User/Project audit logs can now store more than 200 entries.

Other changes

HTML content in Template descriptions is now sanitized using . This might affect your existing templates.

Server Pro 3.2.2

Release date: 2022-09-19

Image ID: 20e80bd600fb (Community Edition Image ID: 8552c59519a7)

Bugfixes

Fixes TexLive package setup (non-sandboxed compiles) (https://github.com/overleaf/overleaf/issues/1044)

Server Pro 3.2.1

Release date: 2022-08-26

Image ID: 3817bd0d07a4 (Community Edition Image ID: 31cc6bc2bfa7)

Bugfixes

Fixes source editor not being displayed (https://github.com/overleaf/overleaf/issues/1043)

Server Pro 3.2.0

Release date: 2022-08-16

Image ID: 4db483917643 (Community Edition Image ID: 1bce84a47f1f)

This new release of Server Pro includes several new features. It also requires updating Mongo version to 4.4. Upgrade instructions are . Please ensure you have a before upgrading.

New Features

User Activity and License Usage information (with a count of active users) is now displayed in the Admin Panel.
.
User Dictionary entries can now be deleted from the Editor Settings panel.
TexLive 2022 is available for instances running . Check the for instructions to upgrade. TexLive 2022 is also the default version for instances not running Sandboxed Compiles.

Bugfixes

Fixed .

Server Pro 3.1.1

Release date: 2022-08-10

Image ID: eb5802bfd8a4 (Community Edition Image ID: 401c5a25016d)

Bugfixes

Fixes history diff navigation (https://github.com/overleaf/overleaf/issues/1035)

Server Pro 3.1.0

Release date: 2022-05-17

Image ID: 699e7c990b0f (Community Edition Image ID: 9c9fe33828a0)

This release requires updating Mongo version to 4.2. Upgrade instructions are . Please ensure you have a before upgrading.

New Features

Other changes

TexLive 2021 is available for instances running . Check the for instructions to upgrade.
The path of the application inside the container has changed from /var/www/sharelatex to /overleaf; if you have bind mounts that use the old path, they will need to be updated.
Many small improvements and bugfixes.

Server Pro 3.0.1

Release date: 2021-10-05

Image ID: 5e87b3c5ad41 (Community Edition Image ID: 9155d8a13aaa)

This major release includes migrations that update the database in a backwards incompatible format. Please ensure you have a before upgrading, in case of roll-back you will not be able to read data in the new format.

This update brings general performance and stability improvements to the application, along with many small improvements and bugfixes.

We've recently updated the way we tag our docker images. In addition to 3.0.1, we're also tagging the new version as 3 and 3.0, representing the latest major and minor versions for the 3.x.x branch respectively. These new tags will be updated again when a new minor or hotfix version is published.

latest tag won't be immediately updated to this new major version. If you're using a docker-compose.yml please update your image tag to 3, 3.0 or 3.0.1. users can continue using the script as usual.

Important: before upgrading to this new major version you need to upgrade to version 2.7.1 first.

Troubleshooting

Duplicate Keys

A migration may occasionally fail due to unexpected duplicate entries in a mongo collection.

Duplicate keys in tags collection

If upgrading from 2.7.1 to 3.0.1 fails with messages containing MongoError: Error during migrate "20190912145029_create_tags_indexes": E11000 duplicate key error collection: sharelatex.tags index: user_id_1_name_1 dup key: {<…>} this means that one of your users has multiple tags/folders with the same name.

To recover, revert to your 2.7.1 backups and ask the user to make their tag/folder names unique. (The user id and specific tag name will be reported in the error message, so you can contact the affected user and mention the specific tag name that is problematic.) Then attempt the upgrade again.

You can also attempt to detect multiple tags in advance, before you upgrade, with the following aggregate:

If it returns no results, there are no duplicate tags, and the migration should succeed.

Duplicate keys in contacts collection

If you see the error MongoError: Error during migrate "20190912145001_create_contacts_indexes": E11000 duplicate key error collection: sharelatex.contacts index: user_id_1 dup key{<…>} this indicates a similar problem in the contacts collection. You can check how many entries are affected with the following command:

The contacts collection is a cache of names which appear as completions in the "Share Project" modal, it is not critical data. You can remove individual duplicate entries with the command

where the ObjectId value should be taken from the list of duplicates. When the duplicate contacts have been removed, the migration should succeed.

SAML initialisation error

You might see a cert is required error when upgrading from Server Pro 2.6.2 or earlier if SHARELATEX_SAML_CERT .

If you come across the issue, please add the SHARELATEX_SAML_CERT value, and update your instance to 2.7.1 before attempting to upgrade to 3.x.x.

# Overleaf Toolkit users:
$ bin/docker-compose exec sharelatex /bin/bash -c "source /etc/overleaf/env.sh && source /etc/container_environment.sh && cd /overleaf/services/history-v1 && /sbin/setuser www-data node storage/scripts/back_fill_file_hash.mjs --report"

# Legacy docker-compose.yml users:
$ docker compose exec sharelatex /bin/bash -c "source /etc/overleaf/env.sh && source /etc/container_environment.sh && cd /overleaf/services/history-v1 && /sbin/setuser www-data node storage/scripts/back_fill_file_hash.mjs --report"

Current status:
- Total number of projects: 10
- Total number of deleted projects: 5
Sampling 1000 projects to estimate progress...
Sampled stats for projects:
- Sampled projects: 9 (90% of all projects)
- Sampled projects with all hashes present: 5
- Percentage of projects that need back-filling hashes: 44% (estimated)
- Sampled projects have 11 files that need to be checked against the full project history system.
- Sampled projects have 3 files that need to be uploaded to the full project history system (estimating 27% of all files).
Sampled stats for deleted projects:
- Sampled deleted projects: 4 (80% of all deleted projects)
- Sampled deleted projects with all hashes present: 3
- Percentage of deleted projects that need back-filling hashes: 25% (estimated)
- Sampled deleted projects have 2 files that need to be checked against the full project history system.
- Sampled deleted projects have 1 files that need to be uploaded to the full project history system (estimating 50% of all files).

# Overleaf Toolkit users:
$ bin/docker-compose exec sharelatex /overleaf/bin/flush-history-queues

# Legacy docker-compose.yml users:
$ docker compose exec sharelatex /overleaf/bin/flush-history-queues

# Overleaf Toolkit users:
$ bin/docker-compose exec sharelatex /bin/bash -c "source /etc/overleaf/env.sh && source /etc/container_environment.sh && cd /overleaf/services/history-v1 && /sbin/setuser www-data node storage/scripts/back_fill_file_hash.mjs --all"

# Legacy docker-compose.yml users:
$ docker compose exec sharelatex /bin/bash -c "source /etc/overleaf/env.sh && source /etc/container_environment.sh && cd /overleaf/services/history-v1 && /sbin/setuser www-data node storage/scripts/back_fill_file_hash.mjs --all"

# Toolkit users:
$ bin/docker-compose run --rm --entrypoint mv sharelatex --no-clobber --verbose /var/lib/overleaf/data/user_files /var/lib/overleaf/data/old_user_files

# Legacy docker-compose.yml users:
# We are assuming that you are using the default bind-mount in /var/lib/overleaf
$ docker compose run --rm --entrypoint mv sharelatex --no-clobber --verbose /var/lib/overleaf/data/user_files /var/lib/overleaf/data/old_user_files
# In case you are using selective bind-mounts, you can simply remove the bind-mount for /var/lib/overleaf/data/user_files inside the container.

$ docker cp sharelatex:/var/log/overleaf/filestore.log .
# replace <timestamp> with the timestamp as printed by the script
$ docker cp sharelatex:/var/log/overleaf/file-migration-<timestamp>.log .

Set UV_THREADPOOL_SIZE=16
{"name":"default","hostname":"c25e9faaeb53","pid":971,"level":30,"backend":"fs","msg":"Loading backend","time":"2025-07-25T15:00:58.166Z","v":0}
Writing logs into /var/log/overleaf/file-migration-2025-07-25T15_00_58_199Z.log
Starting project file backup...
Loaded global blobs: 0
Processing non-deleted projects...
Processed 1 projects, elapsed time 0s
Done updating live projects
Processing deleted projects...
The collection deletedProjects appears to be empty.

Done updating deleted projects
Done.

$ docker cp sharelatex:/var/log/overleaf/file-migration-2025-07-25T15_00_58_199Z.log .
$ cat file-migration-2025-07-25T15_00_58_199Z.log
{"name":"file-migration","hostname":"c25e9faaeb53","pid":971,"level":30,"end":"68839a8f577b9f009d947b27 (2025-07-25T14:54:07.000Z)","msg":"actually completed batch","time":"2025-07-25T15:00:58.379Z","v":0}
{"name":"file-migration","hostname":"c25e9faaeb53","pid":971,"level":30,"time":"2025-07-25T15:00:58.383Z","LOGGING_IDENTIFIER":"4effa2000000000000000000","projects":1,"blobs":6,"filesWithHash":5,"filesWithoutHash":2,"filesDuplicated":0,"filesRetries":0,"filesFailed":0,"fileTreeUpdated":0,"badFileTrees":0,"globalBlobsCount":0,"globalBlobsEgress":0,"projectDeleted":0,"projectHardDeleted":0,"fileHardDeleted":0,"mongoUpdates":1,"readFromGCSCount":7,"readFromGCSIngress":28532,"writeToGCSCount":5,"writeToGCSEgress":300,"readFromGCSThroughputMiBPerSecond":0.14925639825786063,"eventLoop":{"idle":48.277844,"active":381.53244699971054,"utilization":0.8876763888372498},"diff":{"eventLoop":{"idle":48.223536,"active":134.04030200059555,"utilization":0.7354190687027976},"projects":1,"blobs":6,"filesWithHash":5,"filesWithoutHash":2,"filesDuplicated":0,"filesRetries":0,"filesFailed":0,"fileTreeUpdated":0,"badFileTrees":0,"globalBlobsCount":0,"globalBlobsEgress":0,"projectDeleted":0,"projectHardDeleted":0,"fileHardDeleted":0,"mongoUpdates":1,"readFromGCSCount":7,"readFromGCSIngress":28532,"writeToGCSCount":5,"writeToGCSEgress":300,"readFromGCSThroughputMiBPerSecond":0.14925639825786063},"deferredBatches":[],"msg":"file-migration stats","v":0}

docker exec -it mongo mongo
use sharelatex

db.tags.aggregate([
  {$group: {
    _id: {name: "$name", user_id: "$user_id"},
    count: {$sum: 1}
  }},
  {$match: {count: {$gt: 1}}},
  {$sort: {count: -1}}
])

docker exec -it mongo mongo
use sharelatex

db.contacts.aggregate([
  {$group: {
    _id: {user_id: "$user_id"},
    count: {$sum: 1}
  }},
  {$match: {count: {$gt: 1}}},
  {$sort: {count: -1}}
])

Release notes 2.x.x

Server Pro 2.7.1

Release date: 2021-09-16

Image ID: 823f6cb592f4 (Community Edition Image ID: 4f7d059759d2)

Bugfixes

This release includes a security update preventing editor sessions from being disconnected.

New Features

An image placeholder is displayed when a template preview is not generated (due to having ENABLE_CONVERSIONS environment variable set to false).

Server Pro 2.7.0

Release date: 2021-07-12

Image ID: e8efe0e39698 (Community Edition Image ID: 9ca6a3256fb6)

Bugfixes

Fixed comment attribution in projects with anonymous comments
Fixed collaborators redirected out of a project when the owner edited the collaborators
Fixed redis connections in the host machine when no password authentication is defined
Fixed host headers in i18n installs

Other changes

SHARELATEX_SAML_CERT for SAML setup.
Many small improvements and bugfixes

Server Pro 2.6.2

Release date: 2021-05-20

Image ID: 1f1f4f1c4f02 (Community Edition Image ID: 2d8a8b6d1930)

Bugfixes

Fixed references service crashing with .bib files larger than 6mb.
Fixed incorrect emailing attempt during user registration, which displayed an error message in the logs.
Fixed LDAP registration when firstName and lastName contain a list of variations with non-ascii characters.

Server Pro 2.6.1

Release date: 2021-04-23

Image ID: dd382a10a3e5 (Community Edition Image ID: cfd4ec616219)

This release includes performance and stability improvements for handling larger projects. These improvements are backed by changes to data structures in the Mongo database. The changes are implemented in a backwards compatible way for reading existing data, but new data is written in a backwards incompatible format. You may be able to upgrade without making any changes to the database at this time, but in case of a roll-back, you will not be able to read all the newly written data. A future release will migrate the old data to the new format. As with previous updates, please ensure you have a backup before upgrading.

Bugfixes

This release includes important security updates. It fixes some potential XSS vulnerabilities and upgrades to node 12 ahead of node 10 reaching end of life on 30 Apr 2021.
Fallback linearisation breaks PDF/A when not using sandboxed compiles.

New Features

SAML: Add /saml/meta endpoint to fetch .
for SMTP: SHARELATEX_EMAIL_SMTP_NAME and SHARELATEX_EMAIL_SMTP_LOGGER.
Added (SHARELATEX_EMAIL_AWS_SES_REGION).

Other

UI and performance improvements.
All services have been upgraded to Node v12 from v10.

Note: 2.6.1 is the initial release on the 2.6.x line, version 2.6.0 has not been published.

Server Pro 2.5.2

Release date: 2021-01-26

Image ID: 8afec2bb0ace (Community Edition Image ID: 62b08784fc5d)

Bugfixes

Fixed account activation with uppercase emails (https://github.com/overleaf/overleaf/issues/819)

Server Pro 2.5.1

Release date: 2021-01-14

Image ID: e9a932e0effd (Community Edition Image ID: 5d6493ce30fe)

Bugfixes

Fixed log rotation

Server Pro 2.5.0

Release date: 2020-11-20

Image ID: 7ae2382c68b3 (Community Edition Image ID: 6e6f3526af69)

New Features

.
is now available.
Mongo version updated to 4.0 (see ).

Bugfixes

Fixed anonymous read/write project links redirecting to the login page.
HTML code in SHARELATEX_LEFT_FOOTER is now correctly displayed.
Fixed SHARELATEX_CUSTOM_EMAIL_FOOTER not working.

Other

This will be the last CE/SP release where we officially support IE11. The next release in Q1 2021 will no longer be tested on IE11.

Server Pro 2.4.2

Release date: 2020-10-5

Image ID: 83c76915b65a (Community Edition Image ID: 814858a6bb38)

Bugfixes

Fixed anonymous read/write sharing
Fixed html links in left footer

Server Pro 2.4.1

Release date: 2020-08-26

Image ID: 6cf8c22f2903 (Community Edition Image ID: 4be5fcb14878)

No changes from 2.4.0. This release is just to keep the version numbering consistent between Server Pro and Community Edition.

Server Pro 2.4.0

Release date: 2020-08-20

Image ID: 6cf8c22f2903 (Community Edition Image ID: 2ff144360052)

New Features

Audit log for users' account settings updates

Bugfixes

This release fixes an important security issue: previously, it was possible for a specially crafted websocket request to bypass project authorization checks. https://github.com/overleaf/real-time/pull/177

Other changes

Many small improvements and bugfixes

Server Pro 2.3.1

Release date: 2020-06-30

Image ID: 6fc8c7709df6 (Community Edition Image ID: 050f166647d2)

Bugfixes

Fixed .

Server Pro 2.3.0

Release date: 2020-06-11

Image ID: feb1b349654b (Community Edition Image ID: 843316001077)

New Features

- (when using sandboxed compiles)
Show latexmk output in compile logs

Bugfixes

Fixed broken LuaLatex builds when not using sandboxed compiles
Fixed PDF/A validation broken when not using sandboxed compiles
Fixed project uploads from zip files with many large text files

Other changes

gravatar.com service is no longer used
Deleted documents no longer count toward overall project file limit
Improvements to dashboard tag management
Many small improvements and bugfixes

Server Pro 2.2.1

Release date: 2020-03-10

Image ID: 11dce4970997

Bugfixes

TexLive image not being persisted in project entities (project.imageName field)

Server Pro 2.2.0

Release date: 2020-02-10

Image ID: 4b4d9f8d4fad (Community Edition Image ID: 0867310d1151)

Bugfixes

Incorrect template layout is now fixed
Node upgrade to fix CVE-2019-15605, CVE-2019-15606 and CVE-2019-15604

New Features

reCAPTCHA is now disabled
Removed external access to Google Fonts.
Other minor improvements and bugfixes.

Server Pro 2.1.1

Release date: 2020-01-21

Image ID: 23f9a28eeef2 (Community Edition Image ID: e01ae3fd29ac)

Bugfixes

Fixed unable to share projects via email address.

Server Pro 2.1.0

Release date: 2020-01-14

Image ID: 61a994c2584f (Community Edition Image ID: 503763f211f2)

New Features

Email confirmation banner can be disabled with the new environment variable EMAIL_CONFIRMATION_DISABLED: 'true'
Project ownership can be changed from the admin panel.

Other Changes

Admin: improved search using regular expressions
Other minor improvements and bugfixes.

Server Pro 2.0.3

Release date: 2019-12-06

Image ID: d29f5373eca9

2.0.3 is a Server Pro-only release, no Community Edition has been published.

Bugfixes

Fixed unable to share projects via email address.

Other Changes

Reenabled recaptcha, which was the root cause of the issue above.

Server Pro 2.0.2

Release date: 2019-11-26

Image ID: 9907ccc100e5 (Community Edition Image ID: de647e8b462c)

Bugfixes

Fixed link sharing for anonymous users when SHARELATEX_ALLOW_PUBLIC_ACCESS: 'true' and SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: 'true'.
Fixed read-only access to shared projects.
Fixed SAML logout (Server Pro only).

Other Changes

Disabled recaptcha (Server Pro only).
Importing external files is disabled by default.
IMPORTANT: A new SYNCTEX_BIN_HOST_PATH is required when using Sibling Containers. Check the setup instructions in the wiki: https://github.com/overleaf/overleaf/wiki/Server-Pro:-sandboxed-compiles#mapping-the-location-of-synctex-in-the-host.

Server Pro 2.0.1

Release date: 2019-10-18

Image ID: cb014e03204a (Community Edition Image ID: 708b20c0a403)

Bugfixes

Fixed .
Fixed .

Known issues

SyncTeX not working on Sandboxed Compiles .

Server Pro 2.0.0

Release date: 2019-10-09

Image ID: 8fdd3419f5a5 (Community Edition Image ID: 2cdbdc229d4f)

A lot has changed in the last few years, with ShareLaTeX to create one incredible authoring platform. Now that the merge is complete it's time to release a new version of ~~ShareLaTeX~~ Overleaf Community Edition and Server Pro!

New Features

This release brings Community Edition and Server Pro up to date with the cloud-based version of . A lot has changed since the last release, with too many bug fixes and small improvements to count, but here are a few highlights:

A brand new user interface theme
Improved project dashboard
A new interface for creating (or uploading) files in a project
Linked Files: import a file from another project.

Server Pro

This release of Server Pro includes a few new premium features:

Rich Text mode: write your document like a rich-text document, backed by nice clean LaTeX
Improved Sandboxed Compiles: no more fiddling with group permissions (see below)
Improved Admin Interface: now you can inspect the state of a project from the Admin page, plus many more small improvements

Changes to the Docker-Compose file format

This release adds a few new options to the docker environment. We recommend using our updated example file and updating it to reflect your old configuration where necessary.

The new variables are:

ENABLED_LINKED_FILE_TYPES: a comma-separated list-keys, which controls which types of "linked file" are available in the New File modal. Defaults to 'url,project_file', as in the example file.
ENABLE_CONVERSIONS: If set to 'true', will enable on-the-fly file preview conversions using ImageMagick. Set to another value to disable this feature
REDIS_HOST

And for Server Pro:

DOCKER_RUNNER: set to 'true' when enabling Sandboxed Compiles with sibling containers. See the updated documentation on .
SYNCTEX_BIN_HOST_PATH (introduced in 2.0.2): set to <your_sharelatex_data_directory>/bin/synctex. Check for extra context

Changes to Sandboxed Compiles

We've made some changes to the way the work. In previous versions, the administrators often needed to fiddle with user and group permissions on the docker socket to get Sibling Containers to work. In this release, we've changed all that so it's handled automatically inside the Server Pro container, so it should just work in the majority of cases.

From this release onwards we will no longer support the old "Docker-In-Docker" method of sandboxed compiles, as it has become more and more difficult to get this to work as time goes on. We strongly encourage admins to consider the newer Sibling Containers method as an alternative.

Upgrading TexLive

You can now opt-in to a new version of TeX Live. The default is still TeX Live 2017, but you can find instructions on how to get TeX Live 2018 or later here: https://github.com/overleaf/overleaf/wiki/Server-Pro:-sandboxed-compiles#changing-the-texlive-image

Before updating to a newer version of TexLive we strongly recommend and .

Database Migrations

The following database migrations have been added, and will run automatically:

Alter the structure of the User model to support future work
Change structure of project.tokens, to enforce uniqueness on the numeric part of a read-and-write sharing token

Administrators and end-users should not notice any change in behaviour due to these migrations.

Support

If anything seems out of place, or you run into any problems while upgrading, please get in touch with us via email at [email protected]

OVERLEAF_SAML_CERT=MIIEowIBAAKCAQEAxmJWY0eJcuV2uBtLnQ4004fuknbODo5xIyRhkYNkls5n9OrBq4Lok6cjv7G2Q8mxAdlIUmzhTSyuNkrMMKZrPaMsAkNKE/aNpeWuSLXqcMs8T/8gYCDcEmC5KYEJakNtKb3ZX2FKwT4yHHpsNomLDzJD5DyJKbRpNBm2no7ggIy7TQRJ2H00mogQIQu8/fUANXVeGPshvLJU8MXEy/eiXkHJIT3DDA4VSr/C/tfP0tGJSNTM874urc4zej+4INuTuMPtesZS47J0AsPxQuxengS4M76cVt5cH+Iqd1nKe5UqiSKvLCXacPYg/T/Kdx0tBnwHIjKo/cbzZ+r+XynsCwIDAQABAoIBAFPWWwu5v6x+rJ1Ba8MDre93Eqty6cHdEJL5XQJRtMDGmcg3LYF94SwFBmaMg6pCIjvVx2qN+OjUaQsosQIeUlPKEV8jcLrfBx2E4xJ3Tow8V1C3UMdPG7Hojler4H633/oz8RkN1Lm1vxep5PFnTw0tAOQDcTPeulb6RuLbHqU0FEnf/jVOMhtPLcMAwJ3fkAJQ+ljFW2VKCQ83d+ci1p+NHY/dbGLSR4lK58mVghcRMO3zhe5scrbECHJMfT6fCb2TXdjaueFUGC6+fqUXvDj8HRfUilzTegNq8ZhwgMSw1HeX/PuiczSKc3aHYSsohMBugTErnkW+qF4ZkE+kxgECgYEA/sm7umcyFuZME+RWYL8Gsp8agH1OGEgsmIiMi1z6RTlTmdR8fN18ItzXyW+363VZln/1b5wCaPdLIxgASxybLAaxnKAXfmL7QvyVAaMwxj7N0ogvMQoNx2VuSGZSam2+LFVIMWHq1C+3fvVnCDLm6oHvIMK/zvEsPBBtz+L6rlECgYEAx1PrKogaGHCi1XgsrNv9aFaayRvmhzZbmiigF0iWKAd3KKww94BdyyGSVfMfyL23LAbMQDCrDNGpYAnpNZo/cL+OcGPYzlPsWDBrJub1HOA/H3WQlP4oEcfdbmJZhIkEwTGFHaCHynEu4ekiCrWz9+XVNCquTyqnmaVDEzAfEZsCgYA8jQbfUt0Vkh+sboyUq3FVC/jJZn4jyStICNOV3z/fKbOTkGsRZbW1t1RVHAbSn23uFXTn1GTCO1sQ+QhA0YiTGvgk5+sNb0qVbd+fpv/VbWGO0iyc8+24YIOoEyEtB+21LYNdsQ6U5M4wDvQwf6BfRQfmekIJVUmU8LaYPDIlMQKBgDSRiT/aTSeM7STnYMDl89sEnCXV2eJnD5mEhVQerJs5/M8ZOoDLtfDQlctdJ1DF1/0gfdWgADyNPuI5OuwMFhciLequKoufzoEjo97KonJPIdamJs9kiCTIVTm7bmhpyns5GCZMJAPb/cVOus+gRCpozuXHK9ltIm5/C0WQN2FpAoGBAOss6RN2krieqbn1mG8e2v5mMUd0CJkiJu2y5MnF3dYHXSQ3/ePAh/YgJOthpgYgBh+mV0DLqJhx/1DLS/xiqcoHDlndQDmYbtvvY7RlMo00+nGzkRVOfrqyhC+1KsYHGPbSQixNQXtvFbAAVMSo+RRBkVGINYGDFnlQUpkppYRk

OVERLEAF_SAML_DECRYPTION_PVK="-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxmJWY0eJcuV2uBtLnQ4004fuknbODo5xIyRhkYNkls5n9OrB
q4Lok6cjv7G2Q8mxAdlIUmzhTSyuNkrMMKZrPaMsAkNKE/aNpeWuSLXqcMs8T/8g
YCDcEmC5KYEJakNtKb3ZX2FKwT4yHHpsNomLDzJD5DyJKbRpNBm2no7ggIy7TQRJ
2H00mogQIQu8/fUANXVeGPshvLJU8MXEy/eiXkHJIT3DDA4VSr/C/tfP0tGJSNTM
874urc4zej+4INuTuMPtesZS47J0AsPxQuxengS4M76cVt5cH+Iqd1nKe5UqiSKv
LCXacPYg/T/Kdx0tBnwHIjKo/cbzZ+r+XynsCwIDAQABAoIBAFPWWwu5v6x+rJ1B
a8MDre93Eqty6cHdEJL5XQJRtMDGmcg3LYF94SwFBmaMg6pCIjvVx2qN+OjUaQso
sQIeUlPKEV8jcLrfBx2E4xJ3Tow8V1C3UMdPG7Hojler4H633/oz8RkN1Lm1vxep
5PFnTw0tAOQDcTPeulb6RuLbHqU0FEnf/jVOMhtPLcMAwJ3fkAJQ+ljFW2VKCQ83
d+ci1p+NHY/dbGLSR4lK58mVghcRMO3zhe5scrbECHJMfT6fCb2TXdjaueFUGC6+
fqUXvDj8HRfUilzTegNq8ZhwgMSw1HeX/PuiczSKc3aHYSsohMBugTErnkW+qF4Z
kE+kxgECgYEA/sm7umcyFuZME+RWYL8Gsp8agH1OGEgsmIiMi1z6RTlTmdR8fN18
ItzXyW+363VZln/1b5wCaPdLIxgASxybLAaxnKAXfmL7QvyVAaMwxj7N0ogvMQoN
x2VuSGZSam2+LFVIMWHq1C+3fvVnCDLm6oHvIMK/zvEsPBBtz+L6rlECgYEAx1Pr
KogaGHCi1XgsrNv9aFaayRvmhzZbmiigF0iWKAd3KKww94BdyyGSVfMfyL23LAbM
QDCrDNGpYAnpNZo/cL+OcGPYzlPsWDBrJub1HOA/H3WQlP4oEcfdbmJZhIkEwTGF
HaCHynEu4ekiCrWz9+XVNCquTyqnmaVDEzAfEZsCgYA8jQbfUt0Vkh+sboyUq3FV
C/jJZn4jyStICNOV3z/fKbOTkGsRZbW1t1RVHAbSn23uFXTn1GTCO1sQ+QhA0YiT
Gvgk5+sNb0qVbd+fpv/VbWGO0iyc8+24YIOoEyEtB+21LYNdsQ6U5M4wDvQwf6Bf
RQfmekIJVUmU8LaYPDIlMQKBgDSRiT/aTSeM7STnYMDl89sEnCXV2eJnD5mEhVQe
rJs5/M8ZOoDLtfDQlctdJ1DF1/0gfdWgADyNPuI5OuwMFhciLequKoufzoEjo97K
onJPIdamJs9kiCTIVTm7bmhpyns5GCZMJAPb/cVOus+gRCpozuXHK9ltIm5/C0WQ
N2FpAoGBAOss6RN2krieqbn1mG8e2v5mMUd0CJkiJu2y5MnF3dYHXSQ3/ePAh/Yg
JOthpgYgBh+mV0DLqJhx/1DLS/xiqcoHDlndQDmYbtvvY7RlMo00+nGzkRVOfrqy
hC+1KsYHGPbSQixNQXtvFbAAVMSo+RRBkVGINYGDFnlQUpkppYRk
-----END RSA PRIVATE KEY-----"

<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                  entityID="sharelatex-saml"
                  ID="OVERLEAF_saml">
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <AssertionConsumerService index="1"
                              isDefault="true"
                              Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                              Location="https://sharelatex.example.com/saml/callback" />
  </SPSSODescriptor>
</EntityDescriptor>

Fixed sync between editor and pdf with synctex (Server Pro only).

SHARELATEX_REDIS_HOST

'redis'

Community Edition Image ID: 8fda0e836de1

Full project history migration

The 3.5.x release of the Community Edition includes the Full Project History feature that is already available in our SaaS offering, overleaf.com

After upgrading your instance to Overleaf CE 3.5.13, all new projects will be using Full Project History by default. Existing projects will continue using the legacy History system, until they’re migrated.

If you upgrade to 3.5.13 and decide to downgrade to an earlier version, then you should restore from a full system backup. The history of projects created in 3.5.13 is not compatible with earlier versions of Overleaf CE.

The new Full Project History brings several improvements for users:

It tracks changes in binary files, which is unsupported in the legacy system.
There is support for labelled versions.
The system is in general more robust, there is less chance of data loss.

Check for more information about full project history.

Migrating existing projects

Create a backup

Create a full of your instance with a consistent snapshot of the mongo, redis and sharelatex directories.

Offline migration

To prevent users from being able to log in while the history migration script is running, please follow these steps:

Log into your Overleaf instance with an admin account
Click on the Admin button and choose Manage Site
Click the Open/Close Editor tab
Click on the Close Editor button

Online migration

It is possible to run the migration scripts while the application is still running. There are a few considerations to take into account:

The migration process is CPU intensive, you should monitor resource usage while the script is running.
With a high --concurrency value, the event loop in some services (track-changes in particular) might experience some blocking, which would lead to a degraded UX experience. We recommend starting with the default --concurrency=1 value.
You can stop the script at any time. Starting it again will resume the migration when you left it. This is useful in case you prefer to run the migration in less busy hours (e.g. at night).

Our recommendation is to close the site and run the migration offline in a maintenance window when your project count is less than 1000 projects (db.projects.count()). If the number of projects is large you can run the script and monitor its progress, then decide whether to continue running it online or offline based on your particular case.

Clean up legacy history data

A script to cleanup legacy history data was added in Server Pro 3.5.6, 4.0.6 and 4.1.0.

The script can be run after all the projects have been migrated. It can also be used to free some space while performing an online migration.

In Server Pro before version 3.5.13, the script deletes the content of docHistory and docHistoryIndex collections. MongoDB does not release disk space after you delete documents, instead, it will reuse that space for future documents in the same collection. Nothing will write to these collections again after the history migration, so the disk space will remain unused.

If you want to make the disk space available again you can upgrade to Server Pro 3.5.13 (when still using the 3.x release) or Server Pro 4.2.5 (when using the 4.x release) and re-run the cleanup script.

The cleanup script as included in Server Pro the latest patch releases of 3.5.x and latest 4.x.x are dropping the collections as the final step.

Troubleshooting

If the full project history migration script fails (i.e. exits with an error or prints a non-zero number of failed projects), please send the following details to our support team by email , detailing:

Subject: Full project history migration problem

Instance Type: CE or Server Pro (delete as appropriate)
Installation Type: Overleaf toolkit or docker-compose.yml or other (delete as appropriate)
Version: 3.5.x (toolkit: $ cat config/version)

Consider attaching the log files for the history-v1, project-history and track-changes services to the email. You can find these at /var/log/sharelatex inside the sharelatex container and export them like this:

Please redact any sensitive information from the log files before attaching them.

Finding broken file trees

To fix the invalid paths, use the fix_malformed_filetree script, running the command once for each bad path:

Downgrading projects from full project history to legacy history

If there is a project that has been migrated to full project history but you want to go back to the legacy history, use the downgrade_project script as follows:

Migration script output (which should be located in the container under /overleaf/services/web)

Sandboxed Compiles

Server Pro comes with the option to run compiles in a secured sandbox environment for enterprise security achieving sandbox isolation between projects. It does this by running every project in its own secured Docker environment. With Sandboxed Compiles you also benefit from easier package management via access to our customized TeX Live images.

Improved security

Sandboxed Compiles are the recommended approach for Server Pro due to many LaTeX documents requiring/having the ability to execute arbitrary shell commands as part of the PDF compile process. If you use Sandboxed Compiles, each compile runs in a separate Docker container with limited capabilities that are not shared with any other user or project and has no access to outside resources such as the host network.

Easier package management

To avoid manually installing packages, we recommend enabling Sandboxed Compiles. This is a configurable setting within Server Pro that will provide your users with access to the same TeX Live environment as that on overleaf.com but within your own on-premise installation. TeX Live images used by Sandboxed Compiles contain the most popular packages and fonts tested against our gallery templates, ensuring maximum compatibility with on-premise projects.

Enabling Sandboxed Compiles allows you to configure which TeX Live versions users are able to choose from within their project along with setting a default TeX Live image version for new projects.

If you attempt to run Server Pro without Sandboxed Compiles, your instance will default to using a basic scheme version of TeX Live for compiles. This basic version is lightweight and only contains a very limited subset of LaTeX packages, which will most likely result in missing package errors for your users, especially if they try to use pre-built templates.

As Server Pro has been architected to work offline, there isn't an automated way to integrate overleaf.com gallery templates into your on-premise installation, it is, however, possible to do this manually on a per-template basis. For more information on how this works, please check out our guide.

Sandboxed Compiles requires that the sharelatex container has access to the Docker socket on the host machine (via a bind mount) so it can manage these sibling compile containers.

How it works

When Sandboxed Compiles are enabled, the Docker socket will be mounted from the host machine into the sharelatex container, so that the compiler service in the container can create new Docker containers on the host. Then for each run of the compiler in each project, the LaTeX compiler service (CLSI) will do the following:

Write out the project files to a location inside the OVERLEAF_DATA_PATH,
Use the mounted Docker socket to create a new texlive container for the compile run
Have the texlive container read the project data from the location under OVERLEAF_DATA_PATH

Enabling Sandboxed Compiles

In config/overleaf.rc, set SIBLING_CONTAINERS_ENABLED=true, and ensure that the DOCKER_SOCKET_PATH setting is set to the location of the Docker socket on the host machine.

The next time you start the Docker services (with bin/up), the Toolkit will verify that it can communicate with Docker on the host machine, and will pull all configured TeX Live images set by the ALL_TEX_LIVE_DOCKER_IMAGES environment variable in the config/variables.env file.

Docker Compose Example

Starting with Overleaf CE/Server Pro 5.0.3 environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*.

If you're using a 4.x version (or earlier) please make sure the variables are prefix accordingly (e.g. SHARELATEX_MONGO_URL instead of OVERLEAF_MONGO_URL)

Changing the TeX Live Image

Server Pro uses three environment variables to determine which TeX Live images to use for Sandboxed Compiles:

TEX_LIVE_DOCKER_IMAGE: name of the default image for new projects
ALL_TEX_LIVE_DOCKER_IMAGES: comma-separated list of all images in use
ALL_TEX_LIVE_DOCKER_IMAGE_NAMES: Optional: comma-separated list of user-facing friendly names for the images. If omitted, the version number will be used, for example, texlive-full:2018.1

When starting your Server Pro instance using the bin/up command, the Toolkit will automatically pull all of the images listed in ALL_TEX_LIVE_DOCKER_IMAGES.

The current default is quay.io/sharelatex/texlive-full:2017.1, but you can override these values in the config/variables.env if you are using the Toolkit or the environment section of the docker-compose.yml file if you are using Docker Compose.

Here's an example where we default to TeX Live 2024 for new projects, and keep both 2023 and 2022 in use for existing projects:

Available TeX Live images

These are all the TeX Live images that can be added to TEX_LIVE_DOCKER_IMAGE and ALL_TEX_LIVE_DOCKER_IMAGES:

quay.io/sharelatex/texlive-full:2025.1
quay.io/sharelatex/texlive-full:2024.1
quay.io/sharelatex/texlive-full:2023.1

Using your own image registry

As Server Pro has been architected to work offline, it may not always be possible to reach the registry to pull TeX Live images. If you need to use your own image registry you can use the following steps:

Set the TEX_LIVE_IMAGE_NAME_OVERRIDE environment variable in config/variables.env to the name of the mirror. For example: your-image-repository/sharelatex (be careful not to include a trailing /)
Ensure that all TeX Live images that are set in ALL_TEX_LIVE_DOCKER_IMAGES, are pulled, correctly tagged (see note below) are then pushed to your mirror. For example:

Both the TEX_LIVE_DOCKER_IMAGE and ALL_TEX_LIVE_DOCKER_IMAGES environment variables must still be set to use quay.io/sharelatex images — the value set in the TEX_LIVE_IMAGE_NAME_OVERRIDE environment variable will replace the quay.io/sharelatex component of the image name at compile time.

Set SIBLING_CONTAINERS_PULL=false in config/overleaf.rc
Recreate the sharelatex container using bin/up -d

There is a strict schema concerning how images must be tagged (the following regex applies ^[0-9]+.[0-9]+, for which the first number determines the TeX Live year and the second the patch version).

# Overleaf Toolkit users:
$ bin/docker-compose exec sharelatex /bin/bash -c "cd /overleaf/services/web; VERBOSE_LOGGING=true node scripts/history/migrate_history.js --force-clean --fix-invalid-characters --convert-large-docs-to-file"

# legacy docker-compose.yml users:
$ docker exec sharelatex /bin/bash -c "cd /overleaf/services/web; VERBOSE_LOGGING=true node scripts/history/migrate_history.js --force-clean --fix-invalid-characters --convert-large-docs-to-file"

$ docker cp sharelatex:/var/log/sharelatex/history-v1.log history-v1.log
$ docker cp sharelatex:/var/log/sharelatex/project-history.log project-history.log
$ docker cp sharelatex:/var/log/sharelatex/track-changes.log track-changes.log

$ bin/docker-compose exec sharelatex /bin/bash -c "cd /overleaf/services/web; node scripts/find_malformed_filetrees.js"
BAD PATH: 123456789012345678901234 rootFolder.0.1.2.3
BAD PATH: 123456789012345678901234 rootFolder.0.4.5.6
...

$ bin/docker-compose exec sharelatex /bin/bash -c "cd /overleaf/services/web; node scripts/fix_malformed_filetree.js 123456789012345678901234 rootFolder.0.1.2.3"
$ bin/docker-compose exec sharelatex /bin/bash -c "cd /overleaf/services/web; node scripts/fix_malformed_filetree.js 123456789012345678901234 rootFolder.0.4.5.6"
...

Migrated Projects  :  1
Total Projects     :  51
Remaining Projects :  51
Total history records to migrate: 98
Starting migration...
Migrating project: 63d29b5772dd80015a81bffe
migration result { upgraded: true, historyType: 'NoneWithoutConversion' }
Migrating project: 63d29c2e72dd80015a81c0a2
migration result { upgraded: true, historyType: 'NoneWithoutConversion' }

// …

Migration complete
==================
Projects migrated:  51
Projects failed:  0
Done.

quay.io/sharelatex/texlive-full:2022.1

Updating MongoDB

Any new release of Server CE/Server Pro will indicate any change on the supported version of MongoDB in its release notes.

Should I update MongoDB?

You should only consider updating your MongoDB version if you're planning to upgrade your instance of Server CE/Server Pro.

If you're running a MongoDB version that is newer than the recommended for your current (or target) version there's no need to make any changes.

You should never downgrade your MongoDB version.

If you experience a specific problem that you think might be related to your current version of MongoDB, feel free to if you are a Server CE user or contact Overleaf Support if you are Server Pro a user.

Checking your MongoDB version

Opening the mongo shell should immediately print the current version.

Overleaf Toolkit users:

Docker Compose users:

Update process

Updating the version of MongoDB during an upgrade of your Server CE/Server Pro instance is as follows:

Decide the version of Server CE/Server Pro you plan to upgrade to.
Find the version of MongoDB recommended by that specific Overleaf Server CE/Server Pro release.
Follow the instructions to upgrade MongoDB to the target version.
Upgrade Server CE/Server Pro image version and restart the instance.

Our recommendation is to always upgrade Server CE/Server Pro to the latest version available, since it's always guaranteed to be supported (Server Pro users only).

Version support information

In case you decide to go to an earlier version, this table shows the recommended version of MongoDB for earlier releases of Server CE/Server Pro, but you should never downgrade your MongoDB version.

Server CE/Server Pro

MongoDB Version

Minimum Feature Compatibility Version

Maximum Version Supported by Node.js Driver

The minimum feature compatibility version above is based on the corresponding MongoDB version recommend for use with the version of Overleaf shown. If you plan to use a higher version, MongoDB will have its own minimum requirement.

You can view the compatibility table that specifies the supported versions of the MongoDB Node.js driver for use with MongoDB .

You can view the end-of-life status for each version of MongoDB .

Upgrading MongoDB

MongoDB requires step-by-step upgrades. That means you can't go straight from, let's say 4.0 to 5.0. You need first to update 4.2 to 4.4, and then 5.0.

MongoDB uses even numbers for their stable versions.

Update instructions when running MongoDB outside Docker

Here are links to the update instructions from mongodb.com when upgrading MongoDB.

Instructions for 5.0 and higher point to a replica set install, instead of standalone. As Server Pro/CE 4.0.1+ uses transactions, MongoDB needs to be run as a replica set.

Documentation for MongoDB 3.2 to 4.2 is now available via

Basic Instructions

In most cases the update requires setting up a compatibility flag before actually updating the mongo version. The steps are as follows:

Set the compatibility flag as described in MongoDB release notes (see the examples below).
Then update the mongo image:
1. Toolkit users Update MONGO_VERSION, e.g. MONGO_VERSION=6.0

Example: Upgrading MongoDB from `5.0` to `6.0`

Let's start by making sure we're running MongoDB 6.0:

Overleaf Toolkit users:

Docker Compose users:

According to the , the only requirement is to have featureCompatibilityVersion set to 5.0. We do so by opening a MongoDB shell and running the indicated command:

Overleaf Toolkit users:

Docker Compose users can run docker compose exec mongo mongosh to get a shell and run the same commands as Toolkit users.

Overleaf Toolkit users:

We'll then stop Server CE/Server Pro and MongoDB instances using the bin/stop command, set MONGO_VERSION=6.0 in config/overleaf.rc, and then restart the mongo service using bin/up mongo) to verify the update went smoothly.

Finally, we'll update the Server CE/Server Pro image version to our target version and recreate all the services using the bin/up -d command.

Docker Compose users:

We'll then stop Server CE/Server Pro and MongoDB instances using the docker compose stop command, update file to use image: mongo:6.0, and then restart the mongo service using the docker compose up mongo command to verify the update went smoothly.

Finally, we'll update Server CE/Server Pro image version to our target version and recreate all services using the docker compose up command.

Example: Upgrading MongoDB from `6.0` to `7.0` (toolkit users)

Start by making sure that you're running MongoDB 6.0 using the mongod --version commands above.

According to the , the only requirement is to have featureCompatibilityVersion set to 6.0. We do so by opening a MongoDB shell and running the command db.adminCommand({ setFeatureCompatibilityVersion: "6.0" }) .

Overleaf Toolkit users:

We'll then stop Server CE/Server Pro and MongoDB instances using the bin/stop command, set MONGO_VERSION=7.0 in config/overleaf.rc, and then restart the mongo service using bin/up mongo) to verify the update went smoothly.

Finally, we'll update the Server CE/Server Pro image version to our target version and recreate all the services using the bin/up -d command.

Example: Upgrading MongoDB from `7.0` to `8.0` (toolkit users)

Start by making sure that you're running MongoDB 7.0 using the mongod --version commands above.

According to the , the only requirement is to have featureCompatibilityVersion set to 7.0. We do so by opening a MongoDB shell and running the command db.adminCommand({ setFeatureCompatibilityVersion: "7.0", confirm: true }). Note that this now requires an additional confirm: true parameter.

We'll then stop Server CE/Server Pro and MongoDB instances using the bin/stop command, set MONGO_VERSION=8.0 in config/overleaf.rc, and then restart the mongo service using bin/up mongo) to verify the update went smoothly.

Finally, we'll update the Server CE/Server Pro image version to our target version and recreate all the services using the bin/up -d command.

Equivalent commands for docker compose users

For docker compose users, the equivalent command are:

docker compose exec mongo mongod --version to display the mongo version
docker compose exec mongo mongosh to start a mongo shell for admin commands
docker compose stop command to stop the server

Creating a custom role

In version 5.5.1, we introduced a startup check to verify the feature compatibility version for MongoDB. If your MongoDB database uses authentication (e.g., basic authentication), the sharelatex container might not start, displaying a "not authorized on admin to execute command" permission error.

To resolve this, you can either create a new role in MongoDB and assign it to the user account used to access the database using the instructions below, or set ALLOW_MONGO_ADMIN_CHECK_FAILURES=true to allow the check to fail without preventing the deployment from starting.

This new role only grants permission to read cluster-wide MongoDB server parameters and could be reused for monitoring purposes,

version: '2'
services:
    sharelatex:
        restart: always
        image: quay.io/sharelatex/sharelatex-pro:5.0.3
        container_name: sharelatex
        depends_on:
            - mongo
            - redis
        ports:
            - 80:80
        links:
            - mongo
            - redis
        volumes:
            - /data/overleaf_data:/var/lib/overleaf # (/var/lib/sharelatex for versions 4.x and earlier)
            - /var/run/docker.sock:/var/run/docker.sock    #### IMPORTANT
        environment:
            OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex
            OVERLEAF_REDIS_HOST: redis
            OVERLEAF_APP_NAME: 'My Overleaf'
            OVERLEAF_SITE_URL: "http://overleaf.mydomain.com"
            OVERLEAF_NAV_TITLE: "Our Overleaf Instance"
            OVERLEAF_ADMIN_EMAIL: "[email protected]"
            ...
            DOCKER_RUNNER: "true"
            SANDBOXED_COMPILES: "true"
            SANDBOXED_COMPILES_SIBLING_CONTAINERS: "true"    #### IMPORTANT
            # Note: (/var/lib/sharelatex for versions 4.x and earlier)
            SANDBOXED_COMPILES_HOST_DIR: "/data/overleaf_data/data/compiles"  #### IMPORTANT

    TEX_LIVE_DOCKER_IMAGE: "quay.io/sharelatex/texlive-full:2024.1"
    ALL_TEX_LIVE_DOCKER_IMAGES: "quay.io/sharelatex/texlive-full:2024.1,quay.io/sharelatex/texlive-full:2023.1,quay.io/sharelatex/texlive-full:2022.1"
    ALL_TEX_LIVE_DOCKER_IMAGE_NAMES: "TeX Live 2024.1,TeX Live 2023.1,TeX Live 2022.1"

Docker Compose users Update the version of the mongo image tag, e.g. services -> mongo -> image: mongo:6.0;

Edit the docker-compose.yml file to use image: mongo:6.0 to upgrade the mongo version

bin/docker-compose exec mongo mongod --version
db version v5.0.24
Build Info: {
    "version": "5.0.24",
    "gitVersion": "f034f0c51b3dffef4b8c9452d77ede9888f28f66",
    "openSSLVersion": "OpenSSL 1.1.1f  31 Mar 2020",
    "modules": [],
    "allocator": "tcmalloc",
    "environment": {
        "distmod": "ubuntu2004",
        "distarch": "x86_64",
        "target_arch": "x86_64"
    }
}

docker compose exec mongo mongod --version
db version v5.0.24
Build Info: {
    "version": "5.0.24",
    "gitVersion": "f034f0c51b3dffef4b8c9452d77ede9888f28f66",
    "openSSLVersion": "OpenSSL 1.1.1f  31 Mar 2020",
    "modules": [],
    "allocator": "tcmalloc",
    "environment": {
        "distmod": "ubuntu2004",
        "distarch": "x86_64",
        "target_arch": "x86_64"
    }
}

# Toolkit users
$ bin/docker-compose exec -it mongo mongosh -u {{YOUR-ADMIN-USERNAME}} -p

# Switch to the "admin" database using
overleaf [direct: primary] sharelatex> use admin
switched to db admin
overleaf [direct: primary] admin> 

# Create a new role with permission to use "getParamter". Copy and paste the function below into the shell and press the return key

db.createRole(
  {
    role: "clusterParameterReader",
    privileges: [
      {
        resource: { cluster: true },
        actions: ["getParameter"]    
      }
    ],
    roles: [] 
  }
);

# Switch back to the "sharelatex" database 
use sharelatex
switched to db sharelatex
overleaf [direct: primary] sharelatex> 

# Assign the new "clusterParameterReader" role to your database user by copy and pasting the function below into the shell and press the return key 
db.grantRolesToUser(
  "{{YOUR-DATABASE-USER}}",
  [
    { role: "clusterParameterReader", db: "admin" }
  ]
);

# Type exit then return to exit the MongoDB shell
# Run bin/up -d to start the deployment stack
$ bin/up -d

Release notes 5.x.x

You must upgrade to the latest 5.5.X before attempting the upgrade to 6.0. For more information see the binary files migration instructions.

Server Pro 5.5.7

Release date: 2025-11-17

Server Pro Image ID: d6695be28887
Community Edition Image ID: 15b96730c84a
Git Bridge Image ID: 346ef9a195f1

This release fixes several compile issues emerging after the latest Docker and runc updates.

Server Pro 5.5.6

Release date: 2025-10-29

Server Pro Image ID: a7fabd92df1d
Community Edition Image ID: 670af1d40458
Git Bridge Image ID: 346ef9a195f1

This is a security release containing updates to the base image and installed packages.

Server Pro 5.5.5

Release date: 2025-10-23

Server Pro Image ID: 662319c9321f
Community Edition Image ID: 18b74885001f
Git Bridge Image ID: 24939e88f5aa

This release contains internal tools and checks designed to prepare a Server Pro instance for the upcoming 6.0 upgrade.

Server Pro 5.5.4

Release date: 2025-07-31

Server Pro Image ID: dd3d1c61f194
Community Edition Image ID: 7b216673bd81
Git Bridge Image ID: 45770796de58

This release includes bug fixes for an upcoming binary file migration.

Server Pro 5.5.3

Release date: 2025-07-29

Server Pro Image ID: 2bf634002f11
Community Edition Image ID: 62812cf70518
Git Bridge Image ID: 45770796de58

This is a security release, we have updated internal dependencies used by the SAML integration. This release also contains updates to the base image and installed packages. Customers using SAML authentication are advised to upgrade.

New Features

Added script for bulk transfer of projects ().

Server Pro 5.5.2

Release date: 2025-07-09

Server Pro Image ID: 4f55e24737e4
Community Edition Image ID: a9b671a7f751
Git Bridge Image ID: 24939e88f5aa

This is a bug-fix release.

Bugfixes

Fixes bug which prevented anonymous editors from making tracked changes
Fixes bug which caused a missing header image when using OVERLEAF_HEADER_IMAGE_URL
Fixes bug which prevented the "Stop compile" button working when not using Sandboxed Compiles

Other Changes

You can now optionally configure your deployment to start even if the initial MongoDB startup checks fail by setting ALLOW_MONGO_ADMIN_CHECK_FAILURES=true
Applied security updates to base image

Server Pro 5.5.1

Release date: 2025-05-09

Server Pro Image ID: ccf59bc84efb
Community Edition Image ID: 7fb7924f9e3d
Git Bridge Image ID: 24939e88f5aa

Bugfixes

Fixes License Usage tab in the admin panel.
Fixes Redis TLS configuration in history-v1 service.
Fixes create-user script when used with mjs extension.

Other Changes

Improved error message when using an invalid Feature Compatibility Version in MongoDB.

If you're using an externalized or a self-hosted MongoDB database with authentication (such as username/password), you may see "MongoServerError: not authorized on admin to execute command" in the sharelatex container logs and the container stuck in a reboot loop. If so, please see for creating a custom clusterParameterReader role to address this.

Server Pro 5.5.0

Release date: 2025-05-29

Server Pro Image ID: f778900dbcb5
Community Edition Image ID: d56f85856198
Git Bridge Image ID: 24939e88f5aa

This release bumps the minimum mongo version to 6.0. If you've previously updated your MongoDB version to 6.0 following the instructions in the you might need to set the to 6.0:

When featureCompatibilityVersion is set to a value lower than 6.0 you would be seeing a Expression not supported in partial index error like:

New Features

Add --skip-email option to .
New improved UI for the review panel.

Bugfixes

Fixes Configuration property backupStore is not defined error being logged.
Fixes email delivery when mail server uses self-signed certificates.
Fixes Redis TLS configuration in references service.

Other Changes

Podman based deployments: the configuration has been merged and it is no longer possible to disable seccomp. Please download a copy of the and store it on the Docker host, then point Server Pro at it using the environment variable SECCOMP_PROFILE="/docker/host/path/of/seccomp/clsi-profile.json".

Podman deployments are not officially supported.

Added a new daily cron job that flushes projects with pending changes.
Update base image to noble-1.0.2 and node@22
Many small improvements and bug fixes.

Server Pro 5.4.1

Release date: 2025-04-30

Server Pro Image ID: 24f0a095a3bc
Community Edition Image ID: a5b8db34908e
Git Bridge Image ID: 15a29bbb6524

This is a security release containing updates to the base image and installed packages.

Bugfixes

Fixes connection errors when attempting to use Redis via TLS.

Server Pro 5.4.0

Release date: 2025-04-11

Server Pro Image ID: def5d40bc8a4
Community Edition Image ID: 637631dedf09
Git Bridge Image ID: 15a29bbb6524

New Features

New export-user-projects.mjs script to export all user's projects. For more information see .
TeX Live 2025 is the new default image when not using in Server Pro.

Bugfixes

Fixes documentation access when running the instance behind a proxy.

Other Changes

Added rate limiter to LDAP /login endpoint.
Mitigate risk of data loss when shutting down the instance. A new MAX_RECONNECT_GRACEFULLY_INTERVAL_MS environment variable allows a finer configuration of the delay between editor graceful reconnection and data flushing, and container shutdown.

Server Pro 5.3.3

Release date: 2025-03-21

Server Pro Image ID: 2a15214c521f
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df

This is a security release, we updated internal dependencies used by SAML integration.

Server Pro 5.3.2

Release date: 2025-03-11

Server Pro Image ID: 72f7039d52c6
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df

Bugfixes

Fixes access to Overleaf documentation when using a proxy for external requests.

Other Changes

Adds rate limiters to LDAP /login endpoint

Server Pro 5.3.1

Release date: 2025-01-29

Server Pro Image ID: 6df5c59837a8
Community Edition Image ID: eb2d221f5f5e
Git Bridge Image ID: 8aa85fa0d7df

An issue was discovered with version 5.3.0, so it was never made public. This resulted in 5.3.1 being the first release in the 5.3 release line.

New Features

OVERLEAF_LOGIN_SUPPORT_TEXT can now be used to display support information underneath the login button. The text will be shown in the login screen and can be used to direct users to internal support or provide guidance related to logging in, creating accounts, etc.
V1_HISTORY_URL_FOR_GIT_BRIDGE allows separating the history-v1 endpoint for internal traffic (web service → history-v1 service, both in sharelatex container) and external traffic (git-bridge → history-v1

Bugfixes

Fixed a bug where account deletion fails in certain situations where email service is not available.

Other changes

Improve file upload processing. The disk-IO load of large instances can drop by up-to 50%.
Security updates to the base image and installed packages, along with improvements and bugfixes.

There are some changes in the languages supported by the spelling service.

Click to see the languages affected

These languages have migrated to more specific variants:

English -> English (American)
Norwegian -> Norwegian (Bokmål)

These languages are no longer supported:

Server Pro 5.2.1

Release date: 2024-10-24

Server Pro Image ID: a1b1852ac7bd
Community Edition Image ID: e187f0ff616c
Git Bridge Image ID: f09f6dbba5ee

Note: An issue was discovered with version 5.2.0, so it was never made public. This resulted in 5.0.1 being the first release in the 5.0 release line.

New Features

Admin capabilities can be granted via LDAP/SAML attributes

The following environment variables are now available:

LDAP: OVERLEAF_LDAP_IS_ADMIN_ATT and OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE
SAML: OVERLEAF_SAML_IS_ADMIN_FIELD and OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

When both environment variables are set, the login process updates user.isAdmin = true when the profile returned by the identity provided contains OVERLEAF_LDAP_IS_ADMIN_ATT/OVERLEAF_SAML_IS_ADMIN_FIELD, and its value is either:

Equals to OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE
An array containing OVERLEAF_LDAP_IS_ADMIN_ATT_VALUE/OVERLEAF_SAML_IS_ADMIN_FIELD_VALUE

Other new features

Chat feature can be disabled with OVERLEAF_DISABLE_CHAT=true
SAML Audience, which defaults to OVERLEAF_SAML_ISSUER can now be configured with OVERLEAF_SAML_AUDIENCE

Bugfixes

Fixes anonymous users accessing a project via read-write link not being able to create labels in the history panel.
Fixes some scenarios where users are unable to change the TeX Live version in the editor (Server Pro only)
Admin: searching users by domain now display admins users.

Other changes

Admin: a num_active_users metric with the count of active users is now available via /metrics.
Admin: editor resources checks are no longer part of the Launchpad main screen.
Many small improvements and bugfixes.

Server Pro 5.1.1

Release date: 2024-08-13

Server Pro Image ID: cb82f2debf6f
Community Edition Image ID: 28f666f253f8
Git Bridge Image ID: 4cd4bea6fb01

Bugfixes

Fixes TexLive version selection after a version of TexLive is removed from ALL_TEX_LIVE_DOCKER_IMAGES.
Fix for invalid URLs returning 500 instead of 400.
Fix SAML SSO when using POST request to the Identity Provider when CSP are enabled.

Other changes

Removed Editor Resources check from launchpad, which has been broken for a while and wasn't providing any value.
/metrics and /health_check now return 404.
Security update to prevent remote image loading in Visual Editor.

Server Pro 5.1.0

Release date: 2024-07-17

Server Pro Image ID: 7216db608356
Community Edition Image ID: 41a77f59f69e
Git Bridge Image ID: 4cd4bea6fb01

MongoDB upgrade to v6

MongoDB 5 is reaching end of life on . All customers should upgrade to MongoDB 6.0. Follow the link to the official for instructions.

Toolkit users now need to split the MongoDB image between MONGO_IMAGE (with just the image name) and MONGO_VERSION in their config/overleaf.rc file.

Example:

Please ensure you have a consistent database backup before upgrading.

Redis AOF Persistence enabled by default

AOF (Append Only File) persistence is now the recommended configuration for Redis persistence.

Toolkit users have AOF persistence enabled by default for new installs. Existing users are recommended to follow the instructions on the official documentation to switch to AOF:

Deprecation for docker-compose v1

docker-compose v1 has reached its End Of Life in July 2023 (). Support for docker-compose v1 in the Overleaf Toolkit will be dropped with the release of Server Pro 5.2. We recommend upgrading to Docker Compose v2 before then.

New features

SAML: multiple certificates are now supported. You can now set a list of comma-separated certificates in OVERLEAF_SAML_SIGNING_CERT and OVERLEAF_SAML_CERT
CSP (Content Security Policy) is now enabled by default. It can be disabled adding OVERLEAF_CSP_ENABLED=false to config/variables.env.

Bugfixes

Fixes a bug where projects created before enabling the templates feature couldn't be published as templates.
Fixed spacing in project list footer.
Fixed post-login redirection when login after clicking the "Log in" button in the header.

Other changes

Removed support for running LaTeX compiles with Docker-In-Docker in Server Pro. Sandboxed compiles using "sibling" containers is not affected by this.
TeX Live images, as used for Sandboxed Compiles, need to be pulled outside of Server Pro now. All customers have been granted read access to quay.io/sharelatex/texlive-full.
The Overleaf Toolkit is pulling all configured images as part of bin/up. You can disable the automatic pulling using SIBLING_CONTAINERS_PULL=false in your config/overleaf.rc file.

Server Pro 5.0.7

Release date: 2024-07-12

Server Pro Image ID: a8c301474a4d
Community Edition Image ID: 6f3e55a67fd5
Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for accessing project invite details and locked down access to files via the LaTeX compilation service.

We strongly recommend turning on the feature in Server Pro.

Server Pro 5.0.6

Release date: 2024-06-20

Server Pro Image ID: c9de60b06959
Community Edition Image ID: 46bb44d4215d
Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls for creating projects from ZIP URLs.

Server Pro 5.0.5

Release date: 2024-06-11

Server Pro Image ID: 60da5806f83e
Community Edition Image ID: 46bb44d4215d
Git Bridge Image ID: 455a8c0559a4

This is a security release. We added stricter controls to prevent arbitrary CSS loading in the project editor.

Server Pro 5.0.4

Release date: 2024-05-24

Server Pro Image ID: b0db0405a7ce
Community Edition Image ID: abcec6efbbf7
Git Bridge Image ID: 455a8c0559a4

This release provides security updates, bugfixes, and performance enhancements, including:

Stricter controls to prevent arbitrary JavaScript execution in the browser.
Updated libraries to enhance security and performance.

Server Pro 5.0.3

Release date: 2024-04-24

Server Pro Image ID: dc88a9ade14d
Community Edition Image ID: b4712d596c75
Git Bridge Image ID: 455a8c0559a4

This release builds up on 5.0.2 and includes the second revision of the recovery process for doc versions.

If you never ran Server Pro version 5.0.1 or Community Edition version 5.0.1, or you started a brand new instance with 5.0.1, you do not need to run this recovery process. Please see the below for details on the need for a recovery and follow the .

Server Pro 5.0.2 (Retracted)

2024-04-22: We are retracting version 5.0.2. We have identified a few corner cases in the recovery procedure for docs.

2024-04-24: Server Pro version 5.0.3 sports fixes for the previously identified corner cases.

Release date: 2024-04-22

Server Pro Image ID: 06eed5680340
Community Edition Image ID: 9f018f899ba5
Git Bridge Image ID: 455a8c0559a4

Security release

Server Pro 5.0.2 is a security release for the application runtime.

The Node.js runtime has been upgraded to 18.20.2. Check their release notes (, ) for more information.

Bugfixes

Fixes database migration that resulted in the loss of doc versions. These are used by the history system and their loss resulted in the history system skipping over updates effectively resulting in no further changes to the history view and git-integration. This release fixes the database migration and also sports a recovery process for instances that ran release 5.0.1. If you ran version 5.0.1, please take a look at the dedicated doc version recovery process.
Fixes references and templates services on Docker 26 IPv6.

Other changes

Adds bin/flush-history-queues and bin/force-history-resyncs utility scripts.

Server Pro 5.0.1 (Retracted)

2024-04-18: We have identified a critical bug in a database migration that causes data loss. Please defer upgrading to release 5.0.1 until further notice on the mailing list.

2024-04-24: Server Pro 5.0.3 has been released with a fix and recovery process that does not need access to a backup. See details above.

Release date: 2024-04-02

Server Pro Image ID: 0d28770b4692
Community Edition Image ID: ee69bf0baddf
Git Bridge Image ID: 455a8c0559a4

This major release includes the following changes:

Required database upgrade from MongoDB 4 to MongoDB 5
Rebranding of SHARELATEX_* to OVERLEAF_* environment variables
Rebranding of filesystem paths from ShareLaTeX brand to Overleaf brand

Important: the Toolkit will help migrating your configuration, please follow the prompts of bin/upgrade.

MongoDB upgrade to v5

MongoDB 4.4 has reached end of life on February 2024. All customers should before upgrading to the 5.0 release line.

The release also includes migrations that update the database in a backwards incompatible format.

Please ensure you have a consistent database backup before upgrading. In case of roll-back, you will need to restore the database backup. Server Pro 4.x is not capable of reading the new format, which can result in data-loss or broken projects.

Configuration changes

Environment variables have been rebranded from SHARELATEX_* to OVERLEAF_*. users should be prompted to perform the migration when running bin/upgrade, and warnings will be printed when trying to run the Overleaf instance with the incorrect configuration.

Filesystem paths have also been rebranded from ShareLaTeX brand to Overleaf brand:

/var/lib/sharelatex -> /var/lib/overleaf
/var/log/sharelatex -> /var/log/overleaf
/etc/sharelatex -> /etc/overleaf

Filesystem changes are automatically handled by the Overleaf Toolkit. Otherwise, make sure bind-mount targets are updated to refer to the Overleaf equivalent, e.g.

docker-compose/yml before:

docker-compose.yml after:

New features

Added support for using IAM credentials when using AWS S3 for project/history files
Server Pro will refuse to start when using an older version of MongoDB

Bugfixes

Fixes a scenario in which the share project modal doesn't display the link-sharing links immediately after turning on the feature

Other changes

All services are now using IPv4 in the container
Container image upgrade from Ubuntu 20.04 to 22.04 LTS
Security updates to the base image and installed packages, along with improvements and bugfixes.

$ bin/mongo
> db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
 ... 
 {
    featureCompatibilityVersion: { version: '5.0' },
...
> db.adminCommand( { setFeatureCompatibilityVersion: "6.0" } )

MongoServerError: Error during migrate "20250411200550_active_chunk_index_update": Error in specification { name: "projectId_1_startVersion_1_v2", unique: true, partialFilterExpression: { state: { $in: [ "active", "closed" ] } }, background: true, key: { projectId: 1, startVersion: 1 }, v: 2 } :: caused by :: Expression not supported in partial index: state $in [ "active" "closed" ]

4.x

SHARELATEX_SITE_URL

OVERLEAF_SITE_URL

global
  group haproxy
  user haproxy

  # Verbose logging
  log stdout format raw local0 debug

defaults
  mode                    http
  option                  httpchk HEAD /status
  http-check              expect status 200
  default-server          check

  # Verbose logging
  log                     global
  option                  httplog

  # Reroute to a different backend if the sticky one is down
  option                  redispatch 1
  # These retries are for TCP connect errors, not on HTTP status 500 responses
  retries                 3

  # Sticky session for 24h of inactivity -- compile output is deleted after 24h
  cookie                  server-pro-ha insert maxidle 24h

  # Try to connect to any backend for 1min, then return 503
  timeout queue           1m
  # Give Server Pro instances 15s to startup
  timeout connect         15s

  # Abort requests from very slow clients (allow 1min of inactivity when reading a request)
  timeout client          1m

  # Allow slow compiles -- hard-coded limit in clsi is 10min
  timeout server          10m

  # Disconnect the editor after 23h -- 1h ahead of their last use yesterday
  timeout tunnel          23h

  # Note: The keepalive behavior in haproxy works great with the default keepalive setup in Server Pro.
  #       Haproxy is cleaning up connections in the background and it will redispatch requests when needed.

listen server-pro-ha-http
  bind :80
  http-request redirect scheme https unless { ssl_fc }

listen server-pro-ha-https
  bind :443 ssl crt /etc/ssl/certs/ssl-key-and-certificate-bundle.pem

  # Tell the application that we are behind https
  http-request set-header X-Forwarded-Proto https

  # Tell the application the actual client ip
  option forwardfor

  # See https://hstspreload.org/#deployment-recommendations
  http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;"

  # Route git traffic to the sibling container of the git-bridge
  use-server server-pro-ha-1 if { path_beg /git/ }

  # Debugging
  http-response add-header X-Served-By %s
  stats enable
  stats uri /haproxy

  server server-pro-ha-1 198.18.1.1:80 cookie server-pro-ha-1
  server server-pro-ha-2 198.18.1.2:80 cookie server-pro-ha-2
  server server-pro-ha-3 198.18.1.3:80 cookie server-pro-ha-3

version: '2.2'

# Actual horizontal scaling setup: pick your own network and replace IPs in config.
networks:
    default:
        ipam:
            config:
                # This subnet is part of a reserved subnet used for benchmarking
                # https://tools.ietf.org/html/rfc2544
                # The full subnet is 198.18.0.0/15
                # Use 198.18.0.0/24 for lb and dbs
                # Use 198.18.1.0/24 for server-pro
                # Use 198.18.0.128/25 for ephemeral container
                - gateway: 198.18.0.1
                  ip_range: 198.18.0.128/25
                  subnet: 198.18.0.0/23

services:
    # Actual horizontal scaling setup: run haproxy outside docker on a separate host.
    lb:
        image: haproxy:2.6
        container_name: lb
        user: root
        logging:
            driver: local
            options:
                max-size: 10g
                max-file: '100'
        volumes:
            - ./haproxy.conf:/usr/local/etc/haproxy/haproxy.cfg
            # $ cat certificate.pem key.pem > ssl-key-and-certificate-bundle.pem
            - /path/to/ssl-key-and-certificate-bundle.pem:/etc/ssl/certs/ssl-key-and-certificate-bundle.pem
        # Alternative to "ports": use host network to avoid docker-proxy overhead
        network_mode: host

        # Alternative to "network_mode: host": use docker-proxy for network isolation
        # ports:
        #     - "80:80"
        #     - "443:443"
        # networks:
        #     default:
        #         ipv4_address: 198.18.0.2

        # Actual horizontal scaling setup: remove these as they run on other hosts.
        depends_on:
            server-pro-ha-1:
                condition: service_started
            server-pro-ha-2:
                condition: service_started
            server-pro-ha-3:
                condition: service_started

    # Actual horizontal scaling setup: run this container next to server-pro-ha-1.
    # For Server Pro 4.0 onwards.
    git-bridge:
        restart: always
        # The tag should match the `server-pro-ha-1` container tag.
        image: quay.io/sharelatex/git-bridge:4.0.1
        volumes:
            # Actual horizontal scaling setup: point /data/git-bridge at a dedicated local ssd.
            - ~/git_bridge_data:/data/git-bridge
        container_name: git-bridge
        environment:
            GIT_BRIDGE_API_BASE_URL: "http://server-pro-ha-1/api/v0"
            GIT_BRIDGE_OAUTH2_SERVER: "http://server-pro-ha-1"
            GIT_BRIDGE_POSTBACK_BASE_URL: "http://198.18.0.6:8000"
            GIT_BRIDGE_ROOT_DIR: "/data/git-bridge"
        user: root
        command: ["/server-pro-start.sh"]

        # Actual horizontal scaling setup: run on host 198.18.0.6 and expose port
        # ports:
        #     - "8000:8000"
        networks:
            default:
                ipv4_address: 198.18.0.6

    # Actual horizontal scaling setup: run this container on a separate host.
    server-pro-ha-1: &server-pro-ha-config
        restart: always
        image: quay.io/sharelatex/sharelatex-pro:4.0.1
        container_name: server-pro-ha-1
        hostname: server-pro-ha-1
        depends_on:
            # Actual horizontal scaling setup: keep this entry.
            git-bridge:
                condition: service_started

            # Actual horizontal scaling setup: remove the ones below as they run on other hosts.
            mongo:
                condition: service_healthy
            redis:
                condition: service_started
            minio:
                condition: service_started
            mongo_replica_set_setup:
                condition: service_completed_successfully
            minio_setup:
                condition: service_completed_successfully
        stop_grace_period: 60s
        volumes:
            - /tmp/scratch-disk1:/var/lib/sharelatex
            - /var/run/docker.sock:/var/run/docker.sock
        environment: &server-pro-ha-environment
            # Actual horizontal scaling setup: provide your own domain/app name.
            OVERLEAF_SITE_URL: 'https://overleaf.example.com'
            OVERLEAF_APP_NAME: Server Pro Horizontal Scaling Demo

            OVERLEAF_MONGO_URL: mongodb://198.18.0.3/sharelatex
            OVERLEAF_REDIS_HOST: 198.18.0.4
            REDIS_HOST: 198.18.0.4

            ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
            EMAIL_CONFIRMATION_DISABLED: 'true'

            SANDBOXED_COMPILES: 'true'
            SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true'
            SANDBOXED_COMPILES_HOST_DIR: '/tmp/scratch-disk1/data/compiles'

            # S3
            # Actual horizontal scaling setup: pick secure credentials.
            OVERLEAF_FILESTORE_BACKEND: s3
            OVERLEAF_FILESTORE_USER_FILES_BUCKET_NAME: overleaf-user-files
            OVERLEAF_FILESTORE_TEMPLATE_FILES_BUCKET_NAME: overleaf-template-files
            OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID: OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID
            OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY: OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY
            OVERLEAF_FILESTORE_S3_ENDPOINT: http://198.18.0.5:9000
            OVERLEAF_FILESTORE_S3_PATH_STYLE: 'true'
            OVERLEAF_FILESTORE_S3_REGION: ''

            OVERLEAF_HISTORY_BACKEND: "s3"
            OVERLEAF_HISTORY_PROJECT_BLOBS_BUCKET: "overleaf-project-blobs"
            OVERLEAF_HISTORY_CHUNKS_BUCKET: "overleaf-chunks"
            OVERLEAF_HISTORY_S3_ACCESS_KEY_ID: "OVERLEAF_HISTORY_S3_ACCESS_KEY_ID"
            OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY: "OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY"
            OVERLEAF_HISTORY_S3_ENDPOINT: http://198.18.0.5:9000
            OVERLEAF_HISTORY_S3_PATH_STYLE: 'true'
            OVERLEAF_HISTORY_S3_REGION: ''
            # /S3

            # git-bridge
            GIT_BRIDGE_ENABLED: 'true'
            GIT_BRIDGE_HOST: 198.18.0.6
            GIT_BRIDGE_PORT: 8000
            # Only needed on the sibling instance of git-bridge
            V1_HISTORY_URL: "http://server-pro-ha-1:3100/api"
            # /git-bridge

            # Horizontal scaling
            # Actual horizontal scaling setup: pick secure credentials.
            WEB_API_PASSWORD: WEB_API_PASSWORD
            STAGING_PASSWORD: V1_HISTORY_PASSWORD
            V1_HISTORY_PASSWORD: V1_HISTORY_PASSWORD
            CRYPTO_RANDOM: CRYPTO_RANDOM
            OT_JWT_AUTH_KEY: OT_JWT_AUTH_KEY
            OVERLEAF_BEHIND_PROXY: 'true'
            # Actual horizontal scaling setup: IPs of load balancers
            TRUSTED_PROXY_IPS: 198.18.0.1,198.18.0.2
            # /Horizontal scaling

        # Actual horizontal scaling setup: run on host 198.18.1.1 and expose ports
        # ports:
        #     - "80:80"
        networks:
            default:
                ipv4_address: 198.18.1.1

    # Actual horizontal scaling setup: run this container on a separate host.
    server-pro-ha-2:
        <<: *server-pro-ha-config
        hostname: server-pro-ha-2
        container_name: server-pro-ha-2
        volumes:
            - /tmp/scratch-disk2:/var/lib/sharelatex
            - /var/run/docker.sock:/var/run/docker.sock
        environment:
            <<: *server-pro-ha-environment
            SANDBOXED_COMPILES_HOST_DIR: '/tmp/scratch-disk2/data/compiles'
            V1_HISTORY_URL: "http://localhost:3100/api"

        # Actual horizontal scaling setup: run on host 198.18.1.2 and expose ports
        # ports:
        #     - "80:80"
        networks:
            default:
                ipv4_address: 198.18.1.2

    # Actual horizontal scaling setup: run this container on a separate host.
    server-pro-ha-3:
        <<: *server-pro-ha-config
        hostname: server-pro-ha-3
        container_name: server-pro-ha-3
        volumes:
            - /tmp/scratch-disk3:/var/lib/sharelatex
            - /var/run/docker.sock:/var/run/docker.sock
        environment:
            <<: *server-pro-ha-environment
            SANDBOXED_COMPILES_HOST_DIR: '/tmp/scratch-disk3/data/compiles'
            V1_HISTORY_URL: "http://localhost:3100/api"

        # Actual horizontal scaling setup: run on host 198.18.1.3 and expose ports
        # ports:
        #     - "80:80"
        networks:
            default:
                ipv4_address: 198.18.1.3

    # Actual horizontal scaling setup: run this container on a separate host.
    minio:
        image: minio/minio:RELEASE.2023-05-18T00-05-36Z
        container_name: minio
        command: server /data
        volumes:
            # Actual horizontal scaling setup: run minio with multiple disks, see minio docs.
            - ~/minio_data:/data
        environment:
            # Actual horizontal scaling setup: pick secure credentials.
            MINIO_ROOT_USER: MINIO_ROOT_USER
            MINIO_ROOT_PASSWORD: MINIO_ROOT_PASSWORD

        # Actual horizontal scaling setup: run on host 198.18.0.5 and expose port
        # ports:
        #     - "9000:9000"
        networks:
            default:
                ipv4_address: 198.18.0.5

    # Actual horizontal scaling setup: run this setup once on a separate host.
    minio_setup:
        depends_on:
            - minio
        image: minio/mc:RELEASE.2023-05-18T16-59-00Z
        entrypoint: sh
        command:
            - '-c'
            # Actual horizontal scaling setup: pick secure credentials.
            - |
                mc alias set s3 http://198.18.0.5:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD \
                || sleep 10 && \
                mc alias set s3 http://198.18.0.5:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD \
                || sleep 10 && \
                mc alias set s3 http://198.18.0.5:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD \
                || sleep 10 && \
                mc alias set s3 http://198.18.0.5:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD

                mc mb --ignore-existing s3/overleaf-user-files
                mc mb --ignore-existing s3/overleaf-template-files
                mc admin user add s3 \
                  OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID \
                  OVERLEAF_FILESTORE_S3_SECRET_ACCESS_KEY

                mc mb --ignore-existing s3/overleaf-project-blobs
                mc mb --ignore-existing s3/overleaf-chunks
                mc admin user add s3 \
                  OVERLEAF_HISTORY_S3_ACCESS_KEY_ID \
                  OVERLEAF_HISTORY_S3_SECRET_ACCESS_KEY

                echo '
                  {
                    "Version": "2012-10-17",
                    "Statement": [
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:ListBucket"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-user-files"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:PutObject",
                          "s3:GetObject",
                          "s3:DeleteObject"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-user-files/*"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:ListBucket"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-template-files"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:PutObject",
                          "s3:GetObject",
                          "s3:DeleteObject"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-template-files/*"
                      }
                    ]
                  }' > policy-filestore.json

                echo '
                  {
                    "Version": "2012-10-17",
                    "Statement": [
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:ListBucket"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-project-blobs"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:PutObject",
                          "s3:GetObject",
                          "s3:DeleteObject"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-project-blobs/*"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:ListBucket"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-chunks"
                      },
                      {
                        "Effect": "Allow",
                        "Action": [
                          "s3:PutObject",
                          "s3:GetObject",
                          "s3:DeleteObject"
                        ],
                        "Resource": "arn:aws:s3:::overleaf-chunks/*"
                      }
                    ]
                  }' > policy-history.json

                # Put the contents of the policy from the previous section in policy-filestore.json
                # Reminder: Replace the bucket names accordingly.
                mc admin policy create s3 overleaf-filestore policy-filestore.json
                mc admin policy attach s3 overleaf-filestore \
                  --user=OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID || true

                mc admin policy create s3 overleaf-history policy-history.json
                mc admin policy attach s3 overleaf-history \
                  --user=OVERLEAF_HISTORY_S3_ACCESS_KEY_ID || true

    # Actual horizontal scaling setup: run this container on a separate host.
    mongo:
        restart: always
        image: mongo:4.4
        container_name: mongo
        command: "--replSet overleaf"
        expose:
            - 27017
        volumes:
            - ~/mongo_data:/data/db
        healthcheck:
            test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
            interval: 10s
            timeout: 10s
            retries: 5

        # Actual horizontal scaling setup: run on host 198.18.0.3 and expose port
        # ports:
        #     - "27017:27017"
        networks:
            default:
                ipv4_address: 198.18.0.3

    mongo_replica_set_setup:
        image: mongo:4.4
        entrypoint: sh
        depends_on:
            mongo:
                condition: service_healthy
        command:
            - '-c'
            - |
                mongo 198.18.0.3 --eval "rs.initiate({ _id: \"overleaf\", members: [ { _id: 0, host: \"198.18.0.3:27017\" } ] })"

    # Actual horizontal scaling setup: run this container on a separate host.
    redis:
        restart: always
        image: redis:6.2
        container_name: redis
        expose:
            - 6379
        volumes:
            - ~/redis_data:/data

        # Actual horizontal scaling setup: run on host 198.18.0.4 and expose port
        # ports:
        #     - "6379:6379"
        networks:
            default:
                ipv4_address: 198.18.0.4

# https://github.com/overleaf/overleaf/blob/45ca0f796c679103efd305ddbef28073c4a5de32/server-ce/init_scripts/00_regen_sharelatex_secrets.sh#L14
dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/'

On-premises

Welcome

Overview of Server Pro and Community Edition

Stay up to date

Quick links

Server Pro vs. Community Edition

Benefits for users

Release notes

Server Pro version support

Release notes 1.x.x

Server Pro 1.2.1

Server Pro 1.2.0

Server Pro 1.1.0

Server Pro 1.0.2

Server Pro 1.0.0

Getting started

Before you start

What can I do to prepare?

What if I have a problem?

Requirements

Requirements for installing Server Pro and Community Edition

Skills needed

Software requirements

Operating systems

Installation

Introduction

Using the Toolkit

1. Download the Toolkit

Downloading the Toolkit

2. Familiarize yourself with the Toolkit

Taking a look around

3. Initialize the configuration

Initializing the configuration

4. Choose Community Edition or Server Pro

Obtaining Server Pro Image

Switching to Server Pro

5. Personalizing your instance

Personalizing your instance

6. Post-installation tasks

Creating your first administrator account

Upgrading TeX Live

Configuration

Overleaf Toolkit

Server Pro-only configuration

Adding LaTeX user help

Logging

Localization

i18n Languages

Multi-language support

Password restrictions

Redis

Enabling password authentication

Maintenance

Upgrading your deployment

The bin/upgrade Script

Extending TeX Live

User and project management

Understanding license usage

Bulk transfer of project ownership

Usage

Support

Project limits

Support guides

Using templates as an individual

Welcome

Overview of Server Pro and Community Edition

Stay up to date

Quick links

Using the Toolkit

Release notes

Server Pro version support

Server Pro vs. Community Edition

Benefits for users

Skills needed

Requirements

Requirements for installing Server Pro and Community Edition

Introduction

Benefits for user admins

Benefits for system admins

Community Support

The `bin/upgrade` Script

The `bin/upgrade` Script

Using `tlmgr` in an older TeX Live image