Configuration of ArchiveBox is done by using the archivebox config command, modifying the ArchiveBox.conf file in the data folder, or by using environment variables. All three methods work equivalently when using Docker as well.

Some equivalent examples of setting some configuration options:

archivebox config --set TIMEOUT=120
# OR
echo "TIMEOUT=120" >> ArchiveBox.conf
# OR
env TIMEOUT=120 archivebox add ~/Downloads/bookmarks_export.html

Environment variables take precedence over the config file, which is useful if you only want to use a certain option temporarily during a single run. For more examples see Usage: Configuration...

Available Configuration Options:

• General Settings: Archiving process, output format, crawl limits, and retention.
• Server Settings: Web UI, authentication, subdomain routing, and reverse proxy options.
• Storage Settings: File layout, permissions, and temp/lib directories.
• Database Settings: SQLite tuning and lock-retry behavior.
• Search Settings: Full-text search backend selection.
• Shell Options: Format & behavior of CLI output.
• Plugin Configuration: Per-plugin options (now documented separately).

In case this document is ever out of date, check the source code for config definitions: archivebox/config/common.py ➡️

General options around the archiving process, output format, retention, and concurrency limits.

Possible Values: [True]/False Controls what happens when you add a URL that already has a Snapshot in your index.

• True (default) — skip the URL entirely. No new Snapshot is created, no extractors run. The existing Snapshot is left exactly as-is.
• False — create a new Snapshot for the URL (separate UUID, separate output directory) and run every enabled extractor on it. The previously archived Snapshot is preserved untouched; you end up with two side-by-side captures of the same URL.

Equivalent to the --only-new / --no-only-new flag on archivebox add:

archivebox add https://example.com                    # honors ONLY_NEW (default True)
archivebox add --no-only-new https://example.com      # force a re-archive even if already in the index

Related options: DEFAULT_PERSONA, URL_DENYLIST, URL_ALLOWLIST

Possible Values: [60]/120/... Maximum allowed runtime per-extractor, per-Snapshot in seconds. If you have a slow network connection or are seeing frequent timeout errors, you can raise this value.

This is a plugin-shared setting — each individual extractor can override it with its own <EXTRACTOR>_TIMEOUT (e.g. WGET_TIMEOUT, CHROME_TIMEOUT, YTDLP_TIMEOUT). See the per-plugin docs for the full list.

Related options: CRAWL_TIMEOUT, CRAWL_MAX_URLS, SNAPSHOT_MAX_SIZE

Possible Values: [1440,2000]/1024,768/... Default screenshot/PDF viewport resolution in width,height pixels. Used as the fallback for SCREENSHOT_RESOLUTION, PDF_RESOLUTION, and CHROME_RESOLUTION.

This is a plugin-shared setting — individual extractors override it via <EXTRACTOR>_RESOLUTION (e.g. SCREENSHOT_RESOLUTION, PDF_RESOLUTION, CHROME_RESOLUTION). See the per-plugin docs for plugin-specific overrides.

Possible Values: [True]/False Whether to enforce HTTPS certificate validity and HSTS chain of trust when archiving sites. Set this to False if you want to archive pages even if they have expired or invalid certificates.

This is a plugin-shared setting — every HTTP-fetching extractor (wget, yt-dlp, gallery-dl, chrome, etc.) honors it, and individual extractors can override with <EXTRACTOR>_CHECK_SSL_VALIDITY. See the per-plugin docs.

Possible Values: [Mozilla/5.0 ... ArchiveBox/{VERSION} ...]/"Mozilla/5.0 ..."/... The default User-Agent string sent during archiving. The built-in default identifies ArchiveBox and links back to the GitHub repo so site operators can identify and contact archivers if needed.

This is a plugin-shared setting — each extractor (wget, chrome, yt-dlp, singlefile, …) can override it with its own <EXTRACTOR>_USER_AGENT, otherwise it falls back to this value. See the per-plugin docs for per-extractor specifics.

Possible Values: [None]//path/to/cookies.txt/...

Path to a Netscape-format cookies.txt file passed to wget, curl, yt-dlp, and other non-Chrome extractors for authentication. Required when archiving sites behind a login (paywalls, social media feeds, members-only forums, etc.) if you're not using a persona.

This is a plugin-shared setting — each extractor can override it with <EXTRACTOR>_COOKIES_FILE (e.g. WGET_COOKIES_FILE, YTDLP_COOKIES_FILE, GALLERYDL_COOKIES_FILE). Chrome-based extractors instead read auth state from the persona's CHROME_USER_DATA_DIR. See the per-plugin docs for per-extractor variants.

You can generate a cookies.txt using a browser extension, or with wget --save-cookies + --user=... --password=....

The recommended path is to create a persona and let it manage cookies + Chrome profile state for you:

archivebox persona create --import=chrome personal
archivebox add --persona=personal https://members.example.com/feed

Related options: DEFAULT_PERSONA, CHROME_USER_DATA_DIR

Possible Values: [Default]/personal/work/... The persona profile used when no explicit persona is selected for a crawl. Personas bundle a Chrome user-data-dir, a cookies.txt, auth state, a user-agent, and any other per-identity config into a single named profile, letting you swap between archiving contexts (logged-out vs. signed-into-work-account vs. signed-into-personal-account) without manually juggling files.

ArchiveBox auto-creates the named persona on disk if it doesn't already exist. See the Personas wiki page for the full directory layout.

Related options: COOKIES_FILE

Possible Values: [\.(css|js|otf|ttf|woff|woff2|gstatic\.com|googleapis\.com/css)(\?.*)?$]/.+\.exe$/...

Regex pattern matched against every URL discovered during a crawl. Any matching URL is excluded from archiving — useful for blocking tracking pixels, ad networks, CDN-hosted CSS/fonts, or arbitrary file extensions you don't want to capture.

The default skips common static assets (CSS, fonts, Google Fonts CDN) so they aren't re-fetched as separate Snapshots during recursive crawls — the parent page's singlefile/dom output already inlines them.

Note: This option is also recognized under its legacy alias URL_BLACKLIST.

Related options: URL_ALLOWLIST

Possible Values: [None]/^http(s)?:\/\/(.+)?example\.com\/?.*$/...

Regex pattern matched against every URL discovered during a crawl. When set, any URL that does not match is excluded. Useful for recursive crawling scoped to a single domain or path prefix (e.g. only follow links within docs.example.com/v2/).

When both are set, URL_DENYLIST takes precedence over URL_ALLOWLIST.

Note: This option is also recognized under its legacy alias URL_WHITELIST.

Related options: URL_DENYLIST

Possible Values: [[,]]/[,;]/[,;\s]/... Regex character class used to split tag strings (e.g. news,politics; longform) into individual tags when importing URLs. The default splits on commas only; widen it if you paste in tags separated by semicolons, spaces, or other delimiters.

Possible Values: [0]/50/500/... Maximum number of unique URLs (Snapshots) a single crawl is allowed to produce. 0 means unlimited. Counts both seed URLs you submitted and URLs discovered by recursive crawlers (parse_dom_outlinks, parse_html_urls, etc.).

Once the cap is reached, recursive crawlers stop emitting new Snapshots and the crawl is marked with stop_reason = "crawl_max_urls". Raising the cap later and re-queuing the crawl will resume discovery — the limit state is persisted in <crawl_dir>/.abx-dl/limits.json and re-evaluated each tick.

Related options: CRAWL_MAX_SIZE, CRAWL_TIMEOUT, CRAWL_MAX_CONCURRENT_SNAPSHOTS, SNAPSHOT_MAX_SIZE

Possible Values: [0]/50MB/5GB/104857600/... Maximum cumulative output size (in bytes) a single crawl is allowed to produce across all of its Snapshots. 0 means unlimited.

Accepts a raw byte count (104857600) or a unit-suffixed string (100MB, 5GB, 1TiB). Sizes are accumulated by the extractor service as each ArchiveResult writes its outputs to disk; once the cap is exceeded, in-flight Snapshots finish but no new ones are admitted and the crawl stops with stop_reason = "crawl_max_size".

Related options: SNAPSHOT_MAX_SIZE, CRAWL_MAX_URLS, CRAWL_TIMEOUT

Possible Values: [0]/300/3600/... Maximum total wall-clock runtime for a single crawl in seconds. 0 means unlimited.

Distinct from TIMEOUT: TIMEOUT caps one extractor invocation on one Snapshot; CRAWL_TIMEOUT caps the entire crawl — all Snapshots, all extractors, all retries, all recursive discovery passes — together. Once exceeded the crawl is marked stop_reason = "crawl_timeout" and queued Snapshots are skipped.

Related options: TIMEOUT, CRAWL_MAX_URLS, CRAWL_MAX_SIZE

Possible Values: [4]/1/8/16/... How many Snapshots within a single crawl ArchiveBox will archive in parallel. The runner schedules up to this many extractor pipelines at once, then waits for one to finish before starting the next.

Raising this speeds up large crawls on beefy hardware, but each concurrent Snapshot opens a new tab inside the crawl's shared Chrome instance (when Chrome-based extractors are enabled) — RAM per tab and CPU pressure scale roughly linearly with concurrency. On a typical laptop, 2-4 is sane; on a dedicated server with 32GB+ RAM, 8-16 can be reasonable.

Related options: CRAWL_MAX_URLS, TIMEOUT

Possible Values: [0]/10MB/500MB/... Maximum cumulative output size (in bytes) per individual Snapshot. 0 means unlimited. Same unit-suffix parsing as CRAWL_MAX_SIZE (10MB, 2GB, raw bytes, etc.).

Where CRAWL_MAX_SIZE is a crawl-wide budget, SNAPSHOT_MAX_SIZE puts a ceiling on any one page's output. Once a Snapshot's outputs exceed the cap, remaining extractors for that Snapshot are skipped and the Snapshot is tagged with stop_reason = "snapshot_max_size" — but the rest of the crawl continues normally.

Related options: CRAWL_MAX_SIZE, CRAWL_MAX_URLS

Possible Values: [0]/24h/7d/4w/6mo/1y/... Retention policy: automatically delete Crawls, Snapshots, ArchiveResults, and Process rows (and their on-disk outputs) after this duration has elapsed. 0, "", or None disables auto-deletion (the default — ArchiveBox never deletes anything unless you ask).

Accepted units: h/hr/hour, d/day, w/week, mo/month, y/yr/year. The minimum non-zero duration is 1h. Examples:

archivebox config --set DELETE_AFTER=24h     # daily rolling buffer
archivebox config --set DELETE_AFTER=30d     # 30-day retention
archivebox config --set DELETE_AFTER=6mo     # 6 months

DELETE_AFTER can be set globally, per-persona, per-crawl, or per-snapshot — the most-specific value wins. When a Snapshot is created, its delete_at timestamp is computed from the effective DELETE_AFTER and persisted; the retention sweeper then deletes rows whose delete_at is in the past.

Related options: PERMISSIONS

Possible Values: [public]/unlisted/private Default visibility for newly created Snapshots. Inherited by every Snapshot in a Crawl unless explicitly overridden at the Crawl or Snapshot level.

• public — Snapshot appears in the public index and its content is directly accessible without login.
• unlisted — Snapshot content is accessible via direct link, but it is not listed in the public index. Equivalent to a "secret URL."
• private — Snapshot is hidden from the public index and its content requires admin login.

This option supersedes the removed PUBLIC_SNAPSHOTS boolean and is also driven by the still-current PUBLIC_INDEX flag — both are interpreted as a coarse mapping onto PERMISSIONS for backwards compatibility (PUBLIC_SNAPSHOTS=False ⇒ private, PUBLIC_INDEX=False ⇒ unlisted, either set to True ⇒ public). Setting PERMISSIONS directly wins over either legacy flag.

Related options: PUBLIC_INDEX, PUBLIC_ADD_VIEW, DELETE_AFTER

Possible Values: [""]/wget,favicon,screenshot/chrome,singlefile,dom/... Comma-separated whitelist of plugins to load and run for this archiving run. When empty (the default), ArchiveBox uses the installed/enabled plugin set — i.e. every plugin whose <PLUGIN>_ENABLED config evaluates true.

When set, only the listed plugins (plus any plugins they declare as required_plugins in their config.json — e.g. picking singlefile automatically pulls in chrome) participate in the run. Equivalent to the CLI flag:

archivebox add --plugins=wget,favicon,screenshot https://example.com

The admin "Add" form and REST API both write to PLUGINS when you select extractors — there is no separate "enabled set" config knob; PLUGINS is the single source of truth for which plugins run on any given Crawl, Snapshot, or Persona scope.

Useful for one-off runs ("just grab a screenshot and skip everything else") or for reproducible per-crawl pipelines stored on the Crawl row.

Options for the web UI, authentication, subdomain routing, and reverse proxy configuration.

Possible Values: [None]/"admin"/...

Only used on first run / initial setup in Docker. ArchiveBox will create an admin superuser with the specified username and password when both options are present in the environment at startup. After the user exists, changing these values has no effect — use archivebox manage changepassword <username> or the Django admin UI instead.

More info:

• https://github.com/ArchiveBox/ArchiveBox/wiki/Setting-up-Authentication

Related options: LDAP_ENABLED, REVERSE_PROXY_USER_HEADER

Possible Values: [True]/False (for PUBLIC_INDEX), [False]/True (for PUBLIC_ADD_VIEW)

Server-wide toggles for whether login is required to use each public area of ArchiveBox.

archivebox config --set PUBLIC_INDEX=True        # allow viewing the snapshot index without login
archivebox config --set PUBLIC_ADD_VIEW=False    # require login to submit new URLs via the web UI

• PUBLIC_INDEX (default True) — when on, anonymous visitors can browse the snapshot list page. Individual snapshot visibility is still gated by each Snapshot's own PERMISSIONS field.
• PUBLIC_ADD_VIEW (default False) — when on, anonymous visitors can submit new URLs to be archived via the /add form. Leave this off on any internet-exposed instance unless you actively want a public submission endpoint.

Related options: PERMISSIONS, SERVER_SECURITY_MODE, ADMIN_USERNAME

Possible Values: auto-generated 50-character random string

Django's secret key, used for cryptographic signing of sessions, CSRF tokens, password reset links, and other signed payloads. Auto-generated on first server start and persisted to ArchiveBox.conf so it survives restarts. If the config file isn't writable (read-only mount, mid-init race), an in-memory random key is used and all users are logged out on the next boot.

Possible Values: [127.0.0.1:8000]/0.0.0.0:8000/[::]:8000/0.0.0.0:80/...

The host:port socket the ArchiveBox web server actually listens on. This is the local bind socket, not the public URL — for the public URL clients see, set BASE_URL.

• 127.0.0.1:8000 (default) — listen only on the loopback interface. Safest when you're running a reverse proxy on the same host and don't want the server reachable directly from the network.
• 0.0.0.0:8000 — listen on all IPv4 interfaces. Required when running in Docker without --network=host, or when you want the server reachable from other machines on your LAN without a reverse proxy.
• [::]:8000 — listen on all IPv6 interfaces (most modern OSes will accept v4-mapped connections too).
• unix:/path/to/archivebox.sock — bind to a Unix socket instead of a TCP port (useful for nginx/Caddy on the same host).

IPv6 literal addresses must be bracketed: [::1]:8000, not ::1:8000.

Related options: BASE_URL, SERVER_SECURITY_MODE

Possible Values: [""]/https://archive.example.com/http://archivebox.localhost:8000/...

The canonical public URL of your ArchiveBox instance. Used to build absolute links in templates, redirects (/admin/login/?next=...), admin notification emails, OG/meta tags, and — in subdomain security mode — to derive the admin., web., api., public., and per-snapshot snap-<id>. subdomains.

When BASE_URL is set explicitly, ArchiveBox treats it as the source of truth and ignores the incoming Host header for URL building. In safe-subdomains-fullreplay mode setting it is required for redirects to work correctly.

When BASE_URL is empty, the value is resolved at request time from the incoming request's Host header (with any leading admin. / web. / api. / public. / snap-*. label stripped to recover the canonical base). Loopback hostnames (localhost, 127.0.0.1, 0.0.0.0, ::) are rewritten to archivebox.localhost so subdomain routing works without /etc/hosts edits. If there's no live request, BIND_ADDR is used as a last resort.

The scheme is taken from the explicit BASE_URL if set, otherwise from the request (so put a reverse proxy in front for HTTPS and trust X-Forwarded-Proto).

ArchiveBox automatically derives the underlying Django ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS settings from BASE_URL + SERVER_SECURITY_MODE, so you do not set those directly — the system widens them as needed to admit the admin/web/api/public subdomains.

Related options: SERVER_SECURITY_MODE, BIND_ADDR

Possible Values: [safe-subdomains-fullreplay]/safe-onedomain-nojsreplay/unsafe-onedomain-noadmin/danger-onedomain-fullreplay

The top-level security posture of the server. Controls how archived content is served, whether the admin/API control plane is reachable, and which host(s) the UI is split across. This is the most important security knob — pick the most restrictive mode that still works for your use case.

ArchiveBox splits its surfaces across four logical hosts: admin.* (Django admin + session cookies, the entire control plane), web.* (logged-in browsing UI), api.* (REST/JSON endpoints), and public.* (unauthenticated browsing of PERMISSIONS=public snapshots). In subdomain mode each gets its own host derived from BASE_URL; session/CSRF cookies are scoped to admin.* only, so a compromised replay page on snap-<id>.* can't read admin auth.

Related options: BASE_URL, PERMISSIONS

More info:

• Security Overview

Possible Values: [50]/25/100/200/...

Number of rows to render per page on the Snapshot and ArchiveResult list views (admin index, public index, and the Django admin changelists for both models). Lower values reduce per-request render time; higher values speed up bulk browsing at the cost of heavier rendering. Must be ≥ 1.

Possible Values: [Content is hosted for personal archiving purposes only. Contact server owner for any takedown requests.]/...

Free-form text rendered in the footer of every archive page. Useful for adding a takedown contact, an org disclaimer, or attribution. Plain text — no HTML.

Possible Values: [data/custom_templates]//path/to/custom_templates/...

Path to a directory containing custom HTML / CSS / image overrides for the default ArchiveBox templates. Files placed here shadow the built-in templates of the same path, letting you rebrand the UI without forking. See the Django template loader docs for the resolution order.

Possible Values: [Remote-User]/X-Remote-User/X-Forwarded-User/...

HTTP header your reverse proxy (Authelia, oauth2-proxy, Authentik, nginx auth_request, etc.) sets to the authenticated username. ArchiveBox's ReverseProxyAuthMiddleware reads this header only when the request's source IP is inside REVERSE_PROXY_WHITELIST — otherwise the header is ignored to prevent direct-connect spoofing.

The header name is matched case-insensitively and normalized to the HTTP_* form Django exposes (e.g. Remote-User → HTTP_REMOTE_USER).

Related options: REVERSE_PROXY_WHITELIST, LOGOUT_REDIRECT_URL

Possible Values: [""]/172.16.0.0/16/10.0.0.5/32,fd00::/8/...

Comma-separated list of IPv4 / IPv6 addresses or CIDR networks that are trusted to set REVERSE_PROXY_USER_HEADER. When empty (the default), reverse-proxy auth is completely disabled — the header is never consulted no matter who set it.

When non-empty, only requests whose REMOTE_ADDR falls inside one of the listed networks have the header honored. Anything else falls back to standard session auth. The CIDR list is validated on every request; an invalid entry raises ImproperlyConfigured and breaks the server, so test changes carefully.

Related options: REVERSE_PROXY_USER_HEADER, LOGOUT_REDIRECT_URL

Possible Values: [/]/https://example.com/some/other/app//accounts/logout-landing//...

URL users are redirected to after logging out. The default / keeps users on ArchiveBox; set this to an external URL when using reverse-proxy SSO so logout terminates the upstream session too (e.g. https://auth.example.com/logout).

Related options: REVERSE_PROXY_USER_HEADER, REVERSE_PROXY_WHITELIST

Options for LDAP / Active Directory authentication via django-auth-ldap. Requires pip install archivebox[ldap] (which also pulls in the system libldap / libsasl headers).

Possible Values: [False]/True

Master switch for LDAP authentication. When True, ArchiveBox loads the django-auth-ldap backend and validates that LDAP_SERVER_URI, LDAP_BIND_DN, LDAP_BIND_PASSWORD, and LDAP_USER_BASE are all set — startup fails fast otherwise.

pip install archivebox[ldap]

Then set these configuration values:

LDAP_ENABLED: True
LDAP_SERVER_URI: "ldap://ldap.example.com:3389"
LDAP_BIND_DN: "ou=archivebox,ou=services,dc=ldap.example.com"
LDAP_BIND_PASSWORD: "secret-bind-user-password"
LDAP_USER_BASE: "ou=users,ou=archivebox,ou=services,dc=ldap.example.com"
LDAP_USER_FILTER: "(uid=%(user)s)"
LDAP_USERNAME_ATTR: "username"
LDAP_FIRSTNAME_ATTR: "givenName"
LDAP_LASTNAME_ATTR: "sn"
LDAP_EMAIL_ATTR: "mail"
LDAP_CREATE_SUPERUSER: False

More info:

• https://github.com/ArchiveBox/ArchiveBox/wiki/Setting-up-Authentication
• https://github.com/django-auth-ldap/django-auth-ldap#example-configuration

Related options: ADMIN_USERNAME, REVERSE_PROXY_USER_HEADER

Possible Values: [None]/ldap://ldap.example.com:389/ldaps://ldap.example.com:636/...

URI of the LDAP server to bind against. Use ldaps:// for TLS or ldap:// for plaintext (plus optional StartTLS at the protocol level). Required when LDAP_ENABLED is True.

Possible Values: [None]/cn=archivebox,ou=services,dc=example,dc=com/...

Distinguished name of the service account used to perform user searches. This account only needs read access to the user subtree under LDAP_USER_BASE. Required when LDAP_ENABLED is True.

Possible Values: [None]/<bind-service-password>/...

Password for the LDAP_BIND_DN service account. Required when LDAP_ENABLED is True.

Possible Values: [None]/ou=users,dc=example,dc=com/...

Base DN under which to search for user entries. Required when LDAP_ENABLED is True. The search is performed as LDAP_BIND_DN with the filter from LDAP_USER_FILTER.

Possible Values: [(uid=%(user)s)]/(sAMAccountName=%(user)s)/(&(objectClass=person)(mail=%(user)s))/...

LDAP search filter used to find a user entry at login. The literal token %(user)s is replaced with the username the user typed into the login form. Common values:

• (uid=%(user)s) — OpenLDAP-style
• (sAMAccountName=%(user)s) — Active Directory
• (mail=%(user)s) — match by email

Possible Values: [username]/uid/sAMAccountName/...

LDAP attribute on the user entry that becomes the local Django username. Must be unique within the directory.

Possible Values: [givenName]/...

LDAP attribute mapped to Django's User.first_name.

Possible Values: [sn]/...

LDAP attribute mapped to Django's User.last_name.

Possible Values: [mail]/userPrincipalName/...

LDAP attribute mapped to Django's User.email.

Possible Values: [False]/True

When True, every LDAP user who successfully authenticates is auto-promoted to Django superuser. Off by default — leave it off unless your directory's user base is already restricted to operators, since superusers can modify config, delete snapshots, and run server commands.

Options for the on-disk layout, file permissions, and temp/lib directories that ArchiveBox reads and writes during archiving.

Possible Values: [644]/755/... Permissions to set on output files written into the archive directory. The directory mode is derived from this by OR-ing in the execute bits (so 644 files imply 755 dirs), which subsumes the legacy DIR_OUTPUT_PERMISSIONS option (formerly a separate 755-default field) — directory mode is no longer settable on its own.

Related options: PUID / PGID, ENFORCE_ATOMIC_WRITES

Possible Values: [911]/1000/... Note: These are Docker-only environment variables — they only take effect when set on the Docker entrypoint at container startup. Setting them in ArchiveBox.conf or via archivebox config --set has no effect. Outside Docker the UID/GID is auto-detected from the ownership of the data directory (or the running user) and cannot be overridden.

The UID/GID that the ArchiveBox process should run as (and that all files in the data dir should be owned by). Honored by the Docker entrypoint, which chowns the data dir and drops privileges before running ArchiveBox. Outside Docker, ArchiveBox refuses to run as root and instead drops to the user that owns the data dir.

Learn more:

• https://docs.linuxserver.io/general/understanding-puid-and-pgid/
• https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting#docker-permissions-issues

Possible Values: [True]/False Whether to write output files atomically (write to a tempfile + rename() into place) so that a crash or kill -9 mid-write can never leave a partial file in the archive. Disable only if you are debugging a filesystem that doesn't support atomic renames (some FUSE mounts).

Possible Values: [data/tmp/<machine_id>]//tmp/archivebox/abc5d851/... Path for temporary files, the supervisord unix socket, and generated supervisor config. The default is a per-machine subdirectory under the data folder (tmp/<machine_id>) so multiple machines sharing the same data dir (e.g., over NFS) don't collide on socket files.

If ArchiveBox detects the configured TMP_DIR is unwritable or too long, it will auto-fall-back to /tmp/archivebox/<collection_id> at startup.

Related options: LIB_DIR, ALLOW_NO_UNIX_SOCKETS

Possible Values: [<user-config>/abx/lib]//opt/archivebox/lib/~/.config/abx/lib/... Path for installed binary dependencies (chromium, single-file, yt-dlp, ripgrep, etc.) managed by abxpkg. The default is the platform-standard user-config location (~/.config/abx/lib on Linux, ~/Library/Application Support/abx/lib on macOS, %APPDATA%\abx\lib on Windows) so a single binary installation can be shared across multiple collections on the same machine without re-downloading.

Related options: TMP_DIR

Possible Values: [False]/True Alias: ARCHIVEBOX_ALLOW_NO_UNIX_SOCKETS

Skip the startup check that verifies TMP_DIR can host unix-domain sockets (a real bind() on a .sock file). Set to True only when running ArchiveBox on a filesystem that cannot back unix sockets — most commonly Docker Desktop on macOS with a host bind-mounted TMP_DIR, where the osxfs/virtiofs layer rejects bind() calls.

Related options: TMP_DIR

Options for tuning the SQLite index database that backs ArchiveBox's snapshot, tag, and crawl metadata.

ArchiveBox stores all of its index metadata in a single SQLite database file (index.sqlite3 inside your data directory). The defaults are tuned for nearly all users — the knobs below mostly govern lock-contention behavior, which matters when multiple workers touch the database concurrently (e.g. supervised orchestrators, parallel archivebox add runs, container restarts that race against an in-flight write, or long-running web/admin processes alongside CLI commands).

Learn more:

• https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting#sqlite-database-is-locked
• https://www.sqlite.org/wal.html
• https://www.sqlite.org/pragma.html

Possible Values: [WAL]/DELETE/TRUNCATE/PERSIST/MEMORY/OFF SQLite journal mode, applied via PRAGMA journal_mode = ... on every new connection. Settable as ARCHIVEBOX_SQLITE_JOURNAL_MODE.

The default WAL (Write-Ahead Logging) lets readers and a single writer operate concurrently without blocking each other — readers see a stable snapshot while a write is in progress, instead of being serialized behind it. This is a substantial win for ArchiveBox, where the web UI, admin, and CLI workers frequently read the index while an extractor is writing.

Possible Values: [134217728] (128 MiB) on bare-metal, [0] (disabled) inside Docker / 0 / 268435456 / ... Maximum number of bytes of the database file SQLite is allowed to map into memory via mmap(), applied via PRAGMA mmap_size = .... Settable as ARCHIVEBOX_SQLITE_MMAP_SIZE.

When mmap is enabled, SQLite reads pages directly from the OS page cache instead of issuing read() syscalls and copying into a userspace buffer — meaningfully faster page reads on large databases when there is RAM available to cache them. Setting this to 0 disables memory-mapped I/O entirely and falls back to regular read() calls.

Note: The default is 0 (disabled) inside Docker, because the container's reported memory limits often do not reflect the host page cache and large mmap regions can interact poorly with cgroup accounting. On bare-metal installs the default is 134217728 (128 MiB).

Possible Values: [30000]/5000/60000/... (milliseconds, integer) SQLite busy-wait timeout in milliseconds, applied via PRAGMA busy_timeout = ... on every new connection and converted to seconds for the Python sqlite3 connection-level timeout= argument. Settable as ARCHIVEBOX_SQLITE_BUSY_TIMEOUT.

When a statement encounters a write lock, SQLite will sleep and retry internally for up to this many milliseconds before returning SQLITE_BUSY to the Python driver. Raise it if you see spurious lock errors under sustained write contention and you would rather block than fail; lower it if you want callers to fail fast.

Possible Values: [60.0]/0/120.0/... (seconds, float) Total wall-clock budget in seconds that ArchiveBox's own retry loop will spend re-attempting a single locked statement before aborting it. Settable as ARCHIVEBOX_SQLITE_LOCK_RETRY_TIMEOUT.

When the SQLite driver eventually surfaces a database is locked error (after SQLITE_BUSY_TIMEOUT has already elapsed), ArchiveBox wraps the cursor in a higher-level retry loop that logs the locking holders and re-issues the statement. This is the maximum total time spent in that outer loop, across all retries, before giving up and raising. Set to 0 to disable the cap and retry indefinitely.

Related options: SQLITE_LOCK_RETRY_INTERVAL

Possible Values: [5.0]/1.0/10.0/... (seconds, float, must be > 0) Sleep duration in seconds between successive attempts inside the ArchiveBox lock-retry loop. Settable as ARCHIVEBOX_SQLITE_LOCK_RETRY_INTERVAL.

Lower values retry more aggressively (useful if you expect locks to clear quickly and want to minimize end-to-end latency); higher values reduce log noise and wasted CPU when locks are typically held for a long time. Must be strictly greater than 0.

Related options: SQLITE_LOCK_RETRY_TIMEOUT

Options for full-text search backend configuration.

ArchiveBox can index Snapshot text/HTML output into a searchable index that powers the search bar in the Web UI and the archivebox search <query> CLI command. Multiple backend engines are supported — pick the one that best matches your collection size, available system resources, and tolerance for extra moving parts.

Possible Values: [ripgrep]/sqlite/sonic

Which search backend engine to use when running archivebox search and rendering the Web UI search bar.

• ripgrep (default) — Pure filesystem grep across each Snapshot's archived output (HTML, text, metadata) via the search_backend_ripgrep plugin. No extra daemon, no extra database to maintain — just install rg and it works. Slow on very large collections (each query re-scans the disk) but always 100% correct: results reflect what's actually on disk right now, no stale index. Best choice for small-to-medium collections (≲50k snapshots) and for users who don't want to run extra services.

• sonic — Fast, suggest-style fuzzy search via a running Sonic daemon (configured via the search_backend_sonic plugin). ArchiveBox pushes text into Sonic at index time and queries it at search time. Sub-millisecond queries even at very large scale, but you have to run and maintain the Sonic process (Docker compose has it built in). Best choice for large collections (≳100k snapshots) when query latency matters.

• sqlite — FTS5 full-text index stored alongside ArchiveBox's main index.sqlite3, configured via the search_backend_sqlite plugin. No extra processes, no extra binary — uses the SQLite already shipped with Python. Faster than ripgrep on large collections, slightly slower than sonic, but no daemon to babysit. Good middle ground for users who want a real index without operational overhead.

Note: Backend-specific tuning (Sonic host/port/password, ripgrep flag overrides, SQLite FTS database path, indexer batch size, etc.) lives in each search-backend plugin's own config schema — see the abx-plugins docs for the full per-backend option list.

Options around the format & behavior of CLI output.

Most of the values in this section are auto-detected from your terminal at startup, but each can be overridden explicitly via env var, ArchiveBox.conf, or archivebox config --set — useful for CI logs, cron jobs, log files, and Docker stdout where the auto-detection isn't what you want.

Possible Values: [False]/True

Enable verbose debug mode for the entire ArchiveBox process. Automatically set to True when --debug is passed on the command line; otherwise honors the env var / config value.

When enabled this turns on:

• Full Python tracebacks (instead of the trimmed friendly version) on any error
• Django SQL query logging to stderr
• Template auto-reload (no caching) for the web UI
• Verbose plugin / hook lifecycle logging
• Extra detail in archivebox version, archivebox status, and crash reports

Related options: USE_COLOR, SHOW_PROGRESS

Possible Values: [True (auto-detected)]/False

Whether to colorize console output with ANSI escape codes. Defaults to True when stdout is a TTY (interactive terminal) and False otherwise.

Override to force-off when piping archivebox output into a log file or cron-mail wrapper that doesn't strip ANSI codes (otherwise you'll see ^[[31m...^[[0m litter throughout your logs). Override to force-on for tools like script(1) or some CI runners that don't report as a TTY but do render ANSI correctly.

USE_COLOR=False archivebox add https://example.com >> archive.log

Related options: SHOW_PROGRESS, DEBUG

Possible Values: [True (auto-detected)]/False

Whether to render live progress bars during long-running operations (archiving, indexing, migrations). Defaults to True when stdout is a TTY, False otherwise.

Override to force-off in environments where the auto-detection is fooled into thinking it has a TTY (some Docker setups, Kubernetes log collectors, tmux/screen pipes) but the redrawing carriage-return output ends up as garbage in your logs.

SHOW_PROGRESS=False archivebox add < urls.txt

Related options: USE_COLOR

That site is regenerated from each plugin's config.json schema on every release, so it stays in sync with the code. Looking for WGET_ARGS, CHROME_USER_DATA_DIR, SCREENSHOT_RESOLUTION, YTDLP_EXTRA_ARGS, SINGLEFILE_*, SONIC_HOST, etc.? They all live there now.

A handful of core options (documented above on this page) act as the fallback default for every plugin that has a matching per-extractor override. If you set the core option, every plugin honors it; if you also set the plugin-specific override, that wins for just that one plugin.

All plugin options can be set via the same three mechanisms as core options — env var, ArchiveBox.conf, or archivebox config --set — and inspected with archivebox config:

archivebox config                                  # show every option (core + every installed plugin)
archivebox config --get SCREENSHOT_RESOLUTION      # read one value
archivebox config --set SCREENSHOT_RESOLUTION=1920,1080
archivebox config --search wget                    # search options by name/description

Plugin schemas evolve on their own release cadence — new extractors ship between ArchiveBox releases, options are added/renamed as hooks revise, and pinning their docs to the core release schedule produced unavoidable drift. The per-plugin doc is auto-generated from each plugin's config.json schema at build time, so it never lags behind the code.