Frontend Service Configuration

Introduction

The frontend service translates various ownCloud related HTTP APIs to CS3 requests.

Default Values

  • Frontend listens on port 9140 by default.

Endpoints Overview

Currently, the frontend service handles requests for three functionalities, which are

appprovider

The appprovider endpoint, by default /app, forwards HTTP requests to the CS3 App Registry API.

archiver

The archiver endpoint, by default /archiver, implements zip and tar download for collections of files. It will internally use the CS3 API to initiate downloads and then stream the individual files as part of a compressed file.

datagateway

The datagateway endpoint, by default /data, forwards file up- and download requests to the correct CS3 data provider. OCIS starts a dataprovider as part of the storage-* services. The routing happens based on the JWT that was created by a storage provider in response to an InitiateFileDownload or InitiateFileUpload request.

ocs

The ocs endpoint, by default /ocs, implements the ownCloud 10 Open Collaboration Services API by translating it into CS3 API requests. It can handle users, groups, capabilities and also implements the file sharing functionality on top of CS3. The /ocs/v[12].php/cloud/user/signing-key is currently handled by the dedicated ocs service.

Scalability

While the frontend service does not persist any data, it does cache Stat() responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE=redis and the related config options.

Configuration

Environment Variables

The frontend extension is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the frontend service
Name Type Default Value Description

OCIS_TRACING_ENABLED
FRONTEND_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
FRONTEND_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
FRONTEND_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
FRONTEND_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
FRONTEND_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
FRONTEND_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
FRONTEND_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
FRONTEND_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

FRONTEND_DEBUG_ADDR

string

127.0.0.1:9141

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

FRONTEND_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

FRONTEND_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

FRONTEND_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

FRONTEND_HTTP_ADDR

string

127.0.0.1:9140

The bind address of the HTTP service.

FRONTEND_HTTP_PROTOCOL

string

tcp

The transport protocol of the HTTP service.

FRONTEND_HTTP_PREFIX

string

The Path prefix where the frontend can be accessed (defaults to /).

OCIS_CORS_ALLOW_ORIGINS
FRONTEND_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
FRONTEND_CORS_ALLOW_METHODS

[]string

[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
FRONTEND_CORS_ALLOW_HEADERS

[]string

[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
FRONTEND_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

STORAGE_TRANSFER_SECRET

string

Transfer secret for signing file up- and download requests.

OCIS_JWT_SECRET
FRONTEND_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_MACHINE_AUTH_API_KEY
FRONTEND_MACHINE_AUTH_API_KEY

string

The machine auth API key used to validate internal requests necessary to access resources from other services.

FRONTEND_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

FRONTEND_ENABLE_FAVORITES

bool

false

Enables the support for favorites in the clients.

FRONTEND_ENABLE_PROJECT_SPACES

bool

true

Changing this value is NOT supported. Indicates to clients that project spaces are supposed to be made available.

FRONTEND_ENABLE_SHARE_JAIL

bool

true

Changing this value is NOT supported. Indicates to clients that the share jail is supposed to be used.

FRONTEND_UPLOAD_MAX_CHUNK_SIZE

int

100000000

Sets the max chunk sizes in bytes for uploads via the clients.

FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE

string

Advise TUS to replace PATCH requests by POST requests.

FRONTEND_DEFAULT_UPLOAD_PROTOCOL

string

tus

The default upload protocol to use in the clients (e.g. tus).

FRONTEND_ENABLE_RESHARING

bool

true

Changing this value is NOT supported. Enables the support for resharing in the clients.

FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING

bool

false

Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.

FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING

bool

false

Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.

FRONTEND_SEARCH_MIN_LENGTH

int

3

Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.

OCIS_URL
FRONTEND_PUBLIC_URL

string

https://localhost:9200

The public facing URL of the oCIS frontend.

OCIS_INSECURE
FRONTEND_APP_HANDLER_INSECURE

bool

false

Allow insecure connections to the frontend.

FRONTEND_ARCHIVER_MAX_NUM_FILES

int64

10000

Max number of files that can be packed into an archive.

FRONTEND_ARCHIVER_MAX_SIZE

int64

1073741824

Max size in bytes of the zip archive the archiver can create.

OCIS_INSECURE
FRONTEND_ARCHIVER_INSECURE

bool

false

Allow insecure connections to the archiver.

FRONTEND_DATA_GATEWAY_PREFIX

string

data

Path prefix for the data gateway.

FRONTEND_OCS_PREFIX

string

ocs

Path prefix for the OCS service

FRONTEND_OCS_SHARE_PREFIX

string

/Shares

Path prefix for shares.

FRONTEND_OCS_HOME_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Homespace namespace identifier.

FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE

string

{{.Mail}}

Additional information attribute for the user like {{.Mail}}.

FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL

int

0

Max TTL in seconds for the resource info cache. 0 disables the cache.

FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE

string

memory

Resource info cache type. Supported values are 'memory' and 'redis'.

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_ADDR

string

Redis service address

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_USERNAME

string

Redis username

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_PASSWORD

string

Redis password

FRONTEND_OCS_ENABLE_DENIALS

bool

false

EXPERIMENTAL: enable the feature to deny access on folders.

FRONTEND_CHECKSUMS_SUPPORTED_TYPES

[]string

[sha1 md5 adler32]

Define the checksum types that indicate to clients which hashes the server can use to verify upload integrity. You can provide multiple types separated by blank or comma. Supported types are 'sha1', 'md5' and 'adler32'.

FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE

string

sha1

The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.

Environment variables for the frontend service
Name Type Default Value Description

OCIS_TRACING_ENABLED
FRONTEND_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
FRONTEND_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
FRONTEND_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
FRONTEND_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
FRONTEND_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
FRONTEND_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
FRONTEND_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
FRONTEND_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

FRONTEND_DEBUG_ADDR

string

127.0.0.1:9141

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

FRONTEND_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

FRONTEND_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

FRONTEND_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

FRONTEND_HTTP_ADDR

string

127.0.0.1:9140

The bind address of the HTTP service.

FRONTEND_HTTP_PROTOCOL

string

tcp

The transport protocol of the HTTP service.

FRONTEND_HTTP_PREFIX

string

The Path prefix where the frontend can be accessed (defaults to /).

OCIS_CORS_ALLOW_ORIGINS
FRONTEND_CORS_ALLOW_ORIGINS

[]string

[*]

A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

OCIS_CORS_ALLOW_METHODS
FRONTEND_CORS_ALLOW_METHODS

[]string

[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH]

A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method

OCIS_CORS_ALLOW_HEADERS
FRONTEND_CORS_ALLOW_HEADERS

[]string

[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override]

A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.

OCIS_CORS_ALLOW_CREDENTIALS
FRONTEND_CORS_ALLOW_CREDENTIALS

bool

true

Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.

STORAGE_TRANSFER_SECRET

string

Transfer secret for signing file up- and download requests.

OCIS_JWT_SECRET
FRONTEND_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCIS_MACHINE_AUTH_API_KEY
FRONTEND_MACHINE_AUTH_API_KEY

string

The machine auth API key used to validate internal requests necessary to access resources from other services.

FRONTEND_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

FRONTEND_ENABLE_FAVORITES

bool

false

Enables the support for favorites in the clients.

FRONTEND_ENABLE_PROJECT_SPACES

bool

true

Changing this value is NOT supported. Indicates to clients that project spaces are supposed to be made available.

FRONTEND_ENABLE_SHARE_JAIL

bool

true

Changing this value is NOT supported. Indicates to clients that the share jail is supposed to be used.

FRONTEND_UPLOAD_MAX_CHUNK_SIZE

int

100000000

Sets the max chunk sizes in bytes for uploads via the clients.

FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE

string

Advise TUS to replace PATCH requests by POST requests.

FRONTEND_DEFAULT_UPLOAD_PROTOCOL

string

tus

The default upload protocol to use in the clients (e.g. tus).

FRONTEND_ENABLE_RESHARING

bool

true

Changing this value is NOT supported. Enables the support for resharing in the clients.

FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING

bool

false

Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed.

FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING

bool

false

Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed.

FRONTEND_SEARCH_MIN_LENGTH

int

3

Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.

OCIS_URL
FRONTEND_PUBLIC_URL

string

https://localhost:9200

The public facing URL of the oCIS frontend.

OCIS_INSECURE
FRONTEND_APP_HANDLER_INSECURE

bool

false

Allow insecure connections to the frontend.

FRONTEND_ARCHIVER_MAX_NUM_FILES

int64

10000

Max number of files that can be packed into an archive.

FRONTEND_ARCHIVER_MAX_SIZE

int64

1073741824

Max size in bytes of the zip archive the archiver can create.

OCIS_INSECURE
FRONTEND_ARCHIVER_INSECURE

bool

false

Allow insecure connections to the archiver.

FRONTEND_DATA_GATEWAY_PREFIX

string

data

Path prefix for the data gateway.

FRONTEND_OCS_PREFIX

string

ocs

Path prefix for the OCS service

FRONTEND_OCS_SHARE_PREFIX

string

/Shares

Path prefix for shares.

FRONTEND_OCS_HOME_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Homespace namespace identifier.

FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE

string

{{.Mail}}

Additional information attribute for the user like {{.Mail}}.

FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL

int

0

Max TTL in seconds for the resource info cache. 0 disables the cache.

FRONTEND_OCS_RESOURCE_INFO_CACHE_TYPE

string

memory

Resource info cache type. Supported values are 'memory' and 'redis'.

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_ADDR

string

Redis service address

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_USERNAME

string

Redis username

FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_PASSWORD

string

Redis password

FRONTEND_OCS_ENABLE_DENIALS

bool

false

EXPERIMENTAL: enable the feature to deny access on folders.

FRONTEND_CHECKSUMS_SUPPORTED_TYPES

[]string

[sha1 md5 adler32]

Define the checksum types that indicate to clients which hashes the server can use to verify upload integrity. You can provide multiple types separated by blank or comma. Supported types are 'sha1', 'md5' and 'adler32'.

FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPE

string

sha1

The supported checksum type for uploads that indicates to clients supporting multiple hash algorithms which one is preferred by the server. Must be one out of the defined list of SUPPORTED_TYPES.

YAML Example

  • latest

  • 2.0.0

# Autogenerated
# Filename: frontend-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9141
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9140
  protocol: tcp
  prefix: ""
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - OPTIONS
    - HEAD
    - GET
    - PUT
    - POST
    - DELETE
    - MKCOL
    - PROPFIND
    - PROPPATCH
    - MOVE
    - COPY
    - REPORT
    - SEARCH
    allow_headers:
    - Origin
    - Accept
    - Content-Type
    - Depth
    - Authorization
    - Ocs-Apirequest
    - If-None-Match
    - If-Match
    - Destination
    - Overwrite
    - X-Request-Id
    - X-Requested-With
    - Tus-Resumable
    - Tus-Checksum-Algorithm
    - Upload-Concat
    - Upload-Length
    - Upload-Metadata
    - Upload-Defer-Length
    - Upload-Expires
    - Upload-Checksum
    - Upload-Offset
    - X-HTTP-Method-Override
    allow_credentials: true
transfer_secret: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
machine_auth_api_key: ""
skip_user_groups_in_token: false
enable_favorites: false
enable_project_spaces: true
enable_share_jail: true
upload_max_chunk_size: 100000000
upload_http_method_override: ""
default_upload_protocol: tus
enable_resharing: true
enable_federated_sharing_incoming: false
enable_federated_sharing_outgoing: false
search_min_length: 3
public_url: https://localhost:9200
app_handler:
  insecure: false
archiver:
  max_num_files: 10000
  max_size: 1073741824
  insecure: false
data_gateway:
  prefix: data
ocs:
  prefix: ocs
  share_prefix: /Shares
  home_namespace: /users/{{.Id.OpaqueId}}
  additional_info_attribute: '{{.Mail}}'
  resource_info_cache_ttl: 0
  resource_info_cache_type: memory
  enable_denials: false
checksums:
  supported_types:
  - sha1
  - md5
  - adler32
  preferred_upload_type: sha1
middleware:
  auth:
    credentials_by_user_agent: {}
# Autogenerated
# Filename: frontend-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9141
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:9140
  protocol: tcp
  prefix: ""
  cors:
    allow_origins:
    - '*'
    allow_methods:
    - OPTIONS
    - HEAD
    - GET
    - PUT
    - POST
    - DELETE
    - MKCOL
    - PROPFIND
    - PROPPATCH
    - MOVE
    - COPY
    - REPORT
    - SEARCH
    allow_headers:
    - Origin
    - Accept
    - Content-Type
    - Depth
    - Authorization
    - Ocs-Apirequest
    - If-None-Match
    - If-Match
    - Destination
    - Overwrite
    - X-Request-Id
    - X-Requested-With
    - Tus-Resumable
    - Tus-Checksum-Algorithm
    - Upload-Concat
    - Upload-Length
    - Upload-Metadata
    - Upload-Defer-Length
    - Upload-Expires
    - Upload-Checksum
    - Upload-Offset
    - X-HTTP-Method-Override
    allow_credentials: true
transfer_secret: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
machine_auth_api_key: ""
skip_user_groups_in_token: false
enable_favorites: false
enable_project_spaces: true
enable_share_jail: true
upload_max_chunk_size: 100000000
upload_http_method_override: ""
default_upload_protocol: tus
enable_resharing: true
enable_federated_sharing_incoming: false
enable_federated_sharing_outgoing: false
search_min_length: 3
public_url: https://localhost:9200
app_handler:
  insecure: false
archiver:
  max_num_files: 10000
  max_size: 1073741824
  insecure: false
data_gateway:
  prefix: data
ocs:
  prefix: ocs
  share_prefix: /Shares
  home_namespace: /users/{{.Id.OpaqueId}}
  additional_info_attribute: '{{.Mail}}'
  resource_info_cache_ttl: 0
  resource_info_cache_type: memory
  enable_denials: false
checksums:
  supported_types:
  - sha1
  - md5
  - adler32
  preferred_upload_type: sha1
middleware:
  auth:
    credentials_by_user_agent: {}