Gateway Service Configuration
Configuration
Environment Variables
The gateway
service is configured via the following environment variables:
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9143 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9142 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage. |
|
string |
Shares |
Name of the share folder in users' home space. |
|
bool |
true |
Disable creation of the home space on login. |
|
string |
|
The storage transfer secret. |
|
int |
86400 |
Expiry for the gateway tokens. |
|
string |
memory |
Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd". |
|
[]string |
[] |
Nodes to use for the cache store. |
|
string |
users |
Database name of the cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s stat cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s provider cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s create home cache. |
|
string |
https://localhost:9200 |
The public facing URL of the oCIS frontend. |
|
string |
localhost:9144 |
The USERS API endpoint. |
|
string |
localhost:9160 |
The GROUPS API endpoint. |
|
string |
localhost:9191 |
The SETTINGS API endpoint. |
|
string |
localhost:9150 |
The SHARE API endpoint. |
|
string |
localhost:9146 |
The AUTH BASIC API endpoint. |
|
string |
|
The AUTH BEARER API endpoint. |
|
string |
localhost:9166 |
The AUTH MACHINE API endpoint. |
|
string |
localhost:9178 |
The STORAGE PUBLICLINK API endpoint. |
|
string |
localhost:9157 |
The STORAGE USERS API endpoint. |
|
string |
localhost:9154 |
The STORAGE SHARES API endpoint. |
|
string |
localhost:9242 |
The APP REGISTRY API endpoint. |
|
string |
|
Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
Name | Type | Default Value | Description |
---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9143 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9142 |
The bind address of the GRPC service. |
|
bool |
false |
Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure. |
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the grpc services. |
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage. |
|
string |
Shares |
Name of the share folder in users' home space. |
|
bool |
true |
Disable creation of the home space on login. |
|
string |
|
The storage transfer secret. |
|
int |
86400 |
Expiry for the gateway tokens. |
|
string |
memory |
Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd". |
|
[]string |
[] |
Node addresses to use for the cache store. |
|
string |
users |
Database name of the cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s stat cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s provider cache. |
|
int |
300 |
Max TTL in seconds for the gateway’s create home cache. |
|
string |
https://localhost:9200 |
The public facing URL of the oCIS frontend. |
|
string |
localhost:9144 |
The USERS API endpoint. |
|
string |
localhost:9160 |
The GROUPS API endpoint. |
|
string |
localhost:9191 |
The SETTINGS API endpoint. |
|
string |
localhost:9150 |
The SHARE API endpoint. |
|
string |
localhost:9146 |
The AUTH BASIC API endpoint. |
|
string |
|
The AUTH BEARER API endpoint. |
|
string |
localhost:9166 |
The AUTH MACHINE API endpoint. |
|
string |
localhost:9178 |
The STORAGE PUBLICLINK API endpoint. |
|
string |
localhost:9157 |
The STORAGE USERS API endpoint. |
|
string |
localhost:9154 |
The STORAGE SHARES API endpoint. |
|
string |
localhost:9242 |
The APP REGISTRY API endpoint. |
|
string |
|
Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
YAML Example
Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.
# Autogenerated
# Filename: gateway-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9143
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9142
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: 127.0.0.1:9142
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
store: memory
nodes: []
database: users
stat_cache_ttl: 300
provider_cache_ttl: 300
create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
driver: spaces
rules: []
json: ""
storage_users_mount_id: ""
# Autogenerated
# Filename: gateway-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9143
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9142
tls:
enabled: false
cert: ""
key: ""
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: 127.0.0.1:9142
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
store: memory
nodes: []
database: users
stat_cache_ttl: 300
provider_cache_ttl: 300
create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
driver: spaces
rules: []
json: ""
storage_users_mount_id: ""