Gateway Service Configuration

Table of Contents

Introduction
Default Values
Configuration
- Environment Variables
- YAML Example

Introduction

The Infinite Scale Frontend service

Default Values

Gateway listens on port 9142 by default.

Configuration

Environment Variables

The gateway service is configured via the following environment variables:

latest
2.0.0

Environment variables for the gateway service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `GATEWAY_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `GATEWAY_TRACING_TYPE`	string		The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.
`OCIS_TRACING_ENDPOINT` `GATEWAY_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `GATEWAY_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `GATEWAY_LOG_LEVEL`	string		The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".
`OCIS_LOG_PRETTY` `GATEWAY_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `GATEWAY_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `GATEWAY_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`GATEWAY_DEBUG_ADDR`	string	127.0.0.1:9143	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`GATEWAY_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`GATEWAY_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`GATEWAY_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`GATEWAY_GRPC_ADDR`	string	127.0.0.1:9142	The bind address of the GRPC service.
`GATEWAY_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GRPC service.
`OCIS_JWT_SECRET` `GATEWAY_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`REVA_GATEWAY`	string	127.0.0.1:9142	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`GATEWAY_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT`	bool	true	Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.
`GATEWAY_SHARE_FOLDER_NAME`	string	Shares	Name of the share folder in users' home space.
`GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN`	bool	true	Disable creation of the home space on login.
`STORAGE_TRANSFER_SECRET`	string		The storage transfer secret.
`GATEWAY_TRANSFER_EXPIRES`	int	86400	Expiry for the gateway tokens.
`OCIS_CACHE_STORE` `GATEWAY_CACHE_STORE` `OCIS_CACHE_STORE_TYPE` `GATEWAY_CACHE_STORE_TYPE`	string	memory	Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
`OCIS_CACHE_STORE_NODES` `GATEWAY_CACHE_STORE_NODES` `OCIS_CACHE_STORE_ADDRESS` `GATEWAY_CACHE_STORE_ADDRESS` `GATEWAY_CACHE_NODES`	[]string	[]	Nodes to use for the cache store.
`GATEWAY_CACHE_DATABASE`	string	users	Database name of the cache.
`OCIS_CACHE_STORE_TTL` `GATEWAY_STAT_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s stat cache.
`OCIS_CACHE_STORE_TTL` `GATEWAY_PROVIDER_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s provider cache.
`OCIS_CACHE_STORE_TTL` `GATEWAY_CREATE_HOME_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s create home cache.
`OCIS_URL` `GATEWAY_FRONTEND_PUBLIC_URL`	string	https://localhost:9200	The public facing URL of the oCIS frontend.
`GATEWAY_USERS_ENDPOINT`	string	localhost:9144	The USERS API endpoint.
`GATEWAY_GROUPS_ENDPOINT`	string	localhost:9160	The GROUPS API endpoint.
`GATEWAY_PERMISSIONS_ENDPOINT`	string	localhost:9191	The SETTINGS API endpoint.
`GATEWAY_SHARING_ENDPOINT`	string	localhost:9150	The SHARE API endpoint.
`GATEWAY_AUTH_BASIC_ENDPOINT`	string	localhost:9146	The AUTH BASIC API endpoint.
`GATEWAY_AUTH_BEARER_ENDPOINT`	string		The AUTH BEARER API endpoint.
`GATEWAY_AUTH_MACHINE_ENDPOINT`	string	localhost:9166	The AUTH MACHINE API endpoint.
`GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT`	string	localhost:9178	The STORAGE PUBLICLINK API endpoint.
`GATEWAY_STORAGE_USERS_ENDPOINT`	string	localhost:9157	The STORAGE USERS API endpoint.
`GATEWAY_STORAGE_SHARES_ENDPOINT`	string	localhost:9154	The STORAGE SHARES API endpoint.
`GATEWAY_APP_REGISTRY_ENDPOINT`	string	localhost:9242	The APP REGISTRY API endpoint.
`GATEWAY_STORAGE_USERS_MOUNT_ID`	string		Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

Environment variables for the gateway service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `GATEWAY_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `GATEWAY_TRACING_TYPE`	string		The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.
`OCIS_TRACING_ENDPOINT` `GATEWAY_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `GATEWAY_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `GATEWAY_LOG_LEVEL`	string		The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".
`OCIS_LOG_PRETTY` `GATEWAY_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `GATEWAY_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `GATEWAY_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`GATEWAY_DEBUG_ADDR`	string	127.0.0.1:9143	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`GATEWAY_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`GATEWAY_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`GATEWAY_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`GATEWAY_GRPC_ADDR`	string	127.0.0.1:9142	The bind address of the GRPC service.
`OCIS_GRPC_TLS_ENABLED`	bool	false	Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.
`OCIS_GRPC_TLS_CERTIFICATE`	string		Path/File name of the TLS server certificate (in PEM format) for the grpc services.
`OCIS_GRPC_TLS_KEY`	string		Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.
`GATEWAY_GRPC_PROTOCOL`	string	tcp	The transport protocol of the GRPC service.
`OCIS_JWT_SECRET` `GATEWAY_JWT_SECRET`	string		The secret to mint and validate jwt tokens.
`REVA_GATEWAY`	string	127.0.0.1:9142	The CS3 gateway endpoint.
`OCIS_GRPC_CLIENT_TLS_MODE`	string		TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.
`OCIS_GRPC_CLIENT_TLS_CACERT`	string		Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.
`GATEWAY_SKIP_USER_GROUPS_IN_TOKEN`	bool	false	Disables the loading of user’s group memberships from the reva access token.
`GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT`	bool	true	Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.
`GATEWAY_SHARE_FOLDER_NAME`	string	Shares	Name of the share folder in users' home space.
`GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN`	bool	true	Disable creation of the home space on login.
`STORAGE_TRANSFER_SECRET`	string		The storage transfer secret.
`GATEWAY_TRANSFER_EXPIRES`	int	86400	Expiry for the gateway tokens.
`OCIS_CACHE_STORE_TYPE` `GATEWAY_CACHE_STORE_TYPE` `GATEWAY_CACHE_STORE`	string	memory	Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".
`OCIS_CACHE_STORE_ADDRESS` `GATEWAY_CACHE_STORE_ADDRESS` `GATEWAY_CACHE_NODES`	[]string	[]	Node addresses to use for the cache store.
`GATEWAY_CACHE_DATABASE`	string	users	Database name of the cache.
`GATEWAY_STAT_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s stat cache.
`GATEWAY_PROVIDER_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s provider cache.
`GATEWAY_CREATE_HOME_CACHE_TTL`	int	300	Max TTL in seconds for the gateway’s create home cache.
`OCIS_URL` `GATEWAY_FRONTEND_PUBLIC_URL`	string	https://localhost:9200	The public facing URL of the oCIS frontend.
`GATEWAY_USERS_ENDPOINT`	string	localhost:9144	The USERS API endpoint.
`GATEWAY_GROUPS_ENDPOINT`	string	localhost:9160	The GROUPS API endpoint.
`GATEWAY_PERMISSIONS_ENDPOINT`	string	localhost:9191	The SETTINGS API endpoint.
`GATEWAY_SHARING_ENDPOINT`	string	localhost:9150	The SHARE API endpoint.
`GATEWAY_AUTH_BASIC_ENDPOINT`	string	localhost:9146	The AUTH BASIC API endpoint.
`GATEWAY_AUTH_BEARER_ENDPOINT`	string		The AUTH BEARER API endpoint.
`GATEWAY_AUTH_MACHINE_ENDPOINT`	string	localhost:9166	The AUTH MACHINE API endpoint.
`GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT`	string	localhost:9178	The STORAGE PUBLICLINK API endpoint.
`GATEWAY_STORAGE_USERS_ENDPOINT`	string	localhost:9157	The STORAGE USERS API endpoint.
`GATEWAY_STORAGE_SHARES_ENDPOINT`	string	localhost:9154	The STORAGE SHARES API endpoint.
`GATEWAY_APP_REGISTRY_ENDPOINT`	string	localhost:9242	The APP REGISTRY API endpoint.
`GATEWAY_STORAGE_USERS_MOUNT_ID`	string		Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

latest
2.0.0

# Autogenerated
# Filename: gateway-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9143
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9142
  tls: null
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
  store: memory
  nodes: []
  database: users
  stat_cache_ttl: 300
  provider_cache_ttl: 300
  create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
  driver: spaces
  rules: []
  json: ""
  storage_users_mount_id: ""

# Autogenerated
# Filename: gateway-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9143
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9142
  tls:
    enabled: false
    cert: ""
    key: ""
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
  store: memory
  nodes: []
  database: users
  stat_cache_ttl: 300
  provider_cache_ttl: 300
  create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
  driver: spaces
  rules: []
  json: ""
  storage_users_mount_id: ""