Gateway Service Configuration

Introduction

The Infinite Scale Frontend service

Default Values

  • Gateway listens on port 9142 by default.

Configuration

Environment Variables

The gateway service is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the gateway service
Name Type Default Value Description

OCIS_TRACING_ENABLED
GATEWAY_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
GATEWAY_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
GATEWAY_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
GATEWAY_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
GATEWAY_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
GATEWAY_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
GATEWAY_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
GATEWAY_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

GATEWAY_DEBUG_ADDR

string

127.0.0.1:9143

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

GATEWAY_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

GATEWAY_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

GATEWAY_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

GATEWAY_GRPC_ADDR

string

127.0.0.1:9142

The bind address of the GRPC service.

GATEWAY_GRPC_PROTOCOL

string

tcp

The transport protocol of the GRPC service.

OCIS_JWT_SECRET
GATEWAY_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

GATEWAY_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT

bool

true

Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.

GATEWAY_SHARE_FOLDER_NAME

string

Shares

Name of the share folder in users' home space.

GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN

bool

true

Disable creation of the home space on login.

STORAGE_TRANSFER_SECRET

string

The storage transfer secret.

GATEWAY_TRANSFER_EXPIRES

int

86400

Expiry for the gateway tokens.

OCIS_CACHE_STORE
GATEWAY_CACHE_STORE
OCIS_CACHE_STORE_TYPE
GATEWAY_CACHE_STORE_TYPE

string

memory

Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".

OCIS_CACHE_STORE_NODES
GATEWAY_CACHE_STORE_NODES
OCIS_CACHE_STORE_ADDRESS
GATEWAY_CACHE_STORE_ADDRESS
GATEWAY_CACHE_NODES

[]string

[]

Nodes to use for the cache store.

GATEWAY_CACHE_DATABASE

string

users

Database name of the cache.

OCIS_CACHE_STORE_TTL
GATEWAY_STAT_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s stat cache.

OCIS_CACHE_STORE_TTL
GATEWAY_PROVIDER_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s provider cache.

OCIS_CACHE_STORE_TTL
GATEWAY_CREATE_HOME_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s create home cache.

OCIS_URL
GATEWAY_FRONTEND_PUBLIC_URL

string

https://localhost:9200

The public facing URL of the oCIS frontend.

GATEWAY_USERS_ENDPOINT

string

localhost:9144

The USERS API endpoint.

GATEWAY_GROUPS_ENDPOINT

string

localhost:9160

The GROUPS API endpoint.

GATEWAY_PERMISSIONS_ENDPOINT

string

localhost:9191

The SETTINGS API endpoint.

GATEWAY_SHARING_ENDPOINT

string

localhost:9150

The SHARE API endpoint.

GATEWAY_AUTH_BASIC_ENDPOINT

string

localhost:9146

The AUTH BASIC API endpoint.

GATEWAY_AUTH_BEARER_ENDPOINT

string

The AUTH BEARER API endpoint.

GATEWAY_AUTH_MACHINE_ENDPOINT

string

localhost:9166

The AUTH MACHINE API endpoint.

GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT

string

localhost:9178

The STORAGE PUBLICLINK API endpoint.

GATEWAY_STORAGE_USERS_ENDPOINT

string

localhost:9157

The STORAGE USERS API endpoint.

GATEWAY_STORAGE_SHARES_ENDPOINT

string

localhost:9154

The STORAGE SHARES API endpoint.

GATEWAY_APP_REGISTRY_ENDPOINT

string

localhost:9242

The APP REGISTRY API endpoint.

GATEWAY_STORAGE_USERS_MOUNT_ID

string

Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

Environment variables for the gateway service
Name Type Default Value Description

OCIS_TRACING_ENABLED
GATEWAY_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
GATEWAY_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
GATEWAY_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
GATEWAY_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
GATEWAY_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
GATEWAY_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
GATEWAY_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
GATEWAY_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

GATEWAY_DEBUG_ADDR

string

127.0.0.1:9143

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

GATEWAY_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

GATEWAY_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

GATEWAY_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

GATEWAY_GRPC_ADDR

string

127.0.0.1:9142

The bind address of the GRPC service.

OCIS_GRPC_TLS_ENABLED

bool

false

Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure.

OCIS_GRPC_TLS_CERTIFICATE

string

Path/File name of the TLS server certificate (in PEM format) for the grpc services.

OCIS_GRPC_TLS_KEY

string

Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services.

GATEWAY_GRPC_PROTOCOL

string

tcp

The transport protocol of the GRPC service.

OCIS_JWT_SECRET
GATEWAY_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

GATEWAY_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT

bool

true

Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage.

GATEWAY_SHARE_FOLDER_NAME

string

Shares

Name of the share folder in users' home space.

GATEWAY_DISABLE_HOME_CREATION_ON_LOGIN

bool

true

Disable creation of the home space on login.

STORAGE_TRANSFER_SECRET

string

The storage transfer secret.

GATEWAY_TRANSFER_EXPIRES

int

86400

Expiry for the gateway tokens.

OCIS_CACHE_STORE_TYPE
GATEWAY_CACHE_STORE_TYPE
GATEWAY_CACHE_STORE

string

memory

Store implementation for the cache. Valid values are "memory" (default), "redis", and "etcd".

OCIS_CACHE_STORE_ADDRESS
GATEWAY_CACHE_STORE_ADDRESS
GATEWAY_CACHE_NODES

[]string

[]

Node addresses to use for the cache store.

GATEWAY_CACHE_DATABASE

string

users

Database name of the cache.

GATEWAY_STAT_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s stat cache.

GATEWAY_PROVIDER_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s provider cache.

GATEWAY_CREATE_HOME_CACHE_TTL

int

300

Max TTL in seconds for the gateway’s create home cache.

OCIS_URL
GATEWAY_FRONTEND_PUBLIC_URL

string

https://localhost:9200

The public facing URL of the oCIS frontend.

GATEWAY_USERS_ENDPOINT

string

localhost:9144

The USERS API endpoint.

GATEWAY_GROUPS_ENDPOINT

string

localhost:9160

The GROUPS API endpoint.

GATEWAY_PERMISSIONS_ENDPOINT

string

localhost:9191

The SETTINGS API endpoint.

GATEWAY_SHARING_ENDPOINT

string

localhost:9150

The SHARE API endpoint.

GATEWAY_AUTH_BASIC_ENDPOINT

string

localhost:9146

The AUTH BASIC API endpoint.

GATEWAY_AUTH_BEARER_ENDPOINT

string

The AUTH BEARER API endpoint.

GATEWAY_AUTH_MACHINE_ENDPOINT

string

localhost:9166

The AUTH MACHINE API endpoint.

GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT

string

localhost:9178

The STORAGE PUBLICLINK API endpoint.

GATEWAY_STORAGE_USERS_ENDPOINT

string

localhost:9157

The STORAGE USERS API endpoint.

GATEWAY_STORAGE_SHARES_ENDPOINT

string

localhost:9154

The STORAGE SHARES API endpoint.

GATEWAY_APP_REGISTRY_ENDPOINT

string

localhost:9242

The APP REGISTRY API endpoint.

GATEWAY_STORAGE_USERS_MOUNT_ID

string

Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

  • latest

  • 2.0.0

# Autogenerated
# Filename: gateway-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9143
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9142
  tls: null
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
  store: memory
  nodes: []
  database: users
  stat_cache_ttl: 300
  provider_cache_ttl: 300
  create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
  driver: spaces
  rules: []
  json: ""
  storage_users_mount_id: ""
# Autogenerated
# Filename: gateway-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9143
  token: ""
  pprof: false
  zpages: false
grpc:
  addr: 127.0.0.1:9142
  tls:
    enabled: false
    cert: ""
    key: ""
  protocol: tcp
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
  store: memory
  nodes: []
  database: users
  stat_cache_ttl: 300
  provider_cache_ttl: 300
  create_home_cache_ttl: 300
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
  driver: spaces
  rules: []
  json: ""
  storage_users_mount_id: ""