Gateway Service Configuration
Caching
The gateway service can use a configured store via GATEWAY_STAT_CACHE_STORE. Possible stores are:
| Store Type | Description |
|---|---|
|
Basic in-memory store and the default. |
|
Advanced in-memory store allowing max size. |
|
Stores data in a configured Redis cluster. |
|
Stores data in a configured Redis Sentinel cluster. |
|
Stores data in a configured etcd cluster. |
|
Stores data using the key-value-store feature of NATS JetStream. |
|
Stores nothing. Useful for testing. Not recommended in production environments. |
-
Note that in-memory stores are by nature not reboot-persistent.
-
Though usually not necessary, a database name and a database table can be configured for event stores if the event store supports this. Generally not applicable for stores of type
in-memory. These settings are blank by default which means that the standard settings of the configured store apply. -
The gateway service can be scaled if not using
in-memorystores and the stores are configured identically over all instances. -
When using
redis-sentinel, the Redis master to use is configured viaGATEWAY_STAT_CACHE_STORE_NODESin the form of<sentinel-host>:<sentinel-port>/<redis-master>like10.10.0.200:26379/mymaster.
Configuration
Environment Variables
The gateway service is configured via the following environment variables:
| Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
|---|
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9143 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9142 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage. |
|
string |
Shares |
Name of the share folder in users' home space. |
|
bool |
true |
Disable creation of the home space on login. |
|
string |
|
The storage transfer secret. |
|
int |
86400 |
Expiry for the gateway tokens. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
https://localhost:9200 |
The public facing URL of the oCIS frontend. |
|
string |
|
Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
| Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
|---|
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9143 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9142 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
com.owncloud.api.gateway |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage. |
|
string |
Shares |
Name of the share folder in users' home space. |
|
bool |
true |
Disable creation of the home space on login. |
|
string |
|
The storage transfer secret. |
|
int |
86400 |
Expiry for the gateway tokens. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
https://localhost:9200 |
The public facing URL of the oCIS frontend. |
|
string |
|
Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
| Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
|---|---|---|---|
REVA_GATEWAY changing name for consistency |
3.0 |
4.0.0 |
OCIS_REVA_GATEWAY |
STORAGE_TRANSFER_SECRET changing name for consistency |
3.0 |
4.0.0 |
OCIS_TRANSFER_SECRET |
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9143 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9142 |
The bind address of the GRPC service. |
|
string |
tcp |
The transport protocol of the GRPC service. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
string |
127.0.0.1:9142 |
The CS3 gateway endpoint. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
bool |
false |
Disables the loading of user’s group memberships from the reva access token. |
|
bool |
true |
Commit shares to storage grants. This grants access to shared resources for the share receiver directly on the storage. |
|
string |
Shares |
Name of the share folder in users' home space. |
|
bool |
true |
Disable creation of the home space on login. |
|
string |
|
The storage transfer secret. |
|
int |
86400 |
Expiry for the gateway tokens. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
noop |
The type of the cache store. Supported values are: 'memory', 'ocmem', 'etcd', 'redis', 'redis-sentinel', 'nats-js', 'noop'. See the text description for details. |
|
[]string |
[] |
A comma separated list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. |
|
string |
ocis |
The database name the configured store should use. |
|
Duration |
5m0s |
Default time to live for user info in the cache. Only applied when access tokens has no expiration. The duration can be set as number followed by a unit identifier like s, m or h. Defaults to '300s' (300 seconds). |
|
int |
0 |
The maximum quantity of items in the cache. Only applies when store type 'ocmem' is configured. Defaults to 512. |
|
string |
https://localhost:9200 |
The public facing URL of the oCIS frontend. |
|
string |
localhost:9144 |
The USERS API endpoint. |
|
string |
localhost:9160 |
The GROUPS API endpoint. |
|
string |
localhost:9191 |
The SETTINGS API endpoint. |
|
string |
localhost:9150 |
The SHARE API endpoint. |
|
string |
localhost:9146 |
The AUTH BASIC API endpoint. |
|
string |
|
The AUTH BEARER API endpoint. |
|
string |
localhost:9166 |
The AUTH MACHINE API endpoint. |
|
string |
localhost:9178 |
The STORAGE PUBLICLINK API endpoint. |
|
string |
localhost:9157 |
The STORAGE USERS API endpoint. |
|
string |
localhost:9154 |
The STORAGE SHARES API endpoint. |
|
string |
localhost:9242 |
The APP REGISTRY API endpoint. |
|
string |
|
Mount ID of this storage. Admins can set the ID for the storage in this config option manually which is then used to reference the storage. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
YAML Example
Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.
# Autogenerated
# Filename: gateway-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9143
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9142
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: com.owncloud.api.gateway
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
stat_cache_store: noop
stat_cache_nodes: []
stat_cache_database: ocis
stat_cache_ttl: 5m0s
stat_cache_size: 0
provider_cache_store: noop
provider_cache_nodes: []
provider_cache_database: ocis
provider_cache_ttl: 5m0s
provider_cache_size: 0
create_home_cache_store: noop
create_home_cache_nodes: []
create_home_cache_database: ocis
create_home_cache_ttl: 5m0s
create_home_cache_size: 0
frontend_public_url: https://localhost:9200
storage_registry:
driver: spaces
rules: []
json: ""
storage_users_mount_id: ""# Autogenerated
# Filename: gateway-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9143
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9142
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: com.owncloud.api.gateway
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
stat_cache_store: noop
stat_cache_nodes: []
stat_cache_database: ocis
stat_cache_ttl: 5m0s
stat_cache_size: 0
provider_cache_store: noop
provider_cache_nodes: []
provider_cache_database: ocis
provider_cache_ttl: 5m0s
provider_cache_size: 0
create_home_cache_store: noop
create_home_cache_nodes: []
create_home_cache_database: ocis
create_home_cache_ttl: 5m0s
create_home_cache_size: 0
frontend_public_url: https://localhost:9200
storage_registry:
driver: spaces
rules: []
json: ""
storage_users_mount_id: ""# Autogenerated
# Filename: gateway-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9143
token: ""
pprof: false
zpages: false
grpc:
addr: 127.0.0.1:9142
tls: null
protocol: tcp
token_manager:
jwt_secret: ""
reva:
address: 127.0.0.1:9142
tls:
mode: ""
cacert: ""
skip_user_groups_in_token: false
commit_share_to_storage_grant: true
share_folder_name: Shares
disable_home_creation_on_login: true
transfer_secret: ""
transfer_expires: 86400
cache:
stat_cache_store: noop
stat_cache_nodes: []
stat_cache_database: ocis
stat_cache_ttl: 5m0s
stat_cache_size: 0
provider_cache_store: noop
provider_cache_nodes: []
provider_cache_database: ocis
provider_cache_ttl: 5m0s
provider_cache_size: 0
create_home_cache_store: noop
create_home_cache_nodes: []
create_home_cache_database: ocis
create_home_cache_ttl: 5m0s
create_home_cache_size: 0
frontend_public_url: https://localhost:9200
users_endpoint: localhost:9144
groups_endpoint: localhost:9160
permissions_endpoint: localhost:9191
sharing_endpoint: localhost:9150
auth_basic_endpoint: localhost:9146
auth_bearer_endpoint: ""
auth_machine_endpoint: localhost:9166
storage_public_link_endpoint: localhost:9178
storage_users_endpoint: localhost:9157
storage_shares_endpoint: localhost:9154
app_registry_endpoint: localhost:9242
storage_registry:
driver: spaces
rules: []
json: ""
storage_users_mount_id: ""