# Wallet address, path to the wallet must be set as cli parameter or environment variable wallet: path: /path/to/wallet.json # Path to wallet passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here. address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used. # Nodes configuration # This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080) # while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080) # for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests. # Until nodes with the same priority level are healthy # nodes with other priority are not used. # The lower the value, the higher the priority. peers: 0: address: node1.frostfs:8080 priority: 1 weight: 1 1: address: node2.frostfs:8080 priority: 2 weight: 0.1 2: address: node3.frostfs:8080 priority: 2 weight: 0.9 server: - address: 0.0.0.0:8080 tls: enabled: false cert_file: /path/to/cert key_file: /path/to/key - address: 0.0.0.0:8081 tls: enabled: true cert_file: /path/to/cert key_file: /path/to/key control: # List of hex-encoded public keys that have rights to use the Control Service authorized_keys: - 035839e45d472a3b7769a2a1bd7d54c4ccd4943c3b40f547870e83a8fcbfb3ce11 - 028f42cfcb74499d7b15b35d9bff260a1c8d27de4f446a627406a382d8961486d6 grpc: # Endpoint that is listened by the Control Service endpoint: localhost:8083 # Domains to be able to use virtual-hosted-style access to bucket. listen_domains: - s3dev.frostfs.devenv logger: level: debug destination: stdout # RPC endpoint and order of resolving of bucket names rpc_endpoint: http://morph-chain.frostfs.devenv:30333 resolve_order: - nns # Metrics pprof: enabled: false address: localhost:8085 prometheus: enabled: false address: localhost:8086 tracing: enabled: false exporter: "otlp_grpc" endpoint: "localhost:4318" # Timeout to connect to a node connect_timeout: 10s # Timeout for individual operations in streaming RPC. stream_timeout: 10s # Timeout to check node health during rebalance healthcheck_timeout: 15s # Interval to check node health rebalance_interval: 60s # The number of errors on connection after which node is considered as unhealthy pool_error_threshold: 100 # Limits for processing of clients' requests max_clients_count: 100 # Deadline after which the gate sends error `RequestTimeout` to a client max_clients_deadline: 30s # Caching cache: # Cache for objects objects: lifetime: 300s size: 150 # Cache which keeps lists of objects in buckets list: lifetime: 1m size: 100 # Cache which keeps listing sessions list_session: lifetime: 1m size: 100 # Cache which contains mapping of nice name to object addresses names: lifetime: 1m size: 1000 # Cache which contains mapping of bucket name to bucket info buckets: lifetime: 1m size: 500 # Cache for system objects in a bucket: bucket settings, notification configuration etc system: lifetime: 2m size: 1000 # Cache which stores access box with tokens by its address accessbox: removing_check_interval: 5m lifetime: 10m size: 100 # Cache which stores owner to cache operation mapping accesscontrol: lifetime: 1m size: 100000 # Cache which stores list of policy chains morph_policy: lifetime: 1m size: 10000 # Cache which stores frostfsid subject info frostfsid: lifetime: 1m size: 10000 nats: enabled: true endpoint: nats://localhost:4222 timeout: 30s cert_file: /path/to/cert key_file: /path/to/key root_ca: /path/to/ca # Parameters of FrostFS container placement policy placement_policy: # Default policy of placing containers in FrostFS # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway # will put the container with default policy. default: REP 3 # Region to placement policy mapping json file. # Path to container policy mapping. The same as '--container-policy' flag for authmate region_mapping: /path/to/container/policy.json # Array of locations constraints and their vectors of copies numbers copies_numbers: - location_constraint: sample-01 vector: - 1 - 2 - location_constraint: sample-02 vector: - 1 - 2 - 3 # CORS # value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. cors: default_max_age: 600 # Parameters of requests to FrostFS frostfs: # Numbers of the object copies (for each replica) to consider PUT to FrostFS successful. # `[0]` or empty list means that object will be processed according to the container's placement policy set_copies_number: [ 0 ] # This flag enables client side object preparing. client_cut: false # Sets max buffer size for read payload in put operations. buffer_max_size_for_put: 1048576 # List of allowed AccessKeyID prefixes # If the parameter is omitted, S3 GW will accept all AccessKeyIDs allowed_access_key_id_prefixes: - Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX - 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn resolve_bucket: namespace_header: X-Frostfs-Namespace allow: - container deny: kludge: # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse xml bodies. use_default_xmlns: false # Use this flag to be able to use chunked upload approach without having `aws-chunked` value in `Content-Encoding` header. bypass_content_encoding_check_in_chunks: false # Namespaces that should be handled as default default_namespaces: [ "", "root" ] # Enable bucket/object ACL support for newly created buckets. acl_enabled: false runtime: soft_memory_limit: 1gb features: policy: # Enable denying access for request that doesn't match any policy chain rules. deny_by_default: false md5: enabled: false web: # ReadTimeout is the maximum duration for reading the entire # request, including the body. A zero or negative value means # there will be no timeout. read_timeout: 0 # ReadHeaderTimeout is the amount of time allowed to read # request headers. The connection's read deadline is reset # after reading the headers and the Handler can decide what # is considered too slow for the body. If ReadHeaderTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. read_header_timeout: 30s # WriteTimeout is the maximum duration before timing out # writes of the response. It is reset whenever a new # request's header is read. Like ReadTimeout, it does not # let Handlers make decisions on a per-request basis. # A zero or negative value means there will be no timeout. write_timeout: 0 # IdleTimeout is the maximum amount of time to wait for the # next request when keep-alives are enabled. If IdleTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. idle_timeout: 30s # FrostfsID contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. frostfsid: # FrostfsID contract hash (LE) or name in NNS. contract: frostfsid.frostfs validation: # Enables a check to only allow requests to users registered in the FrostfsID contract. enabled: true # Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. policy: # Policy contract hash (LE) or name in NNS. contract: policy.frostfs # Proxy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. proxy: # Proxy contract hash (LE) or name in NNS. contract: proxy.frostfs namespaces: config: namespaces.json # Retry strategy configuration. retry: # Max amount of request attempts. Currently only for updating bucket settings request. max_attempts: 4 # Max delay before next attempt. max_backoff: 30s # Backoff strategy. `exponential` and `constant` are allowed. strategy: exponential