# Wallet # Path to wallet S3_GW_WALLET_PATH=/path/to/wallet.json # Account address. If omitted default one will be used. S3_GW_WALLET_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Passphrase to decrypt wallet. S3_GW_WALLET_PASSPHRASE=s3 # Nodes # This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080) # while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080) # for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests. # Until nodes with the same priority level are healthy # nodes with other priority are not used. # The lower the value, the higher the priority. S3_GW_PEERS_0_ADDRESS=grpc://s01.frostfs.devenv:8080 S3_GW_PEERS_0_PRIORITY=1 S3_GW_PEERS_0_WEIGHT=1 S3_GW_PEERS_1_ADDRESS=grpc://s02.frostfs.devenv:8080 S3_GW_PEERS_1_PRIORITY=2 S3_GW_PEERS_1_WEIGHT=0.1 S3_GW_PEERS_2_ADDRESS=grpc://s03.frostfs.devenv:8080 S3_GW_PEERS_2_PRIORITY=2 S3_GW_PEERS_2_WEIGHT=0.9 # Address to listen and TLS S3_GW_SERVER_0_ADDRESS=0.0.0.0:8080 S3_GW_SERVER_0_TLS_ENABLED=false S3_GW_SERVER_0_TLS_CERT_FILE=/path/to/tls/cert S3_GW_SERVER_0_TLS_KEY_FILE=/path/to/tls/key S3_GW_SERVER_1_ADDRESS=0.0.0.0:8081 S3_GW_SERVER_1_TLS_ENABLED=true S3_GW_SERVER_1_TLS_CERT_FILE=/path/to/tls/cert S3_GW_SERVER_1_TLS_KEY_FILE=/path/to/tls/key # Domains to be able to use virtual-hosted-style access to bucket. S3_GW_LISTEN_DOMAINS=s3dev.frostfs.devenv # Config file S3_GW_CONFIG=/path/to/config/yaml # Logger S3_GW_LOGGER_LEVEL=debug # Endpoints of the tree service. At least one endpoint must be provided. Node addresses (from the `peers` section) can be used. S3_GW_TREE_SERVICE=grpc://s01.frostfs.devenv:8080 grpc://s02.frostfs.devenv:8080 # RPC endpoint and order of resolving of bucket names S3_GW_RPC_ENDPOINT=http://morph-chain.frostfs.devenv:30333/ S3_GW_RESOLVE_ORDER="nns dns" # Metrics S3_GW_PPROF_ENABLED=true S3_GW_PPROF_ADDRESS=localhost:8085 S3_GW_PROMETHEUS_ENABLED=true S3_GW_PROMETHEUS_ADDRESS=localhost:8086 # Timeout to connect to a node S3_GW_CONNECT_TIMEOUT=10s # Timeout for individual operations in streaming RPC. S3_GW_STREAM_TIMEOUT=10s # Timeout to check node health during rebalance. S3_GW_HEALTHCHECK_TIMEOUT=15s # Interval to check node health S3_GW_REBALANCE_INTERVAL=60s # The number of errors on connection after which node is considered as unhealthy S3_GW_POOL_ERROR_THRESHOLD=100 # Limits for processing of clients' requests S3_GW_MAX_CLIENTS_COUNT=100 # Deadline after which the gate sends error `RequestTimeout` to a client S3_GW_MAX_CLIENTS_DEADLINE=30s # Caching # Cache for objects S3_GW_CACHE_OBJECTS_LIFETIME=5m S3_GW_CACHE_OBJECTS_SIZE=1000000 # Cache which keeps lists of objects in buckets S3_GW_CACHE_LIST_LIFETIME=1m S3_GW_CACHE_LIST_SIZE=100000 # Cache which contains mapping of bucket name to bucket info S3_GW_CACHE_BUCKETS_LIFETIME=1m S3_GW_CACHE_BUCKETS_SIZE=1000 # Cache which contains mapping of nice name to object addresses S3_GW_CACHE_NAMES_LIFETIME=1m S3_GW_CACHE_NAMES_SIZE=10000 # Cache for system objects in a bucket: bucket settings, notification configuration etc S3_GW_CACHE_SYSTEM_LIFETIME=5m S3_GW_CACHE_SYSTEM_SIZE=100000 # Cache which stores access box with tokens by its address S3_GW_CACHE_ACCESSBOX_LIFETIME=10m S3_GW_CACHE_ACCESSBOX_SIZE=100 # Cache which stores owner to cache operation mapping S3_GW_CACHE_ACCESSCONTROL_LIFETIME=1m S3_GW_CACHE_ACCESSCONTROL_SIZE=100000 # NATS S3_GW_NATS_ENABLED=true S3_GW_NATS_ENDPOINT=nats://nats.frostfs.devenv:4222 S3_GW_NATS_TIMEOUT=30s S3_GW_NATS_CERT_FILE=/path/to/cert S3_GW_NATS_KEY_FILE=/path/to/key S3_GW_NATS_ROOT_CA=/path/to/ca # Default policy of placing containers in FrostFS # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway # will put the container with default policy. It can be specified via environment variable, e.g.: S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY="REP 3" # Region to placement policy mapping json file. # Path to container policy mapping. The same as '--container-policy' flag for authmate S3_GW_PLACEMENT_POLICY_REGION_MAPPING=/path/to/container/policy.json # CORS # value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. S3_GW_CORS_DEFAULT_MAX_AGE=600 # Parameters of requests to FrostFS # Number of the object copies to consider PUT to FrostFS successful. # If not set, default value 0 will be used -- it means that object will be processed according to the container's placement policy S3_GW_FROSTFS_SET_COPIES_NUMBER=0 # List of allowed AccessKeyID prefixes # If not set, S3 GW will accept all AccessKeyIDs S3_GW_ALLOWED_ACCESS_KEY_ID_PREFIXES=Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn # List of container NNS zones which are allowed or restricted to resolve with HEAD request S3_GW_RESOLVE_BUCKET_ALLOW=container # S3_GW_RESOLVE_BUCKET_DENY= # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse`CompleteMultipartUpload` xml body. S3_GW_KLUDGE_USE_DEFAULT_XMLNS_FOR_COMPLETE_MULTIPART=false # Set timeout between whitespace transmissions during CompleteMultipartUpload processing. S3_GW_KLUDGE_COMPLETE_MULTIPART_KEEPALIVE=10s