# Wallet address, path to the wallet must be set as cli parameter or environment variable
wallet:
  path: /path/to/wallet.json # Path to wallet
  passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here.
  address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used.

# Nodes configuration
# This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080)
# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080)
# for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests.
# Until nodes with the same priority level are healthy
# nodes with other priority are not used.
# The lower the value, the higher the priority.
peers:
  0:
    address: node1.frostfs:8080
    priority: 1
    weight: 1
  1:
    address: node2.frostfs:8080
    priority: 2
    weight: 0.1
  2:
    address: node3.frostfs:8080
    priority: 2
    weight: 0.9

server:
  - address: 0.0.0.0:8080
    tls:
      enabled: false
      cert_file: /path/to/cert
      key_file: /path/to/key
  - address: 0.0.0.0:8081
    tls:
      enabled: true
      cert_file: /path/to/cert
      key_file: /path/to/key

# Domains to be able to use virtual-hosted-style access to bucket.
listen_domains:
  - s3dev.frostfs.devenv

logger:
  level: debug

# Endpoint of the tree service. Must be provided. Can be one of the node address (from the `peers` section).
tree:
  service: node1.frostfs:8080

# RPC endpoint and order of resolving of bucket names
rpc_endpoint: http://morph-chain.frostfs.devenv:30333
resolve_order:
  - nns

# Metrics
pprof:
  enabled: false
  address: localhost:8085

prometheus:
  enabled: false
  address: localhost:8086

# Timeout to connect to a node
connect_timeout: 10s
# Timeout for individual operations in streaming RPC.
stream_timeout: 10s
# Timeout to check node health during rebalance
healthcheck_timeout: 15s
# Interval to check node health
rebalance_interval: 60s
# The number of errors on connection after which node is considered as unhealthy
pool_error_threshold: 100


# Limits for processing of clients' requests
max_clients_count: 100
# Deadline after which the gate sends error `RequestTimeout` to a client
max_clients_deadline: 30s

# Caching
cache:
  # Cache for objects
  objects:
    lifetime: 300s
    size: 150
  # Cache which keeps lists of objects in buckets
  list:
    lifetime: 1m
    size: 100
  # Cache which contains mapping of nice name to object addresses
  names:
    lifetime: 1m
    size: 1000
  # Cache which contains mapping of bucket name to bucket info
  buckets:
    lifetime: 1m
    size: 500
  # Cache for system objects in a bucket: bucket settings, notification configuration etc
  system:
    lifetime: 2m
    size: 1000
  # Cache which stores access box with tokens by its address
  accessbox:
    lifetime: 5m
    size: 10
  # Cache which stores owner to cache operation mapping
  accesscontrol:
    lifetime: 1m
    size: 100000

nats:
  enabled: true
  endpoint: nats://localhost:4222
  timeout: 30s
  cert_file: /path/to/cert
  key_file: /path/to/key
  root_ca: /path/to/ca

# Parameters of FrostFS container placement policy
placement_policy:
  # Default policy of placing containers in FrostFS
  # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway
  # will put the container with default policy.
  default: REP 3
  # Region to placement policy mapping json file.
  # Path to container policy mapping. The same as '--container-policy' flag for authmate
  region_mapping: /path/to/container/policy.json

# CORS
# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type.
cors:
  default_max_age: 600

# Parameters of requests to FrostFS
frostfs:
  # Number of the object copies to consider PUT to FrostFS successful.
  # `0` means that object will be processed according to the container's placement policy
  set_copies_number: 0

# List of allowed AccessKeyID prefixes
# If the parameter is omitted, S3 GW will accept all AccessKeyIDs
allowed_access_key_id_prefixes:
  - Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX
  - 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn

resolve_bucket:
  allow:
    - container
  deny: