# Wallet address, path to the wallet must be set as cli parameter or environment variable wallet: path: /path/to/wallet.json # Path to wallet passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here. address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used. # Nodes configuration # This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080) # while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080) # for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests. # Until nodes with the same priority level are healthy # nodes with other priority are not used. # The lower the value, the higher the priority. peers: 0: address: node1.frostfs:8080 priority: 1 weight: 1 1: address: node2.frostfs:8080 priority: 2 weight: 0.1 2: address: node3.frostfs:8080 priority: 2 weight: 0.9 reconnect_interval: 1m server: - address: 0.0.0.0:8080 tls: enabled: false cert_file: /path/to/cert key_file: /path/to/key - address: 0.0.0.0:8081 tls: enabled: true cert_file: /path/to/cert key_file: /path/to/key # Domains to be able to use virtual-hosted-style access to bucket. listen_domains: - s3dev.frostfs.devenv - s3dev..frostfs.devenv vhs: enabled: false vhs_header: X-Frostfs-S3-VHS servername_header: X-Frostfs-Servername namespaces: "ns1": false "ns2": true logger: level: debug destination: stdout sampling: enabled: false initial: 100 thereafter: 100 interval: 1s # log http request data (URI, headers, query, etc) http_logging: enabled: false # max body size to log max_body: 1024 # max log size in Mb max_log_size: 20 # use log compression gzip: true # possible output values: filesystem path, url, "stdout", "stderr" destination: stdout # RPC endpoint and order of resolving of bucket names rpc_endpoint: http://morph-chain.frostfs.devenv:30333 resolve_order: - nns # Metrics pprof: enabled: false address: localhost:8085 prometheus: enabled: false address: localhost:8086 tracing: enabled: false exporter: "otlp_grpc" endpoint: "localhost:4318" trusted_ca: "" # Timeout to connect to a node connect_timeout: 10s # Timeout for individual operations in streaming RPC. stream_timeout: 10s # Timeout to check node health during rebalance healthcheck_timeout: 15s # Interval to check node health rebalance_interval: 60s # The number of errors on connection after which node is considered as unhealthy pool_error_threshold: 100 # Limits for processing of clients' requests max_clients_count: 100 # Deadline after which the gate sends error `RequestTimeout` to a client max_clients_deadline: 30s # Caching cache: # Cache for objects objects: lifetime: 300s size: 150 # Cache which keeps lists of objects in buckets list: lifetime: 1m size: 100 # Cache which keeps listing sessions list_session: lifetime: 1m size: 100 # Cache which contains mapping of nice name to object addresses names: lifetime: 1m size: 1000 # Cache which contains mapping of bucket name to bucket info buckets: lifetime: 1m size: 500 # Cache for system objects in a bucket: bucket settings etc system: lifetime: 2m size: 1000 # Cache which stores access box with tokens by its address accessbox: removing_check_interval: 5m lifetime: 10m size: 100 # Cache which stores owner to cache operation mapping accesscontrol: lifetime: 1m size: 100000 # Cache which stores list of policy chains morph_policy: lifetime: 1m size: 10000 # Cache which stores frostfsid subject info frostfsid: lifetime: 1m size: 10000 # Cache which stores network info network_info: lifetime: 1m # Parameters of FrostFS container placement policy placement_policy: # Default policy of placing containers in FrostFS # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway # will put the container with default policy. default: REP 3 # Region to placement policy mapping json file. # Path to container policy mapping. The same as '--container-policy' flag for authmate region_mapping: /path/to/container/policy.json # Array of locations constraints and their vectors of copies numbers copies_numbers: - location_constraint: sample-01 vector: - 1 - 2 - location_constraint: sample-02 vector: - 1 - 2 - 3 # CORS # value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. cors: default_max_age: 600 # Parameters of requests to FrostFS frostfs: # Numbers of the object copies (for each replica) to consider PUT to FrostFS successful. # `[0]` or empty list means that object will be processed according to the container's placement policy set_copies_number: [ 0 ] # This flag enables client side object preparing. client_cut: false # Sets max buffer size for read payload in put operations. buffer_max_size_for_put: 1048576 # Specifies the timeout after which unhealthy client be closed during rebalancing if it will become healthy back. graceful_close_on_switch_timeout: 10s # List of allowed AccessKeyID prefixes # If the parameter is omitted, S3 GW will accept all AccessKeyIDs allowed_access_key_id_prefixes: - Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX - 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn resolve_bucket: namespace_header: X-Frostfs-Namespace allow: - container deny: kludge: # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse xml bodies. use_default_xmlns: false # Use this flag to be able to use chunked upload approach without having `aws-chunked` value in `Content-Encoding` header. bypass_content_encoding_check_in_chunks: false # Namespaces that should be handled as default default_namespaces: [ "", "root" ] runtime: soft_memory_limit: 1gb features: policy: # Enable denying access for request that doesn't match any policy chain rules. deny_by_default: false md5: enabled: false web: # ReadTimeout is the maximum duration for reading the entire # request, including the body. A zero or negative value means # there will be no timeout. read_timeout: 0 # ReadHeaderTimeout is the amount of time allowed to read # request headers. The connection's read deadline is reset # after reading the headers and the Handler can decide what # is considered too slow for the body. If ReadHeaderTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. read_header_timeout: 30s # WriteTimeout is the maximum duration before timing out # writes of the response. It is reset whenever a new # request's header is read. Like ReadTimeout, it does not # let Handlers make decisions on a per-request basis. # A zero or negative value means there will be no timeout. write_timeout: 0 # IdleTimeout is the maximum amount of time to wait for the # next request when keep-alives are enabled. If IdleTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. idle_timeout: 30s # FrostfsID contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. frostfsid: # FrostfsID contract hash (LE) or name in NNS. contract: frostfsid.frostfs validation: # Enables a check to only allow requests to users registered in the FrostfsID contract. enabled: true # Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. policy: # Policy contract hash (LE) or name in NNS. contract: policy.frostfs # Proxy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. proxy: # Proxy contract hash (LE) or name in NNS. contract: proxy.frostfs namespaces: config: namespaces.json # Custom header to retrieve Source IP source_ip_header: "Source-Ip" # Retry strategy configuration. retry: # Max amount of request attempts. Currently only for updating bucket settings request. max_attempts: 4 # Max delay before next attempt. max_backoff: 30s # Backoff strategy. `exponential` and `constant` are allowed. strategy: exponential # Containers properties containers: cors: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj lifecycle: AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj # Multinet properties multinet: # Enable multinet support enabled: false # Strategy to pick source IP address balancer: roundrobin # Restrict requests with unknown destination subnet restrict: false # Delay between ipv6 to ipv4 fallback switch fallback_delay: 300ms # List of subnets and IP addresses to use as source for those subnets subnets: - mask: 1.2.3.4/24 source_ips: - 1.2.3.4 - 1.2.3.5