# Wallet # Path to wallet S3_GW_WALLET_PATH=/path/to/wallet.json # Account address. If omitted default one will be used. S3_GW_WALLET_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Passphrase to decrypt wallet. S3_GW_WALLET_PASSPHRASE=s3 # Nodes # This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080) # while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080) # for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests. # Until nodes with the same priority level are healthy # nodes with other priority are not used. # The lower the value, the higher the priority. S3_GW_PEERS_0_ADDRESS=grpc://s01.frostfs.devenv:8080 S3_GW_PEERS_0_PRIORITY=1 S3_GW_PEERS_0_WEIGHT=1 S3_GW_PEERS_1_ADDRESS=grpc://s02.frostfs.devenv:8080 S3_GW_PEERS_1_PRIORITY=2 S3_GW_PEERS_1_WEIGHT=0.1 S3_GW_PEERS_2_ADDRESS=grpc://s03.frostfs.devenv:8080 S3_GW_PEERS_2_PRIORITY=2 S3_GW_PEERS_2_WEIGHT=0.9 # Address to listen and TLS S3_GW_SERVER_0_ADDRESS=0.0.0.0:8080 S3_GW_SERVER_0_TLS_ENABLED=false S3_GW_SERVER_0_TLS_CERT_FILE=/path/to/tls/cert S3_GW_SERVER_0_TLS_KEY_FILE=/path/to/tls/key S3_GW_SERVER_1_ADDRESS=0.0.0.0:8081 S3_GW_SERVER_1_TLS_ENABLED=true S3_GW_SERVER_1_TLS_CERT_FILE=/path/to/tls/cert S3_GW_SERVER_1_TLS_KEY_FILE=/path/to/tls/key # How often to reconnect to the servers S3_GW_RECONNECT_INTERVAL: 1m # Domains to be able to use virtual-hosted-style access to bucket S3_GW_LISTEN_DOMAINS="domain.com .domain.com" # VHS enabled flag S3_GW_VHS_ENABLED=false # Header for determining whether VHS is enabled for the request S3_GW_VHS_VHS_HEADER=X-Frostfs-S3-VHS # Header for determining servername S3_GW_VHS_SERVERNAME_HEADER=X-Frostfs-Servername # Config file S3_GW_CONFIG=/path/to/config/yaml # Logger S3_GW_LOGGER_LEVEL=debug S3_GW_LOGGER_SAMPLING_ENABLED=false S3_GW_LOGGER_SAMPLING_INITIAL=100 S3_GW_LOGGER_SAMPLING_THEREAFTER=100 S3_GW_LOGGER_SAMPLING_INTERVAL=1s # HTTP logger S3_GW_HTTP_LOGGING_ENABLED=false # max body size to log S3_GW_HTTP_LOGGING_MAX_BODY=1024 # max log size in Mb S3_GW_HTTP_LOGGING_MAX_LOG_SIZE=20 # use log compression S3_GW_HTTP_LOGGING_GZIP=true # possible destination output values: filesystem path, url, "stdout", "stderr" S3_GW_HTTP_LOGGING_DESTINATION=stdout # RPC endpoint and order of resolving of bucket names S3_GW_RPC_ENDPOINT=http://morph-chain.frostfs.devenv:30333/ S3_GW_RESOLVE_ORDER="nns dns" # Metrics S3_GW_PPROF_ENABLED=true S3_GW_PPROF_ADDRESS=localhost:8085 S3_GW_PROMETHEUS_ENABLED=true S3_GW_PROMETHEUS_ADDRESS=localhost:8086 # Timeout to connect to a node S3_GW_CONNECT_TIMEOUT=10s # Timeout for individual operations in streaming RPC. S3_GW_STREAM_TIMEOUT=10s # Timeout to check node health during rebalance. S3_GW_HEALTHCHECK_TIMEOUT=15s # Interval to check node health S3_GW_REBALANCE_INTERVAL=60s # The number of errors on connection after which node is considered as unhealthy S3_GW_POOL_ERROR_THRESHOLD=100 # Limits for processing of clients' requests S3_GW_MAX_CLIENTS_COUNT=100 # Deadline after which the gate sends error `RequestTimeout` to a client S3_GW_MAX_CLIENTS_DEADLINE=30s # Caching # Cache for objects S3_GW_CACHE_OBJECTS_LIFETIME=5m S3_GW_CACHE_OBJECTS_SIZE=1000000 # Cache which keeps lists of objects in buckets S3_GW_CACHE_LIST_LIFETIME=1m S3_GW_CACHE_LIST_SIZE=100000 # Cache which keeps listing session S3_GW_CACHE_LIST_SESSION_LIFETIME=1m S3_GW_CACHE_LIST_SESSION_SIZE=100 # Cache which contains mapping of bucket name to bucket info S3_GW_CACHE_BUCKETS_LIFETIME=1m S3_GW_CACHE_BUCKETS_SIZE=1000 # Cache which contains mapping of nice name to object addresses S3_GW_CACHE_NAMES_LIFETIME=1m S3_GW_CACHE_NAMES_SIZE=10000 # Cache for system objects in a bucket: bucket settings etc S3_GW_CACHE_SYSTEM_LIFETIME=5m S3_GW_CACHE_SYSTEM_SIZE=100000 # Cache which stores access box with tokens by its address S3_GW_CACHE_ACCESSBOX_REMOVING_CHECK_INTERVAL=5m S3_GW_CACHE_ACCESSBOX_LIFETIME=10m S3_GW_CACHE_ACCESSBOX_SIZE=100 # Cache which stores owner to cache operation mapping S3_GW_CACHE_ACCESSCONTROL_LIFETIME=1m S3_GW_CACHE_ACCESSCONTROL_SIZE=100000 # Cache which stores list of policy chains S3_GW_CACHE_MORPH_POLICY_LIFETIME=1m S3_GW_CACHE_MORPH_POLICY_SIZE=10000 # Cache which stores frostfsid subject info S3_GW_CACHE_FROSTFSID_LIFETIME=1m S3_GW_CACHE_FROSTFSID_SIZE=10000 # Cache which stores network info S3_GW_CACHE_NETWORK_INFO_LIFETIME=1m # Default policy of placing containers in FrostFS # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway # will put the container with default policy. It can be specified via environment variable, e.g.: S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY="REP 3" # Region to placement policy mapping json file. # Path to container policy mapping. The same as '--container-policy' flag for authmate S3_GW_PLACEMENT_POLICY_REGION_MAPPING=/path/to/container/policy.json # Name of location constraint S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_LOCATION_CONSTRAINT=sample-01 # Array of copies numbers for corresponding location constraint S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_VECTOR=1 2 3 # Second set of location constraint and its copies numbers S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_1_LOCATION_CONSTRAINT=sample-02 S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_1_VECTOR=2 3 4 # CORS # value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. S3_GW_CORS_DEFAULT_MAX_AGE=600 # Parameters of requests to FrostFS # Numbers of the object copies (for each replica, syntax the same as for `S3_GW_PLACEMENT_POLICY_COPIES_NUMBERS_0_VECTOR` above) # to consider PUT to FrostFS successful. # `0` or empty list means that object will be processed according to the container's placement policy S3_GW_FROSTFS_SET_COPIES_NUMBER=0 # This flag enables client side object preparing. S3_GW_FROSTFS_CLIENT_CUT=false # Sets max buffer size for read payload in put operations. S3_GW_FROSTFS_BUFFER_MAX_SIZE_FOR_PUT=1048576 # max attempt to make successful tree request. # default value is 0 that means the number of attempts equals to number of nodes in pool. S3_GW_FROSTFS_TREE_POOL_MAX_ATTEMPTS=0 # Specifies the timeout after which unhealthy client be closed during rebalancing if it will become healthy back. S3_GW_FROSTFS_GRACEFUL_CLOSE_ON_SWITCH_TIMEOUT=10s # Tombstone's lifetime in epochs. S3_GW_FROSTFS_TOMBSTONE_LIFETIME=10 # Maximum number of object IDs in one tombstone. S3_GW_FROSTFS_TOMBSTONE_MEMBERS_SIZE=100 # Maximum worker count in layer's worker pool that create tombstones. S3_GW_FROSTFS_TOMBSTONE_WORKER_POOL_SIZE=100 # List of allowed AccessKeyID prefixes # If not set, S3 GW will accept all AccessKeyIDs S3_GW_ALLOWED_ACCESS_KEY_ID_PREFIXES=Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn # Header to determine zone to resolve bucket name S3_GW_RESOLVE_NAMESPACE_HEADER=X-Frostfs-Namespace # List of container NNS zones which are allowed or restricted to resolve with HEAD request S3_GW_RESOLVE_BUCKET_ALLOW=container # S3_GW_RESOLVE_BUCKET_DENY= # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse xml bodies. S3_GW_KLUDGE_USE_DEFAULT_XMLNS=false # Use this flag to be able to use chunked upload approach without having `aws-chunked` value in `Content-Encoding` header. S3_GW_KLUDGE_BYPASS_CONTENT_ENCODING_CHECK_IN_CHUNKS=false # Namespaces that should be handled as default S3_GW_KLUDGE_DEFAULT_NAMESPACES="" "root" S3_GW_TRACING_ENABLED=false S3_GW_TRACING_ENDPOINT="localhost:4318" S3_GW_TRACING_EXPORTER="otlp_grpc" S3_GW_TRACING_TRUSTED_CA="" S3_GW_TRACING_ATTRIBUTES_0_KEY=key0 S3_GW_TRACING_ATTRIBUTES_0_VALUE=value S3_GW_TRACING_ATTRIBUTES_1_KEY=key1 S3_GW_TRACING_ATTRIBUTES_1_VALUE=value S3_GW_RUNTIME_SOFT_MEMORY_LIMIT=1073741824 S3_GW_FEATURES_MD5_ENABLED=false # Enable denying access for request that doesn't match any policy chain rules. S3_GW_FEATURES_POLICY_DENY_BY_DEFAULT=false # ReadTimeout is the maximum duration for reading the entire # request, including the body. A zero or negative value means # there will be no timeout. S3_GW_WEB_READ_TIMEOUT=0 # ReadHeaderTimeout is the amount of time allowed to read # request headers. The connection's read deadline is reset # after reading the headers and the Handler can decide what # is considered too slow for the body. If ReadHeaderTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. S3_GW_WEB_READ_HEADER_TIMEOUT=30s # WriteTimeout is the maximum duration before timing out # writes of the response. It is reset whenever a new # request's header is read. Like ReadTimeout, it does not # let Handlers make decisions on a per-request basis. # A zero or negative value means there will be no timeout. S3_GW_WEB_WRITE_TIMEOUT=0 # IdleTimeout is the maximum amount of time to wait for the # next request when keep-alives are enabled. If IdleTimeout # is zero, the value of ReadTimeout is used. If both are # zero, there is no timeout. S3_GW_WEB_IDLE_TIMEOUT=30s # FrostfsID contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. # FrostfsID contract hash (LE) or name in NNS. S3_GW_FROSTFSID_CONTRACT=frostfsid.frostfs # Enables a check to only allow requests to users registered in the FrostfsID contract. S3_GW_FROSTFSID_VALIDATION_ENABLED=true # Policy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. # Policy contract hash (LE) or name in NNS. S3_GW_POLICY_CONTRACT=policy.frostfs # Proxy contract configuration. To enable this functionality the `rpc_endpoint` param must be also set. # Proxy contract hash (LE) or name in NNS. S3_GW_PROXY_CONTRACT=proxy.frostfs # Namespaces configuration S3_GW_NAMESPACES_CONFIG=namespaces.json # Custom header to retrieve Source IP S3_GW_SOURCE_IP_HEADER=Source-Ip # Retry strategy configuration. # Max amount of request attempts. Currently only for updating bucket settings request. S3_GW_RETRY_MAX_ATTEMPTS=4 # Max delay before next attempt. S3_GW_RETRY_MAX_BACKOFF=30s # Backoff strategy. `exponential` and `constant` are allowed. S3_GW_RETRY_STRATEGY=exponential # Containers properties S3_GW_CONTAINERS_CORS=AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj S3_GW_CONTAINERS_LIFECYCLE=AZjLTXfK4vs4ovxMic2xEJKSymMNLqdwq9JT64ASFCRj # Multinet properties # Enable multinet support S3_GW_MULTINET_ENABLED=false # Strategy to pick source IP address S3_GW_MULTINET_BALANCER=roundrobin # Restrict requests with unknown destination subnet S3_GW_MULTINET_RESTRICT=false # Delay between ipv6 to ipv4 fallback switch S3_GW_MULTINET_FALLBACK_DELAY=300ms # List of subnets and IP addresses to use as source for those subnets S3_GW_MULTINET_SUBNETS_1_MASK=1.2.3.4/24 S3_GW_MULTINET_SUBNETS_1_SOURCE_IPS=1.2.3.4 1.2.3.5