# Wallet address, path to the wallet must be set as cli parameter or environment variable wallet: path: /path/to/wallet.json # Path to wallet passphrase: "" # Passphrase to decrypt wallet. If you're using a wallet without a password, place '' here. address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP # Account address. If omitted default one will be used. # Nodes configuration # This configuration makes the gateway use the first node (grpc://s01.frostfs.devenv:8080) # while it's healthy. Otherwise, gateway uses the second node (grpc://s01.frostfs.devenv:8080) # for 10% of requests and the third node (grpc://s03.frostfs.devenv:8080) for 90% of requests. # Until nodes with the same priority level are healthy # nodes with other priority are not used. # The lower the value, the higher the priority. peers: 0: address: node1.frostfs:8080 priority: 1 weight: 1 1: address: node2.frostfs:8080 priority: 2 weight: 0.1 2: address: node3.frostfs:8080 priority: 2 weight: 0.9 server: - address: 0.0.0.0:8080 tls: enabled: false cert_file: /path/to/cert key_file: /path/to/key - address: 0.0.0.0:8081 tls: enabled: true cert_file: /path/to/cert key_file: /path/to/key # Domains to be able to use virtual-hosted-style access to bucket. listen_domains: - s3dev.frostfs.devenv logger: level: debug # Endpoints of the tree service. At least one endpoint must be provided. Node addresses (from the `peers` section) can be used. tree: service: - node1.frostfs:8080 - node2.frostfs:8080 # RPC endpoint and order of resolving of bucket names rpc_endpoint: http://morph-chain.frostfs.devenv:30333 resolve_order: - nns # Metrics pprof: enabled: false address: localhost:8085 prometheus: enabled: false address: localhost:8086 # Timeout to connect to a node connect_timeout: 10s # Timeout for individual operations in streaming RPC. stream_timeout: 10s # Timeout to check node health during rebalance healthcheck_timeout: 15s # Interval to check node health rebalance_interval: 60s # The number of errors on connection after which node is considered as unhealthy pool_error_threshold: 100 # Limits for processing of clients' requests max_clients_count: 100 # Deadline after which the gate sends error `RequestTimeout` to a client max_clients_deadline: 30s # Caching cache: # Cache for objects objects: lifetime: 300s size: 150 # Cache which keeps lists of objects in buckets list: lifetime: 1m size: 100 # Cache which contains mapping of nice name to object addresses names: lifetime: 1m size: 1000 # Cache which contains mapping of bucket name to bucket info buckets: lifetime: 1m size: 500 # Cache for system objects in a bucket: bucket settings, notification configuration etc system: lifetime: 2m size: 1000 # Cache which stores access box with tokens by its address accessbox: lifetime: 5m size: 10 # Cache which stores owner to cache operation mapping accesscontrol: lifetime: 1m size: 100000 nats: enabled: true endpoint: nats://localhost:4222 timeout: 30s cert_file: /path/to/cert key_file: /path/to/key root_ca: /path/to/ca # Parameters of FrostFS container placement policy placement_policy: # Default policy of placing containers in FrostFS # If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in FrostFS, the S3 Gateway # will put the container with default policy. default: REP 3 # Region to placement policy mapping json file. # Path to container policy mapping. The same as '--container-policy' flag for authmate region_mapping: /path/to/container/policy.json # Array of locations constraints and their vectors of copies numbers copies_numbers: - location_constraint: sample-01 vector: - 1 - 2 - location_constraint: sample-02 vector: - 1 - 2 - 3 # CORS # value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. cors: default_max_age: 600 # Parameters of requests to FrostFS frostfs: # Numbers of the object copies (for each replica) to consider PUT to FrostFS successful. # `[0]` or empty list means that object will be processed according to the container's placement policy set_copies_number: [0] # List of allowed AccessKeyID prefixes # If the parameter is omitted, S3 GW will accept all AccessKeyIDs allowed_access_key_id_prefixes: - Ck9BHsgKcnwfCTUSFm6pxhoNS4cBqgN2NQ8zVgPjqZDX - 3stjWenX15YwYzczMr88gy3CQr4NYFBQ8P7keGzH5QFn resolve_bucket: allow: - container deny: kludge: # Enable using default xml namespace `http://s3.amazonaws.com/doc/2006-03-01/` when parse`CompleteMultipartUpload` xml body. use_default_xmlns_for_complete_multipart: false # Set timeout between whitespace transmissions during CompleteMultipartUpload processing. complete_multipart_keepalive: 10s