diff --git a/CHANGELOG.md b/CHANGELOG.md index e401f971..87ed34b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,9 @@ This document outlines major changes between releases. - Timeout for individual operations in streaming RPC (#740) - Reload policies on SIGHUP (#747) +### Added +- Multiple server listeners (#742) + ### Changed - Placement policy configuration (#568) @@ -27,9 +30,15 @@ placement_policy: Make sure you update the config accordingly: If you configure application using environment variables change: * `S3_GW_DEFAULT_POLICY` -> `S3_GW_PLACEMENT_POLICY_DEFAULT_POLICY` +* `S3_GW_LISTEN_ADDRESS` -> `S3_GW_SERVER_0_ADDRESS` +* `S3_GW_TLS_CERT_FILE` -> `S3_GW_SERVER_0_TLS_CERT_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`) +* `S3_GW_TLS_KEY_FILE` -> `S3_GW_SERVER_0_TLS_KEY_FILE` (and set `S3_GW_SERVER_0_TLS_ENABLED=true`) If you configure application using `.yaml` file change: * `defaul_policy` -> `placement_policy.default` +* `listen_address` -> `server.0.address` +* `tls.cert_file` -> `server.0.tls.cert_file` (and set `server.0.tls.enabled: true`) +* `tls.key_file` -> `server.0.tls.key_file` (and set `server.0.tls.enabled: true`) ## [0.25.0] - 2022-10-31 diff --git a/cmd/s3-gw/app_settings.go b/cmd/s3-gw/app_settings.go index f4dec255..00f07dfb 100644 --- a/cmd/s3-gw/app_settings.go +++ b/cmd/s3-gw/app_settings.go @@ -223,7 +223,7 @@ func newSettings() *viper.Viper { flags.Int(cfgMaxClientsCount, defaultMaxClientsCount, "set max-clients count") flags.Duration(cfgMaxClientsDeadline, defaultMaxClientsDeadline, "set max-clients deadline") - flags.String(cmdListenAddress, "0.0.0.0:8080", "set address to listen") + flags.String(cmdListenAddress, "0.0.0.0:8080", "set the main address to listen") flags.String(cfgTLSCertFile, "", "TLS certificate file to use") flags.String(cfgTLSKeyFile, "", "TLS key file to use") diff --git a/docs/configuration.md b/docs/configuration.md index 65ab6432..fb2418da 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -62,6 +62,8 @@ $ neofs-s3-gw --listen_address 192.168.130.130:443 \ --tls.key_file=key.pem --tls.cert_file=cert.pem ``` +Using these flag you can configure only one address. To set multiple addresses use yaml config. + ### RPC endpoint and resolving of bucket names To set RPC endpoint specify a value of parameter `-r` or `--rpc_endpoint`. The parameter is **required if** another @@ -95,7 +97,7 @@ $ neofs-s3-gw --healthcheck_timeout 15s --connect_timeout 1m --rebalance_interva ### Monitoring and metrics Pprof and Prometheus are integrated into the gateway. To enable them, use `--pprof` and `--metrics` flags or -`S3_GW_PPROF`/`S3_GW_METRICS` environment variables. +`S3_GW_PPROF_ENABLED`/`S3_GW_PROMETHEUS_ENABLED` environment variables. ## YAML file and environment variables @@ -155,7 +157,7 @@ There are some custom types used for brevity: | `wallet` | [Wallet configuration](#wallet-section) | | `peers` | [Nodes configuration](#peers-section) | | `placement_policy` | [Placement policy configuration](#placement_policy-section) | -| `tls` | [TLS configuration](#tls-section) | +| `server` | [Server configuration](#server-section) | | `logger` | [Logger configuration](#logger-section) | | `tree` | [Tree configuration](#tree-section) | | `cache` | [Cache configuration](#cache-section) | @@ -168,8 +170,6 @@ There are some custom types used for brevity: ### General section ```yaml -listen_address: 0.0.0.0:8084 - listen_domains: - s3dev.neofs.devenv - s3dev2.neofs.devenv @@ -195,7 +195,6 @@ allowed_access_key_id_prefixes: | Parameter | Type | SIGHUP reload | Default value | Description | |----------------------------------|------------|---------------|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `listen_address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. | | `listen_domains` | `[]string` | | | Domains to be able to use virtual-hosted-style access to bucket. | | `rpc_endpoint` | `string` | yes | | The address of the RPC host to which the gateway connects to resolve bucket names (required to use the `nns` resolver). | | `resolve_order` | `[]string` | yes | `[dns]` | Order of bucket name resolvers to use. Available resolvers: `dns`, `nns`. | | @@ -281,18 +280,30 @@ File for `region_mapping` must contain something like this: **Note:** on SIGHUP reload policies will be updated only if both parameters are valid. So if you change `default` to some valid value and set invalid path in `region_mapping` the `default` value won't be changed. -### `tls` section +### `server` section + +You can specify several listeners for server. For example, for `http` and `https`. ```yaml -tls: - cert_file: /path/to/cert - key_file: /path/to/key +server: + - address: 0.0.0.0:8080 + tls: + enabled: false + cert_file: /path/to/cert + key_file: /path/to/key + - address: 0.0.0.0:8081 + tls: + enabled: true + cert_file: /path/to/another/cert + key_file: /path/to/another/key ``` -| Parameter | Type | SIGHUP reload | Default value | Description | -|-------------|----------|---------------|---------------|------------------------------| -| `cert_file` | `string` | yes | | Path to the TLS certificate. | -| `key_file` | `string` | yes | | Path to the key. | +| Parameter | Type | SIGHUP reload | Default value | Description | +|-----------------|----------|---------------|----------------|-----------------------------------------------| +| `address` | `string` | | `0.0.0.0:8080` | The address that the gateway is listening on. | +| `tls.enabled` | `bool` | | false | Enable TLS or not. | +| `tls.cert_file` | `string` | yes | | Path to the TLS certificate. | +| `tls.key_file` | `string` | yes | | Path to the key. | ### `logger` section