diff --git a/config/config.env b/config/config.env new file mode 100644 index 00000000..353f9ee6 --- /dev/null +++ b/config/config.env @@ -0,0 +1,93 @@ +# Wallet +# Path to wallet +S3_GW_WALLET=/path/to/wallet.json +# Account address. If omitted default one will be used. +S3_GW_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP +# Passphrase to decrypt wallet. +S3_GW_WALLET_PASSPHRASE=s3 + +# Nodes +# This configuration makes the gateway use the first node (grpc://s01.neofs.devenv:8080) +# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.neofs.devenv:8080) +# for 10% of requests and the third node (grpc://s03.neofs.devenv:8080) for 90% of requests. +# Until nodes with the same priority level are healthy +# nodes with other priority are not used. +# The lower the value, the higher the priority. +S3_GW_PEERS_0_ADDRESS=grpc://s01.neofs.devenv:8080 +S3_GW_PEERS_0_PRIORITY=1 +S3_GW_PEERS_0_WEIGHT=1 +S3_GW_PEERS_1_ADDRESS=grpc://s02.neofs.devenv:8080 +S3_GW_PEERS_1_PRIORITY=2 +S3_GW_PEERS_1_WEIGHT=0.1 +S3_GW_PEERS_2_ADDRESS=grpc://s03.neofs.devenv:8080 +S3_GW_PEERS_2_PRIORITY=2 +S3_GW_PEERS_2_WEIGHT=0.9 + +# Address to listen and TLS +S3_GW_LISTEN_ADDRESS=0.0.0.0:8080 +S3_GW_TLS_CERT_FILE=/path/to/tls/cert +S3_GW_TLS_KEY_FILE=/path/to/tls/key + +# Config file +S3_GW_CONFIG=/path/to/config/yaml + +# Logger +S3_GW_LOGGER_LEVEL=debug + +# RPC endpoint and order of resolving of bucket names +S3_GW_RPC-ENDPOINT=http://morph-chain.neofs.devenv:30333/ +S3_GW_RESOLVE-ORDER="nns dns" + +# Metrics +S3_GW_METRICS=false +S3_GW_PPROF=false + +# Timeout to connect to a node +S3_GW_CONNECT_TIMEOUT=30s +# Timeout to check node health during rebalance. +S3_GW_REQUEST_TIMEOUT=15s +# Interval to check node health +S3_GW_REBALANCE_TIMER=15s + +# Limits for processing of clients' requests +S3_GW_MAX_CLIENTS_COUNT=100 +# Deadline after which the gate sends error `RequestTimeout` to a client +S3_GW_MAX_CLIENTS_DEADLINE=30s + +# Caching +# Cache for objects +S3_GW_CACHE_OBJECTS_LIFETIME=5m +S3_GW_CACHE_OBJECTS_SIZE=1000000 +# Cache which keeps lists of objects in buckets +S3_GW_CACHE_LIST_LIFETIME=1m +S3_GW_CACHE_LIST_SIZE=100000 +# Cache which contains mapping of bucket name to bucket info +S3_GW_CACHE_BUCKETS_LIFETIME=1m +S3_GW_CACHE_BUCKETS_SIZE=1000 +# Cache which contains mapping of nice name to object addresses +S3_GW_CACHE_NAMES_LIFETIME=1m +S3_GW_CACHE_NAMES_SIZE=10000 + # Cache for system objects in a bucket: bucket settings, notification configuration etc +S3_GW_CACHE_SYSTEM_LIFETIME=5m +S3_GW_CACHE_SYSTEM_SIZE=100000 +# Cache which stores access box with tokens by its address +S3_GW_CACHE_ACCESSBOX_LIFETIME=10m +S3_GW_CACHE_ACCESSBOX_SIZE=100 + +# NATS +S3_GW_NATS_ENABLED=true +S3_GW_NATS_ENDPOINT=nats://nats.neofs.devenv:4222 +S3_GW_NATS_TIMEOUT=30s +S3_GW_NATS_CERT_FILE=/path/to/cert +S3_GW_NATS_KEY_FILE=/path/to/key +S3_GW_NATS_ROOT_CA=/path/to/ca + +# Default policy of placing containers in NeoFS +# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in NeoFS, the S3 Gateway +# will put the container with default policy. It can be specified via environment variable, e.g.: +S3_GW_DEFAULT_POLICY="REP 3" + +# CORS +# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. +S3_GW_CORS_DEFAULT_MAX_AGE=600 + diff --git a/config/config.yaml b/config/config.yaml new file mode 100644 index 00000000..aae8df7b --- /dev/null +++ b/config/config.yaml @@ -0,0 +1,102 @@ +# Wallet address, path to the wallet must be set as cli parameter or environment variable +wallet: + passphrase: "" # Passphrase to decrypt wallet. + +# Account address. If omitted default one will be used. +address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP + +# Nodes configuration +# This configuration makes the gateway use the first node (grpc://s01.neofs.devenv:8080) +# while it's healthy. Otherwise, gateway uses the second node (grpc://s01.neofs.devenv:8080) +# for 10% of requests and the third node (grpc://s03.neofs.devenv:8080) for 90% of requests. +# Until nodes with the same priority level are healthy +# nodes with other priority are not used. +# The lower the value, the higher the priority. +peers: + 0: + address: node1.neofs:8080 + priority: 1 + weight: 1 + 1: + address: node2.neofs:8080 + priority: 2 + weight: 0.1 + 2: + address: node3.neofs:8080 + priority: 2 + weight: 0.9 + +# Address to listen and TLS +listen_address: 0.0.0.0:8084 +tls: + cert_file: /path/to/cert + key_file: /path/to/key + +logger: + level: debug + +# RPC endpoint and order of resolving of bucket names +rpc-endpoint: http://node4.neofs:40332 +resolve-order: + - nns + +# Metrics +metrics: false +pprof: false + +# Timeout to connect to a node +connect_timeout: 30s +# Timeout to check node health during rebalance. +request_timeout: 15s +# Interval to check node health +rebalance_timer: 15s + +# Limits for processing of clients' requests +max_clients_count: 100 +# Deadline after which the gate sends error `RequestTimeout` to a client +max_clients_deadline: 30s + +# Caching +cache: + # Cache for objects + objects: + lifetime: 300s + size: 150 + # Cache which keeps lists of objects in buckets + list: + lifetime: 1m + size: 100 + # Cache which contains mapping of nice name to object addresses + names: + lifetime: 1m + size: 1000 + # Cache which contains mapping of bucket name to bucket info + buckets: + lifetime: 1m + size: 500 + # Cache for system objects in a bucket: bucket settings, notification configuration etc + system: + lifetime: 2m + size: 1000 + # Cache which stores access box with tokens by its address + accessbox: + lifetime: 5m + size: 10 + +nats: + enabled: true + endpoint: nats://127.0.0.1:4222 + timeout: 30s + cert_file: /path/to/cert + key_file: /path/to/key + root_ca: /path/to/ca + +# Default policy of placing containers in NeoFS +# If a user sends a request `CreateBucket` and doesn't define policy for placing of a container in NeoFS, the S3 Gateway +# will put the container with default policy. It can be specified via environment variable, e.g.: +default_policy: REP 3 + +# CORS +# value of Access-Control-Max-Age header if this value is not set in a rule. Has an int type. +cors: + default_max_age: 600