The configuration must be set in multiple YAML files located in conf/
folder from the current working directory.
You can create multiple files containing different part of the configuration. A global merge will be done across all data in all files.
Moreover, the configuration files will be watched for modifications.
You can see a full example in the Example section
Key
Type
Required
Default
Description
level
String
No
info
Log level
format
String
No
json
Log format (available values are: json
or text
)
filePath
String
No
""
Log file path
Key
Type
Required
Default
Description
listenAddr
String
No
""
Listen Address
port
Integer
No
8080
Listening Port
cors
ServerCorsConfig
No
None
CORS configuration
cache
ServerCacheConfig
No
None
Cache configuration
Key
Type
Required
Default
Description
enabled
Boolean
No
true
Is the compression enabled ?
level
Integer
No
5
The level of GZip compression
types
[String]
No
["text/html","text/css","text/plain","text/javascript","application/javascript","application/x-javascript","application/json","application/atom+xml","application/rss+xml","image/svg+xml"]
The content type list compressed in output
Key
Type
Required
Default
Description
noCacheEnabled
Boolean
false
false
Force no cache headers on all responses
expires
String
false
""
Expires
header value
cacheControl
String
false
""
Cache-Control
header value
pragma
String
false
""
Pragma
header value
xAccelExpires
String
false
""
X-Accel-Expires
header value
See more information here .
This feature is powered by go-chi/cors . You can read more documentation about all field there.
Key
Type
Required
Default
Description
enabled
Boolean
No
false
Is CORS support enabled ?
allowAll
Boolean
No
false
Allow all CORS requests with all origins, all HTTP methods, etc ?
allowOrigins
[String]
No
Allow origins array. Example: https://fake.com . This support stars in origins.
allowMethods
[String]
No
Allow HTTP Methods
allowHeaders
[String]
No
Allow headers
exposeHeaders
[String]
No
Expose headers
maxAge
Integer
No
Max age. 300 is the maximum value not ignored by any of major browsers.
allowCredentials
Boolean
No
Allow credentials
debug
Boolean
No
Debug mode for go-chi/cors
optionsPassthrough
Boolean
No
OPTIONS method Passthrough
!!! Warning
Override headers will remove the default value containing the Content-Type
header. Why ? Because it was though that it was better to know why it is override and not have magical values coming from nowhere.
Key
Type
Required
Default
Description
helpers
[String]
No
[templates/_helpers.tpl]
Template Golang helpers
targetList
TemplateConfigurationItem
No
targetList: { path: "templates/target-list.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "200" }
Target list template configuration. More information here .
folderList
TemplateConfigurationItem
No
folderList: { path: "templates/folder-list.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "200" }
Folder list template configuration. More information here .
notFoundError
TemplateConfigurationItem
No
notFoundError: { path: "templates/not-found-error.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "404" }
Not found template configuration. More information here .
unauthorizedError
TemplateConfigurationItem
No
unauthorizedError: { path: "templates/unauthorized-error.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "401" }
Unauthorized template configuration. More information here .
forbiddenError
TemplateConfigurationItem
No
forbiddenError: { path: "templates/forbidden-error.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "403" }
Forbidden template configuration. More information here .
badRequestError
TemplateConfigurationItem
No
badRequestError: { path: "templates/bad-request-error.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "400" }
Bad Request template configuration. More information here .
internalServerError
TemplateConfigurationItem
No
internalServerError: { path: "templates/internal-server-error.tpl", headers: { "Content-Type": "{{ template \"main.headers.contentType\" . }}" }, status: "500" }
Internal server error template configuration. More information here .
put
TemplateConfigurationItem
No
put: { path: "templates/put.tpl", headers: {}, status: "204" }
PUT response template configuration. More information here .
delete
TemplateConfigurationItem
No
delete: { path: "templates/put.tpl", headers: {}, status: "204" }
DELETE response template configuration. More information here .
TemplateConfigurationItem
Key
Type
Required
Default
Description
path
String
True
""
File path to template file
headers
Map[String]String
False
None
Headers containing templates. Key corresponds to header and value to the template. If templated value is empty, the header won't be added to answer. More information here .
status
String
False
""
Status code template. It will be parsed to get an integer.
Key
Type
Required
Default
Description
bucket
BucketConfiguration
Yes
None
Bucket configuration
resources
[Resource]
No
None
Resources declaration for path whitelist or specific authentication on path list. WARNING: Think about all path that you want to protect. At the end of the list, you should add a resource filter for /* otherwise, it will be public.
mount
MountConfiguration
Yes
None
Mount point configuration
actions
ActionsConfiguration
No
GET action enabled
Actions allowed on target (GET, PUT or DELETE)
keyRewriteList
[KeyRewrite]
No
None
Key rewrite list is here to allow rewriting keys before sending request to S3 (See more information here )
templates
TargetTemplateConfig
No
None
Custom target templates from files on local filesystem or in bucket
See more information here .
Key
Type
Required
Default
Description
source
String
Required
None
Source regexp matcher with golang group naming support.
target
String
Required
None
Target template for new key send to S3.
Key
Type
Required
Default
Description
inBucket
Boolean
No
false
Is the file in bucket or on local file system ?
path
String
Yes
None
Path for template file
Key
Type
Required
Default
Description
inBucket
Boolean
No
false
Is the file in bucket or on local file system ?
path
String
Yes
None
Path for template file
headers
Map[String]String
False
This will be set to corresponding TemplateConfiguration if empty.
Headers containing templates. Key corresponds to header and value to the template. If templated value is empty, the header won't be added to answer. More information here .
status
String
Yes
None
Status code template. It will be parsed to get an integer.
Key
Type
Required
Default
Description
enabled
Boolean
No
false
Will allow GET requests
config
GetActionConfigConfiguration
No
None
Configuration for GET requests
GetActionConfigConfiguration
Key
Type
Required
Default
Description
redirectWithTrailingSlashForNotFoundFile
Boolean
No
false
This option allow to do a redirect with a trailing slash when a GET request on a file (not a folder) encountered a 404 not found.
indexDocument
String
No
""
The index document name. If this document is found, get it instead of list folder. Example: index.html
streamedFileHeaders
Map[String]String
No
nil
Headers containing templates that will be added to streamed files in this target. Key corresponds to header and value to the template. If templated value is empty, the header won't be added to answer. More information here .
webhooks
[WebhookConfiguration ]
No
nil
Webhooks configuration list to call when a GET request is performed
Key
Type
Required
Default
Description
enabled
Boolean
No
false
Will allow PUT requests
config
PutActionConfigConfiguration
No
None
Configuration for PUT requests
PutActionConfigConfiguration
Key
Type
Required
Default
Description
metadata
Map[String]String
No
None
Metadata key/values that will be put on S3 objects. Map Values can be templated. Empty values will be flushed. See here
storageClass
String
No
""
Storage class that will be used for uploaded objects. See storage class here: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html . Value can be templated. Empty values will be flushed. See here
allowOverride
Boolean
No
false
Will allow override objects if enabled
webhooks
[WebhookConfiguration ]
No
nil
Webhooks configuration list to call when a PUT request is performed
DeleteActionConfiguration
Key
Type
Required
Default
Description
enabled
Boolean
No
false
Will allow DELETE requests
config
DeleteActionConfigConfiguration
No
None
Configuration for DELETE requests
DeleteActionConfigConfiguration
Key
Type
Required
Default
Description
webhooks
[WebhookConfiguration ]
No
nil
Webhooks configuration list to call when a DELETE request is performed
You can found more information here about webhooks and this works in the application.
Key
Type
Required
Default
Description
method
String
Yes
None
HTTP Method used for webhook call. Can be POST
, PUT
, DELETE
or PATCH
url
String
Yes
None
URL to be called
headers
Map[String]String
No
nil
Fixed headers
secretHeaders
Map[String]credentialconfiguration
No
nil
Headers coming from secrets (for credentials for example)
retryCount
Integer
No
0
Number of retry in case of error
defaultWaitTime
String
No
""
Default wait time to sleep before retrying request. Default is 100 ms (injected by HTTP client)
maxWaitTime
String
No
""
Max wait time to sleep before retrying request. Default is 2 seconds (injected by HTTP client)
Key
Type
Required
Default
Description
name
String
Yes
None
Bucket name in S3 provider
prefix
String
No
None
Bucket prefix
region
String
No
us-east-1
Bucket region
s3Endpoint
String
No
None
Custom S3 Endpoint for non AWS S3 bucket
credentials
BucketCredentialConfiguration
No
None
Credentials to access S3 bucket
disableSSL
Boolean
No
false
Disable SSL connection
s3ListMaxKeys
Integer
No
1000
This flag will be used for the max pagination list management of files and "folders" in S3. In S3 list requests, the limit is fixed to 1000 items maximum. S3-Proxy will allow to increase this by making multiple requests to S3. Warning: This will increase the memory and CPU usage.
BucketCredentialConfiguration
Key
Type
Required
Default
Description
path
String
Only if env and value are not set
None
File path contains credential in
env
String
Only if path and value are not set
None
Environment variable name to use to load credential
value
String
Only if path and env are not set
None
Credential value directly (Not recommended)
AuthProvidersConfiguration
Key
Type
Required
Default
Description
clientID
String
Yes
None
Client ID
clientSecret
CredentialConfiguration
No
None
Client Secret
issuerUrl
String
Yes
None
Issuer URL (example: https://fake.com/realm/fake-realm
redirectUrl
String
No
""
Redirect URL (this is the service url). Without this being set, the redirect url will be calculated from input host automatically by S3-Proxy
scopes
[String]
No
["openid", "profile", "email"]
Scopes
state
String
Yes
None
Random string to have a secure connection with oidc provider
groupClaim
String
No
groups
Groups claim path in token (groups
must be a list of strings containing user groups)
emailVerified
Boolean
No
false
Check that user email is verified in user token (field email_verified
)
cookieName
String
No
oidc
Cookie generated name
cookieSecure
Boolean
No
false
Is the cookie generated secure ?
cookieDomains
[String]
No
nil
Cookie domains affected to generated cookie. If request host is matching one of the cookie domains defined, generated cookie will use the matching domain, otherwise, the domain will be the request host.
loginPath
String
No
""
Override login path for authentication. If not defined, /auth/PROVIDER_NAME
will be used
callbackPath
String
No
""
Override callback path for authentication callback. If not defined,/auth/PROVIDER_NAME/callback
will be used
Key
Type
Required
Default
Description
realm
String
Yes
None
Basic Auth Realm
Key
Type
Required
Default
Description
path
String
Yes
None
Path or matching path (e.g.: /*
)
methods
[String]
No
[GET]
HTTP methods allowed (Allowed values GET
, PUT
, DELETE
)
whiteList
Boolean
Required without oidc or basic
None
Is this path in white list ? E.g.: No authentication
oidc
ResourceOIDC
Required without whitelist or oidc
None
OIDC configuration authorization
basic
ResourceBasic
Required without whitelist or basic
None
Basic auth configuration
Key
Type
Required
Default
Description
authorizationAccesses
[OIDCAuthorizationAccesses]
No
None
Authorization accesses matrix by group or email. If not set, authenticated users will be authorized (no group or email validation will be performed if authorizationOPAServer isn't set).
authorizationOPAServer
OPAServerAuthorization
No
None
Authorization through an OPA (Open Policy Agent) server
Key
Type
Required
Default
Description
url
String
Yes
None
URL of the OPA server including the data path (see the dedicated section for OPA )
tags
Map[String]String
No
{}
Data that will be added as tags in the OPA input data (see the dedicated section for OPA )
OIDCAuthorizationAccesses
Key
Type
Required
Default
Description
group
String
Required without email
None
Group name
email
String
Required without group
None
Email
regexp
Boolean
No
false
Consider group or email as regexp for matching
BasicAuthUserConfiguration
Key
Type
Required
Default
Description
user
String
Yes
None
User name
password
CredentialConfiguration
Yes
None
User password
Key
Type
Required
Default
Description
host
String
No
""
Host domain requested (eg: localhost:888 or google.fr). Put empty for all domains. Note: Glob patterns for host domains are supported.
path
[String]
Yes
None
A path list for mounting point
Key
Type
Required
Default
Description
enabled
Boolean
Yes
None
To enable the list targets feature
mount
MountConfiguration
Yes
None
Mount point configuration
resource
Resource
No
None
Resources declaration for path whitelist or specific authentication on path