Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time


Environment Variables



This variable enables running CloudServer with multiple data backends, defined as regions.

For multiple data backends, a custom locationConfig.json file is required. This file enables you to set custom regions. You must provide associated rest_endpoints for each custom region in config.json.

Learn more about multiple-backend configurations

If you are using Scality RING endpoints, refer to your customer documentation.

Running CloudServer with an AWS S3-Hosted Backend

To run CloudServer with an S3 AWS backend, add a new section to the locationConfig.json file with the aws_s3 location type:

"awsbackend": {
    "type": "aws_s3",
    "details": {
        "awsEndpoint": "",
        "bucketName": "yourawss3bucket",
        "bucketMatch": true,
        "credentialsProfile": "aws_hosted_profile"

Edit your AWS credentials file to enable your preferred command-line tool. This file must mention credentials for all backends in use. You can use several profiles if multiple profiles are configured.


As with locationConfig.json, the AWS credentials file must be mounted at run time: -v ~/.aws/credentials:/root/.aws/credentials on Unix-like systems (Linux, OS X, etc.), or -v C:\Users\USERNAME\.aws\credential:/root/.aws/credentials on Windows


One account cannot copy to another account with a source and destination on real AWS unless the account associated with the accessKey/secretKey pairs used for the destination bucket has source bucket access privileges. To enable this, update ACLs directly on AWS.



For stored file data to persist, you must mount Docker volumes for both data and metadata. See :ref:`In Production with a Docker-Hosted CloudServer <in-production-w-a-Docker-hosted-cloudserver>`


This is ideal for testing: no data remains after the container is shut down.


This variable specifies the endpoint. To direct CloudServer requests to, for example, specify the endpoint with:

$ docker run -d --name cloudserver -p 8000:8000 -e zenko/cloudserver


On Unix-like systems (Linux, OS X, etc.) edit /etc/hosts to associate with


CloudServer is a part of Zenko. When you run CloudServer standalone it will still try to connect to Orbit by default (browser-based graphical user interface for Zenko).

Setting this variable to true(1) will default to accessKey1 and verySecretKey1 for credentials and disable the automatic Orbit management:

$ docker run -d --name cloudserver -p 8000:8000 -e REMOTE_MANAGEMENT_DISABLE=1 zenko/cloudserver


These variables specify authentication credentials for an account named “CustomAccount”.

Set account credentials for multiple accounts by editing conf/authdata.json (see below for further details). To specify one set for personal use, set these environment variables:

$ docker run -d --name cloudserver -p 8000:8000 -e SCALITY_ACCESS_KEY_ID=newAccessKey \
-e SCALITY_SECRET_ACCESS_KEY=newSecretKey zenko/cloudserver


This takes precedence over the contents of the authdata.json file. The authdata.json file is ignored.


The ACCESS_KEY and SECRET_KEY environment variables are deprecated.


This variable changes the log level. There are three levels: info, debug, and trace. The default is info. Debug provides more detailed logs, and trace provides the most detailed logs.

$ docker run -d --name cloudserver -p 8000:8000 -e LOG_LEVEL=trace zenko/cloudserver


Set true, this variable runs CloudServer with SSL.

If SSL is set true:

  • The ENDPOINT environment variable must also be specified.

  • On Unix-like systems (Linux, OS X, etc.), must be associated with <YOUR_ENDPOINT> in /etc/hosts.


    Self-signed certs with a CA generated within the container are suitable for testing purposes only. Clients cannot trust them, and they may disappear altogether on a container upgrade. The best security practice for production environments is to use an extra container, such as haproxy/nginx/stunnel, for SSL/TLS termination and to pull certificates from a mounted volume, limiting what an exploit on either component can expose.

   $ docker run -d --name cloudserver -p 8000:8000 -e SSL=TRUE -e ENDPOINT=<YOUR_ENDPOINT> \

For more information about using ClousdServer with SSL, see `Using SSL <GETTING_STARTED.html#Using SSL>`__


This variable causes CloudServer and its data and metadata components to listen on the specified address. This allows starting the data or metadata servers as standalone services, for example.

docker run -d --name s3server-data -p 9991:9991 -e LISTEN_ADDR=
scality/s3server yarn run start_dataserver


These variables configure the data and metadata servers to use, usually when they are running on another host and only starting the stateless Zenko CloudServer.

$ docker run -d --name cloudserver -e DATA_HOST=cloudserver-data \
-e METADATA_HOST=cloudserver-metadata zenko/cloudserver yarn run start_s3server


Use this variable to connect to the redis cache server on another host than localhost.

$ docker run -d --name cloudserver -p 8000:8000 \
-e zenko/cloudserver


Use this variable to connect to the Redis cache server on a port other than the default 6379.

$ docker run -d --name cloudserver -p 8000:8000 \
-e REDIS_PORT=6379 zenko/cloudserver

Tunables and Setup Tips

Using Docker Volumes

CloudServer runs with a file backend by default, meaning that data is stored inside the CloudServer’s Docker container.

For data and metadata to persist, data and metadata must be hosted in Docker volumes outside the CloudServer’s Docker container. Otherwise, the data and metadata are destroyed when the container is erased.

$ docker run -­v $(pwd)/data:/usr/src/app/localData -­v $(pwd)/metadata:/usr/src/app/localMetadata \
-p 8000:8000 ­-d zenko/cloudserver

This command mounts the ./data host directory to the container at /usr/src/app/localData and the ./metadata host directory to the container at /usr/src/app/localMetaData.


These host directories can be mounted to any accessible mount point, such as /mnt/data and /mnt/metadata, for example.

Adding, Modifying, or Deleting Accounts or Credentials

  1. Create a customized authdata.json file locally based on /conf/authdata.json.
  2. Use Docker volumes to override the default authdata.json through a Docker file mapping.

For example:

$ docker run -v $(pwd)/authdata.json:/usr/src/app/conf/authdata.json -p 8000:8000 -d \

Specifying a Host Name

To specify a host name (for example,, provide your own config.json file using Docker volumes.

First, add a new key-value pair to the restEndpoints section of your config.json. Make the key the host name you want, and the value the default location_constraint for this endpoint.

For example, is mapped to us-east-1 which is one of the location_constraints listed in your locationConfig.json file here.

For more information about location configuration, see: GETTING STARTED

"restEndpoints": {
    "localhost": "file",
    "": "file",
    "": "us-east-1"

Next, run CloudServer using a Docker volume:

$ docker run -v $(pwd)/config.json:/usr/src/app/config.json -p 8000:8000 -d zenko/cloudserver

The local config.json file overrides the default one through a Docker file mapping.

Running as an Unprivileged User

CloudServer runs as root by default.

To change this, modify the dockerfile and specify a user before the entry point.

The user must exist within the container, and must own the /usr/src/app directory for CloudServer to run.

For example, the following dockerfile lines can be modified:

&& groupadd -r -g 1001 scality \
&& useradd -u 1001 -g 1001 -d /usr/src/app -r scality \
&& chown -R scality:scality /usr/src/app


USER scality
ENTRYPOINT ["/usr/src/app/"]

Continuous Integration with a Docker-Hosted CloudServer

When you start the Docker CloudServer image, you can adjust the configuration of the CloudServer instance by passing one or more environment variables on the docker run command line.

To run CloudServer for CI with custom locations (one in-memory, one hosted on AWS), and custom credentials mounted:

$ docker run --name CloudServer -p 8000:8000 \
-v $(pwd)/locationConfig.json:/usr/src/app/locationConfig.json \
-v $(pwd)/authdata.json:/usr/src/app/conf/authdata.json \
-v ~/.aws/credentials:/root/.aws/credentials \
-e S3DATA=multiple -e S3BACKEND=mem zenko/cloudserver

To run CloudServer for CI with custom locations, (one in-memory, one hosted on AWS, and one file), and custom credentials set as environment variables):

$ docker run --name CloudServer -p 8000:8000 \
-v $(pwd)/locationConfig.json:/usr/src/app/locationConfig.json \
-v ~/.aws/credentials:/root/.aws/credentials \
-v $(pwd)/data:/usr/src/app/localData -v $(pwd)/metadata:/usr/src/app/localMetadata \
-e S3DATA=multiple -e S3BACKEND=mem zenko/cloudserver

In Production with a Docker-Hosted CloudServer

Because data must persist in production settings, CloudServer offers multiple-backend capabilities. This requires a custom endpoint and custom credentials for local storage.

Customize these with:

$ docker run -d --name CloudServer \
-v $(pwd)/data:/usr/src/app/localData -v $(pwd)/metadata:/usr/src/app/localMetadata \
-v $(pwd)/locationConfig.json:/usr/src/app/locationConfig.json \
-v $(pwd)/authdata.json:/usr/src/app/conf/authdata.json \
-v ~/.aws/credentials:/root/.aws/credentials -e S3DATA=multiple \
-e \
-p 8000:8000 ­-d zenko/cloudserver \