gatewayAdminDomain

Required. The administrative domain where meta information about tenants and storage domains is kept.

Changing the adminDomain invalidates encrypted passwords in idsys.json and gateway.cfg and all tokens.

This is not recommended to match the Swarm default domain (cluster.name). Doing so leads to “Invalid token” errors if cluster.enforceTenancy=False, which is also not recommended.

200

The number of threads allocated to handling client requests. Set for 100 times number of CPU cores. Minimum is 200.

For CPUs with hyperthreading enabled, this calculation is based on the number of virtual cores, not physical.

24

The default number of hours an authentication token is valid if no time is defined when it is created.

/var/spool/cloudgateway

The location of the spool directory for HTTP multipart MIME upload temporary space.

50

The percentage of the file system that can be used for multipart MIME upload temporary space.

50

The maximum number of parallel delete operations to dispatch when processing recursive delete requests.

false

Set to true to hide identity management configuration details from authentication errors.

One or more base domains for the Set-Cookie response header to scope (instead of the FQDN from the request) if an authentication token is created within a child domain of one of these base domains. This can be useful when using the Content UI to access multiple storage domains that share a common base domain when wanting to use the same authentication token across domains. (v5.2.2)

Example:

cookieDomains = cloud.example.com cloud.example.net

8192

Gateway implements the Veeam SOSAPI extension (v7.10.3). This config allows block size configuration. The default and recommended value is 8192. Set to 0 to disable SOSAPI handling.

The capacity and availability returned in a GET of pseudo-object .system-d26a9498-cb7c-4a87-a44a-8ae204f5ba6c/capacity.xml are estimated based on the bucket's evaluated EC setting which is cached for 5 minutes. The values are based on cluster capacity; bucket quotas are not currently used.

10000

The max multidelete request items, SCSP only. S3 has a fixed limit of 1000 which is defined by AWS.

2560000

The max multidelete request body size (~2.5Mb).

3

Number of retries when hitting 503 on delete.

500

Number of milliseconds to wait before retrying.

true

Whether to request synchronous ES index update during each delete.

"static"

Zeroconf is not supported.

server1 server2 server3

Space or comma delimited list of IP addresses or host names of the storage cluster nodes.

80

Integer socket port number for SCSP on the storage nodes.

The name of the storage cluster.

indexer1 indexer2 indexer3

Space or comma delimited list of the Elasticsearch metadata index servers used by the storage cluster. Must be from the same ES cluster: do not mix old and new clusters.

Required for the S3 protocol and for Content Metering

9200

The socket port on which the Elasticsearch servers listen.

91

Provide these credentials for the storage cluster to enable Gateway version and component information to be included in the cluster health report that provides proactive support from DataCore. (v6.0)

Required when using [cluster_admin].

0.0.0.0

Set to the IP address of the network interface connected to the storage cluster subnet when using a multi-homed Gateway. The value must be defined as a non-default value when using a multi-homed Gateway server such as one connected to a front-end client network and a back-end storage network.

100

The maximum number of open connections to a specific storage node.

250

The maximum number of open connections to allow. This includes both active and idle connections.

60

The time in seconds allowed to connect to a node.

10

The time in seconds allowed for an active connection to deliver data.
10 (seconds), default starting 8.1.0. Set to -1 to disable.

120

The time in seconds an idle socket is allowed to remain in the connection pool.

120

The time in seconds an indexer socket is allowed to remain in the connection pool. This affects the ability to list larger buckets. (v7.1)

30

The time in seconds to wait for client response after a 100 continue reply.

"immediate"

Controls whether synchronous (immediate, using replicate on write) or asynchronous (delayed) data protection is requested when writing to the storage cluster.

Values:

• "immediate" (for replicate on write) - requires storage cluster setting of scsp.replicateOnWrite=true

• "delayed" (disables replicate on write) - requires storage cluster setting of scsp.replicateOnWrite=false 

See Configuring ROW Replicate On Write

true

When enabled, the Gateway rejects any SCSP write (PUT, POST, COPY, APPEND) that includes a deletable=no/false lifepoint. This restriction applies to both named and unnamed (alias and immutable) objects. The request is refused with a 400 error message, "Unable to write undeletable object".

true

Activates this protocol: Values are: "true", "false".

0.0.0.0

The IP address of the network interface to which the listening socket binds. Defaults to all interfaces.

80

Integer socket port number for protocol.

80

443

Optional, one or both. Allows Gateway to be used either behind a proxy or within a Docker environment, taking effect when X-Forwarded-Proto is found on the request. Gateway uses X-Forwarded-Proto to determine which port to use. (v5.4)

undefined

Allows the use of internal Swarm requests for content replication to pass through the Gateway. This is useful if using replication feeds between clusters that use Gateway as the front-end.

Values are "all", full IP addresses, IP address prefixes, a list of IPs/prefixes, or CIDR format such as 172.30.15.0/24. 
When undefined, no clients are allowed to send Swarm admin requests through the Gateway.

false

The protocol must be explicitly enabled. Values are: "true", "false".

0.0.0.0

The IP address of the network interface to which the listening socket binds. Defaults to all interfaces.

80

Integer socket port number for protocol.

80
443

Optional, one or both. Allows Gateway to be used either behind a proxy or within a Docker environment, taking effect when X-Forwarded-Proto is found on the request. Gateway uses X-Forwarded-Proto to determine which port to use. (v5.4)

true

Improves compatibility with S3 clients and software libraries that expect consistent listings (despite the documented nature of listings to be eventually consistent). Can be disabled to boost write throughput (especially for small objects), if listing consistency is not critical. (v5.2.1)

Exceptions to synchronous indexing:

• Deletes of manifests for canceled multipart uploads are done asynchronously.

• On a delete, when there is not enough space on the local node to write a delete marker for a named object, Swarm writes to another node and indexes asynchronously.

• On a rename, Swarm indexes the new name synchronously, but the old name is deleted asynchronously.

• On a parallel write complete, the init stream is deleted asynchronously.

The Amazon S3 GET Bucket Location request returns the AWS region in which the bucket is located.
By default, Gateway returns an empty value for the location, which S3 clients interpret as us-east-1. If another region is required, there are two options:

• Supply the location in the bucket creation operation using LocationConstraint.

• Set the region option in the Gateway configuration file to the preferred region. This applies to all buckets unless the location is specified during creation.

If you require the behavior prior to Content Gateway 7.10.2 of returning the cluster name, set region to that cluster name.

Set forcedDomain to the name of an existing domain to force Content Gateway to use that domain for S3 requests regardless of the incoming Host or X-Forwarded-Host header. This allows S3 clients to use gateway hostnames or IP addresses as the endpoint instead of requiring the endpoint to be a domain name. The S3 clients must use the "bucket in path" style of access for all requests, not the “bucket in Host” style. This feature is supported since v7.10.7.

false

The feature must be explicitly enabled.

300 (5 minutes)

How frequently to send usage reports to Elasticsearch. Minimum is 10 seconds. The default value is optimized for the resolution of the queries.

100 (days)

How long to retain usage records. Minimum is 2 days. Allow for additional storage space if significantly increasing the retention period.

3600 (1 hour)

How frequently to sample the disk usage. Minimum is 900 (15 minutes). Larger values reduce the query workload on Elasticsearch.

300

Time before authorization is revalidated with a request to the identity management system.

300

Time before an authentication token is revalidated with a request to the administration domain.

300

Time an IDSYS document, or its nonexistence, is cached in memory.

300

Time a tenant, domain, or bucket Policy document, or its nonexistence, is cached in memory.

300

Time an XFORM document, or its nonexistence, is cached in memory.

300

Time that metadata for a tenant, domain, or bucket, or its nonexistence, is cached in memory.
This includes the owner for a tenant/domain/bucket and whether a bucket exists.

300

Time that the knowledge of a domain's existence or nonexistence is cached.

10 (seconds)

Default timeout starting from v8.1.0. Set to -1 to disable this configuration.

false

The feature must be explicitly enabled.

60

The global limits on the speed of quota data refreshing. To increase the precision of the usage data, lower these values. To reduce the load on Elasticsearch, increase these values.

To optimize the load on Elasticsearch, Gateway refreshes with a dynamic algorithm: slower when metrics are still far from the limit and faster when the limit approaches, slower when approaching a limit and faster as the overage nears an end. The minimum and maximum deadlines refer to the caps to apply to this refresh rate (no faster and no slower than these values).

3600

4

The number of threads in the pool that continuously look at the most urgent deadlines in the queue and perform the refreshes (Elasticsearch queries) as needed.

3

The number of times a refresh can fail due to a failing Elasticsearch query before an error is logged and the refresh is dropped.

10000

Maximum queue size for scope quota evaluations. The internal implementation uses a deadline queue and, If the queue is overflowed, the least urgent items are pushed out of the queue.

maxRefreshDeadline

This avoids unnecessary load on Elasticsearch by allowing the results of a quota check performed when a scope (tenant, domain, bucket) is accessed to be cached for this period of time. If the time since last access is less that this value, the scope is not scanned in the background. Setting this parameter to 0 disables the access caching function.

10

Number of seconds to wait before retrying a refresh after the previous failed due to a failing Elasticsearch query.

3

Seconds to wait after finishing the work in a queue and before starting again.

localhost

Required. The hostname or IP address of the SMTP server that sends the email notifications.

25

Optional. The port where the SMTP server listens.

Optional. The user and password to authenticate with SMTP server.

donotreply@localhost

Email address for the sender of the notification.

Quota state change notification

Email templates for subject line and body. These variables can be used in both the subject line and message body templates.

• %metric%

• %state%

• %contextType%

• %contextName%

The %xxx% strings render current values when the message is generated.

Metric %metric% changed to %state% state in %contextType% %contextName%.

5

In days. Sets a lifepoint to trigger clean up of any JSON result objects for video clips are created asynchronously.

usePaths

A setting introduced in Gateway v7.10.0 to improve S3 delimiter listing performance. The default is true as of Gateway v8.0.3. Also see usePathsMaxDirs.

It requires Swarm 14.1 or later with search.enableDelimiterPaths set to True. This is the default for new Swarm 15.0+ clusters, see Settings Reference.
Set this setting explicitly if upgrading from Swarm 14.1.

• Set swarmctl -C search.enableDelimiterPaths -V True and create a new search feed. See also, Add Search Feed.
  The new feed can use the same Elasticsearch cluster if it has at least half of its disk space free.

• Make it default after completion and restart gateways with [folder_listings] usePaths=true in gateway.cfg.
  Now, this makes the top-level delimiter listings (used by Veeam and S3 Browser) faster.

usePathsMaxDirs

A setting introduced in Gateway v8.0.3 that determines which delimiter listings are affected by usePaths=true. It defaults to 5, which means that it affects delimiter listings without a prefix or with the prefix having up to five subdirectories.

enabled

false

Enables the Service Proxy functionality.

bindAddress

<IP | hostname>

Specifies the IP address or host name where Service Proxy listens for incoming storage cluster management API and Metering Query requests.

bindPort

91

Specifies the port where Service Proxy listens. By convention, this is port 91.

externalHTTPPort
externalHTTPSPort

<port>
<port>

Optional, one or both. Allows Gateway to be used either behind a proxy or within a Docker environment, taking effect when X-Forwarded-Proto is found on the request. Gateway uses X-Forwarded-Proto to determine which port to use. (v5.4)

platformHost

<IP | hostname>

Required for Platform Server if running Service Proxy/Swarm UI on a standalone Gateway.
See Configuring Swarm for Platform Server

testMode

true | false

Enables testMode when troubleshooting, which stops obfuscation of the backend Swarm Storage and Elasticsearch node IPs.

metricsEnabled

true

Metrics is enabled by default

metricsPort

9100

Port for Prometheus to poll

metricsHost

0.0.0.0

Address the metrics server bind to. 0.0.0.0, by default, refers to all IP addresses. This can be configured to a private address if Prometheus can connect to it. (v7.10.6)

debugConnLeaks

true

Set this to true as directed by DataCore Support to diagnose connection pool or stuck thread issues.

/_admin/portal

SCSP port

[scsp]

/_admin/storage

Service Proxy port

[cluster_admin]

If an HAProxy load balancer at haproxy.example.com is proxying requests for SCSP and S3 (on a shared port) and for Service Proxy:

...then expose both HTTP and HTTPS
in these sections:

enabled=true

Enables the Service Proxy functionality.

bindAddress=<IP|hostname>

Specifies the IP address or host name where Service Proxy listens for incoming storage cluster management API and Metering Query requests.

bindPort=91

Specifies the port where Service Proxy listens. By convention, this is port 91.

externalHTTPPort=<port>
externalHTTPSPort=<port>

Optional, one or both. Allows Gateway to be used either behind a proxy or within a Docker environment, taking effect when X-Forwarded-Proto is found on the request. Gateway uses X-Forwarded-Proto to determine which port to use. (v5.4)

platformHost=<IP|hostname>

platformPort=<port>

Required for Platform Server if running Service Proxy/Swarm UI on a standalone Gateway. 

See Configuring Swarm for Platform Server

testMode=<true|false>

Enables testMode when troubleshooting, which stops obfuscation of the backend Swarm Storage and Elasticsearch node IPs.

managementPort=91

Specifies the port where Swarm listens for storage cluster management API requests. By convention, this is port 91.

managementUser=<Swarm·admin·user>

Specifies the user known to Swarm allowed to perform management API requests against the storage cluster.

managementPassword=<Swarm·admin·password>

Specifies the password of the managementUser.

enabled=false

enabled=false