# "look ma, no hands"
# commented on each individual directive are the available parameters
# requires:
# - /data/users.json (https://gist.github.com/refs/6efa7ef2a6d8259594c88125d0fdccf0)
# follow same naming convention as jfd... (b)ackend, (-)noauth only jwt tokens, (o)wncloud storage driver
[core]
max_cpus = "2" # (100% | 4)
disable_http = true # otherwise an http server is started on port :9998
[log]
mode = "console" # (console | json) -> cmd/revad/main.go
# output = "/var/tmp/.revad.json"
level = "debug" # (debug | info | warn | error | fatal | panic) -> zerolog flags: default: zerolog.InfoLevel (1)
# gRPC core configurations
[grpc]
network = "tcp"
address = "localhost:9999" # where the grpc server will listen
enabled_services = [ # one of the available grpc services (one of cmd/svcs/grpcsvcs/)
"storageprovidersvc",
"storageregistrysvc",
"publicshareprovidersvc",
"usershareprovidersvc",
"authsvc"
]
enabled_interceptors = ["auth"] # grpc in / outbound middleware
[grpc.interceptors.auth]
token_manager = "jwt"
# skip_methods = ["/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"]
## The user share provider service
[grpc.services.usershareprovidersvc]
driver = "memory"
[grpc.interceptors.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
[grpc.services.storageprovidersvc]
driver = "owncloud" # ( owncloud | local | eos | s3) -> any of pkg/storage/fs
mount_path = "/" # where the file system is going to be mounted
mount_id = "123e4567-e89b-12d3-a456-426655440000"
# tmp_folder = "/var/tmp"
data_server_url = "http://127.0.0.1:9998/data"
[grpc.services.storageprovidersvc.available_checksums]
md5 = 100
unset = 1000
[grpc.services.storageprovidersvc.drivers.owncloud]
datadirectory = "/data" # where our data is going to live (?)
# requires redis as well, but defaults to localhost:6379
# requires scan -> defaults to true
# requires autocreate -> defaults to true
[grpc.services.storageregistrysvc]
driver = "static"
[grpc.services.storageregistrysvc.drivers.static.rules]
"/" = "localhost:9999"
"123e4567-e89b-12d3-a456-426655440000" = "localhost:9999"
[grpc.services.publicshareprovidersvc]
driver = "memory"
[grpc.services.authsvc]
token_manager = "jwt" # ( demo | jwt) -> any of pkg/token/manager
auth_manager = "json" # ( demo | impersonator | json | ldap | oidc) -> any of pkg/auth/manager
user_manager = "json" # ( demo | json | ldap | oidc) -> any of pkg/user/manager
[grpc.services.authsvc.auth_managers.json]
users = "/data/users.json" # file to get user credentials from -> pkg/auth/manager/json
[grpc.services.authsvc.user_managers.json]
users = "/data/users.json" # file to get user credentials from -> pkg/user/manager/json
[grpc.services.authsvc.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN" #
expires = 36000 # secret expires in 10 hours# this gateway service offers:
# - authorization via OIDC
# - a data endpoint
# rely requests to the backend (running on :9999)
[core]
max_cpus = "100%"
disable_grpc = true
[log]
mode = "console"
level = "debug"
[http]
network = "tcp"
address = "0.0.0.0:9998"
# http available services are listed on cmd/revad/svcs/httpsvcs
# App Registry (appregistrysvc): todo: what does this service do?
# Data Service (datasvc): ...
# Hello World (helloworldsvc): Exposes a simple hello world http service
# Iframe UI (iframeuisvc): ...
# Owncloud's DAV (ocdavsvc): Exposes a WebDAV service
# OIDC Provider (oidcprovider): Provides an authorization service over http
# Web UI (webuisvc): ...
# Wellknown (wellknown): Exposes a set of trusted http responses
enabled_services = [
"ocssvc", # capabilities ... are fetched from this endpoint
"oidcprovider", # requires also a well known service (/.well-known) for reva to fetch configs
"datasvc",
"ocdavsvc",
"wellknown"
]
# ocs endpoint requires authorization, therefore an auth middleware has to be enabled
enabled_middlewares = ["cors", "auth"]
# auth middleware configuration
[http.middlewares.auth]
credential_strategy = "oidc"
token_strategy = "header"
gatewaysvc = "0.0.0.0:10008"
token_writer = "header"
token_manager = "jwt"
skip_methods = [
"/status.php",
"/oauth2",
"/oauth2/auth",
"/oauth2/token",
"/oauth2/introspect",
"/oauth2/userinfo",
"/oauth2/sessions",
"/.well-known/openid-configuration",
"/metrics"
]
[http.middlewares.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
[http.middlewares.auth.token_strategies.header]
header = "X-Access-Token"
[http.middlewares.auth.token_writers.header]
header = "X-Access-Token"
# !auth middleware configuration
# cors middleware
[http.middlewares.cors]
priority = 200
allowed_origins = ["*"]
allow_credentials = true
allowed_methods = ["OPTIONS", "GET", "PUT", "POST", "DELETE", "MKCOL", "PROPFIND", "PROPPATCH", "MOVE", "COPY", "REPORT", "SEARCH"]
allowed_headers = ["Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Ocs-Apirequest", "If-None-Match"]
options_passthrough = true
# !cors middleware
# oidc config
[http.services.oidcprovider]
prefix = "oauth2"
# the authorization manager and user manager need to be told where to get their data from (/data/users.json)
auth_manager = "json" # one of the authorization manager on pkg/auth
user_manager = "json"
[http.services.oidcprovider.user_managers.json]
users = "/data/users.json"
[http.services.oidcprovider.auth_managers.json]
users = "/data/users.json"
# !oidc config
# wellknown config
[http.services.wellknown]
prefix = ".well-known" # serves http://localhost:9998/.well-known/openid-configuration and /webfinger
# !wellknown config
# webdav
[http.services.ocdavsvc]
prefix = ""
gatewaysvc = "localhost:9999"
chunk_folder = "/var/tmp/owncloud/chunks"
# !webdav
# data service
[http.services.datasvc]
driver = "owncloud"
prefix = "data"
temp_folder = "/var/tmp/"
[http.services.datasvc.drivers.owncloud]
datadirectory = "/data"
# !data service
# ocs service
[http.services.ocssvc]
prefix = "ocs"
gatewaysvc = "localhost:9999"
user_manager = "json"
publicshare_manager = "memory"
[http.services.ocssvc.user_managers.json]
users = "/data/users.json"
[http.services.ocssvc.config]
version = "1.8"
website = "nexus"
host = "https://localhost:9997"
contact = "admin@localhost"
ssl = "true"
[http.services.ocssvc.capabilities.capabilities.core]
poll_interval = 60
webdav_root = "remote.php/webdav"
[http.services.ocssvc.capabilities.capabilities.core.status]
installed = true
maintenance = false
needsDbUpgrade = false
version = "10.0.9.5"
versionstring = "10.0.9"
edition = "community"
productname = "reva"
hostname = ""
[http.services.ocssvc.capabilities.capabilities.checksums]
supported_types = ["SHA256"]
preferred_upload_type = "SHA256"
[http.services.ocssvc.capabilities.capabilities.files]
private_links = true
bigfilechunking = true
blacklisted_files = ["foo"]
undelete = true
versioning = true
[http.services.ocssvc.capabilities.capabilities.dav]
chunking = "1.0"
trashbin = "1.0"
reports = ["custom"]
[http.services.ocssvc.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
share_with_membership_groups_only = true
default_permissions = 22
search_min_length = 3
[http.services.ocssvc.capabilities.capabilities.files_sharing.public]
enabled = true
send_mail = true
social_share = true
upload = true
multiple = true
supports_upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password]
enforced = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password.enforced_for]
read_only = true
read_write = true
upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.expire_date]
enabled = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user]
send_mail = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user_enumeration]
enabled = true
group_members_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.federation]
outgoing = true
incoming = true
[http.services.ocssvc.capabilities.capabilities.notifications]
endpoints = ["list", "get", "delete"]
[http.services.ocssvc.capabilities.version]
edition = "nexus"
major = 10
minor = 0
micro = 11
string = "10.0.11"
# !ocs service# gateway only. No http.
[core]
max_cpus = "100%"
disable_http = true
[log]
mode = "console"
level = "debug"
[grpc]
network = "tcp"
address = "0.0.0.0:10008"
enabled_services = ["authsvc", "gatewaysvc"]
[grpc.services.gatewaysvc]
authsvc = ""
storageregistrysvc = "localhost:9999"
publicshareprovidersvc = "localhost:9999"
commit_share_to_storage_grant = true
commit_share_to_storage_ref = true
# Order and configuration of grpc interceptors
# GRPC interceptors
[grpc.interceptors.auth]
# keys for grpc metadata are always lowercase, so interceptors headers need to use lowercase.
token_manager = "jwt"
# GenerateAccessToken contains the credentials in the payload. Skip auth, otherwise services cannot obtain a token.
skip_methods = ["/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"]
[grpc.interceptors.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
# GRPC services
## The authentication service
[grpc.services.authsvc]
token_manager = "jwt"
auth_manager = "oidc"
user_manager = "oidc"
[grpc.services.authsvc.auth_managers.oidc]
provider = "http://localhost:9998"
insecure = true
# the client credentials for the token introspection backchannel
client_id = "phoenix"
client_secret = "foobar"
[grpc.services.authsvc.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"unified.toml = backend + frontend start the gateway.toml on a separate proccess. This makes things easier to debug
# runs backend + http frontend
# a gateway MUST run on a separate process
[core]
max_cpus = "100%" # (100% | 4)
[log]
mode = "console" # (console | json) -> cmd/revad/main.go
# output = "/var/tmp/.revad.json" # uncomment for file logging. Will work tailing the logfie with jq.
level = "debug" # (debug | info | warn | error | fatal | panic) -> zerolog flags: default: zerolog.InfoLevel (1)
# gRPC core configurations
[grpc]
network = "tcp"
address = "localhost:9999" # where the grpc server will listen
enabled_services = [ # one of the available grpc services (one of cmd/svcs/grpcsvcs/)
"authsvc",
"storageprovidersvc",
"storageregistrysvc",
# public shares on
"publicshareprovidersvc",
# user shares on
"usershareprovidersvc",
]
enabled_interceptors = ["auth"] # grpc in / outbound middleware
[grpc.interceptors.auth]
token_manager = "jwt"
# skip_methods = ["/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"]
## The user share provider service
[grpc.services.usershareprovidersvc]
driver = "memory"
[grpc.interceptors.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
[grpc.services.storageprovidersvc]
driver = "owncloud" # ( owncloud | local | eos | s3) -> any of pkg/storage/fs
mount_path = "/" # where the file system is going to be mounted
mount_id = "123e4567-e89b-12d3-a456-426655440000"
# tmp_folder = "/var/tmp"
data_server_url = "http://127.0.0.1:9998/data"
[grpc.services.storageprovidersvc.available_checksums]
md5 = 100
unset = 1000
[grpc.services.storageprovidersvc.drivers.owncloud]
datadirectory = "/data" # where our data is going to live (?)
# requires redis as well, but defaults to localhost:6379
# requires scan -> defaults to true
# requires autocreate -> defaults to true
[grpc.services.storageregistrysvc]
driver = "static"
[grpc.services.storageregistrysvc.drivers.static.rules]
"/" = "localhost:9999"
"123e4567-e89b-12d3-a456-426655440000" = "localhost:9999"
[grpc.services.publicshareprovidersvc]
driver = "memory"
[grpc.services.authsvc]
token_manager = "jwt" # ( demo | jwt) -> any of pkg/token/manager
auth_manager = "json" # ( demo | impersonator | json | ldap | oidc) -> any of pkg/auth/manager
user_manager = "json" # ( demo | json | ldap | oidc) -> any of pkg/user/manager
[grpc.services.authsvc.auth_managers.json]
users = "/data/users.json" # file to get user credentials from -> pkg/auth/manager/json
[grpc.services.authsvc.user_managers.json]
users = "/data/users.json" # file to get user credentials from -> pkg/user/manager/json
[grpc.services.authsvc.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN" #
expires = 36000 # secret expires in 10 hours
# frontend
# this gateway service offers:
# - authorization via OIDC
# - a data endpoint
# rely requests to the backend (running on :9999)
[http]
network = "tcp"
address = "0.0.0.0:9998"
# http available services are listed on cmd/revad/svcs/httpsvcs
# App Registry (appregistrysvc): todo: what does this service do?
# Data Service (datasvc): ...
# Hello World (helloworldsvc): Exposes a simple hello world http service
# Iframe UI (iframeuisvc): ...
# Owncloud's DAV (ocdavsvc): Exposes a WebDAV service
# OIDC Provider (oidcprovider): Provides an authorization service over http
# Web UI (webuisvc): ...
# Wellknown (wellknown): Exposes a set of trusted http responses
enabled_services = [
"ocssvc", # capabilities ... are fetched from this endpoint
"oidcprovider", # requires also a well known service (/.well-known) for reva to fetch configs
"datasvc",
"ocdavsvc",
"wellknown"
]
# ocs endpoint requires authorization, therefore an auth middleware has to be enabled
enabled_middlewares = ["cors", "auth"]
# auth middleware configuration
[http.middlewares.auth]
credential_strategy = "oidc"
token_strategy = "header"
gatewaysvc = "0.0.0.0:10008" # location of the gateway
token_writer = "header"
token_manager = "jwt"
skip_methods = [
"/status.php",
"/oauth2",
"/oauth2/auth",
"/oauth2/token",
"/oauth2/introspect",
"/oauth2/userinfo",
"/oauth2/sessions",
"/.well-known/openid-configuration",
"/metrics"
]
[http.middlewares.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
[http.middlewares.auth.token_strategies.header]
header = "X-Access-Token"
[http.middlewares.auth.token_writers.header]
header = "X-Access-Token"
# !auth middleware configuration
# cors middleware
[http.middlewares.cors]
priority = 200
allowed_origins = ["*"]
allow_credentials = true
allowed_methods = ["OPTIONS", "GET", "PUT", "POST", "DELETE", "MKCOL", "PROPFIND", "PROPPATCH", "MOVE", "COPY", "REPORT", "SEARCH"]
allowed_headers = ["Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Ocs-Apirequest", "If-None-Match"]
options_passthrough = true
# !cors middleware
# oidc config
[http.services.oidcprovider]
prefix = "oauth2"
# the authorization manager and user manager need to be told where to get their data from (/data/users.json)
auth_manager = "json" # one of the authorization manager on pkg/auth
user_manager = "json"
[http.services.oidcprovider.user_managers.json]
users = "/data/users.json"
[http.services.oidcprovider.auth_managers.json]
users = "/data/users.json"
# !oidc config
# wellknown config
[http.services.wellknown]
prefix = ".well-known" # serves http://localhost:9998/.well-known/openid-configuration and /webfinger
# !wellknown config
# webdav
[http.services.ocdavsvc]
prefix = ""
gatewaysvc = "localhost:9999"
chunk_folder = "/var/tmp/owncloud/chunks"
# !webdav
# data service
[http.services.datasvc]
driver = "owncloud"
prefix = "data"
temp_folder = "/var/tmp/"
[http.services.datasvc.drivers.owncloud]
datadirectory = "/data"
# !data service
# ocs service
[http.services.ocssvc]
prefix = "ocs"
gatewaysvc = "localhost:9999"
user_manager = "json"
publicshare_manager = "memory"
[http.services.ocssvc.user_managers.json]
users = "/data/users.json"
[http.services.ocssvc.config]
version = "1.8"
website = "nexus"
host = "https://localhost:9997"
contact = "admin@localhost"
ssl = "true"
[http.services.ocssvc.capabilities.capabilities.core]
poll_interval = 60
webdav_root = "remote.php/webdav"
[http.services.ocssvc.capabilities.capabilities.core.status]
installed = true
maintenance = false
needsDbUpgrade = false
version = "10.0.9.5"
versionstring = "10.0.9"
edition = "community"
productname = "reva"
hostname = ""
[http.services.ocssvc.capabilities.capabilities.checksums]
supported_types = ["SHA256"]
preferred_upload_type = "SHA256"
[http.services.ocssvc.capabilities.capabilities.files]
private_links = true
bigfilechunking = true
blacklisted_files = ["foo"]
undelete = true
versioning = true
[http.services.ocssvc.capabilities.capabilities.dav]
chunking = "1.0"
trashbin = "1.0"
reports = ["custom"]
[http.services.ocssvc.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
share_with_membership_groups_only = true
default_permissions = 22
search_min_length = 3
[http.services.ocssvc.capabilities.capabilities.files_sharing.public]
enabled = true
send_mail = true
social_share = true
upload = true
multiple = true
supports_upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password]
enforced = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password.enforced_for]
read_only = true
read_write = true
upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.expire_date]
enabled = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user]
send_mail = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user_enumeration]
enabled = true
group_members_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.federation]
outgoing = true
incoming = true
[http.services.ocssvc.capabilities.capabilities.notifications]
endpoints = ["list", "get", "delete"]
[http.services.ocssvc.capabilities.version]
edition = "nexus"
major = 10
minor = 0
micro = 11
string = "10.0.11"
# !ocs service