130 lines
4.4 KiB
Plaintext
130 lines
4.4 KiB
Plaintext
[DEFAULT]
|
|
# bind_ip = 0.0.0.0
|
|
# bind_port = 80
|
|
# backlog = 4096
|
|
# swift_dir = /etc/swift
|
|
# workers = 1
|
|
# user = swift
|
|
# cert_file = /etc/swift/proxy.crt
|
|
# key_file = /etc/swift/proxy.key
|
|
|
|
[pipeline:main]
|
|
# For DevAuth:
|
|
pipeline = catch_errors healthcheck cache ratelimit auth proxy-server
|
|
# For Swauth:
|
|
# pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server
|
|
|
|
[app:proxy-server]
|
|
use = egg:swift#proxy
|
|
# log_name = proxy-server
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_headers = False
|
|
# recheck_account_existence = 60
|
|
# recheck_container_existence = 60
|
|
# object_chunk_size = 8192
|
|
# client_chunk_size = 8192
|
|
# node_timeout = 10
|
|
# client_timeout = 60
|
|
# conn_timeout = 0.5
|
|
# How long without an error before a node's error count is reset. This will
|
|
# also be how long before a node is reenabled after suppression is triggered.
|
|
# error_suppression_interval = 60
|
|
# How many errors can accumulate before a node is temporarily ignored.
|
|
# error_suppression_limit = 10
|
|
# If set to 'true' any authorized user may create and delete accounts; if
|
|
# 'false' no one, even authorized, can.
|
|
# allow_account_management = false
|
|
|
|
# Only needed for DevAuth
|
|
[filter:auth]
|
|
use = egg:swift#auth
|
|
# The reseller prefix will verify a token begins with this prefix before even
|
|
# attempting to validate it with the external authentication server. Also, with
|
|
# authorization, only Swift storage accounts with this prefix will be
|
|
# authorized by this middleware. Useful if multiple auth systems are in use for
|
|
# one Swift cluster.
|
|
# reseller_prefix = AUTH
|
|
# ip = 127.0.0.1
|
|
# port = 11000
|
|
# ssl = false
|
|
# prefix = /
|
|
# node_timeout = 10
|
|
|
|
# Only needed for Swauth
|
|
[filter:swauth]
|
|
use = egg:swift#swauth
|
|
# log_name = auth-server
|
|
# log_facility = LOG_LOCAL0
|
|
# log_level = INFO
|
|
# log_headers = False
|
|
# The reseller prefix will verify a token begins with this prefix before even
|
|
# attempting to validate it. Also, with authorization, only Swift storage
|
|
# accounts with this prefix will be authorized by this middleware. Useful if
|
|
# multiple auth systems are in use for one Swift cluster.
|
|
# reseller_prefix = AUTH
|
|
# The auth prefix will cause requests beginning with this prefix to be routed
|
|
# to the auth subsystem, for granting tokens, creating accounts, users, etc.
|
|
# auth_prefix = /auth/
|
|
# Cluster strings are of the format name:url where name is a short name for the
|
|
# Swift cluster and url is the url to the proxy server(s) for the cluster.
|
|
# default_swift_cluster = local:http://127.0.0.1:8080/v1
|
|
# You may also use the format name::url::url where the first url is the one
|
|
# given to users to access their account (public url) and the second is the one
|
|
# used by swauth itself to create and delete accounts (private url). This is
|
|
# useful when a load balancer url should be used by users, but swauth itself is
|
|
# behind the load balancer. Example:
|
|
# default_swift_cluster = local::https://public.com:8080/v1::http://private.com:8080/v1
|
|
# token_life = 86400
|
|
# node_timeout = 10
|
|
# Highly recommended to change this.
|
|
super_admin_key = swauthkey
|
|
|
|
[filter:healthcheck]
|
|
use = egg:swift#healthcheck
|
|
|
|
[filter:cache]
|
|
use = egg:swift#memcache
|
|
# Default for memcache_servers is below, but you can specify multiple servers
|
|
# with the format: 10.1.2.3:11211,10.1.2.4:11211
|
|
# memcache_servers = 127.0.0.1:11211
|
|
|
|
[filter:ratelimit]
|
|
use = egg:swift#ratelimit
|
|
# clock_accuracy should represent how accurate the proxy servers' system clocks
|
|
# are with each other. 1000 means that all the proxies' clock are accurate to
|
|
# each other within 1 millisecond. No ratelimit should be higher than the
|
|
# clock accuracy.
|
|
# clock_accuracy = 1000
|
|
# max_sleep_time_seconds = 60
|
|
# log_sleep_time_seconds of 0 means disabled
|
|
# log_sleep_time_seconds = 0
|
|
# account_ratelimit of 0 means disabled
|
|
# account_ratelimit = 0
|
|
|
|
# these are comma separated lists of account names
|
|
# account_whitelist = a,b
|
|
# account_blacklist = c,d
|
|
|
|
# with container_limit_x = r
|
|
# for containers of size x limit requests per second to r. The container
|
|
# rate will be linearly interpolated from the values given. With the values
|
|
# below, a container of size 5 will get a rate of 75.
|
|
# container_ratelimit_0 = 100
|
|
# container_ratelimit_10 = 50
|
|
# container_ratelimit_50 = 20
|
|
|
|
[filter:domain_remap]
|
|
use = egg:swift#domain_remap
|
|
# storage_domain = example.com
|
|
# path_root = v1
|
|
|
|
[filter:catch_errors]
|
|
use = egg:swift#catch_errors
|
|
|
|
[filter:cname_lookup]
|
|
# Note: this middleware requires python-dnspython
|
|
use = egg:swift#cname_lookup
|
|
# storage_domain = example.com
|
|
# lookup_depth = 1
|