.. contents::
The Ceph Object Gateway supports two embedded HTTP frontend libraries
-that can be configured with ``rgw_frontends``.
+that can be configured with ``rgw_frontends``. See `Config Reference`_
+for details about the syntax.
Beast
=====
``port`` and ``ssl_port``
-:Description: Sets the listening port number. Can be specified multiple
+:Description: Sets the ipv4 & ipv6 listening port number. Can be specified multiple
times as in ``port=80 port=8000``.
-
:Type: Integer
:Default: ``80``
``endpoint`` and ``ssl_endpoint``
-:Description: Sets the listening address in the form ``address[:port]``,
- where the address is an IPv4 address string in dotted decimal
- form, or an IPv6 address in hexadecimal notation surrounded
- by square brackets. The optional port defaults to 80 for
- ``endpoint`` and 443 for ``ssl_endpoint``. Can be specified
- multiple times as in ``endpoint=[::1] endpoint=192.168.0.100:8000``.
+:Description: Sets the listening address in the form ``address[:port]``, where
+ the address is an IPv4 address string in dotted decimal form, or
+ an IPv6 address in hexadecimal notation surrounded by square
+ brackets. Specifying a IPv6 endpoint would listen to v6 only. The
+ optional port defaults to 80 for ``endpoint`` and 443 for
+ ``ssl_endpoint``. Can be specified multiple times as in
+ ``endpoint=[::1] endpoint=192.168.0.100:8000``.
:Type: Integer
:Default: None
``ssl_certificate``
:Description: Path to the SSL certificate file used for SSL-enabled endpoints.
+ If path is prefixed with ``config://``, the certificate will be
+ pulled from the ceph monitor ``config-key`` database.
:Type: String
:Default: None
:Description: Optional path to the private key file used for SSL-enabled
endpoints. If one is not given, the ``ssl_certificate`` file
is used as the private key.
+ If path is prefixed with ``config://``, the certificate will be
+ pulled from the ceph monitor ``config-key`` database.
:Type: String
:Default: None
-``tcp_nodelay``
+``ssl_options``
-:Description: If set the socket option will disable Nagle's algorithm on
- the connection which means that packets will be sent as soon
- as possible instead of waiting for a full buffer or timeout to occur.
+:Description: Optional colon separated list of ssl context options:
- ``1`` Disable Nagel's algorithm for all sockets.
+ ``default_workarounds`` Implement various bug workarounds.
- ``0`` Keep the default: Nagel's algorithm enabled.
+ ``no_compression`` Disable compression.
-:Type: Integer (0 or 1)
-:Default: 0
+ ``no_sslv2`` Disable SSL v2.
+ ``no_sslv3`` Disable SSL v3.
-Civetweb
-========
+ ``no_tlsv1`` Disable TLS v1.
-.. versionadded:: Firefly
+ ``no_tlsv1_1`` Disable TLS v1.1.
-The ``civetweb`` frontend uses the Civetweb HTTP library, which is a
-fork of Mongoose.
+ ``no_tlsv1_2`` Disable TLS v1.2.
+ ``single_dh_use`` Always create a new key when using tmp_dh parameters.
-Options
--------
+:Type: String
+:Default: ``no_sslv2:no_sslv3:no_tlsv1:no_tlsv1_1``
-``port``
+``ssl_ciphers``
-:Description: Sets the listening port number. For SSL-enabled ports, add an
- ``s`` suffix like ``443s``. To bind a specific IPv4 or IPv6
- address, use the form ``address:port``. Multiple endpoints
- can either be separated by ``+`` as in ``127.0.0.1:8000+443s``,
- or by providing multiple options as in ``port=8000 port=443s``.
+:Description: Optional list of one or more cipher strings separated by colons.
+ The format of the string is described in openssl's ciphers(1)
+ manual.
:Type: String
-:Default: ``7480``
+:Default: None
+``tcp_nodelay``
-``num_threads``
+:Description: If set the socket option will disable Nagle's algorithm on
+ the connection which means that packets will be sent as soon
+ as possible instead of waiting for a full buffer or timeout to occur.
-:Description: Sets the number of threads spawned by Civetweb to handle
- incoming HTTP connections. This effectively limits the number
- of concurrent connections that the frontend can service.
+ ``1`` Disable Nagel's algorithm for all sockets.
-:Type: Integer
-:Default: ``rgw_thread_pool_size``
+ ``0`` Keep the default: Nagel's algorithm enabled.
+:Type: Integer (0 or 1)
+:Default: 0
-``request_timeout_ms``
+``max_connection_backlog``
-:Description: The amount of time in milliseconds that Civetweb will wait
- for more incoming data before giving up.
+:Description: Optional value to define the maximum size for the queue of
+ connections waiting to be accepted. If not configured, the value
+ from ``boost::asio::socket_base::max_connections`` will be used.
:Type: Integer
-:Default: ``30000``
-
-
-``ssl_certificate``
-
-:Description: Path to the SSL certificate file used for SSL-enabled ports.
-
-:Type: String
:Default: None
-``access_log_file``
-
-:Description: Path to a file for access logs. Either full path, or relative
- to the current working directory. If absent (default), then
- accesses are not logged.
-
-:Type: String
-:Default: ``EMPTY``
-
-
-``error_log_file``
+``request_timeout_ms``
-:Description: Path to a file for error logs. Either full path, or relative
- to the current working directory. If absent (default), then
- errors are not logged.
+:Description: The amount of time in milliseconds that Beast will wait
+ for more incoming data or outgoing data before giving up.
+ Setting this value to 0 will disable timeout.
-:Type: String
-:Default: ``EMPTY``
+:Type: Integer
+:Default: ``65000``
+``max_header_size``
-The following is an example of the ``/etc/ceph/ceph.conf`` file with some of these options set: ::
-
- [client.rgw.gateway-node1]
- rgw_frontends = civetweb
- request_timeout_ms = 30000
- error_log_file = /var/log/radosgw/civetweb.error.log
- access_log_file = /var/log/radosgw/civetweb.access.log
+:Description: The maximum number of header bytes available for a single request.
-A complete list of supported options can be found in the `Civetweb User Manual`_.
+:Type: Integer
+:Default: ``16384``
+:Maximum: ``65536``
Generic Options
:Default: None
-.. _Civetweb User Manual: https://civetweb.github.io/civetweb/UserManual.html
+.. _Config Reference: ../config-ref