[DEFAULT] # bind_ip = 0.0.0.0 # bind_port = 80 # backlog = 4096 # swift_dir = /etc/swift # workers = 1 # user = swift # cert_file = /etc/swift/proxy.crt # key_file = /etc/swift/proxy.key # You can specify default log routing here if you want: # log_name = swift # log_facility = LOG_LOCAL0 # log_level = INFO [pipeline:main] pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server [app:proxy-server] use = egg:swift#proxy # You can override the default log routing for this app here: # set log_name = proxy-server # set log_facility = LOG_LOCAL0 # set log_level = INFO # set access_log_name = proxy-server # set access_log_facility = LOG_LOCAL0 # set access_log_level = INFO # set log_headers = False # recheck_account_existence = 60 # recheck_container_existence = 60 # object_chunk_size = 8192 # client_chunk_size = 8192 # node_timeout = 10 # client_timeout = 60 # conn_timeout = 0.5 # How long without an error before a node's error count is reset. This will # also be how long before a node is reenabled after suppression is triggered. # error_suppression_interval = 60 # How many errors can accumulate before a node is temporarily ignored. # error_suppression_limit = 10 # If set to 'true' any authorized user may create and delete accounts; if # 'false' no one, even authorized, can. # allow_account_management = false [filter:swauth] use = egg:swift#swauth # You can override the default log routing for this filter here: # set log_name = auth-server # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # The reseller prefix will verify a token begins with this prefix before even # attempting to validate it. Also, with authorization, only Swift storage # accounts with this prefix will be authorized by this middleware. Useful if # multiple auth systems are in use for one Swift cluster. # reseller_prefix = AUTH # The auth prefix will cause requests beginning with this prefix to be routed # to the auth subsystem, for granting tokens, creating accounts, users, etc. # auth_prefix = /auth/ # Cluster strings are of the format name#url where name is a short name for the # Swift cluster and url is the url to the proxy server(s) for the cluster. # default_swift_cluster = local#http://127.0.0.1:8080/v1 # You may also use the format name#url#url where the first url is the one # given to users to access their account (public url) and the second is the one # used by swauth itself to create and delete accounts (private url). This is # useful when a load balancer url should be used by users, but swauth itself is # behind the load balancer. Example: # default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1 # token_life = 86400 # node_timeout = 10 # Highly recommended to change this. super_admin_key = swauthkey [filter:healthcheck] use = egg:swift#healthcheck # You can override the default log routing for this filter here: # set log_name = healthcheck # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False [filter:cache] use = egg:swift#memcache # You can override the default log routing for this filter here: # set log_name = cache # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # Default for memcache_servers is below, but you can specify multiple servers # with the format: 10.1.2.3:11211,10.1.2.4:11211 # memcache_servers = 127.0.0.1:11211 [filter:ratelimit] use = egg:swift#ratelimit # You can override the default log routing for this filter here: # set log_name = ratelimit # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # clock_accuracy should represent how accurate the proxy servers' system clocks # are with each other. 1000 means that all the proxies' clock are accurate to # each other within 1 millisecond. No ratelimit should be higher than the # clock accuracy. # clock_accuracy = 1000 # max_sleep_time_seconds = 60 # log_sleep_time_seconds of 0 means disabled # log_sleep_time_seconds = 0 # allows for slow rates (e.g. running up to 5 sec's behind) to catch up. # rate_buffer_seconds = 5 # account_ratelimit of 0 means disabled # account_ratelimit = 0 # these are comma separated lists of account names # account_whitelist = a,b # account_blacklist = c,d # with container_limit_x = r # for containers of size x limit requests per second to r. The container # rate will be linearly interpolated from the values given. With the values # below, a container of size 5 will get a rate of 75. # container_ratelimit_0 = 100 # container_ratelimit_10 = 50 # container_ratelimit_50 = 20 [filter:domain_remap] use = egg:swift#domain_remap # You can override the default log routing for this filter here: # set log_name = domain_remap # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # storage_domain = example.com # path_root = v1 # reseller_prefixes = AUTH [filter:catch_errors] use = egg:swift#catch_errors # You can override the default log routing for this filter here: # set log_name = catch_errors # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False [filter:cname_lookup] # Note: this middleware requires python-dnspython use = egg:swift#cname_lookup # You can override the default log routing for this filter here: # set log_name = cname_lookup # set log_facility = LOG_LOCAL0 # set log_level = INFO # set log_headers = False # storage_domain = example.com # lookup_depth = 1 # Note: Put staticweb just after your auth filter(s) in the pipeline [filter:staticweb] use = egg:swift#staticweb # Seconds to cache container x-container-meta-web-* header values. # cache_timeout = 300 # You can override the default log routing for this filter here: # set log_name = staticweb # set log_facility = LOG_LOCAL0 # set log_level = INFO # set access_log_name = staticweb # set access_log_facility = LOG_LOCAL0 # set access_log_level = INFO # set log_headers = False