SFTP Gateway Support

3.0

Environment Variables for launch_config.env

Environment Variables for launch_config.env

This document provides an overview of the configurable environment variables that can be specified in the launch_config.env file. These variables allow customization of cloud, database, logging, and authentication-related configurations for your deployment. These variables became available in SFTP Gateway v3.7.1.

Configuration Variables

Cloud Provider Settings

  • CLOUD_PROVIDER
    Description: Specifies the cloud provider to bypass using the Instance Metadata Service (IMDS) for cloud determination.
    Possible Values: "gcp", "aws", "azure", or "alibaba".
    Default: Empty (will attempt to use IMDS).
    Example:

    • CLOUD_PROVIDER="aws"

  • CLOUD_REGION
    Description: Specifies the cloud region to bypass using the IMDS for region determination.
    Default: Empty (will attempt to use IMDS).
    Example:

    • CLOUD_REGION="us-east-1"

Instance and Logging Settings

  • INSTANCE_ID
    Description: Specifies an instance identifier to create unique log group and log stream names. When set, IMDS is bypassed for retrieving the instance ID.
    Default: Empty (will attempt to use IMDS).
    Example:

    • INSTANCE_ID="my-instance-id"

  • LOG_GROUP_NAME
    Description: Provides a custom name for the log group.
    Default: Empty (uses the default log group name).
    Example:

    • LOG_GROUP_NAME="my-log-group"

Secret Management

  • SECRET_ID
    Description: Points to the secret where the dbPassword is stored. If blank, secrets will not be fetched from the secrets manager or key vault.
    Default: Empty (skips secret management).
    Example:

    • SECRET_ID="my-secret-id"

Architecture Configuration

  • ARCHITECTURE
    Description: Specifies the deployment architecture.
    Possible Values: "Single" or "HA".
    Default: "Single".
    Example:

    • ARCHITECTURE="HA"

Database Configuration

  • DB_HOST
    Description: Defines the database host. Setting this to something other than localhost implies an HA architecture.
    Default: "localhost".
    Example:

    • DB_HOST="db.example.com"

  • DB_PORT
    Description: Specifies the database port number.
    Default: "5432".
    Example:

    • DB_PORT="5432"

  • SFTPGW_DB_PASSWORD
    Description: If set to a non-blank value, bypasses secret management for fetching the database password.
    Default: Empty.
    Example:

    • SFTPGW_DB_PASSWORD="secure-password"

  • SFTPGW_DB_USER
    Description: Overrides the default database username.
    Default: "sftpgw".
    Example:

    • SFTPGW_DB_USER="custom-user"

  • SFTPGW_DB_NAME
    Description: Overrides the default database name.
    Default: "sftpgw".
    Example:

    • SFTPGW_DB_NAME="custom-db-name"

  • DO_CREATE_DB
    Description: Determines if the database needs to be created, along with installing the ltree extension.
    Possible Values: "yes" (create database) or "no" (skip creation).
    Default: "yes".
    Example:

    • DO_CREATE_DB="no"

  • USE_AWS_RDS_IAM_AUTHENTICATION
    Description: Enables or disables AWS RDS IAM authentication.
    Possible Values: "yes" or "no".
    Default: "yes".
    Example:

    • USE_AWS_RDS_IAM_AUTHENTICATION="no"

  • USE_GCP_CLOUD_PROXY
    Description: Enables or disables GCP Cloud Proxy.
    Possible Values: "yes" or "no".
    Default: "yes".
    Example:

    • USE_GCP_CLOUD_PROXY="no"

  • GCP_SERVICE_ACCOUNT_NAME
    Description: Specifies the service account name to bypass retrieval from IMDS when using GCP Cloud Proxy.
    Default: Empty.
    Example:

    • GCP_SERVICE_ACCOUNT_NAME="my-service-account"

Authentication and Authorization

  • OAUTH_CLIENT_ID
    Description: Overrides the default client ID for communication between the UI and backend.
    Default: Empty.
    Example:

    • OAUTH_CLIENT_ID="my-client-id"

  • OAUTH_CLIENT_SECRET
    Description: Overrides the default client secret for communication between the UI and backend.
    Default: Empty.
    Example:

    • OAUTH_CLIENT_SECRET="my-client-secret"

Network Configuration

  • LOAD_BALANCER_ADDRESSES
    Description: Specifies a comma-separated list of CIDRs and/or hostnames that the x-forwarded-for header can trust.
    Default: Empty.
    Example:

    • LOAD_BALANCER_ADDRESSES="192.168.1.0/24,proxy.example.com"

License Configuration

  • LICENSE
    Description: Specify the license file content to create a license.key in /opt/sftpgw and specify it in application properties.
    Default: Empty.

Example:

* LICENSE="rLH/HX7q/2FjuEqDjahm8jthDhVQQTvf4wSm3pkfUXNahe4kM2jfVaffhjsINVkTA/gvxf/OvMe/ +qEAMdv4BG9n06Qxr+5DAk/tBmhCjr6qFI7YYaSs4Ztlb3+oc47zazSL04VshNfhP/yVOrnecwseGheajao/7a1fNw8b63CBMu8/8qL0GskCRNWMBtXpz5NJDxmr8zBfh03xWkkAOl/vxS9d8a4VxYhmx8Gne5Vh4+FewAO3d5gmjeWt81tQdT5p8h81WjN4jHkZPXf8yR5SVuBoONP6/jmvUfcaLWNSBsYgUayzpZYhsfUlZVduzWmNrZjF6i6YmTwW93Z7IQ==|"

Usage

  1. Create a file named launch_config.env using UserData in the launch template:
  UserData:
    Fn::Base64: !Sub |
      #cloud-config
      repo_update: true
      repo_upgrade: all
      write_files:
      - content : |
          #!/bin/bash
          export CLOUD_PROVIDER=aws
          export ARCHITECTURE=Single
          export LOG_GROUP_NAME=${LogGroup}
        path: /opt/sftpgw/launch_config.env
      runcmd:
        - /opt/aws/bin/cfn-init --stack ${AWS::StackName} --resource SFTPGatewayInstance --region ${AWS::Region}
        - /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource SFTPGatewayInstance --region ${AWS::Region}
        - '[ -n "${WebAdminPassword}" ] && [ -n "${WebAdminUsername}" ] &&  curl -X "POST" "http://localhost:8080/3.0.0/admin/config" -H "accept: */*" -H "Content-Type: application/json" -d "{\"password\": \"${WebAdminPassword}\",\"username\": \"${WebAdminUsername}\"}"'
  1. Add the desired variables in key=value format in the launch_config.env file creation.
PreviousNext