### Start Infrastructure (Step-by-Step) Source: https://docs.safebucket.io/getting-started/dev-deployment Navigate to the dev deployment directory and start the infrastructure services. ```bash cd deployments/dev docker compose up -d ``` -------------------------------- ### Run Safebucket Backend Source: https://docs.safebucket.io/getting-started/dev-deployment Execute the main Go application file to start the Safebucket backend server. ```bash go run main.go ``` -------------------------------- ### Build Frontend Assets Source: https://docs.safebucket.io/getting-started/dev-deployment Install frontend dependencies and create a production build for the web application. ```bash cd web npm install npm run build cd .. ``` -------------------------------- ### Start Safebucket Services with Docker Compose Source: https://docs.safebucket.io/getting-started/local-full-deployment Start all services defined in the Docker Compose file in detached mode. This command requires Docker and Docker Compose to be installed and running. ```bash docker compose up -d ``` -------------------------------- ### Configure Terraform Variables Source: https://docs.safebucket.io/getting-started/aws-deployment Navigate to the Terraform deployment directory, copy the example variables file, and customize it for your environment. ```bash cd deployments/aws/terraform # Copy and customize the configuration cp terraform.tfvars.example terraform.tfvars vim terraform.tfvars ``` -------------------------------- ### Basic Application Configuration Example Source: https://docs.safebucket.io/configuration/environment-variables Configure essential application settings like API URLs, ports, security tokens, and admin credentials. ```bash APP__API_URL=http://localhost:1323 APP__WEB_URL=http://localhost:3001 APP__PORT=1323 APP__TOKEN_SECRET=your-256-bit-secret APP__ADMIN_EMAIL=admin@safebucket.io APP__ADMIN_PASSWORD=ChangeMePlease APP__ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000 APP__TRUSTED_PROXIES=127.0.0.1,::1 ``` -------------------------------- ### Start Safebucket Lite Services Source: https://docs.safebucket.io/getting-started/local-lite-deployment Start the Safebucket lite deployment services using Docker Compose in detached mode. ```bash docker compose up -d ``` -------------------------------- ### Development Environment Configuration Source: https://docs.safebucket.io/getting-started/aws-deployment Example configuration for a development environment. Adjust resource types and retention periods for testing. ```hcl project_name = "safebucket" environment = "dev" rds_instance_class = "db.t3.micro" redis_node_type = "cache.t3.micro" redis_log_retention_days = 3 rds_backup_retention_period = 1 enable_autoscaling = false ``` -------------------------------- ### Configure Multiple OIDC Providers Source: https://docs.safebucket.io/configuration/authentication Set up multiple OpenID Connect (OIDC) providers for authentication. This example configures Pocket ID and Authelia. ```env AUTH__PROVIDERS__KEYS=local,pocketid,authelia # Pocket ID AUTH__PROVIDERS__POCKETID__NAME=Pocket ID AUTH__PROVIDERS__POCKETID__TYPE=oidc AUTH__PROVIDERS__POCKETID__OIDC__CLIENT_ID=pocketid-client-id AUTH__PROVIDERS__POCKETID__OIDC__CLIENT_SECRET=pocketid-secret AUTH__PROVIDERS__POCKETID__OIDC__ISSUER=https://auth.yourdomain.com # Authelia AUTH__PROVIDERS__AUTHELIA__NAME=Company SSO AUTH__PROVIDERS__AUTHELIA__TYPE=oidc AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_ID=safebucket AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_SECRET=authelia-secret AUTH__PROVIDERS__AUTHELIA__OIDC__ISSUER=https://sso.company.com ``` -------------------------------- ### Production Environment Configuration Source: https://docs.safebucket.io/getting-started/aws-deployment Example configuration for a production environment. Features larger instances, longer retention, and enabled autoscaling. ```hcl project_name = "safebucket" environment = "prod" rds_instance_class = "db.t3.medium" redis_node_type = "cache.t3.small" redis_log_retention_days = 30 rds_backup_retention_period = 30 rds_deletion_protection = true enable_autoscaling = true safebucket_max_capacity = 5 safebucket_cpu = 1024 safebucket_memory = 2048 ``` -------------------------------- ### Minimal Resources for Development Environment Source: https://docs.safebucket.io/getting-started/aws-deployment Configure cost-effective resources for a development environment. This setup prioritizes lower costs over high performance and availability. ```hcl # Minimal resources for development rds_instance_class = "db.t3.micro" redis_node_type = "cache.t3.micro" redis_log_retention_days = 3 rds_backup_retention_period = 1 rds_deletion_protection = false enable_autoscaling = false ``` -------------------------------- ### Clone Safebucket Repository Source: https://docs.safebucket.io/getting-started/local-full-deployment Clone the Safebucket repository and navigate to the local full deployment directory. Ensure you have Git installed. ```bash git clone https://github.com/safebucket/safebucket cd safebucket/deployments/local/full ``` -------------------------------- ### YAML Configuration for OIDC Provider Source: https://docs.safebucket.io/configuration/authentication Configure OIDC providers using YAML. This example shows basic provider settings and sharing restrictions. ```yaml auth: providers: provider_name: type: oidc name: Display Name oidc: client_id: your-client-id client_secret: your-client-secret issuer: https://provider-issuer-url sharing: allowed: true domains: - yourdomain.com ``` -------------------------------- ### Complete Local Development Environment Variables Source: https://docs.safebucket.io/configuration/environment-variables A comprehensive set of environment variables for a local Safebucket development setup, including application, database, cache, storage, events, email, activity logging, and authentication configurations. ```dotenv # Application APP__LOG_LEVEL=info APP__API_URL=http://localhost:8080 APP__WEB_URL=http://localhost:8080 APP__PORT=8080 APP__TOKEN_SECRET=6n5o+dFncio8gQA4jt7pUJrJz92WrqD25zXAa8ashxA APP__ADMIN_EMAIL=admin@safebucket.io APP__ADMIN_PASSWORD=ChangeMePlease APP__ALLOWED_ORIGINS=http://localhost:8080,http://127.0.0.1:8080 APP__TRUSTED_PROXIES=127.0.0.1,::1 APP__TRASH_RETENTION_DAYS=7 APP__STATIC_FILES__ENABLED=true APP__STATIC_FILES__DIRECTORY=web/dist # Database DATABASE__TYPE=postgres DATABASE__POSTGRES__HOST=localhost DATABASE__POSTGRES__PORT=5432 DATABASE__POSTGRES__USER=safebucket-user DATABASE__POSTGRES__PASSWORD=safebucket-password DATABASE__POSTGRES__NAME=safebucket DATABASE__POSTGRES__SSLMODE=disable # Cache (Valkey) CACHE__TYPE=valkey CACHE__VALKEY__HOSTS=localhost:6379 CACHE__VALKEY__PASSWORD=safebucket-password # Storage (RustFS) STORAGE__TYPE=rustfs STORAGE__RUSTFS__BUCKET_NAME=safebucket STORAGE__RUSTFS__ENDPOINT=bucket:9000 STORAGE__RUSTFS__EXTERNAL_ENDPOINT=http://localhost:9000 STORAGE__RUSTFS__ACCESS_KEY=rustfsadmin STORAGE__RUSTFS__SECRET_KEY=rustfsadmin # Events (NATS JetStream) EVENTS__TYPE=jetstream EVENTS__JETSTREAM__HOST=nats EVENTS__JETSTREAM__PORT=4222 EVENTS__QUEUES__NOTIFICATIONS__NAME=safebucket-notifications EVENTS__QUEUES__BUCKET_EVENTS__NAME=safebucket-bucket-events EVENTS__QUEUES__OBJECT_DELETION__NAME=safebucket-object-deletion # Email (SMTP) NOTIFIER__TYPE=smtp NOTIFIER__SMTP__HOST=mailpit NOTIFIER__SMTP__PORT=1025 NOTIFIER__SMTP__SENDER=notifications@safebucket.io NOTIFIER__SMTP__TLS_MODE=none NOTIFIER__SMTP__SKIP_VERIFY_TLS=false # Activity Logging (Loki) ACTIVITY__TYPE=loki ACTIVITY__LOKI__ENDPOINT=http://loki:3100 # Authentication - Local Provider AUTH__PROVIDERS__KEYS=local AUTH__PROVIDERS__LOCAL__NAME=local AUTH__PROVIDERS__LOCAL__TYPE=local # Authentication - OIDC Provider (Optional, commented example) # AUTH__PROVIDERS__KEYS=local,authelia # AUTH__PROVIDERS__AUTHELIA__NAME=Authelia # AUTH__PROVIDERS__AUTHELIA__TYPE=oidc # AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_ID=your-client-id # AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_SECRET=your-client-secret # AUTH__PROVIDERS__AUTHELIA__OIDC__ISSUER=https://auth.local # AUTH__PROVIDERS__AUTHELIA__OIDC__SHARING__ENABLED=true ``` -------------------------------- ### Gmail SMTP Configuration Source: https://docs.safebucket.io/configuration/notification-providers/smtp Example configuration for sending emails via Gmail's SMTP server. Requires generating an App Password for authentication. ```yaml notifier: type: smtp smtp: host: smtp.gmail.com port: 587 username: your-email@gmail.com password: your-16-digit-app-password sender: your-email@gmail.com tls_mode: starttls skip_verify_tls: false ``` -------------------------------- ### Verify Safebucket Deployment Status Source: https://docs.safebucket.io/getting-started/local-full-deployment Check the status of all running containers for the Safebucket deployment. This command helps confirm that all services have started successfully. ```bash docker compose ps ``` -------------------------------- ### Environment Variables for AWS Configuration Source: https://docs.safebucket.io/configuration/storage-providers/aws-s3 Configure Safebucket's storage and event notification settings using environment variables. This example includes S3 bucket name, SQS queue name, and AWS credentials. ```dotenv # Storage configuration STORAGE__TYPE=aws STORAGE__AWS__BUCKET_NAME=your-safebucket STORAGE__AWS__SQS_NAME=safebucket-sqs # AWS credentials (or use any method from the credential chain above) AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY AWS_REGION=us-east-1 # Events configuration EVENTS__TYPE=aws EVENTS__AWS__REGION=us-east-1 EVENTS__AWS__ACCOUNT_ID=123456789012 EVENTS__AWS__SQS_NAME=safebucket-sqs ``` -------------------------------- ### Configure CORS for Hetzner Object Storage using AWS CLI Source: https://docs.safebucket.io/configuration/storage-providers/generic-s3 Set up Cross-Origin Resource Sharing (CORS) for Hetzner Object Storage. This example uses the AWS CLI with a specified profile and endpoint. ```bash aws configure --profile hetzner aws s3api put-bucket-cors \ --profile hetzner \ --bucket safebucket \ --endpoint-url https://hel1.your-objectstorage.com \ --cors-configuration '{ \ "CORSRules": [ \ { \ "AllowedOrigins": ["http://localhost:3000"], \ "AllowedMethods": ["GET", "POST", "PUT", "HEAD"], \ "AllowedHeaders": ["*"], \ "ExposeHeaders": ["ETag"], \ "MaxAgeSeconds": 3600 \ } \ ] \ }' ``` -------------------------------- ### Build and Run Safebucket Locally Source: https://docs.safebucket.io/getting-started/dev-deployment Build the frontend assets and run the Safebucket backend application locally. ```bash # Build the frontend cd web npm install npm run dev # Run the backend cd .. go run main.go ``` -------------------------------- ### Initialize and Apply Terraform Configuration Source: https://docs.safebucket.io/getting-started/aws-deployment Initialize Terraform, review the planned infrastructure changes, and then apply the configuration to deploy your AWS resources. ```bash # Initialize Terraform terraform init # Review the planned changes terraform plan # Apply the configuration terraform apply ``` -------------------------------- ### Run All Tests Source: https://docs.safebucket.io/getting-started/dev-deployment Execute all tests within the project using the Go testing framework. ```bash go test ./... ``` -------------------------------- ### Configure Filesystem Provider with Environment Variables Source: https://docs.safebucket.io/configuration/notification-providers/filesystem Set the notification provider type to 'filesystem' and specify the directory for storing notification files using environment variables. ```bash NOTIFIER__TYPE=filesystem NOTIFIER__FILESYSTEM__DIRECTORY=./data/notifications ``` -------------------------------- ### Configure Local Authentication Environment Variables Source: https://docs.safebucket.io/configuration/authentication Set the token signing secret and default admin user credentials using environment variables for local authentication. ```bash # Token signing secret APP__TOKEN_SECRET=your-256-bit-secret-key # Admin User APP__ADMIN_EMAIL=admin@safebucket.io APP__ADMIN_PASSWORD=ChangeMePlease ``` -------------------------------- ### SQLite YAML Configuration Source: https://docs.safebucket.io/configuration/database-providers/sqlite Set up SQLite using YAML configuration by defining the database type and the path to the database file under the 'sqlite' key. ```yaml database: type: sqlite sqlite: path: /data/safebucket.db ``` -------------------------------- ### Get Application Load Balancer DNS Name Source: https://docs.safebucket.io/getting-started/aws-deployment Retrieve the DNS name of the Application Load Balancer (ALB) after ECS deployment using Terraform. ```shell terraform output alb_dns_name ``` -------------------------------- ### Enable MFA for Local Provider (Environment Variable) Source: https://docs.safebucket.io/configuration/mfa Use environment variables to enforce MFA for users authenticating via the 'local' provider. ```bash # Require MFA for users authenticating with the "local" provider AUTH__PROVIDERS__LOCAL__MFA_REQUIRED=true ``` -------------------------------- ### Filesystem Activity Provider Environment Variables Source: https://docs.safebucket.io/configuration/activity-providers/filesystem Configure the Filesystem activity provider using environment variables. Ensure ACTIVITY__TYPE is set to 'filesystem' and specify the directory for storing activity logs. ```shell ACTIVITY__TYPE=filesystem ACTIVITY__FILESYSTEM__DIRECTORY=./data/activity ``` -------------------------------- ### Loki Configuration via Environment Variables Source: https://docs.safebucket.io/configuration/activity-providers/loki Configure the Loki activity provider by setting environment variables. Ensure ACTIVITY__TYPE is set to 'loki' and provide the Loki endpoint URL. ```bash ACTIVITY__TYPE=loki ACTIVITY__LOKI__ENDPOINT=http://localhost:3100 ``` -------------------------------- ### Configure CORS for Storj Bucket using AWS CLI Source: https://docs.safebucket.io/configuration/storage-providers/generic-s3 Set up Cross-Origin Resource Sharing (CORS) for your Storj bucket using the AWS CLI. This example configures allowed origins and methods for your application. Replace `http://localhost:3000` with your application's URL. ```bash aws configure --profile storj aws s3api put-bucket-cors \ --profile storj \ --bucket safebucket \ --endpoint-url https://gateway.storjshare.io \ --cors-configuration '{ \ "CORSRules": [ \ { \ "AllowedOrigins": ["http://localhost:3000"], \ "AllowedMethods": ["GET", "POST", "PUT", "HEAD"], \ "AllowedHeaders": ["*"], \ "ExposeHeaders": ["ETag"], \ "MaxAgeSeconds": 3600 \ } \ ] \ }' ``` -------------------------------- ### Check ECS Service Events and Task Logs Source: https://docs.safebucket.io/getting-started/aws-deployment Use these AWS CLI commands to diagnose issues with ECS tasks not starting. First, check the service events for the specified cluster and service, then examine the task logs using the provided log group name. ```bash # Check ECS service events aws ecs describe-services --cluster safebucket-dev-cluster --services safebucket-dev-safebucket # Check task logs aws logs get-log-events --log-group-name /ecs/safebucket-dev-safebucket --log-stream-name ``` -------------------------------- ### Create Pub/Sub Topic and Subscription with gcloud Source: https://docs.safebucket.io/configuration/storage-providers/google-cloud-storage Set up a Pub/Sub topic and subscription for GCS event notifications using the gcloud CLI. These are required for Safebucket to receive event data from Google Cloud Storage. ```bash # Create topic gcloud pubsub topics create safebucket-bucket-events # Create subscription gcloud pubsub subscriptions create safebucket-bucket-events-sub \ --topic=safebucket-bucket-events ``` -------------------------------- ### Configure TLS Certificates Source: https://docs.safebucket.io/configuration/environment-variables Provide paths to TLS certificate and key files for enabling HTTPS. This is required if you intend to use TLS. ```bash APP__TLS_CERT_FILE=/etc/safebucket/tls/tls.crt APP__TLS_KEY_FILE=/etc/safebucket/tls/tls.key ``` -------------------------------- ### Filesystem Activity Provider YAML Configuration Source: https://docs.safebucket.io/configuration/activity-providers/filesystem Configure the Filesystem activity provider using YAML. Set the activity type to 'filesystem' and define the directory for storing activity logs under the 'filesystem' key. ```yaml activity: type: filesystem filesystem: directory: ./data/activity ``` -------------------------------- ### Create Service Account and Download Key with gcloud Source: https://docs.safebucket.io/configuration/storage-providers/google-cloud-storage Create a dedicated service account for Safebucket's GCS integration and assign it the necessary Storage Admin role. Download the service account key for authentication. ```bash # Create service account gcloud iam service-accounts create safebucket-storage # Add roles gcloud projects add-iam-policy-binding your-project-id \ --member="serviceAccount:safebucket-storage@your-project-id.iam.gserviceaccount.com" \ --role="roles/storage.admin" # Download key gcloud iam service-accounts keys create gcs-key.json \ --iam-account=safebucket-storage@your-project-id.iam.gserviceaccount.com ``` -------------------------------- ### Enable Tracing with Tempo Backend Source: https://docs.safebucket.io/configuration/environment-variables Configure Safebucket to export OpenTelemetry traces to a Tempo backend. Ensure the Tempo endpoint is correctly specified. ```yaml tracing: enabled: true type: tempo tempo: endpoint: http://localhost:4318 service_name: safebucket sampling_rate: 1.0 ``` -------------------------------- ### Enable MFA for Providers (YAML Configuration) Source: https://docs.safebucket.io/configuration/mfa Configure MFA enforcement for multiple authentication providers, including 'local' and 'ldap', using YAML. ```yaml auth: providers: local: type: local mfa_required: true myldap: type: ldap mfa_required: true ``` -------------------------------- ### Configure Filesystem Provider with YAML Source: https://docs.safebucket.io/configuration/notification-providers/filesystem Configure the Filesystem notification provider in YAML format by setting the type to 'filesystem' and defining the directory for notification files. ```yaml notifier: type: filesystem filesystem: directory: ./data/notifications ``` -------------------------------- ### Run Tests with Coverage Source: https://docs.safebucket.io/getting-started/dev-deployment Execute all tests and generate a code coverage report. ```bash go test -cover ./... ``` -------------------------------- ### Enable Profiling with Pyroscope Backend Source: https://docs.safebucket.io/configuration/environment-variables Configure Safebucket to send continuous profiling data to a Pyroscope server. Specify the server address and application name. ```yaml profiling: enabled: true type: pyroscope pyroscope: server_address: http://localhost:4040 application_name: safebucket upload_rate: 15 ``` -------------------------------- ### Configure Event Queues with Environment Variables Source: https://docs.safebucket.io/configuration/event-providers Set up the names for the notification, bucket events, and object deletion queues using environment variables. These variables are essential for routing different types of events. ```bash EVENTS__QUEUES__NOTIFICATIONS__NAME=safebucket-notifications EVENTS__QUEUES__BUCKET_EVENTS__NAME=safebucket-bucket-events EVENTS__QUEUES__OBJECT_DELETION__NAME=safebucket-object-deletion ``` -------------------------------- ### Environment Variable Configuration for GCP Pub/Sub Source: https://docs.safebucket.io/configuration/event-providers/gcp-pubsub Configure the GCP Pub/Sub event provider using environment variables. Ensure project ID and subscription suffix are set. ```bash EVENTS__TYPE=gcp EVENTS__GCP__PROJECT_ID=my-project EVENTS__GCP__SUBSCRIPTION_SUFFIX=-sub ``` -------------------------------- ### Clone Safebucket Repository Source: https://docs.safebucket.io/getting-started/local-lite-deployment Clone the Safebucket repository and navigate to the local lite deployment directory. ```bash git clone https://github.com/safebucket/safebucket cd safebucket/deployments/local/lite ``` -------------------------------- ### Scaled Resources for Production Environment Source: https://docs.safebucket.io/getting-started/aws-deployment Configure resources optimized for a production environment, balancing performance, cost, and availability. Autoscaling is enabled for dynamic resource adjustment. ```hcl # Scaled resources for production rds_instance_class = "db.t3.medium" # or larger based on load redis_node_type = "cache.t3.small" # or larger based on load redis_log_retention_days = 30 rds_backup_retention_period = 30 rds_deletion_protection = true enable_autoscaling = true safebucket_max_capacity = 5 ``` -------------------------------- ### SQLite Environment Variables Source: https://docs.safebucket.io/configuration/database-providers/sqlite Configure SQLite by setting the DATABASE__TYPE and DATABASE__SQLITE__PATH environment variables. The path specifies the location of the database file. ```env DATABASE__TYPE=sqlite DATABASE__SQLITE__PATH=/data/safebucket.db ``` -------------------------------- ### Configure TLS Certificates via YAML Source: https://docs.safebucket.io/configuration/environment-variables Alternatively, configure TLS certificate and key file paths using a YAML configuration file. ```yaml app: tls_cert_file: /etc/safebucket/tls/tls.crt tls_key_file: /etc/safebucket/tls/tls.key ``` -------------------------------- ### MinIO YAML Configuration Source: https://docs.safebucket.io/configuration/storage-providers/minio Alternatively, configure MinIO storage using a YAML file. This provides a structured way to set bucket name, endpoints, and credentials. ```yaml storage: type: minio minio: bucket_name: safebucket endpoint: bucket:9000 external_endpoint: localhost:9000 client_id: minio-root-user client_secret: minio-root-password ``` -------------------------------- ### Configure Authelia Authentication Source: https://docs.safebucket.io/configuration/authentication Configure environment variables for Authelia OIDC authentication. Ensure the callback URL is correctly set in your Authelia configuration. ```env AUTH__PROVIDERS__KEYS=authelia AUTH__PROVIDERS__AUTHELIA__NAME=Authelia AUTH__PROVIDERS__AUTHELIA__TYPE=oidc AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_ID=safebucket AUTH__PROVIDERS__AUTHELIA__OIDC__CLIENT_SECRET=your-secret AUTH__PROVIDERS__AUTHELIA__OIDC__ISSUER=https://auth.yourdomain.com ``` -------------------------------- ### RustFS YAML Configuration for Storage Source: https://docs.safebucket.io/configuration/storage-providers/rustfs Configure RustFS storage using YAML. This includes the storage type, bucket name, internal and external endpoints, and access credentials. ```yaml storage: type: rustfs rustfs: bucket_name: safebucket endpoint: bucket:9000 external_endpoint: http://localhost:9000 access_key: rustfsadmin secret_key: rustfsadmin ``` -------------------------------- ### Clone Safebucket Repository Source: https://docs.safebucket.io/getting-started/dev-deployment Clone the Safebucket repository and navigate to the development deployment directory. ```bash git clone https://github.com/safebucket/safebucket cd safebucket/deployments/dev ``` -------------------------------- ### Configure Bucket Notifications with gsutil Source: https://docs.safebucket.io/configuration/storage-providers/google-cloud-storage Configure your Google Cloud Storage bucket to send event notifications to a specified Pub/Sub topic using the gsutil command-line tool. ```bash gsutil notification create -t safebucket-bucket-events \ -f json gs://safebucket-gcp ``` -------------------------------- ### Set Configuration File Path Source: https://docs.safebucket.io/configuration/environment-variables Specify the location of the Safebucket configuration file using the CONFIG_FILE_PATH environment variable. ```bash CONFIG_FILE_PATH=/path/to/config.yaml ``` -------------------------------- ### Environment Variables for Valkey Cache Source: https://docs.safebucket.io/configuration/cache-providers/valkey Configure the Valkey cache provider by setting environment variables. This includes specifying the cache type, host addresses, password, and TLS settings. ```bash CACHE__TYPE=valkey CACHE__VALKEY__HOSTS=localhost:6379 CACHE__VALKEY__PASSWORD=changeme CACHE__VALKEY__TLS_ENABLED=false CACHE__VALKEY__TLS_SERVER_NAME= ``` -------------------------------- ### Configure Memory Event Provider via Environment Variable Source: https://docs.safebucket.io/configuration/event-providers/memory Set the EVENTS__TYPE environment variable to 'memory' to enable the Memory event provider. This is a simple way to configure the provider for single instances. ```bash EVENTS__TYPE=memory ``` -------------------------------- ### Configure GitHub Authentication Source: https://docs.safebucket.io/configuration/authentication Configure environment variables for GitHub OIDC authentication. This requires creating an OAuth App on GitHub and setting the correct callback URL. ```env AUTH__PROVIDERS__KEYS=github AUTH__PROVIDERS__GITHUB__NAME=GitHub AUTH__PROVIDERS__GITHUB__TYPE=oidc AUTH__PROVIDERS__GITHUB__OIDC__CLIENT_ID=your-github-client-id AUTH__PROVIDERS__GITHUB__OIDC__CLIENT_SECRET=your-github-client-secret AUTH__PROVIDERS__GITHUB__OIDC__ISSUER=https://github.com ``` -------------------------------- ### Loki Configuration via YAML Source: https://docs.safebucket.io/configuration/activity-providers/loki Configure the Loki activity provider using YAML syntax. Set the activity type to 'loki' and specify the Loki endpoint within the 'loki' section. ```yaml activity: type: loki loki: endpoint: http://localhost:3100 ``` -------------------------------- ### MinIO Environment Variables Configuration Source: https://docs.safebucket.io/configuration/storage-providers/minio Configure MinIO storage by setting these environment variables. Ensure endpoints are correctly set for internal and external access. ```shell STORAGE__TYPE=minio STORAGE__MINIO__BUCKET_NAME=safebucket STORAGE__MINIO__ENDPOINT=bucket:9000 # Internal Docker network endpoint STORAGE__MINIO__EXTERNAL_ENDPOINT=localhost:9000 # Browser-accessible endpoint STORAGE__MINIO__CLIENT_ID=minio-root-user STORAGE__MINIO__CLIENT_SECRET=minio-root-password ``` -------------------------------- ### Configure Local Authentication YAML Source: https://docs.safebucket.io/configuration/authentication Define the token signing secret, admin user credentials, and enable local authentication provider in the YAML configuration. ```yaml app: token_secret: your-256-bit-secret-key admin_email: admin@safebucket.io admin_password: ChangeMePlease auth: providers: local: type: local sharing: allowed: true ``` -------------------------------- ### Verify Safebucket Lite Deployment Source: https://docs.safebucket.io/getting-started/local-lite-deployment Check the status of the running services for the Safebucket lite deployment. ```bash docker compose ps ``` -------------------------------- ### Redis Configuration via Environment Variables Source: https://docs.safebucket.io/configuration/cache-providers/redis Set these environment variables to configure the Redis cache provider. Ensure all required variables are set for a successful connection. ```bash CACHE__TYPE=redis CACHE__REDIS__HOSTS=localhost:6379 CACHE__REDIS__PASSWORD=changeme CACHE__REDIS__TLS_ENABLED=false CACHE__REDIS__TLS_SERVER_NAME= ``` -------------------------------- ### Configure Okta Authentication Source: https://docs.safebucket.io/configuration/authentication Configure environment variables for Okta OIDC authentication. Ensure the issuer URL correctly points to your Okta domain. ```env AUTH__PROVIDERS__KEYS=okta AUTH__PROVIDERS__OKTA__NAME=Okta AUTH__PROVIDERS__OKTA__TYPE=oidc AUTH__PROVIDERS__OKTA__OIDC__CLIENT_ID=your-okta-client-id AUTH__PROVIDERS__OKTA__OIDC__CLIENT_SECRET=your-okta-secret AUTH__PROVIDERS__OKTA__OIDC__ISSUER=https://your-domain.okta.com ``` -------------------------------- ### Configure Google Authentication Source: https://docs.safebucket.io/configuration/authentication Set up environment variables for Google OIDC authentication. Ensure your Google Cloud Console project has an OAuth 2.0 Client ID and authorized redirect URIs configured. ```env AUTH__PROVIDERS__KEYS=google AUTH__PROVIDERS__GOOGLE__NAME=Google AUTH__PROVIDERS__GOOGLE__TYPE=oidc AUTH__PROVIDERS__GOOGLE__OIDC__CLIENT_ID=your-google-client-id AUTH__PROVIDERS__GOOGLE__OIDC__CLIENT_SECRET=your-google-client-secret AUTH__PROVIDERS__GOOGLE__OIDC__ISSUER=https://accounts.google.com ``` -------------------------------- ### YAML Configuration for Valkey Cache Source: https://docs.safebucket.io/configuration/cache-providers/valkey Configure the Valkey cache provider using YAML. This method allows for structured configuration of the cache type, hosts, password, and TLS options. ```yaml cache: type: valkey valkey: hosts: - localhost:6379 password: changeme tls_enabled: false tls_server_name: '' ``` -------------------------------- ### GCP Storage Environment Variables Source: https://docs.safebucket.io/configuration/storage-providers/google-cloud-storage Configure Safebucket's storage and event notification settings for Google Cloud Storage using environment variables. Ensure GOOGLE_APPLICATION_CREDENTIALS points to your service account key file. ```shell # Storage configuration STORAGE__TYPE=gcp STORAGE__GCP__BUCKET_NAME=safebucket-gcp STORAGE__GCP__PROJECT_ID=your-project-id STORAGE__GCP__TOPIC_NAME=safebucket-bucket-events STORAGE__GCP__SUBSCRIPTION_NAME=safebucket-bucket-events-sub # GCP credentials (or use any ADC method above) GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json # Events configuration EVENTS__TYPE=gcp EVENTS__GCP__PROJECT_ID=your-project-id EVENTS__GCP__TOPIC_NAME=safebucket-notifications EVENTS__GCP__SUBSCRIPTION_NAME=safebucket-notifications-sub ``` -------------------------------- ### SMTP Configuration via Environment Variables Source: https://docs.safebucket.io/configuration/notification-providers/smtp Configure the SMTP notification provider using environment variables. Ensure all required variables are set for the provider to function correctly. ```bash NOTIFIER__TYPE=smtp NOTIFIER__SMTP__HOST=localhost NOTIFIER__SMTP__PORT=1025 NOTIFIER__SMTP__USERNAME=root NOTIFIER__SMTP__PASSWORD=root NOTIFIER__SMTP__SENDER=notifications@safebucket.io NOTIFIER__SMTP__TLS_MODE=none NOTIFIER__SMTP__SKIP_VERIFY_TLS=false ``` -------------------------------- ### Environment Variables for OIDC Provider Configuration Source: https://docs.safebucket.io/configuration/authentication Configure OIDC providers using environment variables. Ensure to replace MYPROVIDER with your specific provider key. ```shell # Enable providers (comma-separated list of provider keys) AUTH__PROVIDERS__KEYS=myprovider # Provider configuration (replace MYPROVIDER with your provider key) AUTH__PROVIDERS__MYPROVIDER__NAME=Display Name AUTH__PROVIDERS__MYPROVIDER__TYPE=oidc AUTH__PROVIDERS__MYPROVIDER__OIDC__CLIENT_ID=your-client-id AUTH__PROVIDERS__MYPROVIDER__OIDC__CLIENT_SECRET=your-client-secret AUTH__PROVIDERS__MYPROVIDER__OIDC__ISSUER=https://provider-issuer-url ``` -------------------------------- ### Configure LDAP Provider via Environment Variables Source: https://docs.safebucket.io/configuration/authentication Configure an LDAP authentication provider using environment variables. This is useful for integrating with corporate directories. ```env AUTH__PROVIDERS__KEYS=myldap AUTH__PROVIDERS__MYLDAP__NAME=Corporate LDAP AUTH__PROVIDERS__MYLDAP__TYPE=ldap AUTH__PROVIDERS__MYLDAP__LDAP__URL=ldap://localhost:389 AUTH__PROVIDERS__MYLDAP__LDAP__BIND_DN=cn=admin,dc=example,dc=org AUTH__PROVIDERS__MYLDAP__LDAP__BIND_PASSWORD=admin AUTH__PROVIDERS__MYLDAP__LDAP__BASE_DN=ou=users,dc=example,dc=org AUTH__PROVIDERS__MYLDAP__LDAP__USER_FILTER=(mail=%s) ``` -------------------------------- ### YAML Configuration for GCP Pub/Sub Source: https://docs.safebucket.io/configuration/event-providers/gcp-pubsub Configure the GCP Pub/Sub event provider using YAML. This method allows for structured configuration of project ID and subscription suffix. ```yaml events: type: gcp gcp: project_id: my-project subscription_suffix: -sub ``` -------------------------------- ### Configure Keycloak Authentication Source: https://docs.safebucket.io/configuration/authentication Set up environment variables for Keycloak OIDC authentication. This requires specifying the Keycloak issuer URL, including your realm. ```env AUTH__PROVIDERS__KEYS=keycloak AUTH__PROVIDERS__KEYCLOAK__NAME=Keycloak AUTH__PROVIDERS__KEYCLOAK__TYPE=oidc AUTH__PROVIDERS__KEYCLOAK__OIDC__CLIENT_ID=safebucket AUTH__PROVIDERS__KEYCLOAK__OIDC__CLIENT_SECRET=your-secret AUTH__PROVIDERS__KEYCLOAK__OIDC__ISSUER=https://keycloak.yourdomain.com/realms/your-realm ``` -------------------------------- ### Connect to ECS Container using ECS Exec Source: https://docs.safebucket.io/getting-started/aws-deployment If ECS Exec is enabled, use this command to connect to a running Safebucket container interactively. Replace `` with the specific task's ID. ```bash # Connect to running Safebucket container aws ecs execute-command --cluster safebucket-dev-cluster \ --task --container safebucket --interactive --command "/bin/sh" ``` -------------------------------- ### PostgreSQL Environment Variables Configuration Source: https://docs.safebucket.io/configuration/database-providers/postgres Set these environment variables to configure the PostgreSQL database connection. Ensure all required variables are provided for a successful connection. ```env DATABASE__TYPE=postgres DATABASE__POSTGRES__HOST=localhost DATABASE__POSTGRES__PORT=5432 DATABASE__POSTGRES__USER=safebucket-user DATABASE__POSTGRES__PASSWORD=safebucket-password DATABASE__POSTGRES__NAME=safebucket DATABASE__POSTGRES__SSLMODE=disable ``` -------------------------------- ### RustFS Environment Variables for Storage Source: https://docs.safebucket.io/configuration/storage-providers/rustfs Configure RustFS storage using environment variables. Set the storage type, bucket name, internal and external endpoints, and access credentials. ```env STORAGE__TYPE=rustfs STORAGE__RUSTFS__BUCKET_NAME=safebucket STORAGE__RUSTFS__ENDPOINT=bucket:9000 # Internal Docker network endpoint STORAGE__RUSTFS__EXTERNAL_ENDPOINT=http://localhost:9000 # Browser-accessible endpoint STORAGE__RUSTFS__ACCESS_KEY=rustfsadmin STORAGE__RUSTFS__SECRET_KEY=rustfsadmin ``` -------------------------------- ### Configure Pocket ID Authentication Source: https://docs.safebucket.io/configuration/authentication Set up environment variables for Pocket ID OIDC authentication. This provider supports passkey authentication and requires a callback URL to be set in the Pocket ID admin panel. ```env AUTH__PROVIDERS__KEYS=pocketid AUTH__PROVIDERS__POCKETID__NAME=Pocket ID AUTH__PROVIDERS__POCKETID__TYPE=oidc AUTH__PROVIDERS__POCKETID__OIDC__CLIENT_ID=your-client-id AUTH__PROVIDERS__POCKETID__OIDC__CLIENT_SECRET=your-client-secret AUTH__PROVIDERS__POCKETID__OIDC__ISSUER=https://auth.yourdomain.com ``` -------------------------------- ### Configure MFA Encryption Key and Token Expiry Source: https://docs.safebucket.io/configuration/mfa Set application-wide settings for MFA secret encryption and token lifetimes using environment variables or YAML. ```yaml app: mfa_encryption_key: your-32-byte-encryption-key mfa_token_expiry: 5 access_token_expiry: 60 refresh_token_expiry: 600 ``` -------------------------------- ### RustFS Container Environment Variables for Event Notifications Source: https://docs.safebucket.io/configuration/storage-providers/rustfs Configure RustFS event notifications via MQTT using environment variables on the RustFS container. This includes MQTT broker details and topic configuration. ```env RUSTFS_ACCESS_KEY=rustfsadmin RUSTFS_SECRET_KEY=rustfsadmin RUSTFS_NOTIFY_MQTT_ENABLE_PRIMARY=true RUSTFS_NOTIFY_MQTT_BROKER_PRIMARY=mqtt://nats:1883 RUSTFS_NOTIFY_MQTT_TOPIC_PRIMARY=safebucket-bucket-events RUSTFS_NOTIFY_MQTT_QOS_PRIMARY=2 RUSTFS_NOTIFY_MQTT_QUEUE_DIR_PRIMARY=/data/.rustfs/events ``` -------------------------------- ### Environment Variable Configuration for S3 Source: https://docs.safebucket.io/configuration/storage-providers/generic-s3 Configure S3 storage using environment variables. Ensure all required variables are set for proper connection and operation. ```bash STORAGE__TYPE=s3 STORAGE__S3__BUCKET_NAME=safebucket STORAGE__S3__ENDPOINT=localhost:3900 STORAGE__S3__EXTERNAL_ENDPOINT=http://localhost:3900 STORAGE__S3__USE_TLS=false STORAGE__S3__ACCESS_KEY=your-access-key STORAGE__S3__SECRET_KEY=your-secret-key STORAGE__S3__FORCE_PATH_STYLE=true ``` -------------------------------- ### GCP Storage YAML Configuration Source: https://docs.safebucket.io/configuration/storage-providers/google-cloud-storage Configure Safebucket's storage and event notification settings for Google Cloud Storage using YAML. This provides an alternative to environment variables for configuration. ```yaml storage: type: gcp gcp: bucket_name: safebucket-gcp project_id: your-project-id topic_name: safebucket-bucket-events subscription_name: safebucket-bucket-events-sub events: type: gcp gcp: project_id: your-project-id topic_name: safebucket-notifications subscription_name: safebucket-notifications-sub ``` -------------------------------- ### PostgreSQL YAML Configuration Source: https://docs.safebucket.io/configuration/database-providers/postgres Configure your PostgreSQL database connection using this YAML structure. This is an alternative to environment variables for setting up the database connection details. ```yaml database: type: postgres postgres: host: localhost port: 5432 user: safebucket-user password: safebucket-password name: safebucket sslmode: disable ``` -------------------------------- ### Create SQS Queue using AWS CLI Source: https://docs.safebucket.io/configuration/storage-providers/aws-s3 Command to create an SQS queue using the AWS Command Line Interface. Replace 'us-east-1' with your desired AWS region. ```bash aws sqs create-queue --queue-name safebucket-sqs --region us-east-1 ``` -------------------------------- ### Run Specific Package Tests Source: https://docs.safebucket.io/getting-started/dev-deployment Execute tests for a particular package within the project. ```bash go test ./internal/services ``` -------------------------------- ### Environment Variables for Sharing Restrictions Source: https://docs.safebucket.io/configuration/authentication Configure sharing restrictions for an OIDC provider using environment variables. Set ALLOWED to true or false, and specify domains if allowed. ```shell # Enable sharing with domain restrictions AUTH__PROVIDERS__MYPROVIDER__SHARING__ALLOWED=true AUTH__PROVIDERS__MYPROVIDER__SHARING__DOMAINS=company.com,partner.org # Or disable sharing entirely AUTH__PROVIDERS__MYPROVIDER__SHARING__ALLOWED=false ```