Setting up a dedicated document storage
A relational database isn’t an ideal location to store large binary files. For files like documents that participants upload to a conversation, you should instead use a blob store such as Amazon S3 (or a compatible service like min.io), Azure Blob Storage, or Google Cloud Storage.
Configuration for Amazon AWS S3 and compatible services
com.unblu.server.storage.blob.persistentStoreType=S3
com.unblu.server.storage.blob.store.s3.bucketName=local-dev
com.unblu.server.storage.blob.store.s3.endpoint=http\://minio.example.com\:9001 (1)
com.unblu.server.storage.blob.store.s3.folder=blobs
com.unblu.management.aws.accessKey=<key> (2)
com.unblu.management.aws.secretKey=<secret> (3)| 1 | Only required for S3-compatible services such as min.io. Remove this line if you use AWS S3. |
| 2 | Add your access key here. |
| 3 | Add your access secret here. |
Azure Blob Storage configuration
com.unblu.server.storage.blob.store.azure.authenticationType=connection_string (1)
com.unblu.server.storage.blob.store.azure.loadDataFromDatabaseIfAvailable=true
com.unblu.server.storage.blob.store.azure.streamWriteSize=40960
<a href="../../../reference/configuration-properties.html#com-unblu-server-storage-blob-store-azure-createcontainerifnotexists">com.unblu.server.storage.blob.store.azure.createContainerIfNotExists</a>
config:com.unblu.server.storage.blob.store.azure.| 1 | To use Azure authentication with a server principal, set to spn. |
Depending on the authentication type you chose, you must provided different additional information:
-
To use a connection string to access the blob store, set the following configuration property:
Listing 3. Configuration for Azure authorization with a connection stringcom.unblu.server.storage.blob.store.azure.storageConnectionString=<connection-string> (1)1 Add your connection string here. -
To use Azure Active Directory (AAD) OAuth 2.0 authentication for the blob store, you must set the following configuration properties:
Listing 4. Configuration for AAD OAuth 2.0 authenticationcom.unblu.server.storage.blob.store.azure.clientId=<clientId> com.unblu.server.storage.blob.store.azure.clientSecret=<client-secret> com.unblu.server.storage.blob.store.azure.environment=AZURE (1) com.unblu.server.storage.blob.store.azure.spnAuthenticationThreadPoolSize=1 (2) com.unblu.server.storage.blob.store.azure.storageAccountName=<account-name> com.unblu.server.storage.blob.store.azure.storageEndpoint=<endpoint> com.unblu.server.storage.blob.store.azure.tenantId=<tenantId>1 Replace with the appropriate value for your use case. 2 Replace with the appropriate value for your use case. Replace the placeholders above with the appropriate values. For more information, refer to the Azure documentation.
Google Cloud Storage configuration
com.unblu.server.storage.blob.persistentStoreType=GCS
com.unblu.server.storage.blob.store.gcs.bucketName=local-dev
com.unblu.server.storage.blob.store.gcs.folder=blobs
com.unblu.server.storage.blob.store.gcs.gcsServiceAccountKey[PROPERTIES, <key>] (1)| 1 | Add your service account key in JSON format here. If omitted, Application Default Credentials (ADC) are used. |
Configuring a quarantine blob store for intercepted files
File interceptors allow you to vet files uploaded to conversations. Intercepted files are stored in the same blob store as all other files during the interception process. You can, however, set up a separate blob store where intercepted files are stored during vetting. This separate blob store is referred to as the quarantine blob store.
All of the configuration properties discussed in the previous sections exist for the quarantine blob store as well. The names of the configuration properties for the quarantine blob store are the same as the corresponding configuration properties for the persistent blob store, but include .quarantine. as the penultimate segment.
The default value for each configuration property of the quarantine blob store is null, and the fallback value is that of the corresponding configuration property for the persistent blob store. This means that you need only set those configuration properties for the quarantine blob store that differ from the persistent blob store.
The following example illustrates how this works. Suppose your organization uses Google Cloud Storage and you want to set up a separate folder called quarantine in your GCS bucket for intercepted files.
The configuration properties for your persistent blob store are set as follows:
com.unblu.server.storage.blob.persistentStoreType=GCS
com.unblu.server.storage.blob.store.gcs.bucketName=production-files
com.unblu.server.storage.blob.store.gcs.folder=files
com.unblu.server.storage.blob.store.gcs.gcsServiceAccountKey[PROPERTIES, <key>]For the quarantine blob store, you need only set the following configuration property:
com.unblu.server.storage.blob.store.gcs.quarantine.folder=quarantineNote that you didn’t need to define the persistent store type, the bucket name, or the GCS service account key for the quarantine blob store. For these, Unblu uses the values of the configuration properties for the persistent blob store.
You can specify different store types for the persistent and quarantine blob stores, or you can use the same store type but with different settings, for example different bucket names. There is one exception to this: if you want to use the store type DB for both the persistent and quarantine blob store, the blob stores must use the same database.
See also
-
For more information on file interceptors, refer to File interceptors.