| At line 1 removed 4 lines |
| Google Cloud Storage requires several steps to configure. |
|
| You will start at the API credentials manager:\\ |
| [https://console.developers.google.com/projectselector/apis/credentials]\\ |
| At line 6 changed 3 lines |
| You first need to make a project. My example calls this CrushFTP-Test.\\ |
| [attachments|gDriveSetup/create_project.png]\\ |
|
| !1. Google Cloud Storage REST API\\ |
| At line 10 changed 2 lines |
| Next select create credentials, and choose the Web Application type.\\ |
| [attachments|gDriveSetup/create_credentials.png]\\ |
| __Cloud Storage JSON REST API__ based integration: [Cloud Storage JSON REST API Link |https://cloud.google.com/storage/docs/json_api]\\ |
| At line 13 changed 2 lines |
| It will warn you if you don't have an "OAuth Consent" screen configured, so go there and configure that screen too.\\ |
| [attachments|gDriveSetup/oauth_consent.png]\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains for Google Authentication and Storage access:\\ |
| - __oauth2.googleapis.com__\\ |
| - __storage.googleapis.com__\\ |
| ---- |
| At line 16 changed 6 lines |
| When configuring the credential, you have to tell Google the domain you will be originating from when creating the auth token, so this is the URL you use for server administration. Just the protocol://dns_or_ip:port Don't have a trailing slash or it will complain.\\ |
| You also need to put in the redirect URL of where google is going to send you back to after approval. This needs to follow the syntax in the example. Specifically your domain needs to end with:\\ |
| {{{ |
| ?command=register_gdrive_api |
| }}} |
| [attachments|gDriveSetup/credential_config.png]\\ |
| Start by navigating to Google APIs & Services: [Google APIs & Services Link|https://console.developers.google.com/projectselector/apis/credentials]\\ |
| __⚠️ Important:__ Ensure the __Cloud Storage__ is enabled at __Enabled APIs & services__. [Google API Library Link|https://console.cloud.google.com/apis/library]\\ |
| At line 23 changed 3 lines |
| And one last important step, you need to enable the GoogleDrive API for your account if its not already.\\ |
| [https://console.developers.google.com/apis/library/drive.googleapis.com/]\\ |
| [attachments|enable_api.png]\\ |
| [SMTP Google Mail Integration/g_api_services.png]\\ |
| [attachments|clopud_storage_api_enable.png]\\ |
| At line 27 changed 3 lines |
| Now that the API is enabled, and your credentials are setup, and your redirect domains are configured, you can use the credentials in CrushFTP to get your google auth token and get access.\\ |
| In the User Manager, add a new remote VFS item type and set the protocol to be "GDrive".\\ |
| Take your google client_id and secret and combine them together with a tilda as separator:\\ |
| !1.1 Configure access through a Web Application OAuth client\\ |
| \\ |
| Go to the __Credentials__ menu, click on __Create Credentials__, and select __OAuth client ID__:\\ |
| [SMTP Google Mail Integration/create_credentials.png]\\ |
| \\ |
| • Select the application type: __Web application__.\\ |
| • Provide a unique name to identify your OAuth client (e.g., CrushFTP Integration).\\ |
| Then configure the following:\\ |
| • __Authorized JavaScript origins__: Add the base URL of your CrushFTP server (e.g., https://your-domain.com).\\ |
| • __Authorized redirect URIs__: This is the URL Google will redirect to after successful authorization. The Redirect URL must end with __?command=register_gdrive_api__\\ |
| \\ |
| At line 31 changed 10 lines |
| client_id: 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com |
| secret: fEsXXXXXXXXXXXXXXXXPggg7 |
| }}} |
| results in: |
| {{{ |
| 725111111110-7kaimtXXXXXXXXXXXXXXXXXXXXX64m4k.apps.googleusercontent.com~fEsXXXXXXXXXXXXXXXXPggg7 |
| }}} |
| That whole long garbage string becomes your "username" to GDrive://.\\ |
| Copy and paste it into the user field. Then click "Get Refresh Token" to finish the config.\\ |
| [attachments|get_refresh_token.png]\\ |
|
| http://127.0.0.1:9090/?command=register_gdrive_api |
| or |
| https://your.crushftp.domain.com/?command=register_gdrive_api |
| }}}\\ |
| At line 42 changed 2 lines |
| Finally!\\ |
| [attachments|test_success.png]\\ |
| Finally, click the __Create__ button.\\ |
| \\ |
| [SMTP Google Mail Integration/credential_config_gdrive.png]\\ |
| \\ |
| After the credentials are created, copy the __Client ID__ and __Client Secret__.\\ |
| \\ |
| [SMTP Google Mail Integration/client_id_secret.png]\\ |
| \\ |
| __⚠️ Note:__ You can configure the __OAuth consent screen__ by clicking the link above the __Authorized JavaScript origins__ section:\\ |
| "The domains you enter in the fields below will be automatically added to your __OAuth consent screen__ as __authorized domains__."\\ |
| Click the link to open the __OAuth consent screen__ settings, complete the configuration, and authorize your __CrushFTP domain.__\\ |
| __Important__: After configuration, don’t forget to click __Publish App__ at __Audience__ page to make it active. Without publishing, the app will remain in __Testing__ mode, which restricts access to authorized test users only.\\ |
| \\ |
| __GStorage Remote Item Settings__:\\ |
| \\ |
| Select the __GStorage__ item type and click the __Get Refresh Token__ button. |
| \\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. In our example, it was: http://127.0.0.1:9090 or https://your.crushftp.domain.com/\\ |
| \\ |
| Enter the __Client ID__ , __Client Secret__. Proceed with the authentication and authorization process.\\ |
| __⚠️ Important__: Be sure to sign in with the __Google Account__ that has the __necessary permissions__, as configured in the __Google APIs & Services__-> __Credentials__ -> __OAuth 2.0 Client IDs__. This will automatically configure the __User name__ and __Password__.\\ |
| [GDriveSetup/gdrive_oauth_form.png]\\ |
| \\ |
| If the domain is unverified, a warning message may appear. Click __Advanced__ and choose to proceed:\\ |
| \\ |
| [SMTP Google Mail Integration/not_verified_domain.png]\\ |
| \\ |
| Click on the __Allow__ button:\\ |
| \\ |
| [SMTP Google Mail Integration/allow_form.png]\\ |
| \\ |
| Provide the __Google Storage Bucket__ and the path.\\ |
| \\ |
| [attachments|bucket_and_test.png]\\ |
| \\ |
| !1.2. Configure access using a Service Account OAuth client\\ |
| \\ |
| Create Credentials -> Service Account.\\ |
| [attachments|service_account.png]\\ |
| \\ |
| Provide a name and continue.\\ |
| [attachments|service_account_details.png]\\ |
| \\ |
| Configure the service account access.\\ |
| [attachments|storage_account_access.png]\\ |
| \\ |
| Click on the __Done__ button.\\ |
| \\ |
| Navigate to the newly created __Service Account__. Go to the __KEYS__ tab. Click on the __Add KEY__ button, and then select __Create new key__.\\ |
| [attachments|service_account_new_key.png]\\ |
| \\ |
| Download the JSON file.\\ |
| [attachments|service_account_private_key.png]\\ |
| \\ |
| __VFS configuration:__\\ |
| \\ |
| Username: __google_jwt__ -> Special user name for Service Account Access.\\ |
| Password: __<<the JSON file content>>__ -> It authenticates based on the provided JSON file.\\ |
| Provide the __bucket__ and the path.\\ |
| It is done! Test the connection and save it!\\ |
| [attachments|service_acount_vfs_test.png]\\ |
| \\ |
| ---- |
| !2. Access through S3 REST API\\ |
| \\ |
| Generate __Access key__ and __Secret__. Got to [Google Console Cloud Link|https://console.cloud.google.com/] In the left sidebar of the dashboard, click on the __Google Cloud Storage__ and then __Settings__.\\ |
| [attachments|cloud_storage_sttings.png]\\ |
| Select the Interoperability tab. If you haven't enabled it already, click on __Interoperable Access__. Now you should see an empty list and a __Create New Key__ button. Click the button to create an __Access/Secret key__ pair.\\ |
| \\ |
| __Google Cloud S3 VFS configuration:__\\ |
| __1.__ |
| \\Domain: <<Cloud Storage -> Settings -> INTEROPERABILITY -> Domain of __Storage URI__ default is __storage.googleapis.com__>>\\ |
| Change the S3 default domain (s3.amazonaws.com) to the domain of Google Cloud Storage domain.\\ |
| \\ |
| User name:__<<Access Key>>__\\ |
| \\ |
| Password:__<<Secret>>__\\ |
| \\ |
| Bucket:__<<Google Cloud Storage Bucket Name>>__\\ |
| \\\ |
| __SHA256 enabled on signing (Signing Version 4)__:<<Enabled>>\\ |
| __⚠️__ __Signing version 4__ must be enabled, as Google Cloud Storage does not support older signing versions.\\ |
| \\ |
| [attachments|s3_vfs_settings.png]\\ |
| __2.__ |
| Select __GStorage__ Item type.\\ |
| Enable __S3 API__ flag.\\ |
| \\Domain:<<Cloud Storage -> Settings -> INTEROPERABILITY -> Domain of __Storage URI__ default is __storage.googleapis.com__>> \\ |
| Change the S3 default domain (s3.amazonaws.com) to the domain of Google Cloud Storage domain.\\ |
| User name: __<<Access Key>>__\\ |
| Password: __<<Secret>>__\\ |
| Bucket: __<<Google Cloud Storage Bucket Name>>__\\ |
| __SHA256 enabled on signing (Signing Version 4)__:<<Enabled>>\\ |
| __⚠️__ __Signing version 4__ must be enabled, as __Google Cloud Storage__ does not support older signing versions.\\ |
| \\ |
| [attachments|gstroage_s3_api_vfs_enabled.png]\\ |
| \\ |
| More info about s3 VFS configuration: [S3 integration]\\ |
| \\ |
