Nexfs includes an integrated S3 API-compatible Content Server 

Nexfs makes the entire file namespace available over the S3 API, allowing all files to be concurrently accessed over any supported protocol, including file protocols like NFS, SMB, FUSE, and the S3 API.

Nexfs maps all S3 ACLs to POSIX ACLs. This ensures that access to files stored in Nexfs is consistent, regardless of the protocol used to create or access the file.

In addition to the mapped POSIX ACL access requirements, S3 users require action rights through an Identity and Access Management (IAM) policy. For example, to obtain a list of objects over the S3 API, the user must have permission to perform the s3:ListBucket content server action.

When accessing files as objects (or creating objects) over the S3 API, a user must be mapped to a POSIX user with POSIX ACL access and the appropriate content server action. Multiple users may be linked to the same POSIX user or group.

Content Server (S3) URI name: The configured content server URI name must match the same as the DNS name used to access the content server using the S3 API. By default the content server will use the hostname of the underlying linux server, if this should be different you must reconfigure this by using the CONTENTWEBSERVERDEFAULTHOST Nexfs setting. This can also be set by updating the value of "Content Server DNS Name" in the advanced configuration section of the management console.

Tenants: The content server must use Nexfs tenants, one default tenant is included "default_tenant" and created when first required. Tenants are created as directories in the root of the nexfs file system. The default tenant can be set using the DEFAULTTENANT nexfs configuration.

Buckets: sit within a tenant and appear as standard directories within the tenant directory. Buckets are best created using the S3 API, once a bucket has been created it can be fully accessed as a standard POSIX directory as well as though the S3 API.

Anonymous access is supported but requires an anonymous user to be created and mapped to a POSIX user ID and group. Once an anonymous user is created and assigned the required User Content Roles, the Nexfs configuration setting ANONYMOUSUSERID must be updated. This can be done by setting the "Anonymous User ID" in the Advanced Settings section of Nexfs Configuration in the management console. Anonymous access can be completely disabled with the ANONYMOUSENABLED setting or "Content Server Allow Anonymous" through the advanced section of the management console.

Content server users are managed using the nexfs management API or using the Nexfs Management console. The same account can be granted both Nexfs management access and Content Server (S3), although separate secrets are required to be set.

By default, the Nexfs Content Server S3 API is accessed over HTTPS on port 443. The Nexfs Content Server is set to belong to the us-east-1 region by default, but this can be reconfigured by setting NEXFSREGION to any custom region string, including non-AWS supported regions. For example, a region called "nexfs" could be used.

The region NEXFSREGION and the content server port CONTENTWEBSERVERPORT can both configured through the Advanced Configuration section in the management console or by changing the setting using the management API.

The content server requires a https connection by default, but can be reconfigured to use http by setting CONTENTWEBSERVERHTTPSENABLED to 0 using the management API or the advanced configuration section of the managment webconsole

A newly installed content web server uses a default Nexfs self-signed SSL certificate. You can load your own certificate using the Certificates section of the management console or through the management API.