add tls support for all nats connections

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

.woodpecker.star

@@ -15,16 +15,16 @@ OPEN_SEARCH = "opensearchproject/opensearch:2"
 INBUCKET_INBUCKET = "inbucket/inbucket"
 MINIO_MC = "minio/mc:RELEASE.2021-10-07T04-19-58Z"
 OC_CI_ALPINE = "owncloudci/alpine:latest"
-OC_CI_BAZEL_BUILDIFIER = "quay.io/opencloudeu/bazel-buildifier-ci:latest"
-OC_CI_CLAMAVD = "quay.io/opencloudeu/clamav-ci:latest"
+OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier:latest"
+OC_CI_CLAMAVD = "owncloudci/clamavd"
 OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest"
-OC_CI_GOLANG = "quay.io/opencloudeu/golang-ci:1.25"
-OC_CI_NODEJS = "quay.io/opencloudeu/nodejs-ci:24"
-OC_CI_NODEJS_ALPINE = "quay.io/opencloudeu/nodejs-alpine-ci:24"
-OC_CI_PHP = "quay.io/opencloudeu/php-alpine-ci:%s"
-OC_CI_WAIT_FOR = "quay.io/opencloudeu/wait-for-ci:latest"
+OC_CI_GOLANG = "registry.heinlein.group/opencloud/golang-ci:1.25"
+OC_CI_NODEJS = "owncloudci/nodejs:%s"
+OC_CI_PHP = "owncloudci/php:%s"
+OC_CI_WAIT_FOR = "owncloudci/wait-for:latest"
 OC_CS3_API_VALIDATOR = "opencloudeu/cs3api-validator:latest"
 OC_LITMUS = "owncloudci/litmus:latest"
+OC_UBUNTU = "owncloud/ubuntu:20.04"
 ONLYOFFICE_DOCUMENT_SERVER = "onlyoffice/documentserver:7.5.1"
 PLUGINS_DOCKER_BUILDX = "woodpeckerci/plugin-docker-buildx:latest"
 PLUGINS_NOTATION = "registry.heinlein.group/opencloud/notation-wp-plugin:latest"
@@ -37,7 +37,8 @@ REDIS = "redis:6-alpine"
 READY_RELEASE_GO = "woodpeckerci/plugin-ready-release-go:latest"
 OPENLDAP = "bitnamilegacy/openldap:2.6"
 
-DEFAULT_PHP_VERSION = "8.4"
+DEFAULT_PHP_VERSION = "8.2"
+DEFAULT_NODEJS_VERSION = "20"
 
 CACHE_S3_SERVER = "https://s3.ci.opencloud.eu"
 
@@ -576,7 +577,7 @@ def main(ctx):
         ),
     )
 
-    pipelines = test_pipelines + build_release_pipelines + genDocsPr(ctx) + notifyMatrix(ctx)
+    pipelines = test_pipelines + build_release_pipelines + notifyMatrix(ctx)
 
     pipelineSanityChecks(pipelines)
     return savePipelineNumber(ctx) + pipelines
@@ -610,7 +611,7 @@ def savePipelineNumber(ctx):
 def evaluateWorkflowStep():
     return [{
         "name": "evaluate-previous-run",
-        "image": OC_CI_NODEJS_ALPINE,
+        "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
         "commands": [
             "node tests/config/woodpecker/evaluate_pipeline.js",
         ],
@@ -727,7 +728,7 @@ def cacheGoBin():
         },
         {
             "name": "archive-go-bin",
-            "image": OC_CI_NODEJS,
+            "image": OC_UBUNTU,
             "commands": [
                 ". ./.env",
                 "if $BIN_CACHE_FOUND; then exit 0; fi",
@@ -765,7 +766,7 @@ def restoreGoBinCache():
         },
         {
             "name": "extract-go-bin-cache",
-            "image": OC_CI_NODEJS,
+            "image": OC_UBUNTU,
             "commands": [
                 "tar -xvmf %s -C /" % dirs["gobinTarPath"],
             ],
@@ -966,7 +967,7 @@ def checkGherkinLint(ctx):
         "steps": [
             {
                 "name": "lint-feature-files",
-                "image": OC_CI_NODEJS_ALPINE,
+                "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
                 "commands": [
                     "npm install -g @gherlint/gherlint@1.1.0",
                     "make test-gherkin-lint",
@@ -1552,7 +1553,7 @@ def e2eTestPipeline(ctx):
 
                 step_e2e = {
                     "name": "e2e-tests",
-                    "image": OC_CI_NODEJS,
+                    "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
                     "environment": {
                         "OC_BASE_URL": OC_DOMAIN,
                         "HEADLESS": True,
@@ -1727,7 +1728,7 @@ def multiServiceE2ePipeline(ctx):
                     storage_users_services + \
                     [{
                         "name": "e2e-tests",
-                        "image": OC_CI_NODEJS,
+                        "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
                         "environment": {
                             "OC_BASE_URL": OC_DOMAIN,
                             "HEADLESS": True,
@@ -2059,14 +2060,14 @@ def licenseCheck(ctx):
         "steps": restoreGoBinCache() + [
             {
                 "name": "node-check-licenses",
-                "image": OC_CI_NODEJS_ALPINE,
+                "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
                 "commands": [
                     "make ci-node-check-licenses",
                 ],
             },
             {
                 "name": "node-save-licenses",
-                "image": OC_CI_NODEJS_ALPINE,
+                "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
                 "commands": [
                     "make ci-node-save-licenses",
                 ],
@@ -2186,7 +2187,7 @@ def makeNodeGenerate(module):
     return [
         {
             "name": "generate nodejs",
-            "image": OC_CI_NODEJS,
+            "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
             "environment": {
                 "CHROMEDRIVER_SKIP_DOWNLOAD": True,  # install fails on arm and chromedriver is a test only dependency
             },
@@ -2213,69 +2214,6 @@ def makeGoGenerate(module):
         },
     ]
 
-def genDocsPr(ctx):
-    return [{
-        "name": "gen-docs-pr",
-        "skip_clone": True,
-        "workspace": {
-            "base": "/woodpecker",
-            "path": "docs_gen_pr",
-        },
-        "steps": [
-            {
-                "name": "make-docs-pr",
-                "image": "quay.io/opencloudeu/golang-ci",
-                "pull": True,
-                "environment": {
-                    "GH_TOKEN": {
-                        "from_secret": "github_token",
-                    },
-                    "CI_SSH_KEY": {
-                        "from_secret": "markdown-docs-generator-push-key",
-                    },
-                    "CI_SSH_KEY_DOCS": {
-                        "from_secret": "gh-docs-push-key",
-                    },
-                    "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no -i /root/id_rsa",
-                    "OC_GIT_BRANCH": "stable-4.0",
-                    "MY_TARGET_BRANCH": "4.0",
-                },
-                "commands": [
-                    'export DOC_GIT_TARGET_FOLDER="$$(if [ \"$$MY_TARGET_BRANCH\" = \"main\" ]; then echo \"tmpdocs/docs/dev/server/_static/env-vars/\"; else echo \"tmpdocs/versioned_docs/version-$${MY_TARGET_BRANCH}/dev/server/_static/env-vars/\"; fi)"',
-                    'echo "$${CI_SSH_KEY}" > /root/id_rsa && chmod 600 /root/id_rsa',
-                    'git config --global user.email "devops@opencloud.eu"',
-                    'git config --global user.name "openclouders"',
-                    "git clone git@github.com:opencloud-eu/markdown-docs-generator.git /woodpecker/docs_gen_pr",
-                    'echo "$${CI_SSH_KEY_DOCS}" > /root/id_rsa && chmod 600 /root/id_rsa',
-                    "make git-clone",
-                    "make all",
-                    "make create-docs-pullrequest",
-                ],
-            },
-        ],
-        "when": [
-            {
-                "event": "push",
-                "path": {
-                    "include": [
-                        "services/*/pkg/config/**/*.go",
-                        "pkg/**/*.go",
-                    ],
-                },
-                "branch": "[main, stable-*]",
-            },
-            {
-                "event": "cron",
-                "branch": "[main]",
-                "cron": "nightly *",
-            },
-            {
-                "event": "push",
-                "branch": "stablecitest-12.3.4",
-            },
-        ],
-    }]
-
 def notifyMatrix(ctx):
     result = [{
         "name": "chat-notifications",
@@ -2926,7 +2864,7 @@ def litmus(ctx, storage):
 def setupForLitmus():
     return [{
         "name": "setup-for-litmus",
-        "image": OC_CI_NODEJS,
+        "image": OC_UBUNTU,
         "environment": {
             "TEST_SERVER_URL": OC_URL,
         },
@@ -2941,7 +2879,7 @@ def getWoodpeckerEnvAndCheckScript(ctx):
     path_to_check_script = "%s/tests/config/woodpecker/check_web_cache.sh" % dirs["base"]
     return {
         "name": "get-woodpecker-env-and-check-script",
-        "image": OC_CI_NODEJS,
+        "image": OC_UBUNTU,
         "commands": [
             "cp %s check_web_cache.sh" % path_to_check_script,
         ],
@@ -2960,7 +2898,7 @@ def checkForWebCache(name):
 def cloneWeb():
     return {
         "name": "clone-web",
-        "image": OC_CI_NODEJS_ALPINE,
+        "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
         "commands": [
             ". ./.woodpecker.env",
             "if $WEB_CACHE_FOUND; then exit 0; fi",
@@ -2977,7 +2915,7 @@ def generateWebPnpmCache(ctx):
         cloneWeb(),
         {
             "name": "install-pnpm",
-            "image": OC_CI_NODEJS,
+            "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
             "commands": [
                 ". ./.woodpecker.env",
                 "if $WEB_CACHE_FOUND; then exit 0; fi",
@@ -2989,7 +2927,7 @@ def generateWebPnpmCache(ctx):
         },
         {
             "name": "zip-pnpm",
-            "image": OC_CI_NODEJS,
+            "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
             "commands": [
                 ". ./.woodpecker.env",
                 "if $WEB_CACHE_FOUND; then exit 0; fi",
@@ -3051,7 +2989,7 @@ def cacheBrowsers(ctx):
     browser_cache_steps = [
         {
             "name": "install-browsers",
-            "image": OC_CI_NODEJS,
+            "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
             "environment": {
                 "PLAYWRIGHT_BROWSERS_PATH": ".playwright",
             },
@@ -3059,7 +2997,7 @@ def cacheBrowsers(ctx):
                 "cd %s" % dirs["web"],
                 ". ./.woodpecker.env",
                 "if $BROWSER_CACHE_FOUND; then exit 0; fi",
-                "pnpm exec playwright install",
+                "pnpm exec playwright install --with-deps",
                 "pnpm exec playwright install --list",
                 "tar -czf %s .playwright" % dirs["playwrightBrowsersArchive"],
             ],
@@ -3094,7 +3032,7 @@ def generateWebCache(ctx):
         cloneWeb(),
         {
             "name": "zip-web",
-            "image": OC_CI_NODEJS,
+            "image": OC_UBUNTU,
             "commands": [
                 ". ./.woodpecker.env",
                 "if $WEB_CACHE_FOUND; then exit 0; fi",
@@ -3130,7 +3068,7 @@ def restoreWebCache():
         ],
     }, {
         "name": "unzip-web-cache",
-        "image": OC_CI_NODEJS,
+        "image": OC_UBUNTU,
         "commands": [
             "tar -xf %s -C ." % dirs["webZip"],
         ],
@@ -3149,7 +3087,7 @@ def restoreWebPnpmCache(extra_commands = []):
     }, {
         # we need to install again because the node_modules are not cached
         "name": "unzip-and-install-pnpm",
-        "image": OC_CI_NODEJS,
+        "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
         "commands": extra_commands + [
             "cd %s" % dirs["web"],
             "rm -rf .pnpm-store",
@@ -3175,7 +3113,7 @@ def restoreBrowsersCache():
         },
         {
             "name": "unzip-browsers-cache",
-            "image": OC_CI_NODEJS,
+            "image": OC_UBUNTU,
             "commands": [
                 "tar -xf /woodpecker/src/github.com/%s/webTestRunner/playwright-browsers.tar.gz -C ." % repo_slug,
             ],
@@ -3193,7 +3131,7 @@ def waitForEmailService():
         "name": "wait-for-email",
         "image": OC_CI_WAIT_FOR,
         "commands": [
-            "wait-for -host email -port 9000 -timeout 600",
+            "wait-for -it email:9000 -t 600",
         ],
     }]
 
@@ -3208,7 +3146,7 @@ def waitForClamavService():
         "name": "wait-for-clamav",
         "image": OC_CI_WAIT_FOR,
         "commands": [
-            "wait-for -host clamav -port 3310 -timeout 600",
+            "wait-for -it clamav:3310 -t 600",
         ],
     }]
 
@@ -3251,7 +3189,7 @@ def waitForLdapService():
         "name": "wait-for-ldap",
         "image": OC_CI_WAIT_FOR,
         "commands": [
-            "wait-for -host ldap-server -port 1636 -timeout 600",
+            "wait-for -it ldap-server:1636 -t 600",
         ],
     }]
 
@@ -3314,7 +3252,7 @@ def tikaService():
         "name": "wait-for-tika-service",
         "image": OC_CI_WAIT_FOR,
         "commands": [
-            "wait-for -host tika -port 9998 -timeout 300",
+            "wait-for -it tika:9998 -t 300",
         ],
     }]
 
@@ -3429,18 +3367,13 @@ def k6LoadTests(ctx):
     return [pipeline]
 
 def waitForServices(name, services = []):
-    commands = []
-
-    for service in services:
-        host, port = service.split(":", 1)
-        commands.append(
-            "wait-for -host %s -port %s -timeout 300" % (host, port),
-        )
-
+    services = ",".join(services)
     return [{
         "name": "wait-for-%s" % name,
         "image": OC_CI_WAIT_FOR,
-        "commands": commands,
+        "commands": [
+            "wait-for -it %s -t 300" % services,
+        ],
     }]
 
 def openCloudHealthCheck(name, services = []):

composer.json

@@ -1,8 +1,8 @@
 {
   "name": "opencloud-eu/opencloud",
-  "config": {
+  "config" : {
     "platform": {
-      "php": "8.3"
+      "php": "8.2"
     },
     "vendor-dir": "./vendor-php",
     "allow-plugins": {

pkg/log/config.go

@@ -1,14 +0,0 @@
-package log
-
-import "github.com/opencloud-eu/opencloud/pkg/shared"
-
-// Configure initializes a service-specific logger instance.
-func Configure(name string, commons *shared.Commons, localServiceLogLevel string) Logger {
-	return NewLogger(
-		Name(name),
-		Level(localServiceLogLevel),
-		Pretty(commons.Log.Pretty),
-		Color(commons.Log.Color),
-		File(commons.Log.File),
-	)
-}

pkg/nats/options.go

@@ -0,0 +1,20 @@
+package nats
+
+import (
+	"crypto/tls"
+
+	"github.com/nats-io/nats.go"
+)
+
+func Secure(enableTLS, insecure bool, rootCA string) nats.Option {
+	if enableTLS {
+		if rootCA != "" {
+			return nats.RootCAs(rootCA)
+		}
+		return nats.Secure(&tls.Config{
+			MinVersion:         tls.VersionTLS12,
+			InsecureSkipVerify: insecure,
+		})
+	}
+	return nil
+}

pkg/shared/shared_types.go

@@ -48,14 +48,17 @@ type HTTPServiceTLS struct {
 }
 
 type Cache struct {
-	Store              string        `yaml:"store" env:"OC_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
-	Nodes              []string      `yaml:"nodes" env:"OC_CACHE_STORE_NODES" desc:"A comma separated list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store." introductionVersion:"1.0.0"`
-	Database           string        `yaml:"database" env:"OC_CACHE_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	Table              string        `yaml:"table" env:"OC_CACHE_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
-	TTL                time.Duration `yaml:"ttl" env:"OC_CACHE_TTL" desc:"Time to live for events in the store. The duration can be set as number followed by a unit identifier like s, m or h." introductionVersion:"1.0.0"`
-	DisablePersistence bool          `yaml:"disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE" desc:"Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false." introductionVersion:"1.0.0"`
-	AuthUsername       string        `yaml:"auth_username" env:"OC_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	AuthPassword       string        `yaml:"auth_password" env:"OC_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	Store                string        `yaml:"store" env:"OC_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
+	Nodes                []string      `yaml:"nodes" env:"OC_CACHE_STORE_NODES" desc:"A comma separated list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store." introductionVersion:"1.0.0"`
+	Database             string        `yaml:"database" env:"OC_CACHE_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	Table                string        `yaml:"table" env:"OC_CACHE_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
+	TTL                  time.Duration `yaml:"ttl" env:"OC_CACHE_TTL" desc:"Time to live for events in the store. The duration can be set as number followed by a unit identifier like s, m or h." introductionVersion:"1.0.0"`
+	DisablePersistence   bool          `yaml:"disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE" desc:"Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false." introductionVersion:"1.0.0"`
+	AuthUsername         string        `yaml:"auth_username" env:"OC_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	AuthPassword         string        `yaml:"auth_password" env:"OC_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	EnableTLS            bool          `yaml:"enable_tls" env:"OC_CACHE_ENABLE_TLS" desc:"Enable TLS for the connection to file metadata cache." introductionVersion:"%%NEXT%%"`
+	TLSInsecure          bool          `yaml:"tls_insecure" env:"OC_INSECURE;OC_CACHE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	TLSRootCACertificate string        `yaml:"tls_root_ca_certificate" env:"OC_CACHE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided OC_CACHE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 }
 
 // Commons holds configuration that are common to all extensions. Each extension can then decide whether

services/activitylog/pkg/command/server.go

@@ -5,13 +5,10 @@ import (
 	"fmt"
 
 	"github.com/oklog/run"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/events/stream"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
-	"github.com/opencloud-eu/reva/v2/pkg/store"
 	"github.com/spf13/cobra"
-	microstore "go-micro.dev/v4/store"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
 	"github.com/opencloud-eu/opencloud/pkg/generators"
@@ -23,6 +20,7 @@ import (
 	settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/metrics"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/server/debug"
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/server/http"
@@ -55,7 +53,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			tracerProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				logger.Error().Err(err).Msg("Failed to initialize tracer")
@@ -77,15 +75,6 @@ func Server(cfg *config.Config) *cobra.Command {
 				return err
 			}
 
-			evStore := store.Create(
-				store.Store(cfg.Store.Store),
-				store.TTL(cfg.Store.TTL),
-				microstore.Nodes(cfg.Store.Nodes...),
-				microstore.Database(cfg.Store.Database),
-				microstore.Table(cfg.Store.Table),
-				store.Authentication(cfg.Store.AuthUsername, cfg.Store.AuthPassword),
-			)
-
 			tm, err := pool.StringToTLSMode(cfg.GRPCClientTLS.Mode)
 			if err != nil {
 				logger.Error().Err(err).Msg("Failed to parse tls mode")
@@ -120,7 +109,6 @@ func Server(cfg *config.Config) *cobra.Command {
 					http.Context(ctx), // NOTE: not passing this "option" leads to a panic in go-micro
 					http.TraceProvider(tracerProvider),
 					http.Stream(evStream),
-					http.Store(evStore),
 					http.GatewaySelector(gatewaySelector),
 					http.HistoryClient(hClient),
 					http.ValueClient(vClient),

services/activitylog/pkg/config/config.go

@@ -13,8 +13,7 @@ type Config struct {
 
 	Service Service `yaml:"-"`
 
-	LogLevel string `yaml:"loglevel" env:"OC_LOG_LEVEL;ACTIVITYLOG_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-
+	Log   *Log  `yaml:"log"`
 	Debug Debug `yaml:"debug"`
 
 	Events Events `yaml:"events"`
@@ -50,13 +49,15 @@ type Events struct {
 
 // Store configures the store to use
 type Store struct {
-	Store        string        `yaml:"store" env:"OC_PERSISTENT_STORE;ACTIVITYLOG_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
-	Nodes        []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;ACTIVITYLOG_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	Database     string        `yaml:"database" env:"ACTIVITYLOG_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	Table        string        `yaml:"table" env:"ACTIVITYLOG_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
-	TTL          time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;ACTIVITYLOG_STORE_TTL" desc:"Time to live for events in the store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	AuthUsername string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;ACTIVITYLOG_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	AuthPassword string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;ACTIVITYLOG_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	Store                string        `yaml:"store" env:"OC_PERSISTENT_STORE;ACTIVITYLOG_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
+	Nodes                []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;ACTIVITYLOG_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	Database             string        `yaml:"database" env:"ACTIVITYLOG_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	TTL                  time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;ACTIVITYLOG_STORE_TTL" desc:"Time to live for events in the store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	AuthUsername         string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;ACTIVITYLOG_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	AuthPassword         string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;ACTIVITYLOG_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	EnableTLS            bool          `yaml:"enable_tls" env:"OC_PERSISTENT_STORE_ENABLE_TLS;ACTIVITYLOG_STORE_ENABLE_TLS" desc:"Enable TLS for the connection to the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"%%NEXT%%"`
+	TLSInsecure          bool          `yaml:"tls_insecure" env:"OC_INSECURE;OC_PERSISTENT_STORE_TLS_INSECURE;ACTIVITYLOG_STORE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	TLSRootCACertificate string        `yaml:"tls_root_ca_certificate" env:"OC_PERSISTENT_STORE_TLS_ROOT_CA_CERTIFICATE;ACTIVITYLOG_STORE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided ACTIVITYLOG_STORE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 }
 
 // ServiceAccount is the configuration for the used service account

services/activitylog/pkg/config/defaults/defaultconfig.go

@@ -37,7 +37,6 @@ func DefaultConfig() *config.Config {
 			Store:    "nats-js-kv",
 			Nodes:    []string{"127.0.0.1:9233"},
 			Database: "activitylog",
-			Table:    "",
 		},
 		RevaGateway:     shared.DefaultRevaConfig().Address,
 		DefaultLanguage: "en",
@@ -59,9 +58,18 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults ensures the config contains default values
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
+
 	if cfg.GRPCClientTLS == nil && cfg.Commons != nil {
 		cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS)
 	}

services/activitylog/pkg/config/log.go

@@ -0,0 +1,9 @@
+package config
+
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `mapstructure:"level" env:"OC_LOG_LEVEL;ACTIVITYLOG_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `mapstructure:"pretty" env:"OC_LOG_PRETTY;ACTIVITYLOG_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `mapstructure:"color" env:"OC_LOG_COLOR;ACTIVITYLOG_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `mapstructure:"file" env:"OC_LOG_FILE;ACTIVITYLOG_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}

services/activitylog/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/activitylog/pkg/server/debug/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -17,8 +18,13 @@ func Server(opts ...Option) (*http.Server, error) {
 		WithLogger(options.Logger).
 		WithCheck("http reachability", checks.NewHTTPCheck(options.Config.HTTP.Addr))
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := healthHandlerConfiguration.
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint))
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption))
 
 	return debug.NewService(
 		debug.Logger(options.Logger),

services/activitylog/pkg/server/http/server.go

@@ -81,7 +81,6 @@ func Server(opts ...Option) (http.Service, error) {
 		svc.Logger(options.Logger),
 		svc.Stream(options.Stream),
 		svc.Mux(mux),
-		svc.Store(options.Store),
 		svc.Config(options.Config),
 		svc.GatewaySelector(options.GatewaySelector),
 		svc.TraceProvider(options.TraceProvider),

services/activitylog/pkg/service/l10n/locale/ca/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/activitylog/pkg/service/l10n/locale/de/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/activitylog/pkg/service/l10n/locale/es/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"

services/activitylog/pkg/service/l10n/locale/fr/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/activitylog/pkg/service/l10n/locale/it/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/activitylog/pkg/service/l10n/locale/ko/LC_MESSAGES/activitylog.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Junghyuk Kwon <kwon@junghy.uk>, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/activitylog/pkg/service/l10n/locale/nl/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-12 00:08+0000\n"
+"POT-Creation-Date: 2025-12-23 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Stephan Paternotte <stephan@paternottes.net>, 2025\n"
 "Language-Team: Dutch (https://app.transifex.com/opencloud-eu/teams/204053/nl/)\n"

services/activitylog/pkg/service/l10n/locale/ru/LC_MESSAGES/activitylog.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-12 00:08+0000\n"
+"POT-Creation-Date: 2025-12-23 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Lulufox, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/opencloud-eu/teams/204053/ru/)\n"

services/activitylog/pkg/service/l10n/locale/zh/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2026-01-09 00:08+0000\n"
+"POT-Creation-Date: 2025-12-20 00:05+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/activitylog/pkg/service/options.go

@@ -11,7 +11,6 @@ import (
 	"github.com/opencloud-eu/opencloud/services/activitylog/pkg/config"
 	"github.com/opencloud-eu/reva/v2/pkg/events"
 	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
-	microstore "go-micro.dev/v4/store"
 	"go.opentelemetry.io/otel/trace"
 )
 
@@ -25,7 +24,6 @@ type Options struct {
 	TraceProvider       trace.TracerProvider
 	Stream              events.Stream
 	RegisteredEvents    []events.Unmarshaller
-	Store               microstore.Store
 	GatewaySelector     pool.Selectable[gateway.GatewayAPIClient]
 	Mux                 *chi.Mux
 	HistoryClient       ehsvc.EventHistoryService
@@ -69,13 +67,6 @@ func RegisteredEvents(e []events.Unmarshaller) Option {
 	}
 }
 
-// Store configures the store to use
-func Store(store microstore.Store) Option {
-	return func(o *Options) {
-		o.Store = store
-	}
-}
-
 // GatewaySelector adds a grpc client selector for the gateway service
 func GatewaySelector(gatewaySelector pool.Selectable[gateway.GatewayAPIClient]) Option {
 	return func(o *Options) {

services/activitylog/pkg/service/service.go

@@ -2,6 +2,7 @@ package service
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/base32"
 	"encoding/json"
 	"fmt"
@@ -166,6 +167,18 @@ func New(opts ...Option) (*ActivitylogService, error) {
 	natsOptions := nats.Options{
 		Servers: o.Config.Store.Nodes,
 	}
+	if o.Config.Store.EnableTLS {
+		if o.Config.Store.TLSRootCACertificate != "" {
+			// when root ca is configured use it. an insecure flag is ignored.
+			nats.RootCAs(o.Config.Store.TLSRootCACertificate)(&natsOptions)
+		} else {
+			// enable tls and use insecure flag
+			nats.Secure(&tls.Config{MinVersion: tls.VersionTLS12, InsecureSkipVerify: o.Config.Store.TLSInsecure})(&natsOptions)
+		}
+	}
+	if o.Config.Store.AuthUsername != "" && o.Config.Store.AuthPassword != "" {
+		nats.UserInfo(o.Config.Store.AuthUsername, o.Config.Store.AuthPassword)(&natsOptions)
+	}
 	conn, err := natsOptions.Connect()
 	if err != nil {
 		return nil, err

services/antivirus/pkg/command/health.go

@@ -21,7 +21,13 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := log.NewLogger(
+				log.Name(cfg.Service.Name),
+				log.Level(cfg.Log.Level),
+				log.Pretty(cfg.Log.Pretty),
+				log.Color(cfg.Log.Color),
+				log.File(cfg.Log.File),
+			)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/antivirus/pkg/command/server.go

@@ -32,7 +32,14 @@ func Server(cfg *config.Config) *cobra.Command {
 				defer cancel()
 			}
 			ctx := cfg.Context
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+
+			logger := log.NewLogger(
+				log.Name(cfg.Service.Name),
+				log.Level(cfg.Log.Level),
+				log.Pretty(cfg.Log.Pretty),
+				log.Color(cfg.Log.Color),
+				log.File(cfg.Log.File),
+			)
 
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {

services/antivirus/pkg/config/config.go

@@ -29,10 +29,11 @@ const (
 
 // Config combines all available configuration parts.
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	File     string
-	LogLevel string `yaml:"loglevel" env:"OC_LOG_LEVEL;ANTIVIRUS_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug  `yaml:"debug" mask:"struct"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	File    string
+	Log     *Log
+
+	Debug Debug `yaml:"debug" mask:"struct"`
 
 	Service Service `yaml:"-"`
 
@@ -54,6 +55,14 @@ type Service struct {
 	Name string `yaml:"-"`
 }
 
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `mapstructure:"level" env:"OC_LOG_LEVEL;ANTIVIRUS_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `mapstructure:"pretty" env:"OC_LOG_PRETTY;ANTIVIRUS_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `mapstructure:"color" env:"OC_LOG_COLOR;ANTIVIRUS_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `mapstructure:"file" env:"OC_LOG_FILE;ANTIVIRUS_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 // Debug defines the available debug configuration.
 type Debug struct {
 	Addr   string `yaml:"addr" env:"ANTIVIRUS_DEBUG_ADDR" desc:"Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed." introductionVersion:"1.0.0"`

services/antivirus/pkg/config/defaults/defaultconfig.go

@@ -51,8 +51,8 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 }
 

services/antivirus/pkg/server/debug/server.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -18,9 +19,14 @@ import (
 func Server(opts ...Option) (*http.Server, error) {
 	options := newOptions(opts...)
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := handlers.NewCheckHandlerConfiguration().
 		WithLogger(options.Logger).
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint)).
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption)).
 		WithCheck("antivirus reachability", func(ctx context.Context) error {
 			cfg := options.Config
 			switch cfg.Scanner.Type {

services/app-provider/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/logging"
 	"github.com/spf13/cobra"
 )
 
@@ -20,7 +20,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/app-provider/pkg/command/server.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"os/signal"
 
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
 	"github.com/spf13/cobra"
 
@@ -16,6 +15,7 @@ import (
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/server/debug"
 )
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/app-provider/pkg/config/config.go

@@ -7,10 +7,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;APP_PROVIDER_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -24,6 +24,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;APP_PROVIDER_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;APP_PROVIDER_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;APP_PROVIDER_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;APP_PROVIDER_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Debug struct {
 	Addr   string `yaml:"addr" env:"APP_PROVIDER_DEBUG_ADDR" desc:"Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed." introductionVersion:"1.0.0"`
 	Token  string `yaml:"token" env:"APP_PROVIDER_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint" introductionVersion:"1.0.0"`

services/app-provider/pkg/config/defaults/defaultconfig.go

@@ -45,8 +45,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/app-provider/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/app-provider/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/app-registry/pkg/command/health.go

@@ -5,10 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/config/parser"
-
+	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/logging"
 	"github.com/spf13/cobra"
 )
 
@@ -21,7 +20,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/app-registry/pkg/command/server.go

@@ -6,17 +6,16 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
-
 	"github.com/spf13/cobra"
 )
 
@@ -29,7 +28,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/app-registry/pkg/config/config.go

@@ -9,10 +9,9 @@ import (
 type Config struct {
 	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
 
-	Service  Service `yaml:"-"`
-	LogLevel string  `yaml:"loglevel" env:"OC_LOG_LEVEL;APP_REGISTRY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-
-	Debug Debug `yaml:"debug"`
+	Service Service `yaml:"-"`
+	Log     *Log    `yaml:"log"`
+	Debug   Debug   `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -24,6 +23,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;APP_REGISTRY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;APP_REGISTRY_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;APP_REGISTRY_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;APP_REGISTRY_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }

services/app-registry/pkg/config/defaults/defaultconfig.go

@@ -122,8 +122,16 @@ func defaultMimeTypeConfig() []config.MimeTypeConfig {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/app-registry/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/app-registry/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/audit/pkg/command/server.go

@@ -7,10 +7,10 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
 	"github.com/opencloud-eu/opencloud/pkg/generators"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/services/audit/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/audit/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/audit/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/audit/pkg/server/debug"
 	svc "github.com/opencloud-eu/opencloud/services/audit/pkg/service"
 	"github.com/opencloud-eu/opencloud/services/audit/pkg/types"
@@ -35,7 +35,8 @@ func Server(cfg *config.Config) *cobra.Command {
 				defer cancel()
 			}
 			ctx := cfg.Context
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			gr := runner.NewGroup()
 
 			connName := generators.GenerateConnectionName(cfg.Service.Name, generators.NTypeBus)

services/audit/pkg/config/config.go

@@ -8,10 +8,12 @@ import (
 
 // Config combines all available configuration parts.
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUDIT_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+
+	Service Service `yaml:"-"`
+
+	Log   *Log  `yaml:"log"`
+	Debug Debug `yaml:"debug"`
 
 	Events   Events   `yaml:"events"`
 	Auditlog Auditlog `yaml:"auditlog"`

services/audit/pkg/config/defaults/defaultconfig.go

@@ -37,8 +37,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 }
 

services/audit/pkg/config/log.go

@@ -0,0 +1,9 @@
+package config
+
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUDIT_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUDIT_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUDIT_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUDIT_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}

services/audit/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/audit/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/audit/pkg/server/debug/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -13,9 +14,14 @@ import (
 func Server(opts ...Option) (*http.Server, error) {
 	options := newOptions(opts...)
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := handlers.NewCheckHandlerConfiguration().
 		WithLogger(options.Logger).
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint))
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption))
 
 	return debug.NewService(
 		debug.Logger(options.Logger),

services/auth-app/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/auth-app/pkg/command/server.go

@@ -6,7 +6,6 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	ogrpc "github.com/opencloud-eu/opencloud/pkg/service/grpc"
@@ -15,6 +14,7 @@ import (
 	settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/server/debug"
 	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/server/http"
@@ -37,7 +37,7 @@ func Server(cfg *config.Config) *cobra.Command {
 				fmt.Println("WARNING: Impersonation is enabled. Admins can impersonate all users.")
 			}
 
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/auth-app/pkg/config/config.go

@@ -8,10 +8,10 @@ import (
 
 // Config defines the root config structure
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 	HTTP HTTP       `yaml:"http"`
@@ -61,6 +61,14 @@ type RandPWOpts struct {
 	PasswordLength int `yaml:"password_length" env:"AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH" desc:"The number of charactors the generated passwords will have." introductionVersion:"4.0.0"`
 }
 
+// Log defines the loging configuration
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUTH_APP_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUTH_APP_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUTH_APP_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 // Service defines the service configuration
 type Service struct {
 	Name string `yaml:"-"`

services/auth-app/pkg/config/defaults/defaultconfig.go

@@ -63,8 +63,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.GRPCClientTLS == nil && cfg.Commons != nil {

services/auth-app/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/auth-app/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/auth-basic/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/auth-basic/pkg/command/server.go

@@ -7,13 +7,13 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
 	"github.com/opencloud-eu/opencloud/pkg/ldap"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -30,7 +30,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/auth-basic/pkg/config/config.go

@@ -7,10 +7,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -24,6 +24,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUTH_BASIC_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUTH_BASIC_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }

services/auth-basic/pkg/config/defaults/defaultconfig.go

@@ -86,9 +86,18 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
+
 	if cfg.Reva == nil && cfg.Commons != nil {
 		cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
 	}

services/auth-basic/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/auth-basic/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/auth-bearer/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/auth-bearer/pkg/command/server.go

@@ -6,13 +6,13 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/auth-bearer/pkg/config/config.go

@@ -7,11 +7,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUTH_BEARER_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-
-	Debug Debug `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -25,6 +24,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_BEARER_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUTH_BEARER_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUTH_BEARER_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUTH_BEARER_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }

services/auth-bearer/pkg/config/defaults/defaultconfig.go

@@ -42,8 +42,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/auth-bearer/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/auth-bearer/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/auth-machine/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/auth-machine/pkg/command/server.go

@@ -6,13 +6,13 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/auth-machine/pkg/config/config.go

@@ -7,10 +7,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUTH_MACHINE_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -24,6 +24,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_MACHINE_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUTH_MACHINE_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUTH_MACHINE_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUTH_MACHINE_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }

services/auth-machine/pkg/config/defaults/defaultconfig.go

@@ -37,9 +37,18 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
+
 	if cfg.Reva == nil && cfg.Commons != nil {
 		cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
 	}

services/auth-machine/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/auth-machine/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/auth-service/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/auth-service/pkg/command/server.go

@@ -6,13 +6,13 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/auth-service/pkg/config/config.go

@@ -7,10 +7,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;AUTH_SERVICE_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -23,6 +23,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_SERVICE_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;AUTH_SERVICE_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;AUTH_SERVICE_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;AUTH_SERVICE_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }

services/auth-service/pkg/config/defaults/defaultconfig.go

@@ -37,8 +37,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/auth-service/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/auth-service/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/clientlog/pkg/command/server.go

@@ -7,13 +7,13 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
 	"github.com/opencloud-eu/opencloud/pkg/generators"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/metrics"
 	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/server/debug"
 	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/service"
@@ -55,7 +55,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			tracerProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/clientlog/pkg/config/config.go

@@ -12,8 +12,7 @@ type Config struct {
 
 	Service Service `yaml:"-"`
 
-	LogLevel string `yaml:"loglevel" env:"OC_LOG_LEVEL;CLIENTLOG_USERLOG_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-
+	Log   *Log  `yaml:"log"`
 	Debug Debug `yaml:"debug"`
 
 	GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`

services/clientlog/pkg/config/defaults/defaultconfig.go

@@ -37,8 +37,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults ensures the config contains default values
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.GRPCClientTLS == nil && cfg.Commons != nil {

services/clientlog/pkg/config/log.go

@@ -0,0 +1,9 @@
+package config
+
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `mapstructure:"level" env:"OC_LOG_LEVEL;CLIENTLOG_USERLOG_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `mapstructure:"pretty" env:"OC_LOG_PRETTY;CLIENTLOG_USERLOG_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `mapstructure:"color" env:"OC_LOG_COLOR;CLIENTLOG_USERLOG_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `mapstructure:"file" env:"OC_LOG_FILE;CLIENTLOG_USERLOG_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}

services/clientlog/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/clientlog/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/clientlog/pkg/server/debug/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -13,9 +14,14 @@ import (
 func Server(opts ...Option) (*http.Server, error) {
 	options := newOptions(opts...)
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := handlers.NewCheckHandlerConfiguration().
 		WithLogger(options.Logger).
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint))
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption))
 
 	return debug.NewService(
 		debug.Logger(options.Logger),

services/collaboration/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/collaboration/pkg/command/server.go

@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
@@ -16,6 +15,7 @@ import (
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/config/parser"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/connector"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/helpers"
+	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/server/debug"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/server/grpc"
 	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/server/http"
@@ -35,7 +35,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err
@@ -100,6 +100,9 @@ func Server(cfg *config.Config) *cobra.Command {
 				microstore.Database(cfg.Store.Database),
 				microstore.Table(cfg.Store.Table),
 				store.Authentication(cfg.Store.AuthUsername, cfg.Store.AuthPassword),
+				store.TLSEnabled(cfg.Store.EnableTLS),
+				store.TLSInsecure(cfg.Store.TLSInsecure),
+				store.TLSRootCA(cfg.Store.TLSRootCACertificate),
 			)
 
 			gr := runner.NewGroup()

services/collaboration/pkg/config/config.go

@@ -22,8 +22,8 @@ type Config struct {
 	Wopi   Wopi   `yaml:"wopi"`
 	CS3Api CS3Api `yaml:"cs3api"`
 
-	LogLevel string `yaml:"loglevel" env:"OC_LOG_LEVEL;COLLABORATION_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug  `yaml:"debug"`
+	Log   *Log  `yaml:"log"`
+	Debug Debug `yaml:"debug"`
 
 	Context context.Context `yaml:"-"`
 }

services/collaboration/pkg/config/defaults/defaultconfig.go

@@ -72,8 +72,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {

services/collaboration/pkg/config/log.go

@@ -0,0 +1,9 @@
+package config
+
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;COLLABORATION_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;COLLABORATION_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;COLLABORATION_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;COLLABORATION_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}

services/collaboration/pkg/config/store.go

@@ -4,11 +4,14 @@ import "time"
 
 // Store configures the store to use
 type Store struct {
-	Store        string        `yaml:"store" env:"OC_PERSISTENT_STORE;COLLABORATION_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
-	Nodes        []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;COLLABORATION_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	Database     string        `yaml:"database" env:"COLLABORATION_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	Table        string        `yaml:"table" env:"COLLABORATION_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
-	TTL          time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;COLLABORATION_STORE_TTL" desc:"Time to live for events in the store. Defaults to '30m' (30 minutes). See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	AuthUsername string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;COLLABORATION_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	AuthPassword string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;COLLABORATION_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	Store                string        `yaml:"store" env:"OC_PERSISTENT_STORE;COLLABORATION_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
+	Nodes                []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;COLLABORATION_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	Database             string        `yaml:"database" env:"COLLABORATION_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	Table                string        `yaml:"table" env:"COLLABORATION_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
+	TTL                  time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;COLLABORATION_STORE_TTL" desc:"Time to live for events in the store. Defaults to '30m' (30 minutes). See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	AuthUsername         string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;COLLABORATION_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	AuthPassword         string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;COLLABORATION_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	EnableTLS            bool          `yaml:"enable_tls" env:"OC_PERSISTENT_STORE_ENABLE_TLS;COLLABORATION_STORE_ENABLE_TLS" desc:"Enable TLS for the connection to the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"%%NEXT%%"`
+	TLSInsecure          bool          `yaml:"tls_insecure" env:"OC_INSECURE;OC_PERSISTENT_STORE_TLS_INSECURE;COLLABORATION_STORE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	TLSRootCACertificate string        `yaml:"tls_root_ca_certificate" env:"OC_PERSISTENT_STORE_TLS_ROOT_CA_CERTIFICATE;COLLABORATION_STORE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided COLLABORATION_STORE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 }

services/collaboration/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/collaboration/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/eventhistory/pkg/command/server.go

@@ -7,13 +7,13 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
 	"github.com/opencloud-eu/opencloud/pkg/generators"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	ogrpc "github.com/opencloud-eu/opencloud/pkg/service/grpc"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/metrics"
 	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/server/debug"
 	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/server/grpc"
@@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err
@@ -71,6 +71,9 @@ func Server(cfg *config.Config) *cobra.Command {
 				microstore.Database(cfg.Store.Database),
 				microstore.Table(cfg.Store.Table),
 				store.Authentication(cfg.Store.AuthUsername, cfg.Store.AuthPassword),
+				store.TLSEnabled(cfg.Store.EnableTLS),
+				store.TLSInsecure(cfg.Store.TLSInsecure),
+				store.TLSRootCA(cfg.Store.TLSRootCACertificate),
 			)
 
 			service := grpc.NewService(

services/eventhistory/pkg/config/config.go

@@ -14,8 +14,8 @@ type Config struct {
 
 	Service Service `yaml:"-"`
 
-	LogLevel string `yaml:"loglevel" env:"OC_LOG_LEVEL;EVENTHISTORY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug  `yaml:"debug"`
+	Log   *Log  `yaml:"log"`
+	Debug Debug `yaml:"debug"`
 
 	GRPC          GRPCConfig            `yaml:"grpc"`
 	GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
@@ -36,13 +36,16 @@ type GRPCConfig struct {
 
 // Store configures the store to use
 type Store struct {
-	Store        string        `yaml:"store" env:"OC_PERSISTENT_STORE;EVENTHISTORY_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
-	Nodes        []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;EVENTHISTORY_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	Database     string        `yaml:"database" env:"EVENTHISTORY_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	Table        string        `yaml:"table" env:"EVENTHISTORY_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
-	TTL          time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;EVENTHISTORY_STORE_TTL" desc:"Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	AuthUsername string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;EVENTHISTORY_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	AuthPassword string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;EVENTHISTORY_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	Store                string        `yaml:"store" env:"OC_PERSISTENT_STORE;EVENTHISTORY_STORE" desc:"The type of the store. Supported values are: 'memory', 'nats-js-kv', 'redis-sentinel', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
+	Nodes                []string      `yaml:"nodes" env:"OC_PERSISTENT_STORE_NODES;EVENTHISTORY_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	Database             string        `yaml:"database" env:"EVENTHISTORY_STORE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	Table                string        `yaml:"table" env:"EVENTHISTORY_STORE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0"`
+	TTL                  time.Duration `yaml:"ttl" env:"OC_PERSISTENT_STORE_TTL;EVENTHISTORY_STORE_TTL" desc:"Time to live for events in the store. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	AuthUsername         string        `yaml:"username" env:"OC_PERSISTENT_STORE_AUTH_USERNAME;EVENTHISTORY_STORE_AUTH_USERNAME" desc:"The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	AuthPassword         string        `yaml:"password" env:"OC_PERSISTENT_STORE_AUTH_PASSWORD;EVENTHISTORY_STORE_AUTH_PASSWORD" desc:"The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	EnableTLS            bool          `yaml:"enable_tls" env:"OC_PERSISTENT_STORE_ENABLE_TLS;EVENTHISTORY_STORE_ENABLE_TLS" desc:"Enable TLS for the connection to the store. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"%%NEXT%%"`
+	TLSInsecure          bool          `yaml:"tls_insecure" env:"OC_INSECURE;OC_PERSISTENT_STORE_TLS_INSECURE;EVENTHISTORY_STORE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	TLSRootCACertificate string        `yaml:"tls_root_ca_certificate" env:"OC_PERSISTENT_STORE_TLS_ROOT_CA_CERTIFICATE;EVENTHISTORY_STORE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided EVENTHISTORY_STORE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 }
 
 // Events combines the configuration options for the event bus.

services/eventhistory/pkg/config/defaults/defaultconfig.go

@@ -48,8 +48,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults ensures the config contains default values
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.GRPCClientTLS == nil && cfg.Commons != nil {

services/eventhistory/pkg/config/log.go

@@ -0,0 +1,9 @@
+package config
+
+// Log defines the available log configuration.
+type Log struct {
+	Level  string `mapstructure:"level" env:"OC_LOG_LEVEL;EVENTHISTORY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `mapstructure:"pretty" env:"OC_LOG_PRETTY;EVENTHISTORY_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `mapstructure:"color" env:"OC_LOG_COLOR;EVENTHISTORY_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `mapstructure:"file" env:"OC_LOG_FILE;EVENTHISTORY_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}

services/eventhistory/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/eventhistory/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/eventhistory/pkg/server/debug/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -17,8 +18,13 @@ func Server(opts ...Option) (*http.Server, error) {
 		WithLogger(options.Logger).
 		WithCheck("grpc reachability", checks.NewGRPCCheck(options.Config.GRPC.Addr))
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := healthHandlerConfiguration.
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint))
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption))
 
 	return debug.NewService(
 		debug.Logger(options.Logger),

services/frontend/pkg/command/health.go

@@ -6,9 +6,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/frontend/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -22,7 +22,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/frontend/pkg/command/server.go

@@ -6,13 +6,13 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/frontend/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/frontend/pkg/config/config.go

@@ -8,10 +8,10 @@ import (
 )
 
 type Config struct {
-	Commons  *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
-	Service  Service         `yaml:"-"`
-	LogLevel string          `yaml:"loglevel" env:"OC_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug           `yaml:"debug"`
+	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
+	Service Service         `yaml:"-"`
+	Log     *Log            `yaml:"log"`
+	Debug   Debug           `yaml:"debug"`
 
 	HTTP HTTPConfig `yaml:"http"`
 
@@ -67,6 +67,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;FRONTEND_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;FRONTEND_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;FRONTEND_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }
@@ -122,18 +129,21 @@ type DataGateway struct {
 }
 
 type OCS struct {
-	Prefix                      string        `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"URL path prefix for the OCS service. Note that the string must not start with '/'." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
-	SharePrefix                 string        `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares as part of a CS3 resource. Note that the path must start with '/'." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
-	HomeNamespace               string        `yaml:"home_namespace" env:"FRONTEND_OCS_PERSONAL_NAMESPACE" desc:"Home namespace identifier." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
-	AdditionalInfoAttribute     string        `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user like {{.Mail}}." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
-	StatCacheType               string        `yaml:"stat_cache_type" env:"OC_CACHE_STORE;FRONTEND_OCS_STAT_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE, the OCS API is deprecated" deprecationReplacement:""`
-	StatCacheNodes              []string      `yaml:"stat_cache_nodes" env:"OC_CACHE_STORE_NODES;FRONTEND_OCS_STAT_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE_NODES, the OCS API is deprecated" deprecationReplacement:""`
-	StatCacheDatabase           string        `yaml:"stat_cache_database" env:"OC_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	StatCacheTable              string        `yaml:"stat_cache_table" env:"FRONTEND_OCS_STAT_CACHE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
-	StatCacheTTL                time.Duration `yaml:"stat_cache_ttl" env:"OC_CACHE_TTL;FRONTEND_OCS_STAT_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_TTL, the OCS API is deprecated" deprecationReplacement:""`
-	StatCacheDisablePersistence bool          `yaml:"stat_cache_disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE;FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE" desc:"Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE, the OCS API is deprecated" deprecationReplacement:""`
-	StatCacheAuthUsername       string        `yaml:"stat_cache_auth_username" env:"OC_CACHE_AUTH_USERNAME;FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME, the OCS API is deprecated" deprecationReplacement:""`
-	StatCacheAuthPassword       string        `yaml:"stat_cache_auth_password" env:"OC_CACHE_AUTH_PASSWORD;FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD, the OCS API is deprecated" deprecationReplacement:""`
+	Prefix                        string        `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"URL path prefix for the OCS service. Note that the string must not start with '/'." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
+	SharePrefix                   string        `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares as part of a CS3 resource. Note that the path must start with '/'." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
+	HomeNamespace                 string        `yaml:"home_namespace" env:"FRONTEND_OCS_PERSONAL_NAMESPACE" desc:"Home namespace identifier." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
+	AdditionalInfoAttribute       string        `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user like {{.Mail}}." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
+	StatCacheType                 string        `yaml:"stat_cache_type" env:"OC_CACHE_STORE;FRONTEND_OCS_STAT_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheNodes                []string      `yaml:"stat_cache_nodes" env:"OC_CACHE_STORE_NODES;FRONTEND_OCS_STAT_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE_NODES, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheDatabase             string        `yaml:"stat_cache_database" env:"OC_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	StatCacheTable                string        `yaml:"stat_cache_table" env:"FRONTEND_OCS_STAT_CACHE_TABLE" desc:"The database table the store should use." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
+	StatCacheTTL                  time.Duration `yaml:"stat_cache_ttl" env:"OC_CACHE_TTL;FRONTEND_OCS_STAT_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_TTL, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheDisablePersistence   bool          `yaml:"stat_cache_disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE;FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE" desc:"Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheAuthUsername         string        `yaml:"stat_cache_auth_username" env:"OC_CACHE_AUTH_USERNAME;FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheAuthPassword         string        `yaml:"stat_cache_auth_password" env:"OC_CACHE_AUTH_PASSWORD;FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"1.0.0" deprecationVersion:"1.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD, the OCS API is deprecated" deprecationReplacement:""`
+	StatCacheEnableTLS            bool          `yaml:"stat_cache_enable_tls" env:"OC_CACHE_ENABLE_TLS;FRONTEND_OCS_STAT_CACHE_ENABLE_TLS" desc:"Enable TLS for the connection to file metadata cache." introductionVersion:"%%NEXT%%"`
+	StatCacheTLSInsecure          bool          `yaml:"stat_cache_tls_insecure" env:"OC_INSECURE;OC_CACHE_TLS_INSECURE;FRONTEND_OCS_STAT_CACHE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	StatCacheTLSRootCACertificate string        `yaml:"stat_cache_tls_root_ca_certificate" env:"OC_CACHE_TLS_ROOT_CA_CERTIFICATE;FRONTEND_OCS_STAT_CACHE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided FRONTEND_OCS_STAT_CACHE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 
 	CacheWarmupDriver                    string             `yaml:"cache_warmup_driver,omitempty"`  // not supported by the OpenCloud product, therefore not part of docs
 	CacheWarmupDrivers                   CacheWarmupDrivers `yaml:"cache_warmup_drivers,omitempty"` // not supported by the OpenCloud product, therefore not part of docs

services/frontend/pkg/config/defaults/defaultconfig.go

@@ -164,8 +164,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/frontend/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}

services/frontend/pkg/revaconfig/config.go

@@ -164,14 +164,17 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 					"share_prefix":         cfg.OCS.SharePrefix,
 					"home_namespace":       cfg.OCS.HomeNamespace,
 					"stat_cache_config": map[string]interface{}{
-						"cache_store":               cfg.OCS.StatCacheType,
-						"cache_nodes":               cfg.OCS.StatCacheNodes,
-						"cache_database":            cfg.OCS.StatCacheDatabase,
-						"cache_table":               cfg.OCS.StatCacheTable,
-						"cache_ttl":                 cfg.OCS.StatCacheTTL,
-						"cache_disable_persistence": cfg.OCS.StatCacheDisablePersistence,
-						"cache_auth_username":       cfg.OCS.StatCacheAuthUsername,
-						"cache_auth_password":       cfg.OCS.StatCacheAuthPassword,
+						"cache_store":                   cfg.OCS.StatCacheType,
+						"cache_nodes":                   cfg.OCS.StatCacheNodes,
+						"cache_database":                cfg.OCS.StatCacheDatabase,
+						"cache_table":                   cfg.OCS.StatCacheTable,
+						"cache_ttl":                     cfg.OCS.StatCacheTTL,
+						"cache_disable_persistence":     cfg.OCS.StatCacheDisablePersistence,
+						"cache_auth_username":           cfg.OCS.StatCacheAuthUsername,
+						"cache_auth_password":           cfg.OCS.StatCacheAuthPassword,
+						"cache_tls_enabled":             cfg.OCS.StatCacheEnableTLS,
+						"cache_tls_insecure":            cfg.OCS.StatCacheTLSInsecure,
+						"cache_tls_root_ca_certificate": cfg.OCS.StatCacheTLSRootCACertificate,
 					},
 					"prefix":                    cfg.OCS.Prefix,
 					"additional_info_attribute": cfg.OCS.AdditionalInfoAttribute,

services/frontend/pkg/server/debug/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/checks"
 	"github.com/opencloud-eu/opencloud/pkg/handlers"
+	"github.com/opencloud-eu/opencloud/pkg/nats"
 	"github.com/opencloud-eu/opencloud/pkg/service/debug"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 )
@@ -17,8 +18,13 @@ func Server(opts ...Option) (*http.Server, error) {
 		WithLogger(options.Logger).
 		WithCheck("web reachability", checks.NewHTTPCheck(options.Config.HTTP.Addr))
 
+	secureOption := nats.Secure(
+		options.Config.Events.EnableTLS,
+		options.Config.Events.TLSInsecure,
+		options.Config.Events.TLSRootCACertificate,
+	)
 	readyHandlerConfiguration := healthHandlerConfiguration.
-		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint))
+		WithCheck("nats reachability", checks.NewNatsCheck(options.Config.Events.Endpoint, secureOption))
 
 	return debug.NewService(
 		debug.Logger(options.Logger),

services/gateway/pkg/command/health.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/gateway/pkg/logging"
 
 	"github.com/spf13/cobra"
 )
@@ -21,7 +21,7 @@ func Health(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnError(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 
 			resp, err := http.Get(
 				fmt.Sprintf(

services/gateway/pkg/command/server.go

@@ -6,13 +6,13 @@ import (
 	"os/signal"
 
 	"github.com/opencloud-eu/opencloud/pkg/config/configlog"
-	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/pkg/registry"
 	"github.com/opencloud-eu/opencloud/pkg/runner"
 	"github.com/opencloud-eu/opencloud/pkg/tracing"
 	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/config/parser"
+	"github.com/opencloud-eu/opencloud/services/gateway/pkg/logging"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/revaconfig"
 	"github.com/opencloud-eu/opencloud/services/gateway/pkg/server/debug"
 	"github.com/opencloud-eu/reva/v2/cmd/revad/runtime"
@@ -29,7 +29,7 @@ func Server(cfg *config.Config) *cobra.Command {
 			return configlog.ReturnFatal(parser.ParseConfig(cfg))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			logger := log.Configure(cfg.Service.Name, cfg.Commons, cfg.LogLevel)
+			logger := logging.Configure(cfg.Service.Name, cfg.Log)
 			traceProvider, err := tracing.GetTraceProvider(cmd.Context(), cfg.Commons.TracesExporter, cfg.Service.Name)
 			if err != nil {
 				return err

services/gateway/pkg/config/config.go

@@ -10,9 +10,9 @@ import (
 type Config struct {
 	Commons *shared.Commons `yaml:"-"` // don't use this directly as configuration for a service
 
-	Service  Service `yaml:"-"`
-	LogLevel string  `yaml:"loglevel" env:"OC_LOG_LEVEL;GATEWAY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
-	Debug    Debug   `yaml:"debug"`
+	Service Service `yaml:"-"`
+	Log     *Log    `yaml:"log"`
+	Debug   Debug   `yaml:"debug"`
 
 	GRPC GRPCConfig `yaml:"grpc"`
 
@@ -50,6 +50,13 @@ type Config struct {
 	Context context.Context `yaml:"-"`
 }
 
+type Log struct {
+	Level  string `yaml:"level" env:"OC_LOG_LEVEL;GATEWAY_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
+	Pretty bool   `yaml:"pretty" env:"OC_LOG_PRETTY;GATEWAY_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"1.0.0"`
+	Color  bool   `yaml:"color" env:"OC_LOG_COLOR;GATEWAY_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"1.0.0"`
+	File   string `yaml:"file" env:"OC_LOG_FILE;GATEWAY_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"1.0.0"`
+}
+
 type Service struct {
 	Name string `yaml:"-"`
 }
@@ -84,11 +91,18 @@ type Cache struct {
 	ProviderCacheDisablePersistence   bool          `yaml:"provider_cache_disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE;GATEWAY_PROVIDER_CACHE_DISABLE_PERSISTENCE" desc:"Disables persistence of the provider cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false." introductionVersion:"1.0.0"`
 	ProviderCacheAuthUsername         string        `yaml:"provider_cache_auth_username" env:"OC_CACHE_AUTH_USERNAME;GATEWAY_PROVIDER_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
 	ProviderCacheAuthPassword         string        `yaml:"provider_cache_auth_password" env:"OC_CACHE_AUTH_PASSWORD;GATEWAY_PROVIDER_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	CreateHomeCacheStore              string        `yaml:"create_home_cache_store" env:"OC_CACHE_STORE;GATEWAY_CREATE_HOME_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
-	CreateHomeCacheNodes              []string      `yaml:"create_home_cache_nodes" env:"OC_CACHE_STORE_NODES;GATEWAY_CREATE_HOME_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	CreateHomeCacheDatabase           string        `yaml:"create_home_cache_database" env:"OC_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
-	CreateHomeCacheTTL                time.Duration `yaml:"create_home_cache_ttl" env:"OC_CACHE_TTL;GATEWAY_CREATE_HOME_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
-	CreateHomeCacheDisablePersistence bool          `yaml:"create_home_cache_disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE;GATEWAY_CREATE_HOME_CACHE_DISABLE_PERSISTENCE" desc:"Disables persistence of the create home cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false." introductionVersion:"1.0.0"`
-	CreateHomeCacheAuthUsername       string        `yaml:"create_home_cache_auth_username" env:"OC_CACHE_AUTH_USERNAME;GATEWAY_CREATE_HOME_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
-	CreateHomeCacheAuthPassword       string        `yaml:"create_home_cache_auth_password" env:"OC_CACHE_AUTH_PASSWORD;GATEWAY_CREATE_HOME_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	ProviderCacheEnableTLS            bool          `yaml:"provider_cache_enable_tls" env:"OC_CACHE_ENABLE_TLS;GATEWAY_PROVIDER_CACHE_ENABLE_TLS" desc:"Enable TLS for the connection to file metadata cache." introductionVersion:"%%NEXT%%"`
+	ProviderCacheTLSInsecure          bool          `yaml:"provider_cache_tls_insecure" env:"OC_INSECURE;OC_CACHE_TLS_INSECURE;GATEWAY_PROVIDER_CACHE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	ProviderCacheTLSRootCACertificate string        `yaml:"provider_cache_tls_root_ca_certificate" env:"OC_CACHE_TLS_ROOT_CA_CERTIFICATE;GATEWAY_PROVIDER_CACHE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided GATEWAY_PROVIDER_CACHE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
+
+	CreateHomeCacheStore                string        `yaml:"create_home_cache_store" env:"OC_CACHE_STORE;GATEWAY_CREATE_HOME_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"1.0.0"`
+	CreateHomeCacheNodes                []string      `yaml:"create_home_cache_nodes" env:"OC_CACHE_STORE_NODES;GATEWAY_CREATE_HOME_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	CreateHomeCacheDatabase             string        `yaml:"create_home_cache_database" env:"OC_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"1.0.0"`
+	CreateHomeCacheTTL                  time.Duration `yaml:"create_home_cache_ttl" env:"OC_CACHE_TTL;GATEWAY_CREATE_HOME_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"1.0.0"`
+	CreateHomeCacheDisablePersistence   bool          `yaml:"create_home_cache_disable_persistence" env:"OC_CACHE_DISABLE_PERSISTENCE;GATEWAY_CREATE_HOME_CACHE_DISABLE_PERSISTENCE" desc:"Disables persistence of the create home cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false." introductionVersion:"1.0.0"`
+	CreateHomeCacheAuthUsername         string        `yaml:"create_home_cache_auth_username" env:"OC_CACHE_AUTH_USERNAME;GATEWAY_CREATE_HOME_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	CreateHomeCacheAuthPassword         string        `yaml:"create_home_cache_auth_password" env:"OC_CACHE_AUTH_PASSWORD;GATEWAY_CREATE_HOME_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when store type 'nats-js-kv' is configured." introductionVersion:"1.0.0"`
+	CreateHomeCacheEnableTLS            bool          `yaml:"create_home_cache_enable_tls" env:"OC_CACHE_ENABLE_TLS;GATEWAY_CREATE_HOME_CACHE_ENABLE_TLS" desc:"Enable TLS for the connection to file metadata cache." introductionVersion:"%%NEXT%%"`
+	CreateHomeCacheTLSInsecure          bool          `yaml:"create_home_cache_tls_insecure" env:"OC_INSECURE;OC_CACHE_TLS_INSECURE;GATEWAY_CREATE_HOME_CACHE_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"`
+	CreateHomeCacheTLSRootCACertificate string        `yaml:"create_home_cache_tls_root_ca_certificate" env:"OC_CACHE_TLS_ROOT_CA_CERTIFICATE;GATEWAY_CREATE_HOME_CACHE_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided GATEWAY_CREATE_HOME_CACHE_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"`
 }

services/gateway/pkg/config/defaults/defaultconfig.go

@@ -74,8 +74,16 @@ func DefaultConfig() *config.Config {
 
 // EnsureDefaults adds default values to the configuration if they are not set yet
 func EnsureDefaults(cfg *config.Config) {
-	if cfg.LogLevel == "" {
-		cfg.LogLevel = "error"
+	// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
+	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Log = &config.Log{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Log == nil {
+		cfg.Log = &config.Log{}
 	}
 
 	if cfg.Reva == nil && cfg.Commons != nil {

services/gateway/pkg/logging/logging.go

@@ -0,0 +1,17 @@
+package logging
+
+import (
+	"github.com/opencloud-eu/opencloud/pkg/log"
+	"github.com/opencloud-eu/opencloud/services/gateway/pkg/config"
+)
+
+// Configure initializes a service-specific logger instance.
+func Configure(name string, cfg *config.Log) log.Logger {
+	return log.NewLogger(
+		log.Name(name),
+		log.Level(cfg.Level),
+		log.Pretty(cfg.Pretty),
+		log.Color(cfg.Color),
+		log.File(cfg.File),
+	)
+}