The Ceptor Gateway is configured using JSON properties stored in ceptor-configuration.xml
The configuration values can be stored for either the individual gateway server itself, or it can be inherited (and shared between multiple gateway instances) by placing this configuration in a server entry which the individual gateways extends from.
Below is an example of a JSON configuration embedded within ceptor-configuration.xml - this JSON configuration can be edited directly, but the easiest way, is to do this using the Ceptor Console, which allows editing each field using a GUI editor which means you do not have to bother about json names or syntaxes. Note that in this example, the destinations and locations have been removed to keep the size down.
<server name="gateway1" type="gateway" description="gateway server" extends="">
<group name="_JSON_" description="JSON configuration">
<property name="gateway_JSON_" description="Gateway configuration">
<![CDATA[{
"session": {
"cookie.not.for.uri": "*.crl",
"resolvers": [
"io.ceptor.session.SessionResolverSSLClientCert",
"io.ceptor.session.SessionResolverBearerToken",
"io.ceptor.session.SessionResolverDomainRedirect",
"io.ceptor.session.SessionResolverCookie"
],
"cookie.no.cachecontrol.header.for": "*.crl|*.pdf",
"http.cookiename": "sessionid",
"https.cookiename": "sslsessionid",
"cookie.path": "/",
"cookie.use.httponly": true,
"sessionfixation.addcookie": true,
"sessionfixation.defense": true,
"cookie.obfuscate": true,
"cookie.use.domain": true
},
"destinations": [
],
"locations": [
],
"gateway": {
"accesslog.suffix": "log",
"sslaccelerator": {
"address": "10.0.0.1;10.0.0.2",
"header.client.ip": "X-Forwarded-For",
"header.client.port": "X-Forwarded-Port"
},
"clusterid": 0,
"environmentid": 0,
"accesslog.directory": "/temp",
"workerthreads": 20,
"accesslog.pattern": "%{REMOTE_ADDR}(:%{REMOTE_PORT}) - \"%{REMOTE_USER}\" %{TIME_LOGFORMAT} \"%{ORIGINAL_REQUEST}\" \"%{ORIGINAL_REQUEST_SCHEME}://%{ORIGINAL_HOST}\" %{HTTP_RESPONSECODE} %{HTTP_BYTESSENT} %{HTTP_RESPONSETIME} \"%{HTTP_REFERER}\"%{EXCEPTION_LOG}",
"segmentid": 0,
"iothreads": 4,
"accesslog.basename": "accesslog",
"accesslog.type": "file",
"max.entity.size": 67108864,
"group": "default"
},
"listen": [
{
"address": "0.0.0.0",
"scheme": "http",
"port": 8000
},
{
"address": "0.0.0.0",
"scheme": "ajp",
"port": 8001
},
{
"sslcontext": {
"ssl.protocol": "TLS",
"keystore.file": "${portalprotect.home}/dispatcher/portalprotect.key",
"keystore.password": "changeit",
"useciphersuites.order": true,
"truststore.password": "password",
"needclientauth": false,
"wantclientauth": true,
"keystore.provider": "SUN",
"keystore.type": "JKS",
"excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3",
"allowrenegotiate": false,
"truststore.file": "${portalprotect.home}/config/x509/issuer/certissuer.pfx",
"excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*",
"includeprotocols": "TLSv1.2,TLSv1.1",
"includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA",
"truststore.type": "PKCS12",
"truststore.provider": "BC"
},
"address": "0.0.0.0",
"scheme": "https",
"port": 8443
}
]
}]]> |
The configuration is split into different JSON objects, which mimics the configuration screens in the console;