Gateway Configuration
Configuration via JSON
The Ceptor Gateway is configured using JSON properties stored in ceptor-configuration.xml
The configuration values can be stored for either the individual gateway server itself, or it can be inherited (and shared between multiple gateway instances) by placing this configuration in a server entry which the individual gateways extends from.
Below is an example of a JSON configuration embedded within ceptor-configuration.xml - this JSON configuration can be edited directly, but the easiest way, is to do this using the Ceptor Console, which allows editing each field using a GUI editor which means you do not have to bother about json names or syntaxes. Note that in this example, the destinations and locations have been removed to keep the size down.
<server name="gateway1" type="gateway" description="gateway server" extends=""> <group name="_JSON_" description="JSON configuration"> <property name="gateway_JSON_" description="Gateway configuration"> <![CDATA[{ "session": { "cookie.not.for.uri": "*.crl", "resolvers": [ "io.ceptor.session.SessionResolverSSLClientCert", "io.ceptor.session.SessionResolverBearerToken", "io.ceptor.session.SessionResolverDomainRedirect", "io.ceptor.session.SessionResolverCookie" ], "cookie.no.cachecontrol.header.for": "*.crl|*.pdf", "http.cookiename": "sessionid", "https.cookiename": "sslsessionid", "cookie.path": "/", "cookie.use.httponly": true, "sessionfixation.addcookie": true, "sessionfixation.defense": true, "cookie.obfuscate": true, "cookie.use.domain": true }, "destinations": [ ], "locations": [ ], "gateway": { "accesslog.suffix": "log", "sslaccelerator": { "address": "10.0.0.1;10.0.0.2", "header.client.ip": "X-Forwarded-For", "header.client.port": "X-Forwarded-Port" }, "clusterid": 0, "environmentid": 0, "accesslog.directory": "/temp", "workerthreads": 20, "accesslog.pattern": "%{REMOTE_ADDR}(:%{REMOTE_PORT}) - \"%{REMOTE_USER}\" %{TIME_LOGFORMAT} \"%{ORIGINAL_REQUEST}\" \"%{ORIGINAL_REQUEST_SCHEME}://%{ORIGINAL_HOST}\" %{HTTP_RESPONSECODE} %{HTTP_BYTESSENT} %{HTTP_RESPONSETIME} \"%{HTTP_REFERER}\"%{EXCEPTION_LOG}", "segmentid": 0, "iothreads": 4, "accesslog.basename": "accesslog", "accesslog.type": "file", "max.entity.size": 67108864, "group": "default" }, "listen": [ { "address": "0.0.0.0", "scheme": "http", "port": 8000 }, { "address": "0.0.0.0", "scheme": "ajp", "port": 8001 }, { "sslcontext": { "ssl.protocol": "TLS", "keystore.file": "${portalprotect.home}/dispatcher/portalprotect.key", "keystore.password": "changeit", "useciphersuites.order": true, "truststore.password": "password", "needclientauth": false, "wantclientauth": true, "keystore.provider": "SUN", "keystore.type": "JKS", "excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3", "allowrenegotiate": false, "truststore.file": "${portalprotect.home}/config/x509/issuer/certissuer.pfx", "excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*", "includeprotocols": "TLSv1.2,TLSv1.1", "includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA", "truststore.type": "PKCS12", "truststore.provider": "BC" }, "address": "0.0.0.0", "scheme": "https", "port": 8443 } ] }]]>
The configuration is split into different JSON objects, which mimics the configuration screens in the console;
- gateway
Gateway global settings, such as number of threads, max POST size, cluster IDs and access log configuration. - session
Session related configuration, such as session resolvers, cookie names, scripts etc. - listen
Listener configuration, TCP port numbers, SSL settings and protocols - allows you to set up listeners on various ports and protocols. - locations
Locations and their settings - you can potentially have hundreds or even thousands of locations - bear in mind though that each location is processed sequentially and its conditions are checked for a match - so there is a (low, but existing) performance cost of chaining hundreds of checks - especially if conditions include regular expressions and not simple string matching. Consider nesting locations to reduce the number of check required and group locations e.g. by virtual server. - destinations
Contains the destination clusters of target servers that requests can be proxied to. - pipelines
Pipelines and tasks, which enable ESB or API Gateway functionality. - cannedreplies
Define "canned" replies, reusable from within various locations. - ipranges
Create IP ranges, which contain IP ranges defined locally, loaded from files, or from Online IP Reputation Databases.
© Ceptor ApS. All Rights Reserved.