Destination Target Servers
A destination target server is stored within the JSON property targets which is an array of JSON objects - each target server is an object within it.
"targets": [{ "sslcontext": { "excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3", "allowrenegotiate": false, "excludeciphersuites": "SSL,SSLv2,SSLv2Hello,SSLv3", "useciphersuites.order": true, "includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA", "truststore.type": "JKS", "truststore.provider": "BC" }, "scheme": "http", "port": 8080, "unavailable": false, "name": "demoapp1", "host": "127.0.0.1", "disabled": false, "bindaddress": "", "bindport": 0 "limits": { "queue.length": 100, "max.idle.connections.hard": 20, "idle.ttl": 10, "max.idle.connections.soft": 5, "max.concurrent.requests": 20 } }],
Within the individual target, sslcontext and limits are optional - if not specified, the relevant settings for the destination itself will be used.
Often, these limits are used to allow more concurrent requests towards one server than toward another in case one have more resources than the other.
Target Settings
Name
Target name - used to identify the target server selected, and a hash of the name is stored in a cookie, if the server is sticky.
Default: none
JSON key: name
Scheme / Protocol
Scheme / Protocol to use when connecting to the server, use http or https
Default: http
JSON key: scheme
IP Address / Hostname
IP Address or hostname of server to connect to.
Default: none, must be specified
JSON key: host
TCP Port
TCP Port to connect to, usually 80 for http and 443 for https.
Default: none
JSON key: port
TCP Binding
Bind Address
If specified, this is the address to bind to when making the connection to the target server - leave blank to autoassing. This is useful when you want to select a particular network interface.
You can specify either an IP address or a hostname, which will then be resolved to the IP address - this address needs to match a network interface on your machine.
Default: Uses setting for destination
JSON key: bindaddress
Minimum Version: 5.61
Bind Port
TCP port to bind to when connecting to target server. Set to 0 to autoassign port. Only used when also specifying the bind address
Default: 0
JSON key: bindport
Minimum Version: 5.61
Override destination configuration
Override SSL from destination settings
Check to override SSL settings
Default: none
JSON key: If sslcontext JSON Object is present, then override is enabled.
Override Limits from destination settings
Check to override limits
JSON key: if limits JSON Object is present, then override is enabled.
Availability settings
Unavailable for new users
Check if unavailable for new users - in this case, no new users will be assigned to this destination server.
Default: false
JSON key: unavailable
Disabled
Check if disabled and no connections should be sent to this target, existing users will failover to other targets
Default: false
JSON key: disabled
SSL Settings
If override SSL is enabled, you can specify the SSL settings.
They are saved in the JSON key sslcontext within the targets JSON Object.
SSL Settings
JCE Provider
Name of SSL JCE Provider to use, or leave blank for default JDK
Default: blank, meaning JDK default.
JSON key: ssl.provider
Protocol
Name of SSL Protocol (e.g. TLS), or leave blank for default. Note that some SSL protocols are insecure - but old server implementations might require you to use an older protocol - typical protocols are TLS, TLSv1.1, TLSv1.2
Default: blank, meaning JDK default.
JSON key: ssl.protocol
Allow renegotiate
Allow unsecure renegotiation, turn off for best security.
Default: false
JSON key: allowrenegotiate
Exclude protocols
Comma/semicolon separated list of SSL protocols to exclude from the JCE default protocols list - patterns are regex expressions.
Default: SSL,SSLv2,SSLv2Hello,SSLv3
JSON key: excludeprotocols
Include protocols
Comma/semicolon separated list of protocols to include from the JCE supported protocols list - patterns are regex expressions
Default: none, meaning JDK default
JSON key:includeprotocols
Use ciphersuites order
If set, use configured cipher suites order and prefer first, if not set order does not matter when selecting which cipher suite to use.
Default: true
JSON key: useciphersuites.order
Exclude ciphersuites
Comma/semicolon separated list of ciphersuites to exclude from the JCE default ciphersuites list - patterns are regex expressions.
Default: .*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*
JSON key: excludeciphersuites
Include ciphersuites
Comma/semicolon separated list of ciphersuites to include from the JCE supported ciphersuites list - patterns are regex expressions
Default: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
JSON key:includeciphersuites
Truststore type
Type of truststore, e.g. PKCS12, or JKS (default PKCS12
Default: PKCS12
JSON key: truststore.type
Truststore provider
Name of JCE provider (default BC)
Default: BC
JSON key: truststore.provider
Truststore file
Name of and path to file containing truststore
Default: none
JSON key: truststore.file
Truststore password
Password for the truststore and keys within - can optionally be encrypted/obfuscated
Default: none
JSON key: truststore.password
Limits
If override is enable, the limits can be specified for the specific target server.
Limits are stored in the limits JSON Object inside the specific targets JSON Object.
Limits on connections and queues
Max concurrent per IO thread
Maximum number of concurrent requests (PER IO THREAD) for a target server, requests above this limit will be queued (default is 20). See the settings for number of IO threads here: Config - Gateway Settings
Default: 20
JSON key: max.concurrent.requests
Queue size
Number of connections that can be queued waiting for an available connection
Default: 500
JSON key: queue.length
Timeout in seconds
Request timeout in seconds - maximum number of seconds to wait for a reply from the server.
Default: 30
JSON key: timeout.seconds
Max idle connections
Maximum number of idle connections to a target server - connections exceeding this count will be closed instead of being pooled for new requests.
Default: 20
JSON key: max.idle.connections.hard
Minimum idle connections
The minimum number of connections that this proxy connection pool will try and keep established. Once the pool is down to this number of connections no more connections will be timed out.
This value is per IO thread, so to get the actual value this must be multiplied by the number of IO threads
Default: 5
JSON key: max.idle.connections.soft
Idle timeout (milliseconds)
Number of milliseconds until timing out idle connections above the minimum limit, set to 0 or -1 to disable
Default: -1
JSON key: idle.ttl
© Ceptor ApS. All Rights Reserved.