Gateway Configuration

Configuration via JSON

The Ceptor Gateway is configured using JSON properties stored in ceptor-configuration.xml

The configuration values can be stored for either the individual gateway server itself, or it can be inherited (and shared between multiple gateway instances) by placing this configuration in a server entry which the individual gateways extends from.

Below is an example of a JSON configuration embedded within ceptor-configuration.xml - this JSON configuration can be edited directly, but the easiest way, is to do this using the Ceptor Console, which allows editing each field using a GUI editor which means you do not have to bother about json names or syntaxes. Note that in this example, the destinations and locations have been removed to keep the size down.

Example snippet from ceptor-configuration.xml
	<server name="gateway1" type="gateway" description="gateway server" extends="">
		<group name="_JSON_" description="JSON configuration">
			<property name="gateway_JSON_" description="Gateway configuration">
<![CDATA[{
  "session": {
    "cookie.not.for.uri": "*.crl",
    "resolvers": [
      "io.ceptor.session.SessionResolverSSLClientCert",
      "io.ceptor.session.SessionResolverBearerToken",
      "io.ceptor.session.SessionResolverDomainRedirect",
      "io.ceptor.session.SessionResolverCookie"
    ],
    "cookie.no.cachecontrol.header.for": "*.crl|*.pdf",
    "http.cookiename": "sessionid",
    "https.cookiename": "sslsessionid",
    "cookie.path": "/",
    "cookie.use.httponly": true,
    "sessionfixation.addcookie": true,
    "sessionfixation.defense": true,
    "cookie.obfuscate": true,
    "cookie.use.domain": true
  },
  "destinations": [
  ],
  "locations": [
  ],
  "gateway": {
    "accesslog.suffix": "log",
    "sslaccelerator": {
      "address": "10.0.0.1;10.0.0.2",
      "header.client.ip": "X-Forwarded-For",
      "header.client.port": "X-Forwarded-Port"
    },
    "clusterid": 0,
    "environmentid": 0,
    "accesslog.directory": "/temp",
    "workerthreads": 20,
    "accesslog.pattern": "%{REMOTE_ADDR}(:%{REMOTE_PORT}) - \"%{REMOTE_USER}\" %{TIME_LOGFORMAT} \"%{ORIGINAL_REQUEST}\" \"%{ORIGINAL_REQUEST_SCHEME}://%{ORIGINAL_HOST}\" %{HTTP_RESPONSECODE} %{HTTP_BYTESSENT} %{HTTP_RESPONSETIME} \"%{HTTP_REFERER}\"%{EXCEPTION_LOG}",
    "segmentid": 0,
    "iothreads": 4,
    "accesslog.basename": "accesslog",
    "accesslog.type": "file",
    "max.entity.size": 67108864,
    "group": "default"
  },
  "listen": [
    {
      "address": "0.0.0.0",
      "scheme": "http",
      "port": 8000
    },
    {
      "address": "0.0.0.0",
      "scheme": "ajp",
      "port": 8001
    },
    {
      "sslcontext": {
        "ssl.protocol": "TLS",
        "keystore.file": "${portalprotect.home}/dispatcher/portalprotect.key",
        "keystore.password": "changeit",
        "useciphersuites.order": true,
        "truststore.password": "password",
        "needclientauth": false,
        "wantclientauth": true,
        "keystore.provider": "SUN",
        "keystore.type": "JKS",
        "excludeprotocols": "SSL,SSLv2,SSLv2Hello,SSLv3",
        "allowrenegotiate": false,
        "truststore.file": "${portalprotect.home}/config/x509/issuer/certissuer.pfx",
        "excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*",
        "includeprotocols": "TLSv1.2,TLSv1.1",
        "includeciphersuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA",
        "truststore.type": "PKCS12",
        "truststore.provider": "BC"
      },
      "address": "0.0.0.0",
      "scheme": "https",
      "port": 8443
    }
  ]
}]]>

The configuration is split into different JSON objects, which mimics the configuration screens in the console; 

  • gateway
    Gateway global settings, such as number of threads, max POST size, cluster IDs and access log configuration. 
  • session
    Session related configuration, such as session resolvers, cookie names, scripts etc. 
  • listen
    Listener configuration, TCP port numbers, SSL settings and protocols - allows you to set up listeners on various ports and protocols. 
  • locations
    Locations and their settings - you can potentially have hundreds or even thousands of locations - bear in mind though that each location is processed sequentially and its conditions are checked for a match - so there is a (low, but existing) performance cost of chaining hundreds of checks - especially if conditions include regular expressions and not simple string matching. Consider nesting locations to reduce the number of check required and group locations e.g. by virtual server.
  • destinations
    Contains the destination clusters of target servers that requests can be proxied to. 
  • pipelines
    Pipelines and tasks, which enable ESB or API Gateway functionality.
  • cannedreplies
    Define "canned" replies, reusable from within various locations.
  • ipranges
    Create IP ranges, which contain IP ranges defined locally, loaded from files, or from Online IP Reputation Databases.


© Ceptor ApS. All Rights Reserved.