SeaCat Gateway Configuration

SeaCat Gateway is configured via INI-formatted seacat.conf file typically located in /opt/seacat/etc directory.

The seacat.conf file is divided into logical parts associated with particular components:

  • SeaCat Gateway itself
  • Host and Application Backend
  • SeaCat CA Tool

SeaCat Config Diagram

Gateway part

Gateway part is associated with SeaCat Gateway configuration. For correct operation, it is necessary to specify:

  • Public Network IP address and port for accessing SeaCat Gateway from Public Network;
  • PKI-like SeaCat Gateway requirements (e.g. SeaCat Gateway Certificate, Diffie-Hellman parameters) for SeaCat Gateway identification and PKI environment integration;
  • SeaCat Gateway user and group for definition in which user context Client Connections will be processed;
  • Triggers for customizing SeaCat Gateway response to expected events.

More detailed description of SeaCat Gateway configurations is located in the SeaCat Gateway Configuration Reference chapter.

Host part

Host part is associated with the configuration of Host and Application Backend. Application Backend is operating on Host. Every single entry defines one Host Connection in Private Network. Various types of Hosts are supported (e.g. HTTP, TCP).

It is possible to specify more entries for ensuring High Availability and Host-side Load Balancing. Host entry contains the following configurations:

  • Name of the Host
  • Host IP address and port or specification by Uniform Resource Locator (URL)
  • Timeout intervals (optional)
  • HTTP Headers (e.g. X-Forwarded-For) forwarding for additional detailed information provided by the SeaCat Gateway (optional; for HTTP Host only)

All Host configurations are located in the SeaCat Host Configuration Reference chapter.

CA part

Certificate Authority part is associated with SeaCat CA Tool configuration. Client Certificate Signing Requests and Client Certificates have to be processed and stored. For customization of these activities, it is necessary to specify:

  • Type of storage (e.g. directory, database, storage backend)
  • Connection to the storage (e.g. path, database link, storage backend)
  • Client Certificates validity duration
  • Automatic or manual Client Certificate Signing Request approval
  • The response for expired or expiring Client Certificate
  • Triggers for customizing SeaCat CA Tool response to expected events for integration customizing (optional)

All SeaCat CA Tool's configurations are located in the SeaCat CA Configuration Reference chapter.

Common configuration

A common seacat.conf configuration example:

[gateway]
listen=0.0.0.0:443
uid=seacat
gid=seacat

key=/opt/seacat/etc/gateway.key
cert=/opt/seacat/etc/gateway.crt
ca_chain=/opt/seacat/etc/ca.pem
dh_params=/opt/seacat/etc/dh.pem

[ca]
auto_approve=no
auto_renew=yes
auto_renew_expired=no

[ca:backend_dir]
directory=/opt/seacat/var/ca

[triggers]

[host:example1]
uri=http://www.example.com/api1

[host:example2]
uri=http://other.example.com/api1

All available configurations are located in the SeaCat Reference chapter.

Found a mistake? Please contact us.