SeaCat Gateway Configuration
SeaCat Gateway is configured via INI-formatted
seacat.conf file typically located in
seacat.conf file is divided into logical parts associated with particular components:
- SeaCat Gateway itself
- Host and Application Backend
- SeaCat CA Tool
Gateway part is associated with SeaCat Gateway configuration. For correct operation, it is necessary to specify:
- Public Network IP address and port for accessing SeaCat Gateway from Public Network;
- PKI-like SeaCat Gateway requirements (e.g. SeaCat Gateway Certificate, Diffie-Hellman parameters) for SeaCat Gateway identification and PKI environment integration;
- SeaCat Gateway user and group for definition in which user context Client Connections will be processed;
- Triggers for customizing SeaCat Gateway response to expected events.
More detailed description of SeaCat Gateway configurations is located in the SeaCat Gateway Configuration Reference chapter.
Host part is associated with the configuration of Host and Application Backend. Application Backend is operating on Host. Every single entry defines one Host Connection in Private Network. Various types of Hosts are supported (e.g. HTTP, TCP).
It is possible to specify more entries for ensuring High Availability and Host-side Load Balancing. Host entry contains the following configurations:
- Name of the Host
- Host IP address and port or specification by Uniform Resource Locator (URL)
- Timeout intervals (optional)
- HTTP Headers (e.g.
X-Forwarded-For) forwarding for additional detailed information provided by the SeaCat Gateway (optional; for HTTP Host only)
All Host configurations are located in the SeaCat Host Configuration Reference chapter.
Certificate Authority part is associated with SeaCat CA Tool configuration. Client Certificate Signing Requests and Client Certificates have to be processed and stored. For customization of these activities, it is necessary to specify:
- Type of storage (e.g. directory, database, storage backend)
- Connection to the storage (e.g. path, database link, storage backend)
- Client Certificates validity duration
- Automatic or manual Client Certificate Signing Request approval
- The response for expired or expiring Client Certificate
- Triggers for customizing SeaCat CA Tool response to expected events for integration customizing (optional)
All SeaCat CA Tool's configurations are located in the SeaCat CA Configuration Reference chapter.
seacat.conf configuration example:
[gateway] listen=0.0.0.0:443 uid=seacat gid=seacat key=/opt/seacat/etc/gateway.key cert=/opt/seacat/etc/gateway.crt ca_chain=/opt/seacat/etc/ca.pem dh_params=/opt/seacat/etc/dh.pem [ca] auto_approve=no auto_renew=yes auto_renew_expired=no [ca:backend_dir] directory=/opt/seacat/var/ca [triggers] [host:example1] uri=http://www.example.com/api1 [host:example2] uri=http://other.example.com/api1
All available configurations are located in the SeaCat Reference chapter.