Alpaca Gateway Configuration

This guide details all configurations that are available within the Alpaca Gateway. All configurations can be used in the application-prod.yml file located in the /etc/alpaca/gateway/config.

Any changes made while Alpaca is running will not take effect until after a restart. Use the following command to restart Alpaca - alpacactl gateway restart.

YAML (YAML Ain't Markup Language)

All Alpaca configurations are in the YAML (.yml) format.

Basic Rules

  • YAML is case sensitive.
  • YAML does not allow the use of tabs. Spaces are used instead as tabs are not universally supported.
  • A dictionary is represented in a simple key: value form (the colon must be followed by a space):

        alpaca:
            migration:
              announcementRepositoryUsername: "BoNjOuRlEsAmIs049"
              announcementRepositoryPassword: "viveLEROILouis14"
              htmlEncodeExports: true
    
  • All members of a list are lines beginning at the same indentation level starting with a - (a dash and a space):

      broadworks:
        profileServer:
        - cluster: Production
          fileRepo: ProfileServer
          username: fileadmin
          password: P@ssw0rd
        - cluster: Lab
          fileRepo: ProfileServer
          username: fileadmin
          password: P@ssw0rd
    
  • Comments are denoted by #.

      # Alpaca Configuration
      alpaca:
          # Migration Configuration
          migration:
            announcementRepositoryUsername: "BoNjOuRlEsAmIs049"
            announcementRepositoryPassword: "viveLEROILouis14"
            htmlEncodeExports: true
    

Full Documentation

Complete YAML documentation can be found here.

Example Configuration

This sample configuration is meant as a guide only. Do not copy and paste the entire content into your configuration.

eureka:
  client:
    service-url:
      defaultZone: http://eureka01:8761/eureka,http://eureka02:8761/eureka
spring:
  server:
    port: 8443
    ssl:
      ciphers: ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
      keyAlias: 1
      keyPassword: myKeyPassword!
      keyStore: config/keystore.pkcs12
      keyStorePassword: myStorePassword!
      keyStoreType: PKCS12
      protocol: TLSv1.2
logging:
  file:
    path: /var/log/alpaca

Eureka (eureka)

  • client.service-url.defaultZone: This is a comma separated list of Eureka URLs to register with. This allows service discovery so that the Alpaca Gateway knows where to route incoming requests.

Spring (spring)

SSL Configuration

To configure Alpaca to run via SSL, start by enabling the https profile. See Profile Configuration. Once enabled, the application-https.yaml needs to be configured.

Generating a Key Store

To enable SSL you need a valid Java keystore configured. This first requires a valid certificate.

After the certificate has been created, use openssl to create a keystore file.

# openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.pkcs12

To verify that the certificate was correctly imported:

# keytool -list -keystore config/keystore.pkcs12 -storetype pkcs12 -alias 1

Now the keystore can be copied to the Alpaca configuration directory for usage.

  1. # cp keystore.pkcs12 /opt/alpaca/config/
  2. # chown alpaca:alpaca /opt/alpaca/config/config/keystore.pkcs12

Configurations (server.ssl)

These configurations assume that necessary keys, key stores, and certificates have already been generated.

  • ciphers: Supported SSL ciphers.
  • keyAlias: Alias that identifies the key in the key store.
  • keyPassword: Password used to access the key in the key store.
  • keyStore: Path to the key store that holds the SSL certificate (typically a jks or pem file).
  • keyStorePassword: Password used to access the key store.
  • keyStoreType: Type of the key store.
  • protocol: SSL protocol to use.

Logging (logging)

  • file.path: The location to write the gateway log. This defaults to /var/log/alpaca. Rotation and file naming are configured in the logback-spring.xml file.

Profiles

  • prod: This is the primary configuration for production.
  • https: Enables ssl. See the SSL Configuration.