Alpaca Gateway Configuration
This guide details all configurations that are available within the Alpaca Gateway. All configurations can be used in
the application-prod.yml file located in the /etc/alpaca/gateway/config.
Any changes made while Alpaca is running will not take effect until after a restart. Use the following command to
restart Alpaca - alpacactl gateway restart.
YAML (YAML Ain't Markup Language)
All Alpaca configurations are in the YAML (.yml) format.
Basic Rules
- YAML is case sensitive.
- YAML does not allow the use of tabs. Spaces are used instead as tabs are not universally supported.
-
A dictionary is represented in a simple
key: valueform (the colon must be followed by a space):alpaca: migration: announcementRepositoryUsername: "BoNjOuRlEsAmIs049" announcementRepositoryPassword: "viveLEROILouis14" htmlEncodeExports: true -
All members of a list are lines beginning at the same indentation level starting with a
-(a dash and a space):broadworks: profileServer: - cluster: Production fileRepo: ProfileServer username: fileadmin password: P@ssw0rd - cluster: Lab fileRepo: ProfileServer username: fileadmin password: P@ssw0rd -
Comments are denoted by
#.# Alpaca Configuration alpaca: # Migration Configuration migration: announcementRepositoryUsername: "BoNjOuRlEsAmIs049" announcementRepositoryPassword: "viveLEROILouis14" htmlEncodeExports: true
Full Documentation
Complete YAML documentation can be found here.
Example Configuration
This sample configuration is meant as a guide only. Do not copy and paste the entire content into your configuration.
eureka:
client:
service-url:
defaultZone: http://eureka01:8761/eureka,http://eureka02:8761/eureka
spring:
server:
port: 8443
ssl:
ciphers: ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
keyAlias: 1
keyPassword: myKeyPassword!
keyStore: config/keystore.pkcs12
keyStorePassword: myStorePassword!
keyStoreType: PKCS12
protocol: TLSv1.2
logging:
file:
path: /var/log/alpaca
Eureka (eureka)
-
client.service-url.defaultZone: This is a comma separated list of Eureka URLs to register with. This allows service discovery so that the Alpaca Gateway knows where to route incoming requests.
Spring (spring)
SSL Configuration
To configure Alpaca to run via SSL, start by enabling the https profile. See Profile Configuration. Once
enabled, the application-https.yaml needs to be configured.
Generating a Key Store
To enable SSL you need a valid Java keystore configured. This first requires a valid certificate.
After the certificate has been created, use openssl to create a keystore file.
# openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.pkcs12
To verify that the certificate was correctly imported:
# keytool -list -keystore config/keystore.pkcs12 -storetype pkcs12 -alias 1
Now the keystore can be copied to the Alpaca configuration directory for usage.
- # cp keystore.pkcs12 /opt/alpaca/config/
- # chown alpaca:alpaca /opt/alpaca/config/config/keystore.pkcs12
Configurations (server.ssl)
These configurations assume that necessary keys, key stores, and certificates have already been generated.
-
ciphers: Supported SSL ciphers. -
keyAlias: Alias that identifies the key in the key store. -
keyPassword: Password used to access the key in the key store. -
keyStore: Path to the key store that holds the SSL certificate (typically a jks or pem file). -
keyStorePassword: Password used to access the key store. -
keyStoreType: Type of the key store. -
protocol: SSL protocol to use.
Logging (logging)
-
file.path: The location to write the gateway log. This defaults to/var/log/alpaca. Rotation and file naming are configured in thelogback-spring.xmlfile.
Profiles
-
prod: This is the primary configuration for production. -
https: Enables ssl. See the SSL Configuration.