141 lines
4.9 KiB
YAML
141 lines
4.9 KiB
YAML
# Goma Gateway configurations
|
|
version: 0.1.7
|
|
gateway:
|
|
# Proxy write timeout
|
|
writeTimeout: 15
|
|
# Proxy read timeout
|
|
readTimeout: 15
|
|
# Proxy idle timeout
|
|
idleTimeout: 60
|
|
## SSL Certificate file
|
|
sslCertFile: '' #cert.pem
|
|
## SSL Private Key file
|
|
sslKeyFile: ''#key.pem
|
|
# Proxy rate limit, it's In-Memory IP based
|
|
rateLimit: 0
|
|
accessLog: "/dev/Stdout"
|
|
errorLog: "/dev/stderr"
|
|
## Enable, disable routes health check
|
|
disableHealthCheckStatus: false
|
|
## Returns backend route healthcheck errors
|
|
disableRouteHealthCheckError: false
|
|
# Disable display routes on start
|
|
disableDisplayRouteOnStart: false
|
|
# disableKeepAlive allows enabling and disabling KeepALive server
|
|
disableKeepAlive: false
|
|
blockCommonExploits: false
|
|
# interceptErrors intercepts backend errors based on defined the status codes
|
|
interceptErrors:
|
|
- 405
|
|
- 500
|
|
# - 400
|
|
# Proxy Global HTTP Cors
|
|
cors:
|
|
# Global routes cors for all routes
|
|
origins:
|
|
- http://localhost:8080
|
|
- https://example.com
|
|
# Global routes cors headers for all routes
|
|
headers:
|
|
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
|
|
Access-Control-Allow-Credentials: 'true'
|
|
Access-Control-Max-Age: 1728000
|
|
##### Define routes
|
|
routes:
|
|
# Example of a route | 1
|
|
- name: Public
|
|
# host Domain/host based request routing
|
|
host: "" # Host is optional
|
|
path: /public
|
|
## Rewrite a request path
|
|
# e.g rewrite: /store to /
|
|
rewrite: /
|
|
destination: https://example.com
|
|
methods: [POST, PUT, GET]
|
|
#DisableHeaderXForward Disable X-forwarded header.
|
|
# [X-Forwarded-Host, X-Forwarded-For, Host, Scheme ]
|
|
# It will not match the backend route, by default, it's disabled
|
|
disableHeaderXForward: false
|
|
# Internal health check
|
|
healthCheck: '' #/internal/health/ready
|
|
# Route Cors, global cors will be overridden by route
|
|
cors:
|
|
# Route Origins Cors, route will override global cors origins
|
|
origins:
|
|
- https://dev.example.com
|
|
- http://localhost:3000
|
|
- https://example.com
|
|
# Route Cors headers, route will override global cors headers
|
|
headers:
|
|
Access-Control-Allow-Methods: 'GET'
|
|
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
|
|
Access-Control-Allow-Credentials: 'true'
|
|
Access-Control-Max-Age: 1728000
|
|
##### Apply middlewares to the route
|
|
## The name must be unique
|
|
## List of middleware name
|
|
middlewares:
|
|
- api-forbidden-paths
|
|
# Example of a route | 2
|
|
- name: Basic auth
|
|
path: /protected
|
|
rewrite: /
|
|
destination: https://example.com
|
|
healthCheck:
|
|
cors: {}
|
|
middlewares:
|
|
- api-forbidden-paths
|
|
- basic-auth
|
|
|
|
#Defines proxy middlewares
|
|
# middleware name must be unique
|
|
middlewares:
|
|
# Enable Basic auth authorization based
|
|
- name: basic-auth
|
|
# Authentication types | jwt, basic, OAuth
|
|
type: basic
|
|
paths:
|
|
- /user
|
|
- /admin
|
|
- /account
|
|
rule:
|
|
username: admin
|
|
password: admin
|
|
#Enables JWT authorization based on the result of a request and continues the request.
|
|
- name: google-auth
|
|
# Authentication types | jwt, basic, OAuth
|
|
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
|
|
type: jwt
|
|
# Paths to protect
|
|
paths:
|
|
- /protected-access
|
|
- /example-of-jwt
|
|
#- /* or wildcard path
|
|
rule:
|
|
# This is an example URL
|
|
url: https://www.googleapis.com/auth/userinfo.email
|
|
# Required headers, if not present in the request, the proxy will return 403
|
|
requiredHeaders:
|
|
- Authorization
|
|
# You can also get headers from the authentication request result and inject them into the next request header or params.
|
|
# In case you want to get headers from the authentication service and inject them into the next request headers.
|
|
# Set the request variable to the given value after the authorization request completes.
|
|
# In case you want to get headers from the authentication service and inject them into the next request headers.
|
|
# Key is authentication request response header Key. Value is the next Request header Key.
|
|
headers:
|
|
userId: Auth-UserId
|
|
userCountryId: Auth-UserCountryId
|
|
# In case you want to get headers from the Authentication service and inject them to the next request params.
|
|
#Key is authentication request response header Key. Value is the next Request parameter Key.
|
|
params:
|
|
userCountryId: countryId
|
|
# The server will return 403
|
|
- name: api-forbidden-paths
|
|
type: access
|
|
## prevents access paths
|
|
paths:
|
|
- /swagger-ui/*
|
|
- /v2/swagger-ui/*
|
|
- /api-docs/*
|
|
- /internal/*
|
|
- /actuator/* |