Alpaca Gateway Configuration
This guide details all configurations that are available within the Alpaca Gateway. All configurations can be used in
the application-prod.yml file located in the
Any changes made while Alpaca is running will not take effect until after a restart. Use the following command to
restart Alpaca -
service alpaca-gateway restart.
YAML (YAML Ain't Markup Language)
All Alpaca configurations are in the YAML (.yml) format.
- YAML is case sensitive.
- YAML does not allow the use of tabs. Spaces are used instead as tabs are not universally supported.
A dictionary is represented in a simple
key: valueform (the colon must be followed by a space):
alpaca: migration: announcementRepositoryUsername: "BoNjOuRlEsAmIs049" announcementRepositoryPassword: "viveLEROILouis14" htmlEncodeExports: true
All members of a list are lines beginning at the same indentation level starting with a
-(a dash and a space):
broadworks: profileServer: - cluster: Production fileRepo: ProfileServer username: fileadmin password: P@ssw0rd - cluster: Lab fileRepo: ProfileServer username: fileadmin password: P@ssw0rd
Comments are denoted by
# Alpaca Configuration alpaca: # Migration Configuration migration: announcementRepositoryUsername: "BoNjOuRlEsAmIs049" announcementRepositoryPassword: "viveLEROILouis14" htmlEncodeExports: true
Complete YAML documentation can be found here.
This sample configuration is meant as a guide only. Do not copy and paste the entire content into your configuration.
eureka: client: service-url: defaultZone: http://eureka01:8761/eureka,http://eureka02:8761/eureka spring: server: port: 8443 ssl: ciphers: ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 keyAlias: 1 keyPassword: myKeyPassword! keyStore: config/keystore.pkcs12 keyStorePassword: myStorePassword! keyStoreType: PKCS12 protocol: TLSv1.2 logging: file: path: /var/log/alpaca
client.service-url.defaultZone: This is a comma separated list of Eureka URLs to register with. This allows service discovery so that the Alpaca Gateway knows where to route incoming requests.
To configure Alpaca to run via SSL, start by enabling the
https profile. See Profile Configuration. Once
application-https.yaml needs to be configured.
Generating a Key Store
To enable SSL you need a valid Java keystore configured. This first requires a valid certificate.
After the certificate has been created, use
openssl to create a keystore file.
# openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.pkcs12
To verify that the certificate was correctly imported:
# keytool -list -keystore config/keystore.pkcs12 -storetype pkcs12 -alias 1
Now the keystore can be copied to the Alpaca configuration directory for usage.
- # cp keystore.pkcs12 /opt/alpaca/config/
- # chown alpaca:alpaca /opt/alpaca/config/config/keystore.pkcs12
These configurations assume that necessary keys, key stores, and certificates have already been generated.
ciphers: Supported SSL ciphers.
keyAlias: Alias that identifies the key in the key store.
keyPassword: Password used to access the key in the key store.
keyStore: Path to the key store that holds the SSL certificate (typically a jks or pem file).
keyStorePassword: Password used to access the key store.
keyStoreType: Type of the key store.
protocol: SSL protocol to use.
file.path: The location to write the gateway log. This defaults to
/var/log/alpaca. Rotation and file naming are configured in the
prod: This is the primary configuration for production.
https: Enables ssl. See the SSL Configuration.