PingGateway

Next steps with PingGateway

This section describes some basic options to help you with PingGateway. Learn about other installation options in Installing PingGateway.

Edit the base configuration file

The entry point for requests to PingGateway is a JSON-encoded configuration file. Its default location is:

Linux

$HOME/.openig/config/config.json

Windows

%appdata%\OpenIG\config\config.json

This base configuration file initializes a heap of objects and defines the main handler to receive incoming requests. All applicable configuration objects inherit the configuration defined in this file.

When PingGateway doesn’t find a base configuration file at startup, it uses the default configuration. The default configuration loads routes from the following location:

Linux

$HOME/.openig/config/routes

Windows

%appdata%\OpenIG\config\routes

When trusting the sample application, you added a custom config.json file. The default configuration trusts only certificates signed by CAs in the Java truststore, not the sample application self-signed certificate.

You can customize the base configuration file include properties and configuration objects for use throughout PingGateway the base and route configuration files.

Learn more in GatewayHttpApplication (config.json ), Heap objects, and Router.

After adding or editing the config.json file, restart PingGateway to bring the changes into effect:

  1. Add or edit the base configuration file at the following location:

    Linux

    $HOME/.openig/config/config.json

    Windows

    %appdata%\OpenIG\config\config.json

    For example, use the following configuration to trust the sample application self-signed certificate:

    {
  "handler": {
    "type": "Router",
    "name": "_router",
    "config": {
      "directory": "${openig.configDirectory}/routes"
    }
  },
  "heap": [
    {
      "name": "capture",
      "type": "CaptureDecorator",
      "config": {
        "captureEntity": true,
        "_captureContext": true
      }
    },
    {
      "name": "ClientTlsOptions",
      "type": "ClientTlsOptions",
      "config": {
        "trustManager": {
          "type": "SecretsTrustManager",
          "config": {
            "certificateVerificationSecretId": "sampleapp.cert",
            "secretsProvider": {
              "type": "FileSystemSecretStore",
              "config": {
                "directory": "&{ig.instance.dir}/tls",
                "format": "PLAIN",
                "suffix": ".pem",
                "mappings": [
                  {
                    "secretId": "sampleapp.cert",
                    "format": {
                      "type": "PemPropertyFormat"
                    }
                  }
                ]
              }
            }
          }
        }
      }
    },
    {
      "name": "ReverseProxyHandler",
      "type": "ReverseProxyHandler",
      "config": {
        "tls": "ClientTlsOptions"
      }
    }
  ],
  "session": {
    "type": "JwtSessionManager"
  }
}

    Source: config.json

    Notice the following features of this configuration:

    • The handler defines a main router named _router.

      This _router routes each incoming request to the first route whose condition the request satisfies.

    • The capture decorator serves to capture HTTP request and response bodies.

    • The ReverseProxyHandler has TLS settings to trust the sample application self-signed certificate.

    • The session configuration uses stateless sessions.

      Learn more in PingGateway sessions.

  2. Stop and start PingGateway.

    On successful startup, the PingGateway log includes a message similar to the following:

    ... @system - Reading the configuration from .../config/config.json

Add a default route

When there are multiple routes in the PingGateway configuration, they are ordered lexicographically, by route name. For example, 01-static.json is ordered before zz-default.json.

When PingGateway processes a request, the request traverses the routes in the configuration. If the request matches the condition for 01-static.json it is processed by that route. Otherwise, it passes to the next route in the configuration. If a route has no condition, it can process any request.

A default route is the last route in a configuration to which a request is routed. If a request matches no other route in the configuration, it is processed by the default route.

Add a default route to prevent errors described in No handler to dispatch to.

  1. Add the following route to PingGateway:

    Linux

    $HOME/.openig/config/routes/zz-default.json

    Windows

    %appdata%\OpenIG\config\routes\zz-default.json

    {
  "baseURI": "https://app.example.com:8444",
  "handler": "ReverseProxyHandler"
}

    Source: zz-default.json

    Notice the following features of the route:

    • The route name starts with zz, so it is the last route loaded into the configuration.

    • There is no condition property, so the route processes all requests.

    • The route calls a ReverseProxyHandler with the default configuration, which proxies the request to the application and returns the response, without changing either the request or the response.

  2. Check that the route system log includes a message that the file is loaded into the config:

    INFO  o.f.o.handler.router.RouterHandler - Loaded the route with id
'zz-default' registered with the name 'zz-default'

Switch from production mode to development mode

To prevent unwanted changes to the configuration, PingGateway is by default in production mode after installation. For a description of the modes and information about switching between modes, refer to PingGateway operating modes.

Use PingGateway Studio

PingGateway Studio is a user interface to help you build and deploy your PingGateway configuration. Learn more in PingGateway Studio.