Ceptor Docs

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
{
  "destinations": [
    {
      "name": "demoapp",
      "description": "Demonstration application",
      "cookiesnapper": {
        "pattern": "JSESSIONID",
        "classifier": "default"
      },
      "ping": {
        "expect": "200",
        "timeout.seconds": 5,
        "method": "HEAD",
        "uri": "/",
        "meod": "GET",
        "interval.seconds": 30,
        "response.verify.script": "if (input.contains('For further information about PortalProtect')) true; else false;"
      },
      "loadbalance": "roundrobin",
      "target.consul.askviaconfigserver": false,
      "target.consul.interval": 60,
      "targets": [{
        "scheme": "http",
        "port": 8080,
        "unavailable": false,
        "name": "demoapp1",
        "host": "127.0.0.1",
        "disabled": false,
        "limits": {
          "queue.length": 100,
          "max.idle.connections.hard": 20,
          "idle.ttl": 10,
          "max.idle.connections.soft": 5,
          "max.concurrent.requests": 20
        }
      }],
      "limits": {
        "queue.length": 200,
        "max.idle.connections.hard": 20,
        "idle.ttl": -1,
        "max.idle.connections.soft": 5,
        "max.concurrent.requests": 10
      },
      "authentication": {
        "plugins": [
          "io.ceptor.authentication.target.TAuthenticatorBasicAuth",
          "io.ceptor.authentication.target.TAuthenticatorSSL",
          "io.ceptor.authentication.target.TAuthenticatorBearerToken"
        ],
        "basicauth": {
          "password": "password",
          "anonymous.password": "password",
          "anonymous.userid": "%{REQUEST_ID}",
          "userid": "%{REQUEST_ID}"
        },
        "bearer": {
          "authenticationplugin": 48,
          "forward.from.request": true,
          "call.newtoken": false,
          "base64encode": false,
          "newtoken.input": null,
          "use.ticket.from.session": true
        },
        "ssl": {
          "header.cipher": "SSL_CIPHER",
          "header.sessionid": "SSL_SESSION_ID",
          "header.clientcert": "SSL_CLIENT_CERT"
        },
        "request.headers": [
          {
            "name": "X-Forwarded-For",
            "value": "%{REMOTE_ADDR}"
          }
        ],
        "response.headers": []
      }
    },
	{
      "sslcontext": {
        "ssl.protocol": "TLS",
        "keystore.provider": "BC",
        "keystore.type": "PKCS12",
        "verify.server.certificate": true,
        "verify.server.name": true,
        "excludeprotocols": "SSLv3",
        "allowrenegotiate": false,
        "trusted.server.certificates": [],
        "excludeciphersuites": ".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*",
        "includeprotocols": "TLS.*",
        "includeciphersuites": "TLS_ECDHE.*,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA",
        "useciphersuites.order": true
      },
      "http2.enable": true,
      "keepalive.enable": true,
      "ping": {
        "expect": "200|302",
        "method": "HEAD",
        "uri": "/",
        "interval.seconds": 60
      },
      "name": "google",
      "sticky": false,
      "keep.hostheader": true,
      "description": "Proxying requests to google",
      "targets": [{
        "scheme": "https",
        "port": 443,
        "unavailable": false,
        "name": "google1",
        "host": "www.google.com",
        "disabled": false
      }]
    },
  ]
}

...

When you have entered this, you are brought to the Destination Configuration

Image RemovedImage Added

Configuration is stored in the JSON object for the destination directly

...

Default: true
JSON key: keepalive.enable

Keep Host header

If set, existing HOST header is kept and forwarded unmodified to the target server - if not, it is discarded and a new HOST header matching the target servers host and port is sent instead.

Tip

This setting is off by default, to comply with RFC7230 specifying a proxy behavior in the HTTP protocol. You might want to enable it for providing backend servers a chance to react to virtual host settings. Note that newer backend webservers can do the same by looking either at X-Forwarded-Host or Forwarded (RFC7239) HTTP headers and reacting to them, assuming the gateway has been configured to send these headers too.


Default: false
JSON key: keep.hostheader

Sticky

If set, stickiness is enabled, meaning a sticky cookie is set, so user hits the same server again next time.

...