Choreo Connect Router Configuration Catalog

This document describes all the configuration parameters that are used in WSO2 Choreo Connect Router.

Instructions for use

Select the configuration sections, parameters, and values that are required for your use and add them to the config.toml file located in <CHOREO-CONNECT_HOME>/docker-compose/choreo-connect/conf/. See the example .toml file given below.

# This is an example .toml file.
[router]
  listenerHost = "0.0.0.0"
  listenerPort = 9090
  securedListenerHost = "0.0.0.0"
  securedListenerPort = 9095
  clusterTimeoutInSeconds = 20
  enforcerResponseTimeoutInSeconds = 20
  # system hostname for system API resources (eg: /testkey and /health)
  systemHost = "localhost"

[router.keystore]
  certPath = "/home/wso2/security/keystore/mg.pem"
  keyPath = "/home/wso2/security/keystore/mg.key"

Router

[router]
  listenerHost = "0.0.0.0"
  listenerPort = 9090
  securedListenerHost = "0.0.0.0"
  securedListenerPort = 9095
  clusterTimeoutInSeconds = 20
  enforcerResponseTimeoutInSeconds = 20
  systemHost = "localhost"
[router] Required

The configurations required for router to route the traffic from different clients to services.

listenerHost

string Required

Default: 0.0.0.0

Host for the listener of Router.

securedListenerHost

string Required

Default: 0.0.0.0

Host for the secured listener of Router.

listenerPort

string Required

Default: 9090

Port for the listener of Router.

securedListenerPort

string Required

Default: 9095

Port for secured listener of Router.

systemHost

string Required

Default: localhost

The system hostname for system API resources (eg: /testkey and /health).

clusterTimeoutInSeconds

integer

Default: 20

The time duration that the Router will wait for an upstream TCP connection to be established.

enforcerResponseTimeoutInSeconds

integer

Default: 20

The timeout for response coming from enforcer to route per API request.

Connection Timeout

[router.connectionTimeout]
  requestTimeoutInSeconds = 0
  requestHeadersTimeoutInSeconds = 0 
  streamIdleTimeoutInSeconds = 300
  idleTimeoutInSeconds = 3600
[router.connectionTimeout]

Timeouts managed by the Envoy (Router) connection manager in Choreo Connect.

requestTimeoutInSeconds

integer

Default: 0

The time duration that the Router waits for the request to be received by the upstream, starting from the time it was initiated at the client.

requestHeadersTimeoutInSeconds

integer

Default: 0

The time duration that the Router waits for the request headers to be received by the upstream, starting from the time it was initiated at the client.

streamIdleTimeoutInSeconds

integer

Default: 300

The time duration that the Router will allow a stream to exist with no upstream or downstream activity. This timeout is applied to regular requests/responses as well as streaming requests/responses, and can be overridden by router.upstream.timeouts.routeIdleTimeoutInSeconds

idleTimeoutInSeconds

integer

Default: 3600

The time at which a downstream connection will be terminated if there are no active streams.

Upstream Timeout

[router.upstream.timeouts]
  routeTimeoutInSeconds = 60
  maxRouteTimeoutInSeconds = 60
  routeIdleTimeoutInSeconds = 300
[router.upstream.timeouts]

Timeout settings related to routes. This will be applicable globally for all the APIs in Choreo Connect.

routeTimeoutInSeconds

integer

Default: 60

This is the value that gets overridden by the timeout set at the endpoint level.

maxRouteTimeoutInSeconds

integer

Default: 60

Maximum value accepted as the endpoint level timeout. If a larger timeout is set as the Endpoint Level Upstream Timeout, this value will replace the provided Endpoint Level Upstream Timeout.

routeIdleTimeoutInSeconds

integer

Default: 300

The backend (upstream) connection idle timeout. The time duration that the request’s stream may be idle.

Upstream Health

[router.upstream.health]
  timeout = 1
  interval = 10
  unhealthyThreshold = 2
  healthyThreshold = 2
[router.upstream.health]

Health configuration for upstream clusters.

timeout

integer

Default: 1

Time in seconds to wait for a health check response.

interval

integer

Default: 10

Interval between health checks in seconds.

unhealthyThreshold

integer

Default: 2

Number of unhealthy health checks required before a host is marked as unhealthy.

healthyThreshold

integer

Default: 2

Number of healthy health checks required before a host is marked as healthy.

Router Keystore

[adapter.keystore]
  certPath = "/home/wso2/security/keystore/mg.pem"
  keyPath = "/home/wso2/security/keystore/mg.key"
[router.keystore] Required

The configurations of key store used in Choreo Connect Router

certPath

string Required

Default: /home/wso2/security/keystore/mg.pem

Path of the certificate of the Adaptor

keyPath

string Required

Default: /home/wso2/security/keystore/mg.key

Path of the private key of the Adaptor

CORS

[router.cors]
enabled = true
allowOrigins = ["*"]
allowMethods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allowHeaders = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey", "Internal-Key"]
exposeHeaders = []
allowCredentials = false
[router.cors]

CORS configurations

enabled

boolean Required

Default:
Possible Values: true, false

Enable CORS configurations globally for all endpoints and APIs deployed in Choreo Connect Router

allowOrigins

list of strings Required

Default:

Allowed origins. set this to [*] allow all origins.

allowMethods

list of strings Required

Default:

The content for the access-control-allow-methods header.

allowHeaders

list of strings Required

Default:

The content for the access-control-allow-headers header.

exposeHeaders

list of strings Required

Default:

The content for the access-control-expose-headers header.

allowCredentials

boolean Required

Default: false

Specifies whether the resource allows credentials.

Upstream Retry

[router.upstream.retry]
  maxRetryCount = 5
  baseIntervalInMillis = 25
  statusCodes = [ 504 ]
[router.upstream.retry]

The configurations for the Choreo Connect router when retrying upstream clusters.

maxRetryCount

integer

Default: 5

Maximum value that can be set as the count within the Endpoint Level Retry configuration.

baseIntervalInMillis

integer

Default: 25

Base interval for the Envoy's (Router's) exponential retry back off algorithm

statusCodes

list of integers

Default: 504

HTTP status codes that would switch on the retry mechanism when an Endpoint Level Retry configuration is set. The list here is used when the retry configuration is set via the WSO2 API-M UI or when all given status codes are out of range.

Upstream TLS

[router.upstream.tls]
  minimumProtocolVersion = "TLS1_1"
  maximumProtocolVersion = "TLS1_2"
  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA"
  # the default endpoint certificates
  trustedCertPath = "/etc/ssl/certs/ca-certificates.crt"
  verifyHostName = true
  disableSslVerification = false
[router.upstream.tls]

The configurations for SSL configuration related to the backend connection in Choreo Connect.

minimumProtocolVersion

string

Default: TLS1_1
Possible Values: TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3

Minimum TLS protocol version.

maximumProtocolVersion

string

Default: TLS1_2
Possible Values: TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3

Maximum TLS protocol version.

ciphers

string

Default: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA

If specified, the TLS listener will only support the specified [cipher list]() when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3)

trustedCertPath

string Required

Default: /etc/ssl/certs/ca-certificates.crt

Path to trusted certificates

verifyHostName

boolean Required

Default: true
Possible Values: true, false

Enable/Disable Verifying host name

disableSslVerification

boolean

Default: false
Possible Values: true, false

Disable SSL verification

Top