Choreo Connect Router Configuration Catalog

This document describes all the configuration parameters that are used in WSO2 Choreo Connect Router.

Instructions for use

Select the configuration sections, parameters, and values that are required for your use and add them to the config.toml file located in <CHOREO-CONNECT_HOME>/docker-compose/choreo-connect/conf/. See the example .toml file given below.

# This is an example .toml file.
[router]
  listenerHost = "0.0.0.0"
  listenerPort = 9090
  securedListenerHost = "0.0.0.0"
  securedListenerPort = 9095
  clusterTimeoutInSeconds = 20
  enforcerResponseTimeoutInSeconds = 20
  # system hostname for system API resources (eg: /testkey and /health)
  systemHost = "localhost"

[router.keystore]
  certPath = "/home/wso2/security/keystore/mg.pem"
  keyPath = "/home/wso2/security/keystore/mg.key"

Router

[router]
  listenerHost = "0.0.0.0"
  listenerPort = 9090
  securedListenerHost = "0.0.0.0"
  securedListenerPort = 9095
  clusterTimeoutInSeconds = 20
  enforcerResponseTimeoutInSeconds = 20
  systemHost = "localhost"
[router] Required

The configurations required for router to route the traffic from different clients to services.

listenerHost

string Required

Default: 0.0.0.0

host for Listener of Router.

securedListenerHost

string Required

Default: 0.0.0.0

Host for secured listener of Router.

listenerPort

string Required

Default: 9090

Port for listener of Router.

securedListenerPort

string Required

Default: 9095

Port for secured listener of Router.

systemHost

string Required

Default: localhost

The system hostname for system API resources (eg: /testkey and /health).

clusterTimeoutInSeconds

integer

Default: 20

The timeout for new network connections to hosts in the cluster in seconds.

enforcerResponseTimeoutInSeconds

integer

Default: 20

The timeout for response coming from enforcer to route per API request.

Keystore

[adapter.keystore]
  certPath = "/home/wso2/security/keystore/mg.pem"
  keyPath = "/home/wso2/security/keystore/mg.key"
[keystore] Required

The configurations of key store used in Choreo Connect Adapter

certPath

string Required

Default: /home/wso2/security/keystore/mg.pem

Path of the certificate of the Adaptor

keyPath

string Required

Default: /home/wso2/security/keystore/mg.key

Path of the private key of the Adaptor

CORS

[router.cors]
enabled = true
allowOrigins = ["*"]
allowMethods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allowHeaders = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey", "Internal-Key"]
exposeHeaders = []
allowCredentials = false
[cors]

Cors configurations

enabled

boolean Required

Default:
Possible Values: true, false

Enable CORS configurations globally for all endpoints and APIs deployed in Choreo Connect Router

allowOrigins

list of strings Required

Default:

Allowed origins. set this to [*] allow all origins.

allowMethods

list of strings Required

Default:

The content for the access-control-allow-methods header.

allowHeaders

list of strings Required

Default:

The content for the access-control-allow-headers header.

exposeHeaders

list of strings Required

Default:

The content for the access-control-expose-headers header.

allowCredentials

boolean Required

Default: false

Specifies whether the resource allows credentials.

Upstream TLS

[router.upstream.tls]
  minimumProtocolVersion = "TLS1_1"
  maximumProtocolVersion = "TLS1_2"
  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA"
  # the default endpoint certificates
  trustedCertPath = "/etc/ssl/certs/ca-certificates.crt"
  verifyHostName = true
  disableSslVerification = false
[upstream.tls]

The configurations for SSL configuration related to the backend connection in Choreo Connect.

minimumProtocolVersion

string

Default: TLS1_1
Possible Values: TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3

Minimum TLS protocol version.

maximumProtocolVersion

string

Default: TLS1_2
Possible Values: TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3

Maximum TLS protocol version.

ciphers

string

Default: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA

If specified, the TLS listener will only support the specified [cipher list]() when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3)

trustedCertPath

string Required

Default: /etc/ssl/certs/ca-certificates.crt

Path to trusted certificates

verifyHostName

boolean Required

Default: true
Possible Values: true, false

Enable/Disable Verifying host name

disableSslVerification

boolean

Default: false
Possible Values: true, false

Disable SSL verification

Top