2024-11-08 23:16:12 +01:00
|
|
|
# Goma Gateway configurations
|
2024-11-10 08:15:47 +01:00
|
|
|
version: 1.0
|
2024-11-08 23:16:12 +01:00
|
|
|
gateway:
|
|
|
|
|
# Proxy write timeout
|
|
|
|
|
writeTimeout: 15
|
|
|
|
|
# Proxy read timeout
|
|
|
|
|
readTimeout: 15
|
|
|
|
|
# Proxy idle timeout
|
2024-11-09 04:52:05 +01:00
|
|
|
idleTimeout: 30
|
2024-11-08 23:16:12 +01:00
|
|
|
## SSL Certificate file
|
|
|
|
|
sslCertFile: '' #cert.pem
|
|
|
|
|
## SSL Private Key file
|
|
|
|
|
sslKeyFile: ''#key.pem
|
|
|
|
|
# Proxy rate limit, it's In-Memory IP based
|
|
|
|
|
rateLimit: 0
|
2024-11-12 13:26:14 +01:00
|
|
|
logLevel: info # debug, trace, off
|
2024-11-08 23:16:12 +01:00
|
|
|
accessLog: "/dev/Stdout"
|
|
|
|
|
errorLog: "/dev/stderr"
|
2024-11-14 15:18:39 +01:00
|
|
|
#redis:
|
|
|
|
|
#addr: redis:6379
|
|
|
|
|
# password: password
|
2024-11-18 10:28:00 +01:00
|
|
|
## Add additional routes
|
|
|
|
|
extraRoutes:
|
|
|
|
|
# path
|
|
|
|
|
directory: /etc/goma/extra
|
|
|
|
|
watch: true
|
2024-11-08 23:16:12 +01:00
|
|
|
## Enable, disable routes health check
|
|
|
|
|
disableHealthCheckStatus: false
|
|
|
|
|
## Returns backend route healthcheck errors
|
|
|
|
|
disableRouteHealthCheckError: false
|
|
|
|
|
# Disable display routes on start
|
|
|
|
|
disableDisplayRouteOnStart: false
|
|
|
|
|
# disableKeepAlive allows enabling and disabling KeepALive server
|
|
|
|
|
disableKeepAlive: false
|
2024-11-09 04:52:05 +01:00
|
|
|
# Block common exploits | detect SQL injection, and simple XSS attempts
|
2024-11-08 23:16:12 +01:00
|
|
|
blockCommonExploits: false
|
|
|
|
|
# interceptErrors intercepts backend errors based on defined the status codes
|
|
|
|
|
interceptErrors:
|
|
|
|
|
- 405
|
|
|
|
|
- 500
|
|
|
|
|
# - 400
|
|
|
|
|
# Proxy Global HTTP Cors
|
|
|
|
|
cors:
|
|
|
|
|
# Global routes cors for all routes
|
|
|
|
|
origins:
|
|
|
|
|
- http://localhost:8080
|
|
|
|
|
- https://example.com
|
|
|
|
|
# Global routes cors headers for all routes
|
|
|
|
|
headers:
|
|
|
|
|
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
|
|
|
|
|
Access-Control-Allow-Credentials: 'true'
|
|
|
|
|
Access-Control-Max-Age: 1728000
|
|
|
|
|
##### Define routes
|
|
|
|
|
routes:
|
|
|
|
|
# Example of a route | 1
|
2024-11-10 21:05:19 +01:00
|
|
|
- path: /
|
|
|
|
|
name: Public # Name is optional
|
2024-11-08 23:16:12 +01:00
|
|
|
# host Domain/host based request routing
|
2024-11-10 21:05:19 +01:00
|
|
|
hosts: [] # Hosts are optional
|
2024-11-08 23:16:12 +01:00
|
|
|
## Rewrite a request path
|
|
|
|
|
# e.g rewrite: /store to /
|
|
|
|
|
rewrite: /
|
|
|
|
|
destination: https://example.com
|
2024-11-09 04:52:05 +01:00
|
|
|
# Limit HTTP methods allowed for this route
|
2024-11-08 23:16:12 +01:00
|
|
|
methods: [POST, PUT, GET]
|
2024-11-12 17:38:55 +01:00
|
|
|
#disableHostFording proxy host forwarding
|
|
|
|
|
disableHostFording: false
|
2024-11-08 23:16:12 +01:00
|
|
|
# Route Cors, global cors will be overridden by route
|
|
|
|
|
cors:
|
|
|
|
|
# Route Origins Cors, route will override global cors origins
|
|
|
|
|
origins:
|
|
|
|
|
- https://dev.example.com
|
|
|
|
|
- http://localhost:3000
|
|
|
|
|
- https://example.com
|
|
|
|
|
# Route Cors headers, route will override global cors headers
|
|
|
|
|
headers:
|
|
|
|
|
Access-Control-Allow-Methods: 'GET'
|
|
|
|
|
Access-Control-Allow-Headers: 'Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id'
|
|
|
|
|
Access-Control-Allow-Credentials: 'true'
|
|
|
|
|
Access-Control-Max-Age: 1728000
|
|
|
|
|
##### Apply middlewares to the route
|
|
|
|
|
## The name must be unique
|
2024-11-15 14:31:48 +01:00
|
|
|
## List of middleware name
|
2024-11-08 23:16:12 +01:00
|
|
|
middlewares:
|
|
|
|
|
- api-forbidden-paths
|
|
|
|
|
# Example of a route | 2
|
2024-11-10 21:05:19 +01:00
|
|
|
- path: /protected
|
|
|
|
|
name: Basic auth
|
2024-11-08 23:16:12 +01:00
|
|
|
rewrite: /
|
2024-11-10 21:05:19 +01:00
|
|
|
destination: ''
|
|
|
|
|
backends:
|
|
|
|
|
- https://example.com
|
|
|
|
|
- https://example2.com
|
2024-11-15 07:56:37 +01:00
|
|
|
insecureSkipVerify: true
|
2024-11-10 21:05:19 +01:00
|
|
|
methods:
|
|
|
|
|
- GET
|
|
|
|
|
# Route healthcheck
|
2024-11-08 23:16:12 +01:00
|
|
|
healthCheck:
|
2024-11-10 21:05:19 +01:00
|
|
|
path: /health/live
|
2024-11-12 13:11:38 +01:00
|
|
|
interval: 30s
|
|
|
|
|
timeout: 10s
|
2024-11-10 21:05:19 +01:00
|
|
|
healthyStatuses:
|
|
|
|
|
- 200
|
|
|
|
|
- 404
|
2024-11-08 23:16:12 +01:00
|
|
|
cors: {}
|
|
|
|
|
middlewares:
|
|
|
|
|
- api-forbidden-paths
|
|
|
|
|
- basic-auth
|
|
|
|
|
#Defines proxy middlewares
|
2024-11-15 14:31:48 +01:00
|
|
|
# middleware name must be unique
|
2024-11-08 23:16:12 +01:00
|
|
|
middlewares:
|
|
|
|
|
# Enable Basic auth authorization based
|
|
|
|
|
- name: basic-auth
|
|
|
|
|
# Authentication types | jwt, basic, OAuth
|
|
|
|
|
type: basic
|
|
|
|
|
paths:
|
|
|
|
|
- /user
|
|
|
|
|
- /admin
|
|
|
|
|
- /account
|
|
|
|
|
rule:
|
|
|
|
|
username: admin
|
|
|
|
|
password: admin
|
|
|
|
|
#Enables JWT authorization based on the result of a request and continues the request.
|
|
|
|
|
- name: google-auth
|
|
|
|
|
# Authentication types | jwt, basic, OAuth
|
|
|
|
|
# jwt authorization based on the result of backend's response and continue the request when the client is authorized
|
|
|
|
|
type: jwt
|
|
|
|
|
# Paths to protect
|
|
|
|
|
paths:
|
|
|
|
|
- /protected-access
|
|
|
|
|
- /example-of-jwt
|
|
|
|
|
#- /* or wildcard path
|
|
|
|
|
rule:
|
|
|
|
|
# This is an example URL
|
|
|
|
|
url: https://www.googleapis.com/auth/userinfo.email
|
|
|
|
|
# Required headers, if not present in the request, the proxy will return 403
|
|
|
|
|
requiredHeaders:
|
|
|
|
|
- Authorization
|
2024-12-02 07:50:42 +01:00
|
|
|
# Key: Auth request header key | Value: Next request header key
|
2024-11-08 23:16:12 +01:00
|
|
|
headers:
|
|
|
|
|
userId: Auth-UserId
|
|
|
|
|
userCountryId: Auth-UserCountryId
|
2024-12-02 07:50:42 +01:00
|
|
|
# Key: Auth request header key | Value: Next request parameter key
|
2024-11-08 23:16:12 +01:00
|
|
|
params:
|
|
|
|
|
userCountryId: countryId
|
|
|
|
|
# The server will return 403
|
|
|
|
|
- name: api-forbidden-paths
|
|
|
|
|
type: access
|
|
|
|
|
## prevents access paths
|
|
|
|
|
paths:
|
|
|
|
|
- /swagger-ui/*
|
|
|
|
|
- /v2/swagger-ui/*
|
|
|
|
|
- /api-docs/*
|
|
|
|
|
- /internal/*
|
2024-11-09 04:52:05 +01:00
|
|
|
- /actuator/*
|
|
|
|
|
- name: oauth-google
|
|
|
|
|
type: oauth
|
|
|
|
|
paths:
|
|
|
|
|
- /protected
|
|
|
|
|
- /example-of-oauth
|
|
|
|
|
rule:
|
|
|
|
|
clientId: xxx
|
|
|
|
|
clientSecret: xxx
|
|
|
|
|
provider: google
|
|
|
|
|
endpoint:
|
|
|
|
|
userInfoUrl: ""
|
|
|
|
|
redirectUrl: http://localhost:8080/callback
|
|
|
|
|
redirectPath: ""
|
|
|
|
|
cookiePath: ""
|
|
|
|
|
scopes:
|
|
|
|
|
- https://www.googleapis.com/auth/userinfo.email
|
|
|
|
|
- https://www.googleapis.com/auth/userinfo.profile
|
|
|
|
|
state: randomStateString
|
|
|
|
|
jwtSecret: your-strong-jwt-secret | It's optional
|
|
|
|
|
- name: oauth-authentik
|
|
|
|
|
type: oauth
|
|
|
|
|
paths:
|
|
|
|
|
- /protected
|
|
|
|
|
- /example-of-oauth
|
|
|
|
|
rule:
|
|
|
|
|
clientId: xxx
|
|
|
|
|
clientSecret: xxx
|
|
|
|
|
provider: custom
|
|
|
|
|
endpoint:
|
|
|
|
|
authUrl: https://authentik.example.com/application/o/authorize/
|
|
|
|
|
tokenUrl: https://authentik.example.com/application/o/token/
|
|
|
|
|
userInfoUrl: https://authentik.example.com/application/o/userinfo/
|
|
|
|
|
redirectUrl: http://localhost:8080/callback
|
|
|
|
|
redirectPath: ""
|
|
|
|
|
cookiePath: ""
|
|
|
|
|
scopes:
|
|
|
|
|
- email
|
|
|
|
|
- openid
|
|
|
|
|
state: randomStateString
|
|
|
|
|
jwtSecret: your-strong-jwt-secret | It's optional
|
