Skip to main content

Front End

Description

Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:

  • The certificate to be used for secure communication with clients. If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
  • The TLS protocols that are enabled for client communication.
  • Any additional server certificates which should be used for specific hosts using the 'server name indication' (SNI) TLS extension.

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints Description
tlsv12 boolean Values: true,false
Default:true
A boolean which indicates whether or not TLS v1.2 is enabled.
tlsv13 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.3 is enabled.
tlsv10 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.0 is enabled.
tlsv11 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.1 is enabled.
certificate array[string] PEM based personal certificate files which will be used when communicating with the client. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).
If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
sni array[SNI Object]

SNI Object

Specifies a list of SNI certificate to hostname mappings for the front end.

Name Type Constraints Description
hostname string The name of the host for this SNI entry.
certificate array[string] PEM based personal certificate files which will be used when communicating with clients which indicate this host. These certificate files should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required).

Example

 server:
         ssl:
             front_end:
                 certificate: 
                     - "@host.crt"
                     - "@host.key"
                     - "@ca.crt"
                 tlsv12: true
                 sni:
                     - certificate: 
                           - "@test.crt"
                           - "@test.key"
                       hostname: www.test.com
                     - certificate: 
                           - "@example.crt"
                           - "@example.key"
                       hostname: www.example.com