Skip to main content

Front End

Description

Specifies the configuration the gateway server will use when securely communicating with clients. This configuration includes:

  • A PEM based personal certificate file. This certificate file should include the private key, a certificate signed with the private key, and the signer certificate or signer certificate chain (if required). If a certificate is not provided, the gateway will generate a self-signed certificate during bootstrapping.
  • The TLS protocols that are enabled for client communication.
  • Any additional server certificates which should be used for specific hosts using the 'server name indication' (SNI) TLS extension.

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints Description
tlsv12 boolean Values: true,false
Default:true
A boolean which indicates whether or not TLS v1.2 is enabled.
tlsv13 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.3 is enabled.
tlsv10 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.0 is enabled.
tlsv11 boolean Values: true,false
Default:false
A boolean which indicates whether or not TLS v1.1 is enabled.
certificate string The certificate to be used for secure communication with clients.
sni array[SNI Object]

SNI Object

Specifies a list of SNI certificate to hostname mappings for the front end.

Name Type Constraints Description
hostname string The name of the host for this SNI entry.
certificate string The PEM encoded certificate for this SNI entry.

Example

 server:
         ssl:
             front_end:
                 certificate: "@cert.pem"
                 tlsv12: true
                 sni:
                     - certificate: "@test.pem"
                       hostname: www.test.com
                     - certificate: "@example.pem"
                       hostname: www.example.com