To get you started quickly, this section provides a more complex boilerplate configuration file.
Example config.yaml
copy
session: redis_hosts: - 'redis-service:6379' encryption_passphrase_file: /secret/config/passphrase remote_ip: header: X-Forwarded-For internal_proxies: - 10.1.0.0/32 apps: # # Website, member portal, API back-ends # - virtual_host: name: webapp hostname: webapp.virtinc.com http_enabled: false https_port: 8443 certificate: certificate_file: /secret/tls/frontend-server.crt privatekey_file: /secret/tls/frontend-server.key ca_chain_file: /secret/tls/frontend-server-ca.crt session_cookie_domain: virtinc.com mappings: # # Public website # - name: webapp_public entry_path: value: / session_handling: enforce_session threat_handling: block deny_rule_groups: - enabled: true log_only: false level: standard backend: name: webapp-service hosts: - name: webapp.intra.svc protocol: https port: 8443 # # Member portal # - name: webapp_member entry_path: value: /member/ session_handling: enforce_session threat_handling: block auth: access: - roles: - member denied_access_url: /auth/login flow: redirect api_security: treat_path_segments_as_parameters: false treat_json_objects_as_parameters: true json_content_type: pattern: json deny_rule_groups: - enabled: true log_only: false level: standard # Deny rule exception for chat messages exceptions: - parameter_name: pattern: ^message$ path: pattern: ^/member/chat/ ignore_case: true backend: name: webapp-service hosts: - name: webapp.intra.svc protocol: https port: 8443 # # API endpoints - still being integrated! # Change operational_mode to production when finished! # - name: webapp_api entry_path: value: /api/ operational_mode: integration session_handling: ignore_session threat_handling: block api_security: treat_path_segments_as_parameters: true treat_json_objects_as_parameters: true json_content_type: pattern: json openapi: spec_file: /config/webapp_api_openapi.json backend: name: webapp-service hosts: - name: webapp.intra.svc protocol: https port: 8443 # # Airlock IAM # - virtual_host: name: sso hostname: sso.virtinc.com http_enabled: false https_port: 8443 certificate: certificate_file: /secret/tls/frontend-server.crt privatekey_file: /secret/tls/frontend-server.key ca_chain_file: /secret/tls/frontend-server-ca.crt session_cookie_domain: virtinc.com mappings: # # Hint: Use Ergon's mapping template # - mapping_template_file: /config/templates/loginapp-7.3.xml allow_rules: - name: "Loginapp Single Page Application" enabled: true backend: name: iam-service hosts: - name: iam.intra.svc protocol: https port: 8443 expert_settings: security_gate: | BackendSSLConnectTimeout "13" # # Configure mutual TLS towards backend # BackendSSLServerCA /secret/tls/backend-server-validation-ca.crt BackendSSLClientCert /secret/tls/backend-client.crt BackendSSLClientCertKey /secret/tls/backend-client.key BackendSSLVerifyHost "true"