External files in dedicated folders

The Airlock Microgateway configbuilder expects some files to be in dedicated folders for different purposes. The files could be either mounted into the container or copied into a custom image.

This section gives an overview of the predefined folders and their expected content.

Table: Base configuration files

Path in image

Description

/config/config.yaml

Folder of the Airlock Microgateway configuration file.

/config/error-pages/

Folder for custom error pages files.

Some attributes can be specified either by directly providing a value or by referencing a file.

  • For instance, to configure a passphrase, these attributes are supported:
  • session.encryption_passphrase_file
  • session.encryption_passphrase

If the same attribute is configured with and without _file suffix, the _file attribute is used. If no attribute is configured, the default paths listed below are used. The following attributes support file references:

Table: Attributes supporting file references

Default path in image

DSL attribute

Description

/secret/license

license_file

Contains the Airlock Microgateway license

/secret/passphrase

session.encryption_passphrase_file

Contains the passphrase

/secret/tls/frontend-server.crt

apps[].virtual_host.certificate.certificate_file

If no certificates are specified, the default certificate is used.

/secret/tls/frontend-server.key

apps[].virtual_host.certificate.privatekey_file

If no certificates are specified, the default certificate is used.

/secret/tls/frontend-server-ca.crt

apps[].virtual_host.certificate.ca_chain_file

If no certificates are specified, the default certificate is used.

/secret/auth/client_certificate/selection.crt

apps[].virtual_host.auth.client_certificate.ca_selection_file

The file containing the selection CA certificates for client certificates.

/secret/auth/client_certificate/validation.crt

apps[].virtual_host.auth.client_certificate.ca_validation_file

The file containing the validation CA certificates for client certificates.

/secret/auth/client_certificate/client.crl

apps[].virtual_host.auth.client_certificate.crl_file

The file containing the CRL for client certificates.

/secret/auth/jwks/tls/client/client.crt

jwks_providers.remote[].tls.client.certificate_file

If no client certificate is specified for a remote JWKS provider, the default certificate is used.

/secret/auth/jwks/tls/client/client.key

jwks_providers.remote[].tls.client.privatekey_file

If no private key is specified for a remote JWKS provider client certificate, the default key is used.

/secret/auth/jwks/tls/client/client-ca.crt

jwks_providers.remote[].tls.client.ca_chain_file

The CA chain file path for the client certificate.

/secret/auth/jwks/tls/server/server-validation.crt

jwks_providers.remote[].tls.server.ca_validation_file

The file containing the validation CA certificates.

/config/mapping.xml

apps[].mappings.mapping_template_file

The mapping template file used for all Mappings without specifying the attribute mapping_template_file.

/config/openapi.json

apps[].mappings.openapi.spec_file

An OpenAPI specification file