diff --git a/src/main/resources/config/client.yml b/src/main/resources/config/client.yml deleted file mode 100644 index b4c8ae1..0000000 --- a/src/main/resources/config/client.yml +++ /dev/null @@ -1,218 +0,0 @@ -# This is the configuration file for Http2Client. ---- -# Settings for TLS -tls: - # if the server is using self-signed certificate, this need to be false. If true, you have to use CA signed certificate - # or load truststore that contains the self-signed cretificate. - verifyHostname: ${client.verifyHostname:true} - # The default trustedNames group used to created default SSL context. This is used to create Http2Client.SSL if set. - defaultGroupKey: ${client.defaultGroupKey:trustedNames.local} - # trusted hostnames, service names, service Ids, and so on. - # Note: localhost and 127.0.0.1 are not trustable hostname/ip in general. So, these values should not be used as trusted names in production. - trustedNames: - local: localhost - negativeTest: invalidhost - empty: - # trust store contains certifictes that server needs. Enable if tls is used. - loadTrustStore: ${client.loadTrustStore:true} - # trust store location can be specified here or system properties javax.net.ssl.trustStore and password javax.net.ssl.trustStorePassword - trustStore: ${client.trustStore:client.truststore} - # trust store password - trustStorePass: ${client.trustStorePass:password} - # key store contains client key and it should be loaded if two-way ssl is uesed. - loadKeyStore: ${client.loadKeyStore:false} - # key store location - keyStore: ${client.keyStore:client.keystore} - # key store password - keyStorePass: ${client.keyStorePass:password} - # private key password - keyPass: ${client.keyPass:password} -# settings for OAuth2 server communication -oauth: - # OAuth 2.0 token endpoint configuration - # If there are multiple oauth providers per serviceId, then we need to update this flag to true. In order to derive the serviceId from the - # path prefix, we need to set up the pathPrefixServices below if there is no duplicated paths between services. - multipleAuthServers: ${client.multipleAuthServers:false} - token: - cache: - #capacity of caching TOKENs - capacity: ${client.tokenCacheCapacity:200} - # The scope token will be renewed automatically 1 minutes before expiry - tokenRenewBeforeExpired: ${client.tokenRenewBeforeExpired:60000} - # if scope token is expired, we need short delay so that we can retry faster. - expiredRefreshRetryDelay: ${client.expiredRefreshRetryDelay:2000} - # if scope token is not expired but in renew windown, we need slow retry delay. - earlyRefreshRetryDelay: ${client.earlyRefreshRetryDelay:4000} - # token server url. The default port number for token service is 6882. If this is set, - # it will take high priority than serviceId for the direct connection - server_url: ${client.tokenServerUrl:} - # token service unique id for OAuth 2.0 provider. If server_url is not set above, - # a service discovery action will be taken to find an instance of token service. - serviceId: ${client.tokenServiceId:com.networknt.oauth2-token-1.0.0} - # For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud - # and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the - # proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId - # below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. - proxyHost: ${client.tokenProxyHost:} - # We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has - # a different port, please specify it here. If proxyHost is available and proxyPort is missing, then - # the default value 443 is going to be used for the HTTP connection. - proxyPort: ${client.tokenProxyPort:} - # set to true if the oauth2 provider supports HTTP/2 - enableHttp2: ${client.tokenEnableHttp2:true} - # the following section defines uri and parameters for authorization code grant type - authorization_code: - # token endpoint for authorization code grant - uri: ${client.tokenAcUri:/oauth2/token} - # client_id for authorization code grant flow. - client_id: ${client.tokenAcClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client_secret for authorization code grant flow. - client_secret: ${client.tokenAcClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # the web server uri that will receive the redirected authorization code - redirect_uri: ${client.tokenAcRedirectUri:https://localhost:3000/authorization} - # optional scope, default scope in the client registration will be used if not defined. - # If there are scopes specified here, they will be verified against the registered scopes. - # scope: - # - petstore.r - # - petstore.w - # the following section defines uri and parameters for client credentials grant type - client_credentials: - # token endpoint for client credentials grant - uri: ${client.tokenCcUri:/oauth2/token} - # client_id for client credentials grant flow. - client_id: ${client.tokenCcClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client_secret for client credentials grant flow. - client_secret: ${client.tokenCcClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # optional scope, default scope in the client registration will be used if not defined. - # If there are scopes specified here, they will be verified against the registered scopes. - # scope: - # - petstore.r - # - petstore.w - # The serviceId to the service specific OAuth 2.0 configuration. Used only when multipleOAuthServer is - # set as true. For detailed config options, please see the values.yml in the client module test. - serviceIdAuthServers: ${client.tokenCcServiceIdAuthServers:} - refresh_token: - # token endpoint for refresh token grant - uri: ${client.tokenRtUri:/oauth2/token} - # client_id for refresh token grant flow. - client_id: ${client.tokenRtClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client_secret for refresh token grant flow - client_secret: ${client.tokenRtClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # optional scope, default scope in the client registration will be used if not defined. - # If there are scopes specified here, they will be verified against the registered scopes. - # scope: - # - petstore.r - # - petstore.w - # light-oauth2 key distribution endpoint configuration for token verification - key: - # key distribution server url for token verification. It will be used if it is configured. - # If it is not set, a service lookup will be taken with serviceId to find an instance. - server_url: ${client.tokenKeyServerUrl:} - # key serviceId for key distribution service, it will be used if above server_url is not configured. - serviceId: ${client.tokenKeyServiceId:com.networknt.oauth2-key-1.0.0} - # the path for the key distribution endpoint - uri: ${client.tokenKeyUri:/oauth2/key} - # client_id used to access key distribution service. It can be the same client_id with token service or not. - client_id: ${client.tokenKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client secret used to access the key distribution service. - client_secret: ${client.tokenKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # set to true if the oauth2 provider supports HTTP/2 - enableHttp2: ${client.tokenKeyEnableHttp2:true} - # The serviceId to the service specific OAuth 2.0 configuration. Used only when multipleOAuthServer is - # set as true. For detailed config options, please see the values.yml in the client module test. - serviceIdAuthServers: ${client.tokenKeyServiceIdAuthServers:} - # sign endpoint configuration - sign: - # token server url. The default port number for token service is 6882. If this url exists, it will be used. - # if it is not set, then a service lookup against serviceId will be taken to discover an instance. - # server_url: ${client.signServerUrl:https://localhost:6882} - # For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud - # and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the - # proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId - # below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. - # proxyHost: ${client.signProxyHost:proxy.lightapi.net} - # We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has - # a different port, please specify it here. If proxyHost is available and proxyPort is missing, then - # the default value 443 is going to be used for the HTTP connection. - # proxyPort: ${client.signProxyPort:3128} - # token serviceId. If server_url doesn't exist, the serviceId will be used to lookup the token service. - serviceId: ${client.signServiceId:com.networknt.oauth2-token-1.0.0} - # signing endpoint for the sign request - uri: ${client.signUri:/oauth2/token} - # timeout in milliseconds - timeout: ${client.signTimeout:2000} - # set to true if the oauth2 provider supports HTTP/2 - enableHttp2: ${client.signEnableHttp2:true} - # client_id for client authentication - client_id: ${client.signClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client secret for client authentication and it can be encrypted here. - client_secret: ${client.signClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # the key distribution sever config for sign. It can be different then token key distribution server. - key: - # key distribution server url. It will be used to establish connection if it exists. - # if it is not set, then a service lookup against serviceId will be taken to discover an instance. - # server_url: ${client.signKeyServerUrl:https://localhost:6886} - # the unique service id for key distribution service, it will be used to lookup key service if above url doesn't exist. - serviceId: ${client.signKeyServiceId:com.networknt.oauth2-key-1.0.0} - # the path for the key distribution endpoint - uri: ${client.signKeyUri:/oauth2/key} - # client_id used to access key distribution service. It can be the same client_id with token service or not. - client_id: ${client.signKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client secret used to access the key distribution service. - client_secret: ${client.signKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA} - # set to true if the oauth2 provider supports HTTP/2 - enableHttp2: ${client.signKeyEnableHttp2:true} - # de-ref by reference token to JWT token. It is separate service as it might be the external OAuth 2.0 provider. - deref: - # Token service server url, this might be different than the above token server url. The static url will be used if it is configured. - # server_url: ${client.derefServerUrl:https://localhost:6882} - # For users who leverage SaaS OAuth 2.0 provider in the public cloud and has an internal - # proxy server to access code, token and key services of OAuth 2.0, set up the proxyHost - # here for the HTTPS traffic. This option is only working with server_url and serviceId - # below should be commented out. OAuth 2.0 services cannot be discovered if a proxy is used. - # proxyHost: ${client.derefProxyHost:proxy.lightapi.net} - # We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has - # a different port, please specify it here. If proxyHost is available and proxyPort is missing, then - # the default value 443 is going to be used for the HTTP connection. - # proxyPort: ${client.derefProxyPort:3128} - # token service unique id for OAuth 2.0 provider. Need for service lookup/discovery. It will be used if above server_url is not configured. - serviceId: ${client.derefServiceId:com.networknt.oauth2-token-1.0.0} - # set to true if the oauth2 provider supports HTTP/2 - enableHttp2: ${client.derefEnableHttp2:true} - # the path for the key distribution endpoint - uri: ${client.derefUri:/oauth2/deref} - # client_id used to access key distribution service. It can be the same client_id with token service or not. - client_id: ${client.derefClientId:f7d42348-c647-4efb-a52d-4c5787421e72} - # client_secret for deref - client_secret: ${client.derefClientSecret:f6h1FTI8Q3-7UScPZDzfXA} -# If you have multiple OAuth 2.0 providers and use path prefix to decide which OAuth 2.0 server -# to get the token or JWK. If two or more services have the same path, you must use serviceId in -# the request header to use the serviceId to find the OAuth 2.0 provider configuration. -pathPrefixServices: ${client.pathPrefixServices:} -# circuit breaker configuration for the client -request: - # number of timeouts/errors to break the circuit - errorThreshold: ${client.errorThreshold:2} - # timeout in millisecond to indicate a client error. - timeout: ${client.timeout:3000} - # reset the circuit after this timeout in millisecond - resetTimeout: ${client.resetTimeout:7000} - # if open tracing is enable. traceability, correlation and metrics should not be in the chain if opentracing is used. - injectOpenTracing: ${client.injectOpenTracing:false} - # inject serviceId as callerId into the http header for metrics to collect the caller. The serviceId is from server.yml - injectCallerId: ${client.injectCallerId:false} - # the flag to indicate whether http/2 is enabled when calling client.callService() - enableHttp2: ${client.enableHttp2:true} - # the maximum host capacity of connection pool - connectionPoolSize: ${client.connectionPoolSize:1000} - # Connection expire time when connection pool is used. By default, the cached connection will be closed after 30 minutes. - # This is one way to force the connection to be closed so that the client-side discovery can be balanced. - connectionExpireTime: ${client.connectionExpireTime:1800000} - # The maximum request limitation for each connection in the connection pool. By default, a connection will be closed after - # sending 1 million requests. This is one way to force the client-side discovery to rebalence the connections. - maxReqPerConn: ${client.maxReqPerConn:1000000} - # maximum quantity of connection in connection pool for each host - maxConnectionNumPerHost: ${client.maxConnectionNumPerHost:1000} - # minimum quantity of connection in connection pool for each host. The corresponding connection number will shrink to minConnectionNumPerHost - # by remove least recently used connections when the connection number of a host reach 0.75 * maxConnectionNumPerHost. - minConnectionNumPerHost: ${client.minConnectionNumPerHost:250} diff --git a/src/main/resources/config/handler.yml b/src/main/resources/config/handler.yml index 64bbdcb..6c44749 100644 --- a/src/main/resources/config/handler.yml +++ b/src/main/resources/config/handler.yml @@ -78,7 +78,7 @@ paths: method: 'get' exec: - admin - - proxyServerInfo + - info # the health endpoint for the proxy itself without security, this for both Kubernetes liveness and readiness. - path: '/health' method: 'get' diff --git a/src/main/resources/config/server.yml b/src/main/resources/config/server.yml deleted file mode 100644 index 5a62a01..0000000 --- a/src/main/resources/config/server.yml +++ /dev/null @@ -1,120 +0,0 @@ -# Server configuration ---- -# This is the default binding address if the service is dockerized. -ip: ${server.ip:0.0.0.0} - -# Http port if enableHttp is true. This port is used for the backend API to invoke within the same pod. -httpPort: ${server.httpPort:8080} - -# Enable HTTP for the backend to invoke other APIs through the router with http connection in the same pod. -# The call to the other pods or external will be HTTPS as all outside communication from the pod is HTTPS. -enableHttp: ${server.enableHttp:false} - -# Https port if enableHttps is true. -httpsPort: ${server.httpsPort:8443} - -# Enable HTTPS for pod to pod or external connection through the proxy to the backend API. The connection -# to the backend API in this call is HTTP so that backend doesn't need to consider TLS in the same pod. -enableHttps: ${server.enableHttps:true} - -# Http/2 is enabled. When Http2 is enable, enableHttps is true and enableHttp is false by default. -# If you want to have http enabled, enableHttp2 must be false. -enableHttp2: ${server.enableHttp2:true} - -# Keystore file name in config folder. -keystoreName: ${server.keystoreName:server.keystore} - -# Keystore password -keystorePass: ${server.keystorePass:password} - -# Private key password -keyPass: ${server.keyPass:password} - -# Flag that indicate if two way TLS is enabled. Not recommended in docker container. -enableTwoWayTls: ${server.enableTwoWayTls:false} - -# Truststore file name in config folder. -truststoreName: ${server.truststoreName:server.truststore} - -# Truststore password -truststorePass: ${server.truststorePass:password} - -# Bootstrap truststore name used to connect to the light-config-server if it is used. -bootstrapStoreName: ${server.bootstrapStoreName:bootstrap.truststore} - -# Bootstrap truststore password -bootstrapStorePass: ${server.bootstrapStorePass:password} - -# Unique service identifier. Used in service registration and discovery etc. -serviceId: ${server.serviceId:com.networknt.gateway-1.0.0} - -# Flag to enable self service registration. This should be turned on on official test and production. And -# dyanmicPort should be enabled if any orchestration tool is used like Kubernetes. -enableRegistry: ${server.enableRegistry:false} - -# When enableRegistry is true and the registry/discovery service is not reachable. Stop the server or continue -# starting the server. When your global registry is not setup as high availability and only for monitoring, you -# can set it true. If you are using it for global service discovery, leave it with false. -startOnRegistryFailure: ${server.startOnRegistryFailure:false} - -# Dynamic port is used in situation that multiple services will be deployed on the same host and normally -# you will have enableRegistry set to true so that other services can find the dynamic port service. When -# deployed to Kubernetes cluster, the Pod must be annotated as hostNetwork: true -dynamicPort: ${server.dynamicPort:false} - -# Minimum port range. This define a range for the dynamic allocated ports so that it is easier to setup -# firewall rule to enable this range. Default 2400 to 2500 block has 100 port numbers and should be -# enough for most cases unless you are using a big bare metal box as Kubernetes node that can run 1000s pods -minPort: ${server.minPort:2400} - -# Maximum port rang. The range can be customized to adopt your network security policy and can be increased or -# reduced to ease firewall rules. -maxPort: ${server.maxPort:2500} - -# environment tag that will be registered on consul to support multiple instances per env for testing. -# https://github.com/networknt/light-doc/blob/master/docs/content/design/env-segregation.md -# This tag should only be set for testing env, not production. The production certification process will enforce it. -# environment: ${server.environment:test1} - -# Build Number, to be set by teams for auditing or tracing purposes. -# Allows teams to audit the value and set it according to their release management process -buildNumber: ${server.buildNumber:latest} - -# Shutdown gracefully wait period in milliseconds -# In this period, it allows the in-flight requests to complete but new requests are not allowed. It needs to be set -# based on the slowest request possible. -shutdownGracefulPeriod: ${server.shutdownGracefulPeriod:2000} - -# ----------------------------------------------------------------------------------------------------------- -# The following parameters are for advanced users to fine tune the service in a container environment. Please leave -# these values default if you do not understand. For more info, visit https://doc.networknt.com/concern/server/ - -# Unique service name. Used in microservice to associate a given name to a service with configuration -# or as a key within the configuration of a particular domain -# serviceName: ${server.serviceName:petstore} - -# Buffer size of undertow server. Default to 16K -bufferSize: ${server.bufferSize:16384} - -# Number of IO thread. Default to number of processor * 2 -# ioThreads: ${server.ioThreads:4} - -# Number of worker threads. Default to 200 and it can be reduced to save memory usage in a container with only one cpu -# workerThreads: ${server.workerThreads:200} - -# Backlog size. Default to 10000 -# backlog: ${server.backlog:10000} - -# Flag to set UndertowOptions.ALWAYS_SET_DATE -# alwaysSetDate: ${server.alwaysSetDate:false} - -# Server string used to mark the server. Default to L for light-4j. -# serverString: ${server.serverString:L} - -# Flag to set UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL. Default to false. -# Please note that this option widens the attack surface and attacker can potentially access your filesystem. -# This should only be used on an internal server and never be used on a server accessed from the Internet. -# allowUnescapedCharactersInUrl: ${server.allowUnescapedCharactersInUrl:false} - -# Set the max transfer file size for uploading files. Default to 1000000 which is 1 MB. -maxTransferFileSize: ${server.maxTransferFileSize:1000000} diff --git a/src/main/resources/config/values.yml b/src/main/resources/config/values.yml index 125e003..40d2320 100644 --- a/src/main/resources/config/values.yml +++ b/src/main/resources/config/values.yml @@ -65,7 +65,7 @@ handler.handlers: - com.networknt.chaos.ExceptionAssaultHandler@exchaos - com.networknt.chaos.ChaosMonkeyGetHandler@chaosget - com.networknt.chaos.ChaosMonkeyPostHandler@chaospost - - com.networknt.proxy.ProxyServerInfoHandler@proxyServerInfo + - com.networknt.info.ServerInfoGetHandler@info - com.networknt.specification.SpecDisplayHandler@spec - com.networknt.specification.SpecSwaggerUIHandler@swaggerui - com.networknt.specification.FaviconHandler@favicon