Gateway Service

The Gateway Service acts as common entry point for remote management of Corda Nodes as well as networks using CENM - either using the available command-line tools or via the web applications hosted by the Gateway.

You can install the Gateway Service by installing the Gateway Service JAR file:

java -jar gateway-service.jar -f config.conf

When you configure the Gateway Service, you need to:

  1. Specify the endpoint where the Auth Service is exposed - this must match the IP or host name of the machine/VM/container and the port that is configured in the Auth Service config file.

  2. Specify the SSL configuration for connecting to the Auth Service. You can do this using the PKI tool.

  3. Your authentication credentials, as specified in your Auth Service configuration.

  4. Your Zone Service address.

You can create a configuration file as shown in the sample, and then add this to your CENM services using the command line commands below.

# Configuration dependent on the Auth service install
auth {
    # This is the endpoint where the auth service is exposed, should be the IP or host name of
    # the machine/VM/container and the port that was configured in the auth service conf file
    serverUrl = "https://auth-service:8081/"
    # SSL config for connecting to the auth service
    # Should be the same trust store that is used when configuring the auth service
    # Generally generated by the PKI Tool
    sslConfig = {
        trustStore = "/usr/gateway/certificates/corda-ssl-trust-store.jks"
        trustStorePassword = "trustpass"
    }
    # Client credentials that were configured in the auth service conf file like so:
    # clientConfig = {
    #   clients = [
    #       {
    #           clientId = "gateway1"
    #           clientSecret = "secret1"
    #           scopes = [
    #               "accounts:admin"
    #           ]
    #           audience = [
    #               "zone",
    #               "network-map",
    #               "identity-manager"
    #           ]
    #       }
    #   ]
    clientCredentials = {
        clientId = "gateway1"
        clientSecret = "secret1"
    }
}

# application-specific configuration should go here

# port to bind to (defaults to 8080)
server {
    port = 8080
}

Name of the distribution: gateway-service.jar

Command line arguments:

  • -v, --verbose - If set, prints logging to the console as well as to a file.
  • --logging-level= - Enable logging at this level and higher. Defaults to INFO. Possible values: OFF, INFO, WARN, TRACE, DEBUG, ERROR, ALL
  • -f, --config-file= --config-obfuscation-passphrase[=] - The passphrase used in the key derivation function when generating an AES key
  • --config-obfuscation-seed[=] - The seed used in the key derivation function to create a salt
  • -h, --help
  • -V, --version

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.