Introduction

The API Gateway (APIGW) was designed so that users could configure the application to meet their security requirements. This section will provide background information on how to perform a custom configuration. This is important to understand and will be referenced in other APIGW articles and sections.

Bind mounts

Configuration of the APIGW is achieved through a combination of API calls and the use of Docker bind mounts. A bind mount is a directory or file on the host machine that will be mounted inside the container. Changes made to the files on the host machine will be reflected inside the container. It does not matter where the files live on the host machine, but the files must be mounted to specific locations inside the container so that the application can find them.

The gateway and proxy containers can both be configured via separate bind mounted directories. Each container requires all configuration files to be mounted to the /etc/config directory inside the container. Therefore, it is recommended to create a directory for each container on the host machine to store all of the configuration files and mount them to /etc/config. This is done by editing the docker-compose.yaml. Under proxy services, add a volumes section if one does not already exist; this is used to mount the configuration directory on the host to /etc/config. For example, if /my/proxy/config is the directory on the host that contains the configuration files, then the relevant part of the compose file would look like this:

services:
    proxy:
        volumes:
            /my/proxy/config:/etc/config

 

To change the configuration of the gateway container, make a similar change under its service section. The only difference would be the directory on the host. After making this change, the application will need to be stopped and restarted.

The structure of /my/proxy/config will need to match the required layout in /etc/config.  When each container starts, it will create default versions of each file and place them in the expected location. It is highly recommended to start from the default version of these files. For example, if /my/proxy/config is the bind mount directory on the host, one can populate it with all the default configuration files by running the following commands.

First, create an nginx directory inside /my/proxy/config on the host.

cd /my/proxy/config

mkdir nginx

Then find the id of the proxy container with docker ps. Look for the container with a delphix-api-gateway-proxy image name.

CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                   NAMES
ac343412492a   delphix-api-gateway-proxy:0.0.1   "/bootstrap.sh"          8 minutes ago   Up 8 minutes   0.0.0.0:443->443/tcp, :::443->443/tcp   orbital-api-gateway_proxy_1


In the above example, ac343412492a is the id. Run the following command to copy the default files to the bind mount.

docker cp <container id>:/etc/config/nginx /my/proxy/config/nginx

One can always go back to the original configuration by removing the bind-mount and restarting the container or using docker cp as in the previous example to overwrite the custom files with the default versions.