OCARIoT Platform APIs Manager. It is responsible for routing requests or blocking access to resources provided by the internal microservices that make up the OCARIoT platform. Express Gateway is used.
Application settings are defined by environment variables. To define the settings, make a copy of the .env.example file, naming for .env. After that, open and edit the settings as needed. The following environments variables are available:
| VARIABLE | DESCRIPTION | DEFAULT |
|---|---|---|
NODE_ENV |
Defines the environment in which the application runs. You can set: test (in this environment, the database defined in MONGODB_URI_TEST is used and the logs are disabled for better visualization of the test output), development (in this environment, all log levels are enabled) and production (in this environment, only the warning and error logs are enabled). |
development |
PORT_HTTP |
Port used by the API GATEWAY service to listen for HTTP request. | 80 |
PORT_HTTPS |
Port used by the API GATEWAY service to listen for HTTPS request. | 443 |
API_GATEWAY_HOSTNAME |
API Gateway Hostname. | localhost |
API_IOT_HOSTNAME |
API IoT Hostname. | iot.localhost |
RABBIT_MGT_HOSTNAME |
RabbitMQ Management hostname. | rabbit.localhost |
ISSUER |
The issuer used to validate the JWT token sent for requests. The value must be provided by the Account service that generates the token. | ocariot |
SSL_KEY_PATH |
SSL/TLS certificate private key. | .certs/server.key |
SSL_CERT_PATH |
SSL/TLS certificate. | .certs/server.crt |
SSL_IOT_KEY_PATH |
Private key for IoT service SSL certificate. | .certs/iot_server.key |
SSL_IOT_CERT_PATH |
Certificate SSL for IoT service. | .certs/iot_server.crt |
SSL_IOT_CA_PATH |
CA SSL for IoT service. | .certs/ca.crt |
JWT_PUBLIC_KEY_PATH |
Public key used to generate and validate JSON Web Token (JWT). The value must be provided by the Account service that generates the token. | .certs/jwt.key.pub |
VAULT_ACCESS_TOKEN |
Access Token for http access to the vault. | vault_access_token |
ACCOUNT_SERVICE |
URI used to connect to the Account service. | https://localhost:3001 |
IOT_TRACKING_SERVICE |
URI used to connect to the IoT Tracking service. | https://localhost:4001 |
DS_AGENT_SERVICE |
URI used to connect to the Data Sync Agent service. | https://localhost:5001 |
QUESTIONNAIRE_SERVICE |
URI used to connect to the Questinnaire service. | https://localhost:6001 |
GAMIFICATION_SERVICE |
URI used to connect to the Gamification service. | https://localhost:7001 |
MISSION_SERVICE |
URI used to connect to the Mission service. | https://localhost:8001 |
FOOD_SERVICE |
URI used to connect to the Food service. | https://localhost:9001 |
NOTIFICATION_SERVICE |
URI used to connect to the Notification service. | https://localhost:10001 |
RABBIT_MGT_SERVICE |
URI used to connect to the RabbitMQ Management. | https://localhost:15672 |
VAULT_SERVICE |
URI used to connect to the Vault. | https://localhost:8200 |
EMULATE_REDIS |
Signals whether the redis bank will be emulated or not. | true |
PORT_REDIS |
Redis instance port. | 6379 |
HOST_REDIS |
Redis instance hostname. | localhost |
For development and testing environments the easiest and fastest way is to generate your own self-signed certificates. These certificates can be used to encrypt data as well as certificates signed by a CA, but users will receive a warning that the certificate is not trusted for their computer or browser. Therefore, self-signed certificates should only be used in non-production environments, that is, development and testing environments. To do this, run the create-self-signed-certs.sh script in the root of the repository.
$ chmod +x ./create-self-signed-certs.sh
$ ./create-self-signed-certs.shThe following files will be created: ca.crt, server.crt and server.key.
Remember that JWT public key (JWT_PUBLIC_KEY_PATH) must be the same as used by Account Service.
In production environments its highly recommended to always use valid certificates and provided by a certificate authority (CA). A good option is Let's Encrypt which is a CA that provides free certificates. The service is provided by the Internet Security Research Group (ISRG). The process to obtain the certificate is extremely simple, as it is only required to provide a valid domain and prove control over it. With Let's Encrypt, you do this by using software that uses the ACME protocol, which typically runs on your host. If you prefer, you can use the service provided by the SSL For Free website and follow the walkthrough. The service is free because the certificates are provided by Let's Encrypt, and it makes the process of obtaining the certificates less painful.
$ npm install $ npm startNavigate to https://localhost:{PORT_HTTPS}