Updated on December 13, 2021
Configure Orchestrate Gateway API
Follow these steps to configure and connect to Orchestrate Gateway API dependencies:
- Configure PostgreSQL database (mandatory)
- Configure Apache Kafka (mandatory)
- Configure monitoring (optional). Improve the development experience and debugging.
- Configure Multi-tenancy (optional). Use Orchestrate with multiple tenants.
- Configure the Chain Proxy cache (optional).
In addition to the dependencies, Orchestrate Gateway API needs to be configured to connect to the other microservices and to define how the service should be exposed.
Tip
Configure each microservice using microservice-specific environment variables. Command line options are also available and take precedence over environment variables.
Configuration
| Environment Variable | Command line option | Description | Default |
|---|---|---|---|
REST_HOSTNAME |
rest-hostname |
Hostname to expose REST services | |
REST_PORT |
rest-port |
Port to expose REST services | 8081 |
KEY_MANAGER_URL |
key-manager-url |
URL of the Key Manager HTTP endpoint |
CLI options
See the complete list of command line options for the Orchestrate Gateway API:
Run options
Usage:
orchestrate api run [flags]
Flags:
--api-store-type string Type of API Store (one of ["postgres"]) Environment variable: "API_STORE_TYPE" (default "postgres")
--auth-api-key string Key used for authentication (it should be used only for Orchestrate internal authenetication).
Environment variable: "AUTH_API_KEY"
--auth-jwt-audience strings Expected audience ("aud" field) of JWT tokens.
Environment variable: "AUTH_JWT_AUDIENCE"
--auth-jwt-issuer-url string JWT issuer server domain (ie. https://orchestrate.eu.auth0.com).
Environment variable: "AUTH_JWT_ISSUER_URL"
--auth-jwt-orchestrate-claims string Path to for orchestrate claims in the Access Token.
Environment variable: "AUTH_JWT_ORCHESTRATE_CLAIMS"
--db-database string Target Database name
Environment variable: "DB_DATABASE" (default "postgres")
--db-host string Database host
Environment variable: "DB_HOST" (default "127.0.0.1")
--db-keepalive duration Controls the number of seconds after which a TCP keepalive message should be sent
Environment variable: "DB_KEEPALIVE" (default 1m0s)
--db-password string Database User password
Environment variable: "DB_PASSWORD" (default "postgres")
--db-pool-timeout duration Time for which client waits for free connection if all connections are busy
Environment variable: "DB_POOL_TIMEOUT" (default 30s)
--db-poolsize int Maximum number of connections on database
Environment variable: "DB_POOLSIZE"
--db-port int Database port
Environment variable: "DB_PORT" (default 5432)
--db-sslmode string TLS/SSL mode to connect to database (one of "DB_TLS_SSLMODE")
Environment variable: ["require" "disable" "verify-ca" "verify-full"] (default "disable")
--db-tls-ca string Trusted Certificate Authority
Environment variable: "DB_TLS_CA"
--db-tls-cert string TLS Certificate to connect to database
Environment variable: "DB_TLS_CERT"
--db-tls-key string TLS Private Key to connect to database
Environment variable: "DB_TLS_KEY"
--db-user string Database User.
Environment variable: "DB_USER" (default "postgres")
-h, --help help for run
--kafka-sasl-enabled Whether or not to use SASL authentication when connecting to the broker
Environment variable: "KAFKA_SASL_ENABLED"
--kafka-sasl-handshake Whether or not to send the Kafka SASL handshake first if enabled (defaults to true). You should only set this to false if you're using a non-Kafka SASL proxy.
Environment variable: "KAFKA_SASL_HANDSHAKE" (default true)
--kafka-sasl-mechanism string SASLMechanism is the name of the enabled SASL mechanism. Possible values: OAUTHBEARER, PLAIN (defaults to PLAIN).
Environment variable: "KAFKA_SASL_MECHANISM"
--kafka-sasl-password string Password for SASL/PLAIN or SASL/SCRAM auth.
Environment variable: "KAFKA_SASL_PASSWORD"
--kafka-sasl-scramauthzid string Authz id used for SASL/SCRAM authentication
Environment variable: "KAFKA_SASL_SCRAMAUTHZID"
--kafka-sasl-user string Username for SASL/PLAIN or SASL/SCRAM auth.
Environment variable: "KAFKA_SASL_USER"
--kafka-tls-ca-cert-file string CA cert file Path.
Environment variable: "KAFKA_TLS_CA_CERT_FILE"
--kafka-tls-client-cert-file string Client Cert File Path.
Environment variable: "KAFKA_TLS_CLIENT_CERT_FILE"
--kafka-tls-client-key-file string Client key file Path.
Environment variable: "KAFKA_TLS_CLIENT_KEY_FILE"
--kafka-tls-enabled Whether or not to use TLS when connecting to the broker (defaults to false).
Environment variable: "KAFKA_TLS_ENABLED"
--kafka-tls-insecure-skip-verify Controls whether a client verifies the server's certificate chain and host name. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks. This should be used only for testing.
Environment variable: "KAFKA_TLS_INSECURE_SKIP_VERIFY"
--kafka-url strings URL (addresses) of Kafka server(s) to connect to.
Environment variable: "KAFKA_URL" (default [localhost:9092])
--kafka-version string The version of Kafka that Sarama will assume it is running against. Defaults to the oldest supported stable version. Since Kafka provides backwards-compatibility, setting it to a version older than you have will not break anything, although it may prevent you from using the latest features. Setting it to a version greater than you are actually running may lead to random breakage.
Environment variable: "KAFKA_CONSUMER_GROUP_REBALANCE_TIMEOUT" (default "1.0.0")
--key-manager-api-key string Key Manager API-KEY authentication.
Environment variable: "KEY_MANAGER_API_KEY"
--key-manager-client-tls-cert string Key Manager mutual TLS authentication (crt file).
Environment variable: "KEY_MANAGER_CLIENT_TLS_CERT"
--key-manager-client-tls-key string Key Manager mutual TLS authentication (key file).
Environment variable: "KEY_MANAGER_CLIENT_TLS_KEY"
--key-manager-metrics-url string Key Manager HTTP metrics domain.
Environment variable: "KEY_MANAGER_METRICS_URL"
--key-manager-store-name string Key Manager ethereum account store name.
Environment variable: "KEY_MANAGER_STORE_NAME"
--key-manager-tls-skip-verify Key Manager, disables SSL certificate verification.
Environment variable: "KEY_MANAGER_TLS_SKIP_VERIFY"
--key-manager-url string Key Manager HTTP domain.
Environment variable: "KEY_MANAGER_URL"
--log-format string Log formatter (one of ["text" "json"]).
Environment variable: "LOG_FORMAT" (default "text")
--log-level string Log level (one of ["panic" "fatal" "error" "warn" "info" "debug" "trace"]).
Environment variable: "LOG_LEVEL" (default "info")
--log-timestamp Enable logging with timestamp (only TEXT format).
Environment variable: "LOG_TIMESTAMP"
--metrics-hostname string Hostname to expose metrics services
Environment variable: "METRICS_HOSTNAME"
--metrics-modules strings List of metrics modules exposed. Available metric modules are ["http" "tcp" "orchestrate_api" "go" "process" "healthz"], to enable all use ENABLED or to disable all DISABLED.
Environment variable: "METRICS_MODULES" (default [ENABLED])
--metrics-port uint Port to expose metrics services
Environment variable: "METRICS_PORT" (default 8082)
--multi-tenancy-enabled Whether or not to use Multi Tenancy.
Environment variable: "MULTI_TENANCY_ENABLED"
--proxy-cache-ttl duration Proxy Cache TTL duration (Disabled by default). Environment variable: "PROXY_CACHE_TTL"
--proxy-max-idle-connections-per-host int Maximum number of open HTTP connections to a chain proxied. Environment variable: "PROXY_MAXIDLECONNSPERHOST" (default 50)
--rest-hostname string Hostname to expose REST services
Environment variable: "REST_HOSTNAME"
--rest-port uint Port to expose REST services
Environment variable: "REST_PORT" (default 8081)
--topic-tx-sender string Topic for messages between the API and the Tx-Sender.
Migration options
Usage:
orchestrate api migrate [flags]
orchestrate api migrate [command]
Available Commands:
down Reverts last migration
reset Reverts all migrations
set-version Set database version
up Upgrade database
version Print current database version
Flags:
--db-database string Target Database name
Environment variable: "DB_DATABASE" (default "postgres")
--db-host string Database host
Environment variable: "DB_HOST" (default "127.0.0.1")
--db-keepalive duration Controls the number of seconds after which a TCP keepalive message should be sent
Environment variable: "DB_KEEPALIVE" (default 1m0s)
--db-password string Database User password
Environment variable: "DB_PASSWORD" (default "postgres")
--db-pool-timeout duration Time for which client waits for free connection if all connections are busy
Environment variable: "DB_POOL_TIMEOUT" (default 30s)
--db-poolsize int Maximum number of connections on database
Environment variable: "DB_POOLSIZE"
--db-port int Database port
Environment variable: "DB_PORT" (default 5432)
--db-sslmode string TLS/SSL mode to connect to database (one of "DB_TLS_SSLMODE")
Environment variable: ["require" "disable" "verify-ca" "verify-full"] (default "disable")
--db-tls-ca string Trusted Certificate Authority
Environment variable: "DB_TLS_CA"
--db-tls-cert string TLS Certificate to connect to database
Environment variable: "DB_TLS_CERT"
--db-tls-key string TLS Private Key to connect to database
Environment variable: "DB_TLS_KEY"
--db-user string Database User.
Environment variable: "DB_USER" (default "postgres")
-h, --help help for migrate