Configuration Parameters for RPP outside of the ESA
The Resilient Package Proxy (RPP) is a HTTP cache and it enables Dynamic Resilient Package Deployment to scale. The RPP:
- Leads to faster response time on protectors.
- Reduces network traffic.
The configuration parameters for RPP include log level, host and port, and service configuration. These parameters are explained in detail in the following section.
Service Logging Configuration
Log Level
The following is the log level parameter.
| Parameter | Description |
|---|---|
| PTY_LOG_LEVEL | Specify the details about the application log level during run-time. The possible values are “ERROR”, “WARN”, “INFO”, “DEBUG”, and “TRACE”. |
Host and Port
The following is the host and port where the logs are forwarded.
| Parameter | Description |
|---|---|
| PTY_LOG_TCP_HOST | Specify the Fluentbit hostname or IP address where the logs are forwarded. The default value is 127.0.0.1. |
| PTY_LOG_TCP_PORT | Specify the Fluentbit port where the logs are forwarded. The default value is 15780. |
Service Configuration
Limit Request
The following is the limit request parameter.
| Parameter | Description |
|---|---|
| PTY_LIMIT_REQUEST | Specify the limit for simultaneous requests. The number of requests determine the throughput of packages to be downloaded. The default value is 20. |
Cache TTL
The following is the cache Time to live (TTL) parameter.
| Parameter | Description |
|---|---|
| PTY_CACHE_TTL | Specify the duration to refresh the cache. When a cached TTL expires, the cache has to be revalidated or updated. The default value is 60s. |
Listener Configuration
The following are the listener configuration parameters.
| Parameter | Description |
|---|---|
| PTY_LISTENER_SSL_ENABLED | Specify whether the listener SSL is enabled. The default value is true. |
| PTY_LISTENER_SSL_CA | Specify the path of the CA certificate that is used to authenticate the ESA. For more information about certificates, refer to Certificate Management in ESA. |
| PTY_LISTENER_SSL_CERT | Specify the path of the client certificate for the protector. It is used for mutual TLS communication between the listener and the protector. |
| PTY_LISTENER_SSL_KEY | Specify the path to the client certificate key. This parameter is required if you are using a client certificate. |
| PTY_LISTENER_SSL_SECRET_FILE | Specify the path to the file that contains the secret. This secret is used to decrypt the client certificate key. |
Authentication Server Configuration
The authentication (auth) server can be another RPP or ESA. The following are the auth server configuration parameters.
| Parameter | Description |
|---|---|
| PTY_AUTH_HOST | Specify the host name or IP address of the auth server that is providing the resilient packages. |
| PTY_AUTH_PORT | Specify the port number of the auth server that is providing the resilient packages. The default value is 25400. |
| PTY_AUTH_SSL_ENABLED | Specify whether the auth SSL is enabled. The default value is true. |
| PTY_AUTH_SSL_VERIFY_HOST | Verify the auth SSL host. The default value is false. |
| PTY_AUTH_SSL_CA | Specify the path of the CA certificate that is used to authenticate the ESA. For more information about certificates, refer to Certificate Management in ESA. |
| PTY_AUTH_SSL_CERT | Specify the path of the client certificate for the protector. It is used for mutual TLS communication between the auth server and the protector. |
| PTY_AUTH_SSL_KEY | Specify the path to the client certificate key. This parameter is required if you are using a client certificate. |
| PTY_AUTH_SSL_SECRET_FILE | Specify the path to the file that contains the secret. This secret is used to decrypt the client certificate key. |
Upstream Server Configuration
The upstream server can be another RPP or ESA. The following are the auth server configuration parameters.
| Parameter | Description |
|---|---|
| PTY_UPSTREAM_HOST | Specify the host name or IP address of the upstream server that is providing the resilient packages. |
| PTY_UPSTREAM_PORT | Specify the port number of the upstream server that is providing the resilient packages. The default value is 25400. |
| PTY_UPSTREAM_SSL_ENABLED | Specify whether the upstream SSL is enabled. The default value is true. |
| PTY_UPSTREAM_SSL_VERIFY_HOST | Verify the upstream SSL host. The default value is false. |
| PTY_UPSTREAM_SSL_CA | Specify the path of the CA certificate that is used to authenticate the ESA. For more information about certificates, refer to Certificate Management in ESA. |
| PTY_UPSTREAM_SSL_CERT | Specify the path of the client certificate for the protector. It is used for mutual TLS communication between the upstream server and the protector. |
| PTY_UPSTREAM_SSL_KEY | Specify the path to the client certificate key. This parameter is required if you are using a client certificate. |
| PTY_UPSTREAM_SSL_SECRET_FILE | Specify the path to the file that contains the secret. This secret is used to decrypt the client certificate key. |
Note: The parameters listed here are for configuring RPP outside of the ESA. RPP running on the ESA does not require configuration changes and any modifications would not be maintained during ESA upgrades.
Feedback
Was this page helpful?