Configuration File Reference
This section provides a reference for all the parameters that can be specified in the Connection Gateway configuration file. For an introduction to the configuration of Amazon DCV Connection Gateway, see Configuring the Amazon DCV Connection Gateway.
The Amazon DCV Connection Gateway configuration file is located at /etc/dcv-connection-gateway/dcv-connection-gateway.conf
.
The file uses the TOML format
You can edit the configuration file using your preferred text editor.
Note
Some of the configuration parameters can be reloaded while the gateway is running without causing disruptions for the existing connections.
Others parameters instead require a restart of the service. This is denoted by the Requires Restart
column in the table below.
Topics
[gateway]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
bind-addr |
Yes | Yes | This setting is deprecated, use The socket address the gateway will be listening on for incoming DCV client connections. The value must be a valid IP address syntax. |
|
cert-file |
No | No | The path to a PEM file containing the certificate to be used by the gateway. If not specified, the Connection Gateway will use generate self-signed certificates. When this parameter is specified, cert-key-file must be used as well. |
|
cert-key-file |
No | No | The path to the private key file of the certificate. When this parameter is specified, cert-file must be used as well. |
|
ciphers-tls |
No | ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"] |
No | The TLS ciphers used for the TLS communication with the clients. |
enable-quic-connections-stats |
No | true | Yes | Whether or not to enable UDP metrics emission for the connection between DCV client and the Connection Gateway every 60 seconds. |
enable-tcp-connections-stats |
No | true | Yes | Whether or not to enable TCP metrics emission for the connection between DCV client and the Connection Gateway every 60 seconds. |
graceful-shutdown-timeout |
No | 10 | Yes | When receiving a shutdown signal, the Connection Gateway waits for the specified number of seconds before closing all connections and exiting. |
minimum-tls-version |
No | "tls12" |
No | The minimum TLS version used for the TLS communication with the clients. The value can be "tls12" or "tls13" . |
quic-idle-timeout |
No | 10 | Yes | The timeout in seconds after which an inactive QUIC connection with a client is closed by the Connection Gateway. |
quic-listen-endpoints |
No | [] | Yes | The list of endpoints the gateway will be listening on for incoming UDP connections from DCV clients.
An endpoint is defined as a pair, where is a valid IPv4 or IPv6 address and is a UDP port. The field in the endpoint is optional, and if not specified the quic-port parameter will be assumed as port.
If this parameter is not set or set to an empty list, QUIC support will be disabled.
|
quic-max-connections |
No | 1000 | Yes | The maximum number of concurrent QUIC connections the Connection Gateway is going to accept. After that limit, a new incoming connection will be rejected. |
quic-port |
No | 8443 | Yes | The default UDP port that will be associated to an endpoint without the port field in quic-listen-endpoints . |
tcp-idle-timeout |
No | 10 | Yes | The timeout in seconds after which an inactive TCP connection with a client is closed by the Connection Gateway. |
tcp-max-connections |
No | 1000 | Yes | The maximum number of concurrent TCP connections the Connection Gateway is going to accept. After that limit, a new incoming connection will be rejected. |
web-listen-endpoints |
Yes | Yes | The list of endpoints the gateway will be listening on for incoming WebSocket and HTTP connections from DCV clients.
An endpoint is defined as a pair, where is a valid IPv4 or IPv6 address and is a TCP port. The field in the endpoint is optional, and if not specified the web-port parameter will be assumed as port.
|
|
web-port |
No | 8443 | Yes | The default TCP port that will be associated to an endpoint without the port field in web-listen-endpoints . |
[log]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
directory |
No | /var/log/dcv-connection-gateway |
Yes | The directory where gateway log files are going to be written. |
level |
No | info |
No | The log level verbosity. Possible values are sorted by increasing verbosity: error , warning , info , debug , trace . |
max-file-size |
No | 10485760 | Yes | When a log file size reaches the specfied size in bytes, it will be rotated. A new log file will be created and further log events will be placed in the new file. |
rolling-frequency |
No | every-day |
Yes | The temporal frequency with which log files will be rotated. Valid values are: every-day , every-hour , every-minute . |
rotate |
No | 9 |
Yes | The maximum number of log files preserved in the rotation. Each time a rotation happens and this number is reached, the oldest log file will be deleted. |
[health-check]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
bind-addr |
No | Yes | The socket address the gateway will be listening on for incoming health check requests. The value must be a valid IP address syntax. If this parameter is not specified, the health check service will be disabled. | |
port |
No | 8888 | Yes | The TCP port the gateway will be listening on for incoming health check requests. The value must be a valid port number. |
[dcv]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
ca-file |
No | No | If this setting is active, the certificates presented by the DCV servers will be validated only against the Certificate-Authority's certificate specified in this file. | |
ciphers-tls |
No | ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"] |
No | The TLS ciphers used for the TLS communication with the Amazon DCV server hosts. |
enable-quic-connections-stats |
No | true | Yes | Whether or not to enable UDP metrics emission for the connection between Connection Gateway and the Amazon DCV server every 60 seconds. |
enable-tcp-connections-stats |
No | true | Yes | Whether or not to enable TCP metrics emission for the connection between Connection Gateway and the Amazon DCV server every 60 seconds. |
minimum-tls-version |
No | "tls12" |
No | The minimum TLS version used for the TLS communication with the Amazon DCV server hosts. The value can be "tls12" or "tls13" . |
tls-strict |
No | true | No | Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Amazon DCV server. The value can be true or false . |
[resolver]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
ca-file |
No | No | If this setting is active, the certificates presented by the resolver will be validated only against the Certificate-Authority's certificate specified in this file. | |
cert-file |
No | No | The path to a PEM file containing the certificate the gateway will present to the Session Resolver end-point. This setting is required if the Session Manager requires mutual TLS authentication. When this parameter is specified, cert-key-file must be used as well. |
|
cert-key-file |
No | No | The path to the private key file of the certificate. When this parameter is specified, cert-file must be used as well. |
|
ciphers-tls |
No | ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"] |
No | The TLS ciphers used for the TLS communication with the Session Resolver. |
minimum-tls-version |
No | "tls12" |
No | The minimum TLS version used for the TLS communication with the resolver. The value can be "tls12" or "tls13" . |
http-establish-timeout |
No | 10 | No | The timeout in seconds used when establishing connections with the resolver. |
tls-strict |
No | true | No | Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Session Resolver. The value can be true or false . |
url |
Yes | No | The url of the Session Resolver. The url host must be a domain name, ip addresses are not supported. |
[web-resources]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
ca-file |
No | No | If this setting is active, the certificates presented by the web resources server will be validated only against the Certificate-Authority's certificate specified in this file. | |
ciphers-tls |
No | ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"] |
No | The TLS ciphers used for the TLS communication with the Web Resources server. |
local-resources-http-headers |
No | { "strict-transport-security" = "max-age=31536000", "content-security-policy" = "upgrade-insecure-requests;", "x-content-type-options" = "nosniff", "x-frame-options" = "SAMEORIGIN" } |
Yes | The HTTP headers that are set on the static web resources used when connecting via web-based Client. |
local-resources-path |
No | Yes | Local path where the DCV web resources are stored. Web-based DCV connections will be served these resources. | |
minimum-tls-version |
No | "tls12" |
No | The minimum TLS version used for the TLS communication with the Web Resources Server. The value can be "tls12" or "tls13" . |
http-establish-timeout |
No | 10 | No | The timeout in seconds used when establishing HTTP connections with the Web Resources server. |
tls-strict |
No | true | No | Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Web Resources server. The value can be true or false . |
url |
No | No | The url of the Web Resources Server. The url host must be a domain name, ip addresses are not supported. If not specified, the gateway will not forward requests for static web resources. |
[metrics-reporter-statsd]
section
Parameter name | Required | Default value | Requires Restart | Description |
---|---|---|---|---|
host |
No | Yes | The IP where the statsd service is located and metrics can be pushed to. If this parameter is not specified, the StatsD metric reporter will be disabled. | |
port |
No | 8125 | Yes | The UDP port of the statsd service. |