Configuration file

reference

Mender Gateway uses a JSON file for configuring the proxy and mTLS settings. The configuration is loaded from the file /var/lib/mender/mender-gateway.conf by default, unless otherwise by the --config command line argument. This section provides a reference for the configuration variables.

{
    "Features": {
        "ArtifactsProxy": {
            "Enabled": true,
            "GatewayURL": "https://gateway.mender.io",
            "DomainWhitelist": ["s3.amazonaws.com", "s3.my-min.io"],
            "ArtifactsCache": {
                "Enabled": true,
                "Path": "/var/cache/mender-gateway"
            }
        },
        "mTLS": {
            "Enabled": true,
            "CACertificate": "/var/lib/mender/ca-cert.pem",
            "MenderUsername": "gateway@mender.io",
            "MenderPassword": "password123",
            "BlacklistPath": "/var/lib/mender/mtls-blacklist.txt"
        },
        "DeviceSystem": {
            "Enabled": false,
            "SystemID": "REPLACE_WITH_YOUR_UNIQUE_SYSTEM_ID",
            "DefaultInventory": [
                {
                    "Name": "region",
                    "Value": "eu"
                }
            ]
        }
    },
    "HTTP": {
      "Enabled": false,
      "Listen": ":80"
    },
    "HTTPS": {
        "Enabled": true,
        "Listen": ":443",
        "ServerCertificate": "/var/lib/mender/server-cert.pem",
        "ServerKey": "/var/lib/mender/server-pkey.pem"
    },
    "UpstreamServer": {
        "URL": "https://hosted.mender.io",
        "InsecureSkipVerify": false
    },
    "DebugLog": false
}

Hosted Mender is available in multiple regions to connect to. Make sure you select your desired one before proceeding.

Features

ArtifactsProxy

Enabled
Enable the Local Artifact Proxy.
GatewayURL
The self-URL to the gateway.
DomainWhitelist
List of whitelisted domains to proxy Artifacts from.
ArtifactsCache
Configuration for the Artifact Cache, see below.

ArtifactsCache

Enabled
Enable the Artifact Cache (depends on [ArtifactsProxy](#artifactsproxy)).
Path
Path where to store the cached Artifacts.

mTLS

Enabled
Enable forwarding of mutual TLS (mTLS) authentication requests.
CACertificate
Path to Certificate Authority (CA) Certificate used to sign authorized client certificates.
BlacklistPath
Path to file listing blacklisted client certificate serial numbers. The file is a new-line separated list of hexadecimal serial numbers.
MenderUsername
Username (email) for the user representing the API Gateway. This user will preauthorize devices with authorization to the gateway.
MenderPassword
Password credential to the MenderUsername.

Mender Enterprise Only: Using RBAC you can create a new user with a dedicated role to the user access scope to the preauthorization API endpoint for the gateway user.

DeviceSystem

Enabled
Enable the System feature.
SystemID
Defines a unique System identifier for the devices connected to this Mender Gateway instance setting a special attribute named `mender_gateway_system_id` when the devices report the inventory to the Server.
DefaultInventory
List of default attributes to inject in the inventory data for the devices connected to this Mender Gateway instance.
DefaultInventory
Name
Name of the default inventory attribute
Value
Value of the default inventory attribute

HTTP

Enabled
Enable proxy of plain HTTP requests.
Listen
TCP network address to listen for incomming connections.

Do not enable HTTP on public or untrusted networks - always use HTTPS whenever possible.

HTTPS

Enabled
Enable proxy of TLS-terminated HTTP requests.
Listen
TCP network address to listen for incomming connections.
MinimumTLSVersion
The minimum accepted TLS version for connecting to the gateway `["1.0", "1.1", "1.2", "1.3"]`.
ServerCertificate
Path to the public server certificate representing the server.
ServerKey
Path to certificate key file.

UpstreamServer

URL
The upstream server URL for proxying device HTTP requests.
InsecureSkipVerify
Skip verification of certificate claims.

We welcome contributions to improve this documentation. To submit a change, use the Edit link at the top of the page or email us at .