HANIoT Platform APIs Manager. It is responsible for routing requests or blocking access to resources provided by the internal microservices that make up the HANIoT platform. Express Gateway is used.
Application settings are defined by environment variables. To define the settings, make a copy of the .env.example file, naming for .env. After that, open and edit the settings as needed. The following environments variables are available:
| VARIABLE | DESCRIPTION | DEFAULT |
|---|---|---|
NODE_ENV |
Defines the environment in which the application runs. You can set: test (in this environment, the database defined in MONGODB_URI_TEST is used and the logs are disabled for better visualization of the test output), development (in this environment, all log levels are enabled) and production (in this environment, only the warning and error logs are enabled). |
development |
PORT_HTTP |
Port used by the API GATEWAY service to listen for HTTP request. | 80 |
PORT_HTTPS |
Port used by the API GATEWAY service to listen for HTTPS request. | 443 |
API_GATEWAY_HOSTNAME |
API Gateway hostname. | localhost |
WEB_APP_HOSTNAME |
Web Application hostname. | app.localhost |
RABBIT_MGT_HOSTNAME |
RabbitMQ Management hostname. | rabbit.localhost |
RECAPTCHA_SERVER_KEY |
Server key used for reCaptcha. | s3rv3rk3y |
ISSUER |
The issuer used to validate the JWT token sent for requests. The value must be provided by the Account service that generates the token. | haniot |
SSL_KEY_PATH |
SSL/TLS certificate private key. | .certs/server.key |
SSL_CERT_PATH |
SSL/TLS certificate. | .certs/server.crt |
JWT_PUBLIC_KEY_PATH |
Public key used to generate and validate JSON Web Token (JWT). The value must be provided by the Account service that generates the token. | .certs/jwt.key.pub |
ACCOUNT_SERVICE |
URI used to connect to the Account service. | https://localhost:3001 |
MHEALTH_SERVICE |
URI used to connect to the MHealth service. | https://localhost:4001 |
EHR_SERVICE |
URI used to connect to the EHR service. | https://localhost:5001 |
ANALYTICS_SERVICE |
URI used to connect to the Analytics service. | https://localhost:6001 |
NOTIFICATION_SERVICE |
URI used to connect to the Notification service. | https://localhost:7001 |
TIME_SERIES_SERVICE |
URI used to connect to the Time Series service. | https://localhost:8001 |
DS_AGENT_SERVICE |
URI used to connect to the DS Agent service. | https://localhost:9001 |
WEB_APP_SERVICE |
Web Application URL. | https://localhost:4001 |
RABBIT_MGT_SERVICE |
RabbitMQ Management URL. | http://localhost:15672 |
EMULATE_REDIS |
Signals whether the redis bank will be emulated or not. | true |
PORT_REDIS |
Redis instance port. | 6379 |
HOST_REDIS |
Redis instance hostname. | localhost |
For development and testing environments the easiest and fastest way is to generate your own self-signed certificates. These certificates can be used to encrypt data as well as certificates signed by a CA, but users will receive a warning that the certificate is not trusted for their computer or browser. Therefore, self-signed certificates should only be used in non-production environments, that is, development and testing environments. To do this, run the create-self-signed-certs.sh script in the root of the repository.
$ chmod +x ./create-self-signed-certs.sh
$ ./create-self-signed-certs.shThe following files will be created: ca.crt, server.crt and server.key.
Remember that JWT public key (JWT_PUBLIC_KEY_PATH) must be the same as used by Account Service.
In production environments its highly recommended to always use valid certificates and provided by a certificate authority (CA). A good option is Let's Encrypt which is a CA that provides free certificates. The service is provided by the Internet Security Research Group (ISRG). The process to obtain the certificate is extremely simple, as it is only required to provide a valid domain and prove control over it. With Let's Encrypt, you do this by using software that uses the ACME protocol, which typically runs on your host. If you prefer, you can use the service provided by the SSL For Free website and follow the walkthrough. The service is free because the certificates are provided by Let's Encrypt, and it makes the process of obtaining the certificates less painful.
$ npm install $ npm startNavigate to https://localhost:{PORT_HTTPS}