Gateway

Learn how to route requests to different resources

Resource format

resource gateway 'Applications.Core/gateways@2023-10-01-preview' = {
  name: 'gateway'
  properties: {
    application: app.id
    hostname: {
      // Omitting hostname properties results in gatewayname.appname.PUBLIC_HOSTNAME_OR_IP.nip.io

      // Results in prefix.appname.PUBLIC_HOSTNAME_OR_IP.nip.io
      prefix: 'prefix'
      // Alternately you can specify your own hostname that you've configured externally
      fullyQualifiedHostname: 'hostname.radapp.io'
    }
    routes: [
      {
        path: '/frontend'
        destination: 'http://${frontend.name}:3000'
      }
      {
        path: '/backend'
        destination: 'http://${backend.name}:8080'

        // Enable websocket support for the route (default: false)
        enableWebsockets: true
      }
    ]
    tls: {
      // Specify SSL Passthrough for your app (default: false)
      sslPassthrough: false

      // The Radius Secret Store holding TLS certificate data
      certificateFrom: secretstore.id
      // The minimum TLS protocol version to support. Defaults to 1.2
      minimumProtocolVersion: '1.2'
    }
  }
}

Top-level

Key Required Description Example
name y The name of your Gateway. 'gateway'
location y The location of your resource. See common values for more information. global
properties y Properties of the resource. See below

Properties

Key Required Description Example
application y The ID of the application resource this resource belongs to. app.id
hostname n The hostname information for this gateway. See below
routes y The routes attached to this gateway. See below
tls n TLS/SSL configuration for this gateway. See below

Routes

Key Required Description Example
path y* The path to match the incoming request path on. Not required when tls.sslPassthrough is set to 'true'. '/service'
destination y The service to route traffic to, in the form '[scheme]://[serviceName]:[port]' 'http://backend:80'
replacePrefix n The prefix to replace in the incoming request path that is sent to the destination route. '/'
enableWebsockets n Enables websocket support for the route. Defaults to false. true

Hostname

You can define hostname information for how to access your application. See below for more information.

Key Required Description Example
prefix n A custom DNS prefix for the generated hostname. 'prefix'
fullyQualifiedHostname n A fully-qualified domain name to use for the gateway. 'myapp.mydomain.com'

TLS

Key Required Description Example
sslPassthrough n Configures the gateway to passthrough encrypted SSL traffic to an HTTP route and container. Requires a single route to be set with no ‘path’ defined (just destination). With sslPassthrough set to true, the gateway can only support SNI routing. Path based routing cannot be supported. Defaults to ‘false’. true
hostname n The hostname for TLS termination. 'hostname.radapp.io'
certificateFrom n The Radius Secret Store resource ID that holds the TLS certificate data for TLS termination. secretstore.id
minimumProtocolVersion n The minimum TLS protocol to support for TLS termination. '1.2'

Note that SSL passthrough and TLS termination functionality are mutually exclusive.

Hostname Generation

There are three options for defining hostnames:

  1. Omit the hostname property, and Radius will generate the hostname for you with the format: gatewayname.appname.PUBLIC_HOSTNAME_OR_IP.nip.io.
  2. Declare hostname.prefix, and Radius will generate the hostname based on your chosen prefix: prefix.appname.PUBLIC_HOSTNAME_OR_IP.nip.io.
  3. Declare hostname.fullyQualifiedHostname, and Radius will use your fully-qualified domain name as the hostname: myapp.mydomain.com. Note that you must map the public IP of the platform your app is running on to the chosen hostname. If you provide this property as well as prefix, this property will take precedence.