API Gateway configuration files
API Gateway configuration files are located in the installation location, by default %ProgramFiles%\Milestone\XProtect API Gateway.
These configuration files are relevant for the API Gateway:
-
GatewayConfig.json: Reverse proxy (routing), WebRTC -
appsettings.json: Log levels -
nlog.config: Log layout, log targets, etc.
Reverse proxy
The reverse proxy (routing) functionality of the API Gateway is implemented using YARP.
Do not edit the YARP configuration manually. The configuration is created by the product installer and maintained by the Server Configurator.
This part of GatewayConfig.json is related to reverse proxy functionality:
"ReverseProxy": {
"Routes": {
"well-known": {
"ClusterId": "managementserver",
"Match": {
"Path": "/.well-known/{**remainder}"
},
"Transforms": [
{
"PathPattern": "/ManagementServer/.well-known/{**remainder}"
}
]
},
"rest-api": {
"ClusterId": "managementserver",
"Match": {
"Path": "/rest/v1/{**remainder}"
},
"Transforms": [
{
"PathPattern": "/ManagementServer/Rest/{**remainder}"
}
]
}
},
"Clusters": {
"managementserver": {
"Destinations": {
"hostname": {
"Address": "https://test-01.example.com/"
}
}
}
}
}
For more information about YARP, please refer to YARP: Yet Another Reverse Proxy. 1
WebRTC
WebRTC is a peer-to-peer protocol for streaming data, for example video.
WebRTC support is a pre-release in XProtect 2022 R3, enabled by setting this registry key:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\VideoOS\Server\Gateway] "EnableWebRTC"=dword:00000001
This part of GatewayConfig.json is related to WebRTC:
"WebRTC": {
"STUN": {
"Hostname": {
"Address": "stun:stun1.l.google.com:19302"
}
}
}
For more information, please refer to the WebRTC sample documentation at https://github.com/milestonesys/mipsdk-samples-protocol/tree/main/WebRTC_JavaScript.
Logging
The API Gateway uses NLog for logging.
Logging is configured in two places:
-
appsettings.json: Log levels -
nlog.config: Log layout, log targets, etc.
This part of appsettings.json is related to logging:
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"Yarp": "Warning"
}
}
To include YARP routing log messages, change the log level in appsettings.json for Yarp to e.g. Information.
This is the default NLog configuration file:
<?xml version="1.0" encoding="utf-8"?>
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Warn"
internalLogFile="internal-nlog.txt">
<variable
name="logDirectory"
value="C:\ProgramData\Milestone\ApiGateway\Logs" />
<variable
name="archiveDirectory"
value="${var:logDirectory}\Archive" />
<variable
name="defaultLayout"
value="${date:format=yyyy-MM-dd HH\:mm\:ss.fffzzz} [${threadid:padding=6}] ${level:uppercase=true:padding=-10} - ${message} ${exception:format=tostring}" />
<targets>
<target
name="logfile"
xsi:type="File"
fileName="${var:logDirectory}\gateway.log"
archiveFileName="${var:archiveDirectory}\gateway-{####}.log"
archiveNumbering="Rolling"
maxArchiveFiles="20"
archiveEvery="Day"
archiveAboveSize="1000000"
archiveOldFileOnStartup="true"
createDirs="true"
layout="${var:defaultLayout}" />
</targets>
<rules>
<logger name="*" minlevel="Debug" writeTo="logfile" />
</rules>
</nlog>
For more information about NLog configuration, please refer to NLog Configuration options.2
Cross-Origin Resource Sharing (CORS)
The API Gateway can be configured to support Cross-Origin Resource Sharing (CORS). The following response headers are supported:
You enable CORS by setting Enabled to true and defining response headers and their values in appsettings.json:
"CORS": {
"Enabled": true,
"Access-Control-Allow-Origin": "yourdomain1.com,yourdomain2.com",
"Access-Control-Allow-Headers": "Content-Type",
"Access-Control-Allow-Methods": "*"
}
Only required response headers should be defined. Each response header can have multiple values, provided as a list of comma-separated values.
For security reasons, we recommend to always specify the Access-Control-Allow-Origin value with explicit origins. Never use wildcard (*) or null in your origin as this can put the security of your system at risk.