[gateway] section [log] section [health-check] section [dcv] section [resolver] section [web-resources] section [metrics-reporter-statsd] section

Configuration File Reference

This section provides a reference for all the parameters that can be specified in the Connection Gateway configuration file. For an introduction to the configuration of Amazon DCV Connection Gateway, see Configuring the Amazon DCV Connection Gateway.

The Amazon DCV Connection Gateway configuration file is located at /etc/dcv-connection-gateway/dcv-connection-gateway.conf. The file uses the TOML format and is organized in sections which control different aspects of the Connection Gateway

You can edit the configuration file using your preferred text editor.

Note

Some of the configuration parameters can be reloaded while the gateway is running without causing disruptions for the existing connections. Others parameters instead require a restart of the service. This is denoted by the Requires Restart column in the table below.

`[gateway]` section

Parameter name	Required	Default value	Requires Restart	Description
`bind-addr`	Yes		Yes	This setting is deprecated, use `web-listen-endpoints` and `quic-listen-endpoints` instead. The socket address the gateway will be listening on for incoming DCV client connections. The value must be a valid IP address syntax.
`cert-file`	No		No	The path to a PEM file containing the certificate to be used by the gateway. If not specified, the Connection Gateway will use generate self-signed certificates. When this parameter is specified, `cert-key-file` must be used as well.
`cert-key-file`	No		No	The path to the private key file of the certificate. When this parameter is specified, `cert-file` must be used as well.
`ciphers-tls`	No	`["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"]`	No	The TLS ciphers used for the TLS communication with the clients.
`enable-quic-connections-stats`	No	true	Yes	Whether or not to enable UDP metrics emission for the connection between DCV client and the Connection Gateway every 60 seconds. See Metrics of connection stats
`enable-tcp-connections-stats`	No	true	Yes	Whether or not to enable TCP metrics emission for the connection between DCV client and the Connection Gateway every 60 seconds. See Metrics of connection stats
`graceful-shutdown-timeout`	No	10	Yes	When receiving a shutdown signal, the Connection Gateway waits for the specified number of seconds before closing all connections and exiting.
`minimum-tls-version`	No	`"tls12"`	No	The minimum TLS version used for the TLS communication with the clients. The value can be `"tls12"` or `"tls13"`.
`quic-idle-timeout`	No	10	Yes	The timeout in seconds after which an inactive QUIC connection with a client is closed by the Connection Gateway.
`quic-listen-endpoints`	No	[]	Yes	The list of endpoints the gateway will be listening on for incoming UDP connections from DCV clients. An endpoint is defined as a `ip-address[:port]` pair, where `ip-address` is a valid IPv4 or IPv6 address and `port` is a UDP port. The `port` field in the endpoint is optional, and if not specified the `quic-port` parameter will be assumed as port. If this parameter is not set or set to an empty list, QUIC support will be disabled.
`quic-max-connections`	No	1000	Yes	The maximum number of concurrent QUIC connections the Connection Gateway is going to accept. After that limit, a new incoming connection will be rejected.
`quic-port`	No	8443	Yes	The default UDP port that will be associated to an endpoint without the `port` field in `quic-listen-endpoints`.
`tcp-idle-timeout`	No	10	Yes	The timeout in seconds after which an inactive TCP connection with a client is closed by the Connection Gateway.
`tcp-max-connections`	No	1000	Yes	The maximum number of concurrent TCP connections the Connection Gateway is going to accept. After that limit, a new incoming connection will be rejected.
`web-listen-endpoints`	Yes		Yes	The list of endpoints the gateway will be listening on for incoming WebSocket and HTTP connections from DCV clients. An endpoint is defined as a `ip-address[:port]` pair, where `ip-address` is a valid IPv4 or IPv6 address and `port` is a TCP port. The `port` field in the endpoint is optional, and if not specified the `web-port` parameter will be assumed as port.
`web-port`	No	8443	Yes	The default TCP port that will be associated to an endpoint without the `port` field in `web-listen-endpoints`.

`[log]` section

Parameter name	Required	Default value	Requires Restart	Description
`directory`	No	`/var/log/dcv-connection-gateway`	Yes	The directory where gateway log files are going to be written.
`level`	No	`info`	No	The log level verbosity. Possible values are sorted by increasing verbosity: `error`, `warning`, `info`, `debug`, `trace`.
`max-file-size`	No	10485760	Yes	When a log file size reaches the specfied size in bytes, it will be rotated. A new log file will be created and further log events will be placed in the new file.
`rolling-frequency`	No	`every-day`	Yes	The temporal frequency with which log files will be rotated. Valid values are: `every-day`, `every-hour`, `every-minute`.
`rotate`	No	`9`	Yes	The maximum number of log files preserved in the rotation. Each time a rotation happens and this number is reached, the oldest log file will be deleted.

`[health-check]` section

Parameter name	Required	Default value	Requires Restart	Description
`bind-addr`	No		Yes	The socket address the gateway will be listening on for incoming health check requests. The value must be a valid IP address syntax. If this parameter is not specified, the health check service will be disabled.
`port`	No	8888	Yes	The TCP port the gateway will be listening on for incoming health check requests. The value must be a valid port number.

`[dcv]` section

Parameter name	Required	Default value	Requires Restart	Description
`ca-file`	No		No	If this setting is active, the certificates presented by the DCV servers will be validated only against the Certificate-Authority's certificate specified in this file.
`ciphers-tls`	No	`["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"]`	No	The TLS ciphers used for the TLS communication with the Amazon DCV server hosts.
`enable-quic-connections-stats`	No	true	Yes	Whether or not to enable UDP metrics emission for the connection between Connection Gateway and the Amazon DCV server every 60 seconds. See Metrics of connection stats
`enable-tcp-connections-stats`	No	true	Yes	Whether or not to enable TCP metrics emission for the connection between Connection Gateway and the Amazon DCV server every 60 seconds. See Metrics of connection stats
`minimum-tls-version`	No	`"tls12"`	No	The minimum TLS version used for the TLS communication with the Amazon DCV server hosts. The value can be `"tls12"` or `"tls13"`.
`tls-strict`	No	true	No	Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Amazon DCV server. The value can be `true` or `false`.

`[resolver]` section

Parameter name	Required	Default value	Requires Restart	Description
`ca-file`	No		No	If this setting is active, the certificates presented by the resolver will be validated only against the Certificate-Authority's certificate specified in this file.
`cert-file`	No		No	The path to a PEM file containing the certificate the gateway will present to the Session Resolver end-point. This setting is required if the Session Manager requires mutual TLS authentication. When this parameter is specified, `cert-key-file` must be used as well.
`cert-key-file`	No		No	The path to the private key file of the certificate. When this parameter is specified, `cert-file` must be used as well.
`ciphers-tls`	No	`["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"]`	No	The TLS ciphers used for the TLS communication with the Session Resolver.
`minimum-tls-version`	No	`"tls12"`	No	The minimum TLS version used for the TLS communication with the resolver. The value can be `"tls12"` or `"tls13"`.
`http-establish-timeout`	No	10	No	The timeout in seconds used when establishing connections with the resolver.
`tls-strict`	No	true	No	Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Session Resolver. The value can be `true` or `false`.
`url`	Yes		No	The url of the Session Resolver. The url host must be a domain name, ip addresses are not supported.

`[web-resources]` section

Parameter name	Required	Default value	Requires Restart	Description
`ca-file`	No		No	If this setting is active, the certificates presented by the web resources server will be validated only against the Certificate-Authority's certificate specified in this file.
`ciphers-tls`	No	`["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS13_CHACHA20_POLY1305_SHA256", "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256"]`	No	The TLS ciphers used for the TLS communication with the Web Resources server.
`local-resources-http-headers`	No	`{ "strict-transport-security" = "max-age=31536000", "content-security-policy" = "upgrade-insecure-requests;", "x-content-type-options" = "nosniff", "x-frame-options" = "SAMEORIGIN" }`	Yes	The HTTP headers that are set on the static web resources used when connecting via web-based Client.
`local-resources-path`	No		Yes	Local path where the DCV web resources are stored. Web-based DCV connections will be served these resources.
`minimum-tls-version`	No	`"tls12"`	No	The minimum TLS version used for the TLS communication with the Web Resources Server. The value can be `"tls12"` or `"tls13"`.
`http-establish-timeout`	No	10	No	The timeout in seconds used when establishing HTTP connections with the Web Resources server.
`tls-strict`	No	true	No	Whether to enable or not the verification against a trusted Certificate-Authority for the certificate presented by the Web Resources server. The value can be `true` or `false`.
`url`	No		No	The url of the Web Resources Server. The url host must be a domain name, ip addresses are not supported. If not specified, the gateway will not forward requests for static web resources.

`[metrics-reporter-statsd]` section

Parameter name	Required	Default value	Requires Restart	Description
`endpoints`	No		Yes	The IP where the statsd service is located and metrics can be pushed to. If this parameter is not specified, the StatsD metric reporter will be disabled. Syntax as ["IP:Port"].
`port`	No	8125	Yes	The UDP port of the statsd service.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Scaling the Connection Gateway

Release Notes and Document History